Fortigate 80C

#config-version=FGT80C-5.
00-FW-build271-
140409:opmode=0:vdom=0:user=admin
#conf_file_ver=10406148442572511307
#buildno=3608
#global_vdom=1
config system global
set fgd-alert-subscription advisory latest-threat
set gui-sslvpn-personal-bookmarks enable
set gui-sslvpn-realms enable
set gui-wireless-controller disable
set hostname "FGFW1"
set revision-backup-on-logout enable
set revision-image-auto-backup enable
set timezone 57
end
config system accprofile
edit "prof_admin"
set admingrp read-write
set authgrp read-write
set endpoint-control-grp read-write
set fwgrp read-write
set loggrp read-write
set mntgrp read-write
set netgrp read-write
set routegrp read-write
set sysgrp read-write
set updategrp read-write
set utmgrp read-write
set vpngrp read-write
set wanoptgrp read-write
set wifi read-write
next
end
config wireless-controller vap
edit "mesh.root"
set vdom "root"
set mesh-backhaul enable
set ssid "fortinet.mesh.root"
set alias "m"
set passphrase ENC
78K2XnzmLqh0bWULhJaSHIbascaOFY/iIpaT2jtJiIl7mJyrr1EOIBVX3Q
2iXTfw3oZCdeAn+dYuFC7n3dQHT8Vt33sbxI0CezeIDOHcjU/3LP58x2
ZGlsCyEgK5KL3kPZeraXOeEr3R39c2D/lRMusGkU5RjhUlK0219LFlrP
CCjEGIADE7n1tK7Po4/JKSu93rIQ==
next
end
config system interface
edit "wan1"
set vdom "root"
set ip 58.145.236.62 255.255.255.224
set allowaccess ping https
set type physical
set snmp-index 1
next
edit "wan2"
set vdom "root"
set ip 192.168.100.1 255.255.255.0
set type physical
set snmp-index 2
next
edit "modem"
set vdom "root"
set mode pppoe
set allowaccess capwap
set type physical
set snmp-index 3
next
edit "ssl.root"
set vdom "root"
set type tunnel
set alias "sslvpn tunnel interface"
set snmp-index 4
next
edit "mesh.root"
set vdom "root"
set type vap-switch
set snmp-index 8
next
edit "internal"
set vdom "root"
set ip 192.168.10.1 255.255.255.0
set allowaccess ping https ssh http fgfm capwap
set type physical
set snmp-index 5
next
edit "dmz"
set vdom "root"
set type physical
set snmp-index 6
next
edit "IPSec_VPN"
set vdom "root"
set type tunnel
set snmp-index 7
set interface "wan1"
next
end
config system admin
edit "admin"
set accprofile "super_admin"
set vdom "root"
config dashboard-tabs
edit 1
set name "Status"
next
edit 2
set columns 1
set name "Top Sources"
next
edit 3
set columns 1
set name "Top Destinations"
next
edit 4
set columns 1
set name "Top Applications"
next
end
config dashboard
edit 1
set tab-id 1
set column 1
next
edit 2
set widget-type licinfo
set tab-id 1
set column 1
next
edit 3
set widget-type jsconsole
set tab-id 1
set column 1
next
edit 4
set widget-type sysres
set tab-id 1
set column 2
next
edit 5
set widget-type gui-features
set tab-id 1
set column 2
next
edit 6
set widget-type alert
set tab-id 1
set column 2
set top-n 10
next
edit 21
set widget-type sessions
set tab-id 2
set column 1
set top-n 25
set sort-by msg-counts
next
edit 31
set tab-id 3
set column 1
set top-n 10
set report-by destination
next
edit 41
set tab-id 4
set column 1
set top-n 25
set report-by application
next
end
set password ENC
AK1RtmWJe/NELPuy0NxKADFi2ZWsC+ntRfx9XPdq3QM8Lc=
next
end
config system ha
set override disable
end
config system storage
edit "FLASH"
set media-type "scsi"
set partition "7D6FDCB03B79DED3"
next
end
config system dns
set primary 165.21.83.88
set secondary 165.21.100.88
end
config system replacemsg-image
edit "logo_fnet"
set image-base64 ''
set image-type gif
next
edit "logo_fguard_wf"
set image-base64 ''
set image-type gif
next
edit "logo_fw_auth"
set image-base64 ''
set image-type png
next
edit "logo_v2_fnet"
set image-base64 ''
set image-type png
next
edit "logo_v2_fguard_wf"
set image-base64 ''
set image-type png
next
end
config system replacemsg mail "email-block"
end
config system replacemsg mail "email-dlp-subject"
end
config system replacemsg mail "email-dlp-ban"
end
config system replacemsg mail "email-filesize"
end
config system replacemsg mail "partial"
end
config system replacemsg mail "smtp-block"
end
config system replacemsg mail "smtp-filesize"
end
config system replacemsg http "bannedword"
end
config system replacemsg http "url-block"
end
config system replacemsg http "urlfilter-err"
end
config system replacemsg http "infcache-block"
end
config system replacemsg http "http-block"
end
config system replacemsg http "http-filesize"
end
config system replacemsg http "http-dlp-ban"
end
config system replacemsg http "http-archive-block"
end
config system replacemsg http "http-contenttypeblock"
end
config system replacemsg http "https-invalid-cert-block"
end
config system replacemsg http "http-client-block"
end
config system replacemsg http "http-client-filesize"
end
config system replacemsg http "http-client-bannedword"
end
config system replacemsg http "http-post-block"
end
config system replacemsg http "http-client-archive-block"
end
config system replacemsg http "switching-protocols-block"
end
config system replacemsg webproxy "deny"
end
config system replacemsg webproxy "user-limit"
end
config system replacemsg webproxy "auth-challenge"
end
config system replacemsg webproxy "auth-login-fail"
end
config system replacemsg webproxy "auth-authorization-fail"
