From d1d48f23d4eccf930feb05c740bc84d223a5b9e2 Mon Sep 17 00:00:00 2001
From: John Poland <jdpoland@gmail.com>
Date: Thu, 13 Nov 2025 20:46:12 -0500
Subject: [PATCH] fortigate-backup Thu Nov 13 08:46:12 PM EST 2025

---
 configs/fortigate/fortigate.conf | 46747 +++++++++++++++++------------
 1 file changed, 27234 insertions(+), 19513 deletions(-)

diff --git a/configs/fortigate/fortigate.conf b/configs/fortigate/fortigate.conf
index 231193b..48bfd52 100644
--- a/configs/fortigate/fortigate.conf
+++ b/configs/fortigate/fortigate.conf
@@ -1,18 +1,18 @@
 

-#config-version=F2K61F-7.0.17-FW-build0682-250113:opmode=0:vdom=1:user=jpoland
-#conf_file_ver=6251333490717899
-#buildno=0682
+#config-version=F2K61F-7.4.9-FW-build2829-250924:opmode=0:vdom=1:user=jpoland
+#conf_file_ver=642393963644344
+#buildno=2829
 #global_vdom=1
 
 config vdom
 edit root
 next
-edit scsd
-next
 edit Policy
 next
 edit TEST
 next
+edit scsd
+next
 end
 
 config global
@@ -21,7 +21,7 @@ config system global
     set admin-console-timeout 0
     set admin-forticloud-sso-login disable
     set admin-host ''
-    set admin-hsts-max-age 15552000
+    set admin-hsts-max-age 63072000
     set admin-https-pki-required disable
     set admin-https-redirect enable
     unset admin-https-ssl-banned-ciphers
@@ -30,7 +30,6 @@ config system global
     set admin-lockout-duration 60
     set admin-lockout-threshold 3
     set admin-login-max 100
-    set admin-maintainer enable
     set admin-port 80
     set admin-restrict-local disable
     set admin-scp disable
@@ -50,6 +49,7 @@ config system global
     set auth-cert "Fortinet_Factory"
     set auth-http-port 1000
     set auth-https-port 1003
+    set auth-ike-saml-port 1001
     set auth-keepalive disable
     set auth-session-limit block-new
     set auto-auth-extension-device enable
@@ -58,6 +58,7 @@ config system global
     set av-failopen pass
     set av-failopen-session disable
     set batch-cmdb enable
+    set bfd-affinity "1"
     set block-session-timer 30
     set br-fdb-max-entry 8192
     set cert-chain-max 8
@@ -67,27 +68,38 @@ config system global
     set cli-audit-log disable
     set cloud-communication enable
     set clt-cert-req disable
-    set cmdbsvr-affinity "0"
+    set cmdbsvr-affinity "1"
     set cpu-use-threshold 90
     set csr-ca-attribute enable
     set daily-restart disable
     set default-service-source-port 1-65535
+    set delay-tcp-npu-session disable
     set device-idle-timeout 300
     set dh-params 2048
+    set dhcp-lease-backup-interval 60
     set dnsproxy-worker-count 1
-    set dst enable
     set early-tcp-npu-session disable
     set extender-controller-reserved-network 10.252.0.1 255.255.0.0
     set faz-disk-buffer-size 0
     set fds-statistics enable
     unset fgd-alert-subscription
+    set forticonverter-config-upload disable
+    set forticonverter-integration disable
     set fortiextender disable
     set fortiextender-data-port 25246
     set fortiextender-discovery-lockdown disable
+    set fortiextender-provision-on-authorization disable
     set fortiextender-vlan-mode disable
+    set fortigslb-integration disable
     set fortiservice-port 8013
     set fortitoken-cloud enable
-    set gui-allow-default-hostname disable
+    set fortitoken-cloud-push-status enable
+    set fortitoken-cloud-region ''
+    set fortitoken-cloud-sync-interval 24
+    set geoip-full-db disable
+    set gtpu-dynamic-source-port disable
+    set gui-app-detection-sdwan disable
+    set gui-auto-upgrade-setup-warning disable
     set gui-cdn-usage disable
     set gui-certificates enable
     set gui-custom-language disable
@@ -99,34 +111,36 @@ config system global
     set gui-firmware-upgrade-warning enable
     set gui-forticare-registration-setup-warning enable
     set gui-fortigate-cloud-sandbox disable
-    set gui-fortiguard-resource-fetch enable
     set gui-ipv6 disable
     set gui-local-out disable
     set gui-replacement-message-groups disable
     set gui-rest-api-cache enable
     set gui-theme jade
     set gui-wireless-opensecurity disable
-    set ha-affinity "0"
+    set gui-workflow-management disable
+    set ha-affinity "1"
     set honor-df enable
     set hostname "noc-fortigate-a"
     set hyper-scale-vdom-num 250
     set igmp-state-limit 3200
+    set interface-subnet-usage enable
     set internet-service-database full
+    set ip-conflict-detection disable
     set ip-fragment-mem-thresholds 32
     set ip-src-port-range 1024-25000
     set ipsec-asic-offload enable
     set ipsec-ha-seqjump-rate 10
     set ipsec-hmac-offload enable
-    set ipsec-soft-dec-async disable
     set ipv6-accept-dad 1
     set ipv6-allow-anycast-probe disable
-    set ipv6-allow-local-in-slient-drop enable
+    set ipv6-allow-local-in-silent-drop enable
     set ipv6-allow-multicast-probe disable
     set ipv6-allow-traffic-redirect enable
     set language english
     set ldapconntimeout 500
     set lldp-reception disable
     set lldp-transmission disable
+    set log-single-cpu-high disable
     set log-ssl-connection disable
     set log-uuid-address disable
     set login-timestamp disable
@@ -153,49 +167,54 @@ config system global
     set proxy-auth-timeout 10
     set proxy-cert-use-mgmt-vdom disable
     set proxy-hardware-acceleration enable
-    set proxy-re-authentication-mode session
+    set proxy-keep-alive-mode session
     set proxy-resource-mode disable
     set proxy-worker-count 0
+    set purdue-level 3
+    set quic-ack-thresold 3
+    set quic-congestion-control-algo cubic
+    set quic-max-datagram-size 1500
+    set quic-pmtud enable
+    set quic-tls-handshake-timeout 5
+    set quic-udp-payload-size-shaping-per-cid enable
     set radius-port 1812
     set reboot-upon-config-restore enable
     set refresh 0
     set remoteauthtimeout 120
     set reset-sessionless-tcp disable
+    set rest-api-key-url-query disable
     set revision-backup-on-logout enable
     set revision-image-auto-backup disable
     set scanunit-count 0
-    set security-rating-result-submission enable
     set security-rating-run-on-schedule enable
     set send-pmtu-icmp enable
+    set sflowd-max-children-num 6
     set snat-route-change disable
     set special-file-23-support disable
     set speedtest-server disable
+    set speedtestd-ctrl-port 5200
+    set speedtestd-server-port 5201
     set split-port ''
     set ssd-trim-freq weekly
     set ssd-trim-hour 1
     set ssd-trim-min 60
     set ssd-trim-weekday sunday
-    set ssh-enc-algo chacha20-poly1305@openssh.com aes256-ctr aes256-gcm@openssh.com
-    set ssh-kex-algo diffie-hellman-group-exchange-sha256 curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521
-    set ssh-mac-algo hmac-sha2-256 hmac-sha2-256-etm@openssh.com hmac-sha2-512 hmac-sha2-512-etm@openssh.com
     set ssl-min-proto-version TLSv1-2
     set ssl-static-key-ciphers enable
-    set sslvpn-cipher-hardware-acceleration disable
-    set sslvpn-ems-sn-check disable
-    set sslvpn-kxp-hardware-acceleration disable
     set sslvpn-max-worker-count 0
-    set sslvpn-plugin-version-check enable
+    set sslvpn-web-mode enable
     set strict-dirty-session-check enable
     set strong-crypto enable
     set switch-controller enable
-    set switch-controller-reserved-network 10.255.0.0 255.255.0.0
+    set switch-controller-reserved-network 10.255.0.1 255.255.0.0
     set sys-perf-log-interval 5
+    set syslog-affinity "0"
     set tcp-halfclose-timer 120
     set tcp-halfopen-timer 10
     set tcp-option enable
     set tcp-rst-timer 5
     set tcp-timewait-timer 1
-    set timezone 12
+    set timezone "US/Eastern"
     set traffic-priority tos
     set traffic-priority-level medium
     set two-factor-email-expiry 60
@@ -206,17 +225,19 @@ config system global
     set udp-idle-timer 180
     set url-filter-affinity "0"
     set url-filter-count 1
+    set user-device-store-max-device-mem 2
     set user-device-store-max-devices 507278
-    set user-device-store-max-unified-mem 2536393932
+    set user-device-store-max-unified-mem 2536393318
     set user-device-store-max-users 507278
-    set user-server-cert "Fortinet_Factory"
     set vdom-mode multi-vdom
     set vip-arp-range restricted
     set virtual-switch-vlan disable
+    set vpn-ems-sn-check disable
     set wad-affinity "0"
     set wad-csvc-cs-count 1
     set wad-csvc-db-count 0
     set wad-memory-change-granularity 10
+    set wad-restart-mode none
     set wad-source-affinity enable
     set wad-worker-count 0
     set wifi-ca-certificate "Fortinet_Wifi_CA"
@@ -244,7 +265,13 @@ config system accprofile
         set wanoptgrp read-write
         set wifi read-write
         set admintimeout-override disable
-        set system-diagnostics enable
+        set cli-diagnose disable
+        set cli-get enable
+        set cli-show enable
+        set cli-exec enable
+        set cli-config enable
+        set system-execute-ssh enable
+        set system-execute-telnet enable
     next
     edit "NOC_Dashboard"
         set scope vdom
@@ -261,7 +288,13 @@ config system accprofile
         set wanoptgrp read
         set wifi read
         set admintimeout-override enable
-        set system-diagnostics disable
+        set cli-diagnose disable
+        set cli-get enable
+        set cli-show enable
+        set cli-exec enable
+        set cli-config enable
+        set system-execute-ssh enable
+        set system-execute-telnet enable
         set admintimeout 0
     next
     edit "Read_Only"
@@ -279,17 +312,24 @@ config system accprofile
         set wanoptgrp read
         set wifi read
         set admintimeout-override disable
-        set system-diagnostics enable
+        set cli-diagnose disable
+        set cli-get enable
+        set cli-show enable
+        set cli-exec enable
+        set cli-config enable
+        set system-execute-ssh enable
+        set system-execute-telnet enable
     next
 end
+config system isf-queue-profile
+end
 config system npu
     set dedicated-management-cpu disable
-    set ipsec-ob-np-sel rr
+    set dedicated-lacp-queue disable
     config dos-options
         set npu-dos-meter-mode global
         set npu-dos-tpe-mode enable
     end
-    set policy-offload-level disable
     set napi-break-interval 0
     config hpe
         set all-protocol 400000
@@ -309,7 +349,9 @@ config system npu
         set enable-shaper disable
     end
     set capwap-offload enable
-    set default-qos-type shaping
+    set vxlan-offload enable
+    set default-qos-type policing
+    set shaping-stats disable
     set gtp-support disable
     set per-session-accounting traffic-log-only
     set session-acct-interval 5
@@ -339,6 +381,8 @@ config system npu
         set tcp-csum-err drop
         set udp-csum-err drop
         set icmp-csum-err drop
+        set gre-csum-err drop
+        set sctp-csum-err drop
         set ipv6-land trap-to-host
         set ipv6-proto-err trap-to-host
         set ipv6-unknopt trap-to-host
@@ -464,9 +508,27 @@ config system npu
                 set weight 13
             next
         end
+        set custom-etype-lookup disable
     end
+    set qos-mode disable
     set double-level-mcast-offload disable
     set qtm-buf-mode 6ch
+    set ipsec-ob-np-sel rr
+    set max-receive-unit 10000
+    config sw-eh-hash
+        set computation xor16
+        set ip-protocol include
+        set source-ip-upper-16 include
+        set source-ip-lower-16 include
+        set destination-ip-upper-16 include
+        set destination-ip-lower-16 include
+        set source-port include
+        set destination-port include
+        set netmask-length 32
+    end
+    config sw-tr-hash
+        set draco15 enable
+    end
 end
 config system npu-vlink
 end
@@ -474,7 +536,8 @@ config system vdom-link
 end
 config wireless-controller inter-controller
     set inter-controller-mode disable
-    set inter-controller-key ENC eHQAZvmBSb+BVm46O44w3RrLvudhWg/ytjhRqbzNqlhgdjNSc098MMNm7i0IFeCtVmQJAm1WRETFtSDQFVTphqIesoMPi2XtF8AleVGD9Jdy0l/Z8H/vLJKCo16JSq28GTbf1mr8dG5n1RN5F6snNLdHPc4ThRK4eklyfmYePLDovtTlr3QmKlexcyQLgjPbx/9dBw==
+    set l3-roaming disable
+    set inter-controller-key ENC ZmlsZZn2w3be/mZLqfwOHw5UwBLtk9b92nHMkmAPjff0gGTc6T2ZAx9Gd9/+/op/MDAvixueGH6caXt2KS1RTyiLbp9GNitEQA9v1AQ4vlOjFSm96zLRti3u7yqpOlWoUmIHUOMDYg3ykU7CZQOplihrTha45OpKE9+hpFYkXhrxYMilhOCRJNwdu1qQ3bj/ARVp1FlmMjY3dkVA
     set inter-controller-pri primary
     set fast-failover-max 10
     set fast-failover-wait 10
@@ -482,7 +545,11 @@ end
 config wireless-controller global
     set name ''
     set location ''
+    set acd-process-count 0
+    set wpad-process-count 0
     set image-download enable
+    set rolling-wtp-upgrade disable
+    set rolling-wtp-upgrade-threshold "-80"
     set max-retransmit 3
     set control-message-offload ebp-frame aeroscout-tag ap-list sta-list sta-cap-list stats aeroscout-mu sta-health spectral-analysis
     set data-ethernet-II enable
@@ -497,16 +564,15 @@ config wireless-controller global
     set tunnel-mode compatible
     set nac-interval 120
     set ap-log-server disable
+    set max-sta-cap 0
+    set max-sta-cap-wtp 8
+    set max-rogue-ap 0
+    set max-rogue-ap-wtp 16
+    set max-rogue-sta 0
+    set max-ble-device 0
 end
 config system switch-interface
 end
-config system lte-modem
-    set status disable
-    set extra-init ''
-    set authtype none
-    set apn ''
-    set modem-port 255
-end
 config system interface
     edit "port1"
         set vdom "root"
@@ -551,7 +617,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -560,6 +625,7 @@ config system interface
         set description ''
         set alias "HA Port 1"
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -576,12 +642,14 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -601,7 +669,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -609,11 +678,12 @@ config system interface
         set padt-retry-timeout 1
         set dns-server-override enable
         set dns-server-protocol cleartext
-        set speed 10000auto
-        set mtu-override disable
+        set speed auto
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port2"
         set vdom "root"
@@ -658,7 +728,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -667,6 +736,7 @@ config system interface
         set description ''
         set alias "HA Port 2"
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -683,12 +753,14 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -708,7 +780,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -716,11 +789,12 @@ config system interface
         set padt-retry-timeout 1
         set dns-server-override enable
         set dns-server-protocol cleartext
-        set speed 10000auto
-        set mtu-override disable
+        set speed auto
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port3"
         set vdom "root"
@@ -765,7 +839,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -774,6 +847,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -790,12 +864,14 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -815,7 +891,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -823,11 +900,12 @@ config system interface
         set padt-retry-timeout 1
         set dns-server-override enable
         set dns-server-protocol cleartext
-        set speed 10000auto
-        set mtu-override disable
+        set speed auto
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port4"
         set vdom "root"
@@ -872,7 +950,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -881,6 +958,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -897,12 +975,14 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -922,7 +1002,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -930,11 +1011,12 @@ config system interface
         set padt-retry-timeout 1
         set dns-server-override enable
         set dns-server-protocol cleartext
-        set speed 10000auto
-        set mtu-override disable
+        set speed auto
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port5"
         set vdom "scsd"
@@ -945,10 +1027,10 @@ config system interface
         set status up
         set type physical
         set src-check enable
-        set disconnect-threshold 0
         set trunk disable
         set description ''
         set alias ''
+        set ike-saml-server ''
         set estimated-upstream-bandwidth 0
         set estimated-downstream-bandwidth 0
         set measured-upstream-bandwidth 0
@@ -963,8 +1045,11 @@ config system interface
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
-        set dhcp-relay-request-all-server disable
+        set port-mirroring disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set dns-server-override enable
@@ -980,10 +1065,10 @@ config system interface
         set status up
         set type physical
         set src-check enable
-        set disconnect-threshold 0
         set trunk disable
         set description ''
         set alias ''
+        set ike-saml-server ''
         set estimated-upstream-bandwidth 0
         set estimated-downstream-bandwidth 0
         set measured-upstream-bandwidth 0
@@ -998,8 +1083,11 @@ config system interface
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
-        set dhcp-relay-request-all-server disable
+        set port-mirroring disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set dns-server-override enable
@@ -1049,7 +1137,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -1058,6 +1145,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -1074,12 +1162,14 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -1099,7 +1189,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -1107,11 +1198,12 @@ config system interface
         set padt-retry-timeout 1
         set dns-server-override enable
         set dns-server-protocol cleartext
-        set speed 10000auto
-        set mtu-override disable
+        set speed auto
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port8"
         set vdom "root"
@@ -1156,7 +1248,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -1165,6 +1256,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -1181,12 +1273,14 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -1206,7 +1300,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -1214,11 +1309,12 @@ config system interface
         set padt-retry-timeout 1
         set dns-server-override enable
         set dns-server-protocol cleartext
-        set speed 10000auto
-        set mtu-override disable
+        set speed auto
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port9"
         set vdom "TEST"
@@ -1263,7 +1359,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -1272,6 +1367,7 @@ config system interface
         set description ''
         set alias "LAN_Test"
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -1288,12 +1384,14 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -1313,7 +1411,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -1321,11 +1420,12 @@ config system interface
         set padt-retry-timeout 1
         set dns-server-override enable
         set dns-server-protocol cleartext
-        set speed 10000auto
-        set mtu-override disable
+        set speed auto
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port10"
         set vdom "TEST"
@@ -1370,7 +1470,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -1379,6 +1478,7 @@ config system interface
         set description ''
         set alias "WAN_Test"
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -1395,12 +1495,14 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -1420,7 +1522,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -1428,11 +1531,12 @@ config system interface
         set padt-retry-timeout 1
         set dns-server-override enable
         set dns-server-protocol cleartext
-        set speed 10000auto
-        set mtu-override disable
+        set speed auto
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port11"
         set vdom "root"
@@ -1477,7 +1581,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -1486,6 +1589,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -1502,12 +1606,14 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -1527,7 +1633,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -1535,11 +1642,12 @@ config system interface
         set padt-retry-timeout 1
         set dns-server-override enable
         set dns-server-protocol cleartext
-        set speed 10000auto
-        set mtu-override disable
+        set speed auto
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port12"
         set vdom "root"
@@ -1584,7 +1692,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -1593,6 +1700,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -1609,12 +1717,14 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -1634,7 +1744,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -1642,11 +1753,12 @@ config system interface
         set padt-retry-timeout 1
         set dns-server-override enable
         set dns-server-protocol cleartext
-        set speed 10000auto
-        set mtu-override disable
+        set speed auto
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port13"
         set vdom "root"
@@ -1691,7 +1803,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -1700,6 +1811,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -1716,12 +1828,14 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -1741,7 +1855,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -1749,11 +1864,12 @@ config system interface
         set padt-retry-timeout 1
         set dns-server-override enable
         set dns-server-protocol cleartext
-        set speed 10000auto
-        set mtu-override disable
+        set speed auto
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port14"
         set vdom "root"
@@ -1798,7 +1914,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -1807,6 +1922,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -1823,12 +1939,14 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -1848,7 +1966,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -1856,11 +1975,12 @@ config system interface
         set padt-retry-timeout 1
         set dns-server-override enable
         set dns-server-protocol cleartext
-        set speed 10000auto
-        set mtu-override disable
+        set speed auto
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port15"
         set vdom "root"
@@ -1905,7 +2025,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -1914,6 +2033,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -1930,12 +2050,14 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -1955,7 +2077,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -1963,11 +2086,12 @@ config system interface
         set padt-retry-timeout 1
         set dns-server-override enable
         set dns-server-protocol cleartext
-        set speed 10000auto
-        set mtu-override disable
+        set speed auto
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port16"
         set vdom "root"
@@ -2012,7 +2136,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -2021,6 +2144,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -2037,12 +2161,14 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -2062,7 +2188,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -2070,11 +2197,12 @@ config system interface
         set padt-retry-timeout 1
         set dns-server-override enable
         set dns-server-protocol cleartext
-        set speed 10000auto
-        set mtu-override disable
+        set speed auto
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port17"
         set vdom "scsd"
@@ -2086,10 +2214,10 @@ config system interface
         set type physical
         set src-check enable
         set mediatype sr
-        set disconnect-threshold 0
         set trunk disable
         set description ''
         set alias ''
+        set ike-saml-server ''
         set estimated-upstream-bandwidth 0
         set estimated-downstream-bandwidth 0
         set measured-upstream-bandwidth 0
@@ -2104,8 +2232,11 @@ config system interface
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
-        set dhcp-relay-request-all-server disable
+        set port-mirroring disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set dns-server-override enable
@@ -2122,10 +2253,10 @@ config system interface
         set type physical
         set src-check enable
         set mediatype sr
-        set disconnect-threshold 0
         set trunk disable
         set description ''
         set alias ''
+        set ike-saml-server ''
         set estimated-upstream-bandwidth 0
         set estimated-downstream-bandwidth 0
         set measured-upstream-bandwidth 0
@@ -2140,8 +2271,11 @@ config system interface
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
-        set dhcp-relay-request-all-server disable
+        set port-mirroring disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set dns-server-override enable
@@ -2158,10 +2292,10 @@ config system interface
         set type physical
         set src-check enable
         set mediatype sr
-        set disconnect-threshold 0
         set trunk disable
         set description ''
         set alias ''
+        set ike-saml-server ''
         set estimated-upstream-bandwidth 0
         set estimated-downstream-bandwidth 0
         set measured-upstream-bandwidth 0
@@ -2176,8 +2310,11 @@ config system interface
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
-        set dhcp-relay-request-all-server disable
+        set port-mirroring disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set dns-server-override enable
@@ -2194,10 +2331,10 @@ config system interface
         set type physical
         set src-check enable
         set mediatype sr
-        set disconnect-threshold 0
         set trunk disable
         set description ''
         set alias ''
+        set ike-saml-server ''
         set estimated-upstream-bandwidth 0
         set estimated-downstream-bandwidth 0
         set measured-upstream-bandwidth 0
@@ -2212,8 +2349,11 @@ config system interface
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
-        set dhcp-relay-request-all-server disable
+        set port-mirroring disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set dns-server-override enable
@@ -2264,7 +2404,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -2273,6 +2412,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -2289,13 +2429,15 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
         set forward-error-correction disable
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -2315,7 +2457,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -2324,10 +2467,11 @@ config system interface
         set dns-server-override enable
         set dns-server-protocol cleartext
         set speed 25000full
-        set mtu-override disable
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port22"
         set vdom "root"
@@ -2373,7 +2517,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -2382,6 +2525,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -2398,13 +2542,15 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
         set forward-error-correction disable
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -2424,7 +2570,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -2433,10 +2580,11 @@ config system interface
         set dns-server-override enable
         set dns-server-protocol cleartext
         set speed 25000full
-        set mtu-override disable
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port23"
         set vdom "root"
@@ -2482,7 +2630,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -2491,6 +2638,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -2507,13 +2655,15 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
         set forward-error-correction disable
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -2533,7 +2683,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -2542,10 +2693,11 @@ config system interface
         set dns-server-override enable
         set dns-server-protocol cleartext
         set speed 25000full
-        set mtu-override disable
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port24"
         set vdom "root"
@@ -2591,7 +2743,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -2600,6 +2751,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -2616,13 +2768,15 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
         set forward-error-correction disable
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -2642,7 +2796,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -2651,10 +2806,11 @@ config system interface
         set dns-server-override enable
         set dns-server-protocol cleartext
         set speed 25000full
-        set mtu-override disable
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port25"
         set vdom "scsd"
@@ -2700,7 +2856,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -2709,6 +2864,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -2725,12 +2881,14 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -2750,7 +2908,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -2759,10 +2918,11 @@ config system interface
         set dns-server-override enable
         set dns-server-protocol cleartext
         set speed 10000full
-        set mtu-override disable
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port26"
         set vdom "root"
@@ -2808,7 +2968,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -2817,6 +2976,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -2833,12 +2993,14 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -2858,7 +3020,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -2867,10 +3030,11 @@ config system interface
         set dns-server-override enable
         set dns-server-protocol cleartext
         set speed 10000full
-        set mtu-override disable
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port27"
         set vdom "root"
@@ -2916,7 +3080,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -2925,6 +3088,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -2941,12 +3105,14 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -2966,7 +3132,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -2975,10 +3142,11 @@ config system interface
         set dns-server-override enable
         set dns-server-protocol cleartext
         set speed 10000full
-        set mtu-override disable
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port28"
         set vdom "root"
@@ -3024,7 +3192,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -3033,6 +3200,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -3049,12 +3217,14 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -3074,7 +3244,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -3083,10 +3254,11 @@ config system interface
         set dns-server-override enable
         set dns-server-protocol cleartext
         set speed 10000full
-        set mtu-override disable
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port29"
         set vdom "scsd"
@@ -3132,7 +3304,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -3141,6 +3312,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -3157,12 +3329,14 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -3182,7 +3356,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -3191,10 +3366,11 @@ config system interface
         set dns-server-override enable
         set dns-server-protocol cleartext
         set speed 10000full
-        set mtu-override disable
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port30"
         set vdom "root"
@@ -3240,7 +3416,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -3249,6 +3424,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -3265,12 +3441,14 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -3290,7 +3468,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -3299,10 +3478,11 @@ config system interface
         set dns-server-override enable
         set dns-server-protocol cleartext
         set speed 10000full
-        set mtu-override disable
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port31"
         set vdom "root"
@@ -3348,7 +3528,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -3357,6 +3536,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -3373,12 +3553,14 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -3398,7 +3580,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -3407,10 +3590,11 @@ config system interface
         set dns-server-override enable
         set dns-server-protocol cleartext
         set speed 10000full
-        set mtu-override disable
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port32"
         set vdom "root"
@@ -3456,7 +3640,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -3465,6 +3648,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -3481,12 +3665,14 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -3506,7 +3692,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -3515,10 +3702,11 @@ config system interface
         set dns-server-override enable
         set dns-server-protocol cleartext
         set speed 10000full
-        set mtu-override disable
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port33"
         set vdom "root"
@@ -3564,7 +3752,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -3573,6 +3760,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -3589,13 +3777,15 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
         set forward-error-correction disable
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -3615,7 +3805,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -3624,10 +3815,11 @@ config system interface
         set dns-server-override enable
         set dns-server-protocol cleartext
         set speed 100Gfull
-        set mtu-override disable
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port34"
         set vdom "root"
@@ -3673,7 +3865,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -3682,6 +3873,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -3698,13 +3890,15 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
         set forward-error-correction disable
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -3724,7 +3918,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -3733,10 +3928,11 @@ config system interface
         set dns-server-override enable
         set dns-server-protocol cleartext
         set speed 100Gfull
-        set mtu-override disable
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port35"
         set vdom "root"
@@ -3782,7 +3978,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -3791,6 +3986,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -3807,13 +4003,15 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
         set forward-error-correction disable
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -3833,7 +4031,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -3842,10 +4041,11 @@ config system interface
         set dns-server-override enable
         set dns-server-protocol cleartext
         set speed 100Gfull
-        set mtu-override disable
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "port36"
         set vdom "root"
@@ -3891,7 +4091,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -3900,6 +4099,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -3916,13 +4116,15 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
         set forward-error-correction disable
+        set eap-supplicant disable
         set np-qos-profile 0
+        set port-mirroring disable
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -3942,7 +4144,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -3951,10 +4154,11 @@ config system interface
         set dns-server-override enable
         set dns-server-protocol cleartext
         set speed 100Gfull
-        set mtu-override disable
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
+        set sw-algorithm default
     next
     edit "mgmt1"
         set vdom "root"
@@ -4001,7 +4205,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -4009,6 +4212,7 @@ config system interface
         set trunk disable
         set description ''
         set alias ''
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -4027,6 +4231,14 @@ config system interface
         set ap-discover enable
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
+        set eap-supplicant disable
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -4042,7 +4254,8 @@ config system interface
             set ip6-send-adv disable
             set autoconf disable
         end
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set defaultgw enable
         set dns-server-override enable
         set dns-server-protocol cleartext
@@ -4053,10 +4266,10 @@ config system interface
         set trust-ip6-1 ::/0
         set trust-ip6-2 ::/0
         set trust-ip6-3 ::/0
-        set mtu-override disable
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
     next
     edit "mgmt2"
         set vdom "root"
@@ -4103,7 +4316,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -4111,6 +4323,7 @@ config system interface
         set trunk disable
         set description ''
         set alias ''
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -4129,6 +4342,14 @@ config system interface
         set ap-discover enable
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
+        set eap-supplicant disable
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -4144,7 +4365,8 @@ config system interface
             set ip6-send-adv disable
             set autoconf disable
         end
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set defaultgw enable
         set dns-server-override enable
         set dns-server-protocol cleartext
@@ -4155,10 +4377,10 @@ config system interface
         set trust-ip6-1 ::/0
         set trust-ip6-2 ::/0
         set trust-ip6-3 ::/0
-        set mtu-override disable
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
     next
     edit "ha1"
         set vdom "root"
@@ -4204,7 +4426,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -4213,6 +4434,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -4229,11 +4451,19 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -4253,7 +4483,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -4262,10 +4493,10 @@ config system interface
         set dns-server-override enable
         set dns-server-protocol cleartext
         set speed 10000full
-        set mtu-override disable
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
     next
     edit "ha2"
         set vdom "root"
@@ -4311,7 +4542,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -4320,6 +4550,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -4336,11 +4567,19 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -4360,7 +4599,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -4369,10 +4609,10 @@ config system interface
         set dns-server-override enable
         set dns-server-protocol cleartext
         set speed 10000full
-        set mtu-override disable
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
     next
     edit "modem"
         set vdom "root"
@@ -4414,7 +4654,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -4423,6 +4662,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -4442,6 +4682,14 @@ config system interface
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -4460,12 +4708,14 @@ config system interface
             set autoconf disable
             set dhcp6-relay-service disable
         end
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set ipunnumbered 0.0.0.0
         set username ''
-        set password ENC cgwHE6Tbk5nPSjNj7Mw8P92Pq1KXbiVRt9QX9lHYeCSwxO6siBvdbeVyToAj0g70uLWuxatLRq5BkGjaQluA1Ws9QOSdEpWyp3bzL2ex/vnKWTrkVLW+R3IR8tcDNkegClG0hhyUSTizoS61Eo2MTZMzjG7DF7qlPiZdYQWkhFiwWTpF2gZhRbOq0FxiPKMMbLTpdg==
+        set pppoe-egress-cos cos0
+        set password ENC syQUyBMOAxT0qaZurFdBWXl79yyvmVlUBWeubQs9GPJkKOc1irAlICnlyihPocsDMYMzPKZColgEa2KKWeLE36/9W7Jt9sM20QGlnryjMPn7HryPmQVePd/72EtQcdLkffs7ggQowywwbZtJf9i+kfWV61N86L++ukd6qQKczyI5kjpMixcWjUZg96GUmcWdW5uNoVlmMjY3dkVA
         set idle-timeout 0
         set disc-retry-timeout 1
         set padt-retry-timeout 1
@@ -4478,10 +4728,10 @@ config system interface
         set dns-server-protocol cleartext
         set auth-type auto
         set speed auto
-        set mtu-override disable
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
     next
     edit "naf.root"
         set vdom "root"
@@ -4526,6 +4776,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set estimated-upstream-bandwidth 0
         set estimated-downstream-bandwidth 0
         set measured-upstream-bandwidth 0
@@ -4537,9 +4788,16 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
+        set eap-supplicant disable
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
         config ipv6
             set nd-mode basic
             set ip6-address ::/0
@@ -4549,11 +4807,11 @@ config system interface
             set ip6-retrans-time 0
             set ip6-hop-limit 0
             set ip6-prefix-mode dhcp6
-            set ip6-delegated-prefix-iaid 0
             set dhcp6-prefix-delegation disable
             set dhcp6-information-request disable
         end
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dns-server-override enable
         set dns-server-protocol cleartext
         set wccp disable
@@ -4599,9 +4857,11 @@ config system interface
         set weight 0
         set external disable
         set trunk disable
+        set remote-ip 0.0.0.0 0.0.0.0
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set estimated-upstream-bandwidth 0
         set estimated-downstream-bandwidth 0
         set measured-upstream-bandwidth 0
@@ -4613,9 +4873,16 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
+        set eap-supplicant disable
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -4632,7 +4899,8 @@ config system interface
             set autoconf disable
             set dhcp6-relay-service disable
         end
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dns-server-override enable
         set dns-server-protocol cleartext
         set wccp disable
@@ -4649,8 +4917,6 @@ config system interface
         set arpforward enable
         set broadcast-forward disable
         set bfd global
-        set icmp-send-redirect enable
-        set icmp-accept-redirect enable
         set reachable-time 30000
         set ips-sniffer-mode disable
         set ident-accept disable
@@ -4681,6 +4947,7 @@ config system interface
         set description ''
         set alias "SSL VPN interface"
         set security-mode none
+        set ike-saml-server ''
         set estimated-upstream-bandwidth 0
         set estimated-downstream-bandwidth 0
         set measured-upstream-bandwidth 0
@@ -4692,15 +4959,21 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
+        set eap-supplicant disable
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
         config ipv6
             set ip6-mode static
             set nd-mode basic
             set ip6-address ::/0
             unset ip6-allowaccess
-            set icmp6-send-redirect enable
             set ra-send-mtu enable
             set ip6-reachable-time 0
             set ip6-retrans-time 0
@@ -4711,240 +4984,8 @@ config system interface
             set autoconf disable
             set dhcp6-relay-service disable
         end
-        set dhcp-relay-request-all-server disable
-        set dns-server-override enable
-        set dns-server-protocol cleartext
-        set wccp disable
-    next
-    edit "naf.scsd"
-        set vdom "scsd"
-        set vrf 0
-        set distance 5
-        set priority 1
-        set dhcp-relay-interface-select-method auto
-        set dhcp-relay-service disable
-        set ip 0.0.0.0 0.0.0.0
-        set arpforward enable
-        set broadcast-forward disable
-        set bfd global
-        set icmp-send-redirect enable
-        set icmp-accept-redirect enable
-        set reachable-time 30000
-        set ips-sniffer-mode disable
-        set ident-accept disable
-        set ipmac disable
-        set status up
-        set netbios-forward disable
-        set wins-ip 0.0.0.0
-        set type tunnel
-        set netflow-sampler disable
-        set sflow-sampler disable
-        set src-check disable
-        set sample-rate 2000
-        set polling-interval 20
-        set sample-direction both
-        set explicit-web-proxy disable
-        set explicit-ftp-proxy disable
-        set proxy-captive-portal disable
-        set tcp-mss 0
-        set inbandwidth 0
-        set outbandwidth 0
-        set egress-shaping-profile ''
-        set ingress-shaping-profile ''
-        set spillover-threshold 0
-        set ingress-spillover-threshold 0
-        set weight 0
-        set external disable
-        set trunk disable
-        set description ''
-        set alias ''
-        set security-mode none
-        set estimated-upstream-bandwidth 0
-        set estimated-downstream-bandwidth 0
-        set measured-upstream-bandwidth 0
-        set measured-downstream-bandwidth 0
-        set bandwidth-measure-time 0
-        set monitor-bandwidth disable
-        set role undefined
-        set snmp-index 57
-        set preserve-session-route disable
-        set auto-auth-extension-device disable
-        set ap-discover enable
-        set ip-managed-by-fortiipam disable
-        set switch-controller-igmp-snooping-proxy disable
-        set switch-controller-igmp-snooping-fast-leave disable
-        config ipv6
-            set nd-mode basic
-            set ip6-address ::/0
-            set icmp6-send-redirect enable
-            set ra-send-mtu enable
-            set ip6-reachable-time 0
-            set ip6-retrans-time 0
-            set ip6-hop-limit 0
-            set ip6-prefix-mode dhcp6
-            set ip6-delegated-prefix-iaid 0
-            set dhcp6-prefix-delegation disable
-            set dhcp6-information-request disable
-        end
-        set dhcp-relay-request-all-server disable
-        set dns-server-override enable
-        set dns-server-protocol cleartext
-        set wccp disable
-    next
-    edit "l2t.scsd"
-        set vdom "scsd"
-        set vrf 0
-        set distance 5
-        set priority 1
-        set dhcp-relay-interface-select-method auto
-        set dhcp-relay-service disable
-        set ip 0.0.0.0 0.0.0.0
-        unset allowaccess
-        set arpforward enable
-        set broadcast-forward disable
-        set bfd global
-        set icmp-send-redirect enable
-        set icmp-accept-redirect enable
-        set reachable-time 30000
-        set ips-sniffer-mode disable
-        set ident-accept disable
-        set ipmac disable
-        set status up
-        set netbios-forward disable
-        set wins-ip 0.0.0.0
-        set type tunnel
-        set netflow-sampler disable
-        set sflow-sampler disable
-        set src-check enable
-        set sample-rate 2000
-        set polling-interval 20
-        set sample-direction both
-        set explicit-web-proxy disable
-        set explicit-ftp-proxy disable
-        set proxy-captive-portal disable
-        set tcp-mss 0
-        set inbandwidth 0
-        set outbandwidth 0
-        set egress-shaping-profile ''
-        set ingress-shaping-profile ''
-        set spillover-threshold 0
-        set ingress-spillover-threshold 0
-        set weight 0
-        set external disable
-        set trunk disable
-        set description ''
-        set alias ''
-        set security-mode none
-        set estimated-upstream-bandwidth 0
-        set estimated-downstream-bandwidth 0
-        set measured-upstream-bandwidth 0
-        set measured-downstream-bandwidth 0
-        set bandwidth-measure-time 0
-        set monitor-bandwidth disable
-        set role undefined
-        set snmp-index 58
-        set preserve-session-route disable
-        set auto-auth-extension-device disable
-        set ap-discover enable
-        set ip-managed-by-fortiipam disable
-        set switch-controller-igmp-snooping-proxy disable
-        set switch-controller-igmp-snooping-fast-leave disable
-        config ipv6
-            set ip6-mode static
-            set nd-mode basic
-            set ip6-address ::/0
-            unset ip6-allowaccess
-            set icmp6-send-redirect enable
-            set ra-send-mtu enable
-            set ip6-reachable-time 0
-            set ip6-retrans-time 0
-            set ip6-hop-limit 0
-            set dhcp6-prefix-delegation disable
-            set dhcp6-information-request disable
-            set ip6-send-adv disable
-            set autoconf disable
-            set dhcp6-relay-service disable
-        end
-        set dhcp-relay-request-all-server disable
-        set dns-server-override enable
-        set dns-server-protocol cleartext
-        set wccp disable
-    next
-    edit "ssl.scsd"
-        set vdom "scsd"
-        set vrf 0
-        set distance 5
-        set priority 1
-        set dhcp-relay-interface-select-method auto
-        set dhcp-relay-service disable
-        set ip 0.0.0.0 0.0.0.0
-        unset allowaccess
-        set arpforward enable
-        set broadcast-forward disable
-        set bfd global
-        set icmp-send-redirect enable
-        set icmp-accept-redirect enable
-        set reachable-time 30000
-        set ips-sniffer-mode disable
-        set ident-accept disable
-        set ipmac disable
-        set status up
-        set netbios-forward disable
-        set wins-ip 0.0.0.0
-        set type tunnel
-        set netflow-sampler disable
-        set sflow-sampler disable
-        set src-check enable
-        set sample-rate 2000
-        set polling-interval 20
-        set sample-direction both
-        set explicit-web-proxy disable
-        set explicit-ftp-proxy disable
-        set proxy-captive-portal disable
-        set tcp-mss 0
-        set inbandwidth 0
-        set outbandwidth 0
-        set egress-shaping-profile ''
-        set ingress-shaping-profile ''
-        set spillover-threshold 0
-        set ingress-spillover-threshold 0
-        set weight 0
-        set external disable
-        set trunk disable
-        set description ''
-        set alias "SSL VPN interface"
-        set security-mode none
-        set estimated-upstream-bandwidth 0
-        set estimated-downstream-bandwidth 0
-        set measured-upstream-bandwidth 0
-        set measured-downstream-bandwidth 0
-        set bandwidth-measure-time 0
-        set monitor-bandwidth disable
-        set role undefined
-        set snmp-index 45
-        set preserve-session-route disable
-        set auto-auth-extension-device disable
-        set ap-discover enable
-        set ip-managed-by-fortiipam disable
-        set switch-controller-igmp-snooping-proxy disable
-        set switch-controller-igmp-snooping-fast-leave disable
-        config ipv6
-            set ip6-mode static
-            set nd-mode basic
-            set ip6-address ::/0
-            unset ip6-allowaccess
-            set icmp6-send-redirect enable
-            set ra-send-mtu enable
-            set ip6-reachable-time 0
-            set ip6-retrans-time 0
-            set ip6-hop-limit 0
-            set dhcp6-prefix-delegation disable
-            set dhcp6-information-request disable
-            set ip6-send-adv disable
-            set autoconf disable
-            set dhcp6-relay-service disable
-        end
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dns-server-override enable
         set dns-server-protocol cleartext
         set wccp disable
@@ -4989,6 +5030,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set estimated-upstream-bandwidth 0
         set estimated-downstream-bandwidth 0
         set measured-upstream-bandwidth 0
@@ -5000,9 +5042,16 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
+        set eap-supplicant disable
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
         config ipv6
             set nd-mode basic
             set ip6-address ::/0
@@ -5012,11 +5061,11 @@ config system interface
             set ip6-retrans-time 0
             set ip6-hop-limit 0
             set ip6-prefix-mode dhcp6
-            set ip6-delegated-prefix-iaid 0
             set dhcp6-prefix-delegation disable
             set dhcp6-information-request disable
         end
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dns-server-override enable
         set dns-server-protocol cleartext
         set wccp disable
@@ -5059,9 +5108,11 @@ config system interface
         set weight 0
         set external disable
         set trunk disable
+        set remote-ip 0.0.0.0 0.0.0.0
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set estimated-upstream-bandwidth 0
         set estimated-downstream-bandwidth 0
         set measured-upstream-bandwidth 0
@@ -5073,9 +5124,16 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
+        set eap-supplicant disable
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -5092,7 +5150,8 @@ config system interface
             set autoconf disable
             set dhcp6-relay-service disable
         end
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dns-server-override enable
         set dns-server-protocol cleartext
         set wccp disable
@@ -5109,8 +5168,6 @@ config system interface
         set arpforward enable
         set broadcast-forward disable
         set bfd global
-        set icmp-send-redirect enable
-        set icmp-accept-redirect enable
         set reachable-time 30000
         set ips-sniffer-mode disable
         set ident-accept disable
@@ -5138,6 +5195,7 @@ config system interface
         set description ''
         set alias "SSL VPN interface"
         set security-mode none
+        set ike-saml-server ''
         set estimated-upstream-bandwidth 0
         set estimated-downstream-bandwidth 0
         set measured-upstream-bandwidth 0
@@ -5149,15 +5207,21 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
+        set eap-supplicant disable
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
         config ipv6
             set ip6-mode static
             set nd-mode basic
             set ip6-address ::/0
             unset ip6-allowaccess
-            set icmp6-send-redirect enable
             set ra-send-mtu enable
             set ip6-reachable-time 0
             set ip6-retrans-time 0
@@ -5168,7 +5232,8 @@ config system interface
             set autoconf disable
             set dhcp6-relay-service disable
         end
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dns-server-override enable
         set dns-server-protocol cleartext
         set wccp disable
@@ -5216,6 +5281,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set estimated-upstream-bandwidth 0
         set estimated-downstream-bandwidth 0
         set measured-upstream-bandwidth 0
@@ -5227,9 +5293,16 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
+        set eap-supplicant disable
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
         config ipv6
             set nd-mode basic
             set ip6-address ::/0
@@ -5239,11 +5312,11 @@ config system interface
             set ip6-retrans-time 0
             set ip6-hop-limit 0
             set ip6-prefix-mode dhcp6
-            set ip6-delegated-prefix-iaid 0
             set dhcp6-prefix-delegation disable
             set dhcp6-information-request disable
         end
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dns-server-override enable
         set dns-server-protocol cleartext
         set wccp disable
@@ -5289,9 +5362,11 @@ config system interface
         set weight 0
         set external disable
         set trunk disable
+        set remote-ip 0.0.0.0 0.0.0.0
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set estimated-upstream-bandwidth 0
         set estimated-downstream-bandwidth 0
         set measured-upstream-bandwidth 0
@@ -5303,9 +5378,16 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
+        set eap-supplicant disable
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -5322,7 +5404,8 @@ config system interface
             set autoconf disable
             set dhcp6-relay-service disable
         end
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dns-server-override enable
         set dns-server-protocol cleartext
         set wccp disable
@@ -5339,6 +5422,174 @@ config system interface
         set arpforward enable
         set broadcast-forward disable
         set bfd global
+        set reachable-time 30000
+        set ips-sniffer-mode disable
+        set ident-accept disable
+        set ipmac disable
+        set status up
+        set netbios-forward disable
+        set wins-ip 0.0.0.0
+        set type tunnel
+        set netflow-sampler disable
+        set sflow-sampler disable
+        set src-check enable
+        set sample-rate 2000
+        set polling-interval 20
+        set sample-direction both
+        set explicit-web-proxy disable
+        set explicit-ftp-proxy disable
+        set proxy-captive-portal disable
+        set tcp-mss 0
+        set inbandwidth 0
+        set outbandwidth 0
+        set egress-shaping-profile ''
+        set ingress-shaping-profile ''
+        set spillover-threshold 0
+        set ingress-spillover-threshold 0
+        set weight 0
+        set external disable
+        set trunk disable
+        set description ''
+        set alias "SSL VPN interface"
+        set security-mode none
+        set ike-saml-server ''
+        set estimated-upstream-bandwidth 0
+        set estimated-downstream-bandwidth 0
+        set measured-upstream-bandwidth 0
+        set measured-downstream-bandwidth 0
+        set bandwidth-measure-time 0
+        set monitor-bandwidth disable
+        set role undefined
+        set snmp-index 47
+        set preserve-session-route disable
+        set auto-auth-extension-device disable
+        set ap-discover enable
+        set switch-controller-igmp-snooping-proxy disable
+        set switch-controller-igmp-snooping-fast-leave disable
+        set eap-supplicant disable
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
+        config ipv6
+            set ip6-mode static
+            set nd-mode basic
+            set ip6-address ::/0
+            unset ip6-allowaccess
+            set ra-send-mtu enable
+            set ip6-reachable-time 0
+            set ip6-retrans-time 0
+            set ip6-hop-limit 0
+            set dhcp6-prefix-delegation disable
+            set dhcp6-information-request disable
+            set ip6-send-adv disable
+            set autoconf disable
+            set dhcp6-relay-service disable
+        end
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
+        set dns-server-override enable
+        set dns-server-protocol cleartext
+        set wccp disable
+    next
+    edit "naf.scsd"
+        set vdom "scsd"
+        set vrf 0
+        set distance 5
+        set priority 1
+        set dhcp-relay-interface-select-method auto
+        set dhcp-relay-service disable
+        set ip 0.0.0.0 0.0.0.0
+        set arpforward enable
+        set broadcast-forward disable
+        set bfd global
+        set icmp-send-redirect enable
+        set icmp-accept-redirect enable
+        set reachable-time 30000
+        set ips-sniffer-mode disable
+        set ident-accept disable
+        set ipmac disable
+        set status up
+        set netbios-forward disable
+        set wins-ip 0.0.0.0
+        set type tunnel
+        set netflow-sampler disable
+        set sflow-sampler disable
+        set src-check disable
+        set sample-rate 2000
+        set polling-interval 20
+        set sample-direction both
+        set explicit-web-proxy disable
+        set explicit-ftp-proxy disable
+        set proxy-captive-portal disable
+        set tcp-mss 0
+        set inbandwidth 0
+        set outbandwidth 0
+        set egress-shaping-profile ''
+        set ingress-shaping-profile ''
+        set spillover-threshold 0
+        set ingress-spillover-threshold 0
+        set weight 0
+        set external disable
+        set trunk disable
+        set description ''
+        set alias ''
+        set security-mode none
+        set ike-saml-server ''
+        set estimated-upstream-bandwidth 0
+        set estimated-downstream-bandwidth 0
+        set measured-upstream-bandwidth 0
+        set measured-downstream-bandwidth 0
+        set bandwidth-measure-time 0
+        set monitor-bandwidth disable
+        set role undefined
+        set snmp-index 57
+        set preserve-session-route disable
+        set auto-auth-extension-device disable
+        set ap-discover enable
+        set switch-controller-igmp-snooping-proxy disable
+        set switch-controller-igmp-snooping-fast-leave disable
+        set eap-supplicant disable
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
+        config ipv6
+            set nd-mode basic
+            set ip6-address ::/0
+            set icmp6-send-redirect enable
+            set ra-send-mtu enable
+            set ip6-reachable-time 0
+            set ip6-retrans-time 0
+            set ip6-hop-limit 0
+            set ip6-prefix-mode dhcp6
+            set dhcp6-prefix-delegation disable
+            set dhcp6-information-request disable
+        end
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
+        set dns-server-override enable
+        set dns-server-protocol cleartext
+        set wccp disable
+    next
+    edit "l2t.scsd"
+        set vdom "scsd"
+        set vrf 0
+        set distance 5
+        set priority 1
+        set dhcp-relay-interface-select-method auto
+        set dhcp-relay-service disable
+        set ip 0.0.0.0 0.0.0.0
+        unset allowaccess
+        set arpforward enable
+        set broadcast-forward disable
+        set bfd global
         set icmp-send-redirect enable
         set icmp-accept-redirect enable
         set reachable-time 30000
@@ -5368,9 +5619,11 @@ config system interface
         set weight 0
         set external disable
         set trunk disable
+        set remote-ip 0.0.0.0 0.0.0.0
         set description ''
-        set alias "SSL VPN interface"
+        set alias ''
         set security-mode none
+        set ike-saml-server ''
         set estimated-upstream-bandwidth 0
         set estimated-downstream-bandwidth 0
         set measured-upstream-bandwidth 0
@@ -5378,13 +5631,20 @@ config system interface
         set bandwidth-measure-time 0
         set monitor-bandwidth disable
         set role undefined
-        set snmp-index 47
+        set snmp-index 58
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
+        set eap-supplicant disable
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -5401,7 +5661,93 @@ config system interface
             set autoconf disable
             set dhcp6-relay-service disable
         end
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
+        set dns-server-override enable
+        set dns-server-protocol cleartext
+        set wccp disable
+    next
+    edit "ssl.scsd"
+        set vdom "scsd"
+        set vrf 0
+        set distance 5
+        set priority 1
+        set dhcp-relay-interface-select-method auto
+        set dhcp-relay-service disable
+        set ip 0.0.0.0 0.0.0.0
+        unset allowaccess
+        set arpforward enable
+        set broadcast-forward disable
+        set bfd global
+        set reachable-time 30000
+        set ips-sniffer-mode disable
+        set ident-accept disable
+        set ipmac disable
+        set status up
+        set netbios-forward disable
+        set wins-ip 0.0.0.0
+        set type tunnel
+        set netflow-sampler disable
+        set sflow-sampler disable
+        set src-check enable
+        set sample-rate 2000
+        set polling-interval 20
+        set sample-direction both
+        set explicit-web-proxy disable
+        set explicit-ftp-proxy disable
+        set proxy-captive-portal disable
+        set tcp-mss 0
+        set inbandwidth 0
+        set outbandwidth 0
+        set egress-shaping-profile ''
+        set ingress-shaping-profile ''
+        set spillover-threshold 0
+        set ingress-spillover-threshold 0
+        set weight 0
+        set external disable
+        set trunk disable
+        set description ''
+        set alias "SSL VPN interface"
+        set security-mode none
+        set ike-saml-server ''
+        set estimated-upstream-bandwidth 0
+        set estimated-downstream-bandwidth 0
+        set measured-upstream-bandwidth 0
+        set measured-downstream-bandwidth 0
+        set bandwidth-measure-time 0
+        set monitor-bandwidth disable
+        set role undefined
+        set snmp-index 45
+        set preserve-session-route disable
+        set auto-auth-extension-device disable
+        set ap-discover enable
+        set switch-controller-igmp-snooping-proxy disable
+        set switch-controller-igmp-snooping-fast-leave disable
+        set eap-supplicant disable
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
+        config ipv6
+            set ip6-mode static
+            set nd-mode basic
+            set ip6-address ::/0
+            unset ip6-allowaccess
+            set ra-send-mtu enable
+            set ip6-reachable-time 0
+            set ip6-retrans-time 0
+            set ip6-hop-limit 0
+            set dhcp6-prefix-delegation disable
+            set dhcp6-information-request disable
+            set ip6-send-adv disable
+            set autoconf disable
+            set dhcp6-relay-service disable
+        end
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dns-server-override enable
         set dns-server-protocol cleartext
         set wccp disable
@@ -5449,7 +5795,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -5458,6 +5803,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -5474,11 +5820,19 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -5498,7 +5852,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -5507,10 +5862,10 @@ config system interface
         set dns-server-override enable
         set dns-server-protocol cleartext
         set speed auto
-        set mtu-override disable
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
     next
     edit "npu0_vlink1"
         set vdom "root"
@@ -5555,7 +5910,6 @@ config system interface
         set outbandwidth 0
         set egress-shaping-profile ''
         set ingress-shaping-profile ''
-        set disconnect-threshold 0
         set spillover-threshold 0
         set ingress-spillover-threshold 0
         set weight 0
@@ -5564,6 +5918,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission vdom
@@ -5580,11 +5935,19 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -5604,7 +5967,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -5613,10 +5977,10 @@ config system interface
         set dns-server-override enable
         set dns-server-protocol cleartext
         set speed auto
-        set mtu-override disable
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
     next
     edit "SRIC_BOCES"
         set vdom "scsd"
@@ -5663,6 +6027,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set estimated-upstream-bandwidth 0
         set estimated-downstream-bandwidth 0
         set measured-upstream-bandwidth 0
@@ -5674,9 +6039,16 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
+        set eap-supplicant disable
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -5693,12 +6065,13 @@ config system interface
             set autoconf disable
             set dhcp6-relay-service disable
         end
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dns-server-override enable
         set dns-server-protocol cleartext
-        set mtu-override disable
         set wccp disable
         set interface "outside lag"
+        set mtu-override disable
     next
     edit "vpn-042e9903"
         set vdom "scsd"
@@ -5745,6 +6118,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set estimated-upstream-bandwidth 0
         set estimated-downstream-bandwidth 0
         set measured-upstream-bandwidth 0
@@ -5756,9 +6130,16 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
+        set eap-supplicant disable
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -5775,13 +6156,14 @@ config system interface
             set autoconf disable
             set dhcp6-relay-service disable
         end
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dns-server-override enable
         set dns-server-protocol cleartext
-        set mtu-override enable
-        set mtu 1427
         set wccp disable
         set interface "outside lag"
+        set mtu-override enable
+        set mtu 1427
     next
     edit "SCHC"
         set vdom "scsd"
@@ -5828,6 +6210,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set estimated-upstream-bandwidth 0
         set estimated-downstream-bandwidth 0
         set measured-upstream-bandwidth 0
@@ -5839,9 +6222,16 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
+        set eap-supplicant disable
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -5858,12 +6248,13 @@ config system interface
             set autoconf disable
             set dhcp6-relay-service disable
         end
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dns-server-override enable
         set dns-server-protocol cleartext
-        set mtu-override disable
         set wccp disable
         set interface "outside lag"
+        set mtu-override disable
     next
     edit "vpn-0fc50345"
         set vdom "scsd"
@@ -5910,6 +6301,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set estimated-upstream-bandwidth 0
         set estimated-downstream-bandwidth 0
         set measured-upstream-bandwidth 0
@@ -5921,9 +6313,16 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
+        set eap-supplicant disable
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -5940,13 +6339,14 @@ config system interface
             set autoconf disable
             set dhcp6-relay-service disable
         end
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dns-server-override enable
         set dns-server-protocol cleartext
-        set mtu-override enable
-        set mtu 1427
         set wccp disable
         set interface "outside lag"
+        set mtu-override enable
+        set mtu 1427
     next
     edit "inside lag"
         set vdom "scsd"
@@ -5998,6 +6398,7 @@ config system interface
         set description ''
         set alias "Inside"
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission enable
@@ -6014,12 +6415,20 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -6039,7 +6448,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -6047,18 +6457,20 @@ config system interface
         set padt-retry-timeout 1
         set dns-server-override enable
         set dns-server-protocol cleartext
-        set mtu-override disable
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
         set lacp-mode active
-        set lacp-ha-slave enable
+        set lacp-ha-secondary enable
         set system-id-type auto
         set lacp-speed slow
         set min-links 1
         set min-links-down operational
         set algorithm L4
         set link-up-delay 50
+        set aggregate-type physical
+        set sw-algorithm default
     next
     edit "outside lag"
         set vdom "scsd"
@@ -6110,6 +6522,7 @@ config system interface
         set description ''
         set alias "Outside"
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception enable
         set lldp-transmission enable
@@ -6127,12 +6540,20 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -6152,7 +6573,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -6160,18 +6582,20 @@ config system interface
         set padt-retry-timeout 1
         set dns-server-override enable
         set dns-server-protocol cleartext
-        set mtu-override disable
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
         set lacp-mode active
-        set lacp-ha-slave enable
+        set lacp-ha-secondary enable
         set system-id-type auto
         set lacp-speed slow
         set min-links 1
         set min-links-down operational
         set algorithm L4
         set link-up-delay 50
+        set aggregate-type physical
+        set sw-algorithm default
     next
     edit "city_phones lag"
         set vdom "scsd"
@@ -6223,6 +6647,7 @@ config system interface
         set description "City Phones"
         set alias "City_Phones"
         set security-mode none
+        set ike-saml-server ''
         set device-identification disable
         set lldp-reception vdom
         set lldp-transmission enable
@@ -6239,12 +6664,20 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
+        set ip-managed-by-fortiipam inherit-global
         set switch-controller-mgmt-vlan 4094
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
         set swc-first-create 0
+        set eap-supplicant disable
         set np-qos-profile 0
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -6264,7 +6697,8 @@ config system interface
             set dhcp6-relay-service disable
         end
         set priority 1
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dhcp-client-identifier ''
         set dhcp-renew-time 0
         set idle-timeout 0
@@ -6272,18 +6706,20 @@ config system interface
         set padt-retry-timeout 1
         set dns-server-override enable
         set dns-server-protocol cleartext
-        set mtu-override disable
         set wccp disable
         set drop-overlapped-fragment disable
         set drop-fragment disable
+        set mtu-override disable
         set lacp-mode active
-        set lacp-ha-slave enable
+        set lacp-ha-secondary enable
         set system-id-type auto
         set lacp-speed slow
         set min-links 1
         set min-links-down operational
         set algorithm L4
         set link-up-delay 50
+        set aggregate-type physical
+        set sw-algorithm default
     next
     edit "vpn-0403e61"
         set vdom "scsd"
@@ -6330,6 +6766,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set estimated-upstream-bandwidth 0
         set estimated-downstream-bandwidth 0
         set measured-upstream-bandwidth 0
@@ -6341,9 +6778,16 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
+        set eap-supplicant disable
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -6360,13 +6804,14 @@ config system interface
             set autoconf disable
             set dhcp6-relay-service disable
         end
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dns-server-override enable
         set dns-server-protocol cleartext
-        set mtu-override enable
-        set mtu 1427
         set wccp disable
         set interface "outside lag"
+        set mtu-override enable
+        set mtu 1427
     next
     edit "Highstreet"
         set vdom "scsd"
@@ -6413,6 +6858,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set estimated-upstream-bandwidth 0
         set estimated-downstream-bandwidth 0
         set measured-upstream-bandwidth 0
@@ -6424,9 +6870,16 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
+        set eap-supplicant disable
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -6443,13 +6896,14 @@ config system interface
             set autoconf disable
             set dhcp6-relay-service disable
         end
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dns-server-override enable
         set dns-server-protocol cleartext
-        set mtu-override enable
-        set mtu 1427
         set wccp disable
         set interface "outside lag"
+        set mtu-override enable
+        set mtu 1427
     next
     edit "Highstreet_2"
         set vdom "scsd"
@@ -6496,6 +6950,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set estimated-upstream-bandwidth 0
         set estimated-downstream-bandwidth 0
         set measured-upstream-bandwidth 0
@@ -6507,9 +6962,16 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
+        set eap-supplicant disable
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -6526,13 +6988,14 @@ config system interface
             set autoconf disable
             set dhcp6-relay-service disable
         end
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dns-server-override enable
         set dns-server-protocol cleartext
-        set mtu-override enable
-        set mtu 1427
         set wccp disable
         set interface "outside lag"
+        set mtu-override enable
+        set mtu 1427
     next
     edit "DPS"
         set vdom "scsd"
@@ -6579,6 +7042,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set estimated-upstream-bandwidth 0
         set estimated-downstream-bandwidth 0
         set measured-upstream-bandwidth 0
@@ -6590,9 +7054,16 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
+        set eap-supplicant disable
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -6609,12 +7080,13 @@ config system interface
             set autoconf disable
             set dhcp6-relay-service disable
         end
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dns-server-override enable
         set dns-server-protocol cleartext
-        set mtu-override disable
         set wccp disable
         set interface "outside lag"
+        set mtu-override disable
     next
     edit "RAP"
         set vdom "scsd"
@@ -6661,6 +7133,7 @@ config system interface
         set description ''
         set alias ''
         set security-mode none
+        set ike-saml-server ''
         set estimated-upstream-bandwidth 0
         set estimated-downstream-bandwidth 0
         set measured-upstream-bandwidth 0
@@ -6672,9 +7145,16 @@ config system interface
         set preserve-session-route disable
         set auto-auth-extension-device disable
         set ap-discover enable
-        set ip-managed-by-fortiipam disable
         set switch-controller-igmp-snooping-proxy disable
         set switch-controller-igmp-snooping-fast-leave disable
+        set eap-supplicant disable
+        config mirroring-filter
+            set filter-srcip 0.0.0.0 0.0.0.0
+            set filter-dstip 0.0.0.0 0.0.0.0
+            set filter-sport 0
+            set filter-dport 0
+            set filter-protocol 0
+        end
         config ipv6
             set ip6-mode static
             set nd-mode basic
@@ -6691,12 +7171,13 @@ config system interface
             set autoconf disable
             set dhcp6-relay-service disable
         end
-        set dhcp-relay-request-all-server disable
+        set dhcp-relay-source-ip 0.0.0.0
+        set dhcp-relay-circuit-id ''
         set dns-server-override enable
         set dns-server-protocol cleartext
-        set mtu-override disable
         set wccp disable
         set interface "outside lag"
+        set mtu-override disable
     next
 end
 config system physical-switch
@@ -6709,6 +7190,7 @@ config system virtual-switch
 end
 config system password-policy
     set status disable
+    set login-lockout-upon-downgrade disable
 end
 config system password-policy-guest-admin
     set status disable
@@ -6941,7 +7423,7 @@ config system admin
         set sms-server fortiguard
         set sms-phone ''
         set guest-auth disable
-        set password ENC SH2MDEFNFDa99Ek1hpleBgiK/Y4kqbUFUwJAsBe8xloCdaOTzZxl3FBk2fFPqo=
+        set password ENC PB2P0kuXlxq+fAxE7YFWNe4J4LgUEAAMb9LL3y8zzVZh4qGe+Ui6oEvH1L318PasK3lkwtie2s3Ct9jDEE3vNMNga0KZkySK8Ant4oRjuJDDFU=
         set allow-remove-admin-session enable
     next
     edit "jkafta72.admin"
@@ -6980,7 +7462,7 @@ config system admin
         set sms-server fortiguard
         set sms-phone ''
         set guest-auth disable
-        set password ENC SH2+WrS1YeN2wN1qqkANtIzxrsLUfFr9LiJpDb6HCiJyT4X4CBY5YkYHLg5LrY=
+        set password ENC PB2/w6nufSySeFZ0NlH3RdiLizG70o8bT63PX+WQQu4o78tMYQHMWWHsbr10CMGWAnsI7LInym+HV0ULcFDeA+zCCT7cnMxVIMIV17sWLvUzCQ=
         set allow-remove-admin-session enable
     next
     edit "estein66.admin"
@@ -7029,12 +7511,19 @@ config system sso-admin
 end
 config system sso-forticloud-admin
     edit "FortiGateCloud"
+        set accprofile ''
         set vdom "root"
     next
     edit "4fc9e93dd975@fortigatecloud.com"
+        set accprofile ''
         set vdom "root"
     next
 end
+config system sso-fortigate-cloud-admin
+end
+config system npu-post
+    set npu-group-effective-scope 255
+end
 config system fsso-polling
     set status enable
     set listening-port 8000
@@ -7045,13 +7534,14 @@ config system ha
     set group-name "SCSD_Fortigate"
     set mode a-p
     set sync-packet-balance disable
-    set password ENC zVhFIlBOTPDwZcZr90rn7twe2W4XmBfchgAOKtkF7NosfYROHM0w4Yhv9SYJsEkS6WWDC+XOq92JXrnStDDAbC6vGNdSHegMgpH2fZB7OPicEpM76dmKdcwXCcJPb1FUGs9jxh7jVKXBAONRUI0+gfSUhv8HQLrOAoaYG1ufsayG8aT6PQnuA1LVf4lByrPhl3JOBA==
+    set password ENC nSTxUFgtvFuuixrcFYSmn7WiNGbZ6Pnhp3Ww5rMEUCe6OLcNHmHpVGhimGOf8tjrx1qH8Egn2HhRV16gMKqDzfLYFiHESAk9d5YgyL2ZFlzgdin8k/dDx0TLcIUtS7w1x26xuNGH+QWWbFpzQV7lzUflxrpVY01IWSDP9oxoGUt2xA41I6gqgA2GfH1/0aPLAf4V9FlmMjY3dkVA
     set hbdev "port1" 50 "port2" 50 
     unset session-sync-dev
     set route-ttl 10
     set route-wait 0
     set route-hold 10
     set multicast-ttl 600
+    set evpn-ttl 60
     set sync-config enable
     set encryption disable
     set authentication disable
@@ -7064,8 +7554,9 @@ config system ha
     set arps-interval 8
     set session-pickup disable
     set link-failed-signal disable
-    set uninterruptible-upgrade enable
+    set upgrade-mode uninterruptible
     set uninterruptible-primary-wait 30
+    set standalone-mgmt-vdom disable
     set ha-mgmt-status disable
     set ha-eth-type "8890"
     set hc-eth-type "8891"
@@ -7075,13 +7566,15 @@ config system ha
     set priority 200
     unset monitor
     unset pingserver-monitor-interface
-    unset vdom
-    set vcluster2 disable
+    set vcluster-status disable
     set ssd-failover disable
     set memory-compatible-mode disable
     set memory-based-failover disable
     set failover-hold-time 0
-    set logical-sn disable
+    set override-wait-time 0
+    set pingserver-failover-threshold 0
+    set pingserver-secondary-force-reset enable
+    set pingserver-flip-timeout 60
 end
 config system ha-monitor
     set monitor-vlan disable
@@ -7128,32 +7621,27 @@ config system dns
     set alt-primary 0.0.0.0
     set alt-secondary 0.0.0.0
     set log disable
+    set fqdn-cache-ttl 0
+    set fqdn-max-refresh 3600
+    set fqdn-min-refresh 60
 end
 config system ddns
 end
 config system sflow
-    set collector-ip 0.0.0.0
-    set collector-port 6343
-    set source-ip 0.0.0.0
-    set interface-select-method auto
 end
 config system netflow
-    set collector-ip 0.0.0.0
-    set collector-port 2055
-    set source-ip 0.0.0.0
     set active-flow-timeout 1800
     set inactive-flow-timeout 15
     set template-tx-timeout 1800
     set template-tx-counter 20
-    set interface-select-method auto
 end
 config system replacemsg-image
     edit "logo_fnet"
-        set image-type gif
+        set image-type png
         set image-base64 ''
     next
     edit "logo_fguard_wf"
-        set image-type gif
+        set image-type png
         set image-base64 ''
     next
     edit "logo_v3_fguard_app"
@@ -7233,7 +7721,7 @@ config system replacemsg http "url-block"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -7272,7 +7760,7 @@ config system replacemsg http "url-block"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -7385,7 +7873,7 @@ config system replacemsg http "urlfilter-err"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -7424,7 +7912,7 @@ config system replacemsg http "urlfilter-err"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -7527,7 +8015,7 @@ config system replacemsg http "infcache-block"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -7566,7 +8054,7 @@ config system replacemsg http "infcache-block"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -7669,7 +8157,7 @@ config system replacemsg http "http-contenttypeblock"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -7708,7 +8196,7 @@ config system replacemsg http "http-contenttypeblock"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -7812,7 +8300,7 @@ config system replacemsg http "https-invalid-cert-block"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -7851,7 +8339,7 @@ config system replacemsg http "https-invalid-cert-block"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -7975,7 +8463,7 @@ config system replacemsg http "https-untrusted-cert-block"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -8014,7 +8502,7 @@ config system replacemsg http "https-untrusted-cert-block"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -8138,7 +8626,7 @@ config system replacemsg http "https-blocklisted-cert-block"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -8177,7 +8665,7 @@ config system replacemsg http "https-blocklisted-cert-block"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -8250,6 +8738,152 @@ config system replacemsg http "https-blocklisted-cert-block"
     set header http
     set format html
 end
+config system replacemsg http "https-ech-block"
+    set buffer "<!DOCTYPE html>
+<html lang=\"en\">
+    <head>
+        <meta charset=\"UTF-8\">
+        <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
+        <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
+        <style type=\"text/css\">
+            body {
+                height: 100%;
+                font-family: Helvetica, Arial, sans-serif;
+                color: #6a6a6a;
+                margin: 0;
+                display: flex;
+                align-items: center;
+                justify-content: center;
+            }
+            input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
+                color: #262626;
+                vertical-align: baseline;
+                margin: .2em;
+                border-style: solid;
+                border-width: 1px;
+                border-color: #a9a9a9;
+                background-color: #fff;
+                box-sizing: border-box;
+                padding: 2px .5em;
+                appearance: none;
+                border-radius: 0;
+            }
+            input:focus {
+                border-color: #646464;
+                box-shadow: 0 0 1px 0 #a2a2a2;
+                outline: 0;
+            }
+            button {
+                padding: .5em 1em;
+                border: 1px solid;
+                border-radius: 3px;
+                min-width: 6em;
+                font-weight: 400;
+                font-size: .8em;
+                cursor: pointer;
+            }
+            button.primary {
+                color: #fff;
+                background-color: rgb(47, 113, 178);
+                border-color: rgb(34, 103, 173);
+            }
+            .message-container {
+                height: 500px;
+                width: 500px;
+                padding: 0;
+                margin: 10px;
+            }
+            .logo {
+                background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
+                height: 267px;
+                object-fit: contain;
+            }
+            table {
+                background-color: #fff;
+                border-spacing: 0;
+                margin: 1em;
+            }
+            table > tbody > tr > td:first-of-type:not([colspan]) {
+                white-space: nowrap;
+                color: rgba(0,0,0,.5);
+            }
+            table > tbody > tr > td:first-of-type {
+                vertical-align: top;
+            }
+            table > tbody > tr > td {
+                padding: .3em .3em;
+            }
+            .field {
+                display: table-row;
+            }
+            .field > :first-child {
+                display: table-cell;
+                width: 20%;
+            }
+            .field.single > :first-child {
+                display: inline;
+            }
+            .field > :not(:first-child) {
+                width: auto;
+                max-width: 100%;
+                display: inline-flex;
+                align-items: baseline;
+                vertical-align: top;
+                box-sizing: border-box;
+                margin: .3em;
+            }
+            .field > :not(:first-child) > input {
+                width: 230px;
+            }
+            .form-footer {
+                display: inline-flex;
+                justify-content: flex-start;
+            }
+            .form-footer > * {
+                margin: 1em;
+            }
+            .text-scrollable {
+                overflow: auto;
+                height: 150px;
+                border: 1px solid rgb(200, 200, 200);
+                padding: 5px;
+                font-size: 1em;
+            }
+            .text-centered {
+                text-align: center;
+            }
+            .text-container {
+                margin: 1em 1.5em;
+            }
+            .flex-container {
+                display: flex;
+            }
+            .flex-container.column {
+                flex-direction: column;
+            }
+        </style>
+        <title>Invalid Connection</title>
+    </head>
+    <body><div class=\"message-container\">
+    <div class=\"logo\"></div>
+    <h1>%%FORTIGUARD_WF%%</h1>
+    <p>The Encrypted ClientHello has been blocked for %%SNI%%</p>
+    <table><tbody>
+        <tr>
+            <td>SNI</td>
+            <td>%%SNI%%</td>
+        </tr>
+        <tr>
+            <td>Site</td>
+            <td>%%HOSTNAME%%</td>
+        </tr>
+    </tbody></table>
+</div></body>
+</html>
+"
+    set header http
+    set format html
+end
 config system replacemsg http "switching-protocols-block"
     set buffer "<!DOCTYPE html>
 <html lang=\"en\">
@@ -8301,7 +8935,7 @@ config system replacemsg http "switching-protocols-block"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -8340,7 +8974,7 @@ config system replacemsg http "switching-protocols-block"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -8437,7 +9071,7 @@ config system replacemsg http "http-antiphish-block"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -8476,7 +9110,7 @@ config system replacemsg http "http-antiphish-block"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -8579,7 +9213,7 @@ config system replacemsg http "videofilter-block"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -8618,7 +9252,7 @@ config system replacemsg http "videofilter-block"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -8726,7 +9360,7 @@ config system replacemsg webproxy "deny"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -8765,7 +9399,7 @@ config system replacemsg webproxy "deny"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -8862,7 +9496,7 @@ config system replacemsg webproxy "user-limit"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -8901,7 +9535,7 @@ config system replacemsg webproxy "user-limit"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -8998,7 +9632,7 @@ config system replacemsg webproxy "auth-challenge"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -9037,7 +9671,7 @@ config system replacemsg webproxy "auth-challenge"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -9134,7 +9768,7 @@ config system replacemsg webproxy "auth-login-fail"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -9173,7 +9807,7 @@ config system replacemsg webproxy "auth-login-fail"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -9272,7 +9906,7 @@ config system replacemsg webproxy "auth-group-info-fail"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -9311,7 +9945,7 @@ config system replacemsg webproxy "auth-group-info-fail"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -9408,7 +10042,7 @@ config system replacemsg webproxy "http-err"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -9447,7 +10081,7 @@ config system replacemsg webproxy "http-err"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -9550,7 +10184,7 @@ config system replacemsg webproxy "auth-ip-blackout"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -9589,7 +10223,7 @@ config system replacemsg webproxy "auth-ip-blackout"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -9635,7 +10269,7 @@ config system replacemsg webproxy "auth-ip-blackout"
     set header http
     set format html
 end
-config system replacemsg webproxy "ztna-block"
+config system replacemsg webproxy "ztna-invalid-cert"
     set buffer "<!DOCTYPE html>
 <html lang=\"en\">
     <head>
@@ -9686,7 +10320,7 @@ config system replacemsg webproxy "ztna-block"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -9701,7 +10335,6 @@ config system replacemsg webproxy "ztna-block"
                 margin: 1em;
             }
             table > tbody > tr > td:first-of-type:not([colspan]) {
-                white-space: nowrap;
                 color: rgba(0,0,0,.5);
             }
             table > tbody > tr > td:first-of-type {
@@ -9763,16 +10396,2818 @@ config system replacemsg webproxy "ztna-block"
     </head>
     <body><div class=\"message-container\">
     <div class=\"logo\"></div>
-    <h1>ZTNA Access Denied</h1>
-    <table>
-	<tr>
-		<td>The page you requested has been blocked by a ZTNA restriction.</td>
-	</tr>
-    </table>
+    <h1>Invalid ZTNA Certificate</h1>
     <table><tbody>
         <tr>
-            <td>Details:</td>
-            <td>%%ZTNA_DETAIL_TAG%%</td>
+            <td><b>Error Code:</b></td>
+            <td>%%ZTNA_ERROR_CODE%%</td>
+        </tr>
+        <tr>
+            <td><b>Error Message:</b></td>
+            <td>The page you requested has been blocked because the ZTNA certificate is invalid.</td>
+        </tr>
+        <tr>
+            <td><b>Certificate Information:</b></td>
+            <td>%%ZTNA_CERT_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Request Time:</b></td>
+            <td>%%ZTNA_REQ_TIME%%</td>
+        </tr>
+    </tbody></table>
+</div></body>
+</html>
+"
+    set header http
+    set format html
+end
+config system replacemsg webproxy "ztna-empty-cert"
+    set buffer "<!DOCTYPE html>
+<html lang=\"en\">
+    <head>
+        <meta charset=\"UTF-8\">
+        <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
+        <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
+        <style type=\"text/css\">
+            body {
+                height: 100%;
+                font-family: Helvetica, Arial, sans-serif;
+                color: #6a6a6a;
+                margin: 0;
+                display: flex;
+                align-items: center;
+                justify-content: center;
+            }
+            input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
+                color: #262626;
+                vertical-align: baseline;
+                margin: .2em;
+                border-style: solid;
+                border-width: 1px;
+                border-color: #a9a9a9;
+                background-color: #fff;
+                box-sizing: border-box;
+                padding: 2px .5em;
+                appearance: none;
+                border-radius: 0;
+            }
+            input:focus {
+                border-color: #646464;
+                box-shadow: 0 0 1px 0 #a2a2a2;
+                outline: 0;
+            }
+            button {
+                padding: .5em 1em;
+                border: 1px solid;
+                border-radius: 3px;
+                min-width: 6em;
+                font-weight: 400;
+                font-size: .8em;
+                cursor: pointer;
+            }
+            button.primary {
+                color: #fff;
+                background-color: rgb(47, 113, 178);
+                border-color: rgb(34, 103, 173);
+            }
+            .message-container {
+                height: 500px;
+                width: 500px;
+                padding: 0;
+                margin: 10px;
+            }
+            .logo {
+                background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
+                height: 267px;
+                object-fit: contain;
+            }
+            table {
+                background-color: #fff;
+                border-spacing: 0;
+                margin: 1em;
+            }
+            table > tbody > tr > td:first-of-type:not([colspan]) {
+                color: rgba(0,0,0,.5);
+            }
+            table > tbody > tr > td:first-of-type {
+                vertical-align: top;
+            }
+            table > tbody > tr > td {
+                padding: .3em .3em;
+            }
+            .field {
+                display: table-row;
+            }
+            .field > :first-child {
+                display: table-cell;
+                width: 20%;
+            }
+            .field.single > :first-child {
+                display: inline;
+            }
+            .field > :not(:first-child) {
+                width: auto;
+                max-width: 100%;
+                display: inline-flex;
+                align-items: baseline;
+                virtical-align: top;
+                box-sizing: border-box;
+                margin: .3em;
+            }
+            .field > :not(:first-child) > input {
+                width: 230px;
+            }
+            .form-footer {
+                display: inline-flex;
+                justify-content: flex-start;
+            }
+            .form-footer > * {
+                margin: 1em;
+            }
+            .text-scrollable {
+                overflow: auto;
+                height: 150px;
+                border: 1px solid rgb(200, 200, 200);
+                padding: 5px;
+                font-size: 1em;
+            }
+            .text-centered {
+                text-align: center;
+            }
+            .text-container {
+                margin: 1em 1.5em;
+            }
+            .flex-container {
+                display: flex;
+            }
+            .flex-container.column {
+                flex-direction: column;
+            }
+        </style>
+        <title>ZTNA Access Denied</title>
+    </head>
+    <body><div class=\"message-container\">
+    <div class=\"logo\"></div>
+    <h1>Invalid ZTNA certificate</h1>
+    <table><tbody>
+        <tr>
+            <td><b>Error Code:</b></td>
+            <td>%%ZTNA_ERROR_CODE%%</td>
+        </tr>
+        <tr>
+            <td><b>Error Message:</b></td>
+            <td>The page you requested has been blocked because the ZTNA certificate is empty.</td>
+        </tr>
+        <tr>
+            <td><b>Certificate Information:</b></td>
+            <td>%%ZTNA_CERT_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Request Time:</b></td>
+            <td>%%ZTNA_REQ_TIME%%</td>
+        </tr>
+    </tbody></table>
+</div></body>
+</html>
+"
+    set header http
+    set format html
+end
+config system replacemsg webproxy "ztna-manageable-empty-cert"
+    set buffer "<!DOCTYPE html>
+<html lang=\"en\">
+    <head>
+        <meta charset=\"UTF-8\">
+        <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
+        <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
+        <style type=\"text/css\">
+            body {
+                height: 100%;
+                font-family: Helvetica, Arial, sans-serif;
+                color: #6a6a6a;
+                margin: 0;
+                display: flex;
+                align-items: center;
+                justify-content: center;
+            }
+            input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
+                color: #262626;
+                vertical-align: baseline;
+                margin: .2em;
+                border-style: solid;
+                border-width: 1px;
+                border-color: #a9a9a9;
+                background-color: #fff;
+                box-sizing: border-box;
+                padding: 2px .5em;
+                appearance: none;
+                border-radius: 0;
+            }
+            input:focus {
+                border-color: #646464;
+                box-shadow: 0 0 1px 0 #a2a2a2;
+                outline: 0;
+            }
+            button {
+                padding: .5em 1em;
+                border: 1px solid;
+                border-radius: 3px;
+                min-width: 6em;
+                font-weight: 400;
+                font-size: .8em;
+                cursor: pointer;
+            }
+            button.primary {
+                color: #fff;
+                background-color: rgb(47, 113, 178);
+                border-color: rgb(34, 103, 173);
+            }
+            .message-container {
+                height: 500px;
+                width: 500px;
+                padding: 0;
+                margin: 10px;
+            }
+            .logo {
+                background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
+                height: 267px;
+                object-fit: contain;
+            }
+            table {
+                background-color: #fff;
+                border-spacing: 0;
+                margin: 1em;
+            }
+            table > tbody > tr > td:first-of-type:not([colspan]) {
+                color: rgba(0,0,0,.5);
+            }
+            table > tbody > tr > td:first-of-type {
+                vertical-align: top;
+            }
+            table > tbody > tr > td {
+                padding: .3em .3em;
+            }
+            .field {
+                display: table-row;
+            }
+            .field > :first-child {
+                display: table-cell;
+                width: 20%;
+            }
+            .field.single > :first-child {
+                display: inline;
+            }
+            .field > :not(:first-child) {
+                width: auto;
+                max-width: 100%;
+                display: inline-flex;
+                align-items: baseline;
+                virtical-align: top;
+                box-sizing: border-box;
+                margin: .3em;
+            }
+            .field > :not(:first-child) > input {
+                width: 230px;
+            }
+            .form-footer {
+                display: inline-flex;
+                justify-content: flex-start;
+            }
+            .form-footer > * {
+                margin: 1em;
+            }
+            .text-scrollable {