end
config system replacemsg webproxy "http-err"
end
config system replacemsg ftp "ftp-dl-blocked"
end
config system replacemsg ftp "ftp-dl-filesize"
end
config system replacemsg ftp "ftp-dl-dlp-ban"
end
config system replacemsg ftp "ftp-explicit-banner"
end
config system replacemsg ftp "ftp-dl-archive-block"
end
config system replacemsg nntp "nntp-dl-blocked"
end
config system replacemsg nntp "nntp-dl-filesize"
end
config system replacemsg nntp "nntp-dlp-subject"
end
config system replacemsg nntp "nntp-dlp-ban"
end
config system replacemsg fortiguard-wf "ftgd-block"
end
config system replacemsg fortiguard-wf "http-err"
end
config system replacemsg fortiguard-wf "ftgd-ovrd"
end
config system replacemsg fortiguard-wf "ftgd-quota"
end
config system replacemsg fortiguard-wf "ftgd-warning"
end
config system replacemsg spam "ipblocklist"
end
config system replacemsg spam "smtp-spam-dnsbl"
end
config system replacemsg spam "smtp-spam-feip"
end
config system replacemsg spam "smtp-spam-helo"
end
config system replacemsg spam "smtp-spam-emailblack"
end
config system replacemsg spam "smtp-spam-mimeheader"
end
config system replacemsg spam "reversedns"
end
config system replacemsg spam "smtp-spam-bannedword"
end
config system replacemsg spam "smtp-spam-ase"
end
config system replacemsg spam "submit"
end
config system replacemsg im "im-file-xfer-block"
end
config system replacemsg im "im-file-xfer-name"
end
config system replacemsg im "im-file-xfer-infected"
end
config system replacemsg im "im-file-xfer-size"
end
config system replacemsg im "im-dlp"
end
config system replacemsg im "im-dlp-ban"
end
config system replacemsg im "im-voice-chat-block"
end
config system replacemsg im "im-video-chat-block"
end
config system replacemsg im "im-photo-share-block"
end
config system replacemsg im "im-long-chat-block"
end
config system replacemsg alertmail "alertmail-virus"
end
config system replacemsg alertmail "alertmail-block"
end
config system replacemsg alertmail "alertmail-nids-event"
end
config system replacemsg alertmail "alertmail-crit-event"
end
config system replacemsg alertmail "alertmail-disk-full"
end
config system replacemsg admin "pre_admin-disclaimer-text"
end
config system replacemsg admin "post_admin-disclaimer-text"
end
config system replacemsg auth "auth-disclaimer-page-1"
end
end
end
config system replacemsg auth "auth-reject-page"
end
config system replacemsg auth "auth-login-page"
end
config system replacemsg auth "auth-login-failed-page"
end
config system replacemsg auth "auth-token-login-page"
end
config system replacemsg auth "auth-token-login-failed-page"
end
config system replacemsg auth "auth-success-msg"
end
config system replacemsg auth "auth-challenge-page"
end
config system replacemsg auth "auth-keepalive-page"
end
config system replacemsg auth "auth-portal-page"
end
config system replacemsg auth "auth-password-page"
end
config system replacemsg auth "auth-fortitoken-page"
end
config system replacemsg auth "auth-next-fortitoken-page"
end
config system replacemsg auth "auth-email-token-page"
end
config system replacemsg auth "auth-sms-token-page"
end
config system replacemsg auth "auth-email-harvesting-page"
end
config system replacemsg auth "auth-email-failed-page"
end
config system replacemsg auth "auth-cert-passwd-page"
end
config system replacemsg auth "auth-guest-print-page"
end
config system replacemsg auth "auth-guest-email-page"
end
config system replacemsg captive-portal-dflt "cpa-disclaimer-page-
1"
end
2"
end
3"
end
config system replacemsg captive-portal-dflt "cpa-reject-page"
end
config system replacemsg captive-portal-dflt "cpa-login-page"
end
config system replacemsg captive-portal-dflt "cpa-login-failed-page"
end
config system replacemsg sslvpn "sslvpn-login"
end
config system replacemsg sslvpn "sslvpn-limit"
end
config system replacemsg ec "endpt-download-portal"
end
config system replacemsg ec "endpt-download-portal-mac"
end
config system replacemsg ec "endpt-download-portal-ios"
end
config system replacemsg ec "endpt-download-portal-aos"
end
config system replacemsg ec "endpt-download-portal-other"
end
config system replacemsg device-detection-portal "device-
detection-failure"
end
config system replacemsg nac-quar "nac-quar-virus"
end
config system replacemsg nac-quar "nac-quar-dos"
end
config system replacemsg nac-quar "nac-quar-ips"
end
config system replacemsg nac-quar "nac-quar-dlp"
end
config system replacemsg traffic-quota "per-ip-shaper-block"
end
config system replacemsg utm "virus-html"
end
config system replacemsg utm "virus-text"
end
config system replacemsg utm "dlp-html"
end
config system replacemsg utm "dlp-text"
end
config vpn certificate ca
end
config vpn certificate local
end
config user device-category
edit "ipad"
next
edit "iphone"
next
edit "gaming-console"
next
edit "blackberry-phone"
next
edit "blackberry-playbook"
next
edit "linux-pc"
next
edit "mac"
next
edit "windows-pc"
next
edit "android-phone"
next
edit "android-tablet"
next
edit "media-streaming"
next
edit "windows-phone"
next
edit "windows-tablet"
next
edit "fortinet-device"
next
edit "ip-phone"
next
edit "router-nat-device"
next
edit "other-network-device"
next
edit "collected-emails"
next
edit "all"
next
end
config antivirus service "http"
set scan-bzip2 disable
set uncompnestlimit 12
set uncompsizelimit 10
end
config antivirus service "https"
end
config antivirus service "ftp"
end
config antivirus service "ftps"
end
config antivirus service "pop3"
end
config antivirus service "pop3s"
end
config antivirus service "imap"
end
config antivirus service "imaps"
end
config antivirus service "smtp"
end
config antivirus service "smtps"
end
config antivirus service "nntp"
end
config antivirus service "im"
end
config wanopt storage
edit "FLASH"
set size 4459
next
end
config system session-sync
end
config system fortiguard
end
config ips global
set default-app-cat-mask 18446744073474670591
end
config ips dbinfo
set version 1
end
config system email-server
set server "owa.mobintl.com.sg"
end
config gui console
unset preferences
end
config system session-helper
edit 1
set name pptp
set port 1723
set protocol 6
next
edit 2
set name h323
set port 1720
set protocol 6
next
edit 3
set name ras
set port 1719
set protocol 17
next
edit 4
set name tns
set port 1521
set protocol 6
next
edit 5
set name tftp
set port 69
set protocol 17
next
edit 6
set name rtsp
set port 554
set protocol 6
next
edit 7
set name rtsp
set port 7070
set protocol 6
next
edit 8
set name rtsp
set port 8554
set protocol 6
next
edit 9
set name ftp
set port 21
set protocol 6
next
edit 10
set name mms
set port 1863
set protocol 6
next
edit 11
set name pmap
set port 111
set protocol 6
next
edit 12
set name pmap
set port 111
set protocol 17
next
edit 13
set name sip
set port 5060
set protocol 17
next
edit 14
set name dns-udp
set port 53
set protocol 17
next
edit 15
set name rsh
set port 514
set protocol 6
next
edit 16
set name rsh
set port 512
set protocol 6
next
edit 17
set name dcerpc
set port 135
set protocol 6
next
edit 18
set name dcerpc
set port 135
set protocol 17
next
edit 19
set name mgcp
set port 2427
set protocol 17
next
edit 20
set name mgcp
set port 2727
set protocol 17
next
edit 21
set name ftp
set port 77
set protocol 6
next
end
config system auto-install
set auto-install-config enable
set auto-install-image enable
end
config system ntp
config ntpserver
edit 1
set server "ntp1.fortinet.net"
next
edit 2
set server "ntp2.fortinet.net"
next
end
set ntpsync enable
set syncinterval 60
set type custom
end
config system settings
set sip-tcp-port 5060
set sip-udp-port 5060
end
config firewall address
edit "all"
next
edit "SSLVPN_TUNNEL_ADDR1"
set type iprange
set end-ip 10.212.134.210
set start-ip 10.212.134.200
next
edit "Internal_IP_Address"
set associated-interface "internal"
set subnet 192.168.10.0 255.255.255.0
next
edit "Singnet_DNS_Pri"
set subnet 165.21.83.88 255.255.255.255
next
edit "Singnet_DNS_Sec"
set subnet 165.21.100.88 255.255.255.255
next
edit "IPSec_Clients_Range"
set type iprange
set end-ip 192.168.20.200
set start-ip 192.168.20.100
next
edit "Internal_Subnet"
set subnet 192.168.10.0 255.255.255.0
next
edit "IP_95.110.250.171"
set subnet 95.110.250.171 255.255.255.255
next
edit "IP_122.169.0.126"
set subnet 122.169.0.126 255.255.255.255
next
edit "mail_server"
set associated-interface "internal"
set subnet 192.168.10.3 255.255.255.255
next
edit "www.dmisoft.com"
set type fqdn
set fqdn "www.dmisoft.com"
next
edit "IP_95.110.250.183"
set subnet 95.110.250.183 255.255.255.255
next
edit "www.paslists.com"
set type fqdn
set fqdn "www.paslists.com"
next
edit "ftp.ghp-fareast.vn"
set subnet 202.78.231.91 255.255.255.255
next
edit "sftp.ghp-fareast.vn"
set subnet 202.78.231.86 255.255.255.255
next
edit "NSFTP"
set associated-interface "wan1"
set subnet 203.116.94.244 255.255.255.255
next
edit "NETSFTP"
set subnet 203.116.94.244 255.255.255.255
next
edit "Bernard"
set subnet 192.168.10.6 255.255.255.255
next
edit "AD"
set subnet 192.168.10.2 255.255.255.255
next
edit "sftp2.ghp-fareast.vn"
set subnet 202.176.85.83 255.255.255.255
next
end
config firewall multicast-address
edit "all"
set end-ip 239.255.255.255
set start-ip 224.0.0.0
next
end
config firewall address6
edit "all"
next
edit "SSLVPN_TUNNEL_IPv6_ADDR1"
set ip6 fdff:ffff::/120
next
end
config firewall addrgrp
edit "SingnetDNS"
set member "Singnet_DNS_Pri" "Singnet_DNS_Sec"
next
end
config firewall service category
edit "General"
set comment "general services"
next
edit "Web Access"
set comment "web access"
next
edit "File Access"
set comment "file access"
next
edit "Email"
set comment "email services"
next
edit "Network Services"
set comment "network services"
next
edit "Authentication"
set comment "authentication service"
next
edit "Remote Access"
set comment "remote access"
next
edit "Tunneling"
set comment "tunneling service"
next
edit "VoIP, Messaging & Other Applications"
set comment "VoIP, messaging, and other applications"
next
edit "Web Proxy"
set comment "Explicit web proxy"
next
end
config firewall service custom
edit "ALL"
set category "General"
set protocol IP
next
edit "ALL_TCP"
set tcp-portrange 1-65535
next
edit "ALL_UDP"
set udp-portrange 1-65535
next
edit "ALL_ICMP"
set protocol ICMP