+                overflow: auto;
+                height: 150px;
+                border: 1px solid rgb(200, 200, 200);
+                padding: 5px;
+                font-size: 1em;
+            }
+            .text-centered {
+                text-align: center;
+            }
+            .text-container {
+                margin: 1em 1.5em;
+            }
+            .flex-container {
+                display: flex;
+            }
+            .flex-container.column {
+                flex-direction: column;
+            }
+        </style>
+        <title>ZTNA Access Denied</title>
+    </head>
+    <body><div class=\"message-container\">
+    <div class=\"logo\"></div>
+    <h1>Invalid ZTNA certificate</h1>
+    <table><tbody>
+        <tr>
+            <td><b>Error Code:</b></td>
+            <td>%%ZTNA_ERROR_CODE%%</td>
+        </tr>
+        <tr>
+            <td><b>Error Message:</b></td>
+            <td>The page you requested has been blocked because the device is manageable but with an empty ZTNA certificate.</td>
+        </tr>
+        <tr>
+            <td><b>Certificate Information:</b></td>
+            <td>%%ZTNA_CERT_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Request Time:</b></td>
+            <td>%%ZTNA_REQ_TIME%%</td>
+        </tr>
+    </tbody></table>
+</div></body>
+</html>
+"
+    set header http
+    set format html
+end
+config system replacemsg webproxy "ztna-no-api-gwy-matched"
+    set buffer "<!DOCTYPE html>
+<html lang=\"en\">
+    <head>
+        <meta charset=\"UTF-8\">
+        <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
+        <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
+        <style type=\"text/css\">
+            body {
+                height: 100%;
+                font-family: Helvetica, Arial, sans-serif;
+                color: #6a6a6a;
+                margin: 0;
+                display: flex;
+                align-items: center;
+                justify-content: center;
+            }
+            input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
+                color: #262626;
+                vertical-align: baseline;
+                margin: .2em;
+                border-style: solid;
+                border-width: 1px;
+                border-color: #a9a9a9;
+                background-color: #fff;
+                box-sizing: border-box;
+                padding: 2px .5em;
+                appearance: none;
+                border-radius: 0;
+            }
+            input:focus {
+                border-color: #646464;
+                box-shadow: 0 0 1px 0 #a2a2a2;
+                outline: 0;
+            }
+            button {
+                padding: .5em 1em;
+                border: 1px solid;
+                border-radius: 3px;
+                min-width: 6em;
+                font-weight: 400;
+                font-size: .8em;
+                cursor: pointer;
+            }
+            button.primary {
+                color: #fff;
+                background-color: rgb(47, 113, 178);
+                border-color: rgb(34, 103, 173);
+            }
+            .message-container {
+                height: 500px;
+                width: 500px;
+                padding: 0;
+                margin: 10px;
+            }
+            .logo {
+                background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
+                height: 267px;
+                object-fit: contain;
+            }
+            table {
+                background-color: #fff;
+                border-spacing: 0;
+                margin: 1em;
+            }
+            table > tbody > tr > td:first-of-type:not([colspan]) {
+                color: rgba(0,0,0,.5);
+            }
+            table > tbody > tr > td:first-of-type {
+                vertical-align: top;
+            }
+            table > tbody > tr > td {
+                padding: .3em .3em;
+            }
+            .field {
+                display: table-row;
+            }
+            .field > :first-child {
+                display: table-cell;
+                width: 20%;
+            }
+            .field.single > :first-child {
+                display: inline;
+            }
+            .field > :not(:first-child) {
+                width: auto;
+                max-width: 100%;
+                display: inline-flex;
+                align-items: baseline;
+                virtical-align: top;
+                box-sizing: border-box;
+                margin: .3em;
+            }
+            .field > :not(:first-child) > input {
+                width: 230px;
+            }
+            .form-footer {
+                display: inline-flex;
+                justify-content: flex-start;
+            }
+            .form-footer > * {
+                margin: 1em;
+            }
+            .text-scrollable {
+                overflow: auto;
+                height: 150px;
+                border: 1px solid rgb(200, 200, 200);
+                padding: 5px;
+                font-size: 1em;
+            }
+            .text-centered {
+                text-align: center;
+            }
+            .text-container {
+                margin: 1em 1.5em;
+            }
+            .flex-container {
+                display: flex;
+            }
+            .flex-container.column {
+                flex-direction: column;
+            }
+        </style>
+        <title>ZTNA Access Denied</title>
+    </head>
+    <body><div class=\"message-container\">
+    <div class=\"logo\"></div>
+    <h1>ZTNA Application Not Found</h1>
+    <table><tbody>
+        <tr>
+            <td><b>Error Code:</b></td>
+            <td>%%ZTNA_ERROR_CODE%%</td>
+        </tr>
+        <tr>
+            <td><b>Error Message:</b></td>
+            <td>The page you requested has been blocked because no API gateway was matched.</td>
+        </tr>
+        <tr>
+            <td><b>Certificate Information:</b></td>
+            <td>%%ZTNA_CERT_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Device Information:</b></td>
+            <td>%%ZTNA_DEV_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Request Time:</b></td>
+            <td>%%ZTNA_REQ_TIME%%</td>
+        </tr>
+    </tbody></table>
+</div></body>
+</html>
+"
+    set header http
+    set format html
+end
+config system replacemsg webproxy "ztna-cant-find-real-srv"
+    set buffer "<!DOCTYPE html>
+<html lang=\"en\">
+    <head>
+        <meta charset=\"UTF-8\">
+        <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
+        <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
+        <style type=\"text/css\">
+            body {
+                height: 100%;
+                font-family: Helvetica, Arial, sans-serif;
+                color: #6a6a6a;
+                margin: 0;
+                display: flex;
+                align-items: center;
+                justify-content: center;
+            }
+            input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
+                color: #262626;
+                vertical-align: baseline;
+                margin: .2em;
+                border-style: solid;
+                border-width: 1px;
+                border-color: #a9a9a9;
+                background-color: #fff;
+                box-sizing: border-box;
+                padding: 2px .5em;
+                appearance: none;
+                border-radius: 0;
+            }
+            input:focus {
+                border-color: #646464;
+                box-shadow: 0 0 1px 0 #a2a2a2;
+                outline: 0;
+            }
+            button {
+                padding: .5em 1em;
+                border: 1px solid;
+                border-radius: 3px;
+                min-width: 6em;
+                font-weight: 400;
+                font-size: .8em;
+                cursor: pointer;
+            }
+            button.primary {
+                color: #fff;
+                background-color: rgb(47, 113, 178);
+                border-color: rgb(34, 103, 173);
+            }
+            .message-container {
+                height: 500px;
+                width: 500px;
+                padding: 0;
+                margin: 10px;
+            }
+            .logo {
+                background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
+                height: 267px;
+                object-fit: contain;
+            }
+            table {
+                background-color: #fff;
+                border-spacing: 0;
+                margin: 1em;
+            }
+            table > tbody > tr > td:first-of-type:not([colspan]) {
+                color: rgba(0,0,0,.5);
+            }
+            table > tbody > tr > td:first-of-type {
+                vertical-align: top;
+            }
+            table > tbody > tr > td {
+                padding: .3em .3em;
+            }
+            .field {
+                display: table-row;
+            }
+            .field > :first-child {
+                display: table-cell;
+                width: 20%;
+            }
+            .field.single > :first-child {
+                display: inline;
+            }
+            .field > :not(:first-child) {
+                width: auto;
+                max-width: 100%;
+                display: inline-flex;
+                align-items: baseline;
+                virtical-align: top;
+                box-sizing: border-box;
+                margin: .3em;
+            }
+            .field > :not(:first-child) > input {
+                width: 230px;
+            }
+            .form-footer {
+                display: inline-flex;
+                justify-content: flex-start;
+            }
+            .form-footer > * {
+                margin: 1em;
+            }
+            .text-scrollable {
+                overflow: auto;
+                height: 150px;
+                border: 1px solid rgb(200, 200, 200);
+                padding: 5px;
+                font-size: 1em;
+            }
+            .text-centered {
+                text-align: center;
+            }
+            .text-container {
+                margin: 1em 1.5em;
+            }
+            .flex-container {
+                display: flex;
+            }
+            .flex-container.column {
+                flex-direction: column;
+            }
+        </style>
+        <title>ZTNA Access Denied</title>
+    </head>
+    <body><div class=\"message-container\">
+    <div class=\"logo\"></div>
+    <h1>ZTNA Application Not Found</h1>
+    <table><tbody>
+        <tr>
+            <td><b>Error Code:</b></td>
+            <td>%%ZTNA_ERROR_CODE%%</td>
+        </tr>
+        <tr>
+            <td><b>Error Message:</b></td>
+            <td>The page you requested has been blocked because the real server in the API gateway cannot be found.</td>
+        </tr>
+        <tr>
+            <td><b>Certificate Information:</b></td>
+            <td>%%ZTNA_CERT_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Device Information:</b></td>
+            <td>%%ZTNA_DEV_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Request Time:</b></td>
+            <td>%%ZTNA_REQ_TIME%%</td>
+        </tr>
+    </tbody></table>
+</div></body>
+</html>
+"
+    set header http
+    set format html
+end
+config system replacemsg webproxy "ztna-fqdn-dns-failed"
+    set buffer "<!DOCTYPE html>
+<html lang=\"en\">
+    <head>
+        <meta charset=\"UTF-8\">
+        <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
+        <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
+        <style type=\"text/css\">
+            body {
+                height: 100%;
+                font-family: Helvetica, Arial, sans-serif;
+                color: #6a6a6a;
+                margin: 0;
+                display: flex;
+                align-items: center;
+                justify-content: center;
+            }
+            input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
+                color: #262626;
+                vertical-align: baseline;
+                margin: .2em;
+                border-style: solid;
+                border-width: 1px;
+                border-color: #a9a9a9;
+                background-color: #fff;
+                box-sizing: border-box;
+                padding: 2px .5em;
+                appearance: none;
+                border-radius: 0;
+            }
+            input:focus {
+                border-color: #646464;
+                box-shadow: 0 0 1px 0 #a2a2a2;
+                outline: 0;
+            }
+            button {
+                padding: .5em 1em;
+                border: 1px solid;
+                border-radius: 3px;
+                min-width: 6em;
+                font-weight: 400;
+                font-size: .8em;
+                cursor: pointer;
+            }
+            button.primary {
+                color: #fff;
+                background-color: rgb(47, 113, 178);
+                border-color: rgb(34, 103, 173);
+            }
+            .message-container {
+                height: 500px;
+                width: 500px;
+                padding: 0;
+                margin: 10px;
+            }
+            .logo {
+                background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
+                height: 267px;
+                object-fit: contain;
+            }
+            table {
+                background-color: #fff;
+                border-spacing: 0;
+                margin: 1em;
+            }
+            table > tbody > tr > td:first-of-type:not([colspan]) {
+                color: rgba(0,0,0,.5);
+            }
+            table > tbody > tr > td:first-of-type {
+                vertical-align: top;
+            }
+            table > tbody > tr > td {
+                padding: .3em .3em;
+            }
+            .field {
+                display: table-row;
+            }
+            .field > :first-child {
+                display: table-cell;
+                width: 20%;
+            }
+            .field.single > :first-child {
+                display: inline;
+            }
+            .field > :not(:first-child) {
+                width: auto;
+                max-width: 100%;
+                display: inline-flex;
+                align-items: baseline;
+                virtical-align: top;
+                box-sizing: border-box;
+                margin: .3em;
+            }
+            .field > :not(:first-child) > input {
+                width: 230px;
+            }
+            .form-footer {
+                display: inline-flex;
+                justify-content: flex-start;
+            }
+            .form-footer > * {
+                margin: 1em;
+            }
+            .text-scrollable {
+                overflow: auto;
+                height: 150px;
+                border: 1px solid rgb(200, 200, 200);
+                padding: 5px;
+                font-size: 1em;
+            }
+            .text-centered {
+                text-align: center;
+            }
+            .text-container {
+                margin: 1em 1.5em;
+            }
+            .flex-container {
+                display: flex;
+            }
+            .flex-container.column {
+                flex-direction: column;
+            }
+        </style>
+        <title>ZTNA Access Denied</title>
+    </head>
+    <body><div class=\"message-container\">
+    <div class=\"logo\"></div>
+    <h1>ZTNA Application Not Found</h1>
+    <table><tbody>
+        <tr>
+            <td><b>Error Code:</b></td>
+            <td>%%ZTNA_ERROR_CODE%%</td>
+        </tr>
+        <tr>
+            <td><b>Error Message:</b></td>
+            <td>The page you requested has been blocked because ZTNA FQDN DNS failed.</td>
+        </tr>
+        <tr>
+            <td><b>Certificate Information:</b></td>
+            <td>%%ZTNA_CERT_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Device Information:</b></td>
+            <td>%%ZTNA_DEV_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Request Time:</b></td>
+            <td>%%ZTNA_REQ_TIME%%</td>
+        </tr>
+    </tbody></table>
+</div></body>
+</html>
+"
+    set header http
+    set format html
+end
+config system replacemsg webproxy "ztna-ssl-bookmark-failed"
+    set buffer "<!DOCTYPE html>
+<html lang=\"en\">
+    <head>
+        <meta charset=\"UTF-8\">
+        <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
+        <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
+        <style type=\"text/css\">
+            body {
+                height: 100%;
+                font-family: Helvetica, Arial, sans-serif;
+                color: #6a6a6a;
+                margin: 0;
+                display: flex;
+                align-items: center;
+                justify-content: center;
+            }
+            input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
+                color: #262626;
+                vertical-align: baseline;
+                margin: .2em;
+                border-style: solid;
+                border-width: 1px;
+                border-color: #a9a9a9;
+                background-color: #fff;
+                box-sizing: border-box;
+                padding: 2px .5em;
+                appearance: none;
+                border-radius: 0;
+            }
+            input:focus {
+                border-color: #646464;
+                box-shadow: 0 0 1px 0 #a2a2a2;
+                outline: 0;
+            }
+            button {
+                padding: .5em 1em;
+                border: 1px solid;
+                border-radius: 3px;
+                min-width: 6em;
+                font-weight: 400;
+                font-size: .8em;
+                cursor: pointer;
+            }
+            button.primary {
+                color: #fff;
+                background-color: rgb(47, 113, 178);
+                border-color: rgb(34, 103, 173);
+            }
+            .message-container {
+                height: 500px;
+                width: 500px;
+                padding: 0;
+                margin: 10px;
+            }
+            .logo {
+                background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
+                height: 267px;
+                object-fit: contain;
+            }
+            table {
+                background-color: #fff;
+                border-spacing: 0;
+                margin: 1em;
+            }
+            table > tbody > tr > td:first-of-type:not([colspan]) {
+                color: rgba(0,0,0,.5);
+            }
+            table > tbody > tr > td:first-of-type {
+                vertical-align: top;
+            }
+            table > tbody > tr > td {
+                padding: .3em .3em;
+            }
+            .field {
+                display: table-row;
+            }
+            .field > :first-child {
+                display: table-cell;
+                width: 20%;
+            }
+            .field.single > :first-child {
+                display: inline;
+            }
+            .field > :not(:first-child) {
+                width: auto;
+                max-width: 100%;
+                display: inline-flex;
+                align-items: baseline;
+                virtical-align: top;
+                box-sizing: border-box;
+                margin: .3em;
+            }
+            .field > :not(:first-child) > input {
+                width: 230px;
+            }
+            .form-footer {
+                display: inline-flex;
+                justify-content: flex-start;
+            }
+            .form-footer > * {
+                margin: 1em;
+            }
+            .text-scrollable {
+                overflow: auto;
+                height: 150px;
+                border: 1px solid rgb(200, 200, 200);
+                padding: 5px;
+                font-size: 1em;
+            }
+            .text-centered {
+                text-align: center;
+            }
+            .text-container {
+                margin: 1em 1.5em;
+            }
+            .flex-container {
+                display: flex;
+            }
+            .flex-container.column {
+                flex-direction: column;
+            }
+        </style>
+        <title>ZTNA Access Denied</title>
+    </head>
+    <body><div class=\"message-container\">
+    <div class=\"logo\"></div>
+    <h1>ZTNA Portal Error</h1>
+    <table><tbody>
+        <tr>
+            <td><b>Error Code:</b></td>
+            <td>%%ZTNA_ERROR_CODE%%</td>
+        </tr>
+        <tr>
+            <td><b>Error Message:</b></td>
+            <td>The page you requested has been blocked because SSLVPN bookmark address failed.</td>
+        </tr>
+        <tr>
+            <td><b>Certificate Information:</b></td>
+            <td>%%ZTNA_CERT_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Device Information:</b></td>
+            <td>%%ZTNA_DEV_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Request Time:</b></td>
+            <td>%%ZTNA_REQ_TIME%%</td>
+        </tr>
+    </tbody></table>
+</div></body>
+</html>
+"
+    set header http
+    set format html
+end
+config system replacemsg webproxy "ztna-no-policy-matched"
+    set buffer "<!DOCTYPE html>
+<html lang=\"en\">
+    <head>
+        <meta charset=\"UTF-8\">
+        <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
+        <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
+        <style type=\"text/css\">
+            body {
+                height: 100%;
+                font-family: Helvetica, Arial, sans-serif;
+                color: #6a6a6a;
+                margin: 0;
+                display: flex;
+                align-items: center;
+                justify-content: center;
+            }
+            input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
+                color: #262626;
+                vertical-align: baseline;
+                margin: .2em;
+                border-style: solid;
+                border-width: 1px;
+                border-color: #a9a9a9;
+                background-color: #fff;
+                box-sizing: border-box;
+                padding: 2px .5em;
+                appearance: none;
+                border-radius: 0;
+            }
+            input:focus {
+                border-color: #646464;
+                box-shadow: 0 0 1px 0 #a2a2a2;
+                outline: 0;
+            }
+            button {
+                padding: .5em 1em;
+                border: 1px solid;
+                border-radius: 3px;
+                min-width: 6em;
+                font-weight: 400;
+                font-size: .8em;
+                cursor: pointer;
+            }
+            button.primary {
+                color: #fff;
+                background-color: rgb(47, 113, 178);
+                border-color: rgb(34, 103, 173);
+            }
+            .message-container {
+                height: 500px;
+                width: 500px;
+                padding: 0;
+                margin: 10px;
+            }
+            .logo {
+                background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
+                height: 267px;
+                object-fit: contain;
+            }
+            table {
+                background-color: #fff;
+                border-spacing: 0;
+                margin: 1em;
+            }
+            table > tbody > tr > td:first-of-type:not([colspan]) {
+                color: rgba(0,0,0,.5);
+            }
+            table > tbody > tr > td:first-of-type {
+                vertical-align: top;
+            }
+            table > tbody > tr > td {
+                padding: .3em .3em;
+            }
+            .field {
+                display: table-row;
+            }
+            .field > :first-child {
+                display: table-cell;
+                width: 20%;
+            }
+            .field.single > :first-child {
+                display: inline;
+            }
+            .field > :not(:first-child) {
+                width: auto;
+                max-width: 100%;
+                display: inline-flex;
+                align-items: baseline;
+                virtical-align: top;
+                box-sizing: border-box;
+                margin: .3em;
+            }
+            .field > :not(:first-child) > input {
+                width: 230px;
+            }
+            .form-footer {
+                display: inline-flex;
+                justify-content: flex-start;
+            }
+            .form-footer > * {
+                margin: 1em;
+            }
+            .text-scrollable {
+                overflow: auto;
+                height: 150px;
+                border: 1px solid rgb(200, 200, 200);
+                padding: 5px;
+                font-size: 1em;
+            }
+            .text-centered {
+                text-align: center;
+            }
+            .text-container {
+                margin: 1em 1.5em;
+            }
+            .flex-container {
+                display: flex;
+            }
+            .flex-container.column {
+                flex-direction: column;
+            }
+        </style>
+        <title>ZTNA Access Denied</title>
+    </head>
+    <body><div class=\"message-container\">
+    <div class=\"logo\"></div>
+    <h1>ZTNA Policy Denied</h1>
+    <table><tbody>
+        <tr>
+            <td><b>Error Code:</b></td>
+            <td>%%ZTNA_ERROR_CODE%%</td>
+        </tr>
+        <tr>
+            <td><b>Error Message:</b></td>
+            <td>The page you requested has been blocked because no policy was matched.</td>
+        </tr>
+        <tr>
+            <td><b>Device Information:</b></td>
+            <td>%%ZTNA_DEV_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Request Time:</b></td>
+            <td>%%ZTNA_REQ_TIME%%</td>
+        </tr>
+    </tbody></table>
+</div></body>
+</html>
+"
+    set header http
+    set format html
+end
+config system replacemsg webproxy "ztna-matched-deny-policy"
+    set buffer "<!DOCTYPE html>
+<html lang=\"en\">
+    <head>
+        <meta charset=\"UTF-8\">
+        <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
+        <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
+        <style type=\"text/css\">
+            body {
+                height: 100%;
+                font-family: Helvetica, Arial, sans-serif;
+                color: #6a6a6a;
+                margin: 0;
+                display: flex;
+                align-items: center;
+                justify-content: center;
+            }
+            input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
+                color: #262626;
+                vertical-align: baseline;
+                margin: .2em;
+                border-style: solid;
+                border-width: 1px;
+                border-color: #a9a9a9;
+                background-color: #fff;
+                box-sizing: border-box;
+                padding: 2px .5em;
+                appearance: none;
+                border-radius: 0;
+            }
+            input:focus {
+                border-color: #646464;
+                box-shadow: 0 0 1px 0 #a2a2a2;
+                outline: 0;
+            }
+            button {
+                padding: .5em 1em;
+                border: 1px solid;
+                border-radius: 3px;
+                min-width: 6em;
+                font-weight: 400;
+                font-size: .8em;
+                cursor: pointer;
+            }
+            button.primary {
+                color: #fff;
+                background-color: rgb(47, 113, 178);
+                border-color: rgb(34, 103, 173);
+            }
+            .message-container {
+                height: 500px;
+                width: 500px;
+                padding: 0;
+                margin: 10px;
+            }
+            .logo {
+                background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
+                height: 267px;
+                object-fit: contain;
+            }
+            table {
+                background-color: #fff;
+                border-spacing: 0;
+                margin: 1em;
+            }
+            table > tbody > tr > td:first-of-type:not([colspan]) {
+                color: rgba(0,0,0,.5);
+            }
+            table > tbody > tr > td:first-of-type {
+                vertical-align: top;
+            }
+            table > tbody > tr > td {
+                padding: .3em .3em;
+            }
+            .field {
+                display: table-row;
+            }
+            .field > :first-child {
+                display: table-cell;
+                width: 20%;
+            }
+            .field.single > :first-child {
+                display: inline;
+            }
+            .field > :not(:first-child) {
+                width: auto;
+                max-width: 100%;
+                display: inline-flex;
+                align-items: baseline;
+                virtical-align: top;
+                box-sizing: border-box;
+                margin: .3em;
+            }
+            .field > :not(:first-child) > input {
+                width: 230px;
+            }
+            .form-footer {
+                display: inline-flex;
+                justify-content: flex-start;
+            }
+            .form-footer > * {
+                margin: 1em;
+            }
+            .text-scrollable {
+                overflow: auto;
+                height: 150px;
+                border: 1px solid rgb(200, 200, 200);
+                padding: 5px;
+                font-size: 1em;
+            }
+            .text-centered {
+                text-align: center;
+            }
+            .text-container {
+                margin: 1em 1.5em;
+            }
+            .flex-container {
+                display: flex;
+            }
+            .flex-container.column {
+                flex-direction: column;
+            }
+        </style>
+        <title>ZTNA Access Denied</title>
+    </head>
+    <body><div class=\"message-container\">
+    <div class=\"logo\"></div>
+    <h1>ZTNA Policy Denied</h1>
+    <table><tbody>
+        <tr>
+            <td><b>Error Code:</b></td>
+            <td>%%ZTNA_ERROR_CODE%%</td>
+        </tr>
+        <tr>
+            <td><b>Error Message:</b></td>
+            <td>The page you requested has been blocked because a policy with action deny was matched.</td>
+        </tr>
+        <tr>
+            <td><b>Device Information:</b></td>
+            <td>%%ZTNA_DEV_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Request Time:</b></td>
+            <td>%%ZTNA_REQ_TIME%%</td>
+        </tr>
+    </tbody></table>
+</div></body>
+</html>
+"
+    set header http
+    set format html
+end
+config system replacemsg webproxy "ztna-client-cert-revoked"
+    set buffer "<!DOCTYPE html>
+<html lang=\"en\">
+    <head>
+        <meta charset=\"UTF-8\">
+        <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
+        <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
+        <style type=\"text/css\">
+            body {
+                height: 100%;
+                font-family: Helvetica, Arial, sans-serif;
+                color: #6a6a6a;
+                margin: 0;
+                display: flex;
+                align-items: center;
+                justify-content: center;
+            }
+            input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
+                color: #262626;
+                vertical-align: baseline;
+                margin: .2em;
+                border-style: solid;
+                border-width: 1px;
+                border-color: #a9a9a9;
+                background-color: #fff;
+                box-sizing: border-box;
+                padding: 2px .5em;
+                appearance: none;
+                border-radius: 0;
+            }
+            input:focus {
+                border-color: #646464;
+                box-shadow: 0 0 1px 0 #a2a2a2;
+                outline: 0;
+            }
+            button {
+                padding: .5em 1em;
+                border: 1px solid;
+                border-radius: 3px;
+                min-width: 6em;
+                font-weight: 400;
+                font-size: .8em;
+                cursor: pointer;
+            }
+            button.primary {
+                color: #fff;
+                background-color: rgb(47, 113, 178);
+                border-color: rgb(34, 103, 173);
+            }
+            .message-container {
+                height: 500px;
+                width: 500px;
+                padding: 0;
+                margin: 10px;
+            }
+            .logo {
+                background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
+                height: 267px;
+                object-fit: contain;
+            }
+            table {
+                background-color: #fff;
+                border-spacing: 0;
+                margin: 1em;
+            }
+            table > tbody > tr > td:first-of-type:not([colspan]) {
+                color: rgba(0,0,0,.5);
+            }
+            table > tbody > tr > td:first-of-type {
+                vertical-align: top;
+            }
+            table > tbody > tr > td {
+                padding: .3em .3em;
+            }
+            .field {
+                display: table-row;
+            }
+            .field > :first-child {
+                display: table-cell;
+                width: 20%;
+            }
+            .field.single > :first-child {
+                display: inline;
+            }
+            .field > :not(:first-child) {
+                width: auto;
+                max-width: 100%;
+                display: inline-flex;
+                align-items: baseline;
+                virtical-align: top;
+                box-sizing: border-box;
+                margin: .3em;
+            }
+            .field > :not(:first-child) > input {
+                width: 230px;
+            }
+            .form-footer {
+                display: inline-flex;
+                justify-content: flex-start;
+            }
+            .form-footer > * {
+                margin: 1em;
+            }
+            .text-scrollable {
+                overflow: auto;
+                height: 150px;
+                border: 1px solid rgb(200, 200, 200);
+                padding: 5px;
+                font-size: 1em;
+            }
+            .text-centered {
+                text-align: center;
+            }
+            .text-container {
+                margin: 1em 1.5em;
+            }
+            .flex-container {
+                display: flex;
+            }
+            .flex-container.column {
+                flex-direction: column;
+            }
+        </style>
+        <title>ZTNA Access Denied</title>
+    </head>
+    <body><div class=\"message-container\">
+    <div class=\"logo\"></div>
+    <h1>ZTNA Policy Denied</h1>
+    <table><tbody>
+        <tr>
+            <td><b>Error Code:</b></td>
+            <td>%%ZTNA_ERROR_CODE%%</td>
+        </tr>
+        <tr>
+            <td><b>Error Message:</b></td>
+            <td>The page you requested has been blocked because the client cert has been revoked.</td>
+        </tr>
+        <tr>
+            <td><b>Certificate Information:</b></td>
+            <td>%%ZTNA_CERT_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Device Information:</b></td>
+            <td>%%ZTNA_DEV_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Request Time:</b></td>
+            <td>%%ZTNA_REQ_TIME%%</td>
+        </tr>
+    </tbody></table>
+</div></body>
+</html>
+"
+    set header http
+    set format html
+end
+config system replacemsg webproxy "ztna-denied-by-matched-tags"
+    set buffer "<!DOCTYPE html>
+<html lang=\"en\">
+    <head>
+        <meta charset=\"UTF-8\">
+        <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
+        <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
+        <style type=\"text/css\">
+            body {
+                height: 100%;
+                font-family: Helvetica, Arial, sans-serif;
+                color: #6a6a6a;
+                margin: 0;
+                display: flex;
+                align-items: center;
+                justify-content: center;
+            }
+            input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
+                color: #262626;
+                vertical-align: baseline;
+                margin: .2em;
+                border-style: solid;
+                border-width: 1px;
+                border-color: #a9a9a9;
+                background-color: #fff;
+                box-sizing: border-box;
+                padding: 2px .5em;
+                appearance: none;
+                border-radius: 0;
+            }
+            input:focus {
+                border-color: #646464;
+                box-shadow: 0 0 1px 0 #a2a2a2;
+                outline: 0;
+            }
+            button {
+                padding: .5em 1em;
+                border: 1px solid;
+                border-radius: 3px;
+                min-width: 6em;
+                font-weight: 400;
+                font-size: .8em;
+                cursor: pointer;
+            }
+            button.primary {
+                color: #fff;
+                background-color: rgb(47, 113, 178);
+                border-color: rgb(34, 103, 173);
+            }
+            .message-container {
+                height: 500px;
+                width: 500px;
+                padding: 0;
+                margin: 10px;
+            }
+            .logo {
+                background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
+                height: 267px;
+                object-fit: contain;
+            }
+            table {
+                background-color: #fff;
+                border-spacing: 0;
+                margin: 1em;
+            }
+            table > tbody > tr > td:first-of-type:not([colspan]) {
+                color: rgba(0,0,0,.5);
+            }
+            table > tbody > tr > td:first-of-type {
+                vertical-align: top;
+            }
+            table > tbody > tr > td {
+                padding: .3em .3em;
+            }
+            .field {
+                display: table-row;
+            }
+            .field > :first-child {
+                display: table-cell;
+                width: 20%;
+            }
+            .field.single > :first-child {
+                display: inline;
+            }
+            .field > :not(:first-child) {
+                width: auto;
+                max-width: 100%;
+                display: inline-flex;
+                align-items: baseline;
+                virtical-align: top;
+                box-sizing: border-box;
+                margin: .3em;
+            }
+            .field > :not(:first-child) > input {
+                width: 230px;
+            }
+            .form-footer {
+                display: inline-flex;
+                justify-content: flex-start;
+            }
+            .form-footer > * {
+                margin: 1em;
+            }
+            .text-scrollable {
+                overflow: auto;
+                height: 150px;
+                border: 1px solid rgb(200, 200, 200);
+                padding: 5px;
+                font-size: 1em;
+            }
+            .text-centered {
+                text-align: center;
+            }
+            .text-container {
+                margin: 1em 1.5em;
+            }
+            .flex-container {
+                display: flex;
+            }
+            .flex-container.column {
+                flex-direction: column;
+            }
+        </style>
+        <title>ZTNA Access Denied</title>
+    </head>
+    <body><div class=\"message-container\">
+    <div class=\"logo\"></div>
+    <h1>ZTNA Policy Denied</h1>
+    <table><tbody>
+        <tr>
+            <td><b>Error Code:</b></td>
+            <td>%%ZTNA_ERROR_CODE%%</td>
+        </tr>
+        <tr>
+            <td><b>Error Message:</b></td>
+            <td>The page you requested has been blocked because the tags matched a deny policy.</td>
+        </tr>
+        <tr>
+            <td><b>Certificate Information:</b></td>
+            <td>%%ZTNA_CERT_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Device Information:</b></td>
+            <td>%%ZTNA_DEV_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Device Tags:</b></td>
+            <td>%%ZTNA_DEV_TAGS%%</td>
+        </tr>
+        <tr>
+            <td><b>Request Time:</b></td>
+            <td>%%ZTNA_REQ_TIME%%</td>
+        </tr>
+    </tbody></table>
+</div></body>
+</html>
+"
+    set header http
+    set format html
+end
+config system replacemsg webproxy "ztna-denied-no-matched-tags"
+    set buffer "<!DOCTYPE html>
+<html lang=\"en\">
+    <head>
+        <meta charset=\"UTF-8\">
+        <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
+        <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
+        <style type=\"text/css\">
+            body {
+                height: 100%;
+                font-family: Helvetica, Arial, sans-serif;
+                color: #6a6a6a;
+                margin: 0;
+                display: flex;
+                align-items: center;
+                justify-content: center;
+            }
+            input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
+                color: #262626;
+                vertical-align: baseline;
+                margin: .2em;
+                border-style: solid;
+                border-width: 1px;
+                border-color: #a9a9a9;
+                background-color: #fff;
+                box-sizing: border-box;
+                padding: 2px .5em;
+                appearance: none;
+                border-radius: 0;
+            }
+            input:focus {
+                border-color: #646464;
+                box-shadow: 0 0 1px 0 #a2a2a2;
+                outline: 0;
+            }
+            button {
+                padding: .5em 1em;
+                border: 1px solid;
+                border-radius: 3px;
+                min-width: 6em;
+                font-weight: 400;
+                font-size: .8em;
+                cursor: pointer;
+            }
+            button.primary {
+                color: #fff;
+                background-color: rgb(47, 113, 178);
+                border-color: rgb(34, 103, 173);
+            }
+            .message-container {
+                height: 500px;
+                width: 500px;
+                padding: 0;
+                margin: 10px;
+            }
+            .logo {
+                background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
+                height: 267px;
+                object-fit: contain;
+            }
+            table {
+                background-color: #fff;
+                border-spacing: 0;
+                margin: 1em;
+            }
+            table > tbody > tr > td:first-of-type:not([colspan]) {
+                color: rgba(0,0,0,.5);
+            }
+            table > tbody > tr > td:first-of-type {
+                vertical-align: top;
+            }
+            table > tbody > tr > td {
+                padding: .3em .3em;
+            }
+            .field {
+                display: table-row;
+            }
+            .field > :first-child {
+                display: table-cell;
+                width: 20%;
+            }
+            .field.single > :first-child {
+                display: inline;
+            }
+            .field > :not(:first-child) {
+                width: auto;
+                max-width: 100%;
+                display: inline-flex;
+                align-items: baseline;
+                virtical-align: top;
+                box-sizing: border-box;
+                margin: .3em;
+            }
+            .field > :not(:first-child) > input {
+                width: 230px;
+            }
+            .form-footer {
+                display: inline-flex;
+                justify-content: flex-start;
+            }
+            .form-footer > * {
+                margin: 1em;
+            }
+            .text-scrollable {
+                overflow: auto;
+                height: 150px;
+                border: 1px solid rgb(200, 200, 200);
+                padding: 5px;
+                font-size: 1em;
+            }
+            .text-centered {
+                text-align: center;
+            }
+            .text-container {
+                margin: 1em 1.5em;
+            }
+            .flex-container {
+                display: flex;
+            }
+            .flex-container.column {
+                flex-direction: column;
+            }
+        </style>
+        <title>ZTNA Access Denied</title>
+    </head>
+    <body><div class=\"message-container\">
+    <div class=\"logo\"></div>
+    <h1>ZTNA Policy Denied</h1>
+    <table><tbody>
+        <tr>
+            <td><b>Error Code:</b></td>
+            <td>%%ZTNA_ERROR_CODE%%</td>
+        </tr>
+        <tr>
+            <td><b>Error Message:</b></td>
+            <td>The page you requested has been blocked because the tags didn\'t match any policy.</td>
+        </tr>
+        <tr>
+            <td><b>Certificate Information:</b></td>
+            <td>%%ZTNA_CERT_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Device Information:</b></td>
+            <td>%%ZTNA_DEV_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Device Tags:</b></td>
+            <td>%%ZTNA_DEV_TAGS%%</td>
+        </tr>
+        <tr>
+            <td><b>Request Time:</b></td>
+            <td>%%ZTNA_REQ_TIME%%</td>
+        </tr>
+    </tbody></table>
+</div></body>
+</html>
+"
+    set header http
+    set format html
+end
+config system replacemsg webproxy "ztna-no-dev-info"
+    set buffer "<!DOCTYPE html>
+<html lang=\"en\">
+    <head>
+        <meta charset=\"UTF-8\">
+        <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
+        <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
+        <style type=\"text/css\">
+            body {
+                height: 100%;
+                font-family: Helvetica, Arial, sans-serif;
+                color: #6a6a6a;
+                margin: 0;
+                display: flex;
+                align-items: center;
+                justify-content: center;
+            }
+            input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
+                color: #262626;
+                vertical-align: baseline;
+                margin: .2em;
+                border-style: solid;
+                border-width: 1px;
+                border-color: #a9a9a9;
+                background-color: #fff;
+                box-sizing: border-box;
+                padding: 2px .5em;
+                appearance: none;
+                border-radius: 0;
+            }
+            input:focus {
+                border-color: #646464;
+                box-shadow: 0 0 1px 0 #a2a2a2;
+                outline: 0;
+            }
+            button {
+                padding: .5em 1em;
+                border: 1px solid;
+                border-radius: 3px;
+                min-width: 6em;
+                font-weight: 400;
+                font-size: .8em;
+                cursor: pointer;
+            }
+            button.primary {
+                color: #fff;
+                background-color: rgb(47, 113, 178);
+                border-color: rgb(34, 103, 173);
+            }
+            .message-container {
+                height: 500px;
+                width: 500px;
+                padding: 0;
+                margin: 10px;
+            }
+            .logo {
+                background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
+                height: 267px;
+                object-fit: contain;
+            }
+            table {
+                background-color: #fff;
+                border-spacing: 0;
+                margin: 1em;
+            }
+            table > tbody > tr > td:first-of-type:not([colspan]) {
+                color: rgba(0,0,0,.5);
+            }
+            table > tbody > tr > td:first-of-type {
+                vertical-align: top;
+            }
+            table > tbody > tr > td {
+                padding: .3em .3em;
+            }
+            .field {
+                display: table-row;
+            }
+            .field > :first-child {
+                display: table-cell;
+                width: 20%;
+            }
+            .field.single > :first-child {
+                display: inline;
+            }
+            .field > :not(:first-child) {
+                width: auto;
+                max-width: 100%;
+                display: inline-flex;
+                align-items: baseline;
+                virtical-align: top;
+                box-sizing: border-box;
+                margin: .3em;
+            }
+            .field > :not(:first-child) > input {
+                width: 230px;
+            }
+            .form-footer {
+                display: inline-flex;
+                justify-content: flex-start;
+            }
+            .form-footer > * {
+                margin: 1em;
+            }
+            .text-scrollable {
+                overflow: auto;
+                height: 150px;
+                border: 1px solid rgb(200, 200, 200);
+                padding: 5px;
+                font-size: 1em;
+            }
+            .text-centered {
+                text-align: center;
+            }
+            .text-container {
+                margin: 1em 1.5em;
+            }
+            .flex-container {
+                display: flex;
+            }
+            .flex-container.column {
+                flex-direction: column;
+            }
+        </style>
+        <title>ZTNA Access Denied</title>
+    </head>
+    <body><div class=\"message-container\">
+    <div class=\"logo\"></div>
+    <h1>ZTNA Policy Denied</h1>
+    <table><tbody>
+        <tr>
+            <td><b>Error Code:</b></td>
+            <td>%%ZTNA_ERROR_CODE%%</td>
+        </tr>
+        <tr>
+            <td><b>Error Message:</b></td>
+            <td>The page you requested has been blocked because no device info was found.</td>
+        </tr>
+        <tr>
+            <td><b>Certificate Information:</b></td>
+            <td>%%ZTNA_CERT_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Device Information:</b></td>
+            <td>%%ZTNA_DEV_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Request Time:</b></td>
+            <td>%%ZTNA_REQ_TIME%%</td>
+        </tr>
+    </tbody></table>
+</div></body>
+</html>
+"
+    set header http
+    set format html
+end
+config system replacemsg webproxy "ztna-dev-is-offline"
+    set buffer "<!DOCTYPE html>
+<html lang=\"en\">
+    <head>
+        <meta charset=\"UTF-8\">
+        <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
+        <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
+        <style type=\"text/css\">
+            body {
+                height: 100%;
+                font-family: Helvetica, Arial, sans-serif;
+                color: #6a6a6a;
+                margin: 0;
+                display: flex;
+                align-items: center;
+                justify-content: center;
+            }
+            input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
+                color: #262626;
+                vertical-align: baseline;
+                margin: .2em;
+                border-style: solid;
+                border-width: 1px;
+                border-color: #a9a9a9;
+                background-color: #fff;
+                box-sizing: border-box;
+                padding: 2px .5em;
+                appearance: none;
+                border-radius: 0;
+            }
+            input:focus {
+                border-color: #646464;
+                box-shadow: 0 0 1px 0 #a2a2a2;
+                outline: 0;
+            }
+            button {
+                padding: .5em 1em;
+                border: 1px solid;
+                border-radius: 3px;
+                min-width: 6em;
+                font-weight: 400;
+                font-size: .8em;
+                cursor: pointer;
+            }
+            button.primary {
+                color: #fff;
+                background-color: rgb(47, 113, 178);
+                border-color: rgb(34, 103, 173);
+            }
+            .message-container {
+                height: 500px;
+                width: 500px;
+                padding: 0;
+                margin: 10px;
+            }
+            .logo {
+                background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
+                height: 267px;
+                object-fit: contain;
+            }
+            table {
+                background-color: #fff;
+                border-spacing: 0;
+                margin: 1em;
+            }
+            table > tbody > tr > td:first-of-type:not([colspan]) {
+                color: rgba(0,0,0,.5);
+            }
+            table > tbody > tr > td:first-of-type {
+                vertical-align: top;
+            }
+            table > tbody > tr > td {
+                padding: .3em .3em;
+            }
+            .field {
+                display: table-row;
+            }
+            .field > :first-child {
+                display: table-cell;
+                width: 20%;
+            }
+            .field.single > :first-child {
+                display: inline;
+            }
+            .field > :not(:first-child) {
+                width: auto;
+                max-width: 100%;
+                display: inline-flex;
+                align-items: baseline;
+                virtical-align: top;
+                box-sizing: border-box;
+                margin: .3em;
+            }
+            .field > :not(:first-child) > input {
+                width: 230px;
+            }
+            .form-footer {
+                display: inline-flex;
+                justify-content: flex-start;
+            }
+            .form-footer > * {
+                margin: 1em;
+            }
+            .text-scrollable {
+                overflow: auto;
+                height: 150px;
+                border: 1px solid rgb(200, 200, 200);
+                padding: 5px;
+                font-size: 1em;
+            }
+            .text-centered {
+                text-align: center;
+            }
+            .text-container {
+                margin: 1em 1.5em;
+            }
+            .flex-container {
+                display: flex;
+            }
+            .flex-container.column {
+                flex-direction: column;
+            }
+        </style>
+        <title>ZTNA Access Denied</title>
+    </head>
+    <body><div class=\"message-container\">
+    <div class=\"logo\"></div>
+    <h1>ZTNA Policy Denied</h1>
+    <table><tbody>
+        <tr>
+            <td><b>Error Code:</b></td>
+            <td>%%ZTNA_ERROR_CODE%%</td>
+        </tr>
+        <tr>
+            <td><b>Error Message:</b></td>
+            <td>The page you requested has been blocked because the device is offline.</td>
+        </tr>
+        <tr>
+            <td><b>Certificate Information:</b></td>
+            <td>%%ZTNA_CERT_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Device Information:</b></td>
+            <td>%%ZTNA_DEV_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Request Time:</b></td>
+            <td>%%ZTNA_REQ_TIME%%</td>
+        </tr>
+    </tbody></table>
+</div></body>
+</html>
+"
+    set header http
+    set format html
+end
+config system replacemsg webproxy "ztna-dev-is-unmanageable"
+    set buffer "<!DOCTYPE html>
+<html lang=\"en\">
+    <head>
+        <meta charset=\"UTF-8\">
+        <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
+        <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
+        <style type=\"text/css\">
+            body {
+                height: 100%;
+                font-family: Helvetica, Arial, sans-serif;
+                color: #6a6a6a;
+                margin: 0;
+                display: flex;
+                align-items: center;
+                justify-content: center;
+            }
+            input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
+                color: #262626;
+                vertical-align: baseline;
+                margin: .2em;
+                border-style: solid;
+                border-width: 1px;
+                border-color: #a9a9a9;
+                background-color: #fff;
+                box-sizing: border-box;
+                padding: 2px .5em;
+                appearance: none;
+                border-radius: 0;
+            }
+            input:focus {
+                border-color: #646464;
+                box-shadow: 0 0 1px 0 #a2a2a2;
+                outline: 0;
+            }
+            button {
+                padding: .5em 1em;
+                border: 1px solid;
+                border-radius: 3px;
+                min-width: 6em;
+                font-weight: 400;
+                font-size: .8em;
+                cursor: pointer;
+            }
+            button.primary {
+                color: #fff;
+                background-color: rgb(47, 113, 178);
+                border-color: rgb(34, 103, 173);
+            }
+            .message-container {
+                height: 500px;
+                width: 500px;
+                padding: 0;
+                margin: 10px;
+            }
+            .logo {
+                background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
+                height: 267px;
+                object-fit: contain;
+            }
+            table {
+                background-color: #fff;
+                border-spacing: 0;
+                margin: 1em;
+            }
+            table > tbody > tr > td:first-of-type:not([colspan]) {
+                color: rgba(0,0,0,.5);
+            }
+            table > tbody > tr > td:first-of-type {
+                vertical-align: top;
+            }
+            table > tbody > tr > td {
+                padding: .3em .3em;
+            }
+            .field {
+                display: table-row;
+            }
+            .field > :first-child {
+                display: table-cell;
+                width: 20%;
+            }
+            .field.single > :first-child {
+                display: inline;
+            }
+            .field > :not(:first-child) {
+                width: auto;
+                max-width: 100%;
+                display: inline-flex;
+                align-items: baseline;
+                virtical-align: top;
+                box-sizing: border-box;
+                margin: .3em;
+            }
+            .field > :not(:first-child) > input {
+                width: 230px;
+            }
+            .form-footer {
+                display: inline-flex;
+                justify-content: flex-start;
+            }
+            .form-footer > * {
+                margin: 1em;
+            }
+            .text-scrollable {
+                overflow: auto;
+                height: 150px;
+                border: 1px solid rgb(200, 200, 200);
+                padding: 5px;
+                font-size: 1em;
+            }
+            .text-centered {
+                text-align: center;
+            }
+            .text-container {
+                margin: 1em 1.5em;
+            }
+            .flex-container {
+                display: flex;
+            }
+            .flex-container.column {
+                flex-direction: column;
+            }
+        </style>
+        <title>ZTNA Access Denied</title>
+    </head>
+    <body><div class=\"message-container\">
+    <div class=\"logo\"></div>
+    <h1>ZTNA Policy Denied</h1>
+    <table><tbody>
+        <tr>
+            <td><b>Error Code:</b></td>
+            <td>%%ZTNA_ERROR_CODE%%</td>
+        </tr>
+        <tr>
+            <td><b>Error Message:</b></td>
+            <td>The page you requested has been blocked because the device is unknown or unmanaged.</td>
+        </tr>
+        <tr>
+            <td><b>Certificate Information:</b></td>
+            <td>%%ZTNA_CERT_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Device Information:</b></td>
+            <td>%%ZTNA_DEV_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Request Time:</b></td>
+            <td>%%ZTNA_REQ_TIME%%</td>
+        </tr>
+    </tbody></table>
+</div></body>
+</html>
+"
+    set header http
+    set format html
+end
+config system replacemsg webproxy "ztna-auth-fail"
+    set buffer "<!DOCTYPE html>
+<html lang=\"en\">
+    <head>
+        <meta charset=\"UTF-8\">
+        <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
+        <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
+        <style type=\"text/css\">
+            body {
+                height: 100%;
+                font-family: Helvetica, Arial, sans-serif;
+                color: #6a6a6a;
+                margin: 0;
+                display: flex;
+                align-items: center;
+                justify-content: center;
+            }
+            input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
+                color: #262626;
+                vertical-align: baseline;
+                margin: .2em;
+                border-style: solid;
+                border-width: 1px;
+                border-color: #a9a9a9;
+                background-color: #fff;
+                box-sizing: border-box;
+                padding: 2px .5em;
+                appearance: none;
+                border-radius: 0;
+            }
+            input:focus {
+                border-color: #646464;
+                box-shadow: 0 0 1px 0 #a2a2a2;
+                outline: 0;
+            }
+            button {
+                padding: .5em 1em;
+                border: 1px solid;
+                border-radius: 3px;
+                min-width: 6em;
+                font-weight: 400;
+                font-size: .8em;
+                cursor: pointer;
+            }
+            button.primary {
+                color: #fff;
+                background-color: rgb(47, 113, 178);
+                border-color: rgb(34, 103, 173);
+            }
+            .message-container {
+                height: 500px;
+                width: 500px;
+                padding: 0;
+                margin: 10px;
+            }
+            .logo {
+                background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
+                height: 267px;
+                object-fit: contain;
+            }
+            table {
+                background-color: #fff;
+                border-spacing: 0;
+                margin: 1em;
+            }
+            table > tbody > tr > td:first-of-type:not([colspan]) {
+                color: rgba(0,0,0,.5);
+            }
+            table > tbody > tr > td:first-of-type {
+                vertical-align: top;
+            }
+            table > tbody > tr > td {
+                padding: .3em .3em;
+            }
+            .field {
+                display: table-row;
+            }
+            .field > :first-child {
+                display: table-cell;
+                width: 20%;
+            }
+            .field.single > :first-child {
+                display: inline;
+            }
+            .field > :not(:first-child) {
+                width: auto;
+                max-width: 100%;
+                display: inline-flex;
+                align-items: baseline;
+                virtical-align: top;
+                box-sizing: border-box;
+                margin: .3em;
+            }
+            .field > :not(:first-child) > input {
+                width: 230px;
+            }
+            .form-footer {
+                display: inline-flex;
+                justify-content: flex-start;
+            }
+            .form-footer > * {
+                margin: 1em;
+            }
+            .text-scrollable {
+                overflow: auto;
+                height: 150px;
+                border: 1px solid rgb(200, 200, 200);
+                padding: 5px;
+                font-size: 1em;
+            }
+            .text-centered {
+                text-align: center;
+            }
+            .text-container {
+                margin: 1em 1.5em;
+            }
+            .flex-container {
+                display: flex;
+            }
+            .flex-container.column {
+                flex-direction: column;
+            }
+        </style>
+        <title>ZTNA Access Denied</title>
+    </head>
+    <body><div class=\"message-container\">
+    <div class=\"logo\"></div>
+    <h1>ZTNA Policy Denied</h1>
+    <table><tbody>
+        <tr>
+            <td><b>Error Code:</b></td>
+            <td>%%ZTNA_ERROR_CODE%%</td>
+        </tr>
+        <tr>
+            <td><b>Error Message:</b></td>
+            <td>The page you requested has been blocked because authorization failed.</td>
+        </tr>
+        <tr>
+            <td><b>User Name:</b></td>
+            <td>%%ZTNA_USER_NAME%%</td>
+        </tr>
+        <tr>
+            <td><b>Certificate Information:</b></td>
+            <td>%%ZTNA_CERT_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Device Information:</b></td>
+            <td>%%ZTNA_DEV_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Request Time:</b></td>
+            <td>%%ZTNA_REQ_TIME%%</td>
+        </tr>
+    </tbody></table>
+</div></body>
+</html>
+"
+    set header http
+    set format html
+end
+config system replacemsg webproxy "casb-block"
+    set buffer "<!DOCTYPE html>
+<html lang=\"en\">
+    <head>
+        <meta charset=\"UTF-8\">
+        <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
+        <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
+        <style type=\"text/css\">
+            body {
+                height: 100%;
+                font-family: Helvetica, Arial, sans-serif;
+                color: #6a6a6a;
+                margin: 0;
+                display: flex;
+                align-items: center;
+                justify-content: center;
+            }
+            input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
+                color: #262626;
+                vertical-align: baseline;
+                margin: .2em;
+                border-style: solid;
+                border-width: 1px;
+                border-color: #a9a9a9;
+                background-color: #fff;
+                box-sizing: border-box;
+                padding: 2px .5em;
+                appearance: none;
+                border-radius: 0;
+            }
+            input:focus {
+                border-color: #646464;
+                box-shadow: 0 0 1px 0 #a2a2a2;
+                outline: 0;
+            }
+            button {
+                padding: .5em 1em;
+                border: 1px solid;
+                border-radius: 3px;
+                min-width: 6em;
+                font-weight: 400;
+                font-size: .8em;
+                cursor: pointer;
+            }
+            button.primary {
+                color: #fff;
+                background-color: rgb(47, 113, 178);
+                border-color: rgb(34, 103, 173);
+            }
+            .message-container {
+                height: 500px;
+                width: 500px;
+                padding: 0;
+                margin: 10px;
+            }
+            .logo {
+                background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
+                height: 267px;
+                object-fit: contain;
+            }
+            table {
+                background-color: #fff;
+                border-spacing: 0;
+                margin: 1em;
+            }
+            table > tbody > tr > td:first-of-type:not([colspan]) {
+                white-space: nowrap;
+                color: rgba(0,0,0,.5);
+            }
+            table > tbody > tr > td:first-of-type {
+                vertical-align: top;
+            }
+            table > tbody > tr > td {
+                padding: .3em .3em;
+            }
+            .field {
+                display: table-row;
+            }
+            .field > :first-child {
+                display: table-cell;
+                width: 20%;
+            }
+            .field.single > :first-child {
+                display: inline;
+            }
+            .field > :not(:first-child) {
+                width: auto;
+                max-width: 100%;
+                display: inline-flex;
+                align-items: baseline;
+                vertical-align: top;
+                box-sizing: border-box;
+                margin: .3em;
+            }
+            .field > :not(:first-child) > input {
+                width: 230px;
+            }
+            .form-footer {
+                display: inline-flex;
+                justify-content: flex-start;
+            }
+            .form-footer > * {
+                margin: 1em;
+            }
+            .text-scrollable {
+                overflow: auto;
+                height: 150px;
+                border: 1px solid rgb(200, 200, 200);
+                padding: 5px;
+                font-size: 1em;
+            }
+            .text-centered {
+                text-align: center;
+            }
+            .text-container {
+                margin: 1em 1.5em;
+            }
+            .flex-container {
+                display: flex;
+            }
+            .flex-container.column {
+                flex-direction: column;
+            }
+        </style>
+        <title>Blocked by Inline CASB Control</title>
+    </head>
+    <body><div class=\"message-container\">
+    <div class=\"logo\"></div>
+    <h1>Blocked by Inline CASB Control</h1>
+    <table><tbody>
+        <tr>
+            <td><b>Error Message:</b></td>
+            <td>The page you requested has been blocked by inline CASB control.</td>
+        </tr>
+        <tr>
+            <td><b>CASB Profile:</b></td>
+            <td>%%CASB_PROFILE%%</td>
+        </tr>
+        <tr>
+            <td><b>CASB SaaS Application:</b></td>
+            <td>%%CASB_SAAS_APP%%</td>
+        </tr>
+        <tr>
+            <td><b>CASB User Activity:</b></td>
+            <td>%%CASB_USER_ACTIVITY%%</td>
+        </tr>
+    </tbody></table>
+</div></body>
+</html>
+"
+    set header http
+    set format html
+end
+config system replacemsg webproxy "swp-empty-cert"
+    set buffer "<!DOCTYPE html>
+<html lang=\"en\">
+    <head>
+        <meta charset=\"UTF-8\">
+        <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
+        <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
+        <style type=\"text/css\">
+            body {
+                height: 100%;
+                font-family: Helvetica, Arial, sans-serif;
+                color: #6a6a6a;
+                margin: 0;
+                display: flex;
+                align-items: center;
+                justify-content: center;
+            }
+            input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
+                color: #262626;
+                vertical-align: baseline;
+                margin: .2em;
+                border-style: solid;
+                border-width: 1px;
+                border-color: #a9a9a9;
+                background-color: #fff;
+                box-sizing: border-box;
+                padding: 2px .5em;
+                appearance: none;
+                border-radius: 0;
+            }
+            input:focus {
+                border-color: #646464;
+                box-shadow: 0 0 1px 0 #a2a2a2;
+                outline: 0;
+            }
+            button {
+                padding: .5em 1em;
+                border: 1px solid;
+                border-radius: 3px;
+                min-width: 6em;
+                font-weight: 400;
+                font-size: .8em;
+                cursor: pointer;
+            }
+            button.primary {
+                color: #fff;
+                background-color: rgb(47, 113, 178);
+                border-color: rgb(34, 103, 173);
+            }
+            .message-container {
+                height: 500px;
+                width: 500px;
+                padding: 0;
+                margin: 10px;
+            }
+            .logo {
+                background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
+                height: 267px;
+                object-fit: contain;
+            }
+            table {
+                background-color: #fff;
+                border-spacing: 0;
+                margin: 1em;
+            }
+            table > tbody > tr > td:first-of-type:not([colspan]) {
+                white-space: nowrap;
+                color: rgba(0,0,0,.5);
+            }
+            table > tbody > tr > td:first-of-type {
+                vertical-align: top;
+            }
+            table > tbody > tr > td {
+                padding: .3em .3em;
+            }
+            .field {
+                display: table-row;
+            }
+            .field > :first-child {
+                display: table-cell;
+                width: 20%;
+            }
+            .field.single > :first-child {
+                display: inline;
+            }
+            .field > :not(:first-child) {
+                width: auto;
+                max-width: 100%;
+                display: inline-flex;
+                align-items: baseline;
+                vertical-align: top;
+                box-sizing: border-box;
+                margin: .3em;
+            }
+            .field > :not(:first-child) > input {
+                width: 230px;
+            }
+            .form-footer {
+                display: inline-flex;
+                justify-content: flex-start;
+            }
+            .form-footer > * {
+                margin: 1em;
+            }
+            .text-scrollable {
+                overflow: auto;
+                height: 150px;
+                border: 1px solid rgb(200, 200, 200);
+                padding: 5px;
+                font-size: 1em;
+            }
+            .text-centered {
+                text-align: center;
+            }
+            .text-container {
+                margin: 1em 1.5em;
+            }
+            .flex-container {
+                display: flex;
+            }
+            .flex-container.column {
+                flex-direction: column;
+            }
+        </style>
+        <title>Secure Webproxy Access Denied</title>
+    </head>
+    <body><div class=\"message-container\">
+    <div class=\"logo\"></div>
+    <h1>Invalid client certificate</h1>
+    <table><tbody>
+        <tr>
+            <td><b>Error Code:</b></td>
+            <td>%%SECURE_WEBPROXY_ERROR_CODE%%</td>
+        </tr>
+        <tr>
+            <td><b>Error Message:</b></td>
+            <td>The page you requested has been blocked because the client certificate is empty.</td>
+        </tr>
+        <tr>
+            <td><b>Certificate Information:</b></td>
+            <td>%%SECURE_WEBPROXY_CERT_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Request Time:</b></td>
+            <td>%%SECURE_WEBPROXY_REQ_TIME%%</td>
+        </tr>
+    </tbody></table>
+</div></body>
+</html>
+"
+    set header http
+    set format html
+end
+config system replacemsg webproxy "swp-manageable-empty-cert"
+    set buffer "<!DOCTYPE html>
+<html lang=\"en\">
+    <head>
+        <meta charset=\"UTF-8\">
+        <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
+        <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
+        <style type=\"text/css\">
+            body {
+                height: 100%;
+                font-family: Helvetica, Arial, sans-serif;
+                color: #6a6a6a;
+                margin: 0;
+                display: flex;
+                align-items: center;
+                justify-content: center;
+            }
+            input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
+                color: #262626;
+                vertical-align: baseline;
+                margin: .2em;
+                border-style: solid;
+                border-width: 1px;
+                border-color: #a9a9a9;
+                background-color: #fff;
+                box-sizing: border-box;
+                padding: 2px .5em;
+                appearance: none;
+                border-radius: 0;
+            }
+            input:focus {
+                border-color: #646464;
+                box-shadow: 0 0 1px 0 #a2a2a2;
+                outline: 0;
+            }
+            button {
+                padding: .5em 1em;
+                border: 1px solid;
+                border-radius: 3px;
+                min-width: 6em;
+                font-weight: 400;
+                font-size: .8em;
+                cursor: pointer;
+            }
+            button.primary {
+                color: #fff;
+                background-color: rgb(47, 113, 178);
+                border-color: rgb(34, 103, 173);
+            }
+            .message-container {
+                height: 500px;
+                width: 500px;
+                padding: 0;
+                margin: 10px;
+            }
+            .logo {
+                background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
+                height: 267px;
+                object-fit: contain;
+            }
+            table {
+                background-color: #fff;
+                border-spacing: 0;
+                margin: 1em;
+            }
+            table > tbody > tr > td:first-of-type:not([colspan]) {
+                white-space: nowrap;
+                color: rgba(0,0,0,.5);
+            }
+            table > tbody > tr > td:first-of-type {
+                vertical-align: top;
+            }
+            table > tbody > tr > td {
+                padding: .3em .3em;
+            }
+            .field {
+                display: table-row;
+            }
+            .field > :first-child {
+                display: table-cell;
+                width: 20%;
+            }
+            .field.single > :first-child {
+                display: inline;
+            }
+            .field > :not(:first-child) {
+                width: auto;
+                max-width: 100%;
+                display: inline-flex;
+                align-items: baseline;
+                vertical-align: top;
+                box-sizing: border-box;
+                margin: .3em;
+            }
+            .field > :not(:first-child) > input {
+                width: 230px;
+            }
+            .form-footer {
+                display: inline-flex;
+                justify-content: flex-start;
+            }
+            .form-footer > * {
+                margin: 1em;
+            }
+            .text-scrollable {
+                overflow: auto;
+                height: 150px;
+                border: 1px solid rgb(200, 200, 200);
+                padding: 5px;
+                font-size: 1em;
+            }
+            .text-centered {
+                text-align: center;
+            }
+            .text-container {
+                margin: 1em 1.5em;
+            }
+            .flex-container {
+                display: flex;
+            }
+            .flex-container.column {
+                flex-direction: column;
+            }
+        </style>
+        <title>Secure Webproxy Access Block</title>
+    </head>
+    <body><div class=\"message-container\">
+    <div class=\"logo\"></div>
+    <h1>Invalid client certificate</h1>
+    <table><tbody>
+        <tr>
+            <td><b>Error Code:</b></td>
+            <td>%%SECURE_WEBPROXY_ERROR_CODE%%</td>
+        </tr>
+        <tr>
+            <td><b>Error Message:</b></td>
+            <td>The page you requested has been blocked because the device is manageable but with an empty client certificate.</td>
+        </tr>
+        <tr>
+            <td><b>Certificate Information:</b></td>
+            <td>%%SECURE_WEBPROXY_CERT_INFO%%</td>
+        </tr>
+        <tr>
+            <td><b>Request Time:</b></td>
+            <td>%%SECURE_WEBPROXY_REQ_TIME%%</td>
         </tr>
     </tbody></table>
 </div></body>
@@ -9837,7 +13272,7 @@ config system replacemsg fortiguard-wf "ftgd-block"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -9876,7 +13311,7 @@ config system replacemsg fortiguard-wf "ftgd-block"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -9986,7 +13421,7 @@ config system replacemsg fortiguard-wf "ftgd-ovrd"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -10025,7 +13460,7 @@ config system replacemsg fortiguard-wf "ftgd-ovrd"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -10124,7 +13559,7 @@ config system replacemsg fortiguard-wf "ftgd-quota"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -10163,7 +13598,7 @@ config system replacemsg fortiguard-wf "ftgd-quota"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -10273,7 +13708,7 @@ config system replacemsg fortiguard-wf "ftgd-warning"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -10312,7 +13747,7 @@ config system replacemsg fortiguard-wf "ftgd-warning"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -10394,11 +13829,21 @@ config system replacemsg spam "smtp-spam-helo"
     set header none
     set format text
 end
-config system replacemsg spam "smtp-spam-emailblock"
+config system replacemsg spam "smtp-spam-emailblock-to"
+    set buffer "This message has been blocked because mail to this email address is not allowed."
+    set header none
+    set format text
+end
+config system replacemsg spam "smtp-spam-emailblock-from"
     set buffer "This message has been blocked because mail from this email address is not allowed."
     set header none
     set format text
 end
+config system replacemsg spam "smtp-spam-emailblock-subject"
+    set buffer "This message has been blocked because the subject contains a banned phrase."
+    set header none
+    set format text
+end
 config system replacemsg spam "smtp-spam-mimeheader"
     set buffer "This message has been blocked because it contains an invalid header."
     set header none
@@ -10533,7 +13978,7 @@ config system replacemsg auth "auth-disclaimer-page-1"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -10572,7 +14017,7 @@ config system replacemsg auth "auth-disclaimer-page-1"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -10690,7 +14135,7 @@ config system replacemsg auth "auth-proxy-reject-page"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -10729,7 +14174,7 @@ config system replacemsg auth "auth-proxy-reject-page"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -10831,7 +14276,7 @@ config system replacemsg auth "auth-reject-page"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -10870,7 +14315,7 @@ config system replacemsg auth "auth-reject-page"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -10974,7 +14419,7 @@ config system replacemsg auth "auth-login-page"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -11013,7 +14458,7 @@ config system replacemsg auth "auth-login-page"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -11130,7 +14575,7 @@ config system replacemsg auth "auth-login-failed-page"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -11169,7 +14614,7 @@ config system replacemsg auth "auth-login-failed-page"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -11286,7 +14731,7 @@ config system replacemsg auth "auth-token-login-page"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -11325,7 +14770,7 @@ config system replacemsg auth "auth-token-login-page"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -11447,7 +14892,7 @@ config system replacemsg auth "auth-token-login-failed-page"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -11486,7 +14931,7 @@ config system replacemsg auth "auth-token-login-failed-page"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -11616,7 +15061,7 @@ config system replacemsg auth "auth-challenge-page"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -11655,7 +15100,7 @@ config system replacemsg auth "auth-challenge-page"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -11768,7 +15213,7 @@ config system replacemsg auth "auth-keepalive-page"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -11807,7 +15252,7 @@ config system replacemsg auth "auth-keepalive-page"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -11852,21 +15297,37 @@ config system replacemsg auth "auth-keepalive-page"
         <p><a href=\"%%AUTH_LOGOUT%%\">logout</a></p>
         <p>%%QUOTA_TABLE%%</p>
     </form>
+    <script id=\"heartBeatWorker\" type=\"javascript/worker\">
+    (function(){
+      function heartbeat() { self.postMessage(\"hb\"); }
+      setInterval(function(){ heartbeat(); }, 1000);
+    })();
+    </script>
     <script>
-        var countDownTime=%%TIMEOUT%% + 1;
-        function countDown(){
-            countDownTime--;
-            if (countDownTime <= 0){
+        var startTime= new Date();
+        function updateCountDown(){
+            var secElapsed = Math.floor((Date.now() - startTime.getTime()) / 1000);
+            if (secElapsed >= %%TIMEOUT%%){
                 location.href=\"%%KEEPALIVEURL%%\";
                 return;
             }
-            document.getElementById(\'countdown\').innerHTML = countDownTime;
+            document.getElementById(\'countdown\').innerHTML = %%TIMEOUT%% - secElapsed;
+        }
+    </script>
+    <script>
+        if (typeof(Worker) !== \"undefined\") {
+            var blob = new Blob([document.querySelector(\'#heartBeatWorker\').textContent], { type: \"text/javascript\" });
+            var worker = new Worker(window.URL.createObjectURL(blob));
+            worker.onmessage = function (event) {
+                updateCountDown();
+            };
+        } else {
+            function countDown(){
+            updateCountDown();
             counter=setTimeout(\"countDown()\", 1000);
         }
-        function startit(){
-            countDown();
+            window.onload=countDown;
         }
-        window.onload=startit
     </script>
 </div></body>
 </html>
@@ -11925,7 +15386,7 @@ config system replacemsg auth "auth-portal-page"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -11964,7 +15425,7 @@ config system replacemsg auth "auth-portal-page"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -12065,7 +15526,7 @@ config system replacemsg auth "auth-password-page"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -12104,7 +15565,7 @@ config system replacemsg auth "auth-password-page"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -12150,6 +15611,15 @@ config system replacemsg auth "auth-password-page"
         <input name=\"%%REDIRID%%\" type=\"hidden\" value=\"%%PROTURI%%\" />
         <input name=\"%%MAGICID%%\" type=\"hidden\" value=\"%%MAGICVAL%%\" />
         <p>Please set a new one.</p>
+        <script>
+            var min_length = %%MIN_LENGTH%%;if (min_length > 0) {document.write(\"Password must:<br>&emsp;Be a minimum length of %%MIN_LENGTH%%\");}
+            var min_lower_letter_length = %%MIN_LOWER_LETTER_LENGTH%%;if (min_lower_letter_length > 0) {document.write(\"<br>&emsp;Include at least %%MIN_LOWER_LETTER_LENGTH%% lower case letter(s) (a-z)\");}
+            var min_upper_letter_length = %%MIN_UPPER_LETTER_LENGTH%%;if (min_upper_letter_length > 0) {document.write(\"<br>&emsp;Include at least %%MIN_UPPER_LETTER_LENGTH%% upper case letter(s) (A-Z)\");}
+            var min_non_alpha_length = %%MIN_NON_ALPHA_LENGTH%%;if (min_non_alpha_length > 0) {document.write(\"<br>&emsp;Include at least %%MIN_NON_ALPHA_LENGTH%% non-alphanumeric character(s)\");}
+            var min_numeric_length = %%MIN_NUMERIC_LENGTH%%;if (min_numeric_length > 0) {document.write(\"<br>&emsp;Include at least %%MIN_NUMERIC_LENGTH%% number(s) (0-9)\");}
+            var min_unique_char = %%MIN_UNIQUE_CHAR%%;if (min_unique_char > 0) {document.write(\"<br>&emsp;Have at least %%MIN_UNIQUE_CHAR%% unique character(s) which don\'t exist in the old password\");}
+            var prevent_reuse = %%PREVENT_REUSE%%;if (prevent_reuse > 0) {document.write(\"<br>&emsp;Not be same as last two passwords\");}
+        </script>
         <div class=\"field\">
             <label for=\"ft_pd\">New password</label>
             <div>
@@ -12226,7 +15696,7 @@ config system replacemsg auth "auth-fortitoken-page"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -12265,7 +15735,7 @@ config system replacemsg auth "auth-fortitoken-page"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -12314,7 +15784,7 @@ config system replacemsg auth "auth-fortitoken-page"
         <div class=\"field single\">
             <label for=\"ft_un\">Token Code</label>
             <div>
-                <input name=\"%%TOKENCODE%%\" id=\"ft_tc\">
+                <input name=\"%%TOKENCODE%%\" id=\"ft_tc\" required>
             </div>
         </div>
         <p>%%EXTRAINFO%%</p>
@@ -12423,7 +15893,7 @@ config system replacemsg auth "auth-next-fortitoken-page"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -12462,7 +15932,7 @@ config system replacemsg auth "auth-next-fortitoken-page"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -12575,7 +16045,7 @@ config system replacemsg auth "auth-email-token-page"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -12614,7 +16084,7 @@ config system replacemsg auth "auth-email-token-page"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -12726,7 +16196,7 @@ config system replacemsg auth "auth-sms-token-page"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -12765,7 +16235,7 @@ config system replacemsg auth "auth-sms-token-page"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -12878,7 +16348,7 @@ config system replacemsg auth "auth-email-harvesting-page"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -12917,7 +16387,7 @@ config system replacemsg auth "auth-email-harvesting-page"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -12956,7 +16426,7 @@ config system replacemsg auth "auth-email-harvesting-page"
     <body><div class=\"message-container\">
     <div class=\"logo\"></div>
     <h1 class=\"text-centered\">Terms and Disclaimer Agreement</h1>
-    <form action=\"/\" method=\"post\">
+    <form action=\"%%HEMAIL_ACTION%%\" method=\"%%HEMAIL_METHOD%%\">
         <input type=\"hidden\" name=\"%%REDIRID%%\" value=\"%%PROTURI%%\">
         <input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL%%\">
         <p class=\"text-scrollable text-container\">You are about to access Internet content that is not under the control of the network access provider. The network access provider is therefore not responsible for any of these sites, their content or their privacy policies. The network access provider and its staff do not endorse nor make any representations about these sites, or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any Internet content, you do this entirely at your own risk and you are responsible for ensuring that any accessed material does not infringe the laws governing, but not exhaustively covering, copyright, trademarks, pornography, or any other material which is slanderous, defamatory or might cause offence in any other way.</p>
@@ -13037,7 +16507,7 @@ config system replacemsg auth "auth-email-failed-page"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -13076,7 +16546,7 @@ config system replacemsg auth "auth-email-failed-page"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -13115,7 +16585,7 @@ config system replacemsg auth "auth-email-failed-page"
     <body><div class=\"message-container\">
     <div class=\"logo\"></div>
     <h1 class=\"text-centered\">Terms and Disclaimer Agreement</h1>
-    <form action=\"/\" method=\"post\">
+    <form action=\"%%HEMAIL_ACTION%%\" method=\"%%HEMAIL_METHOD%%\">
         <input type=\"hidden\" name=\"%%REDIRID%%\" value=\"%%PROTURI%%\">
         <input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL%%\">
         <p class=\"text-scrollable text-container\">You are about to access Internet content that is not under the control of the network access provider. The network access provider is therefore not responsible for any of these sites, their content or their privacy policies. The network access provider and its staff do not endorse nor make any representations about these sites, or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any Internet content, you do this entirely at your own risk and you are responsible for ensuring that any accessed material does not infringe the laws governing, but not exhaustively covering, copyright, trademarks, pornography, or any other material which is slanderous, defamatory or might cause offence in any other way.</p>
@@ -13196,7 +16666,7 @@ config system replacemsg auth "auth-cert-passwd-page"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -13235,7 +16705,7 @@ config system replacemsg auth "auth-cert-passwd-page"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -13368,7 +16838,7 @@ config system replacemsg auth "auth-success-page"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -13407,7 +16877,7 @@ config system replacemsg auth "auth-success-page"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -13505,7 +16975,7 @@ config system replacemsg auth "auth-block-notification-page"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -13544,7 +17014,7 @@ config system replacemsg auth "auth-block-notification-page"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -13641,7 +17111,7 @@ config system replacemsg auth "auth-quarantine-page"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -13680,7 +17150,7 @@ config system replacemsg auth "auth-quarantine-page"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -13788,7 +17258,7 @@ config system replacemsg auth "auth-qtn-reject-page"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -13827,7 +17297,7 @@ config system replacemsg auth "auth-qtn-reject-page"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -13931,7 +17401,7 @@ config system replacemsg auth "auth-saml-page"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -13970,7 +17440,7 @@ config system replacemsg auth "auth-saml-page"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -14045,13 +17515,6 @@ config system replacemsg sslvpn "sslvpn-login"
         <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
         <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
         <meta name=\"apple-itunes-app\" content=\"app-id=1475674905\">
-        <link rel=\"shortcut icon\" type=\"image/x-icon\" href=\"/favicon/favicon.ico\" />
-        <link rel=\"shortcut icon\" href=\"/favicon/favicon.ico\" />
-        <link rel=\"apple-touch-icon\" sizes=\"180x180\" href=\"/favicon/apple-touch-icon.png\" />
-        <link rel=\"icon\" type=\"image/png\" sizes=\"32x32\" href=\"/favicon/favicon-32x32.png\" />
-        <link rel=\"icon\" type=\"image/png\" sizes=\"16x16\" href=\"/favicon/favicon-16x16.png\" />
-        <link rel=\"manifest\" href=\"/favicon/site.webmanifest\" />
-        <link rel=\"mask-icon\" href=\"/favicon/safari-pinned-tab.svg\" color=\"#d43527\" />
         <link href=\"/styles.css\" rel=\"stylesheet\" type=\"text/css\">
         <link href=\"/css/legacy-main.css\" rel=\"stylesheet\" type=\"text/css\">
         <title>Please Login</title>
@@ -14059,16 +17522,18 @@ config system replacemsg sslvpn "sslvpn-login"
     <body>
         <div class=\"view-container\">
             <form class=\"prompt legacy-prompt\" action=\"%%SSL_ACT%%\" method=\"%%SSL_METHOD%%\" name=\"f\" autocomplete=\"off\">
-                <div class=\"content with-header\">
-                    <div class=\"header\">
-                        <f-icon class=\"ftnt-fortinet-grid icon-xl\"></f-icon>
-                        <div id=\"login-login\">Please Login</div>
+                <div class=\"content with-header with-sslvpn\">
+                    <div class=\"sslvpn-left\">
+                        <img src=\"/assets/brand-login-left.svg\" alt=\"brand-left\" height=\"500px\"/>
                     </div>
-                    <div class=\"sub-content\">
+                    <div class=\"sub-content sub-sslvpn\">
+                        <div class=\"sslvpn-title\">
+                            <img src=\"/assets/sslvpn-portal-login.svg\" width=\"300px\" alt=\"SSL-VPN Portal login\" />
+                        </div>
                         <div class=\"wide-inputs\">
                             %%SSL_LOGIN%%
                         </div>
-                        <div class=\"button-actions wide\">
+                        <div class=\"button-actions wide sslvpn-buttons\">
                             <button class=\"primary\" type=\"button\" name=\"login_button\" id=\"login_button\" onClick=\"try_login()\">
                                 Login
                             </button>
@@ -14085,6 +17550,9 @@ config system replacemsg sslvpn "sslvpn-login"
                             </button>
                         </div>
                     </div>
+                    <div class=\"sslvpn-right\">
+                        <img src=\"/assets/brand-login-right.svg\" alt=\"brand-right\" height=\"500px\"/>
+                    </div>
                 </div>
             </form>
         </div>
@@ -14096,17 +17564,8 @@ config system replacemsg sslvpn "sslvpn-login"
     set format html
 end
 config system replacemsg sslvpn "sslvpn-header"
-    set buffer "<div class=\"fortinet-grid-icon\">
-    <f-icon class=\"ftnt-fortinet-grid icon-xl\"></f-icon>
-</div>
-<div class=\"platform\">
-    %%SSL_STATUS_INFO%%
-</div>
-
-<div class=\"expand\">
-    %%SSL_RESPONSIVE_EXPAND%%
-</div>
-
+    set buffer "<div></div>
+%%SSL_STATUS_INFO%%
 %%SSL_OPTIONS%%
 "
     set header http
@@ -14173,7 +17632,7 @@ config system replacemsg sslvpn "sslvpn-provision-user"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -14212,7 +17671,7 @@ config system replacemsg sslvpn "sslvpn-provision-user"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -14266,7 +17725,7 @@ config system replacemsg sslvpn "sslvpn-provision-user"
             <li>
                 <b>Configure the connection</b>
                 <div>FortiClient VPN can configure your connection automatically.</div>
-                <div>Click on <a href=\"%%FTCL_VPN_CONFIG_URL%%\">this link</a>, or scan the QR code below from the FortiClient VPN app.</div>
+                <div>Click on <a href=\"%%FTCL_VPN_CONFIG_URL%%\">this link</a>&nbsp;(%%FTCL_VPN_CONFIG_URL%%), or scan the QR code below from the FortiClient VPN app.</div>
                 <div>
                     <img src=\"%%QR_CODE_DATA_URI%%\">
                 </div>
@@ -14338,7 +17797,7 @@ config system replacemsg nac-quar "nac-quar-virus"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -14377,7 +17836,7 @@ config system replacemsg nac-quar "nac-quar-virus"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -14474,7 +17933,7 @@ config system replacemsg nac-quar "nac-quar-dos"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -14513,7 +17972,7 @@ config system replacemsg nac-quar "nac-quar-dos"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -14610,7 +18069,7 @@ config system replacemsg nac-quar "nac-quar-ips"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -14649,7 +18108,7 @@ config system replacemsg nac-quar "nac-quar-ips"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -14746,7 +18205,7 @@ config system replacemsg nac-quar "nac-quar-dlp"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -14785,7 +18244,7 @@ config system replacemsg nac-quar "nac-quar-dlp"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -14819,12 +18278,12 @@ config system replacemsg nac-quar "nac-quar-dlp"
                 flex-direction: column;
             }
         </style>
-        <title>Data Leak Detected</title>
+        <title>Data Loss Detected</title>
     </head>
     <body><div class=\"message-container\">
     <div class=\"logo\"></div>
-    <h1>Blocked because of data leak</h1>
-    <p>Your computer has been blocked because of a data leak originating from your system. For more information, contact the system administrator.</p>
+    <h1>Blocked because of data loss</h1>
+    <p>Your computer has been blocked because of a data loss originating from your system. For more information, contact the system administrator.</p>
 </div></body>
 </html>
 "
@@ -14882,7 +18341,7 @@ config system replacemsg nac-quar "nac-quar-admin"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -14921,7 +18380,7 @@ config system replacemsg nac-quar "nac-quar-admin"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -15018,7 +18477,7 @@ config system replacemsg nac-quar "nac-quar-app"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -15057,7 +18516,7 @@ config system replacemsg nac-quar "nac-quar-app"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -15154,7 +18613,7 @@ config system replacemsg traffic-quota "per-ip-shaper-block"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -15193,7 +18652,7 @@ config system replacemsg traffic-quota "per-ip-shaper-block"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -15291,7 +18750,7 @@ config system replacemsg utm "virus-html"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -15330,7 +18789,7 @@ config system replacemsg utm "virus-html"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -15441,7 +18900,7 @@ config system replacemsg utm "client-virus-html"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -15480,7 +18939,7 @@ config system replacemsg utm "client-virus-html"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -15596,7 +19055,7 @@ config system replacemsg utm "dlp-html"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -15635,7 +19094,7 @@ config system replacemsg utm "dlp-html"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -15674,7 +19133,7 @@ config system replacemsg utm "dlp-html"
     <body><div class=\"message-container\">
     <div class=\"logo\"></div>
     <h1>Attention</h1>
-    <p>The transfer attempt has been blocked because it appears to contain a data leak.</p>
+    <p>The transfer attempt has been blocked because it appears to match a data loss prevention profile.</p>
     <table><tbody>
         <tr>
             <td>URL</td>
@@ -15688,7 +19147,7 @@ config system replacemsg utm "dlp-html"
     set format html
 end
 config system replacemsg utm "dlp-text"
-    set buffer "The transfer attempt has been blocked because it appears to contain a data leak."
+    set buffer "The transfer attempt has been blocked because it appears to match a data loss prevention profile."
     set header 8bit
     set format text
 end
@@ -15743,7 +19202,7 @@ config system replacemsg utm "appblk-html"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -15782,7 +19241,7 @@ config system replacemsg utm "appblk-html"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -15898,7 +19357,7 @@ config system replacemsg utm "ipsblk-html"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -15937,7 +19396,7 @@ config system replacemsg utm "ipsblk-html"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -15994,6 +19453,153 @@ config system replacemsg utm "ipsblk-html"
     set header http
     set format html
 end
+config system replacemsg utm "virpatchblk-html"
+    set buffer "<!DOCTYPE html>
+<html lang=\"en\">
+    <head>
+        <meta charset=\"UTF-8\">
+        <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
+        <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
+        <style type=\"text/css\">
+            body {
+                height: 100%;
+                font-family: Helvetica, Arial, sans-serif;
+                color: #6a6a6a;
+                margin: 0;
+                display: flex;
+                align-items: center;
+                justify-content: center;
+            }
+            input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
+                color: #262626;
+                vertical-align: baseline;
+                margin: .2em;
+                border-style: solid;
+                border-width: 1px;
+                border-color: #a9a9a9;
+                background-color: #fff;
+                box-sizing: border-box;
+                padding: 2px .5em;
+                appearance: none;
+                border-radius: 0;
+            }
+            input:focus {
+                border-color: #646464;
+                box-shadow: 0 0 1px 0 #a2a2a2;
+                outline: 0;
+            }
+            button {
+                padding: .5em 1em;
+                border: 1px solid;
+                border-radius: 3px;
+                min-width: 6em;
+                font-weight: 400;
+                font-size: .8em;
+                cursor: pointer;
+            }
+            button.primary {
+                color: #fff;
+                background-color: rgb(47, 113, 178);
+                border-color: rgb(34, 103, 173);
+            }
+            .message-container {
+                height: 500px;
+                width: 500px;
+                padding: 0;
+                margin: 10px;
+            }
+            .logo {
+                background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
+                height: 267px;
+                object-fit: contain;
+            }
+            table {
+                background-color: #fff;
+                border-spacing: 0;
+                margin: 1em;
+            }
+            table > tbody > tr > td:first-of-type:not([colspan]) {
+                white-space: nowrap;
+                color: rgba(0,0,0,.5);
+            }
+            table > tbody > tr > td:first-of-type {
+                vertical-align: top;
+            }
+            table > tbody > tr > td {
+                padding: .3em .3em;
+            }
+            .field {
+                display: table-row;
+            }
+            .field > :first-child {
+                display: table-cell;
+                width: 20%;
+            }
+            .field.single > :first-child {
+                display: inline;
+            }
+            .field > :not(:first-child) {
+                width: auto;
+                max-width: 100%;
+                display: inline-flex;
+                align-items: baseline;
+                vertical-align: top;
+                box-sizing: border-box;
+                margin: .3em;
+            }
+            .field > :not(:first-child) > input {
+                width: 230px;
+            }
+            .form-footer {
+                display: inline-flex;
+                justify-content: flex-start;
+            }
+            .form-footer > * {
+                margin: 1em;
+            }
+            .text-scrollable {
+                overflow: auto;
+                height: 150px;
+                border: 1px solid rgb(200, 200, 200);
+                padding: 5px;
+                font-size: 1em;
+            }
+            .text-centered {
+                text-align: center;
+            }
+            .text-container {
+                margin: 1em 1.5em;
+            }
+            .flex-container {
+                display: flex;
+            }
+            .flex-container.column {
+                flex-direction: column;
+            }
+        </style>
+        <title>Virtual Patch Violation</title>
+    </head>
+    <body><div class=\"message-container\">
+    <div class=\"logo\"></div>
+    <h1>FortiGate Virtual Patch</h1>
+    <h3>Virtual Patch Triggered</h3>
+    <p>Your attempt to access the Internet resource is blocked by Virtual Patch.</p>
+    <table><tbody>
+        <tr>
+            <td>URL</td>
+            <td>%%PROTOCOL%%://%%URL%%</td>
+        </tr>
+        <tr>
+            <td>Policy</td>
+            <td>%%POLICY_UUID%%</td>
+        </tr>
+    </tbody></table>
+</div></body>
+</html>
+"
+    set header http
+    set format html
+end
 config system replacemsg utm "ipsfail-html"
     set buffer "<!DOCTYPE html>
 <html lang=\"en\">
@@ -16045,7 +19651,7 @@ config system replacemsg utm "ipsfail-html"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -16084,7 +19690,7 @@ config system replacemsg utm "ipsfail-html"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -16198,7 +19804,7 @@ config system replacemsg utm "waf-html"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -16237,7 +19843,7 @@ config system replacemsg utm "waf-html"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -16351,7 +19957,7 @@ config system replacemsg utm "outbreak-prevention-html"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -16390,7 +19996,7 @@ config system replacemsg utm "outbreak-prevention-html"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -16502,7 +20108,7 @@ config system replacemsg utm "external-blocklist-html"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -16541,7 +20147,7 @@ config system replacemsg utm "external-blocklist-html"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -16653,7 +20259,7 @@ config system replacemsg utm "ems-threat-feed-html"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -16692,7 +20298,7 @@ config system replacemsg utm "ems-threat-feed-html"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -16804,7 +20410,7 @@ config system replacemsg utm "file-filter-html"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -16843,7 +20449,7 @@ config system replacemsg utm "file-filter-html"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -16966,7 +20572,7 @@ config system replacemsg utm "archive-block-html"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -17005,7 +20611,7 @@ config system replacemsg utm "archive-block-html"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -17123,7 +20729,7 @@ config system replacemsg utm "banned-word-html"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -17162,7 +20768,7 @@ config system replacemsg utm "banned-word-html"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -17271,7 +20877,7 @@ config system replacemsg utm "block-html"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -17310,7 +20916,7 @@ config system replacemsg utm "block-html"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -17377,7 +20983,7 @@ config system replacemsg utm "decompress-limit-text"
     set format text
 end
 config system replacemsg utm "dlp-subject-text"
-    set buffer "Data leak detected! Subject: %%SUBJECT%%"
+    set buffer "Data loss detected! Subject: %%SUBJECT%%"
     set header 8bit
     set format text
 end
@@ -17432,7 +21038,7 @@ config system replacemsg utm "file-size-html"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -17471,7 +21077,7 @@ config system replacemsg utm "file-size-html"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -17574,7 +21180,7 @@ config system replacemsg utm "client-file-size-html"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -17613,7 +21219,7 @@ config system replacemsg utm "client-file-size-html"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -17665,6 +21271,447 @@ config system replacemsg utm "client-file-size-html"
     set header http
     set format html
 end
+config system replacemsg utm "inline-scan-timeout-html"
+    set buffer "<!DOCTYPE html>
+<html lang=\"en\">
+    <head>
+        <meta charset=\"UTF-8\">
+        <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
+        <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
+        <style type=\"text/css\">
+            body {
+                height: 100%;
+                font-family: Helvetica, Arial, sans-serif;
+                color: #6a6a6a;
+                margin: 0;
+                display: flex;
+                align-items: center;
+                justify-content: center;
+            }
+            input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
+                color: #262626;
+                vertical-align: baseline;
+                margin: .2em;
+                border-style: solid;
+                border-width: 1px;
+                border-color: #a9a9a9;
+                background-color: #fff;
+                box-sizing: border-box;
+                padding: 2px .5em;
+                appearance: none;
+                border-radius: 0;
+            }
+            input:focus {
+                border-color: #646464;
+                box-shadow: 0 0 1px 0 #a2a2a2;
+                outline: 0;
+            }
+            button {
+                padding: .5em 1em;
+                border: 1px solid;
+                border-radius: 3px;
+                min-width: 6em;
+                font-weight: 400;
+                font-size: .8em;
+                cursor: pointer;
+            }
+            button.primary {
+                color: #fff;
+                background-color: rgb(47, 113, 178);
+                border-color: rgb(34, 103, 173);
+            }
+            .message-container {
+                height: 500px;
+                width: 500px;
+                padding: 0;
+                margin: 10px;
+            }
+            .logo {
+                background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
+                height: 267px;
+                object-fit: contain;
+            }
+            table {
+                background-color: #fff;
+                border-spacing: 0;
+                margin: 1em;
+            }
+            table > tbody > tr > td:first-of-type:not([colspan]) {
+                white-space: nowrap;
+                color: rgba(0,0,0,.5);
+            }
+            table > tbody > tr > td:first-of-type {
+                vertical-align: top;
+            }
+            table > tbody > tr > td {
+                padding: .3em .3em;
+            }
+            .field {
+                display: table-row;
+            }
+            .field > :first-child {
+                display: table-cell;
+                width: 20%;
+            }
+            .field.single > :first-child {
+                display: inline;
+            }
+            .field > :not(:first-child) {
+                width: auto;
+                max-width: 100%;
+                display: inline-flex;
+                align-items: baseline;
+                vertical-align: top;
+                box-sizing: border-box;
+                margin: .3em;
+            }
+            .field > :not(:first-child) > input {
+                width: 230px;
+            }
+            .form-footer {
+                display: inline-flex;
+                justify-content: flex-start;
+            }
+            .form-footer > * {
+                margin: 1em;
+            }
+            .text-scrollable {
+                overflow: auto;
+                height: 150px;
+                border: 1px solid rgb(200, 200, 200);
+                padding: 5px;
+                font-size: 1em;
+            }
+            .text-centered {
+                text-align: center;
+            }
+            .text-container {
+                margin: 1em 1.5em;
+            }
+            .flex-container {
+                display: flex;
+            }
+            .flex-container.column {
+                flex-direction: column;
+            }
+        </style>
+        <title>Scan Incomplete</title>
+    </head>
+    <body><div class=\"message-container\">
+    <div class=\"logo\"></div>
+    <h1>Scan Incomplete</h1>
+    <p>The file \"%%FILE%%\" is still being scanned and will be released once complete. Please try the transfer again in a few minutes.</p>
+    <table><tbody>
+        <tr>
+            <td>URL</td>
+            <td>%%PROTOCOL%%://%%URL%%</td>
+        </tr>
+    </tbody></table>
+</div></body>
+</html>
+"
+    set header http
+    set format html
+end
+config system replacemsg utm "inline-scan-timeout-text"
+    set buffer "The file \"%%FILE%%\" is still being scanned and will be released once complete. Please try the transfer again in a few minutes."
+    set header 8bit
+    set format text
+end
+config system replacemsg utm "inline-scan-error-html"
+    set buffer "<!DOCTYPE html>
+<html lang=\"en\">
+    <head>
+        <meta charset=\"UTF-8\">
+        <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
+        <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
+        <style type=\"text/css\">
+            body {
+                height: 100%;
+                font-family: Helvetica, Arial, sans-serif;
+                color: #6a6a6a;
+                margin: 0;
+                display: flex;
+                align-items: center;
+                justify-content: center;
+            }
+            input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
+                color: #262626;
+                vertical-align: baseline;
+                margin: .2em;
+                border-style: solid;
+                border-width: 1px;
+                border-color: #a9a9a9;
+                background-color: #fff;
+                box-sizing: border-box;
+                padding: 2px .5em;
+                appearance: none;
+                border-radius: 0;
+            }
+            input:focus {
+                border-color: #646464;
+                box-shadow: 0 0 1px 0 #a2a2a2;
+                outline: 0;
+            }
+            button {
+                padding: .5em 1em;
+                border: 1px solid;
+                border-radius: 3px;
+                min-width: 6em;
+                font-weight: 400;
+                font-size: .8em;
+                cursor: pointer;
+            }
+            button.primary {
+                color: #fff;
+                background-color: rgb(47, 113, 178);
+                border-color: rgb(34, 103, 173);
+            }
+            .message-container {
+                height: 500px;
+                width: 500px;
+                padding: 0;
+                margin: 10px;
+            }
+            .logo {
+                background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
+                height: 267px;
+                object-fit: contain;
+            }
+            table {
+                background-color: #fff;
+                border-spacing: 0;
+                margin: 1em;
+            }
+            table > tbody > tr > td:first-of-type:not([colspan]) {
+                white-space: nowrap;
+                color: rgba(0,0,0,.5);
+            }
+            table > tbody > tr > td:first-of-type {
+                vertical-align: top;
+            }
+            table > tbody > tr > td {
+                padding: .3em .3em;
+            }
+            .field {
+                display: table-row;
+            }
+            .field > :first-child {
+                display: table-cell;
+                width: 20%;
+            }
+            .field.single > :first-child {
+                display: inline;
+            }
+            .field > :not(:first-child) {
+                width: auto;
+                max-width: 100%;
+                display: inline-flex;
+                align-items: baseline;
+                vertical-align: top;
+                box-sizing: border-box;
+                margin: .3em;
+            }
+            .field > :not(:first-child) > input {
+                width: 230px;
+            }
+            .form-footer {
+                display: inline-flex;
+                justify-content: flex-start;
+            }
+            .form-footer > * {
+                margin: 1em;
+            }
+            .text-scrollable {
+                overflow: auto;
+                height: 150px;
+                border: 1px solid rgb(200, 200, 200);
+                padding: 5px;
+                font-size: 1em;
+            }
+            .text-centered {
+                text-align: center;
+            }
+            .text-container {
+                margin: 1em 1.5em;
+            }
+            .flex-container {
+                display: flex;
+            }
+            .flex-container.column {
+                flex-direction: column;
+            }
+        </style>
+        <title>Scan Unavailable</title>
+    </head>
+    <body><div class=\"message-container\">
+    <div class=\"logo\"></div>
+    <h1>Scan Unavailable</h1>
+    <p>The file \"%%FILE%%\" has been blocked due to an inline-scan error.</p>
+    <table><tbody>
+        <tr>
+            <td>URL</td>
+            <td>%%PROTOCOL%%://%%URL%%</td>
+        </tr>
+    </tbody></table>
+</div></body>
+</html>
+"
+    set header http
+    set format html
+end
+config system replacemsg utm "inline-scan-error-text"
+    set buffer "The file \"%%FILE%%\" has been blocked due to an inline-scan error."
+    set header 8bit
+    set format text
+end
+config system replacemsg utm "icap-block-text"
+    set buffer "The file \"%%FILE%%\" has been blocked by ICAP service."
+    set header 8bit
+    set format text
+end
+config system replacemsg utm "icap-error-text"
+    set buffer "The file \"%%FILE%%\" has been blocked due to ICAP error."
+    set header 8bit
+    set format text
+end
+config system replacemsg utm "icap-http-error"
+    set buffer "<!DOCTYPE html>
+<html lang=\"en\">
+    <head>
+        <meta charset=\"UTF-8\">
+        <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
+        <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
+        <style type=\"text/css\">
+            body {
+                height: 100%;
+                font-family: Helvetica, Arial, sans-serif;
+                color: #6a6a6a;
+                margin: 0;
+                display: flex;
+                align-items: center;
+                justify-content: center;
+            }
+            input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
+                color: #262626;
+                vertical-align: baseline;
+                margin: .2em;
+                border-style: solid;
+                border-width: 1px;
+                border-color: #a9a9a9;
+                background-color: #fff;
+                box-sizing: border-box;
+                padding: 2px .5em;
+                appearance: none;
+                border-radius: 0;
+            }
+            input:focus {
+                border-color: #646464;
+                box-shadow: 0 0 1px 0 #a2a2a2;
+                outline: 0;
+            }
+            button {
+                padding: .5em 1em;
+                border: 1px solid;
+                border-radius: 3px;
+                min-width: 6em;
+                font-weight: 400;
+                font-size: .8em;
+                cursor: pointer;
+            }
+            button.primary {
+                color: #fff;
+                background-color: rgb(47, 113, 178);
+                border-color: rgb(34, 103, 173);
+            }
+            .message-container {
+                height: 500px;
+                width: 500px;
+                padding: 0;
+                margin: 10px;
+            }
+            .logo {
+                background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
+                height: 267px;
+                object-fit: contain;
+            }
+            table {
+                background-color: #fff;
+                border-spacing: 0;
+                margin: 1em;
+            }
+            table > tbody > tr > td:first-of-type:not([colspan]) {
+                white-space: nowrap;
+                color: rgba(0,0,0,.5);
+            }
+            table > tbody > tr > td:first-of-type {
+                vertical-align: top;
+            }
+            table > tbody > tr > td {
+                padding: .3em .3em;
+            }
+            .field {
+                display: table-row;
+            }
+            .field > :first-child {
+                display: table-cell;
+                width: 20%;
+            }
+            .field.single > :first-child {
+                display: inline;
+            }
+            .field > :not(:first-child) {
+                width: auto;
+                max-width: 100%;
+                display: inline-flex;
+                align-items: baseline;
+                vertical-align: top;
+                box-sizing: border-box;
+                margin: .3em;
+            }
+            .field > :not(:first-child) > input {
+                width: 230px;
+            }
+            .form-footer {
+                display: inline-flex;
+                justify-content: flex-start;
+            }
+            .form-footer > * {
+                margin: 1em;
+            }
+            .text-scrollable {
+                overflow: auto;
+                height: 150px;
+                border: 1px solid rgb(200, 200, 200);
+                padding: 5px;
+                font-size: 1em;
+            }
+            .text-centered {
+                text-align: center;
+            }
+            .text-container {
+                margin: 1em 1.5em;
+            }
+            .flex-container {
+                display: flex;
+            }
+            .flex-container.column {
+                flex-direction: column;
+            }
+        </style>
+        <title>ICAP Error</title>
+    </head>
+    <body><div class=\"message-container\">
+    <div class=\"logo\"></div>
+    <h1>ICAP Error</h1>
+    <p>An ICAP error was encountered while handling the request.</p>
+    <p>%%ICAP_ERR_DESC%%</p>
+</div></body>
+</html>
+"
+    set header http
+    set format html
+end
 config system replacemsg icap "icap-req-resp"
     set buffer "<!DOCTYPE html>
 <html lang=\"en\">
@@ -17716,7 +21763,7 @@ config system replacemsg icap "icap-req-resp"
             }
             .message-container {
                 height: 500px;
-                width: 600px;
+                width: 500px;
                 padding: 0;
                 margin: 10px;
             }
@@ -17755,7 +21802,7 @@ config system replacemsg icap "icap-req-resp"
                 max-width: 100%;
                 display: inline-flex;
                 align-items: baseline;
-                virtical-align: top;
+                vertical-align: top;
                 box-sizing: border-box;
                 margin: .3em;
             }
@@ -17854,6 +21901,11 @@ config system snmp sysinfo
     set trap-high-cpu-threshold 80
     set trap-low-memory-threshold 80
     set trap-log-full-threshold 90
+    set trap-free-memory-threshold 5
+    set trap-freeable-memory-threshold 60
+    set append-index enable
+end
+config system snmp mib-view
 end
 config system snmp community
 end
@@ -17868,7 +21920,7 @@ config system autoupdate tunneling
     set address ''
     set port 0
     set username ''
-    set password ENC EwIJqmckBhsWge4Vr1DJwz0AlfQOcsVyv3qq2GzmW2Tr8GvJ286jIokUR527gRBG7J4L0FooWYyUxEajk5bcPGSd5dgrdoAdRYKLxsObHmDmQlHpGDhRbNh+taB+eAy9r8Se9RzZx0NFwKPVsWyhe9iYmCLiYE2TvF3mm891u2QLc4cWhBRfdd2QpTA11eX2dsQmyg==
+    set password ENC ZZRA4ZJNNq6I3X2c0EXia7SWH0TTAonH5U5GD2GLxRfsi7GJIcUWx99TXRqM6pJSuUa5KC8aSpvqT2jk1YbFp90GtByO3AfmOpDQQSm5ZgSlrVnQWRl13M7V5D5jelt/qiQLp08iVgvuRItgbwb2Sfwq0QH1w67FkOkFe7tk/OT5uh0CXZLb0L3q50JhFdWhlB2oWFlmMjY3dkVA
 end
 config system alias
 end
@@ -17888,6 +21940,8 @@ config system central-management
     set fmg-update-port 8890
     set enc-algorithm high
 end
+config system sdn-proxy
+end
 config system sdn-connector
 end
 config firewall wildcard-fqdn custom
@@ -24868,10 +28922,299 @@ config firewall internet-service-name
         set type default
         set internet-service-id 328080
     next
+    edit "Microsoft-Azure.Connectors"
+        set type default
+        set internet-service-id 327980
+    next
+    edit "Microsoft-Azure.Front.Door"
+        set type default
+        set internet-service-id 327993
+    next
+    edit "Microsoft-Azure.Service.Bus"
+        set type default
+        set internet-service-id 328007
+    next
+    edit "Microsoft-Azure.Microsoft.Defender"
+        set type default
+        set internet-service-id 328009
+    next
+    edit "Microsoft-Azure.Resource.Manager"
+        set type default
+        set internet-service-id 328013
+    next
+    edit "Microsoft-Azure.Arc.Infrastructure"
+        set type default
+        set internet-service-id 328014
+    next
+    edit "Microsoft-Azure.Storage"
+        set type default
+        set internet-service-id 328015
+    next
+    edit "Microsoft-Azure.ATP"
+        set type default
+        set internet-service-id 328016
+    next
+    edit "Microsoft-Azure.Traffic.Manager"
+        set type default
+        set internet-service-id 328017
+    next
+    edit "Microsoft-Azure.Windows.Admin.Center"
+        set type default
+        set internet-service-id 328018
+    next
+    edit "Microsoft-Azure.KeyVault"
+        set type default
+        set internet-service-id 328021
+    next
+    edit "Microsoft-Azure.Databricks"
+        set type default
+        set internet-service-id 328034
+    next
+    edit "Microsoft-Azure.Event.Hub"
+        set type default
+        set internet-service-id 328035
+    next
+    edit "Microsoft-Azure.Power.Platform"
+        set type default
+        set internet-service-id 328043
+    next
+    edit "Amazon-AWS.EBS"
+        set type default
+        set internet-service-id 393470
+    next
+    edit "Amazon-AWS.Cloud9"
+        set type default
+        set internet-service-id 393471
+    next
+    edit "Amazon-AWS.DynamoDB"
+        set type default
+        set internet-service-id 393472
+    next
+    edit "Amazon-AWS.Route53"
+        set type default
+        set internet-service-id 393473
+    next
+    edit "Amazon-AWS.S3"
+        set type default
+        set internet-service-id 393474
+    next
+    edit "Amazon-AWS.Kinesis.Video.Streams"
+        set type default
+        set internet-service-id 393475
+    next
+    edit "Amazon-AWS.Global.Accelerator"
+        set type default
+        set internet-service-id 393476
+    next
+    edit "Amazon-AWS.EC2"
+        set type default
+        set internet-service-id 393477
+    next
+    edit "Amazon-AWS.API.Gateway"
+        set type default
+        set internet-service-id 393478
+    next
+    edit "Amazon-AWS.Chime.Voice.Connector"
+        set type default
+        set internet-service-id 393479
+    next
+    edit "Amazon-AWS.Connect"
+        set type default
+        set internet-service-id 393480
+    next
+    edit "Amazon-AWS.CloudFront"
+        set type default
+        set internet-service-id 393481
+    next
+    edit "Amazon-AWS.CodeBuild"
+        set type default
+        set internet-service-id 393482
+    next
+    edit "Amazon-AWS.Chime.Meetings"
+        set type default
+        set internet-service-id 393483
+    next
+    edit "Amazon-AWS.AppFlow"
+        set type default
+        set internet-service-id 393484
+    next
+    edit "Salesforce-Hyperforce"
+        set type default
+        set internet-service-id 655738
+    next
+    edit "Fortinet-FortiMonitor"
+        set type default
+        set internet-service-id 1245558
+    next
+    edit "Tor-Tor.Node"
+        set type default
+        set internet-service-id 2818432
+    next
+    edit "OVHcloud-OVH.Telecom"
+        set type default
+        set internet-service-id 13828461
+    next
+    edit "Zero.Networks-Zero.Networks"
+        set type default
+        set internet-service-id 17891679
+    next
+    edit "EGI-EGI.Hosting.Service"
+        set type default
+        set internet-service-id 18022753
+    next
+    edit "ONYPHE-Scanner"
+        set type default
+        set internet-service-id 18088102
+    next
+    edit "Proofpoint-Proofpoint"
+        set type default
+        set internet-service-id 18153828
+    next
+    edit "Heimdal-Heimdal.Security"
+        set type default
+        set internet-service-id 18284902
+    next
+    edit "Yealink-Yealink.Meeting"
+        set type default
+        set internet-service-id 18350439
+    next
+    edit "Secomea-Secomea"
+        set type default
+        set internet-service-id 18415976
+    next
+    edit "CallTower-CT.Cloud"
+        set type default
+        set internet-service-id 18481513
+    next
+    edit "OpenAI-OpenAI.Bot"
+        set type default
+        set internet-service-id 18547052
+    next
+    edit "OpenAI-GPT.Actions"
+        set type default
+        set internet-service-id 18547073
+    next
+    edit "Alpemix-Alpemix"
+        set type default
+        set internet-service-id 18612590
+    next
+    edit "M247-M247.Hosting.Service"
+        set type default
+        set internet-service-id 18678127
+    next
+    edit "Quintex-Quintex.Hosting.Service"
+        set type default
+        set internet-service-id 18743664
+    next
+    edit "Aeza-Aeza.Hosting.Service"
+        set type default
+        set internet-service-id 18809201
+    next
+    edit "Amanah-Amanah.Hosting.Service"
+        set type default
+        set internet-service-id 18874738
+    next
+    edit "ByteDance-Lark"
+        set type default
+        set internet-service-id 18940275
+    next
+    edit "KnowBe4-KnowBe4"
+        set type default
+        set internet-service-id 19005812
+    next
+    edit "Keeper-Keeper.Security"
+        set type default
+        set internet-service-id 19071349
+    next
+    edit "NinjaOne-NinjaOne"
+        set type default
+        set internet-service-id 19136887
+    next
+    edit "Modat-Scanner"
+        set type default
+        set internet-service-id 19202214
+    next
+    edit "Make-Make.Platform"
+        set type default
+        set internet-service-id 19267963
+    next
+    edit "Cloudzy-Cloudzy.Hosting.Service"
+        set type default
+        set internet-service-id 19333501
+    next
+    edit "Nokia-Deepfield.Genome.Crawler"
+        set type default
+        set internet-service-id 19399038
+    next
+    edit "Neat-Neat.Cloud"
+        set type default
+        set internet-service-id 19464575
+    next
+    edit "Brightree-Brightree"
+        set type default
+        set internet-service-id 19530114
+    next
+    edit "PagerDuty-PagerDuty"
+        set type default
+        set internet-service-id 19595651
+    next
+    edit "JFrog-JFrog"
+        set type default
+        set internet-service-id 19661188
+    next
+    edit "Tailscale-Tailscale"
+        set type default
+        set internet-service-id 19726725
+    next
+    edit "Gamma-Horizon"
+        set type default
+        set internet-service-id 19792265
+    next
+    edit "Automox-Automox"
+        set type default
+        set internet-service-id 19857802
+    next
+    edit "Pulseway-Pulseway.RMM"
+        set type default
+        set internet-service-id 19923339
+    next
+    edit "3xK-3xK.Hosting.Service"
+        set type default
+        set internet-service-id 19988876
+    next
+    edit "ASEM-UBIQUITY"
+        set type default
+        set internet-service-id 20054413
+    next
+    edit "Dialpad-Dialpad"
+        set type default
+        set internet-service-id 20119950
+    next
+    edit "iboss-iboss.Cloud"
+        set type default
+        set internet-service-id 20185487
+    next
+    edit "Redstor-Redstor"
+        set type default
+        set internet-service-id 20251025
+    next
+    edit "Anthropic-Claude"
+        set type default
+        set internet-service-id 20382099
+    next
+    edit "NETLOCK-NETLOCK"
+        set type default
+        set internet-service-id 20578711
+    next
+    edit "Aircall-Aircall"
+        set type default
+        set internet-service-id 20906400
+    next
 end
 config firewall internet-service-addition
 end
 config firewall internet-service-append
+    set addr-mode ipv4
     set match-port 0
     set append-port 0
 end
@@ -24885,37 +29228,37 @@ config certificate remote
 end
 config certificate local
     edit "Fortinet_CA_SSL"
-        set password ENC yY3lFAqf+1bSer33nL9rWERELLOE12hVCUf9sy0jqKfTpYmZDgwM4E0YFzCJEA/ox2qRGFyP6R0AXMF01kqLovu7zYn9yp4ijbYGv3zHDbK7EVMrslE8WbgGmpIEA8N0yacY52KxfR4DKroKtNiHASfK4RmzNvaAUbGuodohnI952+LFbTUhm0F3pKxYxXtse+8xHQ==
+        set password ENC Mi+RkiAZUvVf1O25Mytf5vsVlI5j1bK4BJpdf2MgGLqPMnJgFToOlA+GijA3jXi3snXNppugMscK3+wmi1vCkd7yUH1+mvTaihX3BBXqaeFrGjQr0XKM+CBk0t97tiSs2Q2K8xtcP8HoMl37nFldNI/5Cc6moEwZhdaJUWVNVdis7OyVeu4eRPnG7nPw+IzrcMxjE1lmMjY3dkVA
         set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIEuH2tuBfp9UCAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECLLmrL/kMKjDBIIEyKYCUG2hhjio
-nGgZIPhPujrPOyFCO8Xv5KYkfxwnLeLweTjnWKY9wtVVKOHZFVU8O4WexIIzLS/5
-YpAOKpetpjNXurWevBErwXEXbHFNo7cNzqpbOybtxR0fyyfoIZlsj9XrGcgMZZkM
-Lzaoiawe/ztBtEIEzi/RAa+EXyo4Z79E/xuObRVA8V8hROeluDwcHGSD7pyr/Gd3
-pgCkbA/lPcqS2ma533YywDMJ4za6viEHZgk4NRtObPhhU43Weeg/9Di8PffocVoo
-A8U/mz14fTco2co5ROn8Abo5tXG7QWqFPbo24cj3WRtDEHTSnkhybodjSiWPqVjB
-9wlZes6KNKWtSgagtbztM72T5OEeNe/FuCU9cyzmMCzyD69J/9OfHM5Wvh9RGQBX
-Ks7NjRUV/iC89M08s5m7G6x1hVgb3VPVj8jjxxavozNYlN5uiOcpLzr+MeFbwr2C
-C9Sc+W0NaDO6x4sOcumMD8qcHoi4Pn8/2QSDD66SyaJ3xOgmhxj1jySR65esnQE5
-gQ0/FKaDQG+xwmNgIE1vF5KMu/tEGkvBwjbpttb8OIYN/BNTrmbPnKUAqObEg92n
-Pb2DFjkSFmI10qPAVIsnGLGJkQdcDQfK3v3WkXs8tWPxuHrVygnamH25AtrHK75e
-eHDH5st00xrnAKjXfqe+FexUIG3NABvLqUQSEOZVjRkt6wtaZstKLpUonPZiZzt5
-iR6clAwzTkDBA6021QA8KWeaArjA24MbCWqhlTKsCL2Aews26oVxQxiRVbcUBd6y
-4tkYa0QkXsGSK+2gdfW1wlszPlaqoDs7cJOl8xNQ60IsAvaE3pYdsw4MIBnaRNz0
-NlCg9AKSyB2/zQD1AF9plKrQ9/IMlSHP3/8TEBrrm4kGgBbZsOW5mE6THFvrcSLM
-PI6HMx6NZs2c0kYMIdPT7RdcEfP6fuK4Nx8/UpRZxMWt+xn1fk+ruhLY4hjGLrD7
-/LcBrDdJ0uWKb7v8kKGUK56GTR8r+N5stRQB8knRV6AEFRYajqpqMuOUDjSYhZK7
-15yDe+MwbL9FfK7Wu4DgbnDXSNYjctkgs+9z98QoU05hTUdy3iGDwE7wrRMwksiZ
-bJEf3qrtxHiglShJTktGz+f/zACD/GKkTpGvseCSCvxGw+hVkznt88HXe65Hy5JX
-zMawXOI6R7ioWPTmOxFMBX+764tPaEASeV+2WlQeapbIo3Y+8c2QRz8fuVYl+ZXE
-ZJu3jFHTxvNLiYSJ7ZqD6F6j2FkQKa6FZUzDg2ZKr5K8d+aJrL7ouNYbRD3tHc5X
-mr0cW8V+krS8+wkMeAlqwRGSd0+gkwBtxWsaB+GMoV0Uo/GMKqEC/jy0lW+Q7hED
-5gva9kgJndUyGt8hu9VElN+oo+EYsAgnm06i1PYnNXxscm3yI9QZvYdEpVDBIcyu
-o78gd95VXng3OK0EAEdmWjrr2cCo58qXY1cjM0E+8QgusOR0myOJMCEMf97wKzxd
-iwKXBlwAlhRI4s4gBDM2cJhUHtYj1XIjl990uwHTXGvjFMRFdZmJAcGh4ukgOGw8
-k5AG1uOQu7R1DXzsw8XFcAh/3Y1n4rzxkOmSjyqMHelFWvhb+RmF/7TU+Tx0bZ7z
-HyJmJM5uNsCfGJ+M6hIreg==
+MIIFJDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQMruTNMhH79B4AqKy
+g0DJBgICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIW84xFIDqj1EEggTI
+5qxi4Rg3+FOpoHqDYWUrK5Oouwmg6H7bgsOMrL0nRTtV6X38j5Jx0I8nYuqvNj9N
+z+XT1A1ngjiuGn3ky5CkGTgrHC1csa7Tqbh5U04kep5r424kuen44CztR7wArsPW
+5SzhDBD4HmWPcOtfv3WqtzZn4HW+spkCNPjIiezgWC5M+2GuZIIh5kAgk1mBV4tM
+CWsXhzJBL8v2s7JUF/QF3A36Hz+gNIcb7ofti3+5VQuP81gCasXChSvTsJgK0ZiJ
+2JLK6d4+BMF7Ubf30sQsbQZUAsPhn9uQA8IAbwJ3ebE61ch9MgW3OipobXnpnt2x
+BvR2JUhZqh0eJjJF/cRCJ5Z8Ppyr7P5DsSNi6O2TjXBR12LTftllkCpspWYkYNHC
+HIKixvvZQs58Tg8Kdbb/1We8px2B8WriX6ajLcfdTJDdA4Go8yMjawDqUequxsqs
+cNJZ+Yde9i1DruoWL89sE3ob8iLM9pizzbH5caGzPKdkzO5lp5HdvdWoTxeNmqoh
+6I3NEBPanzVIorAYiIY0RtCsjBf9pRtbEkIZ2V6lSdspSPFj11aLA32IUMI2WVab
+oGMIrqq/1+xngubxGHqFhmTzX0iMd4rB0vBLUbRxxC8Kg3WX7niMNzCTNAhcK1wI
+immgKKk/DBq8BMtE7YF5glihBrjf+BHewgQXI5bvEo5yAy4axq3YnAdDh0KxJ69P
+s0ia+MxB061Aki/rDRXQU+srXVzMT/ikVcqEFs86ibxeP1+zjcZ/FAeqYlgHMu/3
+vCXaWS8Guh6OX9760zhJaJWSOwrs0qgNgge0LHl1g9R1n66ZJyqWAjU8v/T7tpi8
+vc+A4cN1SNnB0MY8s97dufV8oBwtn9KbTOoioUoF0GFSZ4oQGN6TsI2CDZGX8PWL
+uwJwQTCGJ7wv1nRwgfm4edr/v+f0J4a073HOd5aModBqTfsOnUR5BWNqdnVuNNJq
+6YagjKiku5NkIEqdx4z5pvhntCbsfGzrfaYO1MlgRZ74gKt6kxIowaaifu4IpL/N
+rTY4iE6Sklvrm9eTPeciBkeGo4igDCP9k9+Ns+Z2sbC5/k59G/hjTIIEBdl2nDnU
+hTlmp8G34ZNMhnT6XGaD5ZZv4S4KuoOXZxZ59XIaylPb6B8eck+oE36MGIShEey+
+I+O8+e0wFxWLi5ivSXATp+iTKkrm+ggR2Sz/ez39rA1D/CFfzNUzqdqfHrJRuFhA
+ga/bsHOP9mVZjgkGg+zrjlUljtiDb8CNdFkamezyqMt5aGyrnownwtDKFpXc9OFM
+9Dj/I2TvP9/p3WwETXyNsAq6TsdWo3SMyYKJHilIPEmlAxETls0PK41HEDBYivea
+OCUofVbc1WRmouSlFtVoeasqDpF8wKpKGgYKjcUBpwfc0jjTIW/Mpc5lBofPxKnX
+nZafKQHxB6QFwyW4elklR+9naosDdZDMQI//PQFMemuC5TbQGllF6XCW5J+oikoE
+fQm/+rGN6smu0Le+VvQXWgy0DTwA4TaTk45OPoXjqD5byDAnnkT4nFA+iXpNXdcq
+nUGJbB4t1dLcOvCe1jEqiS6M5TwpwMSWlNrncYMSjiResUvHgqxdD6m+vOqox7pF
+mnyp0x5u0fOmBfK1peSZDXuv4gy5qtoB
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
 MIID5jCCAs6gAwIBAgIIB7EKemWPvOQwDQYJKoZIhvcNAQELBQAwgakxCzAJBgNV
@@ -24947,37 +29290,37 @@ xXZbFhu6d5a9mB1ykfdnxwlXwL44T273UzikwDl6YJNpJ+F8++WYJmhS
         set enroll-protocol none
     next
     edit "Fortinet_CA_Untrusted"
-        set password ENC DJWVp2x7rpiwR/46Rqx+eeILlGzXYTQn4BDaTdnxWA/5+S755H32gXJ1vuG43NaEg2U6Oq2V0MzrMOEIKWTatbL9C76+GbZH+gycH2c6KxCyHPRiqBRevyzK6cN3HiFYMpc5PwHvRTnWCpWX7iUO30xhT9agKnNBMM8W211TPhNXX7JwchDcWXmXaLMkIyPALt4nOg==
+        set password ENC uutHYCAQpAnSXEYO9KZ1uXYtnN+8/dhvH3Ar3s9dvmXDjSWTv1vvEyeRM421GAITL/fuUNIBGWYLvJfFNdURAw4OSmU6TwZGb5DjVLBtVg0+W0xMt7RnhU5kdv/r1glznJ2Z1Wf//q7krT1U5FZPUtTfsktCtffMmf68mcB13XFD2T3JClMr/S7xI+ifn9izFMqznFlmMjY3dkVA
         set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIwl3sKGVsP8ICAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECLI6BvXPAFSOBIIEyKu9/PnMThPL
-NgIUCRy93SRPxptgVewRo3M3sANoDFdslOAA7GsaJliaA9j3u+WWhos9fOqa5aHh
-WsZR1WgoIAvmr/rE+xSzXdOruFqFUxWdwvobSRly/JUNsS0bVlpt/TZ0OzydC/ml
-KqiMQTY2QD5IxfhmwV0jY8XoZ0aIt+x3degv5twI0RJWNgPfrqEj57KF+i20e3Gp
-ADabvs8DWZKqeEpApYdRtZHPDNSFr+sZccRX6UMO+pzcIMW1Y3nffPX76L44guOa
-1nx93S9SJNfjMxj8NYv1jz3mdMUpkaNW4AQfvmh+TSNp5dmpcrW9Ec/z1pfKM9vR
-eTsqHAa8vghWBup95UnmAAG4PDCcnXZrF48nNVND2f1GcWl2i44tnZbjHuw9W9EZ
-Apt2/Bib50/YVvPQ5K6w7ziMB71W3K7lbE8/xIXi16nQ8V48JjyjXTYFRw+lFVd3
-WKqZzRiUWlTnLMwP3xmKOGZqXCjdvOFCfTHQW6Y4eTOmRfu0VEMnygyDD632HOJl
-lIqbBUXrdGleC7PGQPLGIxsm3lJWAzNPAvn9vO1gu6b/3bZtFmvP9DGCzKFaQIQI
-MCLseWV1pPsrNuxjAii9tGsGLrNJSPoWT4s5oSExd4QFBVVrYbiB3A41c6hzaY+s
-ma9rBgClywonUs3PxlOvJLkESTl7NaSAtSZhD7zOreXQGzwz01qIsPHmAntIM3P0
-Skzxx8gnzwXX/MPa+D8pGhEflp+rUuzCJBgdA8ala+U9d62DAEuM7Pgh1/XOmrEt
-CpBqQqsSgza+FQy6s7njd9jqxIZDHFdvBMu+U5vu4LjGlfspQXK59TsAI9Cv+pBy
-F0CXBmCq72lfZSGIKo1Ezwti5EBPikHQtGXvt/Vl3VdnqF64ID3IAwOg/v6U/c+O
-x8pmFFVYtNjyzatE22KM1ZPiwdjDaPYnaQGHl5c3HCwdiBIVL/0ypfZ+ju8Nf9DN
-mLC6+DoiBTuu0+W09fkICD9Z49MDqJYZvdlXom5S5Lhwtkj6BduRsG46+PULKLVf
-H287qEv9FUcnonbg43gCm7CnlJ7Ei8Kv0Hg7uEctQZAPmf8LMMj57sGKUK6fw/rk
-zfHKdMzu8dqVPQosYPjTIkJomJ1tIp/4dh5oChNNDkFt5q1bXcpRQy89GsB/+cBg
-EI1zVfaY88+/L+odO5/IFpPFd1YNaCyP0lKAsBV8dGvr78RvPNhLyYOm9k1x9FhH
-b6Q0gLWmPweVhLtKEneaXmomFR0L7si5o3YUeK6DNKFbxGlpd3xkY03WET6bAZaR
-Sm12wxrOUOm+vXpOTEuYlJW/QEpIksnpFSkLOgk1jtBIGBygCA94XcDjjQOIva79
-esIeKPsTr6QNYF0yCrHgBauhlRmj/mBsK+z1TP052vuTiupG2WDJ2pmUiwF5zLjA
-wtQECEvuCe0gYKp5bkf2VM7BW35t2GMSc2kNMjPT+TPgSHtGPmxjGHIPOC4mOmJl
-pKF7535jpZTbmoD9PQyUktq6uO2clsKX3ec/4waGl8nN19U4ok2+hoci5AZtjadj
-lLYXZZkuxJEwbotoZ2u/aEzmwi2/hWfMsOvgxj3v9lZ9kZpizBorJct/118M5k5C
-J92yCNpFWE1ca1rLXMF6gw==
+MIIFJDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQbpG/8TCmZNN0JqN2
+UlJtWAICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIjEcFZpG99kAEggTI
+dQkF1uMcxlU7LUN8EqPkr36hMBxLd9sd5+kX96oB4kcsUQIc8fkas8UddUIyWE5z
+PtruacFDWgPLr0UCUE67anRBYC+ldv6H8QNc1uF6NPA5qb31vOcjuibIUJmGtIXi
+ee8oP5BnhOSEvndIMH+mYRgGcVCB+2F5IpJxMUOgERupAMZDoFhLbmwyajaAxhVN
+cw5JrhJgHM9C+7okGXErOT+NN4Zz7oI2QEoBuBEpIJiV64SLuA0ntywuZoX/+jIj
+kNHMyFpOHo+ixb/wnNIzmqeHgP10XEdB2kYJqZGIoTpNqujYy9H0IaHWb0lsWmVq
+Y3mzmHFfIrFZ3eF14S+fHsoc5aei5Jfxvje6T5gqBUg5Kp5zTS4xCh3WIVeZWE0S
+HfFZP5pn9V8boBfiVr/JtwixcFN2WZwxVddsgu5vDh7IDCyIX80VcB6+X8DDzxcp
+zCL6SWdT2ux1gr9E6iooKOEGiz0y1BBGun5p8OXVdkwuYVB/qKAdbu0qkcZSzDAM
+jHBGT7d5QAUhJhGBw61ECZKLuBUjblcrY3xeYUzLf38uRgKA+tHuSZ4btq5UPUqw
+iMw0B4B16JEaKidWzrmz3ixizcUQYWIHnqU23zWCpZthiNLfnIPu+1pTmFeyz+gR
+LLaDh+izzKTrm+OALIPWjZUw00dHlM/gBihB2GGw6rvBMRDSTGT6F69S58D6RAuv
++pX9Ft+H2CN5AbWeqiL60UeecME6KjrrA9HniEUJBaHZ4o7uEi6/pKbq2lm2qhP2
+2kocPCy/fLEnlp5/19ZD+1hmPNzEjcvxodV46eBxrrw+TneBD3dlVA9tzCNhrTii
+JmVnWX5045XWo5kmm5Nrb1pHb32NEHjG30CTpWA0sY84tWQvt+at48yiMf5EyHwH
+eIf+IozkTnpCrXjanfwbR0W3+Hf+v49F1Ryx3M5rpjYFxMUmzf1JIhuumqhTAZ8k
+zgqIPTlKeJADEBnuqMQdx41w5VWIUsuRIe0/l8tUeW3+43ZP/BfF0MnrtOdRI3Dy
+Oz7zO0h35+dIweFlZV6vNk4UalKCtnAX14GvdhMbsZsHGBNidORSvCJDEq91oEwJ
+yRA7QDWi1C/rQ4JS15TMiEVuIfScHFDV/1T9wPZc7Tpjbcmcl/UxynNoGK0st4uh
+5AlVM51t3q/bSZnYKD6UuREYW+Mcw8kOlcrZzECGdi+rRE3z2x1iMvuHkMe/Cot1
+XP/0L0EQjQ5+p+m73lN/W8btT+FdJ18xWLacSPPNwQSGzgJ1xgUQ5LV1HC4nLiE7
+q04NXX1kNRL7H3bvOwuX1cXAyqUbGILwbsjeJbF8zu4mo2Mo+iSe3M4DzwApmzWD
+kqjFPY1KDM7ga6xVDZoPcDDkK+RBt7yRz6PiE8/34I6iH+/5IAy+0nGWCmblCsvO
+i4spO7bIk/jVIPypNxGiWah8MYZ9XJ1SIohlHASaCD1wyyJbUZiqFt67FKUU2aBu
+b7CrjHca+nzP7QzT4z18GP5IBTE0nODmZZzGZFI9tbAJjVXnJA4YjWwFwwvQy1I6
+WwAAJm4D1uhnzkarO42kdmYYjCOaCfWpOSSHBuz1UHWRktR6YwVdMM7ey3KS/ALs
+X0/dgLlEH8Uff8aLWUaipPiwHLf6Ood/
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
 MIID8DCCAtigAwIBAgIIJJ5p1RsocBEwDQYJKoZIhvcNAQELBQAwga4xCzAJBgNV
@@ -25010,37 +29353,37 @@ q0ik2r7sts/s3V+z8yMore1n8FcMX7ADoGjCSNHe5gOq/kThWWVR2EHwkDTnraYp
         set enroll-protocol none
     next
     edit "Fortinet_SSL"
-        set password ENC LK4XUDuuFIVhWIVLihDhOEp1h3haWeej3YY9KPeDz/G996glDiwm/0vfC2llwysL+jNc8XF6G3EsW76/bh2wNzApp9sllTRYhT75l0eZtGqehlN1Faw01H3fzoSc1f/FeIR2hiLYwsqUlDHvEKRQQiMXu4c1nVTIuUDCm54Y9zF1+xEEww7/mpqLq+424yPiZFFAuA==
+        set password ENC PxJUTb0utZYYh79LUvAPkDwkg7prxnsYzmnQajuFRMS3E5AiFN3ZPtax3m23GwMVnVRZdjJudMsScSx2KlByAlJJG7hvINQPHk2Gp/xkoj8ok5vmYqlw0SaX8+0iOKNMUkRZtr1vYFS9jcP1mOFSEl8DIUU5MqLZmI9hxfiM/krSItgIk6ypZBHq6E8jQGJKX1l7PFlmMjY3dkVA
         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI6+DvmLRD6PICAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECIIIDJA1o0T1BIIEyGhwwDuhTXsA
-v1LoXEoRCYYnVtPKNl0qoskt+PxsFxAb47ZmJJloZEMdXvFJ4adBQUutzd718YCp
-fbpegLSwG0Z37/si5V0Ro/EatEuzTBP2X+QInsa/pMYqg5boPHUojGhlryX2IhNE
-3BuxYjfR3wt0mQJKU8CXy54PYmHs9F0KNwWVwCRLWqKAxV+m1gg8LzCei4DUaVa6
-U72yVoCfCvOtBY1uxj0dQJ0IFlqc1MzWslcyP2fqEhLaPpcTuk8/jI4cUJsPI4rv
-iFhd8rpThxpBmaqHLhLDzmsDGfle2MhlAsdRKdjGv06YIkDsx+DB5PD6rSNiHL0L
-zooF5IdmgJJNAzPOynEosZTUTZoe7h9WiZVNH7Tgh+KMltCMPMj4+ooDJm1R9buH
-oHufDV2vxXx5fU+HNK4oPsFT1wtjry1RuN8vg+kezl5J7LddzIZ75NLt9WAQmhC1
-3tstAyAHoOSqwQyuybGDW4bhRQ+P95chrCQzjE/qjRfE2uMJxV0IfeDvif8Ny6Qx
-Pi6KJ93e0AuG1d9E+VMFQTSOGSuK19S4Te81WP5npklxH7hNLeHGJhBSAWHeheXW
-scNuNCw/OEktnjHxwvUGPyjyussYmIhOOLjJjVKjP0IU1BOvC7xpDmcF2GpP6cRW
-psr/kzlUbI7zBVNFAni/P2i3aLhLYqtAgxENxDQPVa9P9dc35fnKlFQzdQtUKxv7
-WpbNa73dNeav644+EbeZhbwd0kKMuFUex1l5AHuX0hbiq075WBvyIg9UpLGtJR8O
-krODAfEmm2PGu8U514U+O5dheugyfhvlQg64wMdtjjLz6h2jAGzsjMGdWW2lz6Nv
-YmUO9eFdsjfRSvWFutY04YObe53srxr8yVuvY4O3xT73LUoiHlexrB8KFncV3Bry
-pSX0Qg1VdujhqXAU/Vet1X2fBy/Ed/A+ECeiWiZ8BpEa+rqSgdTdYcg2lCuLPJA8
-oO7PiPAIZ+hC3Prycn8xFZKNNPdrljSMJEklv8/yDCbuFiI3iWx8kx/XC908Pgs6
-uqL31X6h9Fq5dPZSSon2Uc181ztc7fPK4EHuecolw8Aw6tVnZvwgcM1XEUA38t/9
-9Lsko9mmkiisvVuRDTCgngHtumVz+E0b8rjg3fCDuhCC5urPusDhrGprdXBorU1u
-KTtA+i7cTOsRccjNaGc2UholKxiL5fmwRciUAW4+D+t22IiqSxIg+O3BQIJ2EYqm
-0Ns2uxomYRPSxa1YV5OBe3oC4xAmoe83lbQdizD92rVpMTKMfipZhJQkCCC9F43t
-J4g8mjQJIDBGNqbhe8349ixDYiTAMDP8vRll5WTuz7Cb4R7wgQiQmYGR/l4Sifup
-ul7zZ2O/W5lShI9BQAXN11BSZu4zVhHSCiYpw6RH9vyhhVS/HxgWQHvW6HZsrSU7
-+FA/RjsKbP4KT0dXyLbLnKpYit47hzdMZXL3+QBkOj37IPTAkGT46JYvGkStM4VJ
-edWGyvlxUQAn1mheADJfsBeR8mCEIHWzI2QM0KbDG4zEBsJrmURj8xFM455kyQrX
-sf7eWdPOjnxi0a8xCyTlfl2CBUiMsxiLR0jh0jjg/z0pbifJws1VX8FIUH8u25O5
-B6zYkMZSTat8TnSb8KnF5g==
+MIIFJDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQXMYbkaixx86enTep
+MIWCwQICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQI15kDYq1F8TQEggTI
+TzBr3bK8xJ60minHDeM9cEK0zbhStIqiUjd09dGHM4qTtMlb+ONW7aiaOI8FWr5U
+0cQyFI5pX9hBJ5pHXnef5WiPqzwxfwog7BhFE1RQobZFrblasFgPLOiX9+ABbR5c
+dq7oIwGHSGiCqB/xdlQ4iy+Y/FjtCK6SP35IPwUc0M8E7qsMR7TPw+asMhG67yco
+XgaX+7rR44SYbU/s4MG0m2dm6yR1UM4zczQxZ82todW/8AOkL1lA2YlFw1Zx0M2u
+qEiqIy7wN/4HC5yNjfYve4pFjxNoY4oQjpYTO9NviYWF5z6XJwyzd283jrZynS5z
+OYUr+hgrNJwlwHQTgS7AqJJhTXk81XaaLW8qgWD1DB+hwdeuhv39TxkYmGYtoADG
+687TvViAh6PboxxPP1sQo8nUpFq5ZA8yPikL1dppemnuo7//PVV780l3OJwa3+23
+u2AwnZuWrN7oEAL1uaA9EVfh0pk7LoD5cGFNVlekO5YIb/iXlScNb6uoCoBNUL+i
+PhspmHt5Ejei9UekOJJwKnMFGc7BmhRj5m9iZxnd/5SC9dFecCTyLSOnisotszdD
+OnSfS1XDtxvWX2/Iiqk9Rb3pYOZH46pYk2ilMbvOxNod6YfjElX01c5bV5qy/D0/
+fJ1dlwEiZG3Ip3gUCrXGpKIqWI4E8UvD977h4mTGxvtB6CRtvkM9V2OS+BUj+lAb
+GuW7qb/C0fr5ILsTwDrYZuoOUNi5bQtgSjVdHiSsb3DwwGSmbTAjamlS9ua31BUa
+VtAzAWmJw89AamgT6RBizFWPOMVm4o49nBnS+C1egckLaY26X1Zh2YOGznuff3xA
+5NRiFgr6+56agrxkS1rG7BYNWhyh1bVkRkBisLwiMGjZ2YejWjI+uZjuB1pRoq17
+qJWegBkoJSsKURVuNY1L9PU1WUJiAdj8auiZgZyzYtEzPLJN/xVzXXCqN38k6SrD
+MQ1o0m1E4+1brupCUeMYN67S0gKZUcxCNpput0Q1zCcsRdpzX5hI9Ixh8B9QuDua
+9IUMyNqAQPEvVs4E8aNA7lsLB19o49U3vgP++pgBmMqSW1gmjQ4ATEBG5qFpbI2V
+i3kkEmNFBLKw0zuiVgJsNPFwBoFnaAuGYG/Rgrj+glxGU6oorR87sa+q2lheLAMp
+UDmw0U8whwM79mcraP5JionRaVwRP56naf9Lryp+UZl8EnhGkQ21hEvudGkvbj9q
+/qZStGzWIuHoKD6fWzo9nIrrMk68YFqP66cGhMpOMKeWu8/Y8YIMAsIrfV41uBKm
+fw6+JvM0T7P/fbTolKdNJeIkWsQcF3iy6cXUvm5Cc/7PoGoDyjIQP4smSLVDtX2w
+Szns6ly54jM/jUiheWLKMC5DzKJl4y3OdWsdWW5RXLiwrI4NoRZHzADUV1IRBMm6
+wAiOi7hZGBoT9rUd5bLl6ha3Kt+lxb6mHZvg/Io19dsBWDsh1GkSFkzpxImuy4hM
+/mtcfAwKhLPZz8vL6W1joD7AVhFFapljR8oeJkiGri9jQFs17x67skHBLfpBcFUq
+9h9iiySqjUBmrMudeE47HKuye8MczN5i9KuvTL/wVVWISzXXtoSmxFkG+q/OxFXW
+y6Wx5qNoxuv1q0cRCb4EWzuS6DXbR0Vr
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
 MIID4DCCAsigAwIBAgIIDpscz/0cckAwDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
@@ -25071,44 +29414,141 @@ GIkjH1RQNZqgIWm9oqyVE6p2U5ZWpVghjAgxibuofpuddUTG
         set ike-localid-type asn1dn
         set enroll-protocol none
     next
-    edit "Fortinet_SSL_RSA1024"
-        set password ENC Ol7lJgj/pb4oO+c+1NyZ9y+5Uq3XFgmiRKcLQktMkdGUL9sT1vWhEcug+ZBfjNRkNT2QwFRreebIigQMmuLFpcbnSuSo0tHtI4cz+lAb9z2SOyNBYNdCO0Kg5r9jvUnMcDnzqzI4bxU0qELeNg9KF1VQrMzxOwLrtbYHIti3yEUP3n34/jFiCFhlTA/FU0tqJWFhuA==
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+    edit "Fortinet_GUI_Server"
+        set password ENC voDnRaioy9I6igQspcVfIIDEzHqO4g9LRV9JjOfO3fNpzp5CgTTvl6iC7ER3jSkTwGyvvmhHcAZL/+9KkO1SLRc9UkZyDj5v/jRALVHFxOclAnyzm/0lECk6YQ8GsskhObFRmyDqaFtQG1bBY8lztl4+cjOS/zDTsvgb0/oIz9jCQ2Hznl/oLy2g0E0nItkEFPjMs1lmMjY3dkVA
+        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIC1DBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI4GfUXOUIcikCAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECBBag9TfWHmcBIICgEyoV8BFGndR
-TVOtymz1ajOTIEj5RrFiD8DOOz8bZfjVUW1cpGcJNJMLhFtWVKB0Og60RdLHZKz8
-eO2mCO1YqoFgat/jpNCkU2tf52sJA2MhLkWxX/BKfOA6ozp9VY0fZT57a7BJPBl+
-GUVdjqlTyBNow5buDK0D2l3jnP3kkBXEOPDw23Jt8IcmRuMxwPzAIWq+gtpm8J81
-5nlPFRhOvSxIQZ13NHea6oWu8rFnQTqTXv4E53i5kv7l02RBteNGh641aqx1AxPW
-MQ1qUD5KXzZXNQ2suSycAjfZ4q+n6jyONo4dIn0xXjUADU0EOZKXD0LlYW98/7vz
-Y7nIZtVZ/q/8KuxG0Tqyx1zJeW81J60esX/eRLRkYCoQj6CZgTZqmW9UUZjBux9Y
-BT6qcWudwO2tU00lB8MDPrBvlsMn17QzYTeEF8uX1GJQNSAaqHtKzJMQe4B2+MIy
-8htBVZ4G5Rc2NQ77nfDLIxMVYVbuZGDCTR9FBm6MWygYtoIaRT/dcjFEgT9HSJwC
-/0Pq760uaHYmFYOnKuDqubML6N5At0mGrZjsxJeCqJ/TNVMXo26ZVYuwT72xrlzN
-ONNce2LiXejAZjwHPyacHNAOLQBjLpDNB5SiT2OPbD62dJFn2rPAx7Jim2FB0c/H
-OVyMozwFrjWbmTNiFNcH2oKjuZOqMHr7qoHGyiY9xiXFeQjtsCLhcZFQMgaj8GME
-F6Zdo2JjdeBS6AjjGOTTlMMA4rRoT2o4wy4YAqJUF66u2XlzdcYdBB3kNRbi1ayP
-n3TmWLao7qcVOqAp6TSY+tFCCHMcl6CjEJOR6qAlx9IY7ItOThaajAtE86cHnq7/
-G0L+/qWbs6M=
+MIIJpDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQiix+G49lzzNidfpz
++VSZUwICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIqnNkD4mYmegEgglI
+jCFnGP2ACTrUEyau9bdTsR7eIN4Md7GS6hI5G2vdDkIBX0k8v26oggo++eyoBhEb
+0kekN4zwTNYiiFYi2UPYniDfF6aosKGtitS9uKGkhNViyL9TorUb/uTMvpDvtJlh
+R82EcbyEJLFekMIXDzg8UuPolHDUCrBFHH1B5t7/T1zidFQsA19U3imwErhPjkPQ
+9hLrY8z4U/y6d+HppTfFR5V1yljKjcktgiollvxe3IhjUz8/My77cUMKHPoZaaDE
+DcrwTpDgTSd5f3J8AHmVx+qJAoscNBMnlxL1TtkpLwkNPMPcyVdB1Jw+qAPTxkDP
+RgIkO8CQqfv06CDUCvf0UchomRWQ63pfNz5xHIu3AwJ1lOsRJE7RUVjlT+NlQmTS
+rJ0QAnag82yGW+qjgBwcbHRZStT7+qa4HbLSGLEwnN9CkLQ4xFaRvnEX5eP/mYkm
+IfFJXSiL2GL+wNnU0asJbfX06jt49FSSKbHLBMqjiRjQkTXCAczs589Sql2aopsR
+FGiPveyjGZQ1z/UP0gWquVA6ObfDGCYwgi5f9grean6fZEDZ8ALE/rJPbPxkehkB
+MnBZDQB9IXdt6rtu5i3EO6D4xT5bDhxvb0JpY8LhSvnHxlnzJCLRlapYBx9en/r+
+3+WG6CXBm9IREUs3eReAwM0UZI6uBWbUEWvwQvtNKC9KyNu+p9dGYloLJQIOvAnr
+9XT8K4H/b/P/h6nNKvV9Ch3HQiRUfSIr0i49i/d4XGkGzDNIiomIr7N1QA7ie4Pw
+pAOisJH/EiH+ERY/SpXfQMaGKVHiEOXuP8n++6SjUoY6/jWkP4Q3cg+vN5v0XCnK
+pXJ/qJrOAbij8l7ldAARxf2jkW3ilOMbP8Shal/yPECdJPz2KXTNrHeHWZ7fN5KL
+P/35jaeAD9K64zuyoL1Ktr2Le2DvERNV3fCoKCuRA0vbKDudhoxIP2MLrut951Az
+FA4WGTE/OT0plZFY10J8xBhkw94B7SPMiOtP1D2cgafKSQgWbQ8jCqWhO4jVzpKR
+z+d+YDRAc+TkHV085JyISwWqxGLAy0nPa5+yB9EpLGztydrQit/qKFgerNn5ssKA
+MfHKqocVDQ4Q6jGXWSztNmOlqwIzMhIHc9A+KOGKkzlCPw9YKyD6lEiGcnwoLhbL
+kKrpUHDgigfBcaLvxg51ZPVHLfRkTNs/JJnHqu5wGCvLdjNl3aYQ2Yo4NHlbiFVF
+k5spRfMcfG0xNbvmBoYWAJ9M/boe3cYaPVNHp1u9+zz01qNP+PMExVmkB+9onSDP
+7+LVmXA0IuvykyRFIQKfKpw7EEIacCPdlM4eyVnhyviDNa8mYJTQg51XhgmYT10i
+U2MNg8vLBKPrhGQeGE90/3WNvDC5Cx8TNKskYxAvPVAdMaCaABCUHKKNHL31Wcmo
+bTxwapoE6q8dQSr4T1u3/8YcRn37ARWuZ8ChjV3h0+ivVzy0+ktJ5fNubXWi5QLw
+GakWsmv8rNQCKtNklEfRZG7mGBy7a65yJa6LUlShGcDObhWmRAguens97uRqFS7z
+zisSNfKoTKQSOL8UDVre4oLInsK9Vfe+UbOm6woAJ5y5900b5q4b+ktf//sJFe+5
+usNMZV3dUU3mxtEnV/KDbn/7q8Ai+8tFKH9Iz+dzdJEsC09L8aFfXchyvS+d6PYi
+iKg1f48FKZnSXwNEjkUqpH538c1I4yIAXECJqhrk//lpHU3/qtr4dvqi4eqYYAAY
+JlKaFSJ0DSbejDY9dSwbLHRSxeIJ5q+IIi44plyHDOy+OLSAfzeybsEe5S1OlxS/
+IMNbUOD/w0p6tRrvGj0OmpQl6GWS1ixbabv8XJAPV8d948Stfzli2NOQ4u6nnRFX
+qs/HcUKeNPpdJavNrizLntnFnM1J4JhXCfd+Cy8xXe8n4d1Qd+6KQwBYRgQKikaT
+NDPNmXaY0EmaMPxs3+94CV7s75uvFlcj8c7y8GjZyF7mXGBlkzFBS1+X/9tRIIDA
+FYV3kRKOvYVIhPLXyg2jYmb7pmQT3Hd/LjPH6bLbNC4hyty3IOfC1uZ4UJLIzlVE
+D3cMA7G2937wkIFM5M+nM9C7vb4ivjx9uaoTBUPuAzLJrxoRK62rZf14253Nj5tL
+DEAbAkPXtxPimX0trNtqAxmLbyaXdnSmcWiOX10x/WR73Y2Yc1uZ40kVA+ZxfAfY
+JyFLJwVNaoH5eBWp6hrjphVF4eoKoq0qzZey9jPzXB6i+lfWBWkU5Gc2n5uZTgdX
+w/006VWq4dOZY2ceV+dtiNYhulw2UdewRgCJsm9kDWcfiXi3kU0y7EE5pmdJHVl9
+q/F+7AkF4TOGcoyaFKTI2BpxSr/OKJlBm0uErMhcdFduTEt+7SqOnhB0u7HRAKO2
+BhqkqxGTwtZ9+1VDdVFPrFioszpVly1AbK+dG4Z9D12Ug47kzk+JqjppdKep1ZEQ
+goqMbO5SYDTp3P5PowRiSXbXc2eiMUIwHQ+hndjKNWyf0x+L5G/Wl2Yj1NxqJ8P0
+rOR48jr0zEC2brWhHEXxjI2s7qUU7wEFU3OZLRClwR+LULsSBMr+FVF2VgD/rgvY
+yvoRI1c0zCEdLjePVSLX6yHTTOkRk/ye0fbNEBAc2KQm6+v55JRfhSmuTNGwzMum
+R8SdvPjI4/R2it2BsdMrOsiXWBTIy8lyE4vTyNkkxN+1C+41J0NAtYJBWddgAVN2
+9YrSdfIC64XHwyrb3afWOiLWBAxR3Eb/8JubENn9RyFTAMzH+1P3thE6dFS/t07e
+OBqo61q6hPMOKj3U8TZT5axbifutLyFbCZsBzVl4c1bDJq+OLHIGakP1vjk0/PAi
+nkn22Ws+gihOqkJjwQqaNjOBZI7cJ+PaeI55uNEGg2pzSNOeZtDVRaILi1/4hy1Z
+io5i+KhJAsFnrixDGZWy3wuFkEh7aLBYsAlSqPkzWb/cJhmxTmAEupcAOtw9dD2f
+h+oIHhazf71FZ/UrOZa94ZboBkwOF/54CZDWYQgEm3wl5UaydCP/uW4wQpJ2Mvq/
+7LgV1i1DfXfsdaBtKNpd7tc8jXVWvf2Z9R66tAVwx8wmrkYQb7nGsPpy95Y4uQIL
+i6iXbv4NYdtBzCa2e6r7D4uUrZ6SmBknAqAmDihrXspelMVVFcEKOZ11GudGrzYy
+bYMRsVb9Pzpvs42imntxLQQP9riRGWt4
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
-MIIC2zCCAkSgAwIBAgIIYcPBSSh9j04wDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