unset icmptype
next
edit "ALL_ICMP6"
set protocol ICMP6
unset icmptype
next
edit "GRE"
set category "Tunneling"
set protocol IP
set protocol-number 47
next
edit "AH"
set protocol IP
next
edit "ESP"
set protocol IP
next
edit "AOL"
set visibility disable
next
edit "BGP"
set category "Network Services"
set tcp-portrange 179
next
edit "DHCP"
next
edit "DNS"
set udp-portrange 53
next
edit "FINGER"
next
edit "FTP"
set category "File Access"
next
edit "FTP_GET"
next
edit "FTP_PUT"
next
edit "GOPHER"
next
edit "H323"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1720 1503
next
edit "HTTP"
set category "Web Access"
next
edit "HTTPS"
set category "Web Access"
next
edit "IKE"
set udp-portrange 500 4500
next
edit "IMAP"
set category "Email"
next
edit "IMAPS"
next
edit "Internet-Locator-Service"
next
edit "IRC"
next
edit "L2TP"
next
edit "LDAP"
set category "Authentication"
next
edit "NetMeeting"
next
edit "NFS"
next
edit "NNTP"
next
edit "NTP"
next
edit "OSPF"
set protocol IP
next
edit "PC-Anywhere"
set category "Remote Access"
next
edit "PING"
set protocol ICMP
set icmptype 8
unset icmpcode
next
edit "TIMESTAMP"
set protocol ICMP
set icmptype 13
unset icmpcode
next
edit "INFO_REQUEST"
set protocol ICMP
set icmptype 15
unset icmpcode
next
edit "INFO_ADDRESS"
set protocol ICMP
set icmptype 17
unset icmpcode
next
edit "ONC-RPC"
next
edit "DCE-RPC"
next
edit "POP3"
next
edit "POP3S"
next
edit "PPTP"
next
edit "QUAKE"
set udp-portrange 26000 27000 27910 27960
next
edit "RAUDIO"
next
edit "REXEC"
next
edit "RIP"
next
edit "RLOGIN"
set tcp-portrange 513:512-1023
next
edit "RSH"
set tcp-portrange 514:512-1023
next
edit "SCCP"
next
edit "SIP"
next
edit "SIP-MSNmessenger"
next
edit "SAMBA"
next
edit "SMTP"
next
edit "SMTPS"
next
edit "SNMP"
next
edit "SSH"
next
edit "SYSLOG"
next
edit "TALK"
next
edit "TELNET"
next
edit "TFTP"
next
edit "MGCP"
next
edit "UUCP"
next
edit "VDOLIVE"
next
edit "WAIS"
next
edit "WINFRAME"
next
edit "X-WINDOWS"
next
edit "PING6"
set protocol ICMP6
set icmptype 128
unset icmpcode
next
edit "MS-SQL"
next
edit "MYSQL"
next
edit "RDP"
next
edit "VNC"
next
edit "DHCP6"
next
edit "SQUID"
next
edit "SOCKS"
next
edit "WINS"
next
edit "RADIUS"
next
edit "RADIUS-OLD"
next
edit "CVSPSERVER"
next
edit "AFS3"
next
edit "TRACEROUTE"
next
edit "RTSP"
set tcp-portrange 554 7070 8554
next
edit "MMS"
next
edit "KERBEROS"
next
edit "LDAP_UDP"
next
edit "SMB"
next
edit "ALL_CUSTOM"
set protocol IP
next
edit "webproxy"
set explicit-proxy enable
set category "Web Proxy"
set protocol ALL
set tcp-portrange 0-65535:0-65535
next
edit "TCP_77"
next
edit "TCP_4283"
next
edit "TCP_7777"
next
edit "TCP_2309"
next
edit "SFTP"
next
end
config firewall service group
edit "Email Access"
set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP"
"SMTPS"
next
edit "Web Access"
set member "DNS" "HTTP" "HTTPS"
next
edit "Windows AD"
set member "DCE-RPC" "DNS" "KERBEROS" "LDAP"
"LDAP_UDP" "SAMBA" "SMB"
next
edit "Exchange Server"
set member "DCE-RPC" "DNS" "HTTPS"
next
edit "Exchange Server OWA"
set member "DNS" "HTTPS"
next
edit "Outlook"
set member "DCE-RPC" "DNS" "IMAP" "IMAPS" "POP3" "POP3S"
"SMTP" "SMTPS" "HTTPS"
next
edit "Internet_Services"
set member "FTP" "HTTP" "HTTPS" "PING" "RDP" "IMAP"
"IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
next
end
config ips sensor
edit "default"
set comment "prevent critical attacks"
config entries
edit 1
set severity high critical
next
end
next
edit "all_default"
set comment "all predefined signatures with default setting"
config entries
edit 1
next
end
next
edit "all_default_pass"
set comment "all predefined signatures with PASS action"
config entries
edit 1
set action pass
next
end
next
edit "protect_http_server"
set comment "protect against HTTP server-side vulnerabilities"
config entries
edit 1
set location server
set protocol HTTP
next
end
next
edit "protect_email_server"
set comment "protect against EMail server-side vulnerabilities"
config entries
edit 1
set location server
set protocol SMTP POP3 IMAP
next
end
next
edit "protect_client"
set comment "protect against client-side vulnerabilities"
config entries
edit 1
set location client
next
end
next
end
config firewall shaper traffic-shaper
edit "high-priority"
set maximum-bandwidth 1048576
set per-policy enable
next
edit "medium-priority"
set priority medium
next
edit "low-priority"
set priority low
next
edit "guarantee-100kbps"
set guaranteed-bandwidth 100
next
edit "shared-1M-pipe"
next
end
config application list
edit "default"
set comment "monitor all applications"
config entries
edit 1
set action pass
next
end
next
edit "block-p2p"
config entries
edit 1
set category 2
next
end
next
edit "monitor-p2p-and-media"
config entries
edit 1
set action pass
set category 2
next
edit 2
set action pass
set category 5
next
end
next
end
config dlp filepattern
edit 1
config entries
edit "*.bat"
next
edit "*.com"
next
edit "*.dll"
next
edit "*.doc"
next
edit "*.exe"
next
edit "*.gz"
next
edit "*.hta"
next
edit "*.ppt"
next
edit "*.rar"
next
edit "*.scr"
next
edit "*.tar"
next
edit "*.tgz"
next
edit "*.vb?"
next
edit "*.wps"
next
edit "*.xl?"
next
edit "*.zip"
next
edit "*.pif"
next
edit "*.cpl"
next
end
set name "builtin-patterns"
next
edit 2
config entries
edit "bat"
set filter-type type
set file-type bat
next
edit "exe"
set file-type exe
next
edit "elf"
set file-type elf
next
edit "hta"
set file-type hta
next
end
set name "all_executables"
next
end
config dlp fp-sensitivity
edit "Private"
next
edit "Critical"
next
edit "Warning"
next
end
config dlp sensor
edit "default"
set comment "summary archive email and web traffics"
set extended-utm-log enable
next
edit "Content_Summary"
next
edit "Content_Archive"
next
edit "Large-File"
next
edit "Credit-Card"
next
edit "SSN-Sensor"
next
end
config webfilter content
end
config webfilter urlfilter
end
config spamfilter bword
end
config spamfilter bwl
end
config spamfilter mheader
end
config spamfilter dnsbl
end
config spamfilter iptrust
end
config client-reputation profile
end
config icap profile
edit "default"
next
end
config vpn ssl settings
end
config vpn ssl web host-check-software
edit "FortiClient-AV"
set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81"
next
edit "FortiClient-FW"
set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
set type fw
next
edit "FortiClient-AV-Vista-Win7"
set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
next
edit "FortiClient-FW-Vista-Win7"
set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
set type fw
next
edit "AVG-Internet-Security-AV"
set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
next
edit "AVG-Internet-Security-AV-Vista-Win7"
set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
next
edit "CA-Anti-Virus"
set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
next
edit "CA-Internet-Security-AV"
set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
next
edit "CA-Internet-Security-AV-Vista-Win7"
set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
next
edit "F-Secure-Internet-Security-AV"
set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
next
edit "F-Secure-Internet-Security-AV-Vista-Win7"
set guid "15414183-282E-D62C-CA37-EF24860A2F17"
next
edit "Kaspersky-AV"
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
next
edit "Kaspersky-AV-Vista-Win7"
set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
next
edit "McAfee-Internet-Security-Suite-AV"
set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
next
edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
next
edit "McAfee-Virus-Scan-Enterprise"
set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
next
edit "Norton-360-2.0-AV"
set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
next
edit "Norton-360-3.0-AV"
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit "Norton-Internet-Security-AV"
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit "Norton-Internet-Security-AV-Vista-Win7"
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit "Symantec-Endpoint-Protection-AV"
set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
next
edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit "Panda-Antivirus+Firewall-2008-AV"
set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
next
edit "Panda-Internet-Security-AV"
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
next
edit "Sophos-Anti-Virus"
set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
next
edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
next
edit "Trend-Micro-AV"
set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
next
edit "Trend-Micro-AV-Vista-Win7"
set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
next
edit "ZoneAlarm-AV"
set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
next
edit "ZoneAlarm-AV-Vista-Win7"
set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
next
edit "AVG-Internet-Security-FW"
set guid "8DECF618-9569-4340-B34A-D78D28969B66"
set type fw
next
edit "AVG-Internet-Security-FW-Vista-Win7"
set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
set type fw
next
edit "CA-Internet-Security-FW"
set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
set type fw
next
edit "CA-Internet-Security-FW-Vista-Win7"
set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
set type fw
next
edit "CA-Personal-Firewall"
set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
set type fw
next
edit "F-Secure-Internet-Security-FW"
set guid "D4747503-0346-49EB-9262-997542F79BF4"
set type fw
next
edit "F-Secure-Internet-Security-FW-Vista-Win7"
set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
set type fw
next
edit "Kaspersky-FW"
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
set type fw
next
edit "Kaspersky-FW-Vista-Win7"
set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
set type fw
next
edit "McAfee-Internet-Security-Suite-FW"
set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
set type fw
next
edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
set type fw
next
edit "Norton-360-2.0-FW"
set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
set type fw
next
edit "Norton-360-3.0-FW"
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
set type fw
next
edit "Norton-Internet-Security-FW"
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
set type fw
next
edit "Norton-Internet-Security-FW-Vista-Win7"
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
set type fw
next
edit "Symantec-Endpoint-Protection-FW"
set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
set type fw
next
edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
set type fw
next
edit "Panda-Antivirus+Firewall-2008-FW"
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
set type fw
next
edit "Panda-Internet-Security-2006~2007-FW"
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
set type fw
next
edit "Panda-Internet-Security-2008~2009-FW"
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
set type fw
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW"
set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
set type fw
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
set type fw
next
edit "Trend-Micro-FW"
set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
set type fw
next
edit "Trend-Micro-FW-Vista-Win7"
set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
set type fw
next
edit "ZoneAlarm-FW"
set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
set type fw
next
edit "ZoneAlarm-FW-Vista-Win7"
set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
set type fw
next
end