+MIIF2zCCBMOgAwIBAgIIJLn0LcCD9NkwDQYJKoZIhvcNAQELBQAwgakxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
+ETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3Jp
+dHkxGTAXBgNVBAMMEEYySzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1
+cHBvcnRAZm9ydGluZXQuY29tMB4XDTI1MTExNDAxMTM0MVoXDTI4MDIxNzAxMTM0
+MVowdjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcM
+CVN1bm55dmFsZTEWMBQGA1UECgwNRm9ydGluZXQgTHRkLjESMBAGA1UECwwJRm9y
+dGlHYXRlMRIwEAYDVQQDDAlGb3J0aUdhdGUwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQDVH0R8Epzt94v4RQuzrMxCHn/p12MUDeBKw2F0oi7T526SiEBa
++xVCro8wVP+BLujYwN3HMWzUs5emKnOU5j814QW91yq1UVxpmmO4WoSAhYBbPZ5a
+6qQaQ/1RKVp8QedF6axtiB710Za1OXPTLpDYFvt1fYxrIWbYQ3QWb4La5xTjLLHE
+5qCslcE6d25SAzE4VWSLBTBi/hNAkO8yLK23b93XraSpDO5xyAu93yBiq2AP6EoH
+Mi9w1+xSyBd6gq6Pn7Lb+DIwpI1G5cTR+4eWyKEciWr7neKvP98H0eRmYaEOhGts
+B+/v4+99iCqdMy+X+n1HG6cOWorod4Ck8lfttQA9JjvZ9S6LJSaFJfazttkaJ6+d
+VVfD8JnHTQIRUIwT0GYpCpmsNjvhFCywyjzS51tY+UF+qdogpnJZb1oh5beGi5L0
+cszV+1tmmmFYDfaU6OdN0LoLazkLLqBTjDTgZm4GZCUlwVMqRCCcYgrhr6JH3Url
+kBNrFEi2Bcp2bw18iiyGgsMkWlkHZTeQe3bZg5yxxoTxGp14vVxxz0wwfmoPvuaT
+kC4eLNFMFG+VRzBy70CedC1QmSgNvAUw2EUSSrlumMZcXVyK8dBNG/TTpJ0h1qf2
+HYDqIkQAbNis2ImNQDQ4Xic8qaXOqXWOIN+celx2OTHX2qS2JkSnsFB7XwIDAQAB
+o4IBNzCCATMwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8E
+BAMCB4AwHQYDVR0OBBYEFHQC3INjDa3Sw6SsBNc/zCyBfIhqMIHHBgNVHSMEgb8w
+gbyhga+kgawwgakxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIw
+EAYDVQQHDAlTdW5ueXZhbGUxETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVD
+ZXJ0aWZpY2F0ZSBBdXRob3JpdHkxGTAXBgNVBAMMEEYySzYxRlRLMjE5MDAzMzQx
+IzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tgggHsQp6ZY+85DAb
+BgNVHREEFDAShwTAqJMBhwTAqAHxhwTAqMgBMA0GCSqGSIb3DQEBCwUAA4IBAQCI
+RnebU56CiT1j9AS/7/wXYY2aZMIwLwCZmF3W7lL2zfYj9u0QAnf3Uk5kH7mAP5nl
+BKoQGRIxNvWWLPEeqeJnt3qvakdsF2wbaiodHOUIJoAYzlnfIhWDbeyaun7Ae4z7
+4O8azQzox/x1i+/gKxILmNjpx++MnxsY7D/CdEnjrOZyf26gnPn5GJB5/+4PnwI9
+DCOoRcujP7glPQIfNo/JugP9gN6lqZGHnyHCgAP5cNShv0ZSDmhgb733vFLgwk4F
+gT/QClZfXSltNMNP98dlVgNUyZDw8+5HwmNgXBvjZ78gJI92FYB72RIq69vKhh79
+i4KlcjmY2jcCt0bIeK+6
+-----END CERTIFICATE-----"
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_RSA1024"
+        set password ENC k7N0pVlaFIpoMS02scqwKomk+hK+RxM3HjwTa6/HzQU+0Ph9cRwfdRCbLq7hFbesgls7EL/37W108c1lOqmvnTTuGBd2K+IaERuC03KgJ2SgwGeHNEWqT6aoXG3VqJfxuOixDlz8l6ssb6IfQXkQW6jmx3jq7e3ZWBvzym41MhIqgGtD9xQypaUIEAst/xU/LHFHn1lmMjY3dkVA
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIC3DBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQhxrpyDXlgU3NjEEA
+xXYTogICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQI8QYqCQ+nF3kEggKA
+KlHT7Pv6n49uBcx34Vv9bRaNXQ7SuXxhn0SSplT5XfBYsXLCb7ah9pEhKQOYnAlT
+wS/MdLb/WmGKWbktrSl7zuV2XnLI1+3KA4WI6VcSyz36z6xQe1VQm5Rg9Z9URoNI
+uxH8Ubgyk3LvabNdpzExMAGkdMexbqV3XrJjkwZXEl9Ly3AJWmBy3sRkbOZ9Q2uf
+6WJM8AHj9MehrZ2+W1xbfP1cBheEMLyyz3yWdZW0h8Li1L1tAKpKeGVHHH6iigja
+j5bgcPti4ME4OEe8kc1k5UNTOsjen8dO5/k+8lYw2o4TgQlFR2HmWyr/bjUtwgj9
+LM13r0y66yf/x9EhA4bjo3MQWDvqBYD4RmPzHKes1pS9dmd5J2PcWQKFKt463hzU
+gGznmQNf/KZH9QFXql2fcICEQi3/q2twzIQZdpFs8iduigFFcww4JBaK2urJgTEe
+SdhnsrMt7fonitP3R254ctGSGcn8W0TWurYqez7OU3cwyzX8/xSiw9UrBKyN2zB7
+PXxisRtfoseQNDHnA2VGAqjwvy2b4BU3yeUNt86W08q1vS01oUO4fgIfReWFlbFw
+DnkIF7+qY8VIqye2MJoqQxEeBfc5Yw0jdCUdgC8MuDPW5lnH1SRRkpBXx5sLbsCt
+y4b0RJ9VpCN4t5nDE6oZuy9F2IGOqcoSbSwq1EkOBMi7sJMeoq2KcUV1b/5FwL2w
+gpXEUWVMTbOmLqmARVAoM2JBxtXbzVN0atsMKgi2Q9VfHEJpFzPs4dYX8xQbBwSO
+/JjqISUIG0kQloGQW2RoCEIYidnO1ggyU0QnLSGAllNjk5tevUkkB88zaLqcCifk
+FJT9otFa8oVFQ0iM/Oo2Zg==
+-----END ENCRYPTED PRIVATE KEY-----"
+        set certificate "-----BEGIN CERTIFICATE-----
+MIIC2zCCAkSgAwIBAgIIOvputoR7mCowDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
 BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
 ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
 EEYySzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
-ZXQuY29tMB4XDTIyMDEyMTEzMTczMVoXDTI0MDQyNTEzMTczMVowgZ0xCzAJBgNV
+ZXQuY29tMB4XDTI1MTExNDAxMzA0MFoXDTI4MDIxNzAxMzA0MFowgZ0xCzAJBgNV
 BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
 ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
 EEYySzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
-ZXQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDU0m2pdvxFcNs3IvQO
-50vExHsO59u9xdFgF9SO4yQF/55mzTcIdZDNVinpCZpQl7sRyPLpQrag8kq+oqum
-BPpOnT/QmaVimQkvl1m3cAMw4/gaqPQ9A9+WJ9P+VcGpnOU5sCbwVwchcyYa2l6Q
-kLgpzSIC0ZN2302gsKaDVgWpNQIDAQABoyIwIDAJBgNVHRMEAjAAMBMGA1UdJQQM
-MAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4GBABcU2eQRRvz7rWuC1AYF8+7L
-6fDLvn2AenusmaqIillRciwkxihsC2AJAgooy+VQmhzIitia4MThmrnFyg8YUtaE
-xAelnLljOrOuiruJT7LDEWlvt7MeQFVbXIo1VbYAN3cThA2iG4wWURJjqSNDHJkt
-/bS1p3QmMb86zWZq0FBs
+ZXQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4DufhwMPNciCpCyId
+g+byBe65dO8hY+jfZCPyuO8EltMQKwyaAtr7q1OysM6P5utngPkpuOsBTxeU77U/
+bvNaa80BkztryUayFA4v6S9owDvrk+O3N6oP1tHYHn1mZN/5+dDk0LMMhATCU5hk
+Rm1eemzMGPKLDNG7FTvPZOxOtwIDAQABoyIwIDAJBgNVHRMEAjAAMBMGA1UdJQQM
+MAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4GBAFEu1fCpsOzp/MSwgVKNZrft
+AQmEluumGDHmRi1g93RLttGAqhMg6uScKgXybIWOGJkZIqrriucuwTT2qy8JEc0m
+nK8/OnuYiDrbTYNd3a+OQpBRjqGMtxhsr44gJwng5t9ivEx1sLDwDYkHZyFJn1v4
+RJjU97CJwyzxePdHuZqC
 -----END CERTIFICATE-----"
         set range global
         set source factory
@@ -25117,60 +29557,60 @@ xAelnLljOrOuiruJT7LDEWlvt7MeQFVbXIo1VbYAN3cThA2iG4wWURJjqSNDHJkt
         set enroll-protocol none
     next
     edit "Fortinet_SSL_RSA2048"
-        set password ENC UTONffCqHbkhaAaAsd5x2I7kBmtcFXFvFzFIdJtYn+2KTa3K5/jPtKPgath78RLCxSQ4hVDQNTCT84BOMsI2D0wP4utBncMRnhTgJtKZLaAXiU1XaKL34tVnc9jWWeYNtcKAqnGDmVqT9loeDwdVc/wAHj3LIW+q7qAvh8YY6tAg2U1ldhOhubNACcpneAaLiAhjPA==
+        set password ENC cWV+2BEXcXqLk7lz7Na0wOvG76XprvLqmqyKbTw6t1k6BepvK3RbHl7Zc4qYDWxL7MVTN4TsZJAwxk5uopXPpI6G5pk5b1rx8aQU1fxaTKfKTX4+v7nNNLjkUjN2zZ2RcmTjsOB8P5rmns0XrcQgxBfMKJ2Ed8XNAdziDduJGE9BTEPcqHfniAO9di57/G4d0GeqC1lmMjY3dkVA
         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIt9nsFMTGYoECAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECN57zg1jzY4fBIIEyENyuqyHSG/q
-WfukGQCekQCl7dLRMkYLyLrY/1GFHrRLb2ekuzYON/uiAd1BQj6p48muR06zwrjR
-cIYa8wdsxSKnU1nvYFLW27kAZM5ZPiJ2XShuwMFh1zbyi4XL+IxhCtEXsiHKxbJ4
-SjeuVKHUzsvOIVVEQQxRP+TUtJYcn2pB5Qy3cnCJiiOEA7+Fay2oox7ed81OhfFG
-JIby7Lp8kKqY4GO5cYbZ5qi+KYJeYMsXriFhyej9VgbZxYkIjQZvd0/dAqi5d6eP
-vfQ6zq/LzuJ696ePTHnI0GY2nfSV14qToNo0Mzmc2MZeFOafGVgpiglJT6gr4OSD
-UQ3nnISibThel/HYwUaZKI2DqR6cUUbaRrg26MaWapQfkEom3vpD1NE2KiBXekE/
-3DK3hFs42oTredRfLBGzYxsqUIHEvkaiqfnCx9oN8T+JP/3SBXwNRi/sPTAi8ldx
-3eTST6zeI5SucCZlAVRE3cyFEhRX+3Vy7na+icY9IF6caCRHTT8NVNCvpIu29/Vt
-yy6F4WRz0XCtZ/ZVfSEkcysisRY9UcKxUAryLXeUnzEj6qqrboO8d3Kbw1+N8gua
-acTIakqzNNPz8f18RC12tL/5YqaDQrSKUyiki+vUp6aPZrepJW9Axzn7rlj/XyQy
-VvTz49tyeqPugauQ5pBT8x0HwGx99kogwg85SJv6AqaDzoSHFPWOnyx2xi837RTV
-s+dPJ8L0K9lc2uOauUPUcF43ntgS65gabClMLadBN5ynS8FsIrhSTwhjfFhTekEI
-YAv8SKN0Wzhea2FuOZBNkDCjgYYmYQe07a1y4V/gOYvglH/OB7fT3A8vHuNU1k0Y
-yWev5WRt0p6IfMrMRujxJW5da5ZYd+JKkCxgseXR6ysq34JU1hghmRnzS/K5VTsG
-MYxMXlDtoPl+u1/zkaCCzBWd8+vN/KBQh0/llYakOucz2JzrPB+ru34BHMeTTm3K
-X4kDaNp6+HOhPBAbkaiF8yL9YY+8F10FLF0Nt8q4x8XyeLbCiruDScoSllHYQaNd
-mqXPDXd7B45NU8/ly/s0C07i4Vsl1eDFK5GRx/hrl3Wz7ZZ4LC5B3jSsWVaY92DF
-jUXbUZN01bXyHojDeusSxOcxl0Os6RrAhx18BdBCxqA9XXtNDfNsQ/JpOxeDLaP3
-tgD9muCIrIHwU5xfDctzr4n0rGmmhvvlZ+6C33tESbyLtWOXhyeuQD60QuHqkiWU
-y09eMYcAay5NEeLfMfEfSucllHADc7XdWnPdFVcnRZL5I0GbiUgxbEYhP9Ij/GZD
-CVOL5hlAd7YazFmR8L1sAoV/WuweVBD52JV+wlmWTFpk0e9NKmZE1EKj9G3UeLXy
-UAfg2bJ/5U8geyr19LC5rR+LBsg9FTZlu1nq27pIzYXlNMCNOuurg0CqNinwJt7I
-KQqTJes/WHZxOjqTVIQ1VfVlsv53Ldw6TF4g5Yt9CzV030aJZQGtZq9wUzMIuw9k
-po3+D2eUOOnzkvS0zTMXGB6mBngMDCAUppV88JRu1xgs8L9cggpbCvBTtlrQ6fZl
-6RwHvhiDzAW53X91FYsBgMKcCavnEu8gUpnZb9cZ5HmfLLEahumCQXQa3mc97ePw
-jdEH1q/9juSuZC/QY8+Zcw==
+MIIFJDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQIi/B4zhfQaSj8RhA
+G+FtFQICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIgt6wcKBcZgIEggTI
+zOCoHjnInW9knfiXIRCm3LyQvXhQONQPUE3ZW3B1KtuRM8VSMmzFXeQhOqpLlnWg
+3EWzgQTWeY3Nk4ETiG9JE5YFjOurWNm/dT/8bt2V3rd/gv0eL9I/+YghLAx2HN21
+/mnTYavaCL9AXK1SGA/L9z9BVyyKuseiZjgK9p0Psz+w//uKmNe2cxLTRIWqPFmI
+84xXMzdZ7KW/wSMd7E34cknlbaV0Hm8gjWqP6hECmJerphQRG4dgTWCqIQdoN8u3
+MW/dEKWIJMDFjGVNmz8la59Tl40WqU8aRMo59JczEUvwa6nQS9QAc71Ru5usARyy
+ET/KcwhtlaGy2qHwjbg556y+JyNRyBBRbFOB9AuFGHcxgZpP8TkHWuUtUwd22L7w
+hAhse1BdnAjQboKw8qv5ja96G80hJdaFdx1sHkTCNoRdc9abCV3aaKmd7LmD0cuR
+z86Bnn6mpCs2UzWZBu4H579AwjYaPA1nurHbO3O0v6/luFHAgd77UPQEPO4hZ9zA
+qm8idIuFBCbl8y0qPN+IH+WKiNjWlAO15MH37cV+JhPvk07eGdpQIDgCiWKvxSO7
+0iPk1d1S3wGFnYUzs/9EbXA06izGAxypBuYDfemtp4XR6PWZLu8BrWwvH4ntjdjC
+/8G5DMLQQzF1EahIi85hXMOG9ZOyRcxVfRb2aOFlv3NiuorS7xBI8iUAqxRJMoYr
+9dHKYz+0Kj2OoT2ZOxos/hfMnNcMPVo0cp7clhlNj2ZO2cQ6Y5p9IB8r+uiPXYA3
+ELIYfE7aGbFyu+n4z1yfSKqjoLRWXymiwkmYkqlW0XawPQXOSlWGA+sTaa9AxvR7
+fN48BJvQYGeZPnLeWVlGRAUSU2xnQs7SLfw+0UNlFnK7BahCPVWS8clTFIa8i3cK
+2TqS/XZ1WJpGU9n0gT/bVJQ4IHMq75Btd8xuk//D1raGiFmMm4rtuico+XGdlYKL
+CytnRPuZNKr9pzBtkklrjaWzftlGExsyTM38ja9GqzzTBkVpgANkT4A6euMbufR5
+C/mNe0noLiahuscORZBl8yvEeBxRIe5owARNqmXGRN0OMLy/Mksz6kBiqAfmdMvh
+Sf/quoLUv8TDEBrp7lprDX3xWOw4kYwoFfDqYGNaP76Pek0zHXnMib0DAPRyERj4
+UrLu7XtqEPQYdGaH8sEGyfhkycqrmXIxnIh1lPv6kc8gjfjXdo9gfYkVZIkqPHqm
+2XEB/Prg5hUanWpyofufLy1JYN65/ioIhSKEJO7wsyZ6uuiQHRXiS4rUkuCZNUe/
+1lu1Qtacjf4/FlJfEl2EQ+HM5ZmhtVLOj9oAT6grLwbGcnbV1KJGIwshyhXYM4iO
+YSnzC2juM34/ezRtUB7+naTjaSPUdTmOCL6arcomIrNABv6kyYO2H9F5lUdjf80m
+hvZ9chMB115jQXlD4pgZGeyfkIkLKr35Ler0Tsf+TClCw4Mwi8l4WHFVv5+rwpLn
+3wBf+QkZDE29FoZpE+eD4Y3F2QDs0q5zjkciTb4zsi0uG95e47/wIm+vVZUCB11J
+2EuO8TzVjBuFollbF1hAIYu1zsvwgkwMdKdaMCz2NAT4KpvzJ1mxOs8Obuy5dp+D
+UWDLKgD14Hnk9ipoNbimX0ywnmK2IoJM
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
-MIID4DCCAsigAwIBAgIIA3GupZAm+lAwDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
+MIID4DCCAsigAwIBAgIIVrvfpsp0uRkwDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
 BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
 ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
 EEYySzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
-ZXQuY29tMB4XDTIyMDEyMTEzMTczMVoXDTI0MDQyNTEzMTczMVowgZ0xCzAJBgNV
+ZXQuY29tMB4XDTI1MTExNDAxMzA0MFoXDTI4MDIxNzAxMzA0MFowgZ0xCzAJBgNV
 BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
 ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
 EEYySzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
-ZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA53h9bYxHM8LH
-XOfXRnTI55K6wbcnpch1MN/8jYlEbsFcZJnUTIHr2UYhdZiUHZJZ6xCRVHsBwuVt
-7e0MG0UY5BFD6qWOErK+4/ZgdYqN4kzpPKkDZLeXwaIp541mOBfjAUWZXNQLU0Aq
-xXIDMyAqxNlMb/WoemhHTXNidKUw2IPhcRtu2YbYSCn51cuwl1aliXDcwPbpFATl
-GXX49WuX0+obW3mXT0bXnGFUdrSQDxTZFllobFABNFptyVvnmXn3ykEJcM3xq3py
-Fu2WX/VscxNT/PzV9EzfeevimKeNPOgGQEMhZA9geHckFL0dAoxV+7uDsXpGT8Up
-FPyHh8RHCwIDAQABoyIwIDAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMB
-MA0GCSqGSIb3DQEBCwUAA4IBAQBNswgAgK7uko2M/TndztvtLIOuM21TDAL328yb
-5xGoIi31sg45bDlhEzU10/DFutOs9idq17ujZMkJBQ3kQZ8SBWIP/VNW8KV/AeCV
-rWpgCRSKl+3gG7d49x1iQdyYwQJKykvY70eyfPctDXrtr7fX2camAS6QpHtmV2I4
-/VBaPC5FB47JocaoK9PJDKQ1diVPKoIyD9/otBOmfZSmKESqknikYhM9xffTEF7W
-4xxyN27pTQOCW5ZPtOmSh4aqcHgTR+w8rIJOfxApy61dO0Ahc1l8vYGnWNSgqlG2
-yJ7HMjDau9HMqeaxnKWVubbZ3tVPDM4iYZEeRFbBx8V2Dmv6
+ZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztV+HX1vzb2X
+Av2mddZO8Ll1bWCxZDPowechHX/FBzT56/V/qxvOAK1nTYUivsScaUTjsrJOpZec
+6xoEzkMZdhv5riDcIUhJqCt537YQOooRo1kgPHG6fof3ab7atBZYMugu829RSl7/
+kRiQhtGDzSHjzJEANsa26yOQjhhCugrTsxenY6tePM+JgbpnpYm5W1795wsQx7qA
+4z8f9p/rbrEfWLeH88Wjn0eGtSPc9E9CI/mKJkQx3n+FxUndGnjhF/c3h4ziUaE7
+R5a0+8Z0GKq8wf14/Q4MAbKKN30ZK+BSMkhroEvl8p1Iv6q2fsAgbnvH6b9N6CFe
+Sq21HXZmgQIDAQABoyIwIDAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMB
+MA0GCSqGSIb3DQEBCwUAA4IBAQCbBI8tJElTU4xoxzyYNgzJ+BeBIKVvYCI64mZb
+ETeMHt701b5ueayGEuFjuETA4+/9EhysQSMs8GEQDMpXirWgAzAZUFOXHXF0Vqpc
+nhT1Aj+77lzJbyb+fz/fNZKSNCi6nNtBX+woexJsZCOe2dkCzdNHGVhfOe2oIDPZ
+0ADgxg3TV90caz4znujl8EL7SHqo04ss6FKQf4rrU8h3lfRDFDutgRBA7CGN9dN0
+mTNgmfUsxEowLJP/CFBpvLNVQZwQjhlk8p0bx52j9CC2FgwbIQerdYl+rRFQXdyD
+1KsVhHkP3OPGyDsZcnV585pek3MvDm6w67z/q4LtccXbNpQQ
 -----END CERTIFICATE-----"
         set range global
         set source factory
@@ -25179,95 +29619,95 @@ yJ7HMjDau9HMqeaxnKWVubbZ3tVPDM4iYZEeRFbBx8V2Dmv6
         set enroll-protocol none
     next
     edit "Fortinet_SSL_RSA4096"
-        set password ENC vsH2fptqFHsVFRSeUP3nKdhLthjfuizwBCajYtgoUp0btz4+jiqLC6s+aZTloHDkjj6nxo2Bo983dSvQscMWtRElX3uWDbaxVynDzjuf3t+LhX9w+QVJATLwFHnJBvobUCIc2zA2DGsBK17KFJ8MUmR3d/2lBTu1+o8hODgJQVG5g1oUCW9fvVSCn6m7Km/+TbufAg==
+        set password ENC la0FukggdvHfPsSROTxfO+uojpNjan7oYi1VYJ7G6p4+CmTA64whDVroqUcs1kMO5KCBvVXIQF6AE6Yn3sNmJYtVagmW3D6Mdnn9r6MI9+2VmohD5vKZoMJcp2bPKQDFLpLF7eLMafXMU+LgvALwzxIWdEQdsoh9ajE2bWryFZre41m/MwPIzoqID9b9n/7kB1dOT1lmMjY3dkVA
         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIUv2b1VuD61UCAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECF+4UMMlZcKiBIIJSC1+g0hTX0U8
-Szv5eHTUtmAmMrTp1ZOIF6D23GJXxekde6LGkrIA8dzgSLCPtLhA0zawqy34CKlO
-TXyfOw4HBLVbHstzax7Ithe7TdfXgNMwUzCCEeeJ/wwGeX3LiNFb2fHUAJUQV+w+
-hSKQ2OadDNS/FjghputTyV6mVqTuxUg+QCrJaUJDW3gJ8iNiePaDmO+WshUXi5tH
-n6r9ELzjwIeK1qywhFUGN2HD2P6n6Ux+HUMwg05qIqgL6hcE7RE3e+YYEy+VY5Z1
-uiaiBw/1Yw5sezXq6Sml5wwc19f5R6uCQ0FYDXlwaf1P7wpXqAkuMusAh0zMpSWr
-PuzhbZ1CpklMtR1W+Gg7qwf8tjinQkaDScgOOQwWO1+0k8Tljlw7v+jlCIrO/s4/
-gZVYGJewejLXnMC6LavarYoNUKLQvgoAd3iYoHDr5UK/s6+qASjB3uegZYL2wEvH
-TJKx6r4NSIZPnZDmZRQyQdJYfF7atoGc9lO27LF1wS3rxHyZ/S4LoMzlhB/oKfI2
-bJjH5bRZU+vWATgYFnI45AE+J3BYKswMfz21F33nJGxk6aJDHG4y1ncWychnZ/6c
-Fz4aS5Hzk5WsD9SyUdUwZ5CI5UYxi/Z9Nsqx+fHlER8MNGRVU7PeqX1fUoD0kO1R
-6wQ9iT5tXSAQVbj4F9GFBJ6neQzMng10iyVB3mPNvY1xwUrKGTppfcBI4DW/dAWR
-lBzV+cojTX0+uoIyGryXzs1mMG5Tjk6hNF8cLom2etGvPSHkfy2vfo8RQuoE87U4
-yjQsPsmQmYo/2LzKhzcd4HkbjmA0fqRx58Imtx+hSJAMNPBB19vWBU6x3MTeNiXL
-bzBDiVtsDLKp6oMF90ZTJLmsWl5W4bSBt+XzbEpNL/YhMkMQRZGC4EGTBM4QkYBG
-ClwWhrG0q/ElI95t99wFSOQcQG3KKTgs4Rj0qmMAr2OhWlO8nUqosOujbN8zBXkZ
-ILHuxJ7XV4pqBpVoCZ/wmAZ7ZhflxDLQT98i4Gfs62rgKKMJ9swm/IeGo3gLxgqB
-MSBqSXAQllM2aw4cQ3Qnt0YwkFc6D/69Anuj67xBDh0P6H+pXkAP9pDUQuKt5Q3l
-WV7voaOT16OKNWjHXpJwDQ0oJ8CxByRCWGtfN0Nwwy5D93VMfpVvtBEHog/wAAwM
-Q/ZmDVy/DJ5sLM5Wh88DT3fJXGxdnPWO/Oj15ZyWJwXKoSc/zG1S0D4CNJ8KN5VY
-NfOUzZeCT05x/5HKMAgCAS7zLAOWCKIVhUooA6PPoaoUxL4tu2rOiE0rpyLDlTo2
-TOQujoII0bLoKmOBJDNzp9vdlDPtUVKDz1RBmEM1tYlUD+/FxBDWuHJ4zCPok7vq
-SmU5s1VxntZpzsiIsjXMrJkiC5tU0m35Mlz81OrD9UN5vUeJxPJsP96d3I6LesRr
-s39x7PSluJM0oiHWjlf33HGuX1x/gyuIqbCRq6MadWjDhWJ5L5YvF5akOMkgBJrL
-vqat+lFMT6fTS+hPWVUhbBgXe6xB2hPyUWmQSTswB5iDKFYQo8MwWGJMjDW6RUWb
-y71KWRyMBJ3w9TYfssHtoOLImjBvNQ/JTfglcxiuyyoyv5SS7cDWQF28l/rQT3su
-PGQ7xnlkzJ4kHnCuEfpS3HTblcLA8YCSQaUTvSM1bX5ErOoBg3dpwOX3lYpYduyS
-fdqyor67cCBwltVMFO1EWV6RGFJMS8YQanvdmmQFKZ8W659YP99iUg7zSduYrLT/
-S727ZpaC91Mdhj54NXpFD2HkhxXxt7FEMIYVIb/bw+AhLy2UaqohroeVeqXDRLko
-ajHZNXNyCx1jr6iA4UIFml2LD8HyoQm/Ofa39CKEAUcxPGpdKGGfSRv2oT/c4Kq2
-cwJQnA395qQk0uI2KfSrypWM4HDnGPeB1pteH49wLQhzGDNYLzgg3jTGZUSUKFwf
-NBnsQVGLTEhHws8DKhcKEjIcBJgP4Tm3Dj11NQ/NNXVX2NG8rsJHTpLKjm8DmNwW
-gDOCp5977azp+FSYreBQlnfiI33p6CwFEwrqnTi8tg5lLVzMj/7aG/hH9N38Ck0S
-/ENkyaIoVn6M2BIAnDwkV1GMnKKuZYDNancI5F8B1lwNYQopuQBiGaFE5ZOv9JEt
-Va+bKrW0zHJS/gfUkZElCKl7SNIrZf0zXXI/9Uc3urCY+j5xaa51Tr5lQhlpAZIA
-4SC9hz0I5iEtH2XvHlcIO7nC9ESVMHisrsi/FVfReQjJu+7tIE+rHjdDE4ZPp2GD
-GjFcd/+BvG1a4WFPLcSqiY8cVCYMBPO62a29gh1ep30Sv8lln9VZ7NoKCiNfxCF4
-dvmar92ffh8rG9RFyKJiCpKD1zmoolZZlZRBmXwlsaevUBomYARMcrr3/BWS9sDV
-SigO6zeXPp6btwGP0HdUaBELT4VMI+JOCQq6kds5MN4IYp923NDfDCnIr8AXbvw8
-dH2rcqXiIFw7IYSHBFSjw5xhHAxO4jJdCn5N4IZQM/iYKbxQwwPuUqHRY2c6OLA7
-fP7QjUjF3GoaWwj8DtvW4/LSJyXvHi3Wbu+oUTn5jesMXJBtqhCPUtau86gG0yR4
-Ef2L0kQnHckdTuc92ubfbSMS8KWwkMFxIYv5RbyL0uvArAqXLfZ2IF5YtrwOb3lZ
-XOOJ2KkqYyinGbTXGRrTueZn+ZS2MPMeFmYAxyckWKJveZngaKXzAptOaEAx6Kmf
-nM+FROrcF7ihZMBa9H0LoAMMCgy0fDC4E754qW0bJTO+LK8yX7hhKVN1iLMQfCLM
-LD58lO4aOBzoVn4ld/L5hTKGPoG1ypumA5lLb3nfMgnMKYs5bfEwBqP8xDOdUTsz
-RvzCZQj1CJAz/iRjwI0xgCggyB5tllCj8lay9eLGVe0janZTQiDBWcT2XLS533rm
-sqFYvt5J9SigFeRnjKVfGGaX2Vtl35BCFjqq/E+NY0rA6KUi454pxaHN1FOdzW3C
-14dO1kjhJVBKrqjGC8GBS5YhSDWfg/H7Ybp5z1HkRG1BhlQ21brfyguDsNhJQAVT
-Cz0QHM2PBKO6DOpPw1C7m69oIIKHnbs+8HC5kp91hZkrHsJL99igHT7JIHR35Wsc
-tPiHrx2h9z7idwvGiUCDfRGVXOBMpyJPdWElRJQeTEMSGDVTZ8mstowYESpK5W1H
-jokqA1rqRz0baRaX5cmKfQ==
+MIIJpDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQ9wP5YoCrd+yNGWhF
+IrmuAAICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIpqhGOlkGM5sEgglI
+9a6tfAbIW2NqD6d+Gjhx/MROzIv+0xNFbE3DSVJzTXX0fdP+45tsqySH3x3X5lba
+3U75peWKnHdPH2y7/wCz3Z99Rsj60Wtr0uMAeQ1Gc12dOh+46lXIlAJLzC314LXd
+G7rI/CGClyV9SwjgfbsbwVMFJN1JYpZwJYmc/7qqpz6UtvRybBw4g881whjMeWkm
+NDN/jsCjJNhnaOS0kafYANZY/y6qrfqDFcpnv7rAWZOXzMWPNyp9gQ74kn8BTyq3
+fDLpfQGrG2lOBlie/I+SCC30Nw6JcJtvbrzxfxnRHw2Mc/p74b3wJWXt88ZgAIsJ
+tY0JQe7STlJZUmQLJgRJGuPhQm9VapnBsPnSWJS3lY59ZiOlwOu7ocVR9qzlHN7s
+C5m4ntBaji9kIPavoP5SsUMy7mM6Ti5zU2u+NlzcIyeS4cnu5Rno8TQKM9QeugIK
+Qcnwk4tejj3wLuWJWkxXyORy8C1AU/yVL8Fnx+L+OdWLm1AXLrlEjqn80ptPSb5g
+3u+Xwb6b02nsjVocmH4ik8GJ7fcSIyLqakzIeKJbStfK9xXAIkN/PSs9eTv0hx4Q
+AIq05QDOvm1JTHfMsG5ZaNtUyxx3LRT2vHow8Vd6o/7PF7sUsiSjnploCS+V8GF5
+PfzLpVxpanuOiFhdRk5uISEvppaKjih34NwUOcS4j1rtJ10nk03eedQz5LXd77rE
+kJ83Fu2Nl7e3yoHkGpbEq3ymko//gNo6GZRznh0IYm3R+Mdfpx7F2GWwM+tGSFNy
+YpyEr0XEKunkx0ZqNXupj+zg9By6faUoRuQ3rwRoYEolpNUDTHRW6YffYb0IQNPF
+69d4urjUwGvxi4NCa3/y+mmib+zUhvoQ2g3A8K21z1EjcC6hzITiP5CEUpKXPxeM
+hJsX7edEcDRT8PDhaeAFC89RByolpBPBTdbj78CrUFlYcK+0nEPBLcllhxWRc5hr
+SPw/iaLWTLk+HEMlaK6rEP0Bo47dGQ/SBd2lNw00zBDBOk3AbgJzH9gjnxlfddZ4
+Z5NaVip3jbJPAh7uknqAGyv3kvGiRTH5Ahe10YCWyAGqk3DpPpoXvD1ImbR7GAqP
++KTeQ6ahtFEnPmUFIiR2IBJRTjHsmN7pMS8WcBdL6cuAAnNzpwvYF00P02CVKQmM
+XlUBQMJq8UNwRqSzxf7+tcUsxoi2ZfpmHxooN+8JIDB1LXTJkG//qOde8WVnRfN+
+DfNVkE4HbHbRc025bQT/QjpgnisUR9UFIr71WXrox+9ygsr/glvAAckiTAyPKZIg
+VYhlvCjcSwDj0FU4YTi9G75flOXGaDlMZm4YoTs8y61sNHiwmgHK/wJJ/4Pf22v8
+72l9cZGb/s27lkDgLYr4bwTRVduOLWAe3tses/ZhdTDPQhFvpXVMW4s/u72Dx2Uh
+qqxaM1BzlGX96CvK30z0VEmetpe7ZKE8ty64L4nCmbqNDKhY86w75MMG/KuWqJ6X
+moZhxDXimeyOtpUNFRA5Rr7vfUG2mmwO9SLij/kIQLXxfEwEeNcqHhId6C0ckHnr
+gV7SuB6iH2WAhZke7qz0GkH73f+QpCJ1mo6sWAiyX1zsmpT1R9GJfQYS9f0si2AI
+1D/MdySKYApttSGNhxueKMRdRw4BqCov2s0ugSRVfyb6UYWtGBvzBbLTqtAaPd5+
+yHKo5/VY1avxIjxWgVN+7HCPb3Ms/23Hlo/X0jNCXQIsV/heGLKp4ATtZIm9AL2p
+KCldetg2+UdagqUpv5LwM9BYHgxGbbcT4vIFJFnujfeOC96K+cORkvBoZaS8ZXCK
+1CgjW5GamqhkH633/rjVMxTVxlNq+ehCdN1XAqi/5xper0Gi39hfpTcb1iXuXCBQ
+UJLI+TzAHEzpBG+9ssFWGPBppj0L9oaapTJzpHORpri+9SJXscLVZU7Kj+Rypv7a
+rQL3cCGxCqU5Qf9jBDoCTQYWUebJX5tstm7xL19+uqbIO5RQR2HhKAwXjCQ9C2B1
+l2Dbs/p1yIjyecgJMSPF2TPZrtyCqZC/Ui53i7goZ/2Ter4H/3nQ8QZkidRHWdGn
+leXYxmUYQrJtlR7BEjKWXAKtNiIybQ9cF5iywWKdtZeT/Oez7nQ6T3uNKGU/RaWc
+k073mQ1IGosf8IKMmxh39NGc990A+5uL0XcTOmIaRz2JePzZwhi4tr0f4buzN3gY
+csprumCJiejm4Yqe3p1YsY/95UQL6wA9iuIg1bAfr8som+fFZRccI1CUczLsnAjt
+p+kyVSUl5XxyBUNhLGQevSfqP4XjLz8AttmBMBaTwBJO1PDMiyC0N83mTY4tQBYk
+hG6wjCm70btiQlzeYAmZvGVZ4KGw/3YQqPq9aWJte5GQ/PqB6DJ9U5hLmEM2B2bR
+n3XedzwSZnOCoIJqbsOIa1o5YEPQ3gVXfFPT6//qZZ7lwBrLjPwzYLgv0ZptBoWx
+9ouiSor46yb3ITtyEvtbC8Gdv5VttNzovf5MrOBK57euH9R5Sv8a196sDgLIQ4PK
+7wxX1okx0c3FmYPfcdJxJJN5lXxNxD2OE4rg9wRDBlTQnY8fR9q6JYfhsvTdRWQh
+2ta+edGGvXRXpv9BqzfgmJTCkHmiRsH+B775iwhwS9+uLHtUOb/Ao2cFSrLorECj
+Crf+WEGDhSihKKinKXKZR/0FE3qzPjNCbI8DRZNuLKAIFWtkYO+AqFwH546ycNNT
+8ngE3aiJ4ZT6/uLKY5+ZIWKz6mtjqUKaDCaB2jiXcbXHB+6NmRo5Q4+NIbo+f0+0
+2SRxx6Zom+r+MzN7zCvBCr8eQyXof7X6Dj0DJOvCIwHyrek/UJEBgjXhi1N63LB/
+K2Pcx6rBnhHmQHUSHfIWNPGnd/fkm8jvBm+yykSJgmnarQlAESaFMFWGLxzXfbJg
+L3v8cF0sCtG28DbIRdZTEV4EsbeX3n8pSmgXBnFEtvvNIaBdE39L7dsBdpbWhttY
+Cn4cQkNotQf7u4KO8TDcoAYBZKdcRjjptB+2n5Bd8mPBql2FIXJV4Q7uPwSnD/VS
+qpC1txka9boYsUa1O/NB9+b5KE7MBAfUJOCVNAnktryWKtjhfHC88Q6vcQ9c9cmL
++o6CpylfsrjJ09JRA4DlFZolk+o2bqgiYSWY3aNOfgkSMxIlTnm2f5BRSRcYokpo
+wK5FgBWpSuxRsmgzss0ZVZCB/JMjuLFO
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
-MIIF4DCCA8igAwIBAgIIOyuSlXiAZz0wDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
+MIIF4DCCA8igAwIBAgIIMT3E/XqnRLowDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
 BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
 ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
 EEYySzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
-ZXQuY29tMB4XDTIyMDEyMTEzMTczMloXDTI0MDQyNTEzMTczMlowgZ0xCzAJBgNV
+ZXQuY29tMB4XDTI1MTExNDAxMzA0MVoXDTI4MDIxNzAxMzA0MVowgZ0xCzAJBgNV
 BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
 ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
 EEYySzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
-ZXQuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwyVG5t7nGwDg
-vej/7eZ0r7PcHpLa0WqilM7KNTeYMcNBob7sbPgHmLJgWIGCtrzp7fgxp1LEO2JM
-68NCEyqGTj6n3iNU3zUw4CIllrZeTSCIo7KeZ/wf1yGr/HGRszXKWn0aa1m9cEsf
-8IeNvdqSaok68v0dm97E3Ce8lFAftVO57i9Qh7sPHK3xXGAuBuZhm0dgkU+I6lPl
-6ycSwr4DIbkOdHOMMtkJslnZZ/fYazorEwg4CYgT934nDQNUprberUSgKlkuEJDw
-nA55Cp9AleyvkL/2xH6KGO/aUIuzMZn9bRmOwz2GxvX5Zk/b629I7O8GCtjcZJ+l
-UScparoPpaE+Q45oaxsAfC4+cWaWTd6WCNv36PVrNvmt/gQWNPuXbfTBEUL5cHgk
-ouq75PmvuiAaC6s3bH2wpbls1zPXbqTdXQxQiZIzPniLEDc9o3P8S9sRnm6ypOwx
-j4cAys5fPdGreRFTI95mWnrM30yK1P2YpGU7LCPAuleXrkJ/04tG1R0U+dHwJcW+
-HMK09qPxusUpp6rZBIydVAkkSMlL2fMNvvLkPAfD15iuF2hs+pDYa8Pel/pCXoTO
-jQekiweLFVd/t97Z0Bh7s9Ko3uFPavtsztzbLvT0qSpSSpE6cMC1ZsIHykyJFRli
-aweYgIDwiq9ja4Wb79E7uPV4x4o4KNUCAwEAAaMiMCAwCQYDVR0TBAIwADATBgNV
-HSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAI+Aqpvb0ojqpsmsl
-vEr9mQNTL6bKvagWpYKnfzHVhlhkRJxEQgH6ItgqZRt593MpxMtWL4dvM0Sfl7vh
-e8PxetFvNJjbgkiCGKOhdx5bnl90p28YVS6iXi2DkokAkdJSpJnsqGYIzzgEXY+Y
-q5EjLCuhF8dSq1TOhNjZLkqVcSZe65jNh1Y3fQ1OPPv72nFLLpFSGk3htr+L1yes
-RsfOpBdXu7gO/HwLGbHzTjksHAsklVcm+KcdsC+P0XPB4RKsC9Gqyv/lbbXGD6xM
-u+7AxbmBWloYScHiSeffu9ooIeaDGIKPG24kf2tqEGRnHXTQXEBcYt1bUmL6FYdB
-HvdROeNUWF5qno/9GBbuWJ7K/c4+Nj+B/Fjh9EMyQbuRf/WQlMYN4wROgfqZjU84
-TNMcX1ezdzKh7K4d2JQNB2ke/byEwF3KwFO6mV8ag20bCPq8oaUtMmQDmM0HgA/H
-2IW21yVgyAOvA+ZvFffocseA1SAIKgHsb8zU/xYzfc9P2RfxXtm2REgq35yho5uO
-3aqKlLvSFb9GN9zn3lrzlur61gfuSNSrlk8Cbf932HB4lG9A/hs9+AnmZmC2DDLr
-USgnPvV9FGt/zySOjvlY71Y/ysoj5jAzQrtMswvcVAE/7uj4OurLvIQGm8OSIp8q
-UM9qCGu2uhHLRu7OJt1t2qWPS/w=
+ZXQuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAl1oVndfr3v4n
+W1ztkYnsv4fds/VLTpdCdPFx1docGZq2mZfv3JJp/1ARdaW07ir6FAFWpVjHp3be
+DGc+bziEGwj08mYj+ZgPVzDC9Pq1b06+xj+cxvDpne9S1M/1SH87b1OE/Xxd967X
+HD3W2EJg6SVZTWwhzQUi+VzoSVClyAvFrZ5dlUl5NQfR6NiCTj7Tb5quq5pYo17u
+1TBehWBG6O2f0WqUmphhpTdgvqu+jFnvw3QjBYoeKLSz7rfoqgs6YOaWDbgrWS2o
+AqhaebPKco/aPrO9NL+5xSwEpowuO0Z+3NA443CuaBzb9R/VWIhOfkUe3WMqzae+
+0dGsNX5wGNwiB4/x4Y6hI3KvH5spNwiWVhbcUNU3jfUuF+JLI00G3Iy2O7XM27qZ
+lN/6jB2RMiFJSNnKMkbFAyqMvlvshIxR5lZ4aaLoQ3ILlTKtkuKBbGGhJXTCWQYV
+TdvnK1UwHq3TearynPigoDQwj45Z8SckFomkQpG5eL6Ypq3hj4AFU9Kv5aj3kzTf
+wdN0BnxM3UABfrFk6dUZTrgI1csJbowHIBfCuzcsarfIbhEZhg+zvDVW7cfzjTk9
+I4e5/dx4Wz4IGPKN/8iDSdzavLwG4508GBtnx1yM/gPAZaBmStyGDWlDC//mjDtm
+z+jqpZj4kEhLuIdaGoQg69gic7LU3ncCAwEAAaMiMCAwCQYDVR0TBAIwADATBgNV
+HSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAJRDqh3Cc66e9a236
+ERPQW1c+hnI7vBHFXKR+M1NVwE4pX6cRn1gmch5wVDXJYaYBsQnHbYrZBWfvtOq8
+bNweryhoLf3dwhl7ZgIYiofH5TaO+Ju2sevuV4zrI15ussXfp0cHOrJp6AXWtLBU
++nK7uZwsrxONqzf3XA8T35cW8piIT9SHWxv6GUzRoMtx9B8Siw9cuHaokgmJLcgA
+CVnU6bKZL5RXQLVIGTalRePhFA62W7bk8tA9fsSkDRCeD87KqP8DQvEVbXLaZLrS
+bflIntmbgKFf0LSSoIVsmTEXvdhr+/eQf+LLo3m2pPTQjB5sCJ3Z9KeuEF1YdgH1
+ZC/+pVTjOYZ+PZl/clabxYiYZOHODsfrzrHfAPwD6uv4qZ7LPx8/tnSGFRWAM1S8
+cyot2aQ78bNdHkoN7LO+C3Jcy5WKg9eX/9ctcFbtlMBgqwmjzG1tMrfWm3bXWx2o
+047hcsKnqoi2hcOWGtUMkLSSbqo094Pf6/zVRuSU3WKiQ4SRyQmKnnyLFLWlvQQ5
+xuOz4eyEAZX4c6Vf0YBQ7L9KndKJqXLfIFGWDCAiQ60PAzam+aTnqsFzRRZt6Tpu
+7B32NgpcSoFauyKreHQG2qgt+/e0YrEE3v2Ufcb0jKd9rIIcLBcrJpoaPbnaAI6B
+tvItQ3It73aapJ31L6iNgZ1WLN4=
 -----END CERTIFICATE-----"
         set range global
         set source factory
@@ -25276,40 +29716,40 @@ UM9qCGu2uhHLRu7OJt1t2qWPS/w=
         set enroll-protocol none
     next
     edit "Fortinet_SSL_DSA1024"
-        set password ENC sdhck6w9J4aoSnK51CQifpn5jsmTEbLlJsGN5kQlRNyllCrXdvzm+0BrfoFObmGHKdQMI38FkYnO2kM/BrWsQfEnJ6vnyR5rPZhVjjk5wwGebZjJ7UeElGBflXAAGqh0mcWalFHwL2caQwR5htBRVF+VuczsODgBnQCKGAVg08VjU5CkJcmmh8F7qq5eYo9v5xXIfg==
+        set password ENC nZyZ1Xlmyados8ZelOqwHeuu8VybEld1h8BFhcuKTXrmOh2bmLtrF+j7PR1mj8mjI3f/jXdkYsZVA1nJeutupZ8V825FBcrdw5XEFocuhVFIQLGuE/+DSUa9oxg+/UMR3TzTBqdHCTE2oCN7aJW7e+soy+T1nVFnGaSmoSYye44Yc4JVDtsqkxDamkxsksJUjUtSfFlmMjY3dkVA
         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIBpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI2ycJsiFfB4cCAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECED1YTSwJF6gBIIBUI5OlCAlBACe
-2DgSryf76+D0TL1UCmD2XqWKxbalkIl086OTsBaf02nncv6WhKF9TuxWh2UQ+Zfg
-Sosf3sXCtYRN0/HXTj/4UT2xoCj8yvO0fD8iSLeuyCKIELSyOYsaqYgzx25Yw52q
-zJdlXLtbS/0OYMh6OAOnj2BloxySCHEgX3jH/QypkI/cWi4A847VACWG8fm9Fld5
-KTgiGvGE4OttpfE0Iww4a5IskCkg1kY6+LcpBY5dAJ3I0XAYFbWZB1EgbTtyxtMi
-XHAqNYKVZ3aTXdxgrQ4sBDbKmeYvnLOS6JjPhjUnYZJSzM7zei2DN07QkgkQMVkG
-F84b4BjcaQFdeBMY3oG7CLlRzeyQ2uDeE/vvMj09RchQgMZDqI4P5CdqWS8M8TZG
-AOWm2tSno8yQq68EQFhTauE+mhy862XG7xmoSgjSay5lZqkGnY65og==
+MIIBrDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQf2wcgGxa6DEIRY7t
+8cvYkQICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQI2dR57P/UW+8EggFQ
+CT08/rbOqOt0dgTmzF5DICV4e+YVKy5Ukh/QV6OMxMuOL1Ofubkv3QQfVm2aD0Qf
+wD0R8s6rh0+CL02BCb2qTBf/KB3T43de9s7pqIK0h3FFTSbqumP58qNOE98zRybV
+qVkSf1vdIip2FnuQzFdmM4aTsh9J17Sx125hb7jdKlQmbgUvxtKu+boB1kCpkLyc
+GDOAzVuhWYRHctsB7dTqIlOMckVwVg0RZSVIty69pFiOvVVxB+qMGBoLyF7VQlx2
+soIZiRV6+o9/znsm77YK0EJ8w6FypANCxSrb53Um8/8zNMShjhIQEgPrTwGzQZOF
+OgkBWMnRiHsATAWMQ5nS0SAAYl52zzY0fyIM/hMA1wNpG22VwXT2uVat5eeVDaFr
+fjLwq+gefmLlKwQAnq+LcYO9+kgZenYV2ny5YdYpZ/cPBDHPiRL/lvpEna6JfZ5t
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
-MIIDnjCCA1ugAwIBAgIICnJZiuQT5kwwCwYJYIZIAWUDBAMCMIGdMQswCQYDVQQG
+MIIDnDCCA1qgAwIBAgIITu8tuSZ16aUwCwYJYIZIAWUDBAMCMIGdMQswCQYDVQQG
 EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw
 DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG
 Mks2MUZUSzIxOTAwMzM0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0
-LmNvbTAeFw0yMjAxMjExMzE3MzJaFw0yNDA0MjUxMzE3MzJaMIGdMQswCQYDVQQG
+LmNvbTAeFw0yNTExMTQwMTMwNDFaFw0yODAyMTcwMTMwNDFaMIGdMQswCQYDVQQG
 EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw
 DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG
 Mks2MUZUSzIxOTAwMzM0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0
-LmNvbTCCAbcwggErBgcqhkjOOAQBMIIBHgKBgQC+4nK8AoHZzfZOk6DeFoqkU/1E
-tsChanHEA7rA/zewAN1lXEyY1Q1wLcoBAfWM+dKsu5QoFPQOfpkBEv7/lNlu31Kf
-EoGWy1llX36XNtGSUODWN84MpDZRZvbB7hYYpCSI1oXQWRH5iPDn0oqhALUWyvbb
-PKP/p/QqJHAKQl4DMwIVAM0negphMCVwllVVs65Lrn3qBObJAoGADowodiGVQS+j
-yYFhh0q1KQZUwqz5w/UMeRvidMMTXpWzA0/6mi9m2mI3nlthlqjKlT/jkgZVATqn
-LIrkPe+QpEfz/KGIf/juVl8EGlYDlxBR0wv2RQiR/Us5cSSGAP0oaxOUNCdacWd1
-iXtwSsIuflcxzTqj7Pn2zKnc8vVkDlUDgYUAAoGBAJZt6dKujCngP0X0jvZHIkHh
-lhpCaRaiktahC9v/qN2RSVeowxZ8AKBRI1+QJuHBrBOwEddEkNknliMXjZr4JP17
-dW8oXDB9A0MzkHH5EMONKXlixmjO4Hprj2r5mKACUCkbb2reI+jo8fz6GpRmDZSW
-qs6hRQIshfZ0CF/w3rwIoyIwIDAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUF
-BwMBMAsGCWCGSAFlAwQDAgMwADAtAhUAvyA64Mp+Dw9KuaBJb3RWnXS8C3MCFHd3
-vncZsUn3T4/gdogfFYgsj1Z2
+LmNvbTCCAbYwggErBgcqhkjOOAQBMIIBHgKBgQDxE4oFTS0ubKpRxTB5sHlo72Ak
+G9eMqhJ2P1/x+oGmD6dx+YWDtaBLGDRhRVHmW8Ig/lJpvngPBoKZ9NwlOedsbVWc
+rm4dm351kvYBJfg9UjRP+OTGbJPlF3MrZZcW5QFemfkmI11KIzgQuBdqr31APbxk
+OKT60riXJnpapJFTKQIVAPX1JgkZKORHzQT1mtBHGOVtPMixAoGAK1uLf8nex7Nb
+ssr717lOU6EC/W1ZaPxdatAGygbsoaqvL9X3i02h5GFEcvmI4X2iSlvHOB1vAyPk
+Pu8ef14jnekk5z7VJCRdHQskavJwJ1QR1B69kVIJFFW26l+TKqT6n8qmxPNuX658
+3VErZUeZZtBNDb0TarCxw1O0Juswfp4DgYQAAoGAEXnWNsjzqQo39skoERX1qVx9
+xI6ZUe2avRKEuDpDn/wUib5Frjrlqx3YkfsJ2pM2+1+morLS4Kzad0V8ahWfHEQ2
+j3g6VzDs4ejalbcJmrR+N5PKQrTVidNBajuBNupMxghSQ0eG1QA0Lw8UADmHJx+w
+yN0Poz7YDlrH1A59dP+jIjAgMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUH
+AwEwCwYJYIZIAWUDBAMCAy8AMCwCFEXRd3P0r8/zL2q1F8hBvBtefLYaAhRe3+6n
+RZpMszcHuz00adaSCeumXg==
 -----END CERTIFICATE-----"
         set range global
         set source factory
@@ -25318,55 +29758,55 @@ vncZsUn3T4/gdogfFYgsj1Z2
         set enroll-protocol none
     next
     edit "Fortinet_SSL_DSA2048"
-        set password ENC XTJy/NlxQWXxi55sy0Q9sWu4cCs3g03hUGy9QUH4cBC/gcfAfTLfQngB8LyHlpp6qVwbeRInZ4WrWYkyXkVrxyTs0MX1BWif+jLb5RrVpOmQ//MDWaxomJBw5HfamNQJ2aNTpEz2NdpaZ5+IH1W8heUDW2FQRdT61mV/X6quNDm37xYiWp06OjgzTjgYxlQ8FI1nnA==
+        set password ENC 26+ZnoKzmTKgpiI8RFqm+R347SwIiUcyx0wEaQmqT2rPh6lH/HTpPfBWl2nxDusSQAeex8kxLaVPCvGfcMKrsBxmGtgidk286ovgnzK7itHosRTCTCX0syppKim6D5amEYp2KuGZ3LZ6vajVuTHQWQBjscqNc0RY3jhCqfiih7WWChTFjTeRc7biZfs7flKeF2XKIllmMjY3dkVA
         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIICxDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI423a6iaegTUCAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECLL5kR8fnx8/BIICcGl6EHpfClq5
-xgLGmsyoMKe+QLyAuxjcjqbEFUFWFo9Xo4z+bohzGykxzmLtjYF/PSQ3yCluTK8m
-L67Y9HTu+sm5FmCyVZVa/cC8PFCM2/Sb8ufR2e5fjgT2pVbR/Se6OLys+JufBDEu
-4Xynd1JI+vDc2Qm75LyVvg9owWUOkRmUXLGHJtDNlRq+X0adozvXNyiGEp7AvxdY
-6b7NPV5gfsSlWaBsK8Bu/NYZSCu5ldWmc7MJOVgHgIr48s4KJ14+RNWvwMPBO8G5
-hCjFagBUd9u/5Wqcx0lFBgrATOgltbaHRjwoo2rnMwbYpOUrNDGJ1YC+N3EiJ1IO
-d9I4QAAqQkawaEbTRHogzC+oUqS6xK2DL7oqxi6WNrOhM01VjZiUfMqxvrmlyN11
-Nvi8X3lXPZt3VeeU3mCZwpaUguq7He1EIb2uvdVt2oADJYJtwJAdzhWz3phu/v2+
-C6ugXvZoAHCCHuDICC8wn+QZkevOVtJRmn7N+/iFZ74AD9H/opqeFJ5ElEqEokIB
-2XDoPdWjIX7rg5ubD9xW2e6xloze1xhVsHCJ0pAhby3NEHz/AQekU/VzbO7ydTlC
-A7Mcr0fxVANXNsl5qmkOoUgH6hMOQ/2llj70Sh00ggFlyrKqSCsGSlGzX2lamJfJ
-EdUVHKno9lc1vmdIu0dSgzcVH/VLc37bokvCnVllSYwQv/NzS5sYhr+7IvrFVwZN
-ZJEXjLU1qUvcPyK4mvcak0VDV3hsTozMUeSx+pyv2jOWkZ+Jk8931B+ES4covprj
-Fi79RJKlENddOhMvu45y5ocHkc8/Lzco5UnpageN29XYpb5z8ovCjg==
+MIICzDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQohu/kaEGOZr1q7p2
+5JTY/AICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQI4OSKy7oOLhwEggJw
+FXHIOomPQ8JKeD6uhlkxoTWvnc2VqCZTkq91DN1XReQwqqfAGxUtp5SkXEdgGzkI
+RPnJesdUSnx6ki6PJ5z+WvClh5G8ERPEHjpu8BeLrtnFU3pBdQG7reT4SsPN6k1F
+s7o+XNlRbBZRCRnUM34IBGE3b4pRAbDQhScVSd4+rciKBAr7zGgZzi51aR08v3gX
+R7hOqcx3NachnAMhFy3r6Ar5qs6MvxzkqmoE0bpcc4B2kah2E18tBkCdLglWbVku
++nQ3AQ/vWDFRjnFNZM64AxeXboSWl2idGbncR1rziYY7cZQ26wioF/RJ8ZC4iwnF
+FDg8u+NKliyBxW70JUvG/OVvNXVtvHWw4csLrMbFXcYwYloUaB62zGpKkFiOjFyl
+luU6S83gJ3w+EZZ1s0S6co2Un+iEbtLm4NBnQv9KrTTo1zU5mvnQOG7APV7Z8y2I
+x0EbvzCI5+vovaJqFwAP3/3QCF+7Y3B4NTOtIuUCic/k8Wk7fL0N9LLIpxEn5OKD
+Z2i/2OmTuSs/E+c97ZsVLXQOXBD4Ne2MiS6JoZbdIx8YjSP5T9YA7x601wjtS47V
+5DxRFLGXzxMmU3ziW01XdYwKoDSBbO9gcoTd/1NPOxBNbxoq+3z+pURYoIcrsLGv
+W3Ea+KPW+RqRQCPaNhxUY1QxBr7wlY+XmNT0q6qc7xnFqZMH4PteQvNw+yIU66di
+RmQmjV3drBtkPVcELgsETWxS9gK0ijvI0Xvo+2ETwbkj+4fkHo9MAO5P9oxOz3nX
+Z4xn9pt9d4mvemv8n3sItrw2xFfrLxXBqksg0+twRpkPULzHDVdAp8c1lFChLNEP
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
-MIIFRjCCBOugAwIBAgIIb9Ue9OCxwc4wCwYJYIZIAWUDBAMCMIGdMQswCQYDVQQG
+MIIFSDCCBOygAwIBAgIIG0E2Mj+F5a4wCwYJYIZIAWUDBAMCMIGdMQswCQYDVQQG
 EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw
 DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG
 Mks2MUZUSzIxOTAwMzM0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0
-LmNvbTAeFw0yMjAxMjExMzE3MzNaFw0yNDA0MjUxMzE3MzNaMIGdMQswCQYDVQQG
+LmNvbTAeFw0yNTExMTQwMTMwNDFaFw0yODAyMTcwMTMwNDFaMIGdMQswCQYDVQQG
 EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw
 DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG
 Mks2MUZUSzIxOTAwMzM0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0
-LmNvbTCCA0cwggI5BgcqhkjOOAQBMIICLAKCAQEAobgWFx7GOelSuTz2LQXq2WSf
-XNU2bOmog6adPfioJkQfgmSfpzM5O9wFOs0L5oZMDv01Cig8U5UlWvd3sEjyHmiB
-EUR0swc2jGMIXuW4d+7Wu9HdiKQ+XwbDTuysoegG/F604I+6syj5PYy5IGKmBUAl
-ff2WkrkISafqIUJYKCe6ipF4uK84bc58+elygYLGdtC+64zgq+6PUBcePmKPxWtk
-d0FBFiaSwSOnj1fhv38koSOEI3sMfkPYKzIsJd3l8BUoIuj1ISGYQzobO+aZPoGU
-GpxnGE8ztyb1ICYe9OEgCXQ5GQ0Y+EHxufarHISvsUbC+ZR8665wThsQc1xOYQIh
-ANteeFG+/MJHYNasES0Jr8fS9XU+RVjmS8CuSuhv/JILAoIBAESm2CulfpNo7WGH
-b6KmJQSCTH+mGQ8bO3gCRyc5p3l2t1aTG4dFa0x8Od+eCUBzJs31GgeOncY4OPp6
-ZIcqt2L8G9Vc/W9M7b+xNEOO4tF34zxycxg0bsK1mW+kNpBgsBvfBKoKoV1dedy7
-dV3Qmtu/xeIcgG+Uii50MzxpZNKnkYecmj6yA2T7Di5W/kmmRfo6EndQGIXRt6He
-fJz8IP1Xq6K86FkvgnnAES1rC0THYbgHBtZi/CQc/plvHc/8fsKWwLhIM5ANMOtN
-h9Vsjmb5xQkmrFIdX+K0vDNINd/WETw5HtgDapHmLgIPUPcsHFAewOv96gPEMCnQ
-8VdCni0DggEGAAKCAQEAjWAFqLgApELI0RLgmhx551lFckyW2FMaA0m8CZ4auMXA
-RvmCtcILrvtzjevaNmdWn3S7/zIa60nYY2JSVgSFss/eP6BpmvBiKbDEb7w1qQ78
-+vj1Ym737AjSgtM96m6kcKCUS3LKZu1LD58IFkf2OC6SlV1MyMClhOnNBS7JjwdO
-ZQmvPYVsSr44FFqgKbGOgd6mW/+li7SXI5vRi68ak3rVVIFo+Nq7mbY45e8JSoaM
-zWf8mQR9AojvjlfQmlLDmixqbGU+1fKvb+jnK35S+hxg82hvZ5ROcCEEz4M5D8Om
-SeeY9Ho4Uy/u+JWEtm2HHN8/abGIhUkq0CY8/FsB5KMiMCAwCQYDVR0TBAIwADAT
-BgNVHSUEDDAKBggrBgEFBQcDATALBglghkgBZQMEAwIDSAAwRQIgETGpcM+jLq6B
-QJdHqanHlAeKrkBRk+YT7U/f1TDF0oICIQCryEVtHWwX/MOh7rkfwQQvWkcmQQaC
-MJWQytLYT+txcQ==
+LmNvbTCCA0gwggI6BgcqhkjOOAQBMIICLQKCAQEA61WmKkADZ3KCao4L/AZjFz58
+tC1q2W0NaI+6VfpDy2bBd+/sqwGLPBdtNro3mkjLH/ItrAaaW4gafK96ZBShmMUf
+F73xrL+wT/Mtb0HSuDvfYFof3iePiS5REoMWQ7KVOhbrIQIjgxP3kHXlxHd14E11
+TN9mVM3gKlLrHawieALVROgsEC4ImBOCbDIAe3pmaZ9dP42itTKHWxjsXbbaveJN
+ZTuF+4pzeuZSVsoKzQfQgQ7AH0iQQPqTVgIMxAtsQHX61oqA+BuLSnnalX+FUmlt
+e9itHNB56cBrEL1Qiew8XQw3Avbcjf9jYY/cvCOZluw8E3AqCXNkPrK0+Np9fQIh
+AP4dA29px4MxDjXiowNUMQ2tx9dyKjTlF/B0fJJidshZAoIBAQDFBpiWHOOJBR5E
+i343f4GMs4yW1yZH4+8EY8s+P5USrQ6IfNuziVzVcnDUeBWsxS2mfG7p+BlBJvGy
+t1SqTSNyCgqMxZevFx8SeHLa8vwF3t8YSl8gSEprSN4U+KRPKoxTgc/zhzSJAFNw
+Qif6ysthDfBaqGA4hYA0O4Tex0Ue8fVmFgqj9TzEx0imSP0wyeyj7r530Gw5u7Nk
+6M2Iv6B1lRDnL7VWlNTWQ3usG93HLyFUrDtHbR6UIA/Mnkb3esPzfiqiI2naThVS
+iV3BOPD2gVKKPRxK5YGWnv8u4y5q5r1DG2onrCPj3vWOwpWbEgBhQ5LNDri5vd8C
+CyQsP6+UA4IBBgACggEBAIWjSG8VQHRXnnrMuHLOGc5NMiJIUs+YNLS07EjH41D8
+BDW2EwLW15k08ncXLCYmiK6bHfODFcQ0mSiY+XKefhsf+YAjMyKywOVt49Pn8b+x
+qBFvw5Ri6/bl9YAx4gOjrIWAEYjX/CgCjEEhVkMSxjiYrPN/5ObuaC2LWTZNFQsY
+WRZig4MFivfPQzXFsEAkTjLe/s5fe8ocVr6vtpjq527AP3R/TX9Oz2vbbFKAVIoP
+AUnkmGgBNNwpliY9hBWiHi0o5w2XLnesRZMKh2WTpuZ3YYf07SHO42hfpfTMRyab
+TQnOHa//dpjk9+m2gIKE72KQSq8vWtl3RxY6/GAA7ZSjIjAgMAkGA1UdEwQCMAAw
+EwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYJYIZIAWUDBAMCA0kAMEYCIQCqxHciNf7/
+axdCbb0hhowr/qBaszLxahN1+s3/oaLymgIhANqPdNoihVt71wGs/+5/wHBYI/TA
+XZduYvFaQP26BoR6
 -----END CERTIFICATE-----"
         set range global
         set source factory
@@ -25375,29 +29815,29 @@ MJWQytLYT+txcQ==
         set enroll-protocol none
     next
     edit "Fortinet_SSL_ECDSA256"
-        set password ENC Zc0qRGVu5zLGaF/s0wkZuk/kGxKa0k3t3j4Kl2ZFpseL3MgxMJLumzbdyCABp899EZc8/uYU1y6udEVtj9viOMibk3UGfkAutPUGQfLZLuaQLgFj4kcViYI4zyyuBR5mA3IlOhzxiphNsJh3iYhKW0JuiYQQ51OgYZBBFum33iFb9Ih2F/J4jh8mYwP6KZJtbA5q9g==
+        set password ENC KYwMgy8NtFxQxbLP8x2sZsx+yRIWRt75jQRfZTLGAko4by2Zl3Q5qz4gYUtsYtwKVsllatRNMoYWTTc/z1l+haUi7yZKRiLLUhJm53RNxw234KV7TQRjFU6f82lJx0muscd7DrS5+GxrV82ghc6LMtmidhMSMbXxtGrjwqkCoyTKai3S3CZBBFJunJo3AZ+aIDaiJllmMjY3dkVA
         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIHjME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAgQR3h7s0zJsgICCAAw
-DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIn/fyhOSSthkEgZBujg3z5txtL78D
-+7Q9qj8V0vxglsbT2Dq44a4Vb6e+70lxx7nKwx8YOQN82JW0IZNITk4V6AXFa6P9
-oPV9G3TPpf09mL+K+BerOOOpjgNj52C7iQmACFY2L7ZwZClWYp7Xmcji4RPVnsSc
-xGTks3pYjpVHewU0q4gXjUhhy+CqK+Nwz5qCe5vgypUDTbR3n2g=
+MIHrMFYGCSqGSIb3DQEFDTBJMDEGCSqGSIb3DQEFDDAkBBCI1mruvgH/7HAfDiNJ
+z4tqAgIIADAMBggqhkiG9w0CCQUAMBQGCCqGSIb3DQMHBAipStdnEcwlAASBkJoJ
+FOJHKpu4qjBZIfneUf5VBPJNH+NoDoOB0P/WytBJxoPg09yJ+8VNgim1CuIMaCsj
+qArpMB4BlRf5KpDT5ucTbmlPoGj/51Eo+XsSe1ibZtBR8BCLZYBhZy5ikVGbRtGZ
+sGg4MDQUlzzWDgDAgHuLz1FY/uqYcW1fgFuNe+xz8UUipVRwP41BW4os6rB54w==
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
-MIICUzCCAfqgAwIBAgIIZRi7f/MAJXcwCgYIKoZIzj0EAwIwgZ0xCzAJBgNVBAYT
+MIICVTCCAfqgAwIBAgIILNW6raUlg+YwCgYIKoZIzj0EAwIwgZ0xCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
 BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEYy
 SzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
-Y29tMB4XDTIyMDEyMTEzMTczM1oXDTI0MDQyNTEzMTczM1owgZ0xCzAJBgNVBAYT
+Y29tMB4XDTI1MTExNDAxMzA0MVoXDTI4MDIxNzAxMzA0MVowgZ0xCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
 BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEYy
 SzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
-Y29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzQlo5ZS9PJ7tEifDb4GWLIcB
-49A0sUddXg6tvIDdZwWDEeNCrHZ2Za55budhEmjUScHT8OOX/RNwbU51BEvJyKMi
-MCAwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAKBggqhkjOPQQDAgNH
-ADBEAiB6T3DTjYQg6Th9qmXaf8Sr9YMhzp9THiwKY9wCMjk2UAIgaFZalmSAyAb3
-aPVOyJd/Vo4LhganarUtReirtMNLteE=
+Y29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXxZ/MH6nzGJ8Fe4edYEVjs48
+WceypkDVTxMqxP8U6TRk3YjJMfncX1IsaIfFY3+s31nHBkYn2rjif6NJAK7HMaMi
+MCAwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAKBggqhkjOPQQDAgNJ
+ADBGAiEA+Tq+595Ky67PA4Z5H145qNL2oBuS0WWqKkD6Qswge3ACIQCe0jlkjdGl
+gH6+9449jDcfsbFryxjwxlCWl9mx/3s/PQ==
 -----END CERTIFICATE-----"
         set range global
         set source factory
@@ -25406,31 +29846,31 @@ aPVOyJd/Vo4LhganarUtReirtMNLteE=
         set enroll-protocol none
     next
     edit "Fortinet_SSL_ECDSA384"
-        set password ENC SPryzUSTr9Ts/jsjZQp+oXy/DDM/HA0YXsit5BE1seRJI+W+EgD4n99AvENkE2dPVK2/NpQSBXo699NR6kSgNMgG9ZFuIBNmSVBKOzzBI3o+48Hq4VcG1Km0aSigWXMEHOs/SIhdgxdBdYJBBY7Wcx2PONB+oaDD4agCkBIUi6sjtc7zvGNC2/kYLQWip3uqkkx1Ag==
+        set password ENC m2sAgxfbBAajlnw7T003kiM0R77RldnK9VV4cOf5X/epXZZEQkCG2OGrPzhCbgkirpzjXGJVUH11NYEJk1geLXpf+UBLy1cul+usPbX1pvxIRwH0Rq0KYRO53pSPnMXyVXSR2X/0+SuqW5QN97K1LMUYod5j6Fe2KD4/M5pXkYPCgb6EEBkLt91EEmYUj+QEyFDe3llmMjY3dkVA
         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIBEzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI5M1UYhWoQC4CAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECJe66bW96f2+BIHAI7yen+vQ4LcJ
-1USCfHwEKH4jQwS9dzP+C/Xr80PFp9jcTMXtBYDncLwyLVZva8nyzEY63dr33i6s
-fAnaaUpnVSukBK4e+P0IGr1YdCUBrNAi7wlSftv/W2T3XueX6yUC+yanjM82jvGX
-ymmqJefTP+6GMIyj6f8/ADdRUdMq1JNBGyCnWmX6Z7jSNe/tsA8VekRFQMa2ksxW
-DQf5/S8xtta9dUld/L+bi8qQpa+JV+Ke3ilzLQAyOGmw4XWXN5mx
+MIIBGzBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQwNIDx6eQKyFe88I6
+v3/8GwICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIevDgLbDv4aYEgcB2
+EY43HFPy3u5SUrMeC6ozqnhP0H5sxQpgG3nmdnl/CY9DWamo0fBPIsA33+iUZS8F
+vNa9+kTKJrwQIi/5ecqtxIbWCBjmdTlxQmeRwNRhiXZl9gzEcdodegfSzS0dobho
+AGSATwu5tqPkllRiCfLCCJigkov3SyaTWvdSOMi1fs3gDfyLZSE/wsnv5v0I8OYD
+p2s1JNGe1YQag4IaurxRWW7jS6iqa7gokMS2Bx7vG4Bd0Gd8kWCZxtoDCheMDX0=
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
-MIICkTCCAhegAwIBAgIIaKfzT0doMX0wCgYIKoZIzj0EAwIwgZ0xCzAJBgNVBAYT
+MIICkjCCAhegAwIBAgIIG5QXpCktDM4wCgYIKoZIzj0EAwIwgZ0xCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
 BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEYy
 SzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
-Y29tMB4XDTIyMDEyMTEzMTczM1oXDTI0MDQyNTEzMTczM1owgZ0xCzAJBgNVBAYT
+Y29tMB4XDTI1MTExNDAxMzA0MVoXDTI4MDIxNzAxMzA0MVowgZ0xCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
 BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEYy
 SzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
-Y29tMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEXltra7ZMLIm5s1It30E8m0WMLm07
-cqGS0DcSOfH2EznGOMs79QXn/YH1IdbbWEz1w86NfgVxfyi5CWkKqHSsL1DBYLan
-y0v4BBrH4no+hB2UvWm3aExhkbqn4cbr10FAoyIwIDAJBgNVHRMEAjAAMBMGA1Ud
-JQQMMAoGCCsGAQUFBwMBMAoGCCqGSM49BAMCA2gAMGUCMBRHQLVuZxXEvqOwGRnb
-DL4Pi8SL3rLBZVJZw4ll+XIx9clascYG70Xk1ffcQDu4hAIxAJqAd+R0RhjDWrkS
-rXRhJBy9Awg19h5c3UFoaQRlfUIYy70XRPrIUGaxGZms7t2qpQ==
+Y29tMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEVW+7K239Jc4XxkQBOEwxhPgjnXE6
+Rcq4GTx5wmpsOLvGqKrCaVhVT6Z9lktEDYTMnC6OKk+cCyvp/fMoSUzXyYqyF+XU
+NhTkZXLCrnBD58Hwfc/RviA9I5Plr+B7zRqHoyIwIDAJBgNVHRMEAjAAMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMBMAoGCCqGSM49BAMCA2kAMGYCMQDP7ndKMvBDNfWc+LFt
+uPP9CfFbSkpVEEvLE62ZwP2BeXdA1csWm0vekFbFSh2/iUECMQC5Rj/cpwHCECCw
+GwB0oPXBYv0bs6Hpioo+Dy4nEB91ikwjFUhojQ25TmTHw1IuXrY=
 -----END CERTIFICATE-----"
         set range global
         set source factory
@@ -25439,34 +29879,35 @@ rXRhJBy9Awg19h5c3UFoaQRlfUIYy70XRPrIUGaxGZms7t2qpQ==
         set enroll-protocol none
     next
     edit "Fortinet_SSL_ECDSA521"
-        set password ENC pXQyV8/OpZsqqOmbWjb8EC4fmu9COXpnPQ5OYTkY5lNsRBR5JCiZKLlDaS57jRhbJBkFPZEJSg6yzsn6Cnlb7qcb+vN/Hq9N6zo7YqjzBSXRGBy9u5wOOhCVIwNU7YgBeIJZqorkiCxWvivkh1L2HNLjbDA+vRUmWTTt/mc8t9WYSpVdN1nuGjfNacrKscAHm1Kfzw==
+        set password ENC +kpKhZQbsumXe5WN+IIjD2IjVzWH/xIIvz7ApQo4neLdLBMATvtpcY80vSH7pJDg50aABDWhpJcYEG1hX7tlBD/bsjgxJ0nt1n32bZh/RuuiPFzSPsQPBPwKgtv8TnnSeRNnnhz4hYSRUZsAN0C5eT0KB/r+DT6eBKjz/6i/7eZzbE1M4epNQfo6Ca0AZgDCEJ/BSFlmMjY3dkVA
         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIBSzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI2JyEZr8Z9Y8CAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECKJB6WkvvgfJBIH4S2kAnhyyoRVn
-9qk1un6uxn4dk+elHrywk0fqC7As76kMGVGxtJUdG9f77qE8vw/Ds5oJJfjJ8Z9U
-d2O7hDG+HdjJIpFfUZO3/PvlvRGQ5vrSQ+QXZxozKA1q2MrK+Zc6HXSXvUAeq582
-4LOn7BKR1WTa3nidECR8ha/OHK1bSlzfxcw7dtE3geHET3viqXauACjWshoDgn46
-eJoL9kbmj1J3fOvehlM+NjOkuMqq0e2VA+mFNBrs3TGYzmMjSP525CNJi4EWK10b
-83C6D786BoNMUDNdqftASB8JcJ5rs88/jnIzRsPdRx0kJo/OGYPGunrArHx+aes=
+MIIBUzBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQP29E4aSH2BWOI7m6
+/Pq8eAICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIRfyxRfyhGZAEgfgu
+vzeDQDTdUqsaSReXh2Nm/XJLN9tV+n06SaGGCVBtxr29UTbeKxaLkyu85EcjwhrZ
+NqOaJYjRug5ZbYIqpgDTG0eXHT7+o/O2QkGVnVP9frI4ekZ5vdcmyXmS34Wo98SC
+Lw6SeLa6yGr/GvA6FGriRme9OCg0JmVIHtn/1AKM0wIBm0QS4J7QPhXYaMeMPGNV
+FAh3eIPReR3yVaIEapJ5QpkapJ86eQB90ntP38P51wJci0YrlNXuTz55vsZlB247
+oyziPd21FBGuRByeMHo9pgcY+bpKAHH3dSQ15l8eN4BGzuGPUYGfY9OISRsqQXrH
+4dbYlUKaGg==
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
-MIIC3DCCAj2gAwIBAgIIVq8ihaRoKLgwCgYIKoZIzj0EAwIwgZ0xCzAJBgNVBAYT
+MIIC2zCCAj2gAwIBAgIIUhWueGMt38AwCgYIKoZIzj0EAwIwgZ0xCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
 BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEYy
 SzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
-Y29tMB4XDTIyMDEyMTEzMTczM1oXDTI0MDQyNTEzMTczM1owgZ0xCzAJBgNVBAYT
+Y29tMB4XDTI1MTExNDAxMzA0MVoXDTI4MDIxNzAxMzA0MVowgZ0xCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
 BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEYy
 SzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
-Y29tMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAqfE1xW05XaLgS3pqEAvGluNP
-awzUAnkKAGAYCoTf476vdaZx9rXvZsLHf0l4vMKaQ9Bz6UqmT567MQECodv76m0B
-CQa8mJiek5dqT/TUTNibO4VK/xd0zkgTyJmzvKfmuG//NKejGZE7V8VQ8r9ZKvX4
-e2imhNBhmkJPZ6e8Zex9EY6jIjAgMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYB
-BQUHAwEwCgYIKoZIzj0EAwIDgYwAMIGIAkIBgfYFR5Zs8Bv1cBIc5Hxw/HR+SR5T
-j/wQQ1PI9if/yx4n5SicKsmU3SV5WdEC/ux8edI6pzgzKqzWGLoxLV45fGECQgES
-i8D6f3jce8/D5Ll97+q3Mmq1AHWrUBvBh7QeHd/48IIGQusgkNQbxAjquo2YbDXD
-AJvskQzNTa+n/oTmPe0ksw==
+Y29tMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBWqFY/hXIuA6B3fE3Q0AINVCk
+vkxEY3t9HpxMOqjeMxheL1c6HJf9K2QnC4qUGvCNYaQAr28Df43EDD58mQyXJMoA
+WjUtO9toaW6WPeaK9/vcRabISf5cPv1n5tUEKakmYd7rV8YYThGZEJFvlShdTlFr
+0bukZ8z+Y1H9YZFbdAmU2d+jIjAgMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYB
+BQUHAwEwCgYIKoZIzj0EAwIDgYsAMIGHAkFLvKG8jXen3dXGnWJhz8rAes/Clp3w
+MIkVFEisioof2RjQUooxsjXqgFxAJLSGKk39GE9+DpQEXzbNn3NtAt1DvwJCASGT
+RTQYKsLZj2Abo40BunNKX88KPo7zkO+OuLfBxRaBc3VGRdu4qlDSg/LjaXOnAuO5
+KmZtc8Ln0iqVyIJn0Xyp
 -----END CERTIFICATE-----"
         set range global
         set source factory
@@ -25475,26 +29916,27 @@ AJvskQzNTa+n/oTmPe0ksw==
         set enroll-protocol none
     next
     edit "Fortinet_SSL_ED25519"
-        set password ENC uHPceZjPq122rGFsIJFCyzNhuwQmy3aVNERMuV3KhVYyczbr67c38O7yCvRwuFWdIknNF0F9uUtZP7/dFeLYEl4SFnF+jllkVppZYH33+EShq9xLPdwSGo2RRsHPpb3EsJt/hjaiFd8HOH+vnyDUl7cyeOX1AAakjsRHVvelOJQ7U5JtXpSsljhISOxYs1XjTVXPzg==
+        set password ENC DGp9X7XfNZ2XM5bQDbD3/RSGMisUuVk4D5dhplWafGY8UAoPNZYVfrg6Kh+PRwAtEozW/+ncnOFeKTJWbw7vPMPymefKzrEPQLA2slLG06OgLfB5N9cwWWlPypc4SXd5Rs/emoa0tz9BxwGrB+hSsIKPc9HWskT9NfpegrvHhterTzaUyI1JPSFxnV0NlsYc+VCmuVlmMjY3dkVA
         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIGKME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAjXH8wejW+7FQICCAAw
-DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIUQw7h84j/HcEOC4f4XR4rn9p6c9l
-YFPlYjAzt2Lg+GJBGUC36CCN4lqPbWeVGFgSuxJS26+ljKpom3j8NzoQVmTq
+MIGSMFYGCSqGSIb3DQEFDTBJMDEGCSqGSIb3DQEFDDAkBBCE64Yv/TRXhencZ/9O
+gR++AgIIADAMBggqhkiG9w0CCQUAMBQGCCqGSIb3DQMHBAjbW/xSRzp6/QQ4XZpK
+Ya3AEl9Mf0wh+vMy/0+9Zwub8qUJBuZO8yHxb/WCKluWsrbWPs2E+l2lGeuuKxmy
+jn5TaCI=
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
-MIICFDCCAcagAwIBAgIIe9Jk9bbV9AowBQYDK2VwMIGdMQswCQYDVQQGEwJVUzET
+MIICFDCCAcagAwIBAgIITBDvv7P69TMwBQYDK2VwMIGdMQswCQYDVQQGEwJVUzET
 MBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREwDwYDVQQK
 DAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBGMks2MUZU
 SzIxOTAwMzM0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTAe
-Fw0yMjAxMjExMzE3MzNaFw0yNDA0MjUxMzE3MzNaMIGdMQswCQYDVQQGEwJVUzET
+Fw0yNTExMTQwMTMwNDFaFw0yODAyMTcwMTMwNDFaMIGdMQswCQYDVQQGEwJVUzET
 MBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREwDwYDVQQK
 DAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBGMks2MUZU
 SzIxOTAwMzM0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTAq
-MAUGAytlcAMhAPTybe+KeTPvQdh2eRZ/QfcwTvsaMhhZDLq0egkutZgcoyIwIDAJ
-BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAUGAytlcANBADgJJhYZcDnc
-jDiUkqW+EZWsh09in5d/a4DVDk78zqFsrFIbrWTQxotUHEYwu038DxndyIayYw1N
-dB6YzHdvZAE=
+MAUGAytlcAMhAOEIJR0IxVpfDEnTkVHVFHWB2dR5y7YWirilObrB3wA9oyIwIDAJ
+BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAUGAytlcANBALBY0q7ljU62
+aGS4USbjVm27TNYyp5kLKKTxLKaUL1QRbR1i+yMl8BhWXPa1p/f2Se6owVtESFvT
+VCBi0GLZOgw=
 -----END CERTIFICATE-----"
         set range global
         set source factory
@@ -25503,28 +29945,28 @@ dB6YzHdvZAE=
         set enroll-protocol none
     next
     edit "Fortinet_SSL_ED448"
-        set password ENC RMDpVGdxjzumtfOHVspIB9WR23FmZibs2sZLQKmLaKzWd0qmWi/bNfEaP4kPW+kodAjKlNg+tCVLuym/Wuh4LVRv0DEVws+AuQ4FHhWyJeJQxuuCCDS/ObgnShzeaLjX4cod54BvXn0uM//zk4EWZGfXB2gqrnLe4dJddM4A6oyP3ba+bjt+v2eu4fCKabamtNW8MA==
+        set password ENC cZlqQnTHDJzgFQrFme3G2rZZZXUlyofV0R99p5c+rnJK1Wz/Vj5HVvPjlwZbezPCppcGG00F0Rz1yDVNNNkUPTHXvC6XE3K/e85uXE8Rekjs81arIZWpb+rpTBgECFwdPr+VqSnWW0JDM1UeOiq1qtjNwVzahhEbXgefQfadgEYRRqEHzKYo/ypYrMGp1oo0973PO1lmMjY3dkVA
         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIGiME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAh0jSq1wDOswAICCAAw
-DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIDw67IHsEAr8EUIv4lPUsbALEx2Cg
-+ji5XUHbl6JO8NC7wROeWyoljbvM1Qjw+1BlviC9FY0sl4J2ootQ7nkJGx6aDKUh
-iaSFZdQBI5VljcLnOMz9BZqGmQ0W
+MIGqMFYGCSqGSIb3DQEFDTBJMDEGCSqGSIb3DQEFDDAkBBDDquLU2g/j2rpNtDNg
++3vsAgIIADAMBggqhkiG9w0CCQUAMBQGCCqGSIb3DQMHBAhuJyraSnpgKARQf+o1
+1iw1c4Lb0EkvzZgCWveTfOke0oWNmMCfX1aL6cFfMWw4yP+wXVIdY45eWo9QU94j
+GIK9ygOZZvCsqVPBNw+QM1OjKgAwBngDyK8qhng=
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
-MIICXzCCAd+gAwIBAgIIEpo4xm2L33kwBQYDK2VxMIGdMQswCQYDVQQGEwJVUzET
+MIICXzCCAd+gAwIBAgIIUqB2V4LUdhEwBQYDK2VxMIGdMQswCQYDVQQGEwJVUzET
 MBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREwDwYDVQQK
 DAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBGMks2MUZU
 SzIxOTAwMzM0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTAe
-Fw0yMjAxMjExMzE3MzNaFw0yNDA0MjUxMzE3MzNaMIGdMQswCQYDVQQGEwJVUzET
+Fw0yNTExMTQwMTMwNDFaFw0yODAyMTcwMTMwNDFaMIGdMQswCQYDVQQGEwJVUzET
 MBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREwDwYDVQQK
 DAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBGMks2MUZU
 SzIxOTAwMzM0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTBD
-MAUGAytlcQM6AFjYzJ8Mqakz7JW0a/UxfzmYUdJ8ctXQ3KLxx/smIp6dq2tAJS62
-K7nL2gm9oVHYfVGGzASzH6zcAKMiMCAwCQYDVR0TBAIwADATBgNVHSUEDDAKBggr
-BgEFBQcDATAFBgMrZXEDcwDSOW6ovjbS16JdUIQc4SHTPXQCnp3gN/3hRdcllT7X
-PhPTkxF0UQt34SIc/r8Bk+ZOI2jTFmxgegB8r65l0m1JEG8o25GjnLs/Y7picq6g
-Ci9wZHk6Jp1Z8BotCQLQsTqgitidAXzT3exG7bnl4C08EAA=
+MAUGAytlcQM6AAn6asaIw/7cIyfljXliVKnU3VnxEDZEh9KIbyjEQd6yVnBOs0Ow
+ZouU6IZyNgACdgHwjrDrtvWLAKMiMCAwCQYDVR0TBAIwADATBgNVHSUEDDAKBggr
+BgEFBQcDATAFBgMrZXEDcwCqpxarhVT445RMmBoADOCGxmrRGmvaO48HCXtYJOvs
++EWF9/UZ9i/4hp6oXlDLApSfsfbfxCA+IQBShUUavyPENIKqTos8Wzwy8UG/O0zD
+1CcB0l2Yd63XwzGbI2q1duj5Mq7IlVHCZMJaJNePEhdzJgA=
 -----END CERTIFICATE-----"
         set range global
         set source factory
@@ -25545,10 +29987,13 @@ config ips sensor
         config entries
             edit 1
                 set location all
-                set severity medium high critical 
+                set severity medium high critical
                 set protocol all
                 set os all
                 set application all
+                set default-action all
+                set default-status all
+                unset last-modified
                 set status default
                 set log enable
                 set log-packet disable
@@ -25567,10 +30012,13 @@ config ips sensor
         config entries
             edit 1
                 set location all
-                set severity medium high critical 
+                set severity medium high critical
                 set protocol all
                 set os all
                 set application all
+                set default-action all
+                set default-status all
+                unset last-modified
                 set status default
                 set log enable
                 set log-packet disable
@@ -25589,10 +30037,13 @@ config ips sensor
         config entries
             edit 1
                 set location all
-                set severity medium high critical 
+                set severity medium high critical
                 set protocol all
                 set os all
                 set application all
+                set default-action all
+                set default-status all
+                unset last-modified
                 set status default
                 set log enable
                 set log-packet disable
@@ -25605,6 +30056,8 @@ config ips sensor
 end
 config sctp-filter profile
 end
+config diameter-filter profile
+end
 config application list
     edit "g-default"
         set comment "Monitor all applications."
@@ -25706,9 +30159,74 @@ config application list
         set control-default-network-services disable
     next
 end
+config dlp data-type
+    edit "g-edm-keyword"
+        set pattern ".+"
+        set verify ''
+        set match-around ''
+        set transform "/\\b\\0\\b/i"
+        set comment ''
+    next
+    edit "g-keyword"
+        set pattern "built-in"
+        set verify ''
+        set match-around ''
+        set transform ''
+        set comment ''
+    next
+    edit "g-regex"
+        set pattern "built-in"
+        set verify ''
+        set match-around ''
+        set transform ''
+        set comment ''
+    next
+    edit "g-hex"
+        set pattern "built-in"
+        set verify ''
+        set match-around ''
+        set transform ''
+        set comment ''
+    next
+    edit "g-mip-label"
+        set pattern "^[[:xdigit:]]{8}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{12}$"
+        set verify ''
+        set match-around ''
+        set transform "built-in"
+        set comment ''
+    next
+    edit "g-credit-card"
+        set pattern "\\b([2-6]{1}\\d{3})[- ]?(\\d{4})[- ]?(\\d{2})[- ]?(\\d{2})[- ]?(\\d{2,4})\\b"
+        set verify "builtin)credit-card"
+        set verify2 ''
+        set match-around ''
+        set look-back 20
+        set look-ahead 1
+        set transform "\\b\\1[- ]?\\2[- ]?\\3[- ]?\\4[- ]?\\5\\b"
+        set verify-transformed-pattern disable
+        set comment ''
+    next
+    edit "g-ssn-us"
+        set pattern "\\b(\\d{3})-(\\d{2})-(\\d{4})\\b"
+        set verify "(?<!-)\\b(?!666|000|9\\d{2})\\d{3}-(?!00)\\d{2}-(?!0{4})\\d{4}\\b(?!-)"
+        set verify2 ''
+        set match-around ''
+        set look-back 12
+        set look-ahead 1
+        set transform "\\b\\1-\\2-\\3\\b"
+        set verify-transformed-pattern disable
+        set comment ''
+    next
+end
+config dlp dictionary
+end
+config dlp exact-data-match
+end
 config dlp sensor
+end
+config dlp profile
     edit "g-default"
-        set comment "Default sensor."
+        set comment "Default profile."
         set feature-set flow
         set replacemsg-group ''
         set dlp-log enable
@@ -25816,7 +30334,6 @@ config antivirus profile
         set external-blocklist-enable-all enable
         set ems-threat-feed disable
         set av-virus-log enable
-        set av-block-log enable
         set extended-log disable
     next
     edit "g-sniffer-profile"
@@ -25898,7 +30415,6 @@ config antivirus profile
         set external-blocklist-enable-all enable
         set ems-threat-feed disable
         set av-virus-log enable
-        set av-block-log enable
         set extended-log disable
     next
     edit "g-wifi-default"
@@ -25980,7 +30496,6 @@ config antivirus profile
         set external-blocklist-enable-all enable
         set ems-threat-feed disable
         set av-virus-log enable
-        set av-block-log enable
         set extended-log disable
     next
 end
@@ -26009,6 +30524,7 @@ config webfilter profile
         set replacemsg-group ''
         unset options
         set https-replacemsg enable
+        set web-flow-log-encoding utf-8
         unset ovrd-perm
         set post-action normal
         config override
@@ -26020,11 +30536,9 @@ config webfilter profile
         end
         config web
             set bword-threshold 10
-            unset bword-table
-            unset urlfilter-table
-            unset content-header-list
             set blocklist disable
             unset allowlist
+            unset safe-search
         end
         config ftgd-wf
             unset options
@@ -26150,6 +30664,7 @@ config webfilter profile
             set rate-css-urls enable
             set rate-crl-urls enable
         end
+        set wisp disable
         set log-all-url disable
         set web-content-log enable
         set web-filter-command-block-log enable
@@ -26165,6 +30680,7 @@ config webfilter profile
         set replacemsg-group ''
         unset options
         set https-replacemsg enable
+        set web-flow-log-encoding utf-8
         unset ovrd-perm
         set post-action normal
         config override
@@ -26176,11 +30692,9 @@ config webfilter profile
         end
         config web
             set bword-threshold 10
-            unset bword-table
-            unset urlfilter-table
-            unset content-header-list
             set blocklist disable
             unset allowlist
+            unset safe-search
         end
         config ftgd-wf
             set options ftgd-disable
@@ -26626,6 +31140,7 @@ config webfilter profile
             set rate-css-urls enable
             set rate-crl-urls enable
         end
+        set wisp disable
         set log-all-url disable
         set web-content-log enable
         set web-filter-command-block-log enable
@@ -26641,6 +31156,7 @@ config webfilter profile
         set replacemsg-group ''
         set options block-invalid-url
         set https-replacemsg enable
+        set web-flow-log-encoding utf-8
         unset ovrd-perm
         set post-action normal
         config override
@@ -26652,11 +31168,9 @@ config webfilter profile
         end
         config web
             set bword-threshold 10
-            unset bword-table
-            unset urlfilter-table
-            unset content-header-list
             set blocklist disable
             unset allowlist
+            unset safe-search
         end
         config ftgd-wf
             unset options
@@ -26782,6 +31296,7 @@ config webfilter profile
             set rate-css-urls enable
             set rate-crl-urls enable
         end
+        set wisp disable
         set log-all-url disable
         set web-content-log enable
         set web-filter-command-block-log enable
@@ -26795,7 +31310,7 @@ end
 config webfilter fortiguard
     set cache-mode ttl
     set cache-prefix-match enable
-    set cache-mem-percent 2
+    set cache-mem-permille 1
     set ovrd-auth-port-http 8008
     set ovrd-auth-port-https 8010
     set ovrd-auth-port-https-flow 8015
@@ -26804,6 +31319,7 @@ config webfilter fortiguard
     set warn-auth-https enable
     set close-ports disable
     set request-packet-size-limit 0
+    set embed-image enable
 end
 config webfilter search-engine
     edit "g-google"
@@ -26828,7 +31344,7 @@ config webfilter search-engine
     next
     edit "g-yandex"
         set hostname "yandex\\..*"
-        set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"
+        set url "^\\/((|yand|images\\/|video\\/)(search)|search\\/)\\?"
         set query "text="
         set safesearch url
         set safesearch-str "&family=yes"
@@ -26904,18 +31420,29 @@ config webfilter search-engine
         set url "^\\/i\\/api\\/graphql\\/.*\\/UserByScreenName"
         set query "variables="
         set safesearch translate
+        set safesearch-str "regex::%22screen_name%22:%22([A-Za-z0-9_]{4,15})%22::twitter.com/\\1"
     next
     edit "g-google-translate-1"
         set hostname "translate\\.google\\..*"
         set url "^\\/translate"
         set query "u="
         set safesearch translate
+        set safesearch-str "regex::(?:\\?|&)u=([^&]+)::\\1"
     next
     edit "g-google-translate-2"
         set hostname ".*\\.translate\\.goog"
         set url "^\\/"
         set query ''
         set safesearch translate
+        set safesearch-str "case::google-translate"
+    next
+end
+config virtual-patch profile
+    edit "g-default"
+        set comment ''
+        set severity info low medium high critical
+        set action block
+        set log enable
     next
 end
 config wanopt content-delivery-network-rule
@@ -28980,28 +33507,6 @@ config system vdom-property
         set proxy 0 0
         set log-disk-quota 0 0
     next
-    edit "scsd"
-        set description "property limits for vdom scsd"
-        set snmp-index 2
-        set session 0 0
-        set ipsec-phase1 0 0
-        set ipsec-phase2 0 0
-        set ipsec-phase1-interface 0 0
-        set ipsec-phase2-interface 0 0
-        set dialup-tunnel 0 0
-        set firewall-policy 0 0
-        set firewall-address 0 0
-        set firewall-addrgrp 0 0
-        set custom-service 0 0
-        set service-group 0 0
-        set onetime-schedule 0 0
-        set recurring-schedule 0 0
-        set user 0 0
-        set user-group 0 0
-        set sslvpn 0 0
-        set proxy 0 0
-        set log-disk-quota 0 0
-    next
     edit "Policy"
         set description "property limits for vdom Policy"
         set snmp-index 4
@@ -29046,6 +33551,28 @@ config system vdom-property
         set proxy 0 0
         set log-disk-quota 0 0
     next
+    edit "scsd"
+        set description "property limits for vdom scsd"
+        set snmp-index 2
+        set session 0 0
+        set ipsec-phase1 0 0
+        set ipsec-phase2 0 0
+        set ipsec-phase1-interface 0 0
+        set ipsec-phase2-interface 0 0
+        set dialup-tunnel 0 0
+        set firewall-policy 0 0
+        set firewall-address 0 0
+        set firewall-addrgrp 0 0
+        set custom-service 0 0
+        set service-group 0 0
+        set onetime-schedule 0 0
+        set recurring-schedule 0 0
+        set user 0 0
+        set user-group 0 0
+        set sslvpn 0 0
+        set proxy 0 0
+        set log-disk-quota 0 0
+    next
 end
 config log syslogd setting
     set status disable
@@ -29063,7 +33590,7 @@ config log webtrends setting
     set status disable
 end
 config log memory global-setting
-    set max-size 507278786
+    set max-size 507278663
     set full-first-warning-threshold 75
     set full-second-warning-threshold 90
     set full-final-warning-threshold 95
@@ -29078,6 +33605,7 @@ config log syslogd filter
     set anomaly enable
     set voip enable
     set gtp enable
+    set forti-switch enable
 end
 config log syslogd2 filter
     set severity information
@@ -29089,6 +33617,7 @@ config log syslogd2 filter
     set anomaly enable
     set voip enable
     set gtp enable
+    set forti-switch enable
 end
 config log syslogd3 filter
     set severity information
@@ -29100,6 +33629,7 @@ config log syslogd3 filter
     set anomaly enable
     set voip enable
     set gtp enable
+    set forti-switch enable
 end
 config log syslogd4 filter
     set severity information
@@ -29111,6 +33641,7 @@ config log syslogd4 filter
     set anomaly enable
     set voip enable
     set gtp enable
+    set forti-switch enable
 end
 config log webtrends filter
     set severity information
@@ -29122,6 +33653,7 @@ config log webtrends filter
     set anomaly enable
     set voip enable
     set gtp enable
+    set forti-switch enable
 end
 config log fortiguard setting
     set status disable
@@ -29133,8 +33665,11 @@ config log fortianalyzer setting
     set status enable
     set ips-archive enable
     set server "10.1.48.40"
+    set alt-server ''
+    set fallback-to-primary enable
     set certificate-verification enable
     set serial "FAZVMSTM22000402"
+    set server-cert-ca ''
     set preshared-key ''
     set access-config enable
     set enc-algorithm high
@@ -29170,47 +33705,48 @@ config log fortianalyzer filter
     set voip enable
     set dlp-archive enable
     set gtp enable
+    set forti-switch enable
 end
 config firewall ssh local-key
     edit "g-Fortinet_SSH_RSA2048"
-        set password ENC M81xAkmQmhuAGNt8RHW6cE47Gne/wOg3vUN1VT1UxrMfoSPYGMpb0ILUQDpEextkKWmtRhIKeWyfy23drDwcl7dG763F8ZL9a+vEEXV2wBMjKN0Nfup3E5UdHyNjitPngi6sA07HaZDG9tdb42Dukap+rwQ8k5ETHCQzgS+iFNcgLhZwXMSMtCV1aOrmhGWl4ot1pA==
+        set password ENC PjRb2M4eT44Oc36wxOPfblmbYWEEJCGVVFJxfd7ThDxFw4IA9B/GkFnDzF3t4kIHu+u7ypsKXIjgPGFZD/qwzSip/4UkLpnLLxgawGby37qtYAXEH19W1UAcSfge0/YeP1zdMhvwF8YCkoN8V9b4IylcttPCrcJuQOECPrLk+MdoKxnmcMONKqKY64hJpR2bu9j5gFlmMjY3dkVA
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAFQPGDpG
-Q8o+mktySPJqK5AAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhh
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDMArkPec
+zvbzQNQLJ+ZhHHAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhh
 Q5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7
 A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GK
 hFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvC
 HA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8z
-OSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0vAAADwBoKo+7xugNDDC
-Xb+rcQGbPgkSpeDCY6NocfPJ99rrKPm2/Q230fzQ6LHbVTujGV3K+BamTb+CjXkZaXlvU/
-OrscZtORhABTRBd4/oY1nRjSDvQerQD8jjKAgJvqWE2KwPZJkenrdLPQeSjvfCTt28whuU
-FBEEsoQe3/L6FKL09xCmyjv4nozCDd6+/qHKhTXa3X9kuRHgjifu0GKAgVzVCbNCt4DHKD
-NzMLQEBvluihTyHefkeb0jY1InbckYU20NljTqEk0/F2koKrYi3YAg0mvZjM9tVx95zJNo
-TnsdlfdUZXMuWAV11rn6QrLfd8QrGwOUEWtYzZRhCcSFV1c32dCWMf7F6Zcn84g64HVMqB
-cd0ullOU9HmEtnbgZjtGXAWLFF+4SjmsHqI8TL0AZU85+aW6JB5XZ7WxunNSiP2DrF9Fss
-x8Qz5S/QJRb8d7lO5Laq4MGXyjaWpPQU+4Hl1lSBtuUp7lcMHMYy3jKXSroSzcDGocEN/A
-Ori4Mgc/nt7i7HHXOO2wEXHO5ibYfbSibPeUsbgdf6+777ND7kEXbcGJPvraeR4LmrO6T8
-cTLkXCakcXp6tLzwF0YEASKEEsr8gJcAPahsV2ITa1peppN/yA3+mW4bfAoNOE9HZYiYgO
-/1RGz1eIW5voQdPWbnw0kFGFBv4u4XT1dbXJUPpa/g+jfWjwyb4TDgVpMGMezfyYo7EBCz
-E3b0Rruyfo6AGgK0UmbrznOR6vApeRcjr+BrjNUPpqBcwfEbAPJMOlqaOVP3B37UBpbgDX
-pRoIAOTwEKtWwKN/wM8CmrRxqInWUBxf3FD4wc0O6eXUDQzKsQp/+X3l8sgtrNFa554LbW
-V5QF9BfO1IJig8yaki3xg+M8Hrf3kMlMeOWLXkCJ9aJf9GUFf4InyhXeyj4YwBPNb4FRCS
-ETU45sLhXhvRVPQGW9/PBj6y7i6qIE9oqlqiQ1SE0bUJTxey+4qD3WkPpHqSPQMeMkUmIv
-tpWKE15D5NTdKKtziX9e7D9mjfFh4Ab1CSZQALodWo9racYYIgl7Lfq/iLBt/lCRb75ZDx
-+gPGjDrAuj+A4xbRmrRZbSHAVunAm2LEKgrILzfPG1GcWSdB0Yd3cc2HTrEuWQQsbNPiuN
-tRMPA5JODd1sqFRkUjZ2GWqL6YW2TlRXr8ZbLgzyWTlWY860QRUoEZKAKuZzFva1/MnHYc
-D9EWV32z3WAFXeOkdO53LirfXoyvz2JkQ1sDLFpLfpnvZPjy6fUd1t4uZ9oL4AUcG5A+sH
-Xt1vvScA==
+OSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0vAAADwIRR9CJ+uKIOJs
+oMuy1BuqQOC29IhsTIfwkRDQK3qwP9D8k/G1TXuP5oXTb4QGPcx0S7DWvwKb5/ZcV684XN
+LtOWypeXIrV+IexC5ihXDXkUnvKY6Gbgtu9q5VB63p2SDuiDGxeASmWtsJ3TU+RdrZ1O4K
+TTVZ5p8Mb7/AFnbpH+lSJDEHaZ9qw/5EtbKfNTvJhXjnM/R7hfFtUW6lxjy3iv3K88Fv5q
+jOvUfF/ARX+TIQZIFPCcEsH29kt1SVo1sq/8/F+dwDPObCpDh2EBjsu5++NMD4Y6/DdDrz
+Jaqv1wjQHsaFYI8ep1pRvBUMrF2Bx3xpnTvx77qqA8dR/tL/t7LeXFHUkHHsBp0U8PMjlc
+Sx+dMtIAtBg1l6j/cHYmgAyo1ZqqyLUyVim/cwBpHBuM9QORdFUskJskB1F/bwOT7FLNzG
+1ffMFVM3HABlaEMOfgIcwfgerew8RbY/SxdF3uvkZ4J8tnd/srxfGjQXO1FGMge8Hp5gwY
+x+fvsvJFIflQaiB4cqeAUZRGhaIq5ccQA298ndlyigGKupIXqdNyNQkShaeQYkCT2Hf9Y1
+PdhfWfBRF6cFw7ZhdxrzlBHsB6RySGVZOIFHFzFcpbE+u6NNseF7LXZOg9eVOIAYW+qcNz
+Stw1O0DtaZEidODJB7t2bj8Gu+7UhvJsyplqbuj7Ohtfc2retEBn6wC8SgfLbIn1qSR/R3
+foTD8xvac3TQTERVbk4o1UEukRfbRv307kj3UdotxTpRpLVYnW/0QxsGf+CKOnxGimBLiX
+x6IJBjRfr3QdkzwosMbC5Cp5nvIukvySAMoSG4+VEJSR90Wf0/G/705999L/G3sUNNTKWI
+7FsF5/DZENcm0xbrXfzLj3tOFMeE9fcqQEZYLzOyZhqYllU5c34BlhtOt7ygivSaJe2a52
+kQ43vq+VRkjCV501sipDiHeic1/bEOs55ERGB8yh3Ge6PHms5yunZXIpM2Y6GPQ2Rgeq4+
+ZvwVtpFtDnL3BOjlxI27TeXYI0x6DsFWzcgl7ljxjNx9HN0KA3mrodjscrAFeBIxQnjyiR
+mx6VURNltMIYMnNQlXW4FHH7yGXzXYk4ojhHgcgpaDbPHQm5G3/Yok51pPtsQ9J+7m+ehm
+BWLKEE1g7lAiYtI6bBbLQuj9VfeonQkO7aNm8pzY2znIQlNh1SQlXnUF1qdggAEXgsEVIt
+cO2ROJsZFsbT7Dw3tZAkyvotKQ0v2SFwboCHCSWVecx6Q4lSid+C+MsbxO1xlEHwNDq17T
+G8Wu6e8A==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhhQ5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GKhFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvCHA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8zOSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0v"
         set source built-in
     next
     edit "g-Fortinet_SSH_DSA1024"
-        set password ENC nf/miCy8WzSGw4WTNWep8VKYz7aMzmpB3bkb7lbvGxv9e3nVqiLOj1E45hIEvgsfGF84xBGME84/qM77EgKtwLJM8zMp3yV6R0jEwiHy6n0iYd7ICkqPdYySEtDBpDVEArQnFAXrTLJQ+iY+tCplkMmPuAgJZnfCxramg/DObyAJcdzWET/a4ptMT48TMN4Aby30tg==
+        set password ENC 7qRtbwErXFPddz9OjvdN8aozR0HH1kOvmW9Q5+5iRjaPb04mgXMEWBbGSd7LicJs3sfg4NATpm3MgotHo1yrZvAh0H2yZvx7a5Gs27fzLeQmIaR2J3atJXf+ww9PZ+rRvX0f1LXuiNhYJIDz3p1uczqno/HubrsRj+FhL5ciItRwqHFLbKFFv/fOA5RAlo7gwNnCNFlmMjY3dkVA
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCsTsvNYA
-0b26004l8z8i7xAAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDho
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDfWpFE0i
+XCd0QURSp4tDCxAAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDho
 KqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTq
 a7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq
 7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXk
@@ -29218,80 +33754,80 @@ jxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFR
 XsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEe
 P+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5
 lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11G
-wlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQAAAHgzgAOtcSS6fPeDulJ
-39PdJTzYpcTKSuHcUZV/mNHTzVhJqQxB6B9HLzfNKCy3EryifKql5HG2hhH6sggu00PbIl
-iLwFSIZRomdxWdDEC/0iOm/SvFkMMDR4R1VjNiqNsZcalKL0MuUbD65eRQEMhNwU+NnfD3
-w9zUGnQIrY823ehOaomlgzFJyBj88c3wOp/QAnaJwkK0q+F6pPUrA8Elyxjx95e2ysstac
-xjp4WRnWaAh13goad2tKPYRZr7LBYRpJMDLrTuedPzSbe+qgKEeMG3LiOX5dSEzRYh0CdL
-YihrYMyiosE9Q42QWGVt1tostNWY+P84pl6Ums5yH2ePz0htMhv6Ykcw+zuDGgDPQPIep+
-YivEsMViSNYAftgwHjKZY9vSm9Z080nCD1Y7am2KxKiDxLZjMpGoCqUVj0bgMRatalRs9e
-ZeRwi8Snls61FjQiyIFMcfKsihvBrZaFKIz53IBgSFp3t3vmOB1PVHy9oW0DqP8vgCu6qy
-wgqiinAB9ITb6R899zqkf6OTL/gTmZvZJQdG6X/L6xM/GeqAlbNqq/XUI2W/3AGGFYurRb
-floJVo0ZGUcsZBwbJZf83CXohyF0ZxU+BA7z/THjasuxqgW+xil417cAAMx1kY0x
+wlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQAAAHgS/BQuclL3Fmvho5r
+5vjUwzJbyChZhWxkXG3eKGvkshX8YTRtMWlUDLMIPX6RQk2N8dtWdYo2INAYwzOO/nHgVC
+ZoTlNsCF0gWa0vEbOikSBU2wAJpfTZFbBzxUSKcvK7KxCTDJ0LWNLmTypFhxaappjiy2BN
+x8VJDLG21NU7bR86lFhg1/w+OXsRdSBjJpI5ox2raAyPS6we5ezjPm3y2anL5TF4A4AmM5
+F3KkMZluZGBemTxITZJC2RwRXJkPm+93wC7U5ILVsn2J8KJjX5Jqo3flnXjBe3y2s/NJCx
+31d2C/BqPmzgTus1a+xcAk3H7AoLIlkUQ/Kuvmd4ALcBPIOyz1UgoitYpQrxW2yz9LfAfC
+dsMCsCceYbY5oOPJJ8frLbDkbSfDlkQO2AHP+M9+aY7Sc9ehuttvdQ+kopBP4y0v8k6n5F
+rV/GOPkr0rAThvkiCtectOqIh4pOJdWiHV0UCKuzka4kYqda3nIB59SfjrAJU4Fs8Plgr+
+EaZmSp5z429V2X3bZch5VL2L5yzbwU0H7vtzUM/BCNsVHncqyYJeSHc0Q6+KgSuCsr2rvO
+26/sUh9gQ4OBP5WcKZRcjRtGsXy4Cy8Z5OD0JWIrWlTmXZn9IQaPpsaMEJMF52lV
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDhoKqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTqa7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXkjxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFRXsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEeP+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11GwlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQ="
         set source built-in
     next
     edit "g-Fortinet_SSH_ECDSA256"
-        set password ENC Ok3d6HMbZL/B45dyBluw2KBL6+bHg2Sv/jai8fG5xrORypSZM9wU9yL6QUhqQAhvB7gx5jVF8HCYrBDQN5OvafaG6mTHGMS8ReY5r6XMBQ9TgFQnr5WBngI+UYg3ZzN4ipMp2Mnv38iGYUVbzNa9mPaOpM+3+NpfTFH5w3palDKLVd/vVTgP6XxmymPfyJodL/XP2Q==
+        set password ENC L35DWrJ6lmBN6SPGCqYssKI4oXXwCNIcwvY8flMBxmsnEinY/KuWdpQqRmveIggcQFEmp6qPO8Pp/b1jzq41daousEwoPt/sOvC2vX44lLILkTku8/2sR5GNyDpL+XujiciyBJR90bUdD3dJOCwYDTQWJB+rMl5kfwrnbfn8uj40kkd5xy8BpqaoJ+Rx2lqDrUHfY1lmMjY3dkVA
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABC6LqlkPY
-/Hdb6OrWPuEFY0AAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB5/6e7jl
+Mch9M+27aUJHDlAAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
 dHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvK
-y7MHqF8ARHi1glc6RSoarryTUQuCIAAACgVxupR7dKdgRH81tvCGVVIDuY//Vx1Yi/Yk0h
-BPrtDwxQhyoplotmX9mTOqazAvefWgTaNjvM9ijdzDa4ZaqNRnnG3P2I6Q9MPhjJtAXU8d
-6sLeriRKwNwnKx2IOvUqw/Pwe6rsubJPij0vXYi/cYVz21DERJvAG+5+1ADdYBbCKG7eEH
-84sWnBQ98dSS7TCNT3vSK6o2Bd6JddGULj+UPw==
+y7MHqF8ARHi1glc6RSoarryTUQuCIAAACgkK+gYlQYEjpNKQ3JDiggWfHFxRdEL8J/6GZK
+P/yWY3iwinZj3eg+3XFwyGgbN74kRJLlrbVCkzWkgsTRIce4gVqvD41EvyAv8IrnvqlSgV
+KKhqvOYrICP1ES9y4himR5YrsbHvSaiSCCipl4ohdo8EkA1XuGFaRiWHBoN+J+9YskDuhe
+QNVOZyHrEWqSqVCbiyNDii1wdNYqIQJTkxVWGQ==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvKy7MHqF8ARHi1glc6RSoarryTUQuCI="
         set source built-in
     next
     edit "g-Fortinet_SSH_ECDSA384"
-        set password ENC /n1NObkNbthTtZnxvH7VGOVoMUOvqqfc88n1cl2ec+4G01qefJYpVaPdkpsLsPyXP/opo6Nu03ieRxpw0b1qr9ze9t9TLgeSFEu+eakM748LrKs6rxHXOPQXTWBhuU/m7se0qVRZYck8i4hoREsrwMSOhaebDX0bAvedEIqL47eFXVYGw64fCTqF/AvJCVJm/R73ow==
+        set password ENC J657S0tGqPC8qt1c/HPvAG0L2cLg6FoHcFPdEN3TFrjs3WIE3Y8CfVH7xZgmnzBOCBCXmI7bDB5+81hGgcHRIU9PJaYCqTAwDNJmrZnkT5yt6B+82G2hQSR3Z1VUsVRuun4WFC/WiWgJydnY5mQJO0GF2LjwOoI8jLPR0urc+nI8DVGdY0CierrOu2MOiI3Szn3/7FlmMjY3dkVA
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB0uOieAX
-++ifn8DLavtjHxAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABD6FGSydb
+MfCfEkjYSDilDQAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
 dHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMj
 U5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXx
-dgAAANBLValBjOP2r5C1kT+Yr9A5Ce28py9bbFBwKGsyJRRyVOmJJvq/CjlgWrdenCuNED
-QUokZvQZZhhbXnk4KZcl/XWrq1b2lCxwSBLiiGLpyNUg+AvIRs13UiMZtLJLbxRR43BNpZ
-9FDCpid1AfE6TwpGvdx1dn6Ah4nfcxO7emsKe15Gri6KKxZxLD2ITDErEPrfZ5S8FBNKYW
-HQFDVYdALCo70/aeJhlUqqW4Xq2SW4LLvSFw0aeRi1GGUS+ym6ffR9h8h9cVatLZs8h6st
-2F3+
+dgAAANCDHSic3ugGkKXrzCRCN4F9+HiSwqQdY+p6vgp4eoW8VbSFvlSOwCJ0YCiUJtfbBt
+w5njw5GMczncUHPNb7z90o9bv6KoSmlEHeXfFoPKl189RWx93tYuKlh87wYucskyv8QgR8
+6jnKX2rSmnjytvCOHahd+dSTOg5zwXzZUBSe69NXYrm7IUV+MUJnqA/wQfUu9gLNqjgEmR
+DkKTxwKb8V778U+acbEaCTglnZSw1Ci036r/1CDOpTHNFnC+8zRFFtn5XW6A2fWfSLYEtU
+GanS
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMjU5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXxdg=="
         set source built-in
     next
     edit "g-Fortinet_SSH_ECDSA521"
-        set password ENC a2pk7MKToR//NPBA4ju/kXlBO6umVEami1cFD6H/Fr/4uFDy/6AuyrZQgtEX76+MxgHKjpuJrGxtBM84/+PtDFsn5s+3c9VsyyzpzRKYtjBT6gda5h/vWKoD6N0LLKlIoU3sWQc3m78533bEMOdReqx2fGz/vKFjR68kqLLcTgANi9qX2kmKPfEAcudb+BWR0XZzWA==
+        set password ENC y2xXtNxCCFssy8GLGTIdElLcmOn5VfrdSI7AqpIxfA8S0Sy9JAvp+ulsLOTzvYvVfBaDBHXeVQNug1CnCFngCQBJtnMbr72gMFI3cxqHDIxxtmEg/9tBD93Z3dG43XHwr55Z0Tp0Wa8wI1cdDxCHS/3g2FUqFocR1OxPK+UYEVABzIReEc7ZnQZ5Z/htZUT++7Kts1lmMjY3dkVA
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCBJpFvQr
-+3HPGMTII33aC8AAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDvliYNGu
+EFZjQlDTBzJmi5AAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
 dHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdF
 t5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+K
-HPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RAAAAQAIIfxsaGk5HnTJGL
-gKLEvymOn6YH6QOWCl3sPREJV3f1eePm1s+1AYbP9In7PkE7QJAxsFua8lebxEp6Uif4xA
-NkmFr2DxyTQX109wM71cssRrSvjlYiMJqFd2l8xeqlZA+2YEYCKkVZnJBry/oKoDfcELyX
-1EJVj9DPHrjRA1Y0VqOyXqLbmf5iZaLZskZ3LzRE2mH08rL5h+eYbeJVD0UmKN7NdwJtU9
-We+TPo2xrB6elHZIMlV4ppGUPifwR5ni+ZRgS+o/+zoHu29PEvGztRWNBN957ZaTGd5eNY
-v/mW78+7F5tmt/KkV2SW7sJmZxcPoA0ONHwtHmaHqdhuua
+HPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RAAAAQABILIpSeVN/21mCe
+eVUgOLmNu2sYRE/pHxZoKsC1BpjGNQWvg78hJ+cpll5cP4ihueTkQ+fgA+0uxO6nEtACEN
+3shPq5zr/OK3JdTlS9NorQjuFv6CMVsP8duQws9NSrt2LJvneAXMN4m31gkVRtmOAFrUBA
+xjViicvdDNxV+Sqz6cxnmRe2zMobQkjVKPOu5WpOVFeRmrjUSoPwrR/28cPHFF6IsdONA1
+BdX7QWIzC9rJrfgET9JRlv7s0oDJWQyqHV8S84TDvTZPnot4pkNAVDr0qJGPoWjCPbMxgD
+jhfbcs7CfjvNT4zfbw30BxniJGjv/WFKDyljfkcNgS9Qgm
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdFt5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+KHPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RA=="
         set source built-in
     next
     edit "g-Fortinet_SSH_ED25519"
-        set password ENC Say17c5prNJXZGUmHspTARl93vCuxkBVsgK+VjWdXUHPLAng7CiKP7pmmobaGtn3kW89vYU5oE8nrEZko9sM6z0Rnt9vYGpCe3Jh1nR3mY8rCdh0QbYx2uS4YqPy+8xYlNW7TOvKudOXE75xvIX8J/ck7CCQ11+oxsWPdKymiYFpXfSYqP5Ed6295S/iRc+3uivMig==
+        set password ENC AH92o/IfB083TYYYaUD+yrx1BoIPKQHIcqqSeP9W5xqtfqFYco8rwfSGeb4JZhLh5Nli6DiDqixZuP827iuIyPOtIhkcTMtPO1vXmQ52qYDN6vLjljY8QChzb/LM+rp/hF0+ESAoPoRAFv2ZUBUy+0N6J2EAUpdoxErdSbvw8BVca71jPbd0YruhSlvBxV562lJQx1lmMjY3dkVA
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDW2SdDDT
-+IBJQ0+eayPutWAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd
-3JUEAvHnugjOGiXz5Puxg/8YfanOAAAAkMpcWN7RXKH/uB0iWRlrAKTPHK0f1xqBoz6yqO
-V89vDInRfhlwYhS9AuFfm2OElbDGek4zOMNpFrGa7tlJw1NC74SQlDkBe1wrLauUy9MLyk
-ZCBfC6Gw8g7S3xwMYKQ+AVUjfQ2x/800xJhBLKH/3X5gtyjIKuXhRTEjZQBbBQjWtDw++i
-9pkiQ2ltDNDw2Upw==
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCypLFkwZ
+tKzdWm6jAo4HMxAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd
+3JUEAvHnugjOGiXz5Puxg/8YfanOAAAAkKGif1mZ2Ci/8Ty3MdUpzVXkVMImU2SyLcQtb2
+zaVVssBq/jtlETxJaMwWR6xOhrVDvIxLzkDnZFsZYsVu1HGOJqk0/CfOTS4VkLxvx10Wro
+gXf/Unv0w7HlUX+hl193A6XuAiSjjRR4TPGfmYrEXMXJ6wS2yLQ9cOfAh2WjfScuZ2dA/f
+II2QDrxxeV8140nA==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd3JUEAvHnugjOGiXz5Puxg/8YfanO"
@@ -29300,68 +33836,68 @@ ZCBfC6Gw8g7S3xwMYKQ+AVUjfQ2x/800xJhBLKH/3X5gtyjIKuXhRTEjZQBbBQjWtDw++i
 end
 config firewall ssh local-ca
     edit "g-Fortinet_SSH_CA"
-        set password ENC bEB0i2eK2G1jq5GJeLh4xUBF7F6k2KroCXahCZb6Uz+kU/D+vTwD4H84PZZ830u0oqQ/UwJKkMfXgOsSAgWC1qNBUWUuMY57nYKEve0SqayPD6Jmt4Y9d5cx1ptksXsAZlP4A2xJVo482vYjFxg9phY6Oc4rRmPZmCf2ID8yR1f5FtrHDWFsSFHyavxMTthx4NR1bw==
+        set password ENC 939ipcAp3+Svfq2IHIhLvDqh1M9jgCK2MoqZYU4DUnv7Lj2r7JWYJfLWQZKZEm9jzuF5hI1SoZyYe+f0aoy00psL8xlBUCJSp6xEbaSJhtL/G3A1+z3252akFmeQPR8JIcKOiil8wV4LYdIQkLQgKpJMjxcbL4WSmRxkp6xf8aCZ62gdmegZA3P1L5ESW167Wf8mO1lmMjY3dkVA
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBXtpsaPd
-cKixlCrpH1L+AaAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAAC
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCyBrOQ1K
+Qw3YmPTDmVPFkpAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAAC
 NC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+U
 ZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGP
 E/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7A
 TB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIa
-Mk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9AAADwP015jrfUNd4Is
-nXeV2jaurZ4OE4N//EUdqSfty0cK61mhaqrWUdyzDhnsPacuNYO8Qf23oNsuBMgQk4VgKT
-+RhSuipr6Q4i+7AFEdDz8JknAaIYmQQUgPli583uyXKk3tCeOu3lna6rCl0LQTUigS6oby
-5Ha/qPEZiTqGkydWdVm0J9q8VvBDBMIxYF2IEZTr+Ie9+N+fy53FwnK0Hfn9ZzC8eH2GWI
-pdDeCRNUlNbwFcNIbpOlo7HelDLxWvrLexIhdbEsZYfK98sCDkHAg8J1UtjiRXDnWOyamx
-MYL1FfzQG1dl/d5uR5OH8H0ULsu/PgJYGtNeumS7phEJOoqVjrWEoGCte3WEDdLl9kOxJz
-8B6JR1U0DifuSr64LrCuaLXjSd0RMQ/pqJdUfpyjVhBg+voS78b0J2CrMT6iFlVTgiJN/U
-wvCx4lh970xWzf/wwpRGN8aYM3oCZs/bDtDVwJxMttMFn/3dNTa6+E0/g3vPWM+o+/FUz+
-OKptMFTGqCLNwtLatTSRWFG3xu/5hIH8zlcSjycgu8GHeYjq3PRZdy2dFsAW9pUiaPIdHD
-PjoQgl13NZvl5NZYUDTKGqOnowLkI00NvoGlCqCtdMHtZ+ZMVZpFhgYBTnM+AprRbtiwWq
-JFRmwJlqDYZd+J1ugxuzS1UeN2lzs56GOPFnjqkhelrHxqq45H6KRNLEyCxyI6BhFFO69C
-Qest9C8MkpXOjU1+9MAXJ6JPbJJT5o2Fm1r6W7IlpMVifgDya2dSkvUBV/bUrRTB1jWAlN
-+dwlacXiJrOEmllFNQr7ZG4aIN+tCGnRPO3LBIy5EQqORaM6XxmlN0Ok4KELiVQz+lYRx4
-KgREH9C7Bfh9GKZJQL7aWXb8+GgkD4WGN77iwKu6LIE6mOogapRn71Ci80/+NL6uMCrBKl
-uArsYelYs+3iZDAfRb67cqDSYWIm2uWJ9j6ZePWjqB7etXLfheIgPEXALsHfbzFqVxqeqZ
-8hIoe2BIrWxdAKSk0ZBeGhU+8pWqNNfr3FAbelg7en3/3hddLFKYJnImCsJnUESdySg0nL
-s/IjFJJoVg1KhtMsGH5nJyDBLRRSk2hIQ86OKbsWmtQV81kwLpssDBAtvI46Yi3aR1jqof
-S5QDHEI2fEhbvSFhdY26Vt9M+NGxYRASMoak6f6CYAC9xAG3BHjiBiEPzhkK6vmcfjjX+4
-+y5RZ3i75Vodx9N1FYWlhGo/430Q8E1IlWSAYlW7elypTnrfpHhTBJ5KN/cH0jRECai4gr
-ABMNge5w==
+Mk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9AAADwM5O35zHniauxJ
+rlIYaSeEQxLsM+X4fapPScsXmQNcmmngwsEgcEZ1YKq8MQENzHOyWw59FYlR9mQPyidwrK
+AbzPVkhnqCDlUBT3GOUrMyfZfuSJmFlH26FCjuXls6Vg4IVRSI99W9hxlbLePvRP94NcgQ
+Hh1vXpUoofhZ6IYt/dob93+fygcR3toCXd2C0EeyP3OXVMGPOnmnEXKliXaimvYpC0csXl
+a7h0taBg5cq9LzkM0ywj9ikKUnkfUKIrqv44Ji+Vgcw8nCRKNsynd9qf578G5FN/VRQ9Ao
+qd9ogC02xXA1HwewhEQYetYd92oGT/neUjfyPWBRNaNdY7lPvQ4OjHeVvS6L2R7zK81AP5
+bQaN3d+fM89jNmcY5KwFxxPHVaGqBZTt0dwT7ET9Z7oo/J4UznUD1a1TK5O4ciy3iDpaWq
+5K55O7cPYyFeR0EJPx9hD1AH9eCzGukHD+KblNRWuSJXTqJSEP62NA+0szxNxCfCp7HZqm
+3iztvJMw/Lx9k9CPnHTsr/0dkocZSZti47Dak7L70BnQC2+KnGkUboddl7Z5eGyBQbtAkS
+IUIlQR7Rv+q+AkqJ36EWnBEVrve7d7TKSdR5pxDet60JJ+yE3cDa/G/IwW00ACC2rS133Y
+FWmMRzZfsZSZ1gQrYiNCUZARKkg7fxnONj0oe+oBZKeYkR+UNejF5vVKQZVPx2fCILZAyn
+J5qenJbZhkmDeVS0fMdoCrmON5wAKvz+WWuGTgJw34vqtvJovJtNno5moJRAWk/RiKYdIo
+X3fFmNPP82dGks7b4A1LGz5qW78zGgOSICVEBRHCMi2MBUsrJ50TwbVNz4jjKP6bYID5vh
+ghM27tO+2GSZHeBt8kRG2qI6aH5IHAKXi8gn+KwqFWtx1Em2KNHW/eMfMkQtD5xnE9F466
+V8Vf9Xe5wltVGE87Bt/IYkVN9wM1XA3p7byitNOXSXw2jwLpG9beWhyV/OzkKKJf0NQ9/v
+mX65nyje4q6+8PKjuRliA5vVMhwK6lxJ6BJBHe6/fd7IjDflm7JMNZc6bLwaeJHbLWlFqC
+4kwtt9SV5YcFDGOn2my/bTrAchhOfOXf+0gk63yVRrQq1kJDqn/lqytJGS5a1YvqsMJ4OS
+W9qQMQY0nzMxkLaNB9Q9G9uVgyDDAsye1yg1bL24CrOT4pNf1JeNlqawNkVj2jycXzqYPh
+gL1mGUSGlPfBVKg4359Ml3rY0bykjU5xXrguyKv95ShhctAilSQY4tg40cOeoMbCg2Hiji
+iYxK2n0w==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAACNC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+UZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGPE/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7ATB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIaMk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9"
         set source built-in
     next
     edit "g-Fortinet_SSH_CA_Untrusted"
-        set password ENC jMrO/zvZ3x5B0G4qY/v2sxJv1IvY9XRiDM0IyaIP8IwwsHazgn+SXBXmp7GjPrXAzNReGHrcPlUIpKnWHs2KjT2a8eIeSUkQYYBkC/W3F13V0ZZRAGCGJP9n+odHl7Co38uyWlI0cDTLOER4PEekAJZ7VGGEUyrRru3smsXMnV2qUIO3za33DPboSAAviQMwe32byA==
+        set password ENC Dfc2WT6VIosTmTbrkW7UHgk8O1IiqzlPaBWWOOK5BjwtoIUJz6+Y8yhFdtx3gp8nU+f0DXShGkpBVJGTF75cxe3EdEQg49WvuB5c5wSH4YprBhhuIntH9AWXfZddDG9xGmnEykonAX8sEcv8XuxOfZjVFZKXLDA3VrqEJOmQtfMmQSvGY1vabXFpE9+u5aNbSrGkU1lmMjY3dkVA
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABD/KlvLSV
-ypHyY6ugUeE/hMAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDOK7jymL
+y7LiXsSxCZXuzqAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9
 RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lE
 ZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eU
 iw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFG
 Xi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mv
-NVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZlAAADwDMtKa5JA56wxK
-0V/lnCF4yiSneXjb/G6Sdt6RMxopk4ZeIrHTzQYZejJcYWY4fq/1Ifu/bhWryo4fimHzQB
-Emd8yKx3JVno0jqb+DXgC0ggoOVyEoSxImfjeX9utZifTv7IDppx5JIUy9fV0uTa3K4OH+
-xhExXukD4qKjlkmOoa1+Pn8GuuayjIzWY/45Vvmgx6cRQJ2zK9YzMrf+1atXJzEmjsQ0t/
-UZd0hWfYfTebwR0JTt3tF9nUJPMx8vI564EuHz+xN1I7CQdj+Oif2bTyv3Fu/3yKQuAm6n
-NRDCNj+NgMHyAu5q6rxIqHTH4oZnJ0OQwu1Gsk8FhzMHZdW7ZHOIxihR71axts/g5NuBri
-aUyfDT6X6w847kQO/ijODuTD3N0lnsPQMWCijRUrF4F0l3D2hXM1fNVELAHkO1hO27LSrC
-iNWtrhbn1NmJSitwYSieTTczKa6+TkRg31w52JR8Cjpk0Q/9Xih8p5m48Ywo35ZBWE3jC4
-NGeXKX5t8hNilVuHb6amgNXtoREM178ursALABc4uPoqV5jdKjZ5HfDgxPayJP0a02iD3F
-zpXvq5+Povk0WbuRW0cOg6Xri3pL5zr0YrGysKKV02urJv7AMRr3e81kzIs6hGDAdFRZEB
-VaLk8e8GIm1KdutZ5VyunrhEEQuXjwRbgUMHWbLYGyl6NcR6VrTR3mAxietZJ+vpO/j1U+
-jL+RcZwQs2RF0l/sKJ4GYXEKG1Dg7HaduzQVX5MZMkf4YDs43SZMCP2gecIKrqZpn9MEGk
-1JewLIQq7bioSpXHzLgE6WyXVLsNNWrEv1/BxJIKtZ5BySsL8H14kzQYZxcobQ3jZX3GSL
-eaPyZwBs+M5VadHELZp61eUB1+OGMYQOHogihV5KRfudQAjmtak3e5xDtmXzrNaKF+webM
-vMvSL6na2ADlDjS5m6FB4SQhcO/e4DERGKHZVV0r00CSamcTDCtcBHXNkoIQJVH0+uZxfo
-/5Tzu5Nsy6QieR3zwT7Jqv3jgJt7hnhm3tjE+eomJ7i05qYihnvj0XAAtRllhq25UhJXh1
-Uaw0c0H18jz0NP63FbFNXcPJJrhQkiELsZvNDi/U+XvbLlwwZZjXYrzSB7Gi1ImFRx85/S
-pkYR0drWgEM1k17hqSpS6RxxnL4ReX4UuwC8pJnkHFkmlz6oFWGJC07qcS7WXaTTLnvKNn
-vf2tdICS8wHNDfNVNnLha8hJHEZ3s6CwPVAZ+/M3YB4/RsSiK0D6aTTfcJi0aluTZtYF02
-PWD7d7mw==
+NVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZlAAADwBFA5WgGixZgZA
+aGWDArT5DTEdJ5cnxDdPIU7m7Dj49Na89+BEtuNf/Pjy3FJgzvpcrOvifVK6bmOyn8m6/R
+CCztKhOmNrT0MQVo2Ja8hY9UmVjxkNMB0uGzaNGj+p36qavDzRN1wAuZ75FY4FkqLmGYBq
+AyZIUD30kt+veMQz947ctIEWbQjf+GZwu4UCD0o4g3MvyRsdXUuYOHFE8xn8Ug1n1OtquR
+cqHpCWAe9aK+OcjWvIXg0UrD6GRQbSSw3uoLhapAP1vsMiLfMT/dBUt9Dstcc+S42lZI1q
+JJ4yILP4mdT24ND2itnV+XRRxOg831SECvSMTzc63hhGJFBWYQi86ibxuUgzZc2aH+KRUP
+rDedCTNsZPif5K3Mjn4PK0thYdsZ2srwMtv6rQ8mcIoF9G8XUR3JjekxI/gHrHpFKvWccc
+YCjmEaV45cfwzvN8Vca8mRFncngvQOBEfshU0LGoNZ8VX60IQEyT334tKUv6hiThPOQWnp
+stS/MJtEyLjGbu+0ibZHg+3hCvSRrexUSnJFHrOAEoz1k0TK6tkw8hcF1Jxlu3WuxaL9YK
+tKas//Hs4LTD9r9r/smvSbKi+zb8aP3pacBNCu6Yup1vYCpf/AnxD5CCdq4zmxFT2W5WYb
+rp7tGQjbc3aB7G0zshIk9Biwuu9h/lMIYnzNlvpMouxFM/TTO2STSgKw0+mURFqxQ6kYqF
+YDRmM7pANd9Usg2Hcd/x7CaYmVz+cwkC7dOH9/+FUdtnG05aab9gUv8ySChhPDm84WvLtQ
+ZEkBp15qiOsQjWVk2ei0V0gIjRiS2S2FRLBrM2iueE1GyD8Alm5ztwgmdA17np7iE871wl
+NvzzWxc0KjVHesLlV44RLbw1VD60uUld4jvSaEY9oTILAMFx285Uy53Il8+sWntWvIlQu6
+FjMEIBY8iSd2DWMm4zcVh/qpEyEUv0UjeFlcu7bPqE18aX3V2jV+9G3/a6ms4kqmvfb2RT
++jR/zeg1gE288KRaw7FqNEoP+Wco8jt0q7jo/q963GEgdPG6WOWHz9LfIYouOJPpDSca11
+pFBg29f0rOjynuYmvzZOdUrgrbaZZSprEzdzPJmSOpV6u0VNjuroaN+soU48KEGqJQvHor
+g7H0jRqdNjJbfQcE50Dv5SeZAVmEkvD/nKTqWs77wGzv+OxhY8JS08alQgRINioyCjY/LW
++xR/ydrBw5jsgugYvC3Vd7rZi0oIO0H6Lpa/crJWXf0+u5qd6unckJtWT5tPyZvNwVfXsn
+bhw7G+OA==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lEZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eUiw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFGXi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mvNVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZl"
@@ -29390,6 +33926,13 @@ config firewall ipv6-eh-filter
     set auth disable
     set no-next disable
 end
+config firewall global
+    set banned-ip-persistency disabled
+end
+config system speed-test-setting
+    set latency-threshold 60
+    set multiple-tcp-stream 4
+end
 config dlp settings
     set storage-device ''
     set size 16
@@ -29403,8 +33946,9 @@ config system standalone-cluster
     set layer2-connection unavailable
     unset session-sync-dev
     set encryption disable
-end
-config system cluster-sync
+    set asymmetric-traffic-control cps-preferred
+    config cluster-peer
+    end
 end
 config switch-controller system
     set parallel-process-override disable
@@ -29413,19 +33957,26 @@ config switch-controller system
     set iot-scan-interval 60
     set iot-holdoff 5
     set iot-mac-idle 1440
-    set nac-periodic-interval 15
-    set dynamic-periodic-interval 15
+    set nac-periodic-interval 60
+    set dynamic-periodic-interval 60
     set tunnel-mode compatible
+    set caputp-echo-interval 30
+    set caputp-max-retransmit 5
 end
 config wireless-controller timers
     set echo-interval 30
+    set nat-session-keep-alive 0
     set discovery-interval 5
     set client-idle-timeout 300
+    set client-idle-rehome-timeout 20
     set auth-timeout 5
     set rogue-ap-log 0
     set fake-ap-log 1
+    set sta-cap-cleanup 0
     set rogue-ap-cleanup 0
-    set sta-stats-interval 1
+    set rogue-sta-cleanup 0
+    set ble-device-cleanup 60
+    set sta-stats-interval 10
     set vap-stats-interval 15
     set radio-stats-interval 15
     set sta-capability-interval 30
@@ -29433,6 +33984,9 @@ config wireless-controller timers
     set ipsec-intf-cleanup 120
     set ble-scan-report-intv 30
     set drma-interval 60
+    set ap-reboot-wait-interval1 0
+    set ap-reboot-wait-time ''
+    set ap-reboot-wait-interval2 0
 end
 config emailfilter fortishield
     set spam-submit-srv "www.nospammer.net"
@@ -29451,17 +34005,25 @@ config system fortiguard
     set sandbox-region ''
     set update-ffdb enable
     set update-uwdb enable
+    set update-dldb enable
     set update-extdb enable
     set update-build-proxy enable
+    set vdom ''
+    set auto-firmware-upgrade disable
+    unset auto-firmware-upgrade-day
+    set auto-firmware-upgrade-delay 3
+    set auto-firmware-upgrade-start-hour 1
+    set auto-firmware-upgrade-end-hour 4
+    set FDS-license-expiring-days 15
     set antispam-force-off disable
     set antispam-cache enable
     set antispam-cache-ttl 1800
-    set antispam-cache-mpercent 2
+    set antispam-cache-mpermille 1
     set antispam-timeout 7
     set outbreak-prevention-force-off disable
     set outbreak-prevention-cache enable
     set outbreak-prevention-cache-ttl 300
-    set outbreak-prevention-cache-mpercent 2
+    set outbreak-prevention-cache-mpermille 1
     set outbreak-prevention-timeout 7
     set webfilter-force-off disable
     set webfilter-cache enable
@@ -29472,10 +34034,10 @@ config system fortiguard
     unset sdns-options
     set source-ip 0.0.0.0
     set source-ip6 ::
-    set proxy-server-ip 0.0.0.0
+    set proxy-server-ip ''
     set proxy-server-port 0
     set proxy-username ''
-    set proxy-password ENC 4NKjvGTMEvWRe6DyQ/2uBLlaWKt7HxGYsDXsYNF74pJkuFZTI1Srm2jjFMBFZwldUHAB38iH6y7J1kZE/p5D+vM7P7hIOlKAKV8JhF5Glxj0LV6n/cCvFimFpWKS5zJxvHBGaJwfF5SH5cyVv60Q7Nf/AGsmjeliPlfHrIR6jZRrfWNYUKAGeY58NbO/L/fdbADjyQ==
+    set proxy-password ENC Wu6g0ZQvo5bbIfbv+ZAy/BxPtT4uKZ6dPNVoTCfKMWzCl/6F6UCr6hKXFwwmi8c9rCtnOlStZsmK/ANdLB1lAbQS96WotNXi8itdvUPBhO5PhsB1z2MUIgYTUDtoxtTSVptgUrBCflQiQ4htPZ1Xnpwt9NjzB1qxF4NnxnbYSj9zKeafSL8QadZtNWOkQ1CEs9KAkVlmMjY3dkVA
     set ddns-server-ip 0.0.0.0
     set ddns-server-ip6 ::
     set ddns-server-port 443
@@ -29490,6 +34052,7 @@ config endpoint-control fctems
         set server ''
         set https-port 443
         set serial-number ''
+        set tenant-id ''
         set source-ip 0.0.0.0
         set pull-sysinfo disable
         set pull-vulnerabilities disable
@@ -29499,10 +34062,12 @@ config endpoint-control fctems
         unset capabilities
         set call-timeout 30
         set out-of-sync-threshold 180
+        set send-tags-to-all-vdoms disable
         set websocket-override disable
         set preserve-ssl-session disable
         set interface-select-method auto
         set trust-ca-cn enable
+        set verifying-ca ''
     next
     edit 2
         set status disable
@@ -29512,6 +34077,7 @@ config endpoint-control fctems
         set server ''
         set https-port 443
         set serial-number ''
+        set tenant-id ''
         set source-ip 0.0.0.0
         set pull-sysinfo enable
         set pull-vulnerabilities enable
@@ -29521,10 +34087,12 @@ config endpoint-control fctems
         unset capabilities
         set call-timeout 30
         set out-of-sync-threshold 180
+        set send-tags-to-all-vdoms disable
         set websocket-override disable
         set preserve-ssl-session disable
         set interface-select-method auto
         set trust-ca-cn enable
+        set verifying-ca ''
     next
     edit 3
         set status disable
@@ -29534,6 +34102,7 @@ config endpoint-control fctems
         set server ''
         set https-port 443
         set serial-number ''
+        set tenant-id ''
         set source-ip 0.0.0.0
         set pull-sysinfo enable
         set pull-vulnerabilities enable
@@ -29543,10 +34112,12 @@ config endpoint-control fctems
         unset capabilities
         set call-timeout 30
         set out-of-sync-threshold 180
+        set send-tags-to-all-vdoms disable
         set websocket-override disable
         set preserve-ssl-session disable
         set interface-select-method auto
         set trust-ca-cn enable
+        set verifying-ca ''
     next
     edit 4
         set status disable
@@ -29556,6 +34127,7 @@ config endpoint-control fctems
         set server ''
         set https-port 443
         set serial-number ''
+        set tenant-id ''
         set source-ip 0.0.0.0
         set pull-sysinfo enable
         set pull-vulnerabilities enable
@@ -29565,10 +34137,12 @@ config endpoint-control fctems
         unset capabilities
         set call-timeout 30
         set out-of-sync-threshold 180
+        set send-tags-to-all-vdoms disable
         set websocket-override disable
         set preserve-ssl-session disable
         set interface-select-method auto
         set trust-ca-cn enable
+        set verifying-ca ''
     next
     edit 5
         set status disable
@@ -29578,6 +34152,7 @@ config endpoint-control fctems
         set server ''
         set https-port 443
         set serial-number ''
+        set tenant-id ''
         set source-ip 0.0.0.0
         set pull-sysinfo enable
         set pull-vulnerabilities enable
@@ -29587,10 +34162,62 @@ config endpoint-control fctems
         unset capabilities
         set call-timeout 30
         set out-of-sync-threshold 180
+        set send-tags-to-all-vdoms disable
         set websocket-override disable
         set preserve-ssl-session disable
         set interface-select-method auto
         set trust-ca-cn enable
+        set verifying-ca ''
+    next
+    edit 6
+        set status disable
+        set name ''
+        set dirty-reason none
+        set fortinetone-cloud-authentication disable
+        set server ''
+        set https-port 443
+        set serial-number ''
+        set tenant-id ''
+        set source-ip 0.0.0.0
+        set pull-sysinfo enable
+        set pull-vulnerabilities enable
+        set pull-avatars enable
+        set pull-tags enable
+        set pull-malware-hash enable
+        unset capabilities
+        set call-timeout 30
+        set out-of-sync-threshold 180
+        set send-tags-to-all-vdoms disable
+        set websocket-override disable
+        set preserve-ssl-session disable
+        set interface-select-method auto
+        set trust-ca-cn enable
+        set verifying-ca ''
+    next
+    edit 7
+        set status disable
+        set name ''
+        set dirty-reason none
+        set fortinetone-cloud-authentication disable
+        set server ''
+        set https-port 443
+        set serial-number ''
+        set tenant-id ''
+        set source-ip 0.0.0.0
+        set pull-sysinfo enable
+        set pull-vulnerabilities enable
+        set pull-avatars enable
+        set pull-tags enable
+        set pull-malware-hash enable
+        unset capabilities
+        set call-timeout 30
+        set out-of-sync-threshold 180
+        set send-tags-to-all-vdoms disable
+        set websocket-override disable
+        set preserve-ssl-session disable
+        set interface-select-method auto
+        set trust-ca-cn enable
+        set verifying-ca ''
     next
 end
 config ips global
@@ -29607,16 +34234,17 @@ config ips global
     set cp-accel-mode advanced
     set deep-app-insp-timeout 0
     set deep-app-insp-db-limit 0
-    set exclude-signatures industrial
+    set exclude-signatures ot
     set packet-log-queue-depth 128
     set ngfw-max-scan-range 4096
+    set av-mem-limit 0
     config tls-active-probe
         set interface-select-method auto
     end
 end
 config system email-server
     set type custom
-    set server "notification.fortinet.net"
+    set server "fortinet-notifications.com"
     set port 465
     set source-ip 0.0.0.0
     set source-ip6 ::
@@ -29732,6 +34360,13 @@ end
 config system probe-response
     set mode none
 end
+config system lte-modem
+    set status disable
+    set extra-init ''
+    set authtype none
+    set apn ''
+    set modem-port 255
+end
 config system auto-install
     set auto-install-config enable
     set auto-install-image enable
@@ -29739,7 +34374,6 @@ config system auto-install
     set default-image-file "image.out"
 end
 config system console
-    set mode line
     set output standard
     set login enable
     set fortiexplorer enable
@@ -29753,12 +34387,14 @@ config system ntp
             set server "10.1.1.2"
             set ntpv3 disable
             set authentication disable
+            set ip-type Both
             set interface-select-method auto
         next
         edit 2
             set server "10.1.1.3"
             set ntpv3 disable
             set authentication disable
+            set ip-type Both
             set interface-select-method auto
         next
     end
@@ -29774,10 +34410,11 @@ end
 config system vdom-radius-server
 end
 config system ftm-push
-    set server-port 4433
-    set server-cert "Fortinet_Factory"
-    set server-ip 0.0.0.0
+    set proxy enable
+    set interface ''
     set server ''
+    set server-port 4433
+    set server-cert "Fortinet_GUI_Server"
     set status disable
 end
 config system geoip-override
@@ -29793,10 +34430,12 @@ config system vdom-exception
 end
 config system csf
     set status disable
-    set log-unification enable
-    set fabric-workers 2
     set forticloud-account-enforcement enable
 end
+config automation setting
+    set max-concurrent-stitches 512
+    set fabric-sync enable
+end
 config system automation-trigger
     edit "Network Down"
         set description ''
@@ -29848,11 +34487,103 @@ config system automation-trigger
         set event-type security-rating-summary
         set report-type posture
     next
+    edit "Local Cert Expired Notification"
+        set description "Default automation trigger configuration for when a local certificate is near expiration."
+        set trigger-type event-based
+        set event-type local-cert-near-expiry
+    next
+    edit "Compromised Host"
+        set description "An incident of compromise has been detected on a host endpoint."
+        set trigger-type event-based
+        set event-type ioc
+    next
+    edit "Any Security Rating Notification"
+        set description "A security rating summary report has been generated."
+        set trigger-type event-based
+        set event-type security-rating-summary
+        set report-type posture
+    next
+    edit "AV & IPS DB update"
+        set description "The antivirus and IPS database has been updated."
+        set trigger-type event-based
+        set event-type virus-ips-db-updated
+    next
+    edit "Configuration Change"
+        set description "An administrator\'s session that changed a FortiGate\'s configuration has ended."
+        set trigger-type event-based
+        set event-type config-change
+    next
+    edit "Conserve Mode"
+        set description "A FortiGate has entered conserve mode due to low memory."
+        set trigger-type event-based
+        set event-type low-memory
+    next
+    edit "High CPU"
+        set description "A FortiGate has high CPU usage."
+        set trigger-type event-based
+        set event-type high-cpu
+    next
+    edit "License Expiry"
+        set description "A FortiGate license is near expiration."
+        set trigger-type event-based
+        set event-type license-near-expiry
+        set license-type any
+    next
+    edit "Anomaly Logs"
+        set description "An anomalous event has occurred."
+        set trigger-type event-based
+        set event-type anomaly-logs
+    next
+    edit "IPS Logs"
+        set description "An IPS event has occurred."
+        set trigger-type event-based
+        set event-type ips-logs
+    next
+    edit "SSH Logs"
+        set description "A SSH event has occurred."
+        set trigger-type event-based
+        set event-type ssh-logs
+    next
+    edit "Traffic Violation"
+        set description "A traffic policy has been violated."
+        set trigger-type event-based
+        set event-type traffic-violation
+    next
+    edit "Virus Logs"
+        set description "A virus event has occurred."
+        set trigger-type event-based
+        set event-type virus-logs
+    next
+    edit "Webfilter Violation"
+        set description "A webfilter policy has been violated."
+        set trigger-type event-based
+        set event-type webfilter-violation
+    next
+    edit "Admin Login"
+        set description "A FortiOS event with specified log ID has occurred."
+        set trigger-type event-based
+        set event-type event-log
+        set logid 32001
+    next
+    edit "Local Certificate Expiry"
+        set description "A local certificate is near expiration."
+        set trigger-type event-based
+        set event-type local-cert-near-expiry
+    next
+    edit "Auto Firmware upgrade"
+        set description "Automatic firmware upgrade."
+        set trigger-type event-based
+        set event-type event-log
+        set logid 22094 22095 32263
+    next
+end
+config system automation-condition
 end
 config system automation-action
     edit "Network Down_email"
         set description ''
         set action-type email
+        set forticare-email disable
         set email-from ''
         set email-subject "Network Down"
         set minimum-interval 0
@@ -29862,6 +34593,7 @@ config system automation-action
     edit "HA Failover_email"
         set description ''
         set action-type email
+        set forticare-email disable
         set email-from ''
         set email-subject "HA Failover"
         set minimum-interval 0
@@ -29871,6 +34603,7 @@ config system automation-action
     edit "Reboot_email"
         set description ''
         set action-type email
+        set forticare-email disable
         set email-from ''
         set email-subject "Reboot"
         set minimum-interval 0
@@ -29900,6 +34633,65 @@ config system automation-action
         set description ''
         set action-type quarantine-forticlient
     next
+    edit "Reboot FortiGate"
+        set description "Default automation action configuration for rebooting this FortiGate unit."
+        set action-type system-actions
+        set system-action reboot
+        set minimum-interval 300
+    next
+    edit "Shutdown FortiGate"
+        set description "Default automation action configuration for shuting down this FortiGate unit."
+        set action-type system-actions
+        set system-action shutdown
+        set minimum-interval 0
+    next
+    edit "Backup Config Disk"
+        set description "Default automation action configuration for backing up the configuration on disk."
+        set action-type system-actions
+        set system-action backup-config
+        set minimum-interval 0
+    next
+    edit "Access Layer Quarantine"
+        set description "Quarantine the MAC address on access layer devices (FortiSwitch and FortiAP)."
+        set action-type quarantine
+    next
+    edit "FortiClient Quarantine"
+        set description "Use FortiClient EMS to quarantine the endpoint device."
+        set action-type quarantine-forticlient
+    next
+    edit "FortiNAC Quarantine"
+        set description "Use FortiNAC to quarantine the endpoint device."
+        set action-type quarantine-fortinac
+    next
+    edit "IP Ban"
+        set description "Ban the IP address specified in the automation trigger event."
+        set action-type ban-ip
+    next
+    edit "FortiExplorer Notification"
+        set description "Send a notification to FortiExplorer mobile application."
+        set action-type fortiexplorer-notification
+        set minimum-interval 0
+    next
+    edit "Email Notification"
+        set description "Send a custom email notification to the FortiCare email address registered on this device."
+        set action-type email
+        set forticare-email enable
+        set email-from ''
+        set email-subject "%%log.logdesc%%"
+        set minimum-interval 0
+        set message "%%log%%"
+        set replacement-message disable
+    next
+    edit "CLI Script - System Status"
+        set description "Execute a CLI script to return the system status."
+        set action-type cli-script
+        set minimum-interval 0
+        set script "get system status"
+        set output-size 10
+        set timeout 0
+        set execute-security-fabric disable
+        set accprofile "super_admin_readonly"
+    next
 end
 config system automation-destination
 end
@@ -29908,6 +34700,7 @@ config system automation-stitch
         set description ''
         set status disable
         set trigger "Network Down"
+        set condition-logic and
         config actions
             edit 1
                 set action "Network Down_email"
@@ -29920,6 +34713,7 @@ config system automation-stitch
         set description ''
         set status disable
         set trigger "HA Failover"
+        set condition-logic and
         config actions
             edit 1
                 set action "HA Failover_email"
@@ -29932,6 +34726,7 @@ config system automation-stitch
         set description ''
         set status disable
         set trigger "Reboot"
+        set condition-logic and
         config actions
             edit 1
                 set action "Reboot_email"
@@ -29944,6 +34739,7 @@ config system automation-stitch
         set description ''
         set status enable
         set trigger "FortiAnalyzer Connection Down"
+        set condition-logic and
         config actions
             edit 1
                 set action "FortiAnalyzer Connection Down_ios-notification"
@@ -29956,6 +34752,7 @@ config system automation-stitch
         set description ''
         set status enable
         set trigger "License Expired Notification"
+        set condition-logic and
         config actions
             edit 1
                 set action "License Expired Notification_ios-notification"
@@ -29968,6 +34765,7 @@ config system automation-stitch
         set description ''
         set status disable
         set trigger "Compromised Host Quarantine"
+        set condition-logic and
         config actions
             edit 1
                 set action "Compromised Host Quarantine_quarantine"
@@ -29985,6 +34783,7 @@ config system automation-stitch
         set description ''
         set status disable
         set trigger "Incoming Webhook Call"
+        set condition-logic and
         config actions
             edit 1
                 set action "Compromised Host Quarantine_quarantine"
@@ -30002,6 +34801,7 @@ config system automation-stitch
         set description ''
         set status enable
         set trigger "Security Rating Notification"
+        set condition-logic and
         config actions
             edit 1
                 set action "Security Rating Notification_ios-notification"
@@ -30010,6 +34810,19 @@ config system automation-stitch
             next
         end
     next
+    edit "Firmware upgrade notification"
+        set description "Automatic firmware upgrade notification."
+        set status enable
+        set trigger "Auto Firmware upgrade"
+        set condition-logic or
+        config actions
+            edit 1
+                set action "Email Notification"
+                set delay 0
+                set required disable
+            next
+        end
+    next
 end
 config monitoring npu-hpe
     set status disable
@@ -30018,14 +34831,14 @@ config monitoring npu-hpe
 end
 config system saml
     set status disable
-    set default-login-page normal
-    set default-profile ''
 end
 config system federated-upgrade
     set status disabled
     set upgrade-id 0
     set next-path-index 0
 end
+config system device-upgrade
+end
 config system ike
     set embryonic-limit 20000
     set dh-multiprocess disable
@@ -30037,6 +34850,21 @@ end
 config system ipam
     set status disable
     set server-type fabric-root
+    set automatic-conflict-resolution disable
+    set require-subnet-size-match enable
+    set manage-lan-addresses disable
+    set manage-lan-extension-addresses disable
+    set manage-ssid-addresses disable
+end
+config system fabric-vpn
+    set status disable
+end
+config system ssh-config
+    set ssh-enc-algo aes256-ctr aes256-gcm@openssh.com
+    set ssh-hsk-algo ecdsa-sha2-nistp521 ecdsa-sha2-nistp384 ecdsa-sha2-nistp256 rsa-sha2-256 rsa-sha2-512 ssh-ed25519
+    set ssh-hsk-override disable
+    set ssh-kex-algo diffie-hellman-group14-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group-exchange-sha256 curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521
+    set ssh-mac-algo hmac-sha2-256 hmac-sha2-256-etm@openssh.com hmac-sha2-512 hmac-sha2-512-etm@openssh.com
 end
 end
 
@@ -30116,6 +34944,7 @@ config system stp
 end
 config system settings
     set comments ''
+    set vdom-type traffic
     set opmode nat
     set policy-offload-level disable
     set ngfw-mode profile-based
@@ -30138,11 +34967,14 @@ config system settings
     set nat46-generate-ipv6-fragment-header disable
     set nat46-force-ipv4-packet-forwarding disable
     set nat64-force-ipv6-packet-forwarding enable
+    set detect-unknown-esp enable
+    set intree-ses-best-route disable
     set auxiliary-session disable
     set asymroute disable
     set asymroute-icmp disable
     set tcp-session-without-syn disable
     set ses-denied-traffic disable
+    set ses-denied-multicast-traffic disable
     set strict-src-check disable
     set allow-linkdown-path disable
     set asymroute6 disable
@@ -30164,6 +34996,7 @@ config system settings
     set discovered-device-timeout 28
     set email-portal-check-dns enable
     set default-voip-alg-mode proxy-based
+    set gui-proxy-inspection enable
     set gui-icap disable
     set gui-implicit-policy enable
     set gui-dns-database disable
@@ -30171,6 +35004,7 @@ config system settings
     set gui-multicast-policy disable
     set gui-dos-policy enable
     set gui-object-colors enable
+    set gui-route-tag-address-creation disable
     set gui-voip-profile disable
     set gui-ap-profile enable
     set gui-security-profile-group disable
@@ -30178,19 +35012,17 @@ config system settings
     set gui-wanopt-cache disable
     set gui-explicit-proxy disable
     set gui-dynamic-routing enable
-    set gui-sslvpn-personal-bookmarks disable
-    set gui-sslvpn-realms disable
     set gui-policy-based-ipsec disable
     set gui-threat-weight enable
     set gui-spamfilter disable
     set gui-file-filter disable
     set gui-application-control enable
     set gui-ips enable
-    set gui-endpoint-control enable
-    set gui-endpoint-control-advanced disable
     set gui-dhcp-advanced enable
     set gui-vpn enable
+    set gui-sslvpn disable
     set gui-wireless-controller enable
+    set gui-advanced-wireless-features disable
     set gui-switch-controller enable
     set gui-fortiap-split-tunneling disable
     set gui-traffic-shaping enable
@@ -30200,6 +35032,9 @@ config system settings
     set gui-videofilter enable
     set gui-dnsfilter disable
     set gui-waf-profile disable
+    set gui-dlp-profile disable
+    set gui-virtual-patch-profile disable
+    set gui-casb disable
     set gui-fortiextender-controller disable
     set gui-advanced-policy disable
     set gui-allow-unnamed-policy disable
@@ -30207,14 +35042,24 @@ config system settings
     set gui-multiple-interface-policy disable
     set gui-policy-disclaimer disable
     set gui-ztna enable
+    set gui-ot disable
+    set gui-dynamic-device-os-id disable
     set location-id 0.0.0.0
     set ike-session-resume disable
     set ike-quick-crash-detect disable
     set ike-dn-format with-space
     set ike-port 500
+    set ike-tcp-port 4500
     set ike-policy-route disable
     set block-land-attack disable
     set application-bandwidth-tracking disable
+    set fqdn-session-check disable
+    set ext-resource-session-check disable
+    set dyn-addr-session-check disable
+    set default-policy-expiry-days 30
+    set gui-enforce-change-summary require
+    set internet-service-database-cache disable
+    set internet-service-app-ctrl-size 32768
 end
 config system sit-tunnel
 end
@@ -30254,6 +35099,9 @@ config system dhcp server
             edit 1
                 set start-ip 192.168.200.2
                 set end-ip 192.168.200.254
+                set vci-match disable
+                set uci-match disable
+                set lease-time 0
             next
         end
         set timezone-option disable
@@ -30264,6 +35112,7 @@ config system dhcp server
         set dhcp-settings-from-fortiipam disable
         set ddns-update disable
         set vci-match disable
+        set shared-subnet disable
         set ntp-server1 0.0.0.0
         set ntp-server2 0.0.0.0
         set ntp-server3 0.0.0.0
@@ -30288,7 +35137,7 @@ config system modem
     set phone1 ''
     set dial-cmd1 ''
     set username1 ''
-    set passwd1 ENC nt51fvh0GC5pezIpgGF/4x8aMLaSqF9cg/PjjOMQsTpErj+Mi4pF04zvYl0Det8MrOK7b1tS+dFlZSUt1IJ3MFubN0NS1g4aU/HvUObjqEw54abH4Ft4V9+rhoM0Iz5O8Ubhl2LBOUIxHnA/g8qgo032Og97eEbzHjCtbk4iwf4chk9rqxdlhu5QjmiQkect443xeg==
+    set passwd1 ENC ViiODRyMPncBdkS5tRpGvJe2BFjxoTuqjeFPLHMwTKA3gZPU6WjTwmYXZcrHYuM1xzalKiqD/gzz1PpBsiCibcOnUyxy5AAZo/i1ukqZk8G7Iw/AII0nzrYfKwffL/yufvhVRAa71fni5izkLKemtvdbIx2t+clzOZ8wszUu4XRWUPI2Um7YZj3oTM4gJRXS8LrUwVlmMjY3dkVA
     set extra-init1 ''
     set peer-modem1 generic
     set ppp-echo-request1 enable
@@ -30297,7 +35146,7 @@ config system modem
     set phone2 ''
     set dial-cmd2 ''
     set username2 ''
-    set passwd2 ENC +b/gqsajxvVsRgCsdYmir8R8YZRzl3+sMrSVKNOxLZHJfmKf05aYu0tA+UeQMOCLC7LZXioRmOWRV2kknjkzeG5y3CFxPqZjljIgcV2CgngCD2PCXYG2y0czhdpVDnYu4xxbyo+d40+zGg5CVdtN+fjdFdh4lGsAO4gNnkWBfWACE1TnzlAoV3oAvi6gQXshWday8Q==
+    set passwd2 ENC S7PWC+85nLjjX8joJbfmtfiXaKCvdcvYab7h6UuU26TfMxP4JM8XkOVOvZ8ro6YElenzvM4Q0reo5/6ABtNR69hwWMSqiODP07s5mk7YeyJCg2qxvh3I5fUJ6u54yhOkNu54r1DDvMwgpIjayfWMIxtw9pcAGyleLklNgakAVrwCkEGfYEybDd9qudgUKu4F2qXfD1lmMjY3dkVA
     set extra-init2 ''
     set peer-modem2 generic
     set ppp-echo-request2 enable
@@ -30306,20 +35155,46 @@ config system modem
     set phone3 ''
     set dial-cmd3 ''
     set username3 ''
-    set passwd3 ENC L4OVKsuJ8TAqVAoGlIZrO1SvHIkh1grmr2HP3U4qh4DRZhBsGdMNlFjB+tfQT3VM1wwDpBCZGzI5Js9maj1L5W314GA2IELHbwgjbjKdc1cdP0mTSYFsBF3Or6QF4os+U2Wpc9x2s0FKcIMxHiQQ3FQ3Jwjck0kHJQwwHv+LIGM8yS8on9HpcIlmsmzFYFvIcsGwbg==
+    set passwd3 ENC gKni4H8CtVXekpU8Z6WAgXQUOKamQnlRPSFDvmaOCoJer1mbxCYtxBGgRfoSWctwc7yozmQpmX2wi6uTUEcctViZo0dGCYN79EYkLhYO+414I6rqlPPUtQMy6/HFewW45v2dWMYIj7/bjz4EH+ocFBJsDkCyFiV0VsxhtApQA5x9UbiwVw/pfbhMUJtVKSNSl97Hi1lmMjY3dkVA
     set extra-init3 ''
     set peer-modem3 generic
     set ppp-echo-request3 enable
     set altmode enable
     set authtype3 pap chap mschap mschapv2
     set distance 1
-    set priority 0
+    set priority 1
 end
 config system 3g-modem custom
 end
 config system zone
 end
 config firewall address
+    edit "EMS_ALL_UNKNOWN_CLIENTS"
+        set uuid 4bea0f66-c0f6-51f0-446c-c886382c9609
+        set type dynamic
+        set sub-type ems-tag
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set fabric-object disable
+        set obj-tag ''
+        set obj-type ip
+        set tag-detection-level ''
+        set tag-type ''
+    next
+    edit "EMS_ALL_UNMANAGEABLE_CLIENTS"
+        set uuid 4be9fc4c-c0f6-51f0-891c-a9b86390257d
+        set type dynamic
+        set sub-type ems-tag
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set fabric-object disable
+        set obj-tag ''
+        set obj-type ip
+        set tag-detection-level ''
+        set tag-type ''
+    next
     edit "none"
         set uuid 7e89d32c-7abc-51ec-ada3-e0bf09e3f43d
         set type ipmask
@@ -30743,6 +35618,8 @@ config firewall wildcard-fqdn custom
 end
 config firewall wildcard-fqdn group
 end
+config firewall traffic-class
+end
 config firewall service category
     edit "General"
         set comment "General services."