config vpn ssl web portal
edit "full-access"
set allow-access web ftp smb telnet ssh vnc rdp citrix
rdpnative portforward
set page-layout double-column
config widget
edit 4
set name "Session Information"
set type info
next
edit 2
set name "Bookmarks"
set allow-apps web ftp smb telnet ssh vnc rdp citrix
next
edit 3
set name "Connection Tool"
set type tool
set column two
next
edit 1
set name "Tunnel Mode"
set type tunnel
set column two
set split-tunneling enable
set ip-pools "SSLVPN_TUNNEL_ADDR1"
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
next
end
next
edit "web-access"
set allow-access web ftp smb telnet ssh vnc rdp citrix
config widget
edit 4
set type info
next
edit 1
next
end
next
edit "tunnel-access"
config widget
edit 4
set type info
next
edit 1
set type tunnel
set split-tunneling enable
next
end
next
edit "wizard-access"
set allow-access web
config widget
edit 1
set allow-apps web
next
edit 2
set type tunnel
next
end
next
end
config user ldap
edit "AD_Server"
set server "192.168.10.2"
set cnid "cn=mobintl.local"
next
end
config user fortitoken
edit "FTKMOB3B58DC34EF"
set license "FTMTRIAL00093748"
next
edit "FTKMOB3BCD0A749B"
set license "FTMTRIAL00093748"
next
end
config user local
edit "guest"
set type password
set passwd ENC
TUijEFh8LRbUizieYtfBNBC2Na0SRJWHArMuydGgbz8M2StEjqUbBsS
VXQ5YIhtEFmO2meK6psUuLoQWRwYjslyLAskeOccIraFB/XyxKQnrs
90sRpmxaBMbt4SoM2cEYEdvP8wvbRJRB3RLRIm+TPh2VrtJIYLKsW
aBc0XiWrlFRHIVwruVcC1NCEo7XWV6V2244Q==
next
edit "vpnuser1"
set type password
set passwd ENC
t0WSGENkN7B1uH1G8M5yQ10UfRmpEFtKoFuoTevDYAtVeOKR7lwl6
NQe3BUPz6y5Cij6z7+0ZTmX6bI9lJup4LP7RMx3OjsoZJbv0q22vC/09
XVMbCH0yEa11q/WG/eLxJCXMFJiYALSXk0GcY/HPYb50wtlXstdeaZd
kmfdwLzTCtPn8lmuylVOSVjrefsK+T9GCg==
next
edit "vpnuser2"
set type password
set passwd ENC
YPeyFaS2d1nriSYI380MLR6OuK9miMJYb2HGG4AM0GWOPYwtWjmh
4R547ch8o6Hi+Ktr+LM0UzgsZatQEuIIa9hJQvxGzP7IwoKss2EwG5kX
3zYfeECdBJ4qrvZZhhfiCw88Pjr/zSCNJaeNDdTBC4lLurfUEdx//tvCwC
7bQlrDqrtRre/Vd9Yg1rIaQPZnW8Z5yw==
next
end
config user group
edit "FSSO_Guest_Users"
set group-type fsso-service
next
edit "Guest-group"
set member "guest"
next
edit "IPSec_Client_Users"
set member "vpnuser1" "vpnuser2"
next
end
config voip profile
edit "default"
set comment "default VoIP profile"
config sip
set log-violations enable
end
config sccp
set log-call-summary enable
set log-violations enable
end
next
edit "strict"
config sip
set malformed-request-line discard
set malformed-header-via discard
set malformed-header-from discard
set malformed-header-to discard
set malformed-header-call-id discard
set malformed-header-cseq discard
set malformed-header-rack discard
set malformed-header-rseq discard
set malformed-header-contact discard
set malformed-header-record-route discard
set malformed-header-route discard
set malformed-header-expires discard
set malformed-header-content-type discard
set malformed-header-content-length discard
set malformed-header-max-forwards discard
set malformed-header-allow discard
set malformed-header-p-asserted-identity discard
set malformed-header-sdp-v discard
set malformed-header-sdp-o discard
set malformed-header-sdp-s discard
set malformed-header-sdp-i discard
set malformed-header-sdp-c discard
set malformed-header-sdp-b discard
set malformed-header-sdp-z discard
set malformed-header-sdp-k discard
set malformed-header-sdp-a discard
set malformed-header-sdp-t discard
set malformed-header-sdp-r discard
set malformed-header-sdp-m discard
end
next
end
config webfilter profile
edit "default"
set comment "default web filtering"
set ovrd-perm bannedword-override urlfilter-override fortiguard-
wf-override contenttype-check-override
set post-action comfort
config override
set ovrd-user-group ""
end
config ftgd-wf
unset options
config filters
edit 12
set action block
set category 12
next
edit 7
set action block
set category 7
next
edit 9
set action block
set category 9
next
edit 64
set action block
set category 64
next
edit 2
set action block
set category 2
next
edit 15
set action block
set category 15
next
edit 11
set action block
set category 11
next
edit 66
set action block
set category 66
next
edit 57
set action block
set category 57
next
edit 13
set action block
set category 13
next
edit 8
set action block
set category 8
next
edit 14
set action block
set category 14
next
edit 63
set action block
set category 63
next
edit 67
set action block
set category 67
next
edit 65
set action block
set category 65
next
edit 16
set action block
set category 16
next
edit 26
set action block
set category 26
next
edit 68
set action block
set category 61
next
end
end
set log-all-url enable
next
edit "web-filter-flow"
set comment "flow-based web filter profile"
set inspection-mode flow-based
set post-action comfort
config ftgd-wf
config filters
edit 1
set action warning
set category 2
next
edit 2
set action warning
set category 7
next
edit 3
set action warning
set category 8
next
edit 4
set action warning
set category 9
next
edit 5
set action warning
set category 11
next
edit 6
set action warning
set category 12
next
edit 7
set action warning
set category 13
next
edit 8
set action warning
set category 14
next
edit 9
set action warning
set category 15
next
edit 10
set action warning
set category 16
next
edit 11
set action warning
next
edit 12
set action warning
set category 57
next
edit 13
set action warning
set category 63
next
edit 14
set action warning
set category 64
next
edit 15
set action warning
set category 65
next
edit 16
set action warning
set category 66
next
edit 17
set action warning
set category 67
next
edit 18
set action block
set category 26
next
end
end
next
end
config webfilter override
end
config webfilter override-user
end
config webfilter ftgd-warning
end
config webfilter ftgd-local-rating
end
config webfilter search-engine
edit "google"
set hostname ".*\\.google\\..*"
set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
set query "q="
set safesearch url
set safesearch-str "&safe=active"
next
edit "yahoo"
set hostname ".*\\.yahoo\\..*"
set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
set query "p="
set safesearch url
set safesearch-str "&vm=r"
next
edit "bing"
set hostname "www\\.bing\\.com"
set url "^(\\/images|\\/videos)?(\\/search|\\/async)\\?"
set query "q="
set safesearch url
set safesearch-str "&adlt=strict"
next
edit "yandex"
set hostname "yandex\\..*"
set url "^\\/(yand){0,1}(search)[\\/]{0,}.{0,}\\?"