@@ -30786,337 +35663,19 @@ config firewall service category
     next
 end
 config firewall service custom
-    edit "DNS"
+    edit "ALL"
+        set uuid 8ae5612c-c0f9-51f0-2e4c-905a445bd7f2
         set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
+        set category "General"
+        set protocol IP
         set helper auto
-        set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 53
-        set udp-portrange 53
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "HTTP"
-        set proxy disable
-        set category "Web Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 80
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "HTTPS"
-        set proxy disable
-        set category "Web Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 443
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "IMAP"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 143
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "IMAPS"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 993
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "LDAP"
-        set proxy disable
-        set category "Authentication"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 389
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "DCE-RPC"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 135
-        set udp-portrange 135
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "POP3"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 110
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "POP3S"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 995
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SAMBA"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 139
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SMTP"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 25
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SMTPS"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 465
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "KERBEROS"
-        set proxy disable
-        set category "Authentication"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 88 464
-        set udp-portrange 88 464
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "LDAP_UDP"
-        set proxy disable
-        set category "Authentication"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 389
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SMB"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 445
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
+        set protocol-number 0
     next
     edit "FTP"
+        set uuid 8ae56244-c0f9-51f0-02c5-df2c2396039f
         set proxy disable
         set category "File Access"
         set protocol TCP/UDP/SCTP
@@ -31124,7 +35683,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31139,6 +35697,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "FTP_GET"
+        set uuid 8ae56302-c0f9-51f0-2d1c-f5ddc173b1aa
         set proxy disable
         set category "File Access"
         set protocol TCP/UDP/SCTP
@@ -31146,7 +35705,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31161,6 +35719,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "FTP_PUT"
+        set uuid 8ae563ca-c0f9-51f0-9183-7d90610956d9
         set proxy disable
         set category "File Access"
         set protocol TCP/UDP/SCTP
@@ -31168,7 +35727,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31182,18 +35740,338 @@ config firewall service custom
         set udp-idle-timer 0
         set session-ttl 0
     next
-    edit "ALL"
+    edit "DNS"
+        set uuid 96dc097c-c0f9-51f0-ecf8-a0840f069c98
         set proxy disable
-        set category "General"
-        set protocol IP
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
         set helper auto
+        set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
-        set protocol-number 0
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 53
+        set udp-portrange 53
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "HTTP"
+        set uuid 96dc0ddc-c0f9-51f0-3a1e-1e0d5c46e30f
+        set proxy disable
+        set category "Web Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 80
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "HTTPS"
+        set uuid 96dc1156-c0f9-51f0-a5ff-8f63740c8792
+        set proxy disable
+        set category "Web Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 443
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "IMAP"
+        set uuid 96dc14bc-c0f9-51f0-e592-58b943d70566
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 143
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "IMAPS"
+        set uuid 96dc1804-c0f9-51f0-ef09-98d49d804157
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 993
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "LDAP"
+        set uuid 96dc1b56-c0f9-51f0-bcd4-f59e2896f98c
+        set proxy disable
+        set category "Authentication"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 389
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "DCE-RPC"
+        set uuid 96dc1ebc-c0f9-51f0-4882-ee9cfbed8edf
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 135
+        set udp-portrange 135
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "POP3"
+        set uuid 96dc225e-c0f9-51f0-09d7-2d058b5d8896
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 110
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "POP3S"
+        set uuid 96dc25a6-c0f9-51f0-9b58-e77496ac1fa7
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 995
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SAMBA"
+        set uuid 96dc28ee-c0f9-51f0-28b7-04b4844ed867
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 139
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SMTP"
+        set uuid 96dc2c36-c0f9-51f0-7233-0fab4a392a77
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 25
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SMTPS"
+        set uuid 96dc31c2-c0f9-51f0-66a3-c98642711d8f
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 465
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "KERBEROS"
+        set uuid 96dc371c-c0f9-51f0-e4b0-c150f3f48e91
+        set proxy disable
+        set category "Authentication"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 88 464
+        set udp-portrange 88 464
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "LDAP_UDP"
+        set uuid 96dc3adc-c0f9-51f0-b6aa-2b0c6e4e3be8
+        set proxy disable
+        set category "Authentication"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 389
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SMB"
+        set uuid 96dc3e38-c0f9-51f0-83ce-7fe076cb3813
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 445
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
     next
     edit "ALL_TCP"
+        set uuid 96dc4f5e-c0f9-51f0-dd54-a9a33bf2d1ec
         set proxy disable
         set category "General"
         set protocol TCP/UDP/SCTP
@@ -31201,7 +36079,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31216,6 +36093,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "ALL_UDP"
+        set uuid 96dc52e2-c0f9-51f0-b988-ff9c912784c6
         set proxy disable
         set category "General"
         set protocol TCP/UDP/SCTP
@@ -31223,7 +36101,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31238,61 +36115,62 @@ config firewall service custom
         set session-ttl 0
     next
     edit "ALL_ICMP"
+        set uuid 96dc563e-c0f9-51f0-5629-e76b8f490313
         set proxy disable
         set category "General"
         set protocol ICMP
         set helper auto
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         unset icmptype
     next
     edit "ALL_ICMP6"
+        set uuid 96dc59e0-c0f9-51f0-0595-64b9d1b8eb4e
         set proxy disable
         set category "General"
         set protocol ICMP6
         set helper auto
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         unset icmptype
     next
     edit "GRE"
+        set uuid 96dc5d6e-c0f9-51f0-f759-3d003823edf5
         set proxy disable
         set category "Tunneling"
         set protocol IP
         set helper auto
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set protocol-number 47
     next
     edit "AH"
+        set uuid 96dc612e-c0f9-51f0-a7b1-bbf75e6fd8ab
         set proxy disable
         set category "Tunneling"
         set protocol IP
         set helper auto
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set protocol-number 51
     next
     edit "ESP"
+        set uuid 96dc64d0-c0f9-51f0-7fb9-25aabfb0c3d2
         set proxy disable
         set category "Tunneling"
         set protocol IP
         set helper auto
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set protocol-number 50
     next
     edit "AOL"
+        set uuid 96dc685e-c0f9-51f0-11d6-5e0d1d928d5c
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -31300,7 +36178,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31315,6 +36192,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "BGP"
+        set uuid 96dc6b2e-c0f9-51f0-864f-bc785992a5e3
         set proxy disable
         set category "Network Services"
         set protocol TCP/UDP/SCTP
@@ -31322,7 +36200,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31337,6 +36214,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "DHCP"
+        set uuid 96dc6e94-c0f9-51f0-3600-1c5c00ea8407
         set proxy disable
         set category "Network Services"
         set protocol TCP/UDP/SCTP
@@ -31344,7 +36222,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31359,6 +36236,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "FINGER"
+        set uuid 96dc71e6-c0f9-51f0-137a-d8c6e0ece8f1
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -31366,7 +36244,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31381,6 +36258,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "GOPHER"
+        set uuid 96dc74ac-c0f9-51f0-1f25-c9edef91dfc1
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -31388,7 +36266,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31403,6 +36280,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "H323"
+        set uuid 96dc781c-c0f9-51f0-1318-edaf11cfeac2
         set proxy disable
         set category "VoIP, Messaging & Other Applications"
         set protocol TCP/UDP/SCTP
@@ -31410,7 +36288,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31425,6 +36302,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "IKE"
+        set uuid 96dc7bfa-c0f9-51f0-6750-5d04c9bf09da
         set proxy disable
         set category "Tunneling"
         set protocol TCP/UDP/SCTP
@@ -31432,7 +36310,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31447,6 +36324,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "Internet-Locator-Service"
+        set uuid 96dc7f56-c0f9-51f0-a7f0-70717bfbb2e3
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -31454,7 +36332,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31469,6 +36346,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "IRC"
+        set uuid 96dc8212-c0f9-51f0-411c-492312ddbcf6
         set proxy disable
         set category "VoIP, Messaging & Other Applications"
         set protocol TCP/UDP/SCTP
@@ -31476,7 +36354,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31491,6 +36368,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "L2TP"
+        set uuid 96dc8582-c0f9-51f0-4f7a-145477b45dd9
         set proxy disable
         set category "Tunneling"
         set protocol TCP/UDP/SCTP
@@ -31498,7 +36376,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31513,6 +36390,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "NetMeeting"
+        set uuid 96dc891a-c0f9-51f0-f49f-99593392af89
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -31520,7 +36398,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31535,6 +36412,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "NFS"
+        set uuid 96dc8bd6-c0f9-51f0-1646-21229ce92c39
         set proxy disable
         set category "File Access"
         set protocol TCP/UDP/SCTP
@@ -31542,7 +36420,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31557,6 +36434,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "NNTP"
+        set uuid 96dc8f6e-c0f9-51f0-65d2-6a2d424f723d
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -31564,7 +36442,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31579,6 +36456,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "NTP"
+        set uuid 96dc9234-c0f9-51f0-66da-dfa3e4b339a6
         set proxy disable
         set category "Network Services"
         set protocol TCP/UDP/SCTP
@@ -31586,7 +36464,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31601,17 +36478,18 @@ config firewall service custom
         set session-ttl 0
     next
     edit "OSPF"
+        set uuid 96dc95cc-c0f9-51f0-083f-1bf4b2d04cf8
         set proxy disable
         set category "Network Services"
         set protocol IP
         set helper auto
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set protocol-number 89
     next
     edit "PC-Anywhere"
+        set uuid 96dc995a-c0f9-51f0-76b4-e92b05d2e591
         set proxy disable
         set category "Remote Access"
         set protocol TCP/UDP/SCTP
@@ -31619,7 +36497,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31634,54 +36511,55 @@ config firewall service custom
         set session-ttl 0
     next
     edit "PING"
+        set uuid 96dc9cfc-c0f9-51f0-2006-3d5719acad24
         set proxy disable
         set category "Network Services"
         set protocol ICMP
         set helper auto
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set icmptype 8
         unset icmpcode
     next
     edit "TIMESTAMP"
+        set uuid 96dca0e4-c0f9-51f0-3f01-16c5b51a1993
         set proxy disable
         set category ''
         set protocol ICMP
         set helper auto
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set icmptype 13
         unset icmpcode
     next
     edit "INFO_REQUEST"
+        set uuid 96dca436-c0f9-51f0-d58b-b2252bc96769
         set proxy disable
         set category ''
         set protocol ICMP
         set helper auto
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set icmptype 15
         unset icmpcode
     next
     edit "INFO_ADDRESS"
+        set uuid 96dca774-c0f9-51f0-ba49-555795abd6f6
         set proxy disable
         set category ''
         set protocol ICMP
         set helper auto
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set icmptype 17
         unset icmpcode
     next
     edit "ONC-RPC"
+        set uuid 96dcaada-c0f9-51f0-e67b-7e28a6e61318
         set proxy disable
         set category "Remote Access"
         set protocol TCP/UDP/SCTP
@@ -31689,7 +36567,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31704,6 +36581,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "PPTP"
+        set uuid 96dcaf26-c0f9-51f0-486d-cf73aac702b1
         set proxy disable
         set category "Tunneling"
         set protocol TCP/UDP/SCTP
@@ -31711,7 +36589,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31726,6 +36603,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "QUAKE"
+        set uuid 96dcb476-c0f9-51f0-9620-a493b4465a43
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -31733,7 +36611,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31748,6 +36625,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "RAUDIO"
+        set uuid 96dcb746-c0f9-51f0-819a-f9084e467039
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -31755,7 +36633,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31770,6 +36647,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "REXEC"
+        set uuid 96dcba02-c0f9-51f0-70f0-1118588d4bbc
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -31777,7 +36655,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31792,6 +36669,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "RIP"
+        set uuid 96dcbcd2-c0f9-51f0-909a-b35e40b03c5f
         set proxy disable
         set category "Network Services"
         set protocol TCP/UDP/SCTP
@@ -31799,7 +36677,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31814,6 +36691,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "RLOGIN"
+        set uuid 96dcc024-c0f9-51f0-c24a-a866c356cba8
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -31821,7 +36699,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31836,6 +36713,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "RSH"
+        set uuid 96dcc2ea-c0f9-51f0-a728-c76e08ac3b7f
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -31843,7 +36721,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31858,6 +36735,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "SCCP"
+        set uuid 96dcc5a6-c0f9-51f0-c2cd-3e6dafdc4f49
         set proxy disable
         set category "VoIP, Messaging & Other Applications"
         set protocol TCP/UDP/SCTP
@@ -31865,7 +36743,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31880,6 +36757,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "SIP"
+        set uuid 96dcc902-c0f9-51f0-8bf5-23ed35cb4de0
         set proxy disable
         set category "VoIP, Messaging & Other Applications"
         set protocol TCP/UDP/SCTP
@@ -31887,7 +36765,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31902,6 +36779,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "SIP-MSNmessenger"
+        set uuid 96dcccb8-c0f9-51f0-b09f-24f9960276af
         set proxy disable
         set category "VoIP, Messaging & Other Applications"
         set protocol TCP/UDP/SCTP
@@ -31909,7 +36787,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31924,6 +36801,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "SNMP"
+        set uuid 96dcd000-c0f9-51f0-f6f6-1e8a17c2ecb8
         set proxy disable
         set category "Network Services"
         set protocol TCP/UDP/SCTP
@@ -31931,7 +36809,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31946,6 +36823,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "SSH"
+        set uuid 96dcd3ac-c0f9-51f0-2420-b749f43f383c
         set proxy disable
         set category "Remote Access"
         set protocol TCP/UDP/SCTP
@@ -31953,7 +36831,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31968,6 +36845,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "SYSLOG"
+        set uuid 96dcd6fe-c0f9-51f0-5014-73eab88c543a
         set proxy disable
         set category "Network Services"
         set protocol TCP/UDP/SCTP
@@ -31975,7 +36853,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -31990,6 +36867,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TALK"
+        set uuid 96dcda46-c0f9-51f0-6d06-ca32fb3efe71
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -31997,7 +36875,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -32012,6 +36889,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TELNET"
+        set uuid 96dcdd16-c0f9-51f0-a510-eee51cedbc20
         set proxy disable
         set category "Remote Access"
         set protocol TCP/UDP/SCTP
@@ -32019,7 +36897,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -32034,6 +36911,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TFTP"
+        set uuid 96dce072-c0f9-51f0-d1bb-7e68b2d0efde
         set proxy disable
         set category "File Access"
         set protocol TCP/UDP/SCTP
@@ -32041,7 +36919,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -32056,6 +36933,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "MGCP"
+        set uuid 96dce464-c0f9-51f0-008c-51dbd0ed4464
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -32063,7 +36941,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -32078,6 +36955,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "UUCP"
+        set uuid 96dce752-c0f9-51f0-5e2a-3a12b9fad1ad
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -32085,7 +36963,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -32100,6 +36977,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "VDOLIVE"
+        set uuid 96dcea0e-c0f9-51f0-59be-027c91887fad
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -32107,7 +36985,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -32122,6 +36999,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "WAIS"
+        set uuid 96dcecde-c0f9-51f0-939f-77cf35202b0f
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -32129,7 +37007,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -32144,6 +37021,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "WINFRAME"
+        set uuid 96dcef90-c0f9-51f0-c7eb-5f6acb475f54
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -32151,7 +37029,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -32166,6 +37043,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "X-WINDOWS"
+        set uuid 96dcf256-c0f9-51f0-c864-530f861e8d42
         set proxy disable
         set category "Remote Access"
         set protocol TCP/UDP/SCTP
@@ -32173,7 +37051,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -32188,18 +37065,19 @@ config firewall service custom
         set session-ttl 0
     next
     edit "PING6"
+        set uuid 96dcf5b2-c0f9-51f0-60a8-cdf847abf544
         set proxy disable
         set category ''
         set protocol ICMP6
         set helper auto
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set icmptype 128
         unset icmpcode
     next
     edit "MS-SQL"
+        set uuid 96dcf918-c0f9-51f0-a8b9-b3937a0161b4
         set proxy disable
         set category "VoIP, Messaging & Other Applications"
         set protocol TCP/UDP/SCTP
@@ -32207,7 +37085,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -32222,6 +37099,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "MYSQL"
+        set uuid 96dcfc88-c0f9-51f0-a70e-ba60f18aecb0
         set proxy disable
         set category "VoIP, Messaging & Other Applications"
         set protocol TCP/UDP/SCTP
@@ -32229,7 +37107,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -32244,6 +37121,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "RDP"
+        set uuid 96dcffe4-c0f9-51f0-3edc-36760041d1d8
         set proxy disable
         set category "Remote Access"
         set protocol TCP/UDP/SCTP
@@ -32251,7 +37129,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -32266,6 +37143,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "VNC"
+        set uuid 96dd0336-c0f9-51f0-b2cd-85a996bfb443
         set proxy disable
         set category "Remote Access"
         set protocol TCP/UDP/SCTP
@@ -32273,7 +37151,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -32288,6 +37165,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "DHCP6"
+        set uuid 96dd0688-c0f9-51f0-0425-1b7d481bab46
         set proxy disable
         set category "Network Services"
         set protocol TCP/UDP/SCTP
@@ -32295,7 +37173,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -32310,6 +37187,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "SQUID"
+        set uuid 96dd09d0-c0f9-51f0-0b4c-49d9065535de
         set proxy disable
         set category "Tunneling"
         set protocol TCP/UDP/SCTP
@@ -32317,7 +37195,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -32332,6 +37209,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "SOCKS"
+        set uuid 96dd0d2c-c0f9-51f0-5e3f-389172ff73a0
         set proxy disable
         set category "Tunneling"
         set protocol TCP/UDP/SCTP
@@ -32339,7 +37217,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -32354,6 +37231,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "WINS"
+        set uuid 96dd10ba-c0f9-51f0-72d2-20b0cd3f7305
         set proxy disable
         set category "Remote Access"
         set protocol TCP/UDP/SCTP
@@ -32361,7 +37239,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -32376,6 +37253,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "RADIUS"
+        set uuid 96dd1452-c0f9-51f0-123b-fd91a170e288
         set proxy disable
         set category "Authentication"
         set protocol TCP/UDP/SCTP
@@ -32383,7 +37261,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -32398,6 +37275,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "RADIUS-OLD"
+        set uuid 96dd1862-c0f9-51f0-bb9c-1eff7427d060
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -32405,7 +37283,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -32420,6 +37297,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "CVSPSERVER"
+        set uuid 96dd1b46-c0f9-51f0-8622-c2eb9925327e
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -32427,7 +37305,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -32442,6 +37319,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "AFS3"
+        set uuid 96dd1e52-c0f9-51f0-1200-3e52be2ea783
         set proxy disable
         set category "File Access"
         set protocol TCP/UDP/SCTP
@@ -32449,7 +37327,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -32464,6 +37341,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TRACEROUTE"
+        set uuid 96dd2208-c0f9-51f0-568d-324c1983232e
         set proxy disable
         set category "Network Services"
         set protocol TCP/UDP/SCTP
@@ -32471,7 +37349,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -32486,6 +37363,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "RTSP"
+        set uuid 96dd2564-c0f9-51f0-2fcf-c32bb61c70b5
         set proxy disable
         set category "VoIP, Messaging & Other Applications"
         set protocol TCP/UDP/SCTP
@@ -32493,7 +37371,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -32508,6 +37385,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "MMS"
+        set uuid 96dd2910-c0f9-51f0-a984-86a1d9335745
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -32515,7 +37393,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -32530,6 +37407,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "NONE"
+        set uuid 96dd2c26-c0f9-51f0-f0bf-8721dd42bc03
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -32537,7 +37415,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -32552,13 +37429,13 @@ config firewall service custom
         set session-ttl 0
     next
     edit "webproxy"
+        set uuid 8ae5511e-c0f9-51f0-327f-95a60c483551
         set proxy enable
         set category "Web Proxy"
         set protocol ALL
         set helper auto
         set comment ''
         set color 0
-        set visibility enable
         set app-service-type disable
         set fabric-object disable
         set iprange 0.0.0.0
@@ -32568,6 +37445,7 @@ config firewall service custom
 end
 config firewall service group
     edit "Email Access"
+        set uuid 8ae564ce-c0f9-51f0-f457-51c0b8d12287
         set proxy disable
         set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
         set comment ''
@@ -32575,6 +37453,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "Web Access"
+        set uuid 8ae56c6c-c0f9-51f0-002c-df7bb8e3d432
         set proxy disable
         set member "DNS" "HTTP" "HTTPS"
         set comment ''
@@ -32582,6 +37461,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "Windows AD"
+        set uuid 8ae5702c-c0f9-51f0-ffa8-2148cd664a4c
         set proxy disable
         set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
         set comment ''
@@ -32589,6 +37469,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "Exchange Server"
+        set uuid 8ae57590-c0f9-51f0-6150-2ef50d42889a
         set proxy disable
         set member "DCE-RPC" "DNS" "HTTPS"
         set comment ''
@@ -32604,6 +37485,8 @@ config firewall internet-service-custom
 end
 config firewall internet-service-custom-group
 end
+config firewall network-service-dynamic
+end
 config system external-resource
 end
 config vpn certificate ca
@@ -32641,6 +37524,16 @@ config vpn certificate local
         set ike-localid-type asn1dn
         set enroll-protocol none
     next
+    edit "Fortinet_GUI_Server"
+        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
     edit "Fortinet_SSL_RSA1024"
         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
         unset private-key
@@ -32749,6 +37642,8 @@ end
 config vpn certificate setting
     set ocsp-status disable
     set ocsp-option server
+    set proxy ''
+    set source-ip ''
     set ocsp-default-server ''
     set interface-select-method auto
     set check-ca-cert enable
@@ -32766,6 +37661,7 @@ config vpn certificate setting
     set ssl-min-proto-version default
     set cmp-save-extra-certs disable
     set cmp-key-usage-checking enable
+    set cert-expire-warning 14
     set certname-rsa1024 "Fortinet_SSL_RSA1024"
     set certname-rsa2048 "Fortinet_SSL_RSA2048"
     set certname-rsa4096 "Fortinet_SSL_RSA4096"
@@ -32797,10 +37693,13 @@ config ips sensor
         config entries
             edit 1
                 set location all
-                set severity medium high critical 
+                set severity medium high critical
                 set protocol all
                 set os all
                 set application all
+                set default-action all
+                set default-status all
+                unset last-modified
                 set status default
                 set log enable
                 set log-packet disable
@@ -32819,10 +37718,13 @@ config ips sensor
         config entries
             edit 1
                 set location all
-                set severity medium high critical 
+                set severity medium high critical
                 set protocol all
                 set os all
                 set application all
+                set default-action all
+                set default-status all
+                unset last-modified
                 set status default
                 set log enable
                 set log-packet disable
@@ -32841,10 +37743,13 @@ config ips sensor
         config entries
             edit 1
                 set location all
-                set severity medium high critical 
+                set severity medium high critical
                 set protocol all
                 set os all
                 set application all
+                set default-action all
+                set default-status all
+                unset last-modified
                 set status default
                 set log enable
                 set log-packet disable
@@ -32867,6 +37772,9 @@ config ips sensor
                 set protocol all
                 set os all
                 set application all
+                set default-action all
+                set default-status all
+                unset last-modified
                 set status default
                 set log enable
                 set log-packet disable
@@ -32889,6 +37797,9 @@ config ips sensor
                 set protocol all
                 set os all
                 set application all
+                set default-action all
+                set default-status all
+                unset last-modified
                 set status default
                 set log enable
                 set log-packet disable
@@ -32907,10 +37818,13 @@ config ips sensor
         config entries
             edit 1
                 set location all
-                set severity medium high critical 
+                set severity medium high critical
                 set protocol all
                 set os all
                 set application all
+                set default-action all
+                set default-status all
+                unset last-modified
                 set status enable
                 set log enable
                 set log-packet disable
@@ -32920,10 +37834,13 @@ config ips sensor
             next
             edit 2
                 set location all
-                set severity low 
+                set severity low
                 set protocol all
                 set os all
                 set application all
+                set default-action all
+                set default-status all
+                unset last-modified
                 set status default
                 set log enable
                 set log-packet disable
@@ -32941,11 +37858,14 @@ config ips sensor
         set extended-log disable
         config entries
             edit 1
-                set location client 
+                set location client
                 set severity all
                 set protocol all
                 set os all
                 set application all
+                set default-action all
+                set default-status all
+                unset last-modified
                 set status default
                 set log enable
                 set log-packet disable
@@ -32963,11 +37883,14 @@ config ips sensor
         set extended-log disable
         config entries
             edit 1
-                set location server 
+                set location server
                 set severity all
-                set protocol SMTP POP3 IMAP 
+                set protocol SMTP POP3 IMAP
                 set os all
                 set application all
+                set default-action all
+                set default-status all
+                unset last-modified
                 set status default
                 set log enable
                 set log-packet disable
@@ -32985,11 +37908,14 @@ config ips sensor
         set extended-log disable
         config entries
             edit 1
-                set location server 
+                set location server
                 set severity all
-                set protocol HTTP 
+                set protocol HTTP
                 set os all
                 set application all
+                set default-action all
+                set default-status all
+                unset last-modified
                 set status default
                 set log enable
                 set log-packet disable
@@ -33002,6 +37928,8 @@ config ips sensor
 end
 config sctp-filter profile
 end
+config diameter-filter profile
+end
 config firewall shaper traffic-shaper
     edit "high-priority"
         set guaranteed-bandwidth 0
@@ -33010,6 +37938,7 @@ config firewall shaper traffic-shaper
         set priority high
         set per-policy enable
         set diffserv disable
+        set cos-marking disable
         set overhead 0
     next
     edit "medium-priority"
@@ -33019,6 +37948,7 @@ config firewall shaper traffic-shaper
         set priority medium
         set per-policy enable
         set diffserv disable
+        set cos-marking disable
         set overhead 0
     next
     edit "low-priority"
@@ -33028,6 +37958,7 @@ config firewall shaper traffic-shaper
         set priority low
         set per-policy enable
         set diffserv disable
+        set cos-marking disable
         set overhead 0
     next
     edit "guarantee-100kbps"
@@ -33037,6 +37968,7 @@ config firewall shaper traffic-shaper
         set priority high
         set per-policy enable
         set diffserv disable
+        set cos-marking disable
         set overhead 0
     next
     edit "shared-1M-pipe"
@@ -33046,12 +37978,31 @@ config firewall shaper traffic-shaper
         set priority high
         set per-policy disable
         set diffserv disable
+        set cos-marking disable
         set overhead 0
     next
 end
 config firewall shaper per-ip-shaper
 end
 config firewall proxy-address
+    edit "IPv4-address"
+        set uuid 2999f822-c0f6-51f0-fb0c-ee6964deeeee
+        set type host-regex
+        set host-regex "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}$"
+        set referrer disable
+        set case-sensitivity disable
+        set color 0
+        set comment ''
+    next
+    edit "IPv6-address"
+        set uuid 2999f930-c0f6-51f0-5cd1-1b203433e660
+        set type host-regex
+        set host-regex "^\\[(([0-9a-f]{0,4}:){1,7}[0-9a-f]{1,4})\\]$"
+        set referrer disable
+        set case-sensitivity disable
+        set color 0
+        set comment ''
+    next
 end
 config firewall proxy-addrgrp
 end
@@ -33068,12 +38019,20 @@ config web-proxy global
     set strict-web-check disable
     set forward-proxy-auth disable
     set forward-server-affinity-timeout 30
-    set max-waf-body-cache-length 32
+    set max-waf-body-cache-length 1
     set webproxy-profile ''
     set learn-client-ip disable
+    set policy-category-deep-inspect enable
+    set log-policy-pending disable
+    set log-forward-server disable
+    set log-app-id disable
+    set proxy-transparent-cert-inspection disable
+    set request-obs-fold keep
 end
 config web-proxy explicit
     set status disable
+    set secure-web-proxy disable
+    set http-connection-mode static
     set ipv6-status disable
     set strict-guest disable
     set https-replacement-message enable
@@ -33110,6 +38069,8 @@ config ftp-proxy explicit
     set status disable
     set ssl disable
 end
+config web-proxy fast-fallback
+end
 config web-proxy url-match
 end
 config application custom
@@ -33263,6 +38224,149 @@ config application list
 end
 config application group
 end
+config dlp data-type
+    edit "g-credit-card"
+        set pattern "\\b([2-6]{1}\\d{3})[- ]?(\\d{4})[- ]?(\\d{2})[- ]?(\\d{2})[- ]?(\\d{2,4})\\b"
+        set verify "builtin)credit-card"
+        set verify2 ''
+        set match-around ''
+        set look-back 20
+        set look-ahead 1
+        set transform "\\b\\1[- ]?\\2[- ]?\\3[- ]?\\4[- ]?\\5\\b"
+        set verify-transformed-pattern disable
+        set comment ''
+    next
+    edit "g-edm-keyword"
+        set pattern ".+"
+        set verify ''
+        set match-around ''
+        set transform "/\\b\\0\\b/i"
+        set comment ''
+    next
+    edit "g-hex"
+        set pattern "built-in"
+        set verify ''
+        set match-around ''
+        set transform ''
+        set comment ''
+    next
+    edit "g-keyword"
+        set pattern "built-in"
+        set verify ''
+        set match-around ''
+        set transform ''
+        set comment ''
+    next
+    edit "g-mip-label"
+        set pattern "^[[:xdigit:]]{8}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{12}$"
+        set verify ''
+        set match-around ''
+        set transform "built-in"
+        set comment ''
+    next
+    edit "g-regex"
+        set pattern "built-in"
+        set verify ''
+        set match-around ''
+        set transform ''
+        set comment ''
+    next
+    edit "g-ssn-us"
+        set pattern "\\b(\\d{3})-(\\d{2})-(\\d{4})\\b"
+        set verify "(?<!-)\\b(?!666|000|9\\d{2})\\d{3}-(?!00)\\d{2}-(?!0{4})\\d{4}\\b(?!-)"
+        set verify2 ''
+        set match-around ''
+        set look-back 12
+        set look-ahead 1
+        set transform "\\b\\1-\\2-\\3\\b"
+        set verify-transformed-pattern disable
+        set comment ''
+    next
+end
+config dlp dictionary
+    edit "SSN-Sensor-r1d"
+        set uuid 364447d0-c0f6-51f0-7a3c-a8d706c06466
+        set match-type match-any
+        set match-around disable
+        set comment ''
+        config entries
+            edit 1
+                set type "g-regex"
+                set pattern "WebEx"
+                set repeat disable
+                set status enable
+                set comment ''
+            next
+        end
+    next
+    edit "def-cc-dict"
+        set uuid 3644311e-c0f6-51f0-1961-ec115833f88a
+        set match-type match-any
+        set match-around disable
+        set comment ''
+        config entries
+            edit 1
+                set type "g-credit-card"
+                set pattern ''
+                set repeat disable
+                set status enable
+                set comment ''
+            next
+        end
+    next
+    edit "def-ssn-dict"
+        set uuid 36446d96-c0f6-51f0-c0c9-571786b51558
+        set match-type match-any
+        set match-around disable
+        set comment ''
+        config entries
+            edit 1
+                set type "g-ssn-us"
+                set pattern ''
+                set repeat disable
+                set status enable
+                set comment ''
+            next
+        end
+    next
+end
+config dlp exact-data-match
+end
+config dlp sensor
+    edit "SSN-Sensor-r1s"
+        set match-type match-any
+        set comment ''
+        config entries
+            edit 1
+                set dictionary "SSN-Sensor-r1d"
+                set count 1
+                set status enable
+            next
+        end
+    next
+    edit "def-cc-sensor"
+        set match-type match-any
+        set comment ''
+        config entries
+            edit 1
+                set dictionary "def-cc-dict"
+                set count 1
+                set status enable
+            next
+        end
+    next
+    edit "def-ssn-sensor"
+        set match-type match-any
+        set comment ''
+        config entries
+            edit 1
+                set dictionary "def-ssn-dict"
+                set count 1
+                set status enable
+            next
+        end
+    next
+end
 config dlp filepattern
     edit 1
         set name "builtin-patterns"
@@ -33357,9 +38461,9 @@ config dlp sensitivity
 end
 config dlp fp-doc-source
 end
-config dlp sensor
+config dlp profile
     edit "g-default"
-        set comment "Default sensor."
+        set comment "Default profile."
         set feature-set flow
         set replacemsg-group ''
         set dlp-log enable
@@ -33402,13 +38506,16 @@ config dlp sensor
         set comment ''
         set feature-set proxy
         set replacemsg-group ''
-        config filter
+        config rule
             edit 1
                 set name "Credit-Card-Filter"
                 set severity high
                 set type file
                 set proto smtp pop3 imap http-get http-post mapi
-                set filter-by credit-card
+                set filter-by sensor
+                set file-size 0
+                unset file-type
+                set sensor "def-cc-sensor"
                 set archive disable
                 set action log-only
             next
@@ -33417,7 +38524,8 @@ config dlp sensor
                 set severity high
                 set type message
                 set proto smtp pop3 imap http-post mapi
-                set filter-by credit-card
+                set filter-by sensor
+                set sensor "def-cc-sensor"
                 set archive disable
                 set action log-only
             next
@@ -33432,14 +38540,15 @@ config dlp sensor
         set comment ''
         set feature-set proxy
         set replacemsg-group ''
-        config filter
+        config rule
             edit 1
                 set name "Large-File-Filter"
                 set severity medium
                 set type file
                 set proto smtp pop3 imap http-get http-post mapi
-                set filter-by file-size
+                set filter-by none
                 set file-size 5120
+                unset file-type
                 set archive disable
                 set action log-only
             next
@@ -33454,14 +38563,14 @@ config dlp sensor
         set comment "Match SSN numbers but NOT WebEx invite emails."
         set feature-set proxy
         set replacemsg-group ''
-        config filter
+        config rule
             edit 1
                 set name "SSN-Sensor-Filter"
                 set severity high
                 set type message
                 set proto smtp pop3 imap mapi
-                set filter-by regexp
-                set regexp "WebEx"
+                set filter-by sensor
+                set sensor "SSN-Sensor-r1s"
                 set archive disable
                 set action allow
             next
@@ -33470,7 +38579,8 @@ config dlp sensor
                 set severity high
                 set type message
                 set proto smtp pop3 imap mapi
-                set filter-by ssn
+                set filter-by sensor
+                set sensor "def-ssn-sensor"
                 set archive disable
                 set action log-only
             next
@@ -33479,7 +38589,10 @@ config dlp sensor
                 set severity high
                 set type file
                 set proto smtp pop3 imap http-get http-post ftp mapi
-                set filter-by ssn
+                set filter-by sensor
+                set file-size 0
+                unset file-type
+                set sensor "def-ssn-sensor"
                 set archive disable
                 set action log-only
             next
@@ -33499,7 +38612,7 @@ config webfilter urlfilter
 end
 config videofilter youtube-key
 end
-config videofilter youtube-channel-filter
+config videofilter keyword
 end
 config videofilter profile
 end
@@ -33539,7 +38652,7 @@ config log threat-weight
     set botnet-connection-detected critical
     config malware
         set virus-infected critical
-        set fortindr critical
+        set inline-block critical
         set file-blocked low
         set command-blocked disable
         set oversized disable
@@ -33637,17 +38750,23 @@ config log threat-weight
 end
 config icap server
 end
+config icap server-group
+end
 config icap profile
     edit "default"
         set replacemsg-group ''
+        set comment ''
         set request disable
         set response disable
+        unset file-transfer
         set streaming-content-bypass disable
+        set 204-response disable
         set preview disable
-        set methods delete get head options post put trace other
+        set methods delete get head options post put trace connect other
         set icap-block-log disable
         set chunk-encap disable
         unset extension-feature
+        set timeout 30
         config icap-headers
             edit 1
                 set name "X-Authenticated-User"
@@ -33670,6 +38789,12 @@ config system network-visibility
     set hostname-limit 5000
     set destination-location enable
 end
+config user peer
+end
+config user peergrp
+end
+config vpn qkd
+end
 config user certificate
 end
 config user radius
@@ -33688,6 +38813,8 @@ config user pop3
 end
 config user saml
 end
+config user external-identity-provider
+end
 config user fsso
 end
 config user adgrp
@@ -33728,9 +38855,10 @@ config user local
         set passwd-time 0000-00-00 00:00:00
         set authtimeout 0
         set auth-concurrent-override disable
-        set ppk-secret ENC MQzetc6FhWaYcouGtRABvCn55ysDE9SH0qALkI7EIBF9b0J7DRLgygrbIZG3vs4jFIWQzy+5PBOl+TgVibPC+r/ScGxGVbNzUPwW/x+TK2QdgfRCTnuDZ8LCY9Lv+CGAMIL+nlcAs69xldOHy7uZ2H6fv0whQDkM4KJ944kns3n031QBay4974FXWpH+Maf76yKURw==
+        set ppk-secret ENC 7EyhN8ZXPRLd2ctpBcWOkLp5QIZlt2wXqYRZglW0nTnI7GQsBXd9NHynLuxtidAEfPaUhSE/JDUw4XIppYtHlZqXpF2sC7lBpNZFuWGNqXLZD/DPduGBj+tRSTjFJZX2I1opPBKTssq9Esq2RBLw+Y7qDxdy3Dt4VEMdwtNS12EnXAW9Ay7r3ErHTz5BPu09X+Y/bllmMjY3dkVA
         set ppk-identity ''
-        set passwd ENC paAPilLITgzpKaHiRAW5OMSob1O0ACCH1Tum2u+9kGkTftPKMYlFPooyK7IqAisUA9tWKL68GTjQCEfM5yZCrtkitXM527MFq/hXNm6so0QOMDoG/IuqiYQdLtKaJqCVu0x9dO5AjWyUgP8H4hkpzpq7dPrwYg2uU++xJtlYqDnZPHhDfXRujxAeSShJ/UWF1jr46Q==
+        set qkd-profile ''
+        set passwd ENC JRcMuRZeeL/5/b2Pvov0Lvbe+c9dmbuKbndYa3boa4epafeq+0nJsQBOPaDYXUk/wE7jY6eCoH5yE8D/OpOPn6EEUO0ao1rPT1JG7O1kY3f6pvV3Os4dppwagIox6QsAIyOWd2BeQ6pfw72ZD6zl7Pz4XXZuFjmjN+6n6xNSBY2F64cK860TgqOGRp7m8qiuh0spAVlmMjY3dkVA
     next
 end
 config user setting
@@ -33754,10 +38882,7 @@ config user setting
     set auth-ssl-min-proto-version default
     unset auth-ssl-max-proto-version
     set auth-ssl-sigalgs all
-end
-config user peer
-end
-config user peergrp
+    set default-user-password-policy ''
 end
 config user quarantine
     set quarantine enable
@@ -34157,6 +39282,7 @@ config vpn ssl web portal
         set dns-suffix ''
         set wins-server1 0.0.0.0
         set wins-server2 0.0.0.0
+        set dhcp-ra-giaddr 0.0.0.0
         set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
         set ipv6-split-tunneling enable
         set ipv6-split-tunneling-routing-negate disable
@@ -34164,17 +39290,21 @@ config vpn ssl web portal
         set ipv6-dns-server2 ::
         set ipv6-wins-server1 ::
         set ipv6-wins-server2 ::
+        set dhcp6-ra-linkaddr ::
+        set client-src-range disable
+        set landing-page-mode disable
         set display-bookmark enable
         set user-bookmark enable
+        set default-protocol web
         set user-group-bookmark enable
         set display-connection-tools enable
         set display-history enable
+        set focus-bookmark disable
         set display-status enable
         set rewrite-ip-uri-ui disable
         set heading "SSL-VPN Portal"
         set redir-url ''
-        set theme neutrino
-        set custom-lang ''
+        set theme security-fabric
         set smb-ntlmv1-auth disable
         set smb-min-version smbv2
         set smb-max-version smbv3
@@ -34197,17 +39327,19 @@ config vpn ssl web portal
         set limit-user-logins disable
         set forticlient-download enable
         set dns-suffix ''
+        set landing-page-mode disable
         set display-bookmark enable
         set user-bookmark enable
+        set default-protocol web
         set user-group-bookmark enable
         set display-connection-tools enable
         set display-history enable
+        set focus-bookmark disable
         set display-status enable
         set rewrite-ip-uri-ui disable
         set heading "SSL-VPN Portal"
         set redir-url ''
-        set theme neutrino
-        set custom-lang ''
+        set theme security-fabric
         set smb-ntlmv1-auth disable
         set smb-min-version smbv2
         set smb-max-version smbv3
@@ -34238,6 +39370,7 @@ config vpn ssl web portal
         set dns-suffix ''
         set wins-server1 0.0.0.0
         set wins-server2 0.0.0.0
+        set dhcp-ra-giaddr 0.0.0.0
         set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
         set ipv6-split-tunneling enable
         set ipv6-split-tunneling-routing-negate disable
@@ -34245,6 +39378,8 @@ config vpn ssl web portal
         set ipv6-dns-server2 ::
         set ipv6-wins-server1 ::
         set ipv6-wins-server2 ::
+        set dhcp6-ra-linkaddr ::
+        set client-src-range disable
         set host-check none
         set mac-addr-check disable
         set os-check disable
@@ -34257,7 +39392,7 @@ config vpn ssl settings
     set reqclientcert disable
     set ssl-max-proto-ver tls1-3
     set ssl-min-proto-ver tls1-2
-    unset banned-cipher
+    set banned-cipher SHA1 SHA256 SHA384
     set ciphersuite TLS-AES-128-GCM-SHA256 TLS-AES-256-GCM-SHA384 TLS-CHACHA20-POLY1305-SHA256
     set ssl-insert-empty-fragment enable
     set https-redirect disable
@@ -34271,7 +39406,6 @@ config vpn ssl settings
     set login-attempt-limit 2
     set login-block-time 60
     set login-timeout 30
-    set dtls-hello-timeout 10
     set dns-suffix ''
     set dns-server1 0.0.0.0
     set dns-server2 0.0.0.0
@@ -34288,6 +39422,7 @@ config vpn ssl settings
     set port-precedence enable
     set auto-tunnel-static-route enable
     set header-x-forwarded-for add
+    set browser-language-detection enable
     set dtls-tunnel enable
     set check-referer disable
     set http-request-header-timeout 20
@@ -34302,6 +39437,12 @@ config vpn ssl settings
     set dual-stack-mode disable
     set tunnel-addr-assigned-method first-available
     set saml-redirect-port 8020
+    set ztna-trusted-client disable
+    set server-hostname ''
+    set dtls-hello-timeout 10
+    set dtls-heartbeat-idle-timeout 3
+    set dtls-heartbeat-interval 3
+    set dtls-heartbeat-fail-count 3
     set dtls-max-proto-ver dtls1-2
     set dtls-min-proto-ver dtls1-0
 end
@@ -34313,7 +39454,6 @@ config vpn ssl client
 end
 config voip profile
     edit "default"
-        set feature-set proxy
         set comment "Default VoIP profile."
         config sip
             set status enable
@@ -34414,7 +39554,7 @@ config voip profile
         end
     next
     edit "strict"
-        set feature-set proxy
+        set feature-set voipd
         set comment ''
         config sip
             set status enable
@@ -34522,11 +39662,14 @@ config system sdwan
     set duplication-max-num 2
     set neighbor-hold-down disable
     set neighbor-hold-down-time 0
+    set app-perf-log-period 0
     set neighbor-hold-boot-time 0
     set fail-detect disable
     config zone
         edit "virtual-wan-link"
+            set advpn-select disable
             set service-sla-tie-break cfg-order
+            set minimum-sla-meet-members 1
         next
     end
     config health-check
@@ -34535,13 +39678,13 @@ config system sdwan
             set addr-mode ipv4
             set server "www.office.com"
             set detect-mode active
-            set protocol http
+            set protocol https
             set port 0
             set ha-priority 1
             set http-get "/"
             set http-agent "Chrome/ Safari/"
             set http-match ''
-            set interval 1000
+            set interval 120000
             set probe-timeout 1000
             set failtime 5
             set recoverytime 10
@@ -34549,6 +39692,8 @@ config system sdwan
             set diffservcode 000000
             set update-cascade-interface enable
             set update-static-route enable
+            set embed-measured-health disable
+            set sla-id-redistribute 0
             set sla-fail-log-period 0
             set sla-pass-log-period 0
             set threshold-warning-packetloss 0
@@ -34557,12 +39702,18 @@ config system sdwan
             set threshold-alert-latency 0
             set threshold-warning-jitter 0
             set threshold-alert-jitter 0
+            set vrf 0
+            set source 0.0.0.0
+            set mos-codec g711
+            unset class-id
             config sla
                 edit 1
                     set link-cost-factor latency jitter packet-loss
                     set latency-threshold 250
                     set jitter-threshold 50
                     set packetloss-threshold 5
+                    set priority-in-sla 0
+                    set priority-out-sla 0
                 next
             end
         next
@@ -34581,6 +39732,8 @@ config system sdwan
             set diffservcode 000000
             set update-cascade-interface enable
             set update-static-route enable
+            set embed-measured-health disable
+            set sla-id-redistribute 0
             set sla-fail-log-period 0
             set sla-pass-log-period 0
             set threshold-warning-packetloss 0
@@ -34589,12 +39742,18 @@ config system sdwan
             set threshold-alert-latency 0
             set threshold-warning-jitter 0
             set threshold-alert-jitter 0
+            set vrf 0
+            set source 0.0.0.0
+            set mos-codec g711
+            unset class-id
             config sla
                 edit 1
                     set link-cost-factor latency jitter packet-loss
                     set latency-threshold 250
                     set jitter-threshold 50
                     set packetloss-threshold 2
+                    set priority-in-sla 0
+                    set priority-out-sla 0
                 next
             end
         next
@@ -34603,13 +39762,13 @@ config system sdwan
             set addr-mode ipv4
             set server "www.google.com"
             set detect-mode active
-            set protocol http
+            set protocol https
             set port 0
             set ha-priority 1
             set http-get "/"
             set http-agent "Chrome/ Safari/"
             set http-match ''
-            set interval 1000
+            set interval 120000
             set probe-timeout 1000
             set failtime 5
             set recoverytime 10
@@ -34617,6 +39776,8 @@ config system sdwan
             set diffservcode 000000
             set update-cascade-interface enable
             set update-static-route enable
+            set embed-measured-health disable
+            set sla-id-redistribute 0
             set sla-fail-log-period 0
             set sla-pass-log-period 0
             set threshold-warning-packetloss 0
@@ -34625,12 +39786,18 @@ config system sdwan
             set threshold-alert-latency 0
             set threshold-warning-jitter 0
             set threshold-alert-jitter 0
+            set vrf 0
+            set source 0.0.0.0
+            set mos-codec g711
+            unset class-id
             config sla
                 edit 1
                     set link-cost-factor latency jitter packet-loss
                     set latency-threshold 250
                     set jitter-threshold 50
                     set packetloss-threshold 5
+                    set priority-in-sla 0
+                    set priority-out-sla 0
                 next
             end
         next
@@ -34639,13 +39806,13 @@ config system sdwan
             set addr-mode ipv4
             set server "fortiguard.com"
             set detect-mode active
-            set protocol http
+            set protocol https
             set port 0
             set ha-priority 1
             set http-get "/"
             set http-agent "Chrome/ Safari/"
             set http-match ''
-            set interval 1000
+            set interval 120000
             set probe-timeout 1000
             set failtime 5
             set recoverytime 10
@@ -34653,6 +39820,8 @@ config system sdwan
             set diffservcode 000000
             set update-cascade-interface enable
             set update-static-route enable
+            set embed-measured-health disable
+            set sla-id-redistribute 0
             set sla-fail-log-period 0
             set sla-pass-log-period 0
             set threshold-warning-packetloss 0
@@ -34661,17 +39830,27 @@ config system sdwan
             set threshold-alert-latency 0
             set threshold-warning-jitter 0
             set threshold-alert-jitter 0
+            set vrf 0
+            set source 0.0.0.0
+            set mos-codec g711
+            unset class-id
             config sla
                 edit 1
                     set link-cost-factor latency jitter packet-loss
                     set latency-threshold 250
                     set jitter-threshold 50
                     set packetloss-threshold 5
+                    set priority-in-sla 0
+                    set priority-out-sla 0
                 next
             end
         next
     end
 end
+config vpn ipsec fec
+end
+config vpn kmip-server
+end
 config vpn ipsec phase1
 end
 config vpn ipsec phase2
@@ -34680,8 +39859,6 @@ config vpn ipsec manualkey
 end
 config vpn ipsec concentrator
 end
-config vpn ipsec fec
-end
 config vpn ipsec phase1-interface
 end
 config vpn ipsec phase2-interface
@@ -34698,13 +39875,7 @@ config vpn l2tp
 end
 config vpn ipsec forticlient
 end
-config vpn ocvpn
-    set status disable
-    set role spoke
-    set multipath enable
-    set sdwan disable
-    set auto-discovery enable
-    set poll-interval 30
+config system evpn
 end
 config dnsfilter domain-filter
 end
@@ -34823,6 +39994,7 @@ config dnsfilter profile
         set block-action redirect
         set block-botnet enable
         set safe-search disable
+        set strip-ech enable
         set redirect-portal 0.0.0.0
         set redirect-portal6 ::
     next
@@ -34862,13 +40034,13 @@ config antivirus quarantine
     set quarantine-quota 0
     unset drop-infected
     set store-infected imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
-    unset drop-blocked
-    set store-blocked imap smtp pop3 http ftp nntp imaps smtps pop3s ftps mapi cifs ssh
     unset drop-machine-learning
     set store-machine-learning imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
     set lowspace ovrw-old
     set destination disk
 end
+config antivirus exempt-list
+end
 config ssh-filter profile
 end
 config antivirus profile
@@ -34951,7 +40123,6 @@ config antivirus profile
         set external-blocklist-enable-all enable
         set ems-threat-feed disable
         set av-virus-log enable
-        set av-block-log enable
         set extended-log disable
     next
     edit "g-sniffer-profile"
@@ -35033,7 +40204,6 @@ config antivirus profile
         set external-blocklist-enable-all enable
         set ems-threat-feed disable
         set av-virus-log enable
-        set av-block-log enable
         set extended-log disable
     next
     edit "g-wifi-default"
@@ -35115,7 +40285,6 @@ config antivirus profile
         set external-blocklist-enable-all enable
         set ems-threat-feed disable
         set av-virus-log enable
-        set av-block-log enable
         set extended-log disable
     next
 end
@@ -35144,6 +40313,7 @@ config webfilter profile
         set replacemsg-group ''
         unset options
         set https-replacemsg enable
+        set web-flow-log-encoding utf-8
         unset ovrd-perm
         set post-action normal
         config override
@@ -35155,11 +40325,9 @@ config webfilter profile
         end
         config web
             set bword-threshold 10
-            unset bword-table
-            unset urlfilter-table
-            unset content-header-list
             set blocklist disable
             unset allowlist
+            unset safe-search
         end
         config ftgd-wf
             unset options
@@ -35285,6 +40453,7 @@ config webfilter profile
             set rate-css-urls enable
             set rate-crl-urls enable
         end
+        set wisp disable
         set log-all-url disable
         set web-content-log enable
         set web-filter-command-block-log enable
@@ -35300,6 +40469,7 @@ config webfilter profile
         set replacemsg-group ''
         unset options
         set https-replacemsg enable
+        set web-flow-log-encoding utf-8
         unset ovrd-perm
         set post-action normal
         config override
@@ -35311,11 +40481,9 @@ config webfilter profile
         end
         config web
             set bword-threshold 10
-            unset bword-table
-            unset urlfilter-table
-            unset content-header-list
             set blocklist disable
             unset allowlist
+            unset safe-search
         end
         config ftgd-wf
             set options ftgd-disable
@@ -35761,6 +40929,7 @@ config webfilter profile
             set rate-css-urls enable
             set rate-crl-urls enable
         end
+        set wisp disable
         set log-all-url disable
         set web-content-log enable
         set web-filter-command-block-log enable
@@ -35776,6 +40945,7 @@ config webfilter profile
         set replacemsg-group ''
         set options block-invalid-url
         set https-replacemsg enable
+        set web-flow-log-encoding utf-8
         unset ovrd-perm
         set post-action normal
         config override
@@ -35787,11 +40957,9 @@ config webfilter profile
         end
         config web
             set bword-threshold 10
-            unset bword-table
-            unset urlfilter-table
-            unset content-header-list
             set blocklist disable
             unset allowlist
+            unset safe-search
         end
         config ftgd-wf
             unset options
@@ -35917,6 +41085,7 @@ config webfilter profile
             set rate-css-urls enable
             set rate-crl-urls enable
         end
+        set wisp disable
         set log-all-url disable
         set web-content-log enable
         set web-filter-command-block-log enable
@@ -36079,10 +41248,8 @@ config webfilter profile
         end
         config antiphish
             set status disable
-            set check-uri disable
-            set check-basic-auth disable
             set check-username-only disable
-            set max-body-len 65536
+            set max-body-len 1024
         end
         set wisp disable
         set log-all-url disable
@@ -36577,10 +41744,8 @@ config webfilter profile
         end
         config antiphish
             set status disable
-            set check-uri disable
-            set check-basic-auth disable
             set check-username-only disable
-            set max-body-len 65536
+            set max-body-len 1024
         end
         set wisp disable
         set log-all-url enable
@@ -36608,6 +41773,7 @@ config webfilter profile
         set replacemsg-group ''
         unset options
         set https-replacemsg enable
+        set web-flow-log-encoding utf-8
         unset ovrd-perm
         set post-action normal
         config override
@@ -36624,6 +41790,7 @@ config webfilter profile
             unset content-header-list
             set blocklist disable
             unset allowlist
+            unset safe-search
         end
         config ftgd-wf
             set options ftgd-disable
@@ -37069,6 +42236,7 @@ config webfilter profile
             set rate-css-urls enable
             set rate-crl-urls enable
         end
+        set wisp disable
         set log-all-url disable
         set web-content-log enable
         set web-filter-command-block-log enable
@@ -37231,10 +42399,8 @@ config webfilter profile
         end
         config antiphish
             set status disable
-            set check-uri disable
-            set check-basic-auth disable
             set check-username-only disable
-            set max-body-len 65536
+            set max-body-len 1024
         end
         set wisp disable
         set log-all-url disable
@@ -37298,18 +42464,21 @@ config webfilter search-engine
         set url "^\\/translate"
         set query "u="
         set safesearch translate
+        set safesearch-str "regex::(?:\\?|&)u=([^&]+)::\\1"
     next
     edit "g-google-translate-2"
         set hostname ".*\\.translate\\.goog"
         set url "^\\/"
         set query ''
         set safesearch translate
+        set safesearch-str "case::google-translate"
     next
     edit "g-twitter"
         set hostname "twitter\\.com"
         set url "^\\/i\\/api\\/graphql\\/.*\\/UserByScreenName"
         set query "variables="
         set safesearch translate
+        set safesearch-str "regex::%22screen_name%22:%22([A-Za-z0-9_]{4,15})%22::twitter.com/\\1"
     next
     edit "g-vimeo"
         set hostname ".*vimeo.*"
@@ -37326,7 +42495,7 @@ config webfilter search-engine
     next
     edit "g-yandex"
         set hostname "yandex\\..*"
-        set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"
+        set url "^\\/((|yand|images\\/|video\\/)(search)|search\\/)\\?"
         set query "text="
         set safesearch url
         set safesearch-str "&family=yes"
@@ -37373,12 +42542,6 @@ config webfilter search-engine
         set query ''
         set safesearch yt-scan
     next
-    edit "translate"
-        set hostname "translate\\.google\\..*"
-        set url "^\\/translate\\?"
-        set query "u="
-        set safesearch translate
-    next
     edit "yt-video"
         set hostname ''
         set url "www.youtube.com/watch"
@@ -37393,7 +42556,6 @@ config emailfilter profile
         set replacemsg-group ''
         set spam-log enable
         set spam-filtering disable
-        set external disable
         unset options
         config imap
             set log-all disable
@@ -37414,9 +42576,7 @@ config emailfilter profile
         unset spam-bword-table
         unset spam-bal-table
         unset spam-mheader-table
-        unset spam-rbl-table
         unset spam-iptrust-table
-        set spam-log-fortiguard-response disable
     next
     edit "default"
         set comment "Malware and phishing URL filtering."
@@ -37424,7 +42584,6 @@ config emailfilter profile
         set replacemsg-group ''
         set spam-log enable
         set spam-filtering disable
-        set external disable
         unset options
         config imap
             set log-all disable
@@ -37445,9 +42604,15 @@ config emailfilter profile
         unset spam-bword-table
         unset spam-bal-table
         unset spam-mheader-table
-        unset spam-rbl-table
         unset spam-iptrust-table
-        set spam-log-fortiguard-response disable
+    next
+end
+config virtual-patch profile
+    edit "g-default"
+        set comment ''
+        set severity info low medium high critical
+        set action block
+        set log enable
     next
 end
 config wanopt settings
@@ -37473,7 +42638,6 @@ config wanopt profile
             set prefer-chunking fix
             set protocol-opt protocol
             set tunnel-sharing private
-            set log-traffic enable
         end
         config cifs
             set status disable
@@ -37482,24 +42646,20 @@ config wanopt profile
             set prefer-chunking fix
             set protocol-opt protocol
             set tunnel-sharing private
-            set log-traffic enable
         end
         config mapi
             set status disable
             set secure-tunnel disable
             set byte-caching enable
             set tunnel-sharing private
-            set log-traffic enable
         end
         config ftp
             set status disable
             set secure-tunnel disable
             set byte-caching enable
-            set ssl disable
             set prefer-chunking fix
             set protocol-opt protocol
             set tunnel-sharing private
-            set log-traffic enable
         end
         config tcp
             set status disable
@@ -37530,6 +42690,7 @@ config log eventfilter
     set sdwan enable
     set cifs enable
     set switch-controller enable
+    set webproxy enable
 end
 config log memory filter
     set severity information
@@ -37541,6 +42702,7 @@ config log memory filter
     set anomaly enable
     set voip enable
     set gtp enable
+    set forti-switch enable
 end
 config log disk filter
     set severity information
@@ -37553,6 +42715,7 @@ config log disk filter
     set voip enable
     set dlp-archive enable
     set gtp enable
+    set forti-switch enable
 end
 config log fortiguard override-setting
     set override disable
@@ -37560,27 +42723,33 @@ config log fortiguard override-setting
 end
 config log tacacs+accounting setting
     set status disable
+    set source-ip ''
+    set interface-select-method auto
 end
 config log tacacs+accounting2 setting
     set status disable
+    set source-ip ''
+    set interface-select-method auto
 end
 config log tacacs+accounting3 setting
     set status disable
+    set source-ip ''
+    set interface-select-method auto
 end
 config log tacacs+accounting filter
     set login-audit enable
     set config-change-audit enable
-    set cli-cmd-audit enable
+    set cli-cmd-audit disable
 end
 config log tacacs+accounting2 filter
     set login-audit enable
     set config-change-audit enable
-    set cli-cmd-audit enable
+    set cli-cmd-audit disable
 end
 config log tacacs+accounting3 filter
     set login-audit enable
     set config-change-audit enable
-    set cli-cmd-audit enable
+    set cli-cmd-audit disable
 end
 config log null-device setting
     set status disable
@@ -37595,6 +42764,7 @@ config log null-device filter
     set anomaly enable
     set voip enable
     set gtp enable
+    set forti-switch enable
 end
 config log setting
     set resolve-ip disable
@@ -37602,11 +42772,12 @@ config log setting
     set log-user-in-upper disable
     set fwpolicy-implicit-log disable
     set fwpolicy6-implicit-log disable
-    set log-invalid-packet disable
+    set extended-log disable
     set local-in-allow enable
     set local-in-deny-unicast enable
     set local-in-deny-broadcast enable
     set local-out enable
+    set local-out-ioc-detection enable
     set daemon-log disable
     set neighbor-event disable
     set brief-traffic-format disable
@@ -37618,6 +42789,8 @@ config log setting
     set syslog-override disable
     set rest-api-set disable
     set rest-api-get disable
+    set rest-api-performance disable
+    set long-live-session-stat enable
 end
 config log gui-display
     set resolve-hosts enable
@@ -37626,6 +42799,9 @@ config log gui-display
 end
 config system lldp network-policy
 end
+config system pcp-server
+    set status disable
+end
 config firewall schedule onetime
 end
 config firewall schedule recurring
@@ -37669,10 +42845,10 @@ config firewall vipgrp6
 end
 config firewall ssh local-key
     edit "g-Fortinet_SSH_DSA1024"
-        set password ENC +ki9xKYowUDmzZOloViTSfA9dm0kdttlT2tjlsjDiQ75quMgN4bgLfOyUBA3vx3yrRwiB0fb/nMo3F+UoJnbO6pkGYs8ZnkFjagJZjFML7fNbkYSdVQp2PfMDDvnZHXOtd1dWKp9y3Whi9yC4XWj8kgTOHvj/ahKxHchrUljU7bwt9iXFZY5Ztl5HjNhcE+hMP8KzA==
+        set password ENC q8tES5ryMiumzeAtnrAzSUXwUZjLwIl70gSrdrPJFGgw8fZOJY/mf7mhRuo07ggjUzqaghAtyrqRH1RWsvfzn64Yg3jH9kM5N7UhYxR4qzEu+VaGx3qBiTrUe/S9cy802GhAJWNkQQm/mgbe/jmbmJrTGuJNz3kaHDwV5K4v/EILDY6IQVX+1mLYquIP3Xld60NZ21lmMjY3dkVA
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCsTsvNYA
-0b26004l8z8i7xAAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDho
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDfWpFE0i
+XCd0QURSp4tDCxAAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDho
 KqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTq
 a7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq
 7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXk
@@ -37680,114 +42856,114 @@ jxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFR
 XsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEe
 P+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5
 lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11G
-wlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQAAAHgzgAOtcSS6fPeDulJ
-39PdJTzYpcTKSuHcUZV/mNHTzVhJqQxB6B9HLzfNKCy3EryifKql5HG2hhH6sggu00PbIl
-iLwFSIZRomdxWdDEC/0iOm/SvFkMMDR4R1VjNiqNsZcalKL0MuUbD65eRQEMhNwU+NnfD3
-w9zUGnQIrY823ehOaomlgzFJyBj88c3wOp/QAnaJwkK0q+F6pPUrA8Elyxjx95e2ysstac
-xjp4WRnWaAh13goad2tKPYRZr7LBYRpJMDLrTuedPzSbe+qgKEeMG3LiOX5dSEzRYh0CdL
-YihrYMyiosE9Q42QWGVt1tostNWY+P84pl6Ums5yH2ePz0htMhv6Ykcw+zuDGgDPQPIep+
-YivEsMViSNYAftgwHjKZY9vSm9Z080nCD1Y7am2KxKiDxLZjMpGoCqUVj0bgMRatalRs9e
-ZeRwi8Snls61FjQiyIFMcfKsihvBrZaFKIz53IBgSFp3t3vmOB1PVHy9oW0DqP8vgCu6qy
-wgqiinAB9ITb6R899zqkf6OTL/gTmZvZJQdG6X/L6xM/GeqAlbNqq/XUI2W/3AGGFYurRb
-floJVo0ZGUcsZBwbJZf83CXohyF0ZxU+BA7z/THjasuxqgW+xil417cAAMx1kY0x
+wlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQAAAHgS/BQuclL3Fmvho5r
+5vjUwzJbyChZhWxkXG3eKGvkshX8YTRtMWlUDLMIPX6RQk2N8dtWdYo2INAYwzOO/nHgVC
+ZoTlNsCF0gWa0vEbOikSBU2wAJpfTZFbBzxUSKcvK7KxCTDJ0LWNLmTypFhxaappjiy2BN
+x8VJDLG21NU7bR86lFhg1/w+OXsRdSBjJpI5ox2raAyPS6we5ezjPm3y2anL5TF4A4AmM5
+F3KkMZluZGBemTxITZJC2RwRXJkPm+93wC7U5ILVsn2J8KJjX5Jqo3flnXjBe3y2s/NJCx
+31d2C/BqPmzgTus1a+xcAk3H7AoLIlkUQ/Kuvmd4ALcBPIOyz1UgoitYpQrxW2yz9LfAfC
+dsMCsCceYbY5oOPJJ8frLbDkbSfDlkQO2AHP+M9+aY7Sc9ehuttvdQ+kopBP4y0v8k6n5F
+rV/GOPkr0rAThvkiCtectOqIh4pOJdWiHV0UCKuzka4kYqda3nIB59SfjrAJU4Fs8Plgr+
+EaZmSp5z429V2X3bZch5VL2L5yzbwU0H7vtzUM/BCNsVHncqyYJeSHc0Q6+KgSuCsr2rvO
+26/sUh9gQ4OBP5WcKZRcjRtGsXy4Cy8Z5OD0JWIrWlTmXZn9IQaPpsaMEJMF52lV
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDhoKqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTqa7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXkjxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFRXsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEeP+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11GwlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQ="
         set source built-in
     next
     edit "g-Fortinet_SSH_ECDSA256"
-        set password ENC o1X564honxdrHGX4vIcQ+sREabe5dOwxU4QAqHe7vVbpXO1OoyHabynycbdxWGgLlS+bU80B2eUnEtjLyr2RqXE4f8x45HiR1h4Uqwc4mj/F1jY7HftaZDtEM+QvFUqN62SjpJONd30/cQuoOk+BCEOrYcGMMwiYfznytL6NgDt8ofmu+1h68uDvsCb+ID8+EuRLXg==
+        set password ENC YaAGI6S5QWpC3WdS6oCdGuddDunK82z5ZDxjC9OFKtpE+stGe8tVdsHHfapBeXPXhnZ61TZd4WL7ifgCW3Olc0uK17QfGg58CvPnEYSvjHTaO6RoG65PqZNk8x5bmSa5boo4dwau3eosfJM9I4++RjytnR8luEHjion5zB8l8zHPGYNFgB7N/RKihW4mSmHJFkDHwVlmMjY3dkVA
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABC6LqlkPY
-/Hdb6OrWPuEFY0AAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB5/6e7jl
+Mch9M+27aUJHDlAAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
 dHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvK
-y7MHqF8ARHi1glc6RSoarryTUQuCIAAACgVxupR7dKdgRH81tvCGVVIDuY//Vx1Yi/Yk0h
-BPrtDwxQhyoplotmX9mTOqazAvefWgTaNjvM9ijdzDa4ZaqNRnnG3P2I6Q9MPhjJtAXU8d
-6sLeriRKwNwnKx2IOvUqw/Pwe6rsubJPij0vXYi/cYVz21DERJvAG+5+1ADdYBbCKG7eEH
-84sWnBQ98dSS7TCNT3vSK6o2Bd6JddGULj+UPw==
+y7MHqF8ARHi1glc6RSoarryTUQuCIAAACgkK+gYlQYEjpNKQ3JDiggWfHFxRdEL8J/6GZK
+P/yWY3iwinZj3eg+3XFwyGgbN74kRJLlrbVCkzWkgsTRIce4gVqvD41EvyAv8IrnvqlSgV
+KKhqvOYrICP1ES9y4himR5YrsbHvSaiSCCipl4ohdo8EkA1XuGFaRiWHBoN+J+9YskDuhe
+QNVOZyHrEWqSqVCbiyNDii1wdNYqIQJTkxVWGQ==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvKy7MHqF8ARHi1glc6RSoarryTUQuCI="
         set source built-in
     next
     edit "g-Fortinet_SSH_ECDSA384"
-        set password ENC e8Q6MVofiHjzGGJNwkV3w058OIkiG9rMYJwCaz/mmBgJHtuqpG4aSLKbVGcyip0SJ4m3iEflyiXhLdPg2h22sDY/kLVfT38P5FIPe1cK1RattQ5TiDPAJOg6YTb/CJJMYAJ90NFitsCUURuLFpErquUJ+aa0JYZqxU4S4Iiq36q6ngd5qpKSbMb25fe1L8I76W8Pvg==
+        set password ENC 3J8+h5uaiYE8GAU8G0Sdvbs5fraeD2lTAzq32+aN+0TfC0aZ981MHCZOcp3lSF9U0O5BQuQSq1+ctbAnvz32K4vvsELMHNwCQV2SpOAG5EL/O90gPnu0URWDHuXX5jUUJ88CGKjRjcT/rMd4uFWLDEanZGYe3pB5p4IrfvgkRE77S+7IzWjPeZ1lubM4R2/Mk80HfVlmMjY3dkVA
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB0uOieAX
-++ifn8DLavtjHxAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABD6FGSydb
+MfCfEkjYSDilDQAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
 dHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMj
 U5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXx
-dgAAANBLValBjOP2r5C1kT+Yr9A5Ce28py9bbFBwKGsyJRRyVOmJJvq/CjlgWrdenCuNED
-QUokZvQZZhhbXnk4KZcl/XWrq1b2lCxwSBLiiGLpyNUg+AvIRs13UiMZtLJLbxRR43BNpZ
-9FDCpid1AfE6TwpGvdx1dn6Ah4nfcxO7emsKe15Gri6KKxZxLD2ITDErEPrfZ5S8FBNKYW
-HQFDVYdALCo70/aeJhlUqqW4Xq2SW4LLvSFw0aeRi1GGUS+ym6ffR9h8h9cVatLZs8h6st
-2F3+
+dgAAANCDHSic3ugGkKXrzCRCN4F9+HiSwqQdY+p6vgp4eoW8VbSFvlSOwCJ0YCiUJtfbBt
+w5njw5GMczncUHPNb7z90o9bv6KoSmlEHeXfFoPKl189RWx93tYuKlh87wYucskyv8QgR8
+6jnKX2rSmnjytvCOHahd+dSTOg5zwXzZUBSe69NXYrm7IUV+MUJnqA/wQfUu9gLNqjgEmR
+DkKTxwKb8V778U+acbEaCTglnZSw1Ci036r/1CDOpTHNFnC+8zRFFtn5XW6A2fWfSLYEtU
+GanS
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMjU5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXxdg=="
         set source built-in
     next
     edit "g-Fortinet_SSH_ECDSA521"
-        set password ENC ENaobehFBeN9wI873BWDyEN3MpKSMrF3oIDiKEPzhok2Ttl52O50k6eo69POywZGhDRTLXrJlGakZuP4vgoeO5+K1oZjp0ny5MEWBRf9fDTJBlILPShGfq25aVfaHntyjkaETiDK9FVGF+2SVCLJGFPG5bV3mgBBA4OovOv5wXP71dKLXG98cm0ll0nRIwQ/NPhtLA==
+        set password ENC hOOfsik9NInlc7unFsClWxFpNI8Ql9knU6G1kfx8b5SRKwkGhhoU31HSRlEGB7TMCW7xZxJNlPVGnkLa1aHE8rBsTc8vMEnvYoIrXs9KldQHoGnZ7E54rK1vMrWhy2iwH6RiuZe+9mwCdDjayTPfcu4//UVWSSowtJ/OrnKIOR7j7GFz2qh9LWZhTn8pbDIIScY20VlmMjY3dkVA
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCBJpFvQr
-+3HPGMTII33aC8AAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDvliYNGu
+EFZjQlDTBzJmi5AAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
 dHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdF
 t5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+K
-HPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RAAAAQAIIfxsaGk5HnTJGL
-gKLEvymOn6YH6QOWCl3sPREJV3f1eePm1s+1AYbP9In7PkE7QJAxsFua8lebxEp6Uif4xA
-NkmFr2DxyTQX109wM71cssRrSvjlYiMJqFd2l8xeqlZA+2YEYCKkVZnJBry/oKoDfcELyX
-1EJVj9DPHrjRA1Y0VqOyXqLbmf5iZaLZskZ3LzRE2mH08rL5h+eYbeJVD0UmKN7NdwJtU9
-We+TPo2xrB6elHZIMlV4ppGUPifwR5ni+ZRgS+o/+zoHu29PEvGztRWNBN957ZaTGd5eNY
-v/mW78+7F5tmt/KkV2SW7sJmZxcPoA0ONHwtHmaHqdhuua
+HPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RAAAAQABILIpSeVN/21mCe
+eVUgOLmNu2sYRE/pHxZoKsC1BpjGNQWvg78hJ+cpll5cP4ihueTkQ+fgA+0uxO6nEtACEN
+3shPq5zr/OK3JdTlS9NorQjuFv6CMVsP8duQws9NSrt2LJvneAXMN4m31gkVRtmOAFrUBA
+xjViicvdDNxV+Sqz6cxnmRe2zMobQkjVKPOu5WpOVFeRmrjUSoPwrR/28cPHFF6IsdONA1
+BdX7QWIzC9rJrfgET9JRlv7s0oDJWQyqHV8S84TDvTZPnot4pkNAVDr0qJGPoWjCPbMxgD
+jhfbcs7CfjvNT4zfbw30BxniJGjv/WFKDyljfkcNgS9Qgm
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdFt5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+KHPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RA=="
         set source built-in
     next
     edit "g-Fortinet_SSH_ED25519"
-        set password ENC xSMiq6+j56hE4MMfYNToFP3lkPp+Ifk0CV+hsCfZf2cO81bG1i62AipZFb9l8pPJEcnAyTck0bcyGWuERoFbfdPpSpmsT1i63n61CweLBkLaKsmISE2lieY4lYwVPPLB7SXu6R3fd8xp/AYtpY8X/v7ITWSD19XpyqFw+AZUpwvMmZNQhzxNa8pX+AKXxHnawG6NSQ==
+        set password ENC lPciyrhHG3Bia4AK8vNJ/wSE/XndpYH3EwRVxIuqaPpOCiYpYs8kwFiznFwuhva8bu+9jnQLWXs6ASfb6dMaLTCCT5fN6j57Px7YqJfvgFu87f67C8HY5fC8U90ehmx2ZO7sIZLdr6BS0pElSMmA7edhFtONXiCgQ8p76SN7jZzsilCGgV3uqPtxdmk8se66f8I1+VlmMjY3dkVA
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDW2SdDDT
-+IBJQ0+eayPutWAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd
-3JUEAvHnugjOGiXz5Puxg/8YfanOAAAAkMpcWN7RXKH/uB0iWRlrAKTPHK0f1xqBoz6yqO
-V89vDInRfhlwYhS9AuFfm2OElbDGek4zOMNpFrGa7tlJw1NC74SQlDkBe1wrLauUy9MLyk
-ZCBfC6Gw8g7S3xwMYKQ+AVUjfQ2x/800xJhBLKH/3X5gtyjIKuXhRTEjZQBbBQjWtDw++i
-9pkiQ2ltDNDw2Upw==
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCypLFkwZ
+tKzdWm6jAo4HMxAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd
+3JUEAvHnugjOGiXz5Puxg/8YfanOAAAAkKGif1mZ2Ci/8Ty3MdUpzVXkVMImU2SyLcQtb2
+zaVVssBq/jtlETxJaMwWR6xOhrVDvIxLzkDnZFsZYsVu1HGOJqk0/CfOTS4VkLxvx10Wro
+gXf/Unv0w7HlUX+hl193A6XuAiSjjRR4TPGfmYrEXMXJ6wS2yLQ9cOfAh2WjfScuZ2dA/f
+II2QDrxxeV8140nA==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd3JUEAvHnugjOGiXz5Puxg/8YfanO"
         set source built-in
     next
     edit "g-Fortinet_SSH_RSA2048"
-        set password ENC 7BZP2ygty0pSim+WHZ/zcW1oGsg8R2nuQQGlljyqCyxqKo28+ZaKpxeQ9wDZHGyDC3ijVU7D36fA/oA8TpABuGD0kfB3lb7LOl2uUTv7IrAi4Z98ZFEhYMu7AdkYfGxiw8yqvLg/hkbA6CSEut9aJXht2tblLY+L0F1FwUnRRktwiXePOP0wzyOBpwz2x0MNc3ZFvg==
+        set password ENC 7CVz1J+WBwc0RHhT4sY7HkXdMfKv2zlGU0MmFVewaiTKuaGLdycRSrMwQfztrJzgXeKEWOWJajX6hRf+toRSAKVk4FZFuLRqC8qeFMeuAMCPw7lWL1fKx3p0fERD4jzdETS25yejZdJI4ZY1DbbAMeuSA7WZZ99fMlE1KwPNwRRGro2SNZQwMMc/EfYYvZFFIxDz/1lmMjY3dkVA
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAFQPGDpG
-Q8o+mktySPJqK5AAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhh
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDMArkPec
+zvbzQNQLJ+ZhHHAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhh
 Q5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7
 A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GK
 hFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvC
 HA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8z
-OSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0vAAADwBoKo+7xugNDDC
-Xb+rcQGbPgkSpeDCY6NocfPJ99rrKPm2/Q230fzQ6LHbVTujGV3K+BamTb+CjXkZaXlvU/
-OrscZtORhABTRBd4/oY1nRjSDvQerQD8jjKAgJvqWE2KwPZJkenrdLPQeSjvfCTt28whuU
-FBEEsoQe3/L6FKL09xCmyjv4nozCDd6+/qHKhTXa3X9kuRHgjifu0GKAgVzVCbNCt4DHKD
-NzMLQEBvluihTyHefkeb0jY1InbckYU20NljTqEk0/F2koKrYi3YAg0mvZjM9tVx95zJNo
-TnsdlfdUZXMuWAV11rn6QrLfd8QrGwOUEWtYzZRhCcSFV1c32dCWMf7F6Zcn84g64HVMqB
-cd0ullOU9HmEtnbgZjtGXAWLFF+4SjmsHqI8TL0AZU85+aW6JB5XZ7WxunNSiP2DrF9Fss
-x8Qz5S/QJRb8d7lO5Laq4MGXyjaWpPQU+4Hl1lSBtuUp7lcMHMYy3jKXSroSzcDGocEN/A
-Ori4Mgc/nt7i7HHXOO2wEXHO5ibYfbSibPeUsbgdf6+777ND7kEXbcGJPvraeR4LmrO6T8
-cTLkXCakcXp6tLzwF0YEASKEEsr8gJcAPahsV2ITa1peppN/yA3+mW4bfAoNOE9HZYiYgO
-/1RGz1eIW5voQdPWbnw0kFGFBv4u4XT1dbXJUPpa/g+jfWjwyb4TDgVpMGMezfyYo7EBCz
-E3b0Rruyfo6AGgK0UmbrznOR6vApeRcjr+BrjNUPpqBcwfEbAPJMOlqaOVP3B37UBpbgDX
-pRoIAOTwEKtWwKN/wM8CmrRxqInWUBxf3FD4wc0O6eXUDQzKsQp/+X3l8sgtrNFa554LbW
-V5QF9BfO1IJig8yaki3xg+M8Hrf3kMlMeOWLXkCJ9aJf9GUFf4InyhXeyj4YwBPNb4FRCS
-ETU45sLhXhvRVPQGW9/PBj6y7i6qIE9oqlqiQ1SE0bUJTxey+4qD3WkPpHqSPQMeMkUmIv
-tpWKE15D5NTdKKtziX9e7D9mjfFh4Ab1CSZQALodWo9racYYIgl7Lfq/iLBt/lCRb75ZDx
-+gPGjDrAuj+A4xbRmrRZbSHAVunAm2LEKgrILzfPG1GcWSdB0Yd3cc2HTrEuWQQsbNPiuN
-tRMPA5JODd1sqFRkUjZ2GWqL6YW2TlRXr8ZbLgzyWTlWY860QRUoEZKAKuZzFva1/MnHYc
-D9EWV32z3WAFXeOkdO53LirfXoyvz2JkQ1sDLFpLfpnvZPjy6fUd1t4uZ9oL4AUcG5A+sH
-Xt1vvScA==
+OSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0vAAADwIRR9CJ+uKIOJs
+oMuy1BuqQOC29IhsTIfwkRDQK3qwP9D8k/G1TXuP5oXTb4QGPcx0S7DWvwKb5/ZcV684XN
+LtOWypeXIrV+IexC5ihXDXkUnvKY6Gbgtu9q5VB63p2SDuiDGxeASmWtsJ3TU+RdrZ1O4K
+TTVZ5p8Mb7/AFnbpH+lSJDEHaZ9qw/5EtbKfNTvJhXjnM/R7hfFtUW6lxjy3iv3K88Fv5q
+jOvUfF/ARX+TIQZIFPCcEsH29kt1SVo1sq/8/F+dwDPObCpDh2EBjsu5++NMD4Y6/DdDrz
+Jaqv1wjQHsaFYI8ep1pRvBUMrF2Bx3xpnTvx77qqA8dR/tL/t7LeXFHUkHHsBp0U8PMjlc
+Sx+dMtIAtBg1l6j/cHYmgAyo1ZqqyLUyVim/cwBpHBuM9QORdFUskJskB1F/bwOT7FLNzG
+1ffMFVM3HABlaEMOfgIcwfgerew8RbY/SxdF3uvkZ4J8tnd/srxfGjQXO1FGMge8Hp5gwY
+x+fvsvJFIflQaiB4cqeAUZRGhaIq5ccQA298ndlyigGKupIXqdNyNQkShaeQYkCT2Hf9Y1
+PdhfWfBRF6cFw7ZhdxrzlBHsB6RySGVZOIFHFzFcpbE+u6NNseF7LXZOg9eVOIAYW+qcNz
+Stw1O0DtaZEidODJB7t2bj8Gu+7UhvJsyplqbuj7Ohtfc2retEBn6wC8SgfLbIn1qSR/R3
+foTD8xvac3TQTERVbk4o1UEukRfbRv307kj3UdotxTpRpLVYnW/0QxsGf+CKOnxGimBLiX
+x6IJBjRfr3QdkzwosMbC5Cp5nvIukvySAMoSG4+VEJSR90Wf0/G/705999L/G3sUNNTKWI
+7FsF5/DZENcm0xbrXfzLj3tOFMeE9fcqQEZYLzOyZhqYllU5c34BlhtOt7ygivSaJe2a52
+kQ43vq+VRkjCV501sipDiHeic1/bEOs55ERGB8yh3Ge6PHms5yunZXIpM2Y6GPQ2Rgeq4+
+ZvwVtpFtDnL3BOjlxI27TeXYI0x6DsFWzcgl7ljxjNx9HN0KA3mrodjscrAFeBIxQnjyiR
+mx6VURNltMIYMnNQlXW4FHH7yGXzXYk4ojhHgcgpaDbPHQm5G3/Yok51pPtsQ9J+7m+ehm
+BWLKEE1g7lAiYtI6bBbLQuj9VfeonQkO7aNm8pzY2znIQlNh1SQlXnUF1qdggAEXgsEVIt
+cO2ROJsZFsbT7Dw3tZAkyvotKQ0v2SFwboCHCSWVecx6Q4lSid+C+MsbxO1xlEHwNDq17T
+G8Wu6e8A==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhhQ5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GKhFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvCHA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8zOSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0v"
@@ -37796,68 +42972,68 @@ Xt1vvScA==
 end
 config firewall ssh local-ca
     edit "g-Fortinet_SSH_CA"
-        set password ENC AKz/uKRtkslFcebCjbf6zBkwpgKxKO5RFzbPop6oBdqFX5/BCEmbADIvLjllAywOjmkibr+fQQugl5krB/TYXfCD6VYxUxC9uARR8eLPKvbKQ/sdDftXh4X9fmv37dHjuegc7YFdgtUjCCqNUfM8CZOlftQDnoxgbTNrvB89pCRk2RmjhpFioYFaeIDXBN5NEMXPcA==
+        set password ENC DWjIvcZuDuk1WE7N0uQwz5hNaYiMlDHePgZ13ceqp5Jkr5ECsEPvUWUyarzfJTPW82Su0bQCu2uJg+4T1nZcHbWKYoerw9AxOZ/1DtYbznqZDy8WR0R/vbwHjydMecVg8U0ZRueOD+dKgvPg4fKtCJniWz3WByAt0eTy4TYsAK8LobapCYdewYM85MLPDKlojlwN1llmMjY3dkVA
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBXtpsaPd
-cKixlCrpH1L+AaAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAAC
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCyBrOQ1K
+Qw3YmPTDmVPFkpAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAAC
 NC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+U
 ZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGP
 E/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7A
 TB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIa
-Mk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9AAADwP015jrfUNd4Is
-nXeV2jaurZ4OE4N//EUdqSfty0cK61mhaqrWUdyzDhnsPacuNYO8Qf23oNsuBMgQk4VgKT
-+RhSuipr6Q4i+7AFEdDz8JknAaIYmQQUgPli583uyXKk3tCeOu3lna6rCl0LQTUigS6oby
-5Ha/qPEZiTqGkydWdVm0J9q8VvBDBMIxYF2IEZTr+Ie9+N+fy53FwnK0Hfn9ZzC8eH2GWI
-pdDeCRNUlNbwFcNIbpOlo7HelDLxWvrLexIhdbEsZYfK98sCDkHAg8J1UtjiRXDnWOyamx
-MYL1FfzQG1dl/d5uR5OH8H0ULsu/PgJYGtNeumS7phEJOoqVjrWEoGCte3WEDdLl9kOxJz
-8B6JR1U0DifuSr64LrCuaLXjSd0RMQ/pqJdUfpyjVhBg+voS78b0J2CrMT6iFlVTgiJN/U
-wvCx4lh970xWzf/wwpRGN8aYM3oCZs/bDtDVwJxMttMFn/3dNTa6+E0/g3vPWM+o+/FUz+
-OKptMFTGqCLNwtLatTSRWFG3xu/5hIH8zlcSjycgu8GHeYjq3PRZdy2dFsAW9pUiaPIdHD
-PjoQgl13NZvl5NZYUDTKGqOnowLkI00NvoGlCqCtdMHtZ+ZMVZpFhgYBTnM+AprRbtiwWq
-JFRmwJlqDYZd+J1ugxuzS1UeN2lzs56GOPFnjqkhelrHxqq45H6KRNLEyCxyI6BhFFO69C
-Qest9C8MkpXOjU1+9MAXJ6JPbJJT5o2Fm1r6W7IlpMVifgDya2dSkvUBV/bUrRTB1jWAlN
-+dwlacXiJrOEmllFNQr7ZG4aIN+tCGnRPO3LBIy5EQqORaM6XxmlN0Ok4KELiVQz+lYRx4
-KgREH9C7Bfh9GKZJQL7aWXb8+GgkD4WGN77iwKu6LIE6mOogapRn71Ci80/+NL6uMCrBKl
-uArsYelYs+3iZDAfRb67cqDSYWIm2uWJ9j6ZePWjqB7etXLfheIgPEXALsHfbzFqVxqeqZ
-8hIoe2BIrWxdAKSk0ZBeGhU+8pWqNNfr3FAbelg7en3/3hddLFKYJnImCsJnUESdySg0nL
-s/IjFJJoVg1KhtMsGH5nJyDBLRRSk2hIQ86OKbsWmtQV81kwLpssDBAtvI46Yi3aR1jqof
-S5QDHEI2fEhbvSFhdY26Vt9M+NGxYRASMoak6f6CYAC9xAG3BHjiBiEPzhkK6vmcfjjX+4
-+y5RZ3i75Vodx9N1FYWlhGo/430Q8E1IlWSAYlW7elypTnrfpHhTBJ5KN/cH0jRECai4gr
-ABMNge5w==
+Mk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9AAADwM5O35zHniauxJ
+rlIYaSeEQxLsM+X4fapPScsXmQNcmmngwsEgcEZ1YKq8MQENzHOyWw59FYlR9mQPyidwrK
+AbzPVkhnqCDlUBT3GOUrMyfZfuSJmFlH26FCjuXls6Vg4IVRSI99W9hxlbLePvRP94NcgQ
+Hh1vXpUoofhZ6IYt/dob93+fygcR3toCXd2C0EeyP3OXVMGPOnmnEXKliXaimvYpC0csXl
+a7h0taBg5cq9LzkM0ywj9ikKUnkfUKIrqv44Ji+Vgcw8nCRKNsynd9qf578G5FN/VRQ9Ao
+qd9ogC02xXA1HwewhEQYetYd92oGT/neUjfyPWBRNaNdY7lPvQ4OjHeVvS6L2R7zK81AP5
+bQaN3d+fM89jNmcY5KwFxxPHVaGqBZTt0dwT7ET9Z7oo/J4UznUD1a1TK5O4ciy3iDpaWq
+5K55O7cPYyFeR0EJPx9hD1AH9eCzGukHD+KblNRWuSJXTqJSEP62NA+0szxNxCfCp7HZqm
+3iztvJMw/Lx9k9CPnHTsr/0dkocZSZti47Dak7L70BnQC2+KnGkUboddl7Z5eGyBQbtAkS
+IUIlQR7Rv+q+AkqJ36EWnBEVrve7d7TKSdR5pxDet60JJ+yE3cDa/G/IwW00ACC2rS133Y
+FWmMRzZfsZSZ1gQrYiNCUZARKkg7fxnONj0oe+oBZKeYkR+UNejF5vVKQZVPx2fCILZAyn
+J5qenJbZhkmDeVS0fMdoCrmON5wAKvz+WWuGTgJw34vqtvJovJtNno5moJRAWk/RiKYdIo
+X3fFmNPP82dGks7b4A1LGz5qW78zGgOSICVEBRHCMi2MBUsrJ50TwbVNz4jjKP6bYID5vh
+ghM27tO+2GSZHeBt8kRG2qI6aH5IHAKXi8gn+KwqFWtx1Em2KNHW/eMfMkQtD5xnE9F466
+V8Vf9Xe5wltVGE87Bt/IYkVN9wM1XA3p7byitNOXSXw2jwLpG9beWhyV/OzkKKJf0NQ9/v
+mX65nyje4q6+8PKjuRliA5vVMhwK6lxJ6BJBHe6/fd7IjDflm7JMNZc6bLwaeJHbLWlFqC
+4kwtt9SV5YcFDGOn2my/bTrAchhOfOXf+0gk63yVRrQq1kJDqn/lqytJGS5a1YvqsMJ4OS
+W9qQMQY0nzMxkLaNB9Q9G9uVgyDDAsye1yg1bL24CrOT4pNf1JeNlqawNkVj2jycXzqYPh
+gL1mGUSGlPfBVKg4359Ml3rY0bykjU5xXrguyKv95ShhctAilSQY4tg40cOeoMbCg2Hiji
+iYxK2n0w==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAACNC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+UZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGPE/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7ATB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIaMk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9"
         set source built-in
     next
     edit "g-Fortinet_SSH_CA_Untrusted"
-        set password ENC XRGKbUXRKSTjCXRXCuCNbTomePpDe0CMjbZ+QXIzXKHQ43heg7zf21E8UpkLZb1xtADTFiMgHUe1DnA9XkPJBrVcjgW/j+l+wrqz4+9KQ4D92Bqyqbb+lvpizsWKwsF8wov7vM6n1W85blEwIicTaOjI2ChwSYNyOnB3pZxy0Xxb5leCgSFhROj8FxLuLLGhvEqi4A==
+        set password ENC Hq0FPF+GxwYlODdu6DoyjxfuMATlMtvg3bVVCE7l/LZCuZOn+J1VHluNFZLQim/YFNuOPg1QkvnJA9Y9ORU4JohP92m44Svr6JxbYqKPbFjjXzccwkeoo1atBLVOxJqrkPTFu5LhpjbPT383v3eIHkmoO/5ZJgFp9Kwhyc0LLD7wpKUXJNlXkTK3qRiJOixB6xgbeFlmMjY3dkVA
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABD/KlvLSV
-ypHyY6ugUeE/hMAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDOK7jymL
+y7LiXsSxCZXuzqAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9
 RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lE
 ZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eU
 iw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFG
 Xi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mv
-NVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZlAAADwDMtKa5JA56wxK
-0V/lnCF4yiSneXjb/G6Sdt6RMxopk4ZeIrHTzQYZejJcYWY4fq/1Ifu/bhWryo4fimHzQB
-Emd8yKx3JVno0jqb+DXgC0ggoOVyEoSxImfjeX9utZifTv7IDppx5JIUy9fV0uTa3K4OH+
-xhExXukD4qKjlkmOoa1+Pn8GuuayjIzWY/45Vvmgx6cRQJ2zK9YzMrf+1atXJzEmjsQ0t/
-UZd0hWfYfTebwR0JTt3tF9nUJPMx8vI564EuHz+xN1I7CQdj+Oif2bTyv3Fu/3yKQuAm6n
-NRDCNj+NgMHyAu5q6rxIqHTH4oZnJ0OQwu1Gsk8FhzMHZdW7ZHOIxihR71axts/g5NuBri
-aUyfDT6X6w847kQO/ijODuTD3N0lnsPQMWCijRUrF4F0l3D2hXM1fNVELAHkO1hO27LSrC
-iNWtrhbn1NmJSitwYSieTTczKa6+TkRg31w52JR8Cjpk0Q/9Xih8p5m48Ywo35ZBWE3jC4
-NGeXKX5t8hNilVuHb6amgNXtoREM178ursALABc4uPoqV5jdKjZ5HfDgxPayJP0a02iD3F
-zpXvq5+Povk0WbuRW0cOg6Xri3pL5zr0YrGysKKV02urJv7AMRr3e81kzIs6hGDAdFRZEB
-VaLk8e8GIm1KdutZ5VyunrhEEQuXjwRbgUMHWbLYGyl6NcR6VrTR3mAxietZJ+vpO/j1U+
-jL+RcZwQs2RF0l/sKJ4GYXEKG1Dg7HaduzQVX5MZMkf4YDs43SZMCP2gecIKrqZpn9MEGk
-1JewLIQq7bioSpXHzLgE6WyXVLsNNWrEv1/BxJIKtZ5BySsL8H14kzQYZxcobQ3jZX3GSL
-eaPyZwBs+M5VadHELZp61eUB1+OGMYQOHogihV5KRfudQAjmtak3e5xDtmXzrNaKF+webM
-vMvSL6na2ADlDjS5m6FB4SQhcO/e4DERGKHZVV0r00CSamcTDCtcBHXNkoIQJVH0+uZxfo
-/5Tzu5Nsy6QieR3zwT7Jqv3jgJt7hnhm3tjE+eomJ7i05qYihnvj0XAAtRllhq25UhJXh1
-Uaw0c0H18jz0NP63FbFNXcPJJrhQkiELsZvNDi/U+XvbLlwwZZjXYrzSB7Gi1ImFRx85/S
-pkYR0drWgEM1k17hqSpS6RxxnL4ReX4UuwC8pJnkHFkmlz6oFWGJC07qcS7WXaTTLnvKNn
-vf2tdICS8wHNDfNVNnLha8hJHEZ3s6CwPVAZ+/M3YB4/RsSiK0D6aTTfcJi0aluTZtYF02
-PWD7d7mw==
+NVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZlAAADwBFA5WgGixZgZA
+aGWDArT5DTEdJ5cnxDdPIU7m7Dj49Na89+BEtuNf/Pjy3FJgzvpcrOvifVK6bmOyn8m6/R
+CCztKhOmNrT0MQVo2Ja8hY9UmVjxkNMB0uGzaNGj+p36qavDzRN1wAuZ75FY4FkqLmGYBq
+AyZIUD30kt+veMQz947ctIEWbQjf+GZwu4UCD0o4g3MvyRsdXUuYOHFE8xn8Ug1n1OtquR
+cqHpCWAe9aK+OcjWvIXg0UrD6GRQbSSw3uoLhapAP1vsMiLfMT/dBUt9Dstcc+S42lZI1q
+JJ4yILP4mdT24ND2itnV+XRRxOg831SECvSMTzc63hhGJFBWYQi86ibxuUgzZc2aH+KRUP
+rDedCTNsZPif5K3Mjn4PK0thYdsZ2srwMtv6rQ8mcIoF9G8XUR3JjekxI/gHrHpFKvWccc
+YCjmEaV45cfwzvN8Vca8mRFncngvQOBEfshU0LGoNZ8VX60IQEyT334tKUv6hiThPOQWnp
+stS/MJtEyLjGbu+0ibZHg+3hCvSRrexUSnJFHrOAEoz1k0TK6tkw8hcF1Jxlu3WuxaL9YK
+tKas//Hs4LTD9r9r/smvSbKi+zb8aP3pacBNCu6Yup1vYCpf/AnxD5CCdq4zmxFT2W5WYb
+rp7tGQjbc3aB7G0zshIk9Biwuu9h/lMIYnzNlvpMouxFM/TTO2STSgKw0+mURFqxQ6kYqF
+YDRmM7pANd9Usg2Hcd/x7CaYmVz+cwkC7dOH9/+FUdtnG05aab9gUv8ySChhPDm84WvLtQ
+ZEkBp15qiOsQjWVk2ei0V0gIjRiS2S2FRLBrM2iueE1GyD8Alm5ztwgmdA17np7iE871wl
+NvzzWxc0KjVHesLlV44RLbw1VD60uUld4jvSaEY9oTILAMFx285Uy53Il8+sWntWvIlQu6
+FjMEIBY8iSd2DWMm4zcVh/qpEyEUv0UjeFlcu7bPqE18aX3V2jV+9G3/a6ms4kqmvfb2RT
++jR/zeg1gE288KRaw7FqNEoP+Wco8jt0q7jo/q963GEgdPG6WOWHz9LfIYouOJPpDSca11
+pFBg29f0rOjynuYmvzZOdUrgrbaZZSprEzdzPJmSOpV6u0VNjuroaN+soU48KEGqJQvHor
+g7H0jRqdNjJbfQcE50Dv5SeZAVmEkvD/nKTqWs77wGzv+OxhY8JS08alQgRINioyCjY/LW
++xR/ydrBw5jsgugYvC3Vd7rZi0oIO0H6Lpa/crJWXf0+u5qd6unckJtWT5tPyZvNwVfXsn
+bhw7G+OA==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lEZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eUiw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFGXi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mvNVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZl"
@@ -37914,11 +43090,14 @@ config firewall profile-protocol-options
             set switching-protocols bypass
             set unknown-http-version reject
             set tunnel-non-http enable
+            set h2c disable
+            set unknown-content-encoding block
             set oversize-limit 10
             set uncompressed-oversize-limit 10
             set uncompressed-nest-limit 12
             set stream-based-uncompressed-limit 0
             set scan-bzip2 enable
+            set verify-dns-for-policy-matching enable
             set block-page-status-code 403
             set retry-count 0
             set tcp-window-type auto-tuning
@@ -38041,607 +43220,11 @@ config firewall ssl-ssh-profile
             set unsupported-ssl-version block
             set unsupported-ssl-cipher allow
             set unsupported-ssl-negotiation allow
-            set min-allowed-ssl-version tls-1.1
         end
         config https
             set ports 443
             set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set sni-server-cert-check enable
-            set min-allowed-ssl-version tls-1.1
-        end
-        config ftps
-            set ports 990
-            set status deep-inspection
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set min-allowed-ssl-version tls-1.1
-        end
-        config imaps
-            set ports 993
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config pop3s
-            set ports 995
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config smtps
-            set ports 465
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config ssh
-            set ports 22
-            set status disable
-            set inspect-all disable
-            set unsupported-version bypass
-            set ssh-tun-policy-check disable
-            set ssh-algorithm compatible
-        end
-        config dot
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        set allowlist disable
-        set block-blocklisted-certificates enable
-        config ssl-exempt
-            edit 1
-                set type fortiguard-category
-                set fortiguard-category 31
-            next
-            edit 2
-                set type fortiguard-category
-                set fortiguard-category 33
-            next
-            edit 3
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-adobe"
-            next
-            edit 4
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Adobe Login"
-            next
-            edit 5
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-android"
-            next
-            edit 6
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-apple"
-            next
-            edit 7
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-appstore"
-            next
-            edit 8
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-auth.gfx.ms"
-            next
-            edit 9
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-citrix"
-            next
-            edit 10
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-dropbox.com"
-            next
-            edit 11
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-eease"
-            next
-            edit 12
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-firefox update server"
-            next
-            edit 13
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-fortinet"
-            next
-            edit 14
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-googleapis.com"
-            next
-            edit 15
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-drive"
-            next
-            edit 16
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play2"
-            next
-            edit 17
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play3"
-            next
-            edit 18
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Gotomeeting"
-            next
-            edit 19
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-icloud"
-            next
-            edit 20
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-itunes"
-            next
-            edit 21
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-microsoft"
-            next
-            edit 22
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-skype"
-            next
-            edit 23
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-softwareupdate.vmware.com"
-            next
-            edit 24
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-verisign"
-            next
-            edit 25
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Windows update 2"
-            next
-            edit 26
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-live.com"
-            next
-            edit 27
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play"
-            next
-            edit 28
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-update.microsoft.com"
-            next
-            edit 29
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-swscan.apple.com"
-            next
-            edit 30
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-autoupdate.opera.com"
-            next
-            edit 31
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-cdn-apple"
-            next
-            edit 32
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-mzstatic-apple"
-            next
-        end
-        set server-cert-mode re-sign
-        set caname "Fortinet_CA_SSL"
-        set untrusted-caname "Fortinet_CA_Untrusted"
-        set ssl-exemption-ip-rating enable
-        set ssl-exemption-log disable
-        set ssl-anomaly-log enable
-        set ssl-negotiation-log disable
-        set ssl-server-cert-log disable
-        set ssl-handshake-log disable
-        set rpc-over-https disable
-        set mapi-over-https disable
-        set supported-alpn all
-        set use-ssl-server disable
-    next
-    edit "custom-deep-inspection"
-        set comment "Customizable deep inspection profile."
-        config ssl
-            set inspect-all disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set min-allowed-ssl-version tls-1.1
-        end
-        config https
-            set ports 443
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set sni-server-cert-check enable
-            set min-allowed-ssl-version tls-1.1
-        end
-        config ftps
-            set ports 990
-            set status deep-inspection
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set min-allowed-ssl-version tls-1.1
-        end
-        config imaps
-            set ports 993
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config pop3s
-            set ports 995
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config smtps
-            set ports 465
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config ssh
-            set ports 22
-            set status disable
-            set inspect-all disable
-            set unsupported-version bypass
-            set ssh-tun-policy-check disable
-            set ssh-algorithm compatible
-        end
-        config dot
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        set allowlist disable
-        set block-blocklisted-certificates enable
-        config ssl-exempt
-            edit 1
-                set type fortiguard-category
-                set fortiguard-category 31
-            next
-            edit 2
-                set type fortiguard-category
-                set fortiguard-category 33
-            next
-            edit 3
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-adobe"
-            next
-            edit 4
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Adobe Login"
-            next
-            edit 5
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-android"
-            next
-            edit 6
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-apple"
-            next
-            edit 7
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-appstore"
-            next
-            edit 8
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-auth.gfx.ms"
-            next
-            edit 9
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-citrix"
-            next
-            edit 10
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-dropbox.com"
-            next
-            edit 11
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-eease"
-            next
-            edit 12
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-firefox update server"
-            next
-            edit 13
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-fortinet"
-            next
-            edit 14
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-googleapis.com"
-            next
-            edit 15
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-drive"
-            next
-            edit 16
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play2"
-            next
-            edit 17
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play3"
-            next
-            edit 18
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Gotomeeting"
-            next
-            edit 19
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-icloud"
-            next
-            edit 20
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-itunes"
-            next
-            edit 21
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-microsoft"
-            next
-            edit 22
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-skype"
-            next
-            edit 23
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-softwareupdate.vmware.com"
-            next
-            edit 24
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-verisign"
-            next
-            edit 25
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Windows update 2"
-            next
-            edit 26
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-live.com"
-            next
-            edit 27
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play"
-            next
-            edit 28
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-update.microsoft.com"
-            next
-            edit 29
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-swscan.apple.com"
-            next
-            edit 30
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-autoupdate.opera.com"
-            next
-            edit 31
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-cdn-apple"
-            next
-            edit 32
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-mzstatic-apple"
-            next
-        end
-        set server-cert-mode re-sign
-        set caname "Fortinet_CA_SSL"
-        set untrusted-caname "Fortinet_CA_Untrusted"
-        set ssl-exemption-ip-rating enable
-        set ssl-exemption-log disable
-        set ssl-anomaly-log enable
-        set ssl-negotiation-log disable
-        set ssl-server-cert-log disable
-        set ssl-handshake-log disable
-        set rpc-over-https disable
-        set mapi-over-https disable
-        set supported-alpn all
-        set use-ssl-server disable
-    next
-    edit "no-inspection"
-        set comment "Read-only profile that does no inspection."
-        config ssl
-            set inspect-all disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set min-allowed-ssl-version tls-1.1
-        end
-        config https
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set sni-server-cert-check enable
-            set min-allowed-ssl-version tls-1.1
-        end
-        config ftps
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set min-allowed-ssl-version tls-1.1
-        end
-        config imaps
-            set status disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config pop3s
-            set status disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config smtps
-            set status disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config ssh
-            set ports 22
-            set status disable
-            set inspect-all disable
-            set unsupported-version bypass
-            set ssh-tun-policy-check disable
-            set ssh-algorithm compatible
-        end
-        config dot
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        set block-blocklisted-certificates enable
-        set caname "Fortinet_CA_SSL"
-        set ssl-anomaly-log enable
-        set ssl-negotiation-log disable
-        set ssl-server-cert-log disable
-        set ssl-handshake-log disable
-    next
-    edit "certificate-inspection"
-        set comment "Read-only SSL handshake inspection profile."
-        config ssl
-            set inspect-all disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set min-allowed-ssl-version tls-1.1
-        end
-        config https
-            set ports 443
-            set status certificate-inspection
+            set quic inspect
             set proxy-after-tcp-handshake disable
             set client-certificate bypass
             set unsupported-ssl-version allow
@@ -38657,7 +43240,8 @@ config firewall ssl-ssh-profile
             set min-allowed-ssl-version tls-1.1
         end
         config ftps
-            set status disable
+            set ports 990
+            set status deep-inspection
             set client-certificate bypass
             set unsupported-ssl-version allow
             set unsupported-ssl-cipher allow
@@ -38669,6 +43253,500 @@ config firewall ssl-ssh-profile
             set cert-validation-failure block
             set min-allowed-ssl-version tls-1.1
         end
+        config imaps
+            set ports 993
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config pop3s
+            set ports 995
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config smtps
+            set ports 465
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config ssh
+            set ports 22
+            set status disable
+            set inspect-all disable
+            set unsupported-version bypass
+            set ssh-tun-policy-check disable
+            set ssh-algorithm compatible
+        end
+        config dot
+            set status disable
+            set quic inspect
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        set allowlist disable
+        set block-blocklisted-certificates enable
+        config ssl-exempt
+            edit 1
+                set type fortiguard-category
+                set fortiguard-category 31
+            next
+            edit 2
+                set type fortiguard-category
+                set fortiguard-category 33
+            next
+            edit 3
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-adobe"
+            next
+            edit 4
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Adobe Login"
+            next
+            edit 5
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-android"
+            next
+            edit 6
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-apple"
+            next
+            edit 7
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-appstore"
+            next
+            edit 8
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-auth.gfx.ms"
+            next
+            edit 9
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-citrix"
+            next
+            edit 10
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-dropbox.com"
+            next
+            edit 11
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-eease"
+            next
+            edit 12
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-firefox update server"
+            next
+            edit 13
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-fortinet"
+            next
+            edit 14
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-googleapis.com"
+            next
+            edit 15
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-drive"
+            next
+            edit 16
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play2"
+            next
+            edit 17
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play3"
+            next
+            edit 18
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Gotomeeting"
+            next
+            edit 19
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-icloud"
+            next
+            edit 20
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-itunes"
+            next
+            edit 21
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-microsoft"
+            next
+            edit 22
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-skype"
+            next
+            edit 23
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-softwareupdate.vmware.com"
+            next
+            edit 24
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-verisign"
+            next
+            edit 25
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Windows update 2"
+            next
+            edit 26
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-live.com"
+            next
+            edit 27
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play"
+            next
+            edit 28
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-update.microsoft.com"
+            next
+            edit 29
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-swscan.apple.com"
+            next
+            edit 30
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-autoupdate.opera.com"
+            next
+            edit 31
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-cdn-apple"
+            next
+            edit 32
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-mzstatic-apple"
+            next
+        end
+        set server-cert-mode re-sign
+        set caname "Fortinet_CA_SSL"
+        set untrusted-caname "Fortinet_CA_Untrusted"
+        set ssl-exemption-ip-rating enable
+        set ssl-exemption-log disable
+        set ssl-anomaly-log enable
+        set ssl-negotiation-log enable
+        set ssl-server-cert-log disable
+        set ssl-handshake-log disable
+        set rpc-over-https disable
+        set mapi-over-https disable
+        set supported-alpn all
+        set use-ssl-server disable
+    next
+    edit "custom-deep-inspection"
+        set comment "Customizable deep inspection profile."
+        config ssl
+            set inspect-all disable
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+        end
+        config https
+            set ports 443
+            set status deep-inspection
+            set quic inspect
+            set proxy-after-tcp-handshake disable
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set sni-server-cert-check enable
+            set cert-probe-failure block
+            set min-allowed-ssl-version tls-1.1
+        end
+        config ftps
+            set ports 990
+            set status deep-inspection
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set min-allowed-ssl-version tls-1.1
+        end
+        config imaps
+            set ports 993
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config pop3s
+            set ports 995
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config smtps
+            set ports 465
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config ssh
+            set ports 22
+            set status disable
+            set inspect-all disable
+            set unsupported-version bypass
+            set ssh-tun-policy-check disable
+            set ssh-algorithm compatible
+        end
+        config dot
+            set status disable
+            set quic inspect
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        set allowlist disable
+        set block-blocklisted-certificates enable
+        config ssl-exempt
+            edit 1
+                set type fortiguard-category
+                set fortiguard-category 31
+            next
+            edit 2
+                set type fortiguard-category
+                set fortiguard-category 33
+            next
+            edit 3
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-adobe"
+            next
+            edit 4
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Adobe Login"
+            next
+            edit 5
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-android"
+            next
+            edit 6
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-apple"
+            next
+            edit 7
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-appstore"
+            next
+            edit 8
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-auth.gfx.ms"
+            next
+            edit 9
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-citrix"
+            next
+            edit 10
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-dropbox.com"
+            next
+            edit 11
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-eease"
+            next
+            edit 12
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-firefox update server"
+            next
+            edit 13
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-fortinet"
+            next
+            edit 14
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-googleapis.com"
+            next
+            edit 15
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-drive"
+            next
+            edit 16
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play2"
+            next
+            edit 17
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play3"
+            next
+            edit 18
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Gotomeeting"
+            next
+            edit 19
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-icloud"
+            next
+            edit 20
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-itunes"
+            next
+            edit 21
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-microsoft"
+            next
+            edit 22
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-skype"
+            next
+            edit 23
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-softwareupdate.vmware.com"
+            next
+            edit 24
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-verisign"
+            next
+            edit 25
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Windows update 2"
+            next
+            edit 26
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-live.com"
+            next
+            edit 27
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play"
+            next
+            edit 28
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-update.microsoft.com"
+            next
+            edit 29
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-swscan.apple.com"
+            next
+            edit 30
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-autoupdate.opera.com"
+            next
+            edit 31
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-cdn-apple"
+            next
+            edit 32
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-mzstatic-apple"
+            next
+        end
+        set server-cert-mode re-sign
+        set caname "Fortinet_CA_SSL"
+        set untrusted-caname "Fortinet_CA_Untrusted"
+        set ssl-exemption-ip-rating enable
+        set ssl-exemption-log disable
+        set ssl-anomaly-log enable
+        set ssl-negotiation-log enable
+        set ssl-server-cert-log disable
+        set ssl-handshake-log disable
+        set rpc-over-https disable
+        set mapi-over-https disable
+        set supported-alpn all
+        set use-ssl-server disable
+    next
+    edit "no-inspection"
+        set comment "Read-only profile that does no inspection."
+        config ssl
+            set inspect-all disable
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+        end
+        config https
+            set status disable
+            set quic bypass
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set sni-server-cert-check enable
+        end
+        config ftps
+            set status disable
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
         config imaps
             set status disable
             set client-certificate inspect
@@ -38715,6 +43793,7 @@ config firewall ssl-ssh-profile
         end
         config dot
             set status disable
+            set quic bypass
             set client-certificate bypass
             set unsupported-ssl-version block
             set unsupported-ssl-cipher allow
@@ -38728,7 +43807,110 @@ config firewall ssl-ssh-profile
         set block-blocklisted-certificates enable
         set caname "Fortinet_CA_SSL"
         set ssl-anomaly-log enable
-        set ssl-negotiation-log disable
+        set ssl-negotiation-log enable
+        set ssl-server-cert-log disable
+        set ssl-handshake-log disable
+    next
+    edit "certificate-inspection"
+        set comment "Read-only SSL handshake inspection profile."
+        config ssl
+            set inspect-all disable
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+        end
+        config https
+            set ports 443
+            set status certificate-inspection
+            set quic inspect
+            set proxy-after-tcp-handshake disable
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set sni-server-cert-check enable
+            set cert-probe-failure block
+            set encrypted-client-hello block
+        end
+        config ftps
+            set status disable
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config imaps
+            set status disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config pop3s
+            set status disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config smtps
+            set status disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config ssh
+            set ports 22
+            set status disable
+            set inspect-all disable
+            set unsupported-version bypass
+            set ssh-tun-policy-check disable
+            set ssh-algorithm compatible
+        end
+        config dot
+            set status disable
+            set quic inspect
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        set block-blocklisted-certificates enable
+        set caname "Fortinet_CA_SSL"
+        set ssl-anomaly-log enable
+        set ssl-negotiation-log enable
         set ssl-server-cert-log disable
         set ssl-handshake-log disable
     next
@@ -38904,21 +44086,29 @@ config waf profile
         set comment ''
     next
 end
-config firewall profile-group
-end
 config firewall ssl-server
 end
+config casb saas-application
+end
+config casb user-activity
+end
+config casb profile
+    edit "default"
+        set comment ''
+    next
+end
+config firewall profile-group
+end
 config firewall identity-based-route
 end
 config firewall auth-portal
     set portal-addr ''
     set portal-addr6 ''
     set identity-based-route ''
+    set proxy-auth disable
 end
 config firewall policy
 end
-config firewall traffic-class
-end
 config firewall shaping-policy
 end
 config firewall shaping-profile
@@ -38947,6 +44137,8 @@ config firewall DoS-policy6
 end
 config firewall sniffer
 end
+config firewall on-demand-sniffer
+end
 config firewall acl
 end
 config firewall acl6
@@ -38962,6 +44154,11 @@ end
 config authentication setting
     set active-auth-scheme ''
     set sso-auth-scheme ''
+    set update-time 0000-00-00 00:00:00
+    set persistent-cookie enable
+    set ip-auth-cookie disable
+    set cookie-max-age 480
+    set cookie-refresh-div 2
     set captive-portal-type fqdn
     set captive-portal ''
     set captive-portal6 ''
@@ -38979,6 +44176,12 @@ config switch-controller 802-1X-settings
     set reauth-period 60
     set max-reauth-attempt 3
     set tx-period 30
+    set mab-reauth disable
+    set mac-username-delimiter hyphen
+    set mac-password-delimiter hyphen
+    set mac-calling-station-delimiter hyphen
+    set mac-called-station-delimiter hyphen
+    set mac-case lowercase
 end
 config switch-controller security-policy 802-1X
     edit "802-1X-policy-default"
@@ -38995,6 +44198,7 @@ config switch-controller security-policy 802-1X
         set radius-timeout-overwrite disable
         set policy-type 802.1X
         set authserver-timeout-vlan disable
+        set dacl disable
     next
 end
 config switch-controller security-policy local-access
@@ -39065,6 +44269,7 @@ config switch-controller lldp-profile
         set auto-isl-receive-timeout 60
         set auto-isl-port-group 0
         set auto-mclag-icl disable
+        set auto-isl-auth legacy
     next
     edit "default-auto-mclag-icl"
         unset med-tlvs
@@ -39075,6 +44280,7 @@ config switch-controller lldp-profile
         set auto-isl-receive-timeout 60
         set auto-isl-port-group 0
         set auto-mclag-icl enable
+        set auto-isl-auth legacy
     next
 end
 config switch-controller qos dot1p-map
@@ -39261,6 +44467,13 @@ config switch-controller storm-control-policy
     next
 end
 config switch-controller auto-config policy
+    edit "pse"
+        set qos-policy "default"
+        set storm-control-policy "auto-config"
+        set poe-status enable
+        set igmp-flood-report disable
+        set igmp-flood-traffic disable
+    next
     edit "default"
         set qos-policy "default"
         set storm-control-policy "auto-config"
@@ -39335,22 +44548,34 @@ end
 config switch-controller switch-profile
     edit "default"
         set login-passwd-override disable
+        set login enable
+        set revision-backup-on-logout disable
+        set revision-backup-on-upgrade disable
     next
 end
 config switch-controller custom-command
 end
 config switch-controller virtual-port-pool
 end
-config switch-controller ptp settings
-    set mode disable
-end
-config switch-controller ptp policy
+config switch-controller ptp profile
     edit "default"
-        set status enable
+        set description ''
+        set mode transparent-e2e
+    next
+end
+config switch-controller ptp interface-policy
+    edit "default"
+        set description ''
+        set vlan ''
+        set vlan-pri 4
     next
 end
 config switch-controller vlan-policy
 end
+config switch-controller acl ingress
+end
+config switch-controller acl group
+end
 config switch-controller dynamic-port-policy
 end
 config switch-controller managed-switch
@@ -39377,9 +44602,16 @@ config switch-controller global
     set mac-aging-interval 300
     set https-image-push enable
     set vlan-optimization enable
+    set vlan-identity name
     set mac-retention-period 24
     set default-virtual-switch-vlan ''
     set dhcp-server-access-list disable
+    set dhcp-option82-format ascii
+    set dhcp-option82-circuit-id intfname vlan mode
+    set dhcp-option82-remote-id mac
+    set dhcp-snoop-client-req drop-untrusted
+    set dhcp-snoop-client-db-exp 86400
+    set dhcp-snoop-db-per-port-learn-limit 64
     set log-mac-limit-violations disable
     set sn-dns-resolution enable
     set mac-event-logging disable
@@ -39388,6 +44620,7 @@ config switch-controller global
     set update-user-device mac-cache lldp dhcp-snooping l2-db l3-db
     set fips-enforce enable
     set firmware-provision-on-authorization disable
+    set switch-on-deauth no-op
 end
 config switch-controller switch-log
     set status enable
@@ -39409,11 +44642,9 @@ config switch-controller flow-tracking
     set sample-mode perimeter
     set sample-rate 512
     set format netflow9
-    set collector-ip 0.0.0.0
-    set collector-port 0
-    set transport udp
     set level ip
     set max-export-pkt-size 512
+    set template-export-period 5
     set timeout-general 3600
     set timeout-icmp 300
     set timeout-max 604800
@@ -39464,6 +44695,7 @@ config wireless-controller setting
     set device-holdoff 5
     set device-idle 1440
     set firmware-provision-on-authorization disable
+    set rolling-wtp-upgrade disable
     set darrp-optimize 86400
     set darrp-optimize-schedules "default-darrp-optimize"
 end
@@ -39480,6 +44712,7 @@ config wireless-controller log
     set sta-locate-log notification
     set wids-log notification
     set wtp-event-log notification
+    set wtp-fips-event-log notification
 end
 config wireless-controller apcfg-profile
 end
@@ -39495,16 +44728,16 @@ config wireless-controller arrp-profile
         set weight-noise-floor 40
         set weight-channel-load 20
         set weight-spectral-rssi 40
-        set weight-weather-channel 1000
-        set weight-dfs-channel 500
+        set weight-weather-channel 0
+        set weight-dfs-channel 0
         set threshold-ap 250
         set threshold-noise-floor "-85"
         set threshold-channel-load 60
         set threshold-spectral-rssi "-65"
         set threshold-tx-retries 300
         set threshold-rx-errors 50
-        set include-weather-channel disable
-        set include-dfs-channel disable
+        set include-weather-channel enable
+        set include-dfs-channel enable
         set override-darrp-optimize disable
     next
 end
@@ -39605,6 +44838,8 @@ config wireless-controller ble-profile
         set txpower 0
         set beacon-interval 100
         set ble-scanning disable
+        set scan-type active
+        set scan-threshold "-90"
     next
 end
 config wireless-controller syslog-profile
@@ -39619,10 +44854,6 @@ config wireless-controller qos-profile
 end
 config wireless-controller wag-profile
 end
-config wireless-controller address
-end
-config wireless-controller addrgrp
-end
 config wireless-controller snmp
     set engine-id ''
     set contact-info ''
@@ -39641,21 +44872,31 @@ config wireless-controller ap-status
 end
 config user nac-policy
 end
-config extender-controller dataplan
+config extension-controller dataplan
 end
-config extender-controller extender-profile
+config extension-controller extender-vap
 end
-config extender-controller extender
+config extension-controller extender-profile
+end
+config extension-controller extender
+end
+config extension-controller fortigate-profile
+end
+config extension-controller fortigate
 end
 config system ips
     set signature-hold-time 0h
 end
+config endpoint-control settings
+    set override disable
+end
 config ips custom
 end
 config ips settings
     set packet-log-history 1
     set packet-log-post-attack 0
     set ips-packet-quota 0
+    set proxy-inline-ips disable
 end
 config alertemail setting
     set username ''
@@ -39680,7 +44921,6 @@ config alertemail setting
     set log-disk-usage-warning disable
     set FSSO-disconnect-logs disable
     set ssh-logs disable
-    set FDS-license-expiring-days 15
     set local-disk-usage 75
 end
 config router access-list
@@ -39697,6 +44937,8 @@ config router key-chain
 end
 config router community-list
 end
+config router extcommunity-list
+end
 config router route-map
 end
 config router rip
@@ -39771,6 +45013,7 @@ config router static
         set status enable
         set dst 0.0.0.0 0.0.0.0
         set gateway 192.168.1.1
+        set preferred-source 0.0.0.0
         set distance 10
         set weight 0
         set priority 1
@@ -39782,6 +45025,7 @@ config router static
         unset internet-service
         set internet-service-custom ''
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
 end
@@ -39814,7 +45058,6 @@ config router ospf
     set distribute-list-in ''
     set distribute-route-map-in ''
     set restart-mode none
-    set restart-period 120
     config redistribute "connected"
         set status disable
         set metric 0
@@ -39863,6 +45106,7 @@ config router ospf6
     set router-id 0.0.0.0
     set spf-timers 5 10
     set bfd disable
+    set restart-mode none
     config redistribute "connected"
         set status disable
         set metric 0
@@ -39895,7 +45139,7 @@ config router ospf6
     end
 end
 config router bgp
-    set as 0
+    unset as
     set keepalive-timer 60
     set holdtime-timer 180
     set always-compare-med disable
@@ -39916,6 +45160,7 @@ config router bgp
     set ignore-optional-capability enable
     set multipath-recursive-distance disable
     set recursive-next-hop disable
+    set recursive-inherit-priority disable
     set tag-resolve-mode disable
     set cluster-id 0.0.0.0
     set confederation-identifier 0
@@ -39926,6 +45171,7 @@ config router bgp
     set distance-local 200
     set synchronization disable
     set graceful-restart disable
+    set cross-family-conditional-adv disable
     config redistribute "connected"
         set status disable
         set route-map ''
@@ -39973,8 +45219,8 @@ config router isis
     set adv-passive-only6 disable
     set auth-mode-l1 password
     set auth-mode-l2 password
-    set auth-password-l1 ENC 06oc3D7BFr3GHwzo8Q+Gv6fVUPRK+buuhhfw0nVqaEGszWHZhqzR1cPfNz1V4hd0pA2xC2YAnMoZGTPBsnVZarONWxGdsyNrFIj/wHxAYHQ7t9uUzr3wVqurRvAZ/uh/JJM8MDfmm67KZtbZQHaotQezEEwyfHtcuRsIZhE+IqLx3RlZqvASEnXLFc+kcxlfUvbLCA==
-    set auth-password-l2 ENC JeNmWVs6KJLUjISSpnEb04wPpzrj6fjqMliMNXpRPO4UveY4X9CCK887d56xQHNZkA0t3Qy2hQWa5X2tAJyjr7QcC4O93XfAdKA4CXQl1ctwCPIkxGeVWBqmJ6Eyknetvm2YqH42XxpIUtImePPEtaSAR4QHBcsQTimbP2dx3kRpbtVtl3/9d2PVSbDosuDGvN861g==
+    set auth-password-l1 ENC OhgiBGbqg3qjxeYZoZ+UHlhobGphXXECY6bVDN0VaHYMs+4RsnCChZCPeQUdoDzkEKv0gBdVzMKS3DO/cGu4iG9uhH/3bv/5dXPF2rPK2hhqQOaqdbFe+gL5O+cYrcRmqp6Q/2dgXH2tlpzhyFI82Orl8jd/DQjyhur1hRgOmydckxVoJks1/Jz2Q5wkQVVXbbaPf1lmMjY3dkVA
+    set auth-password-l2 ENC EuIA9bNro6SVWgN4nwyKCYZo2ECoXYfJLuazoLcICvtRMCaAxFVeE0O5a6p+ErCaTACWU8XupVQN+vwWtCuK8vnmOmQtI5zCtL30gAXOAZNheC2HcBU2WX6gEL/jQTeRWJB42dBiuIEaoGI1mJgybWLaWVSRC70kKVLUWTB8KXCbbTHMbO4EgdfXpkcZkUX0jATCellmMjY3dkVA
     set auth-sendonly-l1 disable
     set auth-sendonly-l2 disable
     set ignore-lsp-errors disable
@@ -40091,6 +45337,16755 @@ config router multicast
         set spt-threshold enable
         set ssm disable
         set register-rate-limit 0
+        set pim-use-sdwan disable
+        set spt-threshold-group ''
+    end
+end
+config router multicast6
+    set multicast-routing disable
+    config pim-sm-global
+    end
+end
+config router auth-path
+end
+config router setting
+    set show-filter ''
+    set hostname ''
+end
+config router bfd
+end
+config router bfd6
+end
+config system proxy-arp
+end
+config system link-monitor
+end
+config system wccp
+end
+config system dns64
+    set status disable
+    set dns64-prefix 64:ff9b::/96
+    set always-synthesize-aaaa-record enable
+end
+config system nd-proxy
+    set status disable
+end
+config system vne-tunnel
+    set status disable
+end
+end
+
+config vdom
+edit Policy
+config wireless-controller hotspot20 anqp-venue-name
+end
+config wireless-controller hotspot20 anqp-venue-url
+end
+config wireless-controller hotspot20 anqp-network-auth-type
+end
+config wireless-controller hotspot20 anqp-roaming-consortium
+end
+config wireless-controller hotspot20 anqp-nai-realm
+end
+config wireless-controller hotspot20 anqp-3gpp-cellular
+end
+config wireless-controller hotspot20 anqp-ip-address-type
+end
+config wireless-controller hotspot20 h2qp-operator-name
+end
+config wireless-controller hotspot20 h2qp-wan-metric
+end
+config wireless-controller hotspot20 h2qp-conn-capability
+end
+config wireless-controller hotspot20 icon
+end
+config wireless-controller hotspot20 h2qp-osu-provider
+end
+config wireless-controller hotspot20 qos-map
+end
+config wireless-controller hotspot20 h2qp-advice-of-charge
+end
+config wireless-controller hotspot20 h2qp-osu-provider-nai
+end
+config wireless-controller hotspot20 h2qp-terms-and-conditions
+end
+config wireless-controller hotspot20 hs-profile
+end
+config wireless-controller vap
+end
+config system object-tagging
+    edit "default"
+        set address optional
+        set device optional
+        set interface optional
+        set multiple enable
+        set color 0
+    next
+end
+config switch-controller traffic-policy
+    edit "quarantine"
+        set description "Rate control for quarantined traffic"
+        set policer-status enable
+        set guaranteed-bandwidth 163840
+        set guaranteed-burst 8192
+        set maximum-burst 163840
+        set cos-queue 0
+    next
+    edit "sniffer"
+        set description "Rate control for sniffer mirrored traffic"
+        set policer-status enable
+        set guaranteed-bandwidth 50000
+        set guaranteed-burst 8192
+        set maximum-burst 163840
+        set cos-queue 0
+    next
+end
+config switch-controller fortilink-settings
+end
+config system stp
+    set switch-priority 32768
+    set hello-time 2
+    set forward-delay 15
+    set max-age 20
+    set max-hops 20
+end
+config system settings
+    set comments "Test VDOM for Policy-based"
+    set vdom-type traffic
+    set opmode nat
+    set policy-offload-level disable
+    set ngfw-mode policy-based
+    set http-external-dest fortiweb
+    set firewall-session-dirty check-all
+    set bfd disable
+    set utf8-spam-tagging enable
+    set wccp-cache-engine disable
+    set vpn-stats-log ipsec pptp l2tp ssl
+    set vpn-stats-period 600
+    set v4-ecmp-mode source-ip-based
+    set fw-session-hairpin disable
+    set prp-trailer-action disable
+    set snat-hairpin-traffic enable
+    set dhcp-proxy disable
+    set lldp-reception global
+    set lldp-transmission global
+    set link-down-access enable
+    set nat46-generate-ipv6-fragment-header disable
+    set nat46-force-ipv4-packet-forwarding disable
+    set nat64-force-ipv6-packet-forwarding enable
+    set detect-unknown-esp enable
+    set intree-ses-best-route disable
+    set auxiliary-session disable
+    set asymroute disable
+    set asymroute-icmp disable
+    set ses-denied-traffic disable
+    set ses-denied-multicast-traffic disable
+    set strict-src-check disable
+    set allow-linkdown-path disable
+    set asymroute6 disable
+    set asymroute6-icmp disable
+    set sctp-session-without-init disable
+    set sip-expectation disable
+    set sip-nat-trace enable
+    set h323-direct-model enable
+    set status enable
+    set sip-tcp-port 5060
+    set sip-udp-port 5060
+    set sip-ssl-port 5061
+    set sccp-port 2000
+    set multicast-forward enable
+    set multicast-ttl-notchange disable
+    set allow-subnet-overlap disable
+    set deny-tcp-with-icmp disable
+    set ecmp-max-paths 255
+    set discovered-device-timeout 28
+    set email-portal-check-dns enable
+    set default-voip-alg-mode proxy-based
+    set gui-implicit-policy enable
+    set gui-dns-database disable
+    set gui-load-balance disable
+    set gui-multicast-policy disable
+    set gui-dos-policy enable
+    set gui-object-colors enable
+    set gui-route-tag-address-creation disable
+    set gui-ap-profile enable
+    set gui-security-profile-group disable
+    set gui-local-in-policy disable
+    set gui-dynamic-routing enable
+    set gui-threat-weight enable
+    set gui-spamfilter disable
+    set gui-file-filter disable
+    set gui-ips enable
+    set gui-dhcp-advanced enable
+    set gui-vpn enable
+    set gui-sslvpn disable
+    set gui-wireless-controller enable
+    set gui-advanced-wireless-features disable
+    set gui-switch-controller enable
+    set gui-fortiap-split-tunneling disable
+    set gui-webfilter-advanced disable
+    set gui-traffic-shaping enable
+    set gui-wan-load-balancing enable
+    set gui-antivirus enable
+    set gui-webfilter enable
+    set gui-dnsfilter enable
+    set gui-virtual-patch-profile disable
+    set gui-fortiextender-controller disable
+    set gui-advanced-policy disable
+    set gui-allow-unnamed-policy disable
+    set gui-email-collection disable
+    set gui-multiple-interface-policy disable
+    set gui-ztna enable
+    set gui-ot disable
+    set gui-dynamic-device-os-id disable
+    set location-id 0.0.0.0
+    set ike-session-resume disable
+    set ike-quick-crash-detect disable
+    set ike-dn-format with-space
+    set ike-port 500
+    set ike-tcp-port 4500
+    set ike-policy-route disable
+    set block-land-attack disable
+    set default-app-port-as-service disable
+    set application-bandwidth-tracking disable
+    set fqdn-session-check disable
+    set ext-resource-session-check disable
+    set dyn-addr-session-check disable
+    set default-policy-expiry-days 30
+    set gui-enforce-change-summary require
+    set internet-service-database-cache disable
+    set internet-service-app-ctrl-size 32768
+end
+config system sit-tunnel
+end
+config system arp-table
+end
+config system ipv6-neighbor-cache
+end
+config system vdom-sflow
+    set vdom-sflow disable
+end
+config system vdom-netflow
+    set vdom-netflow disable
+end
+config system vdom-dns
+    set vdom-dns disable
+    set alt-primary 0.0.0.0
+    set alt-secondary 0.0.0.0
+end
+config system replacemsg-group
+    edit "default"
+        set comment "Default replacement message group."
+        set group-type default
+    next
+end
+config system session-ttl
+    set default 3600
+end
+config system dhcp server
+end
+config system dhcp6 server
+end
+config system zone
+end
+config firewall address
+    edit "EMS_ALL_UNKNOWN_CLIENTS"
+        set uuid 4be8fcc0-c0f6-51f0-ecfa-4607f7769429
+        set type dynamic
+        set sub-type ems-tag
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set fabric-object disable
+        set obj-tag ''
+        set obj-type ip
+        set tag-detection-level ''
+        set tag-type ''
+    next
+    edit "EMS_ALL_UNMANAGEABLE_CLIENTS"
+        set uuid 4be8d826-c0f6-51f0-a93a-10ea8db33ad3
+        set type dynamic
+        set sub-type ems-tag
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set fabric-object disable
+        set obj-tag ''
+        set obj-type ip
+        set tag-detection-level ''
+        set tag-type ''
+    next
+    edit "none"
+        set uuid bde11ce6-3520-51ed-9974-a5b4264be0b3
+        set type ipmask
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set subnet 0.0.0.0 255.255.255.255
+    next
+    edit "login.microsoftonline.com"
+        set uuid bde12b0a-3520-51ed-d2a0-e807d4a14a3f
+        set type fqdn
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set fqdn "login.microsoftonline.com"
+        set cache-ttl 0
+    next
+    edit "login.microsoft.com"
+        set uuid bde139e2-3520-51ed-d55f-33931d299d78
+        set type fqdn
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set fqdn "login.microsoft.com"
+        set cache-ttl 0
+    next
+    edit "login.windows.net"
+        set uuid bde14b94-3520-51ed-a1e7-319da9a479ea
+        set type fqdn
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set fqdn "login.windows.net"
+        set cache-ttl 0
+    next
+    edit "gmail.com"
+        set uuid bde158b4-3520-51ed-b71e-57f937fa40cb
+        set type fqdn
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set fqdn "gmail.com"
+        set cache-ttl 0
+    next
+    edit "wildcard.google.com"
+        set uuid bde165c0-3520-51ed-0783-860a2a214ffd
+        set type fqdn
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set fqdn "*.google.com"
+        set cache-ttl 0
+    next
+    edit "wildcard.dropbox.com"
+        set uuid bde17240-3520-51ed-a328-5346f2fa7447
+        set type fqdn
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set fqdn "*.dropbox.com"
+        set cache-ttl 0
+    next
+    edit "SSLVPN_TUNNEL_ADDR1"
+        set uuid bde88710-3520-51ed-728e-76461d6221fe
+        set type iprange
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set start-ip 10.212.134.200
+        set end-ip 10.212.134.210
+    next
+    edit "all"
+        set uuid bde8d012-3520-51ed-6285-eddc784a24b1
+        set type ipmask
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set subnet 0.0.0.0 0.0.0.0
+    next
+    edit "FIREWALL_AUTH_PORTAL_ADDRESS"
+        set uuid bde8d1f2-3520-51ed-0936-132ed3b829c9
+        set type ipmask
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set subnet 0.0.0.0 0.0.0.0
+    next
+    edit "FABRIC_DEVICE"
+        set uuid bde8d3c8-3520-51ed-3305-2f204031c35c
+        set type ipmask
+        set comment "IPv4 addresses of Fabric Devices."
+        set associated-interface ''
+        set color 0
+        set fabric-object disable
+        set subnet 0.0.0.0 0.0.0.0
+    next
+    edit "FCTEMS_ALL_FORTICLOUD_SERVERS"
+        set uuid 516aa2ce-3522-51ed-0c4a-0d18239acea9
+        set type dynamic
+        set sub-type ems-tag
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set fabric-object disable
+        set obj-tag ''
+        set obj-type ip
+        set tag-detection-level ''
+        set tag-type ''
+    next
+end
+config firewall multicast-address
+    edit "all_hosts"
+        set type multicastrange
+        set start-ip 224.0.0.1
+        set end-ip 224.0.0.1
+        set comment ''
+        set associated-interface ''
+        set color 0
+    next
+    edit "all_routers"
+        set type multicastrange
+        set start-ip 224.0.0.2
+        set end-ip 224.0.0.2
+        set comment ''
+        set associated-interface ''
+        set color 0
+    next
+    edit "Bonjour"
+        set type multicastrange
+        set start-ip 224.0.0.251
+        set end-ip 224.0.0.251
+        set comment ''
+        set associated-interface ''
+        set color 0
+    next
+    edit "EIGRP"
+        set type multicastrange
+        set start-ip 224.0.0.10
+        set end-ip 224.0.0.10
+        set comment ''
+        set associated-interface ''
+        set color 0
+    next
+    edit "OSPF"
+        set type multicastrange
+        set start-ip 224.0.0.5
+        set end-ip 224.0.0.6
+        set comment ''
+        set associated-interface ''
+        set color 0
+    next
+    edit "all"
+        set type multicastrange
+        set start-ip 224.0.0.0
+        set end-ip 239.255.255.255
+        set comment ''
+        set associated-interface ''
+        set color 0
+    next
+end
+config firewall address6-template
+end
+config firewall address6
+    edit "all"
+        set uuid bde1bfa2-3520-51ed-7b6a-7bad8cadabaa
+        set type ipprefix
+        set ip6 ::/0
+        set color 0
+        set comment ''
+        set fabric-object disable
+    next
+    edit "none"
+        set uuid bde1c8d0-3520-51ed-d759-9123906c2212
+        set type ipprefix
+        set ip6 ::/128
+        set color 0
+        set comment ''
+        set fabric-object disable
+    next
+    edit "SSLVPN_TUNNEL_IPv6_ADDR1"
+        set uuid bde88a26-3520-51ed-47a2-8ac186cdb86d
+        set type ipprefix
+        set ip6 fdff:ffff::/120
+        set color 0
+        set comment ''
+        set fabric-object disable
+    next
+end
+config firewall multicast-address6
+    edit "all"
+        set ip6 ff00::/8
+        set comment ''
+        set color 0
+    next
+end
+config system ipv6-tunnel
+end
+config firewall addrgrp
+    edit "G Suite"
+        set type default
+        set category default
+        set uuid bde18140-3520-51ed-b156-8feccd84c03c
+        set member "gmail.com" "wildcard.google.com"
+        set comment ''
+        set exclude disable
+        set color 0
+        set fabric-object disable
+    next
+    edit "Microsoft Office 365"
+        set type default
+        set category default
+        set uuid bde19b44-3520-51ed-cc72-40627cfd767c
+        set member "login.microsoftonline.com" "login.microsoft.com" "login.windows.net"
+        set comment ''
+        set exclude disable
+        set color 0
+        set fabric-object disable
+    next
+end
+config firewall addrgrp6
+end
+config firewall wildcard-fqdn custom
+    edit "g-Adobe Login"
+        set uuid b5c2c426-7e12-51ec-c8c7-42a0753234df
+        set wildcard-fqdn "*.adobelogin.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-Gotomeeting"
+        set uuid b5c2d1dc-7e12-51ec-0033-c7d538e5fdef
+        set wildcard-fqdn "*.gotomeeting.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-Windows update 2"
+        set uuid b5c2d93e-7e12-51ec-1050-7b6ae64065ac
+        set wildcard-fqdn "*.windowsupdate.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-adobe"
+        set uuid b5c2c30e-7e12-51ec-1da6-1db9bca6406e
+        set wildcard-fqdn "*.adobe.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-android"
+        set uuid b5c2c520-7e12-51ec-66f1-404afb0dad1a
+        set wildcard-fqdn "*.android.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-apple"
+        set uuid b5c2c61a-7e12-51ec-b2cc-2b03b1ad8ac0
+        set wildcard-fqdn "*.apple.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-appstore"
+        set uuid b5c2c714-7e12-51ec-072f-a8d60b6da6c9
+        set wildcard-fqdn "*.appstore.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-auth.gfx.ms"
+        set uuid b5c2c80e-7e12-51ec-3653-8016dcbc28a4
+        set wildcard-fqdn "*.auth.gfx.ms"
+        set color 0
+        set comment ''
+    next
+    edit "g-autoupdate.opera.com"
+        set uuid b5c2de52-7e12-51ec-9c10-927947a6ab3a
+        set wildcard-fqdn "*autoupdate.opera.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-cdn-apple"
+        set uuid 4fcf159e-7cda-51ed-d7ef-7d1c0f82091c
+        set wildcard-fqdn "*.cdn-apple.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-citrix"
+        set uuid b5c2c908-7e12-51ec-01b1-b38ce4989cbb
+        set wildcard-fqdn "*.citrixonline.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-dropbox.com"
+        set uuid b5c2ca02-7e12-51ec-43dc-489077effa44
+        set wildcard-fqdn "*.dropbox.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-eease"
+        set uuid b5c2cafc-7e12-51ec-0777-7e7243cc25fe
+        set wildcard-fqdn "*.eease.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-firefox update server"
+        set uuid b5c2cbf6-7e12-51ec-d213-27b68033a384
+        set wildcard-fqdn "aus*.mozilla.org"
+        set color 0
+        set comment ''
+    next
+    edit "g-fortinet"
+        set uuid b5c2ccf0-7e12-51ec-0b36-46ab64c1ba89
+        set wildcard-fqdn "*.fortinet.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-google-drive"
+        set uuid b5c2cee4-7e12-51ec-9ea0-220ca0ebde0f
+        set wildcard-fqdn "*drive.google.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-google-play"
+        set uuid b5c2db46-7e12-51ec-efc3-be1c278ba621
+        set wildcard-fqdn "*play.google.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-google-play2"
+        set uuid b5c2cfde-7e12-51ec-3f42-4089eb70f096
+        set wildcard-fqdn "*.ggpht.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-google-play3"
+        set uuid b5c2d0d8-7e12-51ec-b5df-6cd900ac767d
+        set wildcard-fqdn "*.books.google.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-googleapis.com"
+        set uuid b5c2cdea-7e12-51ec-c49f-497c9a8f0cc4
+        set wildcard-fqdn "*.googleapis.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-icloud"
+        set uuid b5c2d344-7e12-51ec-c8c1-97b23449d39e
+        set wildcard-fqdn "*.icloud.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-itunes"
+        set uuid b5c2d452-7e12-51ec-d0f4-1605cffaa5b0
+        set wildcard-fqdn "*itunes.apple.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-live.com"
+        set uuid b5c2da42-7e12-51ec-980b-fefb8446bc74
+        set wildcard-fqdn "*.live.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-microsoft"
+        set uuid b5c2d54c-7e12-51ec-66f6-895f67d8072d
+        set wildcard-fqdn "*.microsoft.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-mzstatic-apple"
+        set uuid 4fcf1652-7cda-51ed-df9f-4d198b596ae5
+        set wildcard-fqdn "*.mzstatic.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-skype"
+        set uuid b5c2d646-7e12-51ec-2218-dc4a982afb68
+        set wildcard-fqdn "*.messenger.live.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-softwareupdate.vmware.com"
+        set uuid b5c2d740-7e12-51ec-15f8-f8ef25f4ea30
+        set wildcard-fqdn "*.softwareupdate.vmware.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-swscan.apple.com"
+        set uuid b5c2dd44-7e12-51ec-5fa2-8d51ab678ea9
+        set wildcard-fqdn "*swscan.apple.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-update.microsoft.com"
+        set uuid b5c2dc40-7e12-51ec-7df9-3371c69c0ffb
+        set wildcard-fqdn "*update.microsoft.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-verisign"
+        set uuid b5c2d83a-7e12-51ec-e82e-ffa878b96855
+        set wildcard-fqdn "*.verisign.com"
+        set color 0
+        set comment ''
+    next
+end
+config firewall wildcard-fqdn group
+end
+config firewall traffic-class
+end
+config firewall service category
+    edit "General"
+        set comment "General services."
+        set fabric-object disable
+    next
+    edit "Web Access"
+        set comment "Web access."
+        set fabric-object disable
+    next
+    edit "File Access"
+        set comment "File access."
+        set fabric-object disable
+    next
+    edit "Email"
+        set comment "Email services."
+        set fabric-object disable
+    next
+    edit "Network Services"
+        set comment "Network services."
+        set fabric-object disable
+    next
+    edit "Authentication"
+        set comment "Authentication service."
+        set fabric-object disable
+    next
+    edit "Remote Access"
+        set comment "Remote access."
+        set fabric-object disable
+    next
+    edit "Tunneling"
+        set comment "Tunneling service."
+        set fabric-object disable
+    next
+    edit "VoIP, Messaging & Other Applications"
+        set comment "VoIP, messaging, and other applications."
+        set fabric-object disable
+    next
+    edit "Web Proxy"
+        set comment "Explicit web proxy."
+        set fabric-object disable
+    next
+end
+config firewall service custom
+    edit "ALL"
+        set uuid 8b52a764-c0f9-51f0-4aa2-af72ef33b933
+        set proxy disable
+        set category "General"
+        set protocol IP
+        set helper auto
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set protocol-number 0
+    next
+    edit "FTP"
+        set uuid 8b52a87c-c0f9-51f0-5aff-fe07e0708c86
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 21
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "FTP_GET"
+        set uuid 8b52a958-c0f9-51f0-eebf-1540af59bdff
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 21
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "FTP_PUT"
+        set uuid 8b52aa16-c0f9-51f0-e937-4e513baceb22
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 21
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "DNS"
+        set uuid 96ea92ee-c0f9-51f0-f47c-c79155ab4432
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 53
+        set udp-portrange 53
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "HTTP"
+        set uuid 96ea974e-c0f9-51f0-9510-be2b05bbf0c0
+        set proxy disable
+        set category "Web Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 80
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "HTTPS"
+        set uuid 96ea9ac8-c0f9-51f0-1c5b-d7b9821f0138
+        set proxy disable
+        set category "Web Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 443
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "IMAP"
+        set uuid 96ea9e42-c0f9-51f0-1427-b5653be8387f
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 143
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "IMAPS"
+        set uuid 96eaa19e-c0f9-51f0-14a3-38281f36bc2f
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 993
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "LDAP"
+        set uuid 96eaa4fa-c0f9-51f0-acd0-7183294a6351
+        set proxy disable
+        set category "Authentication"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 389
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "DCE-RPC"
+        set uuid 96eaa84c-c0f9-51f0-7fc3-f453bc75c260
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 135
+        set udp-portrange 135
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "POP3"
+        set uuid 96eaabee-c0f9-51f0-4664-b72bddaf1c15
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 110
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "POP3S"
+        set uuid 96eaaf54-c0f9-51f0-e708-bb2ad0c52057
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 995
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SAMBA"
+        set uuid 96eab2a6-c0f9-51f0-8077-0cc0ec53feed
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 139
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SMTP"
+        set uuid 96eab5ee-c0f9-51f0-fffa-2b301bb12104
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 25
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SMTPS"
+        set uuid 96eabb84-c0f9-51f0-ae56-6da39a53a345
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 465
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "KERBEROS"
+        set uuid 96eac0de-c0f9-51f0-9ec8-2a09b9d90928
+        set proxy disable
+        set category "Authentication"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 88 464
+        set udp-portrange 88 464
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "LDAP_UDP"
+        set uuid 96eac49e-c0f9-51f0-91f1-53f1a147e2b0
+        set proxy disable
+        set category "Authentication"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 389
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SMB"
+        set uuid 96eac7f0-c0f9-51f0-58ef-5a3fdc558452
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 445
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "ALL_TCP"
+        set uuid 96ead88a-c0f9-51f0-d27a-450f94683808
+        set proxy disable
+        set category "General"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1-65535
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "ALL_UDP"
+        set uuid 96eadc04-c0f9-51f0-3b11-cf2b149a9e19
+        set proxy disable
+        set category "General"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 1-65535
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "ALL_ICMP"
+        set uuid 96eadf60-c0f9-51f0-5e14-3cb4384b028c
+        set proxy disable
+        set category "General"
+        set protocol ICMP
+        set helper auto
+        set comment ''
+        set color 0
+        set fabric-object disable
+        unset icmptype
+    next
+    edit "ALL_ICMP6"
+        set uuid 96eae2f8-c0f9-51f0-69be-47a18fa89724
+        set proxy disable
+        set category "General"
+        set protocol ICMP6
+        set helper auto
+        set comment ''
+        set color 0
+        set fabric-object disable
+        unset icmptype
+    next
+    edit "GRE"
+        set uuid 96eae67c-c0f9-51f0-1618-998f8ecc78c1
+        set proxy disable
+        set category "Tunneling"
+        set protocol IP
+        set helper auto
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set protocol-number 47
+    next
+    edit "AH"
+        set uuid 96eaea14-c0f9-51f0-40f6-44db37089197
+        set proxy disable
+        set category "Tunneling"
+        set protocol IP
+        set helper auto
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set protocol-number 51
+    next
+    edit "ESP"
+        set uuid 96eaeda2-c0f9-51f0-82e8-5004b6c3deb9
+        set proxy disable
+        set category "Tunneling"
+        set protocol IP
+        set helper auto
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set protocol-number 50
+    next
+    edit "AOL"
+        set uuid 96eaf130-c0f9-51f0-6de1-71a7fe31d49d
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 5190-5194
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "BGP"
+        set uuid 96eaf400-c0f9-51f0-fff3-34cea08d42de
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 179
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "DHCP"
+        set uuid 96eaf752-c0f9-51f0-2d8e-c4e58238fcb7
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 67-68
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "FINGER"
+        set uuid 96eafaae-c0f9-51f0-3e8e-ffdab5271364
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 79
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "GOPHER"
+        set uuid 96eafd7e-c0f9-51f0-39dd-b835fdbf2026
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 70
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "H323"
+        set uuid 96eb00e4-c0f9-51f0-a396-078ddf6f28f2
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1720 1503
+        set udp-portrange 1719
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "IKE"
+        set uuid 96eb04cc-c0f9-51f0-87e4-00ed5e566008
+        set proxy disable
+        set category "Tunneling"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 500 4500
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "Internet-Locator-Service"
+        set uuid 96eb0832-c0f9-51f0-be7c-b4be2e6e2da0
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 389
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "IRC"
+        set uuid 96eb0af8-c0f9-51f0-dfdd-6c2c977d2607
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 6660-6669
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "L2TP"
+        set uuid 96eb0e68-c0f9-51f0-05d3-763419406339
+        set proxy disable
+        set category "Tunneling"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1701
+        set udp-portrange 1701
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "NetMeeting"
+        set uuid 96eb120a-c0f9-51f0-e709-a42a856c93ed
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1720
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "NFS"
+        set uuid 96eb14c6-c0f9-51f0-4664-e0f6f0f809a6
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 111 2049
+        set udp-portrange 111 2049
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "NNTP"
+        set uuid 96eb1868-c0f9-51f0-ace7-2d5814d31293
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 119
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "NTP"
+        set uuid 96eb1b24-c0f9-51f0-2981-e5d408846b2c
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 123
+        set udp-portrange 123
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "OSPF"
+        set uuid 96eb1ed0-c0f9-51f0-22b7-8d6057df1ed2
+        set proxy disable
+        set category "Network Services"
+        set protocol IP
+        set helper auto
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set protocol-number 89
+    next
+    edit "PC-Anywhere"
+        set uuid 96eb2268-c0f9-51f0-ce5f-9d9f4306e4fd
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 5631
+        set udp-portrange 5632
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "PING"
+        set uuid 96eb2600-c0f9-51f0-342b-1fde718db4fd
+        set proxy disable
+        set category "Network Services"
+        set protocol ICMP
+        set helper auto
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set icmptype 8
+        unset icmpcode
+    next
+    edit "TIMESTAMP"
+        set uuid 96eb29e8-c0f9-51f0-5a7c-874cf9d0784a
+        set proxy disable
+        set category ''
+        set protocol ICMP
+        set helper auto
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set icmptype 13
+        unset icmpcode
+    next
+    edit "INFO_REQUEST"
+        set uuid 96eb2d44-c0f9-51f0-029d-63d4b96e01d9
+        set proxy disable
+        set category ''
+        set protocol ICMP
+        set helper auto
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set icmptype 15
+        unset icmpcode
+    next
+    edit "INFO_ADDRESS"
+        set uuid 96eb308c-c0f9-51f0-6953-186396cfd1ee
+        set proxy disable
+        set category ''
+        set protocol ICMP
+        set helper auto
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set icmptype 17
+        unset icmpcode
+    next
+    edit "ONC-RPC"
+        set uuid 96eb33de-c0f9-51f0-c72f-eba47bc6eaaf
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 111
+        set udp-portrange 111
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "PPTP"
+        set uuid 96eb3834-c0f9-51f0-9569-c189fbf611d6
+        set proxy disable
+        set category "Tunneling"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1723
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "QUAKE"
+        set uuid 96eb3cbc-c0f9-51f0-8eda-6cccbe8dd8db
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 26000 27000 27910 27960
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RAUDIO"
+        set uuid 96eb3f8c-c0f9-51f0-2766-7a064258f89f
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 7070
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "REXEC"
+        set uuid 96eb4248-c0f9-51f0-a417-21f1837e3d9f
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 512
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RIP"
+        set uuid 96eb4518-c0f9-51f0-ac40-ce1d1165e9c0
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 520
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RLOGIN"
+        set uuid 96eb486a-c0f9-51f0-188a-1120489796f9
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 513:512-1023
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RSH"
+        set uuid 96eb4b3a-c0f9-51f0-a28d-13150b8c009a
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 514:512-1023
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SCCP"
+        set uuid 96eb4e00-c0f9-51f0-76a5-1f04d7b5f155
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 2000
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SIP"
+        set uuid 96eb515c-c0f9-51f0-e179-4f5e6bccda38
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 5060
+        set udp-portrange 5060
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SIP-MSNmessenger"
+        set uuid 96eb5508-c0f9-51f0-a5e8-7b68f1efa994
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1863
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SNMP"
+        set uuid 96eb585a-c0f9-51f0-5e4c-48921c692606
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 161-162
+        set udp-portrange 161-162
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SSH"
+        set uuid 96eb5c06-c0f9-51f0-e2d0-c53a44363bfb
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 22
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SYSLOG"
+        set uuid 96eb5f58-c0f9-51f0-3692-de5bed3288fd
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 514
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "TALK"
+        set uuid 96eb62aa-c0f9-51f0-2995-43a045ad0ada
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 517-518
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "TELNET"
+        set uuid 96eb6584-c0f9-51f0-a260-3da38d402f14
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 23
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "TFTP"
+        set uuid 96eb68d6-c0f9-51f0-4c7e-7291509d2421
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 69
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "MGCP"
+        set uuid 96eb6cc8-c0f9-51f0-1806-faf0c650dbe0
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 2427 2727
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "UUCP"
+        set uuid 96eb6fc0-c0f9-51f0-1ec5-ffa70f421e4f
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 540
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "VDOLIVE"
+        set uuid 96eb7286-c0f9-51f0-d970-6254c12532b5
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 7000-7010
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "WAIS"
+        set uuid 96eb7560-c0f9-51f0-fbfd-699a6e8bf421
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 210
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "WINFRAME"
+        set uuid 96eb781c-c0f9-51f0-a7f2-e2a0c86856a4
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1494 2598
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "X-WINDOWS"
+        set uuid 96eb7ae2-c0f9-51f0-8946-a6a7af3d7f2c
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 6000-6063
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "PING6"
+        set uuid 96eb7e48-c0f9-51f0-10a5-5b1849988f16
+        set proxy disable
+        set category ''
+        set protocol ICMP6
+        set helper auto
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set icmptype 128
+        unset icmpcode
+    next
+    edit "MS-SQL"
+        set uuid 96eb81a4-c0f9-51f0-ebd9-46bc951420b2
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1433 1434
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "MYSQL"
+        set uuid 96eb850a-c0f9-51f0-65ca-3f3f002c1c25
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 3306
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RDP"
+        set uuid 96eb8866-c0f9-51f0-ed02-033142444e21
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 3389
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "VNC"
+        set uuid 96eb8bb8-c0f9-51f0-c884-d7f7cbfe1256
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 5900
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "DHCP6"
+        set uuid 96eb8f0a-c0f9-51f0-9818-47ddbfe02012
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 546 547
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SQUID"
+        set uuid 96eb9266-c0f9-51f0-ee45-cfa010379154
+        set proxy disable
+        set category "Tunneling"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 3128
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SOCKS"
+        set uuid 96eb95c2-c0f9-51f0-a063-dff622758fd7
+        set proxy disable
+        set category "Tunneling"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1080
+        set udp-portrange 1080
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "WINS"
+        set uuid 96eb9964-c0f9-51f0-4bc3-ae39100db90a
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1512
+        set udp-portrange 1512
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RADIUS"
+        set uuid 96eb9cfc-c0f9-51f0-22d9-aaa43a0c929f
+        set proxy disable
+        set category "Authentication"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 1812 1813
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RADIUS-OLD"
+        set uuid 96eba2c4-c0f9-51f0-6c7c-920fafd3f30a
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 1645 1646
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "CVSPSERVER"
+        set uuid 96eba5da-c0f9-51f0-67b5-0f3cd75ba490
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 2401
+        set udp-portrange 2401
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "AFS3"
+        set uuid 96eba8fa-c0f9-51f0-c5cb-a35a51d20d2b
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 7000-7009
+        set udp-portrange 7000-7009
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "TRACEROUTE"
+        set uuid 96ebacc4-c0f9-51f0-1040-6e081096c638
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 33434-33535
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RTSP"
+        set uuid 96ebb020-c0f9-51f0-5bd7-900814e82a52
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 554 7070 8554
+        set udp-portrange 554
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "MMS"
+        set uuid 96ebb3d6-c0f9-51f0-12d2-86199fbee22e
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1755
+        set udp-portrange 1024-5000
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "NONE"
+        set uuid 96ebb6ec-c0f9-51f0-b3b4-15ce15d6e4c1
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 0
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "webproxy"
+        set uuid 8b529a62-c0f9-51f0-4381-b573f9911285
+        set proxy enable
+        set category "Web Proxy"
+        set protocol ALL
+        set helper auto
+        set comment ''
+        set color 0
+        set app-service-type disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 0-65535:0-65535
+    next
+end
+config firewall service group
+    edit "Email Access"
+        set uuid 8b52abb0-c0f9-51f0-86f0-9817e4e67a19
+        set proxy disable
+        set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
+        set comment ''
+        set color 0
+        set fabric-object disable
+    next
+    edit "Web Access"
+        set uuid 8b52b236-c0f9-51f0-3dc8-b1d8b8b7b65e
+        set proxy disable
+        set member "DNS" "HTTP" "HTTPS"
+        set comment ''
+        set color 0
+        set fabric-object disable
+    next
+    edit "Windows AD"
+        set uuid 8b52b5e2-c0f9-51f0-bb72-ccdd40d89710
+        set proxy disable
+        set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
+        set comment ''
+        set color 0
+        set fabric-object disable
+    next
+    edit "Exchange Server"
+        set uuid 8b52bb5a-c0f9-51f0-8975-7ba71ea48ea7
+        set proxy disable
+        set member "DCE-RPC" "DNS" "HTTPS"
+        set comment ''
+        set color 0
+        set fabric-object disable
+    next
+end
+config firewall internet-service-group
+end
+config firewall internet-service-extension
+end
+config firewall internet-service-custom
+end
+config firewall internet-service-custom-group
+end
+config firewall network-service-dynamic
+end
+config system external-resource
+end
+config vpn certificate ca
+end
+config vpn certificate remote
+end
+config vpn certificate local
+    edit "Fortinet_CA_SSL"
+        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_CA_Untrusted"
+        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_GUI_Server"
+        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_RSA1024"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_RSA2048"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_RSA4096"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_DSA1024"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_DSA2048"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_ECDSA256"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_ECDSA384"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_ECDSA521"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_ED25519"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_ED448"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+end
+config vpn certificate crl
+end
+config vpn certificate ocsp-server
+end
+config vpn certificate setting
+    set ocsp-status disable
+    set ocsp-option server
+    set proxy ''
+    set source-ip ''
+    set ocsp-default-server ''
+    set interface-select-method auto
+    set check-ca-cert enable
+    set check-ca-chain disable
+    set subject-match substring
+    set subject-set subset
+    set cn-match substring
+    set cn-allow-multi enable
+    config crl-verification
+        set expiry ignore
+        set leaf-crl-absence ignore
+        set chain-crl-absence ignore
+    end
+    set strict-ocsp-check disable
+    set ssl-min-proto-version default
+    set cmp-save-extra-certs disable
+    set cmp-key-usage-checking enable
+    set cert-expire-warning 14
+    set certname-rsa1024 "Fortinet_SSL_RSA1024"
+    set certname-rsa2048 "Fortinet_SSL_RSA2048"
+    set certname-rsa4096 "Fortinet_SSL_RSA4096"
+    set certname-dsa1024 "Fortinet_SSL_DSA1024"
+    set certname-dsa2048 "Fortinet_SSL_DSA2048"
+    set certname-ecdsa256 "Fortinet_SSL_ECDSA256"
+    set certname-ecdsa384 "Fortinet_SSL_ECDSA384"
+    set certname-ecdsa521 "Fortinet_SSL_ECDSA521"
+    set certname-ed25519 "Fortinet_SSL_ED25519"
+    set certname-ed448 "Fortinet_SSL_ED448"
+end
+config webfilter ftgd-local-cat
+    edit "custom1"
+        set status enable
+        set id 140
+    next
+    edit "custom2"
+        set status enable
+        set id 141
+    next
+end
+config ips sensor
+    edit "g-default"
+        set comment "Prevent critical attacks."
+        set replacemsg-group ''
+        set block-malicious-url disable
+        set scan-botnet-connections disable
+        set extended-log disable
+        config entries
+            edit 1
+                set location all
+                set severity medium high critical
+                set protocol all
+                set os all
+                set application all
+                set default-action all
+                set default-status all
+                unset last-modified
+                set status default
+                set log enable
+                set log-packet disable
+                set log-attack-context disable
+                set action default
+                set quarantine none
+            next
+        end
+    next
+    edit "g-sniffer-profile"
+        set comment "Monitor IPS attacks."
+        set replacemsg-group ''
+        set block-malicious-url disable
+        set scan-botnet-connections disable
+        set extended-log disable
+        config entries
+            edit 1
+                set location all
+                set severity medium high critical
+                set protocol all
+                set os all
+                set application all
+                set default-action all
+                set default-status all
+                unset last-modified
+                set status default
+                set log enable
+                set log-packet disable
+                set log-attack-context disable
+                set action default
+                set quarantine none
+            next
+        end
+    next
+    edit "g-wifi-default"
+        set comment "Default configuration for offloading WiFi traffic."
+        set replacemsg-group ''
+        set block-malicious-url disable
+        set scan-botnet-connections disable
+        set extended-log disable
+        config entries
+            edit 1
+                set location all
+                set severity medium high critical
+                set protocol all
+                set os all
+                set application all
+                set default-action all
+                set default-status all
+                unset last-modified
+                set status default
+                set log enable
+                set log-packet disable
+                set log-attack-context disable
+                set action default
+                set quarantine none
+            next
+        end
+    next
+end
+config sctp-filter profile
+end
+config diameter-filter profile
+end
+config firewall shaper traffic-shaper
+    edit "high-priority"
+        set guaranteed-bandwidth 0
+        set maximum-bandwidth 1048576
+        set bandwidth-unit kbps
+        set priority high
+        set per-policy enable
+        set diffserv disable
+        set cos-marking disable
+        set overhead 0
+    next
+    edit "medium-priority"
+        set guaranteed-bandwidth 0
+        set maximum-bandwidth 1048576
+        set bandwidth-unit kbps
+        set priority medium
+        set per-policy enable
+        set diffserv disable
+        set cos-marking disable
+        set overhead 0
+    next
+    edit "low-priority"
+        set guaranteed-bandwidth 0
+        set maximum-bandwidth 1048576
+        set bandwidth-unit kbps
+        set priority low
+        set per-policy enable
+        set diffserv disable
+        set cos-marking disable
+        set overhead 0
+    next
+    edit "guarantee-100kbps"
+        set guaranteed-bandwidth 100
+        set maximum-bandwidth 1048576
+        set bandwidth-unit kbps
+        set priority high
+        set per-policy enable
+        set diffserv disable
+        set cos-marking disable
+        set overhead 0
+    next
+    edit "shared-1M-pipe"
+        set guaranteed-bandwidth 0
+        set maximum-bandwidth 1024
+        set bandwidth-unit kbps
+        set priority high
+        set per-policy disable
+        set diffserv disable
+        set cos-marking disable
+        set overhead 0
+    next
+end
+config firewall shaper per-ip-shaper
+end
+config firewall proxy-address
+    edit "IPv4-address"
+        set uuid 2a03897c-c0f6-51f0-4d81-bcec477adf58
+        set type host-regex
+        set host-regex "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}$"
+        set referrer disable
+        set case-sensitivity disable
+        set color 0
+        set comment ''
+    next
+    edit "IPv6-address"
+        set uuid 2a038a94-c0f6-51f0-6ea6-d2a11f818ac9
+        set type host-regex
+        set host-regex "^\\[(([0-9a-f]{0,4}:){1,7}[0-9a-f]{1,4})\\]$"
+        set referrer disable
+        set case-sensitivity disable
+        set color 0
+        set comment ''
+    next
+end
+config firewall proxy-addrgrp
+end
+config web-proxy profile
+end
+config web-proxy global
+    set ssl-cert "Fortinet_Factory"
+    set ssl-ca-cert "Fortinet_CA_SSL"
+    set fast-policy-match enable
+    set ldap-user-cache disable
+    set proxy-fqdn "default.fqdn"
+    set max-request-length 8
+    set max-message-length 32
+    set strict-web-check disable
+    set forward-proxy-auth disable
+    set forward-server-affinity-timeout 30
+    set max-waf-body-cache-length 1
+    set webproxy-profile ''
+    set learn-client-ip disable
+    set policy-category-deep-inspect enable
+    set log-policy-pending disable
+    set log-forward-server disable
+    set log-app-id disable
+    set proxy-transparent-cert-inspection disable
+    set request-obs-fold keep
+end
+config web-proxy forward-server
+end
+config web-proxy forward-server-group
+end
+config web-proxy debug-url
+end
+config web-proxy wisp
+end
+config wanopt webcache
+    set max-object-size 512000
+    set neg-resp-time 0
+    set fresh-factor 100
+    set max-ttl 7200
+    set min-ttl 5
+    set default-ttl 1440
+    set ignore-ims disable
+    set ignore-conditional disable
+    set ignore-pnc disable
+    set ignore-ie-reload enable
+    set cache-expired disable
+    set cache-cookie disable
+    set reval-pnc disable
+    set always-revalidate disable
+    set cache-by-default disable
+    set host-validate disable
+    set external disable
+end
+config web-proxy fast-fallback
+end
+config web-proxy url-match
+end
+config application custom
+end
+config application group
+end
+config dlp data-type
+    edit "g-credit-card"
+        set pattern "\\b([2-6]{1}\\d{3})[- ]?(\\d{4})[- ]?(\\d{2})[- ]?(\\d{2})[- ]?(\\d{2,4})\\b"
+        set verify "builtin)credit-card"
+        set verify2 ''
+        set match-around ''
+        set look-back 20
+        set look-ahead 1
+        set transform "\\b\\1[- ]?\\2[- ]?\\3[- ]?\\4[- ]?\\5\\b"
+        set verify-transformed-pattern disable
+        set comment ''
+    next
+    edit "g-edm-keyword"
+        set pattern ".+"
+        set verify ''
+        set match-around ''
+        set transform "/\\b\\0\\b/i"
+        set comment ''
+    next
+    edit "g-hex"
+        set pattern "built-in"
+        set verify ''
+        set match-around ''
+        set transform ''
+        set comment ''
+    next
+    edit "g-keyword"
+        set pattern "built-in"
+        set verify ''
+        set match-around ''
+        set transform ''
+        set comment ''
+    next
+    edit "g-mip-label"
+        set pattern "^[[:xdigit:]]{8}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{12}$"
+        set verify ''
+        set match-around ''
+        set transform "built-in"
+        set comment ''
+    next
+    edit "g-regex"
+        set pattern "built-in"
+        set verify ''
+        set match-around ''
+        set transform ''
+        set comment ''
+    next
+    edit "g-ssn-us"
+        set pattern "\\b(\\d{3})-(\\d{2})-(\\d{4})\\b"
+        set verify "(?<!-)\\b(?!666|000|9\\d{2})\\d{3}-(?!00)\\d{2}-(?!0{4})\\d{4}\\b(?!-)"
+        set verify2 ''
+        set match-around ''
+        set look-back 12
+        set look-ahead 1
+        set transform "\\b\\1-\\2-\\3\\b"
+        set verify-transformed-pattern disable
+        set comment ''
+    next
+end
+config dlp dictionary
+end
+config dlp exact-data-match
+end
+config dlp sensor
+end
+config dlp filepattern
+    edit 1
+        set name "builtin-patterns"
+        set comment ''
+        config entries
+            edit "*.bat"
+                set filter-type pattern
+            next
+            edit "*.com"
+                set filter-type pattern
+            next
+            edit "*.dll"
+                set filter-type pattern
+            next
+            edit "*.doc"
+                set filter-type pattern
+            next
+            edit "*.exe"
+                set filter-type pattern
+            next
+            edit "*.gz"
+                set filter-type pattern
+            next
+            edit "*.hta"
+                set filter-type pattern
+            next
+            edit "*.ppt"
+                set filter-type pattern
+            next
+            edit "*.rar"
+                set filter-type pattern
+            next
+            edit "*.scr"
+                set filter-type pattern
+            next
+            edit "*.tar"
+                set filter-type pattern
+            next
+            edit "*.tgz"
+                set filter-type pattern
+            next
+            edit "*.vb?"
+                set filter-type pattern
+            next
+            edit "*.wps"
+                set filter-type pattern
+            next
+            edit "*.xl?"
+                set filter-type pattern
+            next
+            edit "*.zip"
+                set filter-type pattern
+            next
+            edit "*.pif"
+                set filter-type pattern
+            next
+            edit "*.cpl"
+                set filter-type pattern
+            next
+        end
+    next
+    edit 2
+        set name "all_executables"
+        set comment ''
+        config entries
+            edit "bat"
+                set filter-type type
+                set file-type bat
+            next
+            edit "exe"
+                set filter-type type
+                set file-type exe
+            next
+            edit "elf"
+                set filter-type type
+                set file-type elf
+            next
+            edit "hta"
+                set filter-type type
+                set file-type hta
+            next
+        end
+    next
+end
+config dlp sensitivity
+    edit "Private"
+    next
+    edit "Critical"
+    next
+    edit "Warning"
+    next
+end
+config dlp fp-doc-source
+end
+config dlp profile
+    edit "g-default"
+        set comment "Default profile."
+        set replacemsg-group ''
+        set dlp-log enable
+        set extended-log disable
+        set nac-quar-log disable
+        unset full-archive-proto
+        unset summary-proto
+    next
+    edit "g-sniffer-profile"
+        set comment "Log a summary of email and web traffic."