set query "text="
set safesearch url
set safesearch-str "&fyandex=1"
next
edit "youtube"
set hostname ".*\\.youtube\\..*"
set safesearch header
next
edit "baidu"
set hostname ".*\\.baidu\\.com"
set url "^\\/s?\\?"
set query "wd="
next
edit "baidu2"
set hostname ".*\\.baidu\\.com"
set url "^\\/(ns|q|m|i|v)\\?"
set query "word="
next
edit "baidu3"
set hostname "tieba\\.baidu\\.com"
set url "^\\/f\\?"
set query "kw="
next
end
config vpn ipsec phase1-interface
edit "IPSec_VPN"
set type dynamic
set interface "wan1"
set mode aggressive
set xauthtype auto
set mode-cfg enable
set proposal 3des-sha1 aes128-sha1
set xauthexpire on-rekey
set authusrgrp "IPSec_Client_Users"
set ipv4-start-ip 192.168.20.100
set ipv4-end-ip 192.168.20.200
set ipv4-netmask 255.255.255.0
set ipv4-dns-server1 165.21.83.88
set psksecret ENC
QUlQCXma3kq9KvkfTmC7pKbR6Qa0ZwYQa3a10N9DNCReWkVqu21
EWm4iNgrJS5R8QIC2bhNqTRxtpmwfUQSU751sjRQYlVh1XbpBuYtH
An9ZY4+cAsSLPYfHxBatbBgahxjBpsh5HepMa0NfTJtwxVW4KhVUxn
8/ZmOaGXFKTejUj9NKm6oLqEwtxwFz68zPFMMkbA==
next
end
config vpn ipsec phase2-interface
edit "IPSec_VPN"
set phase1name "IPSec_VPN"
set proposal 3des-sha1 aes128-sha1
next
end
config antivirus profile
edit "default"
set comment "scan and delete virus"
config http
set options scan
end
config ftp
set options scan
end
config imap
set options scan
end
config pop3
set options scan
end
config smtp
set options scan
end
config nntp
set options scan
end
config im
set options scan
end
next
edit "AV-flow"
set comment "flow-based scan and delete virus"
set inspection-mode flow-based
config http
set options scan
end
config ftp
set options scan
end
config imap
set options scan
end
config pop3
set options scan
end
config smtp
set options scan
end
config nntp
set options scan
end
config im
set options scan
end
next
end
config spamfilter profile
edit "default"
set comment "malware and phishing URL filtering"
set spam-filtering enable
set options spamfsurl spamfsphish
next
end
config report layout
edit "default"
config body-item
edit 350
set type misc
set misc-component section-start
set column 1
set title "Bandwidth and Application Usage"
next
edit 401
set type chart
set chart "bandwidth.applications"
set chart-options include-no-data
next
edit 501
set type chart
set chart "web.usage"
next
edit 511
set type chart
set chart "email.usage"
next
edit 515
set type chart
set chart "threats"
next
edit 521
set type chart
set chart "vpn.usage"
next
edit 525
set type chart
set chart "events"
next
edit 601
set type chart
set hide enable
set chart "traffic.bandwidth.users"
set drill-down-items "5"
set drill-down-types "0"
next
end
set format pdf
set options dummy-option
config page
config footer
config footer-item
edit 1
set content "Fortinet Inc. All rights reserved"
next
edit 2
set style "align_right"
set content "${page_no}"
next
end
end
config header
config header-item
edit 1
set type image
set style "align_right"
set img-src "fortinet_logo.jpg"
next
end
end
set options header-on-first-page footer-on-first-page
set page-break-before heading1
set paper letter
end
set style-theme "default-report"
set title "FortiGate System Analysis Report"
next
end
config wanopt settings
set host-id "default-id"
end
config wanopt profile
edit "default"
set comments "default WANopt profile"
next
end
config web-proxy global
set proxy-fqdn "default.fqdn"
end
config firewall schedule recurring
edit "always"
set day sunday monday tuesday wednesday thursday friday
saturday
next
edit "Office Hour"
set day monday tuesday wednesday thursday friday
set end 18:30
set start 08:30
next
end
config firewall vip
edit "AD_Server"
set extip 58.145.236.34
set extintf "wan1"
set mappedip 192.168.10.2
next
edit "Mail_Server"
set extip 58.145.236.35
set extintf "wan1"
next
edit "CCTV"
set extip 58.145.236.37
set extintf "wan1"
set portforward enable
set extport 6036-65535
set mappedport 6036-65535
next
edit "Print_Server"
set extip 58.145.236.38
set extintf "wan1"
next
edit "PDMOB001"
set extip 58.145.236.40
set extintf "wan1"
next
end
config firewall profile-protocol-options
edit "default"
set comment "all default services"
config http
set ports 80
set options no-content-summary
unset post-lang
end
config ftp
set ports 21
set options no-content-summary splice
end
config imap
set ports 143
set options fragmail no-content-summary
end
config mapi
set ports 135
end
config pop3
set ports 110
end
config smtp
set ports 25
set options fragmail no-content-summary splice
end
config nntp
set ports 119
set options no-content-summary splice
end
config im
unset options
end
config dns
set ports 53
end
next
end
config firewall deep-inspection-options
edit "default"
set comment "all default services"
config https
set ports 443
set status disable
end
config ftps
set ports 990
set status disable
end
config imaps
set ports 993
set status disable
end
config pop3s
set ports 995
set status disable
end
config smtps
set ports 465
set status disable
end
next
end
config firewall identity-based-route
end
config firewall policy
edit 3
set srcintf "internal"
set dstintf "wan1"
set srcaddr "Internal_IP_Address"
set dstaddr "SingnetDNS"
set action accept
set schedule "always"
set service "DNS"
set logtraffic all
set nat enable
next
edit 6
set dstintf "wan1"
set srcaddr "Internal_Subnet"
set dstaddr "IP_122.169.0.126" "IP_95.110.250.171"
set action accept
set service "FTP" "TCP_77"
set utm-status enable
set logtraffic all
set av-profile "default"
set webfilter-profile "default"
set spamfilter-profile "default"
set ips-sensor "default"
set application-list "default"
set profile-protocol-options "default"
set deep-inspection-options "default"
set nat enable
next
edit 17
set dstintf "wan1"
set srcaddr "Internal_Subnet"
set dstaddr "IP_95.110.250.183"
set action accept
set service "FTP" "TCP_77"
set logtraffic all
set nat enable
next
edit 16
set dstintf "wan1"
set dstaddr "www.dmisoft.com"
set action accept
set service "TCP_4283"
set logtraffic all
set nat enable
next
edit 18
set dstintf "wan1"
set dstaddr "www.paslists.com"
set action accept
set logtraffic all
set nat enable
next
edit 15
set dstintf "wan1"
set srcaddr "mail_server"
set dstaddr "all"
set action accept
set service "Internet_Services"
set logtraffic all
set nat enable
next
edit 4
set dstintf "wan1"
set dstaddr "all"
set action accept
set logtraffic all
set nat enable
next
edit 10
set srcintf "wan1"
set dstintf "internal"
set srcaddr "all"
set dstaddr "AD_Server"
set action accept
set service "RDP"
set logtraffic all
next
edit 8
set srcintf "wan1"
set srcaddr "all"
set dstaddr "Mail_Server"
set action accept
set service "SMTP" "HTTPS" "RDP"
set logtraffic all
next
edit 9
set srcintf "IPSec_VPN"
set srcaddr "IPSec_Clients_Range"
set dstaddr "Internal_Subnet"
set action accept
set service "ALL"
set logtraffic all
next
edit 12
set dstintf "wan1"
set dstaddr "SingnetDNS"
set action accept
set service "DNS"
set logtraffic all
set nat enable
next
edit 13
set dstintf "wan1"
set dstaddr "IP_122.169.0.126" "IP_95.110.250.171"
set action accept
set service "TCP_77" "FTP"
set logtraffic all
set nat enable
next
edit 11
set dstintf "wan1"
set dstaddr "all"
set action accept
set logtraffic all
set nat enable
next
edit 14
set srcintf "wan1"
set srcaddr "all"
set dstaddr "CCTV"
set action accept
set service "ALL"
set logtraffic all
next
edit 20
set dstintf "wan1"
set dstaddr "sftp.ghp-fareast.vn" "sftp2.ghp-fareast.vn"
set action accept
set nat enable
next
edit 21
set dstintf "wan1"
set srcaddr "Bernard" "AD"
set dstaddr "NETSFTP"
set action accept
set schedule "Office Hour"
set service "SFTP"
set nat enable
next
end
config firewall local-in-policy
end
config firewall policy6
end
config firewall local-in-policy6
end
config firewall ttl-policy
end
end
end
config firewall interface-policy
end
config firewall interface-policy6
end
config firewall sniff-interface-policy
end
config firewall sniff-interface-policy6
end
config firewall DoS-policy
end
config firewall DoS-policy6
end
config firewall sniffer
end
config endpoint-control profile
edit "default"
config forticlient-winmac-settings
set forticlient-ui-options av wf af vpn vs
end
config forticlient-android-settings
set forticlient-wf enable
set forticlient-wf-profile "default"
end
config forticlient-ios-settings
set forticlient-wf enable
set forticlient-wf-profile "default"
end
next
end
config wireless-controller wids-profile
edit "default"
set comment "default wids profile"
set wireless-bridge enable
set deauth-broadcast enable
set null-ssid-probe-resp enable
set long-duration-attack enable
set invalid-mac-oui enable
set weak-wep-iv enable
set auth-frame-flood enable
set assoc-frame-flood enable
set spoofed-deauth enable
set asleap-attack enable
set eapol-start-flood enable
set eapol-logoff-flood enable
set eapol-succ-flood enable
set eapol-fail-flood enable
set eapol-pre-succ-flood enable
set eapol-pre-fail-flood enable
next
end
config wireless-controller wtp-profile
edit "FAP220A-default"
config platform
set type 220A
end
set ap-country US
config radio-1
set band 802.11n
set channel "1" "6" "11"
end
config radio-2
set band 802.11n-5G
set channel "36" "40" "44" "48" "149" "153" "157" "161"
"165"
end
next
edit "FAP220B-default"
set ap-country US
config radio-1
set band 802.11n-5G
set channel "36" "40" "44" "48" "149" "153" "157" "161"
"165"
end
config radio-2
set band 802.11n
end
next
config platform
set type 210B
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set mode disabled
end
next
config platform
set type 222B
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11n-5G
set channel "36" "40" "44" "48" "149" "153" "157" "161"
"165"
end
next
end
config log memory setting
set status enable
end
config log disk setting
set status disable
set maximum-log-age 0
set full-first-warning-threshold 60
set full-second-warning-threshold 70
set full-final-warning-threshold 80
end
config log setting
set fwpolicy-implicit-log enable
set local-in-deny disable
end
config alertemail setting
set username "administrator@mobintl.com.sg"
set mailto1 "boonsiang.phua@mobintl.com.sg"
set filter-mode threshold
end
config router rip
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router ripng
end
end
end
end
end
end
config router static
edit 1
set device "wan1"
set gateway 58.145.236.33
next
end
config router ospf
end
end
config redistribute "rip"
end
end
end
end
config router ospf6
end
end
end
end
end
end
config router bgp
end
end
end
end
end
config redistribute6 "connected"
end
config redistribute6 "rip"
end
config redistribute6 "ospf"
end
config redistribute6 "static"
end
config redistribute6 "isis"
end
end
config router isis
end
end
end
end
end
end
config router multicast
end

Fortigate 80C

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Fortigate 80C

Hochgeladen von

Copyright:

Verfügbare Formate

#config-version=FGT80C-5.

Das könnte Ihnen auch gefallen