+        set replacemsg-group ''
+        set dlp-log enable
+        set extended-log disable
+        set nac-quar-log disable
+        unset full-archive-proto
+        set summary-proto smtp pop3 imap http-get http-post
+    next
+end
+config webfilter content
+end
+config webfilter content-header
+end
+config webfilter urlfilter
+end
+config videofilter youtube-key
+end
+config videofilter keyword
+end
+config videofilter profile
+end
+config webfilter ips-urlfilter-setting
+    set device ''
+    set distance 1
+    set gateway 0.0.0.0
+    set geo-filter ''
+end
+config webfilter ips-urlfilter-setting6
+    set device ''
+    set distance 1
+    set gateway6 ::
+    set geo-filter ''
+end
+config emailfilter bword
+end
+config emailfilter block-allow-list
+end
+config emailfilter mheader
+end
+config emailfilter dnsbl
+end
+config emailfilter iptrust
+end
+config log threat-weight
+    set status enable
+    config level
+        set low 5
+        set medium 10
+        set high 30
+        set critical 50
+    end
+    set blocked-connection high
+    set failed-connection low
+    set url-block-detected high
+    set botnet-connection-detected critical
+    config malware
+        set virus-infected critical
+        set inline-block critical
+        set file-blocked low
+        set command-blocked disable
+        set oversized disable
+        set virus-scan-error high
+        set switch-proto disable
+        set mimefragmented disable
+        set virus-file-type-executable medium
+        set virus-outbreak-prevention critical
+        set content-disarm medium
+        set malware-list medium
+        set ems-threat-feed medium
+        set fsa-malicious critical
+        set fsa-high-risk high
+        set fsa-medium-risk medium
+    end
+    config ips
+        set info-severity disable
+        set low-severity low
+        set medium-severity medium
+        set high-severity high
+        set critical-severity critical
+    end
+    config web
+        edit 1
+            set category 26
+            set level high
+        next
+        edit 2
+            set category 61
+            set level high
+        next
+        edit 3
+            set category 86
+            set level high
+        next
+        edit 4
+            set category 1
+            set level medium
+        next
+        edit 5
+            set category 3
+            set level medium
+        next
+        edit 6
+            set category 4
+            set level medium
+        next
+        edit 7
+            set category 5
+            set level medium
+        next
+        edit 8
+            set category 6
+            set level medium
+        next
+        edit 9
+            set category 12
+            set level medium
+        next
+        edit 10
+            set category 59
+            set level medium
+        next
+        edit 11
+            set category 62
+            set level medium
+        next
+        edit 12
+            set category 83
+            set level medium
+        next
+        edit 13
+            set category 72
+            set level low
+        next
+        edit 14
+            set category 14
+            set level low
+        next
+        edit 15
+            set category 96
+            set level medium
+        next
+    end
+    config application
+        edit 1
+            set category 2
+            set level low
+        next
+        edit 2
+            set category 6
+            set level medium
+        next
+    end
+end
+config icap server
+end
+config icap server-group
+end
+config icap profile
+    edit "default"
+        set replacemsg-group ''
+        set comment ''
+        set request disable
+        set response disable
+        unset file-transfer
+        set streaming-content-bypass disable
+        set 204-response disable
+        set preview disable
+        set methods delete get head options post put trace connect other
+        set icap-block-log disable
+        set chunk-encap disable
+        unset extension-feature
+        set timeout 30
+        config icap-headers
+            edit 1
+                set name "X-Authenticated-User"
+                set content "$user"
+                set base64-encoding disable
+            next
+            edit 2
+                set name "X-Authenticated-Groups"
+                set content "$local_grp"
+                set base64-encoding disable
+            next
+        end
+    next
+end
+config system network-visibility
+    set destination-visibility enable
+    set source-location enable
+    set destination-hostname-visibility enable
+    set hostname-ttl 86400
+    set hostname-limit 5000
+    set destination-location enable
+end
+config user peer
+end
+config user peergrp
+end
+config vpn qkd
+end
+config user certificate
+end
+config user radius
+end
+config user tacacs+
+end
+config user exchange
+end
+config user ldap
+end
+config user krb-keytab
+end
+config user domain-controller
+end
+config user pop3
+end
+config user saml
+end
+config user external-identity-provider
+end
+config user fsso
+end
+config user adgrp
+end
+config user fsso-polling
+end
+config user fortitoken
+end
+config user password-policy
+end
+config user local
+end
+config user setting
+    set auth-type http https ftp telnet
+    set auth-cert "Fortinet_Factory"
+    set auth-ca-cert ''
+    set auth-secure-http disable
+    set auth-http-basic disable
+    set auth-ssl-allow-renegotiation disable
+    set auth-src-mac enable
+    set auth-on-demand implicitly
+    set auth-timeout 5
+    set auth-timeout-type idle-timeout
+    set auth-portal-timeout 3
+    set radius-ses-timeout-act hard-timeout
+    set auth-blackout-time 0
+    set auth-invalid-max 5
+    set auth-lockout-threshold 3
+    set auth-lockout-duration 0
+    set per-policy-disclaimer disable
+    set auth-ssl-min-proto-version default
+    unset auth-ssl-max-proto-version
+    set auth-ssl-sigalgs all
+    set default-user-password-policy ''
+end
+config user quarantine
+    set quarantine enable
+    set traffic-policy ''
+    set firewall-groups ''
+end
+config user group
+    edit "SSO_Guest_Users"
+        set authtimeout 0
+        set http-digest-realm ''
+    next
+end
+config user security-exempt-list
+end
+config vpn ssl web realm
+end
+config vpn ssl web host-check-software
+    edit "FortiClient-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "1A0271D5-3D4F-46DB-0C2C-AB37BA90D9F7"
+    next
+    edit "FortiClient-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
+    next
+    edit "FortiClient-AV-Vista"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
+    next
+    edit "FortiClient-FW-Vista"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
+    next
+    edit "FortiClient5-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "5EEDDB8C-C27A-6714-3657-DBD811D1F1B7"
+    next
+    edit "AVG-Internet-Security-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
+    next
+    edit "AVG-Internet-Security-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "8DECF618-9569-4340-B34A-D78D28969B66"
+    next
+    edit "AVG-Internet-Security-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
+    next
+    edit "AVG-Internet-Security-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
+    next
+    edit "CA-Anti-Virus"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
+    next
+    edit "CA-Internet-Security-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
+    next
+    edit "CA-Internet-Security-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
+    next
+    edit "CA-Internet-Security-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
+    next
+    edit "CA-Internet-Security-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
+    next
+    edit "CA-Personal-Firewall"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
+    next
+    edit "F-Secure-Internet-Security-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
+    next
+    edit "F-Secure-Internet-Security-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "D4747503-0346-49EB-9262-997542F79BF4"
+    next
+    edit "F-Secure-Internet-Security-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "15414183-282E-D62C-CA37-EF24860A2F17"
+    next
+    edit "F-Secure-Internet-Security-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
+    next
+    edit "Kaspersky-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
+    next
+    edit "Kaspersky-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
+    next
+    edit "Kaspersky-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
+    next
+    edit "Kaspersky-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
+    next
+    edit "McAfee-Internet-Security-Suite-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
+    next
+    edit "McAfee-Internet-Security-Suite-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
+    next
+    edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
+    next
+    edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
+    next
+    edit "McAfee-Virus-Scan-Enterprise"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
+    next
+    edit "Norton-360-2.0-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
+    next
+    edit "Norton-360-2.0-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
+    next
+    edit "Norton-360-3.0-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "E10A9785-9598-4754-B552-92431C1C35F8"
+    next
+    edit "Norton-360-3.0-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
+    next
+    edit "Norton-Internet-Security-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "E10A9785-9598-4754-B552-92431C1C35F8"
+    next
+    edit "Norton-Internet-Security-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
+    next
+    edit "Norton-Internet-Security-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
+    next
+    edit "Norton-Internet-Security-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
+    next
+    edit "Symantec-Endpoint-Protection-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
+    next
+    edit "Symantec-Endpoint-Protection-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
+    next
+    edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
+    next
+    edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
+    next
+    edit "Panda-Antivirus+Firewall-2008-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
+    next
+    edit "Panda-Antivirus+Firewall-2008-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
+    next
+    edit "Panda-Internet-Security-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
+    next
+    edit "Panda-Internet-Security-2006~2007-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
+    next
+    edit "Panda-Internet-Security-2008~2009-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
+    next
+    edit "Sophos-Anti-Virus"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
+    next
+    edit "Sophos-Enpoint-Secuirty-and-Control-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
+    next
+    edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
+    next
+    edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
+    next
+    edit "Trend-Micro-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
+    next
+    edit "Trend-Micro-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
+    next
+    edit "Trend-Micro-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
+    next
+    edit "Trend-Micro-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
+    next
+    edit "ZoneAlarm-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
+    next
+    edit "ZoneAlarm-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
+    next
+    edit "ZoneAlarm-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
+    next
+    edit "ZoneAlarm-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
+    next
+    edit "ESET-Smart-Security-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
+    next
+    edit "ESET-Smart-Security-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
+    next
+end
+config vpn ssl web portal
+    edit "full-access"
+        set tunnel-mode enable
+        set ipv6-tunnel-mode enable
+        set web-mode enable
+        set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
+        set limit-user-logins disable
+        set forticlient-download enable
+        set ip-mode range
+        set auto-connect disable
+        set keep-alive disable
+        set save-password disable
+        set ip-pools "SSLVPN_TUNNEL_ADDR1"
+        set split-tunneling enable
+        set split-tunneling-routing-negate disable
+        set dns-server1 0.0.0.0
+        set dns-server2 0.0.0.0
+        set dns-suffix ''
+        set wins-server1 0.0.0.0
+        set wins-server2 0.0.0.0
+        set dhcp-ra-giaddr 0.0.0.0
+        set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
+        set ipv6-split-tunneling enable
+        set ipv6-split-tunneling-routing-negate disable
+        set ipv6-dns-server1 ::
+        set ipv6-dns-server2 ::
+        set ipv6-wins-server1 ::
+        set ipv6-wins-server2 ::
+        set dhcp6-ra-linkaddr ::
+        set client-src-range disable
+        set landing-page-mode disable
+        set display-bookmark enable
+        set user-bookmark enable
+        set default-protocol web
+        set user-group-bookmark enable
+        set display-connection-tools enable
+        set display-history enable
+        set focus-bookmark disable
+        set display-status enable
+        set rewrite-ip-uri-ui disable
+        set heading "SSL-VPN Portal"
+        set redir-url ''
+        set theme security-fabric
+        set smb-ntlmv1-auth disable
+        set smb-min-version smbv2
+        set smb-max-version smbv3
+        set use-sdwan disable
+        set clipboard enable
+        set default-window-width 1024
+        set default-window-height 768
+        set host-check none
+        set mac-addr-check disable
+        set os-check disable
+        set forticlient-download-method direct
+        set customize-forticlient-download-url disable
+        set hide-sso-credential enable
+    next
+    edit "web-access"
+        set tunnel-mode disable
+        set ipv6-tunnel-mode disable
+        set web-mode enable
+        set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
+        set limit-user-logins disable
+        set forticlient-download enable
+        set dns-suffix ''
+        set landing-page-mode disable
+        set display-bookmark enable
+        set user-bookmark enable
+        set default-protocol web
+        set user-group-bookmark enable
+        set display-connection-tools enable
+        set display-history enable
+        set focus-bookmark disable
+        set display-status enable
+        set rewrite-ip-uri-ui disable
+        set heading "SSL-VPN Portal"
+        set redir-url ''
+        set theme security-fabric
+        set smb-ntlmv1-auth disable
+        set smb-min-version smbv2
+        set smb-max-version smbv3
+        set use-sdwan disable
+        set clipboard enable
+        set default-window-width 1024
+        set default-window-height 768
+        set forticlient-download-method direct
+        set customize-forticlient-download-url disable
+        set hide-sso-credential enable
+    next
+    edit "tunnel-access"
+        set tunnel-mode enable
+        set ipv6-tunnel-mode enable
+        set web-mode disable
+        set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
+        set limit-user-logins disable
+        set forticlient-download enable
+        set ip-mode range
+        set auto-connect disable
+        set keep-alive disable
+        set save-password disable
+        set ip-pools "SSLVPN_TUNNEL_ADDR1"
+        set split-tunneling enable
+        set split-tunneling-routing-negate disable
+        set dns-server1 0.0.0.0
+        set dns-server2 0.0.0.0
+        set dns-suffix ''
+        set wins-server1 0.0.0.0
+        set wins-server2 0.0.0.0
+        set dhcp-ra-giaddr 0.0.0.0
+        set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
+        set ipv6-split-tunneling enable
+        set ipv6-split-tunneling-routing-negate disable
+        set ipv6-dns-server1 ::
+        set ipv6-dns-server2 ::
+        set ipv6-wins-server1 ::
+        set ipv6-wins-server2 ::
+        set dhcp6-ra-linkaddr ::
+        set client-src-range disable
+        set host-check none
+        set mac-addr-check disable
+        set os-check disable
+        set forticlient-download-method direct
+        set customize-forticlient-download-url disable
+    next
+end
+config vpn ssl settings
+    set status enable
+    set reqclientcert disable
+    set ssl-max-proto-ver tls1-3
+    set ssl-min-proto-ver tls1-2
+    set banned-cipher SHA1 SHA256 SHA384
+    set ciphersuite TLS-AES-128-GCM-SHA256 TLS-AES-256-GCM-SHA384 TLS-CHACHA20-POLY1305-SHA256
+    set ssl-insert-empty-fragment enable
+    set https-redirect disable
+    set x-content-type-options enable
+    set ssl-client-renegotiation disable
+    set force-two-factor-auth disable
+    set servercert "Fortinet_Factory"
+    set algorithm high
+    set idle-timeout 300
+    set auth-timeout 28800
+    set login-attempt-limit 2
+    set login-block-time 60
+    set login-timeout 30
+    set dns-suffix ''
+    set dns-server1 0.0.0.0
+    set dns-server2 0.0.0.0
+    set wins-server1 0.0.0.0
+    set wins-server2 0.0.0.0
+    set ipv6-dns-server1 ::
+    set ipv6-dns-server2 ::
+    set ipv6-wins-server1 ::
+    set ipv6-wins-server2 ::
+    set url-obscuration disable
+    set http-compression disable
+    set http-only-cookie enable
+    set port 443
+    set port-precedence enable
+    set auto-tunnel-static-route enable
+    set header-x-forwarded-for add
+    set browser-language-detection enable
+    set dtls-tunnel enable
+    set check-referer disable
+    set http-request-header-timeout 20
+    set http-request-body-timeout 30
+    set auth-session-check-source-ip enable
+    set tunnel-connect-without-reauth disable
+    set hsts-include-subdomains disable
+    set transform-backward-slashes disable
+    set encode-2f-sequence disable
+    set encrypt-and-store-password disable
+    set client-sigalgs all
+    set dual-stack-mode disable
+    set tunnel-addr-assigned-method first-available
+    set saml-redirect-port 8020
+    set ztna-trusted-client disable
+    set server-hostname ''
+    set dtls-hello-timeout 10
+    set dtls-heartbeat-idle-timeout 3
+    set dtls-heartbeat-interval 3
+    set dtls-heartbeat-fail-count 3
+    set dtls-max-proto-ver dtls1-2
+    set dtls-min-proto-ver dtls1-0
+end
+config vpn ssl web user-group-bookmark
+end
+config vpn ssl web user-bookmark
+end
+config vpn ssl client
+end
+config system sdwan
+    set status disable
+    set load-balance-mode source-ip-based
+    set speedtest-bypass-routing disable
+    set duplication-max-num 2
+    set neighbor-hold-down disable
+    set neighbor-hold-down-time 0
+    set app-perf-log-period 0
+    set neighbor-hold-boot-time 0
+    set fail-detect disable
+    config zone
+        edit "virtual-wan-link"
+            set advpn-select disable
+            set service-sla-tie-break cfg-order
+            set minimum-sla-meet-members 1
+        next
+    end
+    config health-check
+        edit "Default_DNS"
+            set probe-packets enable
+            set addr-mode ipv4
+            set system-dns enable
+            set detect-mode active
+            set ha-priority 1
+            set dns-request-domain "www.example.com"
+            set dns-match-ip 0.0.0.0
+            set interval 1000
+            set probe-timeout 1000
+            set failtime 5
+            set recoverytime 10
+            set probe-count 30
+            set diffservcode 000000
+            set update-cascade-interface enable
+            set update-static-route enable
+            set embed-measured-health disable
+            set sla-id-redistribute 0
+            set sla-fail-log-period 0
+            set sla-pass-log-period 0
+            set threshold-warning-packetloss 0
+            set threshold-alert-packetloss 0
+            set threshold-warning-latency 0
+            set threshold-alert-latency 0
+            set threshold-warning-jitter 0
+            set threshold-alert-jitter 0
+            set vrf 0
+            set source 0.0.0.0
+            set mos-codec g711
+            unset class-id
+            config sla
+                edit 1
+                    set link-cost-factor latency jitter packet-loss
+                    set latency-threshold 250
+                    set jitter-threshold 50
+                    set packetloss-threshold 5
+                    set priority-in-sla 0
+                    set priority-out-sla 0
+                next
+            end
+        next
+        edit "Default_Office_365"
+            set probe-packets enable
+            set addr-mode ipv4
+            set server "www.office.com"
+            set detect-mode active
+            set protocol https
+            set port 0
+            set ha-priority 1
+            set http-get "/"
+            set http-agent "Chrome/ Safari/"
+            set http-match ''
+            set interval 120000
+            set probe-timeout 1000
+            set failtime 5
+            set recoverytime 10
+            set probe-count 30
+            set diffservcode 000000
+            set update-cascade-interface enable
+            set update-static-route enable
+            set embed-measured-health disable
+            set sla-id-redistribute 0
+            set sla-fail-log-period 0
+            set sla-pass-log-period 0
+            set threshold-warning-packetloss 0
+            set threshold-alert-packetloss 0
+            set threshold-warning-latency 0
+            set threshold-alert-latency 0
+            set threshold-warning-jitter 0
+            set threshold-alert-jitter 0
+            set vrf 0
+            set source 0.0.0.0
+            set mos-codec g711
+            unset class-id
+            config sla
+                edit 1
+                    set link-cost-factor latency jitter packet-loss
+                    set latency-threshold 250
+                    set jitter-threshold 50
+                    set packetloss-threshold 5
+                    set priority-in-sla 0
+                    set priority-out-sla 0
+                next
+            end
+        next
+        edit "Default_Gmail"
+            set probe-packets enable
+            set addr-mode ipv4
+            set server "gmail.com"
+            set detect-mode active
+            set protocol ping
+            set ha-priority 1
+            set interval 1000
+            set probe-timeout 1000
+            set failtime 5
+            set recoverytime 10
+            set probe-count 30
+            set diffservcode 000000
+            set update-cascade-interface enable
+            set update-static-route enable
+            set embed-measured-health disable
+            set sla-id-redistribute 0
+            set sla-fail-log-period 0
+            set sla-pass-log-period 0
+            set threshold-warning-packetloss 0
+            set threshold-alert-packetloss 0
+            set threshold-warning-latency 0
+            set threshold-alert-latency 0
+            set threshold-warning-jitter 0
+            set threshold-alert-jitter 0
+            set vrf 0
+            set source 0.0.0.0
+            set mos-codec g711
+            unset class-id
+            config sla
+                edit 1
+                    set link-cost-factor latency jitter packet-loss
+                    set latency-threshold 250
+                    set jitter-threshold 50
+                    set packetloss-threshold 2
+                    set priority-in-sla 0
+                    set priority-out-sla 0
+                next
+            end
+        next
+        edit "Default_Google Search"
+            set probe-packets enable
+            set addr-mode ipv4
+            set server "www.google.com"
+            set detect-mode active
+            set protocol https
+            set port 0
+            set ha-priority 1
+            set http-get "/"
+            set http-agent "Chrome/ Safari/"
+            set http-match ''
+            set interval 120000
+            set probe-timeout 1000
+            set failtime 5
+            set recoverytime 10
+            set probe-count 30
+            set diffservcode 000000
+            set update-cascade-interface enable
+            set update-static-route enable
+            set embed-measured-health disable
+            set sla-id-redistribute 0
+            set sla-fail-log-period 0
+            set sla-pass-log-period 0
+            set threshold-warning-packetloss 0
+            set threshold-alert-packetloss 0
+            set threshold-warning-latency 0
+            set threshold-alert-latency 0
+            set threshold-warning-jitter 0
+            set threshold-alert-jitter 0
+            set vrf 0
+            set source 0.0.0.0
+            set mos-codec g711
+            unset class-id
+            config sla
+                edit 1
+                    set link-cost-factor latency jitter packet-loss
+                    set latency-threshold 250
+                    set jitter-threshold 50
+                    set packetloss-threshold 5
+                    set priority-in-sla 0
+                    set priority-out-sla 0
+                next
+            end
+        next
+        edit "Default_FortiGuard"
+            set probe-packets enable
+            set addr-mode ipv4
+            set server "fortiguard.com"
+            set detect-mode active
+            set protocol https
+            set port 0
+            set ha-priority 1
+            set http-get "/"
+            set http-agent "Chrome/ Safari/"
+            set http-match ''
+            set interval 120000
+            set probe-timeout 1000
+            set failtime 5
+            set recoverytime 10
+            set probe-count 30
+            set diffservcode 000000
+            set update-cascade-interface enable
+            set update-static-route enable
+            set embed-measured-health disable
+            set sla-id-redistribute 0
+            set sla-fail-log-period 0
+            set sla-pass-log-period 0
+            set threshold-warning-packetloss 0
+            set threshold-alert-packetloss 0
+            set threshold-warning-latency 0
+            set threshold-alert-latency 0
+            set threshold-warning-jitter 0
+            set threshold-alert-jitter 0
+            set vrf 0
+            set source 0.0.0.0
+            set mos-codec g711
+            unset class-id
+            config sla
+                edit 1
+                    set link-cost-factor latency jitter packet-loss
+                    set latency-threshold 250
+                    set jitter-threshold 50
+                    set packetloss-threshold 5
+                    set priority-in-sla 0
+                    set priority-out-sla 0
+                next
+            end
+        next
+    end
+end
+config vpn ipsec fec
+end
+config vpn kmip-server
+end
+config vpn ipsec phase1
+end
+config vpn ipsec phase2
+end
+config vpn ipsec manualkey
+end
+config vpn ipsec concentrator
+end
+config vpn ipsec phase1-interface
+end
+config vpn ipsec phase2-interface
+end
+config vpn ipsec manualkey-interface
+end
+config vpn pptp
+    set status disable
+end
+config vpn l2tp
+    set status disable
+    set lcp-max-echo-fails 3
+    set hello-interval 60
+end
+config vpn ipsec forticlient
+end
+config system evpn
+end
+config dnsfilter domain-filter
+end
+config dnsfilter profile
+    edit "default"
+        set comment "Default dns filtering."
+        config domain-filter
+            unset domain-filter-table
+        end
+        config ftgd-dns
+            unset options
+            config filters
+                edit 1
+                    set category 2
+                    set action monitor
+                next
+                edit 2
+                    set category 7
+                    set action monitor
+                next
+                edit 3
+                    set category 8
+                    set action monitor
+                next
+                edit 4
+                    set category 9
+                    set action monitor
+                next
+                edit 5
+                    set category 11
+                    set action monitor
+                next
+                edit 6
+                    set category 12
+                    set action monitor
+                next
+                edit 7
+                    set category 13
+                    set action monitor
+                next
+                edit 8
+                    set category 14
+                    set action monitor
+                next
+                edit 9
+                    set category 15
+                    set action monitor
+                next
+                edit 10
+                    set category 16
+                    set action monitor
+                next
+                edit 11
+                    set category 0
+                    set action monitor
+                next
+                edit 12
+                    set category 57
+                    set action monitor
+                next
+                edit 13
+                    set category 63
+                    set action monitor
+                next
+                edit 14
+                    set category 64
+                    set action monitor
+                next
+                edit 15
+                    set category 65
+                    set action monitor
+                next
+                edit 16
+                    set category 66
+                    set action monitor
+                next
+                edit 17
+                    set category 67
+                    set action monitor
+                next
+                edit 18
+                    set category 26
+                    set action block
+                    set log enable
+                next
+                edit 19
+                    set category 61
+                    set action block
+                    set log enable
+                next
+                edit 20
+                    set category 86
+                    set action block
+                    set log enable
+                next
+                edit 21
+                    set category 88
+                    set action block
+                    set log enable
+                next
+                edit 22
+                    set category 90
+                    set action block
+                    set log enable
+                next
+                edit 23
+                    set category 91
+                    set action block
+                    set log enable
+                next
+            end
+        end
+        set log-all-domain disable
+        set sdns-ftgd-err-log enable
+        set sdns-domain-log enable
+        set block-action redirect
+        set block-botnet enable
+        set safe-search disable
+        set strip-ech enable
+        set redirect-portal 0.0.0.0
+        set redirect-portal6 ::
+    next
+end
+config system gre-tunnel
+end
+config system ipsec-aggregate
+end
+config system ipip-tunnel
+end
+config system mobile-tunnel
+end
+config system pppoe-interface
+end
+config system vxlan
+end
+config system geneve
+end
+config system virtual-wire-pair
+end
+config system dns-database
+end
+config system dns-server
+end
+config log custom-field
+end
+config antivirus settings
+    set machine-learning-detection enable
+    set use-extreme-db disable
+    set grayware enable
+    set override-timeout 0
+    set cache-infected-result enable
+end
+config antivirus quarantine
+    set agelimit 0
+    set maxfilesize 0
+    set quarantine-quota 0
+    unset drop-infected
+    set store-infected imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
+    unset drop-machine-learning
+    set store-machine-learning imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
+    set lowspace ovrw-old
+    set destination disk
+end
+config antivirus exempt-list
+end
+config ssh-filter profile
+end
+config antivirus profile
+    edit "g-default"
+        set comment "Scan files and block viruses."
+        set replacemsg-group ''
+        set mobile-malware-db enable
+        config http
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config ftp
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config imap
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config pop3
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config smtp
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config nntp
+            set av-scan disable
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config cifs
+            set av-scan disable
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config nac-quar
+            set infected none
+            set log disable
+        end
+        set outbreak-prevention-archive-scan disable
+        set external-blocklist-enable-all enable
+        set ems-threat-feed disable
+        set av-virus-log enable
+        set extended-log disable
+    next
+    edit "g-sniffer-profile"
+        set comment "Scan files and monitor viruses."
+        set replacemsg-group ''
+        set mobile-malware-db enable
+        config http
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config ftp
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config imap
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config pop3
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config smtp
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config nntp
+            set av-scan disable
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config cifs
+            set av-scan disable
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config nac-quar
+            set infected none
+            set log disable
+        end
+        set outbreak-prevention-archive-scan disable
+        set external-blocklist-enable-all enable
+        set ems-threat-feed disable
+        set av-virus-log enable
+        set extended-log disable
+    next
+    edit "g-wifi-default"
+        set comment "Default configuration for offloading WiFi traffic."
+        set replacemsg-group ''
+        set mobile-malware-db enable
+        config http
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config ftp
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config imap
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config pop3
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config smtp
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config nntp
+            set av-scan disable
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config cifs
+            set av-scan disable
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config nac-quar
+            set infected none
+            set log disable
+        end
+        set outbreak-prevention-archive-scan disable
+        set external-blocklist-enable-all enable
+        set ems-threat-feed disable
+        set av-virus-log enable
+        set extended-log disable
+    next
+end
+config file-filter profile
+    edit "g-default"
+        set comment "File type inspection."
+        set replacemsg-group ''
+        set log enable
+        set extended-log disable
+        set scan-archive-contents enable
+    next
+    edit "g-sniffer-profile"
+        set comment "File type inspection."
+        set replacemsg-group ''
+        set log enable
+        set extended-log disable
+        set scan-archive-contents enable
+    next
+end
+config webfilter profile
+    edit "g-default"
+        set comment "Default web filtering."
+        set replacemsg-group ''
+        unset options
+        set https-replacemsg enable
+        set web-flow-log-encoding utf-8
+        set post-action normal
+        config web
+            set bword-threshold 10
+            set blocklist disable
+            unset allowlist
+            unset safe-search
+        end
+        set wisp disable
+        set log-all-url disable
+        set web-content-log enable
+        set web-filter-command-block-log enable
+        set web-filter-cookie-log enable
+        set web-url-log enable
+        set web-invalid-domain-log enable
+        set extended-log disable
+    next
+    edit "g-sniffer-profile"
+        set comment "Monitor web traffic."
+        set replacemsg-group ''
+        unset options
+        set https-replacemsg enable
+        set web-flow-log-encoding utf-8
+        set post-action normal
+        config web
+            set bword-threshold 10
+            set blocklist disable
+            unset allowlist
+            unset safe-search
+        end
+        set wisp disable
+        set log-all-url disable
+        set web-content-log enable
+        set web-filter-command-block-log enable
+        set web-filter-cookie-log enable
+        set web-url-log enable
+        set web-invalid-domain-log enable
+        set extended-log disable
+    next
+    edit "g-wifi-default"
+        set comment "Default configuration for offloading WiFi traffic."
+        set replacemsg-group ''
+        set options block-invalid-url
+        set https-replacemsg enable
+        set web-flow-log-encoding utf-8
+        set post-action normal
+        config web
+            set bword-threshold 10
+            set blocklist disable
+            unset allowlist
+            unset safe-search
+        end
+        set wisp disable
+        set log-all-url disable
+        set web-content-log enable
+        set web-filter-command-block-log enable
+        set web-filter-cookie-log enable
+        set web-url-log enable
+        set web-invalid-domain-log enable
+        set extended-log disable
+    next
+end
+config webfilter ftgd-local-rating
+end
+config webfilter search-engine
+    edit "g-baidu"
+        set hostname ".*\\.baidu\\.com"
+        set url "^\\/s?\\?"
+        set query "wd="
+        set safesearch disable
+    next
+    edit "g-baidu2"
+        set hostname ".*\\.baidu\\.com"
+        set url "^\\/(ns|q|m|i|v)\\?"
+        set query "word="
+        set safesearch disable
+    next
+    edit "g-baidu3"
+        set hostname "tieba\\.baidu\\.com"
+        set url "^\\/f\\?"
+        set query "kw="
+        set safesearch disable
+    next
+    edit "g-bing"
+        set hostname ".*\\.bing\\..*"
+        set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
+        set query "q="
+        set safesearch header
+    next
+    edit "g-google"
+        set hostname ".*\\.google\\..*"
+        set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
+        set query "q="
+        set safesearch url
+        set safesearch-str "&safe=active"
+    next
+    edit "g-google-translate-1"
+        set hostname "translate\\.google\\..*"
+        set url "^\\/translate"
+        set query "u="
+        set safesearch translate
+        set safesearch-str "regex::(?:\\?|&)u=([^&]+)::\\1"
+    next
+    edit "g-google-translate-2"
+        set hostname ".*\\.translate\\.goog"
+        set url "^\\/"
+        set query ''
+        set safesearch translate
+        set safesearch-str "case::google-translate"
+    next
+    edit "g-twitter"
+        set hostname "twitter\\.com"
+        set url "^\\/i\\/api\\/graphql\\/.*\\/UserByScreenName"
+        set query "variables="
+        set safesearch translate
+        set safesearch-str "regex::%22screen_name%22:%22([A-Za-z0-9_]{4,15})%22::twitter.com/\\1"
+    next
+    edit "g-vimeo"
+        set hostname ".*vimeo.*"
+        set url "^\\/search\\?"
+        set query "q="
+        set safesearch header
+    next
+    edit "g-yahoo"
+        set hostname ".*\\.yahoo\\..*"
+        set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
+        set query "p="
+        set safesearch url
+        set safesearch-str "&vm=r"
+    next
+    edit "g-yandex"
+        set hostname "yandex\\..*"
+        set url "^\\/((|yand|images\\/|video\\/)(search)|search\\/)\\?"
+        set query "text="
+        set safesearch url
+        set safesearch-str "&family=yes"
+    next
+    edit "g-youtube"
+        set hostname ".*youtube.*"
+        set url ''
+        set query ''
+        set safesearch header
+    next
+    edit "g-yt-channel"
+        set hostname ''
+        set url "www.youtube.com/channel"
+        set query ''
+        set safesearch yt-channel
+    next
+    edit "g-yt-pattern"
+        set hostname ''
+        set url "youtube.com/channel/"
+        set query ''
+        set safesearch yt-pattern
+    next
+    edit "g-yt-scan-1"
+        set hostname ''
+        set url "www.youtube.com/user/"
+        set query ''
+        set safesearch yt-scan
+    next
+    edit "g-yt-scan-2"
+        set hostname ''
+        set url "www.youtube.com/youtubei/v1/browse"
+        set query ''
+        set safesearch yt-scan
+    next
+    edit "g-yt-scan-3"
+        set hostname ''
+        set url "www.youtube.com/youtubei/v1/player"
+        set query ''
+        set safesearch yt-scan
+    next
+    edit "g-yt-scan-4"
+        set hostname ''
+        set url "www.youtube.com/youtubei/v1/navigator"
+        set query ''
+        set safesearch yt-scan
+    next
+    edit "yt-video"
+        set hostname ''
+        set url "www.youtube.com/watch"
+        set query ''
+        set safesearch yt-video
+    next
+end
+config emailfilter profile
+    edit "default"
+        set comment "Malware and phishing URL filtering."
+        set replacemsg-group ''
+        set spam-log enable
+        set spam-filtering disable
+        unset options
+        config imap
+            set log-all disable
+        end
+        config pop3
+            set log-all disable
+        end
+        config smtp
+            set log-all disable
+        end
+        config msn-hotmail
+            set log-all disable
+        end
+        config gmail
+            set log-all disable
+        end
+        set spam-bword-threshold 10
+        unset spam-bword-table
+        unset spam-bal-table
+        unset spam-mheader-table
+        unset spam-iptrust-table
+    next
+    edit "sniffer-profile"
+        set comment "Malware and phishing URL monitoring."
+        set replacemsg-group ''
+        set spam-log enable
+        set spam-filtering disable
+        unset options
+        config imap
+            set log-all disable
+        end
+        config pop3
+            set log-all disable
+        end
+        config smtp
+            set log-all disable
+        end
+        config msn-hotmail
+            set log-all disable
+        end
+        config gmail
+            set log-all disable
+        end
+        set spam-bword-threshold 10
+        unset spam-bword-table
+        unset spam-bal-table
+        unset spam-mheader-table
+        unset spam-iptrust-table
+    next
+end
+config virtual-patch profile
+    edit "g-default"
+        set comment ''
+        set severity info low medium high critical
+        set action block
+        set log enable
+    next
+end
+config wanopt settings
+    set host-id "default-id"
+    set tunnel-ssl-algorithm high
+    set auto-detect-algorithm simple
+    set tunnel-optimization balanced
+end
+config wanopt peer
+end
+config wanopt auth-group
+end
+config wanopt profile
+    edit "default"
+        set transparent enable
+        set comments "Default WANopt profile."
+        set auth-group ''
+        config http
+            set status disable
+            set secure-tunnel disable
+            set byte-caching enable
+            set ssl disable
+            set prefer-chunking fix
+            set protocol-opt protocol
+            set tunnel-sharing private
+        end
+        config cifs
+            set status disable
+            set secure-tunnel disable
+            set byte-caching enable
+            set prefer-chunking fix
+            set protocol-opt protocol
+            set tunnel-sharing private
+        end
+        config mapi
+            set status disable
+            set secure-tunnel disable
+            set byte-caching enable
+            set tunnel-sharing private
+        end
+        config ftp
+            set status disable
+            set secure-tunnel disable
+            set byte-caching enable
+            set prefer-chunking fix
+            set protocol-opt protocol
+            set tunnel-sharing private
+        end
+        config tcp
+            set status disable
+        end
+    next
+end
+config system speed-test-server
+end
+config log memory setting
+    set status enable
+end
+config log disk setting
+    set status disable
+end
+config log eventfilter
+    set event enable
+    set system enable
+    set vpn enable
+    set user enable
+    set router enable
+    set wireless-activity enable
+    set wan-opt enable
+    set endpoint enable
+    set ha enable
+    set security-rating enable
+    set fortiextender enable
+    set connector enable
+    set sdwan enable
+    set cifs enable
+    set switch-controller enable
+    set webproxy enable
+end
+config log memory filter
+    set severity information
+    set forward-traffic enable
+    set local-traffic enable
+    set multicast-traffic enable
+    set sniffer-traffic enable
+    set ztna-traffic enable
+    set anomaly enable
+    set voip enable
+    set gtp enable
+    set forti-switch enable
+end
+config log disk filter
+    set severity information
+    set forward-traffic enable
+    set local-traffic enable
+    set multicast-traffic enable
+    set sniffer-traffic enable
+    set ztna-traffic enable
+    set anomaly enable
+    set voip enable
+    set dlp-archive enable
+    set gtp enable
+    set forti-switch enable
+end
+config log fortiguard override-setting
+    set override disable
+    set access-config enable
+end
+config log tacacs+accounting setting
+    set status disable
+    set source-ip ''
+    set interface-select-method auto
+end
+config log tacacs+accounting2 setting
+    set status disable
+    set source-ip ''
+    set interface-select-method auto
+end
+config log tacacs+accounting3 setting
+    set status disable
+    set source-ip ''
+    set interface-select-method auto
+end
+config log tacacs+accounting filter
+    set login-audit enable
+    set config-change-audit enable
+    set cli-cmd-audit disable
+end
+config log tacacs+accounting2 filter
+    set login-audit enable
+    set config-change-audit enable
+    set cli-cmd-audit disable
+end
+config log tacacs+accounting3 filter
+    set login-audit enable
+    set config-change-audit enable
+    set cli-cmd-audit disable
+end
+config log null-device setting
+    set status disable
+end
+config log null-device filter
+    set severity information
+    set forward-traffic enable
+    set local-traffic enable
+    set multicast-traffic enable
+    set sniffer-traffic enable
+    set ztna-traffic enable
+    set anomaly enable
+    set voip enable
+    set gtp enable
+    set forti-switch enable
+end
+config log setting
+    set resolve-ip disable
+    set resolve-port enable
+    set log-user-in-upper disable
+    set fwpolicy-implicit-log disable
+    set fwpolicy6-implicit-log disable
+    set extended-log disable
+    set local-in-allow disable
+    set local-in-deny-unicast disable
+    set local-in-deny-broadcast disable
+    set local-out enable
+    set local-out-ioc-detection enable
+    set neighbor-event disable
+    set brief-traffic-format disable
+    set user-anonymize disable
+    set fortiview-weekly-data disable
+    set expolicy-implicit-log disable
+    set log-policy-comment disable
+    set faz-override disable
+    set syslog-override disable
+    set rest-api-set disable
+    set rest-api-get disable
+    set rest-api-performance disable
+    set long-live-session-stat enable
+end
+config log gui-display
+    set resolve-hosts enable
+    set resolve-apps enable
+    set fortiview-unscanned-apps disable
+end
+config system lldp network-policy
+end
+config system pcp-server
+    set status disable
+end
+config firewall schedule onetime
+end
+config firewall schedule recurring
+    edit "always"
+        set start 00:00
+        set end 00:00
+        set day sunday monday tuesday wednesday thursday friday saturday
+        set color 0
+        set fabric-object disable
+    next
+    edit "none"
+        set start 00:00
+        set end 00:00
+        set day none
+        set color 0
+        set fabric-object disable
+    next
+    edit "default-darrp-optimize"
+        set start 01:00
+        set end 01:30
+        set day sunday monday tuesday wednesday thursday friday saturday
+        set color 0
+        set fabric-object disable
+    next
+end
+config firewall schedule group
+end
+config firewall ippool
+end
+config firewall ippool6
+end
+config firewall ldb-monitor
+end
+config firewall vip
+end
+config firewall vip6
+end
+config firewall vipgrp
+end
+config firewall vipgrp6
+end
+config firewall ssh local-key
+    edit "g-Fortinet_SSH_DSA1024"
+        set password ENC cue97VrmrDij1xYw6GDHYrC+lyS1WEn+wupp72CZ/YPArjuqeeCsLluSkPGqbAPnpYfC4zL4d6Jpp9+pPaIf/wEoe9xEt4x72CLdn+bZng/Vwd+el8fOgptvkt5edzZ5UD5KIae5pia6m8P3ioKzJl0+F0mnONeevwUAEe40o9XyHw7Sgwsy7/9ixqYEZ8UhQ+gM6FlmMjY3dkVA
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDfWpFE0i
+XCd0QURSp4tDCxAAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDho
+KqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTq
+a7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq
+7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXk
+jxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFR
+XsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEe
+P+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5
+lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11G
+wlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQAAAHgS/BQuclL3Fmvho5r
+5vjUwzJbyChZhWxkXG3eKGvkshX8YTRtMWlUDLMIPX6RQk2N8dtWdYo2INAYwzOO/nHgVC
+ZoTlNsCF0gWa0vEbOikSBU2wAJpfTZFbBzxUSKcvK7KxCTDJ0LWNLmTypFhxaappjiy2BN
+x8VJDLG21NU7bR86lFhg1/w+OXsRdSBjJpI5ox2raAyPS6we5ezjPm3y2anL5TF4A4AmM5
+F3KkMZluZGBemTxITZJC2RwRXJkPm+93wC7U5ILVsn2J8KJjX5Jqo3flnXjBe3y2s/NJCx
+31d2C/BqPmzgTus1a+xcAk3H7AoLIlkUQ/Kuvmd4ALcBPIOyz1UgoitYpQrxW2yz9LfAfC
+dsMCsCceYbY5oOPJJ8frLbDkbSfDlkQO2AHP+M9+aY7Sc9ehuttvdQ+kopBP4y0v8k6n5F
+rV/GOPkr0rAThvkiCtectOqIh4pOJdWiHV0UCKuzka4kYqda3nIB59SfjrAJU4Fs8Plgr+
+EaZmSp5z429V2X3bZch5VL2L5yzbwU0H7vtzUM/BCNsVHncqyYJeSHc0Q6+KgSuCsr2rvO
+26/sUh9gQ4OBP5WcKZRcjRtGsXy4Cy8Z5OD0JWIrWlTmXZn9IQaPpsaMEJMF52lV
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDhoKqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTqa7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXkjxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFRXsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEeP+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11GwlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQ="
+        set source built-in
+    next
+    edit "g-Fortinet_SSH_ECDSA256"
+        set password ENC loGQ0//E65aKapXzZr3lVoIRtLG3rvxE0tu6PZ5H/NT3sMlOnYsYxZn0DCl+uHi0v07Os09r2xJJHMdJRI/hWJUaWRsOoUOOTeHLZICP7iSTKJX2xij6IfuQi8cv8RvT3GeMFQuDzVJLSzPUr9Es0Qv2ZJUmcxxVqb0wjYK+VTTXsB297h/K4DmKU5zd3GACDN1zXFlmMjY3dkVA
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB5/6e7jl
+Mch9M+27aUJHDlAAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
+dHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvK
+y7MHqF8ARHi1glc6RSoarryTUQuCIAAACgkK+gYlQYEjpNKQ3JDiggWfHFxRdEL8J/6GZK
+P/yWY3iwinZj3eg+3XFwyGgbN74kRJLlrbVCkzWkgsTRIce4gVqvD41EvyAv8IrnvqlSgV
+KKhqvOYrICP1ES9y4himR5YrsbHvSaiSCCipl4ohdo8EkA1XuGFaRiWHBoN+J+9YskDuhe
+QNVOZyHrEWqSqVCbiyNDii1wdNYqIQJTkxVWGQ==
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvKy7MHqF8ARHi1glc6RSoarryTUQuCI="
+        set source built-in
+    next
+    edit "g-Fortinet_SSH_ECDSA384"
+        set password ENC 64lnM0LLwl47vRsu+3cbHW/lKpMBXtGgSWBxES9jKyvfRPa6fPFZPg83aypTyVr0wRxv4D5NwrWtzfg94GrjKzRkyiURK7kJZGBlbpli+7BNLIxlGxSmQ8wCjRv+qRTAITII10Xx4abWLmKUXYc2Iv0JmYqnIkdBoNX2Ck+B4keEoMF3iBoHZUi6dsqDP08zmHbq31lmMjY3dkVA
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABD6FGSydb
+MfCfEkjYSDilDQAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
+dHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMj
+U5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXx
+dgAAANCDHSic3ugGkKXrzCRCN4F9+HiSwqQdY+p6vgp4eoW8VbSFvlSOwCJ0YCiUJtfbBt
+w5njw5GMczncUHPNb7z90o9bv6KoSmlEHeXfFoPKl189RWx93tYuKlh87wYucskyv8QgR8
+6jnKX2rSmnjytvCOHahd+dSTOg5zwXzZUBSe69NXYrm7IUV+MUJnqA/wQfUu9gLNqjgEmR
+DkKTxwKb8V778U+acbEaCTglnZSw1Ci036r/1CDOpTHNFnC+8zRFFtn5XW6A2fWfSLYEtU
+GanS
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMjU5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXxdg=="
+        set source built-in
+    next
+    edit "g-Fortinet_SSH_ECDSA521"
+        set password ENC GN3i3kgc8BZa7EGw/8PTqn0ZXMeL5osP1bUlumOQa9Wx9MAIosubB+xCBPvoEAo2XRAQKA7gwbCChdvqeTuBxTn8vEEGFRWp3ixgLEzH0ZEFXXzbaX/e+Hoe5pn5cOQA2Ti4J+Z4eRRdJnbMFovLA6jekvzG6BWBIHEzQFL2jQ2XXpP0xIc+33mamjJ40Ir4NXLxQ1lmMjY3dkVA
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDvliYNGu
+EFZjQlDTBzJmi5AAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
+dHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdF
+t5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+K
+HPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RAAAAQABILIpSeVN/21mCe
+eVUgOLmNu2sYRE/pHxZoKsC1BpjGNQWvg78hJ+cpll5cP4ihueTkQ+fgA+0uxO6nEtACEN
+3shPq5zr/OK3JdTlS9NorQjuFv6CMVsP8duQws9NSrt2LJvneAXMN4m31gkVRtmOAFrUBA
+xjViicvdDNxV+Sqz6cxnmRe2zMobQkjVKPOu5WpOVFeRmrjUSoPwrR/28cPHFF6IsdONA1
+BdX7QWIzC9rJrfgET9JRlv7s0oDJWQyqHV8S84TDvTZPnot4pkNAVDr0qJGPoWjCPbMxgD
+jhfbcs7CfjvNT4zfbw30BxniJGjv/WFKDyljfkcNgS9Qgm
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdFt5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+KHPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RA=="
+        set source built-in
+    next
+    edit "g-Fortinet_SSH_ED25519"
+        set password ENC t4lHstR0OokgZuMx1LN2gEsAepShDhQom0SSid2dIJBFFicPXk6/7BFFBJuOHOPyA9zTPZDt30h/u7ocWJ05ZwDtEFg1IwhWMKhT1ylLSGt7U/M/IPTxid29YPLgCBKdmt++WyKIzzWcQPKU8UILYgGaah/UezBi/aOesekS9H9UpvJQkqEV9vvu5WK2n68+2TDUi1lmMjY3dkVA
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCypLFkwZ
+tKzdWm6jAo4HMxAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd
+3JUEAvHnugjOGiXz5Puxg/8YfanOAAAAkKGif1mZ2Ci/8Ty3MdUpzVXkVMImU2SyLcQtb2
+zaVVssBq/jtlETxJaMwWR6xOhrVDvIxLzkDnZFsZYsVu1HGOJqk0/CfOTS4VkLxvx10Wro
+gXf/Unv0w7HlUX+hl193A6XuAiSjjRR4TPGfmYrEXMXJ6wS2yLQ9cOfAh2WjfScuZ2dA/f
+II2QDrxxeV8140nA==
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd3JUEAvHnugjOGiXz5Puxg/8YfanO"
+        set source built-in
+    next
+    edit "g-Fortinet_SSH_RSA2048"
+        set password ENC bFq6eR6KKOaaUsKle4m8EvoAKv50O0CESHZubFBJ5GzgcCbxFz2Zl2HYBVtfSOi+7vpl0ESy0NmAHfrSGvnpoQvEsesMDodNw5Nd0a1ZwD4EOykx4GRKoa1TcvVCohYaJM/kM6uhUK2Gig4EP9ggPAXB4zB+aTuwOJ/3MkPlEhh/urABlHxOezhqznqoZUzbXnjD+VlmMjY3dkVA
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDMArkPec
+zvbzQNQLJ+ZhHHAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhh
+Q5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7
+A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GK
+hFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvC
+HA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8z
+OSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0vAAADwIRR9CJ+uKIOJs
+oMuy1BuqQOC29IhsTIfwkRDQK3qwP9D8k/G1TXuP5oXTb4QGPcx0S7DWvwKb5/ZcV684XN
+LtOWypeXIrV+IexC5ihXDXkUnvKY6Gbgtu9q5VB63p2SDuiDGxeASmWtsJ3TU+RdrZ1O4K
+TTVZ5p8Mb7/AFnbpH+lSJDEHaZ9qw/5EtbKfNTvJhXjnM/R7hfFtUW6lxjy3iv3K88Fv5q
+jOvUfF/ARX+TIQZIFPCcEsH29kt1SVo1sq/8/F+dwDPObCpDh2EBjsu5++NMD4Y6/DdDrz
+Jaqv1wjQHsaFYI8ep1pRvBUMrF2Bx3xpnTvx77qqA8dR/tL/t7LeXFHUkHHsBp0U8PMjlc
+Sx+dMtIAtBg1l6j/cHYmgAyo1ZqqyLUyVim/cwBpHBuM9QORdFUskJskB1F/bwOT7FLNzG
+1ffMFVM3HABlaEMOfgIcwfgerew8RbY/SxdF3uvkZ4J8tnd/srxfGjQXO1FGMge8Hp5gwY
+x+fvsvJFIflQaiB4cqeAUZRGhaIq5ccQA298ndlyigGKupIXqdNyNQkShaeQYkCT2Hf9Y1
+PdhfWfBRF6cFw7ZhdxrzlBHsB6RySGVZOIFHFzFcpbE+u6NNseF7LXZOg9eVOIAYW+qcNz
+Stw1O0DtaZEidODJB7t2bj8Gu+7UhvJsyplqbuj7Ohtfc2retEBn6wC8SgfLbIn1qSR/R3
+foTD8xvac3TQTERVbk4o1UEukRfbRv307kj3UdotxTpRpLVYnW/0QxsGf+CKOnxGimBLiX
+x6IJBjRfr3QdkzwosMbC5Cp5nvIukvySAMoSG4+VEJSR90Wf0/G/705999L/G3sUNNTKWI
+7FsF5/DZENcm0xbrXfzLj3tOFMeE9fcqQEZYLzOyZhqYllU5c34BlhtOt7ygivSaJe2a52
+kQ43vq+VRkjCV501sipDiHeic1/bEOs55ERGB8yh3Ge6PHms5yunZXIpM2Y6GPQ2Rgeq4+
+ZvwVtpFtDnL3BOjlxI27TeXYI0x6DsFWzcgl7ljxjNx9HN0KA3mrodjscrAFeBIxQnjyiR
+mx6VURNltMIYMnNQlXW4FHH7yGXzXYk4ojhHgcgpaDbPHQm5G3/Yok51pPtsQ9J+7m+ehm
+BWLKEE1g7lAiYtI6bBbLQuj9VfeonQkO7aNm8pzY2znIQlNh1SQlXnUF1qdggAEXgsEVIt
+cO2ROJsZFsbT7Dw3tZAkyvotKQ0v2SFwboCHCSWVecx6Q4lSid+C+MsbxO1xlEHwNDq17T
+G8Wu6e8A==
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhhQ5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GKhFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvCHA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8zOSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0v"
+        set source built-in
+    next
+end
+config firewall ssh local-ca
+    edit "g-Fortinet_SSH_CA"
+        set password ENC 91wqeb9iVGp6nQLS8Xi27AcZtpFrh1sXj5XiNsxzltIAAGn5QWm7xo0zM5P/zrnLdHMQEeH3xITcXZyLK3T42eg69yQ4zr/tj9bn+HxLKI36boKD5k/v2SMY59ANqjNltzYx+HCqsm/tXyq4E+xYLi6CpC4RdrReaC5tNkAyTAzVBorUW+ADjzbVxdrO2EhCBZwt81lmMjY3dkVA
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCyBrOQ1K
+Qw3YmPTDmVPFkpAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAAC
+NC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+U
+ZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGP
+E/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7A
+TB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIa
+Mk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9AAADwM5O35zHniauxJ
+rlIYaSeEQxLsM+X4fapPScsXmQNcmmngwsEgcEZ1YKq8MQENzHOyWw59FYlR9mQPyidwrK
+AbzPVkhnqCDlUBT3GOUrMyfZfuSJmFlH26FCjuXls6Vg4IVRSI99W9hxlbLePvRP94NcgQ
+Hh1vXpUoofhZ6IYt/dob93+fygcR3toCXd2C0EeyP3OXVMGPOnmnEXKliXaimvYpC0csXl
+a7h0taBg5cq9LzkM0ywj9ikKUnkfUKIrqv44Ji+Vgcw8nCRKNsynd9qf578G5FN/VRQ9Ao
+qd9ogC02xXA1HwewhEQYetYd92oGT/neUjfyPWBRNaNdY7lPvQ4OjHeVvS6L2R7zK81AP5
+bQaN3d+fM89jNmcY5KwFxxPHVaGqBZTt0dwT7ET9Z7oo/J4UznUD1a1TK5O4ciy3iDpaWq
+5K55O7cPYyFeR0EJPx9hD1AH9eCzGukHD+KblNRWuSJXTqJSEP62NA+0szxNxCfCp7HZqm
+3iztvJMw/Lx9k9CPnHTsr/0dkocZSZti47Dak7L70BnQC2+KnGkUboddl7Z5eGyBQbtAkS
+IUIlQR7Rv+q+AkqJ36EWnBEVrve7d7TKSdR5pxDet60JJ+yE3cDa/G/IwW00ACC2rS133Y
+FWmMRzZfsZSZ1gQrYiNCUZARKkg7fxnONj0oe+oBZKeYkR+UNejF5vVKQZVPx2fCILZAyn
+J5qenJbZhkmDeVS0fMdoCrmON5wAKvz+WWuGTgJw34vqtvJovJtNno5moJRAWk/RiKYdIo
+X3fFmNPP82dGks7b4A1LGz5qW78zGgOSICVEBRHCMi2MBUsrJ50TwbVNz4jjKP6bYID5vh
+ghM27tO+2GSZHeBt8kRG2qI6aH5IHAKXi8gn+KwqFWtx1Em2KNHW/eMfMkQtD5xnE9F466
+V8Vf9Xe5wltVGE87Bt/IYkVN9wM1XA3p7byitNOXSXw2jwLpG9beWhyV/OzkKKJf0NQ9/v
+mX65nyje4q6+8PKjuRliA5vVMhwK6lxJ6BJBHe6/fd7IjDflm7JMNZc6bLwaeJHbLWlFqC
+4kwtt9SV5YcFDGOn2my/bTrAchhOfOXf+0gk63yVRrQq1kJDqn/lqytJGS5a1YvqsMJ4OS
+W9qQMQY0nzMxkLaNB9Q9G9uVgyDDAsye1yg1bL24CrOT4pNf1JeNlqawNkVj2jycXzqYPh
+gL1mGUSGlPfBVKg4359Ml3rY0bykjU5xXrguyKv95ShhctAilSQY4tg40cOeoMbCg2Hiji
+iYxK2n0w==
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAACNC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+UZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGPE/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7ATB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIaMk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9"
+        set source built-in
+    next
+    edit "g-Fortinet_SSH_CA_Untrusted"
+        set password ENC JS/lNy/QJ8BYBVTRTn1EG5W/E1HNHjPXj+KBywrRvnydngk5BdOdHO+cDFI2SXnUXlcZScStfjTUO6fhmo1D5H4qJY6vbjk+QTmn3Q01YTLCArUS7eJe/a4eBg25YA1YfIG2C/5Dx9uArzokotHASHixJPXUM0NYwAwvs4QjyY1elee0cTeVeG8xV473Y5HjH0sCWFlmMjY3dkVA
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDOK7jymL
+y7LiXsSxCZXuzqAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9
+RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lE
+ZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eU
+iw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFG
+Xi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mv
+NVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZlAAADwBFA5WgGixZgZA
+aGWDArT5DTEdJ5cnxDdPIU7m7Dj49Na89+BEtuNf/Pjy3FJgzvpcrOvifVK6bmOyn8m6/R
+CCztKhOmNrT0MQVo2Ja8hY9UmVjxkNMB0uGzaNGj+p36qavDzRN1wAuZ75FY4FkqLmGYBq
+AyZIUD30kt+veMQz947ctIEWbQjf+GZwu4UCD0o4g3MvyRsdXUuYOHFE8xn8Ug1n1OtquR
+cqHpCWAe9aK+OcjWvIXg0UrD6GRQbSSw3uoLhapAP1vsMiLfMT/dBUt9Dstcc+S42lZI1q
+JJ4yILP4mdT24ND2itnV+XRRxOg831SECvSMTzc63hhGJFBWYQi86ibxuUgzZc2aH+KRUP
+rDedCTNsZPif5K3Mjn4PK0thYdsZ2srwMtv6rQ8mcIoF9G8XUR3JjekxI/gHrHpFKvWccc
+YCjmEaV45cfwzvN8Vca8mRFncngvQOBEfshU0LGoNZ8VX60IQEyT334tKUv6hiThPOQWnp
+stS/MJtEyLjGbu+0ibZHg+3hCvSRrexUSnJFHrOAEoz1k0TK6tkw8hcF1Jxlu3WuxaL9YK
+tKas//Hs4LTD9r9r/smvSbKi+zb8aP3pacBNCu6Yup1vYCpf/AnxD5CCdq4zmxFT2W5WYb
+rp7tGQjbc3aB7G0zshIk9Biwuu9h/lMIYnzNlvpMouxFM/TTO2STSgKw0+mURFqxQ6kYqF
+YDRmM7pANd9Usg2Hcd/x7CaYmVz+cwkC7dOH9/+FUdtnG05aab9gUv8ySChhPDm84WvLtQ
+ZEkBp15qiOsQjWVk2ei0V0gIjRiS2S2FRLBrM2iueE1GyD8Alm5ztwgmdA17np7iE871wl
+NvzzWxc0KjVHesLlV44RLbw1VD60uUld4jvSaEY9oTILAMFx285Uy53Il8+sWntWvIlQu6
+FjMEIBY8iSd2DWMm4zcVh/qpEyEUv0UjeFlcu7bPqE18aX3V2jV+9G3/a6ms4kqmvfb2RT
++jR/zeg1gE288KRaw7FqNEoP+Wco8jt0q7jo/q963GEgdPG6WOWHz9LfIYouOJPpDSca11
+pFBg29f0rOjynuYmvzZOdUrgrbaZZSprEzdzPJmSOpV6u0VNjuroaN+soU48KEGqJQvHor
+g7H0jRqdNjJbfQcE50Dv5SeZAVmEkvD/nKTqWs77wGzv+OxhY8JS08alQgRINioyCjY/LW
++xR/ydrBw5jsgugYvC3Vd7rZi0oIO0H6Lpa/crJWXf0+u5qd6unckJtWT5tPyZvNwVfXsn
+bhw7G+OA==
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lEZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eUiw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFGXi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mvNVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZl"
+        set source built-in
+    next
+end
+config firewall ssh setting
+    set caname "g-Fortinet_SSH_CA"
+    set untrusted-caname "g-Fortinet_SSH_CA_Untrusted"
+    set hostkey-rsa2048 "g-Fortinet_SSH_RSA2048"
+    set hostkey-dsa1024 "g-Fortinet_SSH_DSA1024"
+    set hostkey-ecdsa256 "g-Fortinet_SSH_ECDSA256"
+    set hostkey-ecdsa384 "g-Fortinet_SSH_ECDSA384"
+    set hostkey-ecdsa521 "g-Fortinet_SSH_ECDSA521"
+    set hostkey-ed25519 "g-Fortinet_SSH_ED25519"
+    set host-trusted-checking enable
+end
+config firewall ssh host-key
+end
+config firewall decrypted-traffic-mirror
+end
+config firewall access-proxy-virtual-host
+end
+config firewall access-proxy-ssh-client-cert
+end
+config firewall access-proxy
+end
+config firewall access-proxy6
+end
+config firewall ipmacbinding setting
+    set bindthroughfw disable
+    set bindtofw disable
+end
+config firewall ipmacbinding table
+end
+config firewall profile-protocol-options
+    edit "default"
+        set comment "All default services."
+        set replacemsg-group ''
+        set oversize-log disable
+        set switching-protocols-log disable
+        config http
+            set ports 80
+            set status enable
+            set inspect-all disable
+            set proxy-after-tcp-handshake disable
+            unset options
+            set comfort-interval 10
+            set comfort-amount 1
+            set range-block disable
+            set strip-x-forwarded-for disable
+            unset post-lang
+            set streaming-content-bypass enable
+            set switching-protocols bypass
+            set unknown-http-version reject
+            set tunnel-non-http enable
+            set h2c disable
+            set unknown-content-encoding block
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set stream-based-uncompressed-limit 0
+            set scan-bzip2 enable
+            set verify-dns-for-policy-matching enable
+            set block-page-status-code 403
+            set retry-count 0
+            set tcp-window-type auto-tuning
+            set ssl-offloaded no
+            set address-ip-rating enable
+        end
+        config ftp
+            set ports 21
+            set status enable
+            set inspect-all disable
+            set options splice
+            set comfort-interval 10
+            set comfort-amount 1
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set stream-based-uncompressed-limit 0
+            set scan-bzip2 enable
+            set tcp-window-type auto-tuning
+            set ssl-offloaded no
+            set explicit-ftp-tls disable
+        end
+        config imap
+            set ports 143
+            set status enable
+            set inspect-all disable
+            set proxy-after-tcp-handshake disable
+            set options fragmail
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set scan-bzip2 enable
+            set ssl-offloaded no
+        end
+        config mapi
+            set ports 135
+            set status enable
+            set options fragmail
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set scan-bzip2 enable
+        end
+        config pop3
+            set ports 110
+            set status enable
+            set inspect-all disable
+            set proxy-after-tcp-handshake disable
+            set options fragmail
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set scan-bzip2 enable
+            set ssl-offloaded no
+        end
+        config smtp
+            set ports 25
+            set status enable
+            set inspect-all disable
+            set proxy-after-tcp-handshake disable
+            set options fragmail splice
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set scan-bzip2 enable
+            set server-busy disable
+            set ssl-offloaded no
+        end
+        config nntp
+            set ports 119
+            set status enable
+            set inspect-all disable
+            set proxy-after-tcp-handshake disable
+            set options splice
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set scan-bzip2 enable
+        end
+        config ssh
+            unset options
+            set comfort-interval 10
+            set comfort-amount 1
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set stream-based-uncompressed-limit 0
+            set scan-bzip2 enable
+            set tcp-window-type auto-tuning
+            set ssl-offloaded no
+        end
+        config dns
+            set ports 53
+            set status enable
+        end
+        config cifs
+            set ports 445
+            set status enable
+            unset options
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set scan-bzip2 enable
+            set tcp-window-type auto-tuning
+            set server-credential-type none
+        end
+        config mail-signature
+            set status disable
+            set signature ''
+        end
+        set rpc-over-http disable
+    next
+end
+config firewall ssl-ssh-profile
+    edit "certificate-inspection"
+        set comment "Read-only SSL handshake inspection profile."
+        config ssl
+            set inspect-all disable
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+        end
+        config https
+            set ports 443
+            set status certificate-inspection
+            set quic inspect
+            set proxy-after-tcp-handshake disable
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set sni-server-cert-check enable
+            set cert-probe-failure block
+            set encrypted-client-hello block
+        end
+        config ftps
+            set status disable
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config imaps
+            set status disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config pop3s
+            set status disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config smtps
+            set status disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config ssh
+            set ports 22
+            set status disable
+            set inspect-all disable
+            set unsupported-version bypass
+            set ssh-tun-policy-check disable
+            set ssh-algorithm compatible
+        end
+        config dot
+            set status disable
+            set quic inspect
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        set block-blocklisted-certificates enable
+        set caname "Fortinet_CA_SSL"
+        set ssl-anomaly-log enable
+        set ssl-negotiation-log enable
+        set ssl-server-cert-log disable
+        set ssl-handshake-log disable
+    next
+    edit "deep-inspection"
+        set comment "Read-only deep inspection profile."
+        config ssl
+            set inspect-all disable
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+        end
+        config https
+            set ports 443
+            set status deep-inspection
+            set quic inspect
+            set proxy-after-tcp-handshake disable
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set sni-server-cert-check enable
+            set cert-probe-failure block
+            set min-allowed-ssl-version tls-1.1
+        end
+        config ftps
+            set ports 990
+            set status deep-inspection
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set min-allowed-ssl-version tls-1.1
+        end
+        config imaps
+            set ports 993
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config pop3s
+            set ports 995
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config smtps
+            set ports 465
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config ssh
+            set ports 22
+            set status disable
+            set inspect-all disable
+            set unsupported-version bypass
+            set ssh-tun-policy-check disable
+            set ssh-algorithm compatible
+        end
+        config dot
+            set status disable
+            set quic inspect
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        set allowlist disable
+        set block-blocklisted-certificates enable
+        config ssl-exempt
+            edit 1
+                set type fortiguard-category
+                set fortiguard-category 31
+            next
+            edit 2
+                set type fortiguard-category
+                set fortiguard-category 33
+            next
+            edit 3
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-adobe"
+            next
+            edit 4
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Adobe Login"
+            next
+            edit 5
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-android"
+            next
+            edit 6
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-apple"
+            next
+            edit 7
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-appstore"
+            next
+            edit 8
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-auth.gfx.ms"
+            next
+            edit 9
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-citrix"
+            next
+            edit 10
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-dropbox.com"
+            next
+            edit 11
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-eease"
+            next
+            edit 12
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-firefox update server"
+            next
+            edit 13
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-fortinet"
+            next
+            edit 14
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-googleapis.com"
+            next
+            edit 15
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-drive"
+            next
+            edit 16
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play2"
+            next
+            edit 17
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play3"
+            next
+            edit 18
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Gotomeeting"
+            next
+            edit 19
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-icloud"
+            next
+            edit 20
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-itunes"
+            next
+            edit 21
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-microsoft"
+            next
+            edit 22
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-skype"
+            next
+            edit 23
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-softwareupdate.vmware.com"
+            next
+            edit 24
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-verisign"
+            next
+            edit 25
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Windows update 2"
+            next
+            edit 26
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-live.com"
+            next
+            edit 27
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play"
+            next
+            edit 28
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-update.microsoft.com"
+            next
+            edit 29
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-swscan.apple.com"
+            next
+            edit 30
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-autoupdate.opera.com"
+            next
+            edit 31
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-cdn-apple"
+            next
+            edit 32
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-mzstatic-apple"
+            next
+        end
+        set server-cert-mode re-sign
+        set caname "Fortinet_CA_SSL"
+        set untrusted-caname "Fortinet_CA_Untrusted"
+        set ssl-exemption-ip-rating enable
+        set ssl-exemption-log disable
+        set ssl-anomaly-log enable
+        set ssl-negotiation-log enable
+        set ssl-server-cert-log disable
+        set ssl-handshake-log disable
+        set rpc-over-https disable
+        set mapi-over-https disable
+        set supported-alpn all
+        set use-ssl-server disable
+    next
+    edit "custom-deep-inspection"
+        set comment "Customizable deep inspection profile."
+        config ssl
+            set inspect-all disable
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+        end
+        config https
+            set ports 443
+            set status deep-inspection
+            set quic inspect
+            set proxy-after-tcp-handshake disable
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set sni-server-cert-check enable
+            set cert-probe-failure block
+            set min-allowed-ssl-version tls-1.1
+        end
+        config ftps
+            set ports 990
+            set status deep-inspection
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set min-allowed-ssl-version tls-1.1
+        end
+        config imaps
+            set ports 993
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config pop3s
+            set ports 995
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config smtps
+            set ports 465
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config ssh
+            set ports 22
+            set status disable
+            set inspect-all disable
+            set unsupported-version bypass
+            set ssh-tun-policy-check disable
+            set ssh-algorithm compatible
+        end
+        config dot
+            set status disable
+            set quic inspect
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        set allowlist disable
+        set block-blocklisted-certificates enable
+        config ssl-exempt
+            edit 1
+                set type fortiguard-category
+                set fortiguard-category 31
+            next
+            edit 2
+                set type fortiguard-category
+                set fortiguard-category 33
+            next
+            edit 3
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-adobe"
+            next
+            edit 4
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Adobe Login"
+            next
+            edit 5
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-android"
+            next
+            edit 6
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-apple"
+            next
+            edit 7
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-appstore"
+            next
+            edit 8
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-auth.gfx.ms"
+            next
+            edit 9
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-citrix"
+            next
+            edit 10
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-dropbox.com"
+            next
+            edit 11
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-eease"
+            next
+            edit 12
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-firefox update server"
+            next
+            edit 13
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-fortinet"
+            next
+            edit 14
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-googleapis.com"
+            next
+            edit 15
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-drive"
+            next
+            edit 16
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play2"
+            next
+            edit 17
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play3"
+            next
+            edit 18
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Gotomeeting"
+            next
+            edit 19
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-icloud"
+            next
+            edit 20
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-itunes"
+            next
+            edit 21
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-microsoft"
+            next
+            edit 22
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-skype"
+            next
+            edit 23
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-softwareupdate.vmware.com"
+            next
+            edit 24
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-verisign"
+            next
+            edit 25
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Windows update 2"
+            next
+            edit 26
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-live.com"
+            next
+            edit 27
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play"
+            next
+            edit 28
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-update.microsoft.com"
+            next
+            edit 29
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-swscan.apple.com"
+            next
+            edit 30
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-autoupdate.opera.com"
+            next
+            edit 31
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-cdn-apple"
+            next
+            edit 32
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-mzstatic-apple"
+            next
+        end
+        set server-cert-mode re-sign
+        set caname "Fortinet_CA_SSL"
+        set untrusted-caname "Fortinet_CA_Untrusted"
+        set ssl-exemption-ip-rating enable
+        set ssl-exemption-log disable
+        set ssl-anomaly-log enable
+        set ssl-negotiation-log enable
+        set ssl-server-cert-log disable
+        set ssl-handshake-log disable
+        set rpc-over-https disable
+        set mapi-over-https disable
+        set supported-alpn all
+        set use-ssl-server disable
+    next
+    edit "no-inspection"
+        set comment "Read-only profile that does no inspection."
+        config ssl
+            set inspect-all disable
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+        end
+        config https
+            set status disable
+            set quic bypass
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set sni-server-cert-check enable
+        end
+        config ftps
+            set status disable
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config imaps
+            set status disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config pop3s
+            set status disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config smtps
+            set status disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config ssh
+            set ports 22
+            set status disable
+            set inspect-all disable
+            set unsupported-version bypass
+            set ssh-tun-policy-check disable
+            set ssh-algorithm compatible
+        end
+        config dot
+            set status disable
+            set quic bypass
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        set block-blocklisted-certificates enable
+        set caname "Fortinet_CA_SSL"
+        set ssl-anomaly-log enable
+        set ssl-negotiation-log enable
+        set ssl-server-cert-log disable
+        set ssl-handshake-log disable
+    next
+end
+config waf profile
+    edit "default"
+        set external disable
+        set extended-log disable
+        config signature
+            config main-class 100000000
+                set status disable
+                set action block
+                set log enable
+                set severity high
+            end
+            config main-class 20000000
+                set status disable
+                set action allow
+                set log enable
+                set severity medium
+            end
+            config main-class 30000000
+                set status enable
+                set action block
+                set log enable
+                set severity high
+            end
+            config main-class 40000000
+                set status disable
+                set action allow
+                set log enable
+                set severity medium
+            end
+            config main-class 50000000
+                set status enable
+                set action block
+                set log enable
+                set severity high
+            end
+            config main-class 60000000
+                set status disable
+                set action allow
+                set log enable
+                set severity medium
+            end
+            config main-class 70000000
+                set status enable
+                set action block
+                set log enable
+                set severity high
+            end
+            config main-class 80000000
+                set status enable
+                set action allow
+                set log enable
+                set severity low
+            end
+            config main-class 110000000
+                set status enable
+                set action allow
+                set log enable
+                set severity high
+            end
+            config main-class 90000000
+                set status enable
+                set action block
+                set log enable
+                set severity high
+            end
+            set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002
+            set credit-card-detection-threshold 3
+        end
+        config constraint
+            config header-length
+                set status enable
+                set length 8192
+                set action allow
+                set log enable
+                set severity low
+            end
+            config content-length
+                set status enable
+                set length 67108864
+                set action allow
+                set log enable
+                set severity low
+            end
+            config param-length
+                set status enable
+                set length 8192
+                set action allow
+                set log enable
+                set severity low
+            end
+            config line-length
+                set status enable
+                set length 1024
+                set action allow
+                set log enable
+                set severity low
+            end
+            config url-param-length
+                set status enable
+                set length 8192
+                set action allow
+                set log enable
+                set severity low
+            end
+            config version
+                set status disable
+                set action allow
+                set log enable
+                set severity medium
+            end
+            config method
+                set status disable
+                set action block
+                set log enable
+                set severity medium
+            end
+            config hostname
+                set status disable
+                set action block
+                set log enable
+                set severity medium
+            end
+            config malformed
+                set status disable
+                set action allow
+                set log enable
+                set severity medium
+            end
+            config max-cookie
+                set status enable
+                set max-cookie 16
+                set action allow
+                set log enable
+                set severity low
+            end
+            config max-header-line
+                set status enable
+                set max-header-line 32
+                set action allow
+                set log enable
+                set severity low
+            end
+            config max-url-param
+                set status enable
+                set max-url-param 16
+                set action allow
+                set log enable
+                set severity low
+            end
+            config max-range-segment
+                set status enable
+                set max-range-segment 5
+                set action allow
+                set log enable
+                set severity high
+            end
+        end
+        config method
+            set status disable
+            set log disable
+            set severity medium
+            unset default-allowed-methods
+        end
+        config address-list
+            set status disable
+            set blocked-log disable
+            set severity medium
+        end
+        set comment ''
+    next
+end
+config firewall ssl-server
+end
+config casb saas-application
+end
+config casb user-activity
+end
+config casb profile
+    edit "default"
+        set comment ''
+    next
+end
+config firewall profile-group
+end
+config firewall identity-based-route
+end
+config firewall auth-portal
+    set portal-addr ''
+    set portal-addr6 ''
+    set identity-based-route ''
+    set proxy-auth disable
+end
+config firewall security-policy
+end
+config firewall policy
+    edit 1
+        set status enable
+        set name "Default"
+        set uuid bdf03fc8-3520-51ed-3963-cb429fce01ab
+        set srcintf "any"
+        set dstintf "any"
+        set nat64 disable
+        set nat46 disable
+        set ztna-status disable
+        set srcaddr "all"
+        set dstaddr "all"
+        set srcaddr6 "all"
+        set dstaddr6 "all"
+        set internet-service disable
+        set internet-service-src disable
+        set internet-service6 disable
+        set internet-service6-src disable
+        set service "ALL"
+        set dynamic-shaping disable
+        set passive-wan-health-measurement disable
+        set ssl-ssh-profile "certificate-inspection"
+        set auto-asic-offload enable
+        set pcp-outbound disable
+        set pcp-inbound disable
+        set session-ttl 0
+        set fec disable
+        set diffserv-copy disable
+        set diffserv-forward disable
+        set diffserv-reverse disable
+        set tcp-mss-sender 0
+        set tcp-mss-receiver 0
+        set comments ''
+        set srcaddr-negate disable
+        set srcaddr6-negate disable
+        set dstaddr-negate disable
+        set dstaddr6-negate disable
+        set service-negate disable
+    next
+end
+config firewall shaping-policy
+end
+config firewall shaping-profile
+end
+config firewall local-in-policy
+end
+config firewall local-in-policy6
+end
+config firewall ttl-policy
+end
+config firewall dnstranslation
+end
+config firewall multicast-policy
+end
+config firewall multicast-policy6
+end
+config firewall interface-policy
+end
+config firewall interface-policy6
+end
+config firewall DoS-policy
+end
+config firewall DoS-policy6
+end
+config firewall sniffer
+end
+config firewall on-demand-sniffer
+end
+config firewall acl
+end
+config firewall acl6
+end
+config firewall central-snat-map
+end
+config firewall ip-translation
+end
+config authentication scheme
+end
+config authentication rule
+end
+config authentication setting
+    set active-auth-scheme ''
+    set sso-auth-scheme ''
+    set update-time 0000-00-00 00:00:00
+    set persistent-cookie enable
+    set ip-auth-cookie disable
+    set cookie-max-age 480
+    set cookie-refresh-div 2
+    set captive-portal-type fqdn
+    set captive-portal ''
+    set captive-portal6 ''
+    set cert-auth disable
+    set captive-portal-port 7830
+    set auth-https enable
+    set captive-portal-ssl-port 7831
+end
+config system speed-test-schedule
+end
+config switch-controller switch-interface-tag
+end
+config switch-controller 802-1X-settings
+    set link-down-auth set-unauth
+    set reauth-period 60
+    set max-reauth-attempt 3
+    set tx-period 30
+    set mab-reauth disable
+    set mac-username-delimiter hyphen
+    set mac-password-delimiter hyphen
+    set mac-calling-station-delimiter hyphen
+    set mac-called-station-delimiter hyphen
+    set mac-case lowercase
+end
+config switch-controller security-policy 802-1X
+    edit "802-1X-policy-default"
+        set security-mode 802.1X
+        set user-group "SSO_Guest_Users"
+        set mac-auth-bypass disable
+        set open-auth disable
+        set eap-passthru enable
+        set eap-auto-untagged-vlans enable
+        set guest-vlan disable
+        set guest-auth-delay 30
+        set auth-fail-vlan disable
+        set framevid-apply enable
+        set radius-timeout-overwrite disable
+        set policy-type 802.1X
+        set authserver-timeout-vlan disable
+        set dacl disable
+    next
+end
+config switch-controller security-policy local-access
+    edit "default"
+        set mgmt-allowaccess https ping ssh
+        set internal-allowaccess https ping ssh
+    next
+end
+config switch-controller location
+end
+config switch-controller lldp-settings
+    set tx-hold 4
+    set tx-interval 30
+    set fast-start-interval 2
+    set management-interface internal
+    set device-detection enable
+end
+config switch-controller lldp-profile
+    edit "default"
+        set med-tlvs inventory-management network-policy location-identification
+        unset 802.1-tlvs
+        unset 802.3-tlvs
+        set auto-isl disable
+        config med-network-policy
+            edit "voice"
+                set status disable
+            next
+            edit "voice-signaling"
+                set status disable
+            next
+            edit "guest-voice"
+                set status disable
+            next
+            edit "guest-voice-signaling"
+                set status disable
+            next
+            edit "softphone-voice"
+                set status disable
+            next
+            edit "video-conferencing"
+                set status disable
+            next
+            edit "streaming-video"
+                set status disable
+            next
+            edit "video-signaling"
+                set status disable
+            next
+        end
+        config med-location-service
+            edit "coordinates"
+                set status disable
+            next
+            edit "address-civic"
+                set status disable
+            next
+            edit "elin-number"
+                set status disable
+            next
+        end
+    next
+    edit "default-auto-isl"
+        unset med-tlvs
+        unset 802.1-tlvs
+        unset 802.3-tlvs
+        set auto-isl enable
+        set auto-isl-hello-timer 3
+        set auto-isl-receive-timeout 60
+        set auto-isl-port-group 0
+        set auto-mclag-icl disable
+        set auto-isl-auth legacy
+    next
+    edit "default-auto-mclag-icl"
+        unset med-tlvs
+        unset 802.1-tlvs
+        unset 802.3-tlvs
+        set auto-isl enable
+        set auto-isl-hello-timer 3
+        set auto-isl-receive-timeout 60
+        set auto-isl-port-group 0
+        set auto-mclag-icl enable
+        set auto-isl-auth legacy
+    next
+end
+config switch-controller qos dot1p-map
+    edit "voice-dot1p"
+        set description ''
+        set egress-pri-tagging disable
+        set priority-0 queue-4
+        set priority-1 queue-4
+        set priority-2 queue-3
+        set priority-3 queue-2
+        set priority-4 queue-3
+        set priority-5 queue-1
+        set priority-6 queue-2
+        set priority-7 queue-2
+    next
+end
+config switch-controller qos ip-dscp-map
+    edit "voice-dscp"
+        set description ''
+        config map
+            edit "1"
+                set cos-queue 1
+                set value 46
+            next
+            edit "2"
+                set cos-queue 2
+                set value 24,26,48,56
+            next
+            edit "5"
+                set cos-queue 3
+                set value 34
+            next
+        end
+    next
+end
+config switch-controller qos queue-policy
+    edit "default"
+        set schedule round-robin
+        set rate-by kbps
+        config cos-queue
+            edit "queue-0"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-1"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-2"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-3"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-4"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-5"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-6"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-7"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+        end
+    next
+    edit "voice-egress"
+        set schedule weighted
+        set rate-by kbps
+        config cos-queue
+            edit "queue-0"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-1"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 0
+            next
+            edit "queue-2"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 6
+            next
+            edit "queue-3"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 37
+            next
+            edit "queue-4"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 12
+            next
+            edit "queue-5"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-6"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-7"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+        end
+    next
+end
+config switch-controller qos qos-policy
+    edit "default"
+        set default-cos 0
+        set trust-dot1p-map ''
+        set trust-ip-dscp-map ''
+        set queue-policy "default"
+    next
+    edit "voice-qos"
+        set default-cos 0
+        set trust-dot1p-map "voice-dot1p"
+        set trust-ip-dscp-map "voice-dscp"
+        set queue-policy "voice-egress"
+    next
+end
+config switch-controller storm-control-policy
+    edit "default"
+        set description "default storm control on all port"
+        set storm-control-mode global
+    next
+    edit "auto-config"
+        set description "storm control policy for fortilink-isl-icl port"
+        set storm-control-mode disabled
+    next
+end
+config switch-controller auto-config policy
+    edit "pse"
+        set qos-policy "default"
+        set storm-control-policy "auto-config"
+        set poe-status enable
+        set igmp-flood-report disable
+        set igmp-flood-traffic disable
+    next
+    edit "default"
+        set qos-policy "default"
+        set storm-control-policy "auto-config"
+        set poe-status enable
+        set igmp-flood-report disable
+        set igmp-flood-traffic disable
+    next
+    edit "default-icl"
+        set qos-policy "default"
+        set storm-control-policy "auto-config"
+        set poe-status disable
+        set igmp-flood-report enable
+        set igmp-flood-traffic enable
+    next
+end
+config switch-controller auto-config default
+    set fgt-policy "default"
+    set isl-policy "default"
+    set icl-policy "default-icl"
+end
+config switch-controller auto-config custom
+end
+config switch-controller initial-config template
+    edit "_default"
+        set vlanid 1
+        unset allowaccess
+        set dhcp-server disable
+    next
+    edit "quarantine"
+        set vlanid 4093
+        unset allowaccess
+        set auto-ip enable
+        set dhcp-server enable
+    next
+    edit "rspan"
+        set vlanid 4092
+        unset allowaccess
+        set auto-ip enable
+        set dhcp-server enable
+    next
+    edit "voice"
+        set vlanid 4091
+        unset allowaccess
+        set dhcp-server disable
+    next
+    edit "video"
+        set vlanid 4090
+        unset allowaccess
+        set dhcp-server disable
+    next
+    edit "onboarding"
+        set vlanid 4089
+        unset allowaccess
+        set dhcp-server disable
+    next
+    edit "nac_segment"
+        set vlanid 4088
+        unset allowaccess
+        set auto-ip enable
+        set dhcp-server enable
+    next
+end
+config switch-controller initial-config vlans
+    set default-vlan "_default"
+    set quarantine "quarantine"
+    set rspan "rspan"
+    set voice "voice"
+    set video "video"
+    set nac "onboarding"
+    set nac-segment "nac_segment"
+end
+config switch-controller switch-profile
+    edit "default"
+        set login-passwd-override disable
+        set login enable
+        set revision-backup-on-logout disable
+        set revision-backup-on-upgrade disable
+    next
+end
+config switch-controller custom-command
+end
+config switch-controller virtual-port-pool
+end
+config switch-controller ptp profile
+    edit "default"
+        set description ''
+        set mode transparent-e2e
+    next
+end
+config switch-controller ptp interface-policy
+    edit "default"
+        set description ''
+        set vlan ''
+        set vlan-pri 4
+    next
+end
+config switch-controller vlan-policy
+end
+config switch-controller acl ingress
+end
+config switch-controller acl group
+end
+config switch-controller dynamic-port-policy
+end
+config switch-controller managed-switch
+end
+config switch-controller switch-group
+end
+config switch-controller stp-settings
+    set name ''
+    set revision 0
+    set hello-time 2
+    set forward-time 15
+    set max-age 20
+    set max-hops 20
+end
+config switch-controller stp-instance
+end
+config switch-controller storm-control
+    set rate 500
+    set unknown-unicast disable
+    set unknown-multicast disable
+    set broadcast disable
+end
+config switch-controller global
+    set mac-aging-interval 300
+    set https-image-push enable
+    set vlan-optimization enable
+    set vlan-identity name
+    set mac-retention-period 24
+    set default-virtual-switch-vlan ''
+    set dhcp-server-access-list disable
+    set dhcp-option82-format ascii
+    set dhcp-option82-circuit-id intfname vlan mode
+    set dhcp-option82-remote-id mac
+    set dhcp-snoop-client-req drop-untrusted
+    set dhcp-snoop-client-db-exp 86400
+    set dhcp-snoop-db-per-port-learn-limit 64
+    set log-mac-limit-violations disable
+    set sn-dns-resolution enable
+    set mac-event-logging disable
+    set bounce-quarantined-link disable
+    set quarantine-mode by-vlan
+    set update-user-device mac-cache lldp dhcp-snooping l2-db l3-db
+    set fips-enforce enable
+    set firmware-provision-on-authorization disable
+    set switch-on-deauth no-op
+end
+config switch-controller switch-log
+    set status enable
+    set severity notification
+end
+config switch-controller igmp-snooping
+    set aging-time 300
+    set flood-unknown-multicast disable
+    set query-interval 125
+end
+config switch-controller sflow
+    set collector-ip 0.0.0.0
+    set collector-port 6343
+end
+config switch-controller network-monitor-settings
+    set network-monitoring disable
+end
+config switch-controller flow-tracking
+    set sample-mode perimeter
+    set sample-rate 512
+    set format netflow9
+    set level ip
+    set max-export-pkt-size 512
+    set template-export-period 5
+    set timeout-general 3600
+    set timeout-icmp 300
+    set timeout-max 604800
+    set timeout-tcp 3600
+    set timeout-tcp-fin 300
+    set timeout-tcp-rst 120
+    set timeout-udp 300
+end
+config switch-controller snmp-sysinfo
+    set status disable
+    set engine-id ''
+    set description ''
+    set contact-info ''
+    set location ''
+end
+config switch-controller snmp-trap-threshold
+    set trap-high-cpu-threshold 80
+    set trap-low-memory-threshold 80
+    set trap-log-full-threshold 90
+end
+config switch-controller snmp-community
+end
+config switch-controller snmp-user
+end
+config switch-controller traffic-sniffer
+    set mode erspan-auto
+    set erspan-ip 0.0.0.0
+end
+config switch-controller remote-log
+    edit "syslogd"
+        set status disable
+    next
+    edit "syslogd2"
+        set status disable
+    next
+end
+config switch-controller mac-policy
+end
+config wireless-controller setting
+    set account-id ''
+    set country US
+    set duplicate-ssid disable
+    set fapc-compatibility disable
+    set wfa-compatibility disable
+    set phishing-ssid-detect enable
+    set fake-ssid-action log
+    set device-weight 1
+    set device-holdoff 5
+    set device-idle 1440
+    set firmware-provision-on-authorization disable
+    set rolling-wtp-upgrade disable
+    set darrp-optimize 86400
+    set darrp-optimize-schedules "default-darrp-optimize"
+end
+config wireless-controller log
+    set status enable
+    set addrgrp-log notification
+    set ble-log notification
+    set clb-log notification
+    set dhcp-starv-log notification
+    set led-sched-log notification
+    set radio-event-log notification
+    set rogue-event-log notification
+    set sta-event-log notification
+    set sta-locate-log notification
+    set wids-log notification
+    set wtp-event-log notification
+    set wtp-fips-event-log notification
+end
+config wireless-controller apcfg-profile
+end
+config wireless-controller bonjour-profile
+end
+config wireless-controller arrp-profile
+    edit "arrp-default"
+        set comment ''
+        set selection-period 3600
+        set monitor-period 300
+        set weight-managed-ap 50
+        set weight-rogue-ap 10
+        set weight-noise-floor 40
+        set weight-channel-load 20
+        set weight-spectral-rssi 40
+        set weight-weather-channel 0
+        set weight-dfs-channel 0
+        set threshold-ap 250
+        set threshold-noise-floor "-85"
+        set threshold-channel-load 60
+        set threshold-spectral-rssi "-65"
+        set threshold-tx-retries 300
+        set threshold-rx-errors 50
+        set include-weather-channel enable
+        set include-dfs-channel enable
+        set override-darrp-optimize disable
+    next
+end
+config wireless-controller region
+end
+config wireless-controller vap-group
+end
+config wireless-controller wids-profile
+    edit "default"
+        set comment "Default WIDS profile."
+        set sensor-mode disable
+        set ap-scan enable
+        set ap-bgscan-period 600
+        set ap-bgscan-intv 1
+        set ap-bgscan-duration 20
+        set ap-bgscan-idle 0
+        set ap-bgscan-report-intv 30
+        set ap-fgscan-report-intv 15
+        set ap-scan-passive disable
+        set ap-scan-threshold "-90"
+        set wireless-bridge enable
+        set deauth-broadcast enable
+        set null-ssid-probe-resp enable
+        set long-duration-attack enable
+        set long-duration-thresh 8200
+        set invalid-mac-oui enable
+        set weak-wep-iv enable
+        set auth-frame-flood enable
+        set auth-flood-time 10
+        set auth-flood-thresh 30
+        set assoc-frame-flood enable
+        set assoc-flood-time 10
+        set assoc-flood-thresh 30
+        set spoofed-deauth enable
+        set asleap-attack enable
+        set eapol-start-flood enable
+        set eapol-start-thresh 10
+        set eapol-start-intv 1
+        set eapol-logoff-flood enable
+        set eapol-logoff-thresh 10
+        set eapol-logoff-intv 1
+        set eapol-succ-flood enable
+        set eapol-succ-thresh 10
+        set eapol-succ-intv 1
+        set eapol-fail-flood enable
+        set eapol-fail-thresh 10
+        set eapol-fail-intv 1
+        set eapol-pre-succ-flood enable
+        set eapol-pre-succ-thresh 10
+        set eapol-pre-succ-intv 1
+        set eapol-pre-fail-flood enable
+        set eapol-pre-fail-thresh 10
+        set eapol-pre-fail-intv 1
+        set deauth-unknown-src-thresh 10
+    next
+    edit "default-wids-apscan-enabled"
+        set comment ''
+        set sensor-mode disable
+        set ap-scan enable
+        set ap-bgscan-period 600
+        set ap-bgscan-intv 1
+        set ap-bgscan-duration 20
+        set ap-bgscan-idle 0
+        set ap-bgscan-report-intv 30
+        set ap-fgscan-report-intv 15
+        set ap-scan-passive disable
+        set ap-scan-threshold "-90"
+        set wireless-bridge disable
+        set deauth-broadcast disable
+        set null-ssid-probe-resp disable
+        set long-duration-attack disable
+        set long-duration-thresh 8200
+        set invalid-mac-oui disable
+        set weak-wep-iv disable
+        set auth-frame-flood disable
+        set assoc-frame-flood disable
+        set spoofed-deauth disable
+        set asleap-attack disable
+        set eapol-start-flood disable
+        set eapol-logoff-flood disable
+        set eapol-succ-flood disable
+        set eapol-fail-flood disable
+        set eapol-pre-succ-flood disable
+        set eapol-pre-fail-flood disable
+        set deauth-unknown-src-thresh 10
+    next
+end
+config wireless-controller ble-profile
+    edit "fortiap-discovery"
+        set comment ''
+        set advertising ibeacon eddystone-uid eddystone-url
+        set ibeacon-uuid "wtp-uuid"
+        set major-id 1000
+        set minor-id 2000
+        set eddystone-namespace "0102030405"
+        set eddystone-instance "abcdef"
+        set eddystone-url "http://www.fortinet.com"
+        set txpower 0
+        set beacon-interval 100
+        set ble-scanning disable
+        set scan-type active
+        set scan-threshold "-90"
+    next
+end
+config wireless-controller syslog-profile
+end
+config wireless-controller wtp-profile
+end
+config wireless-controller wtp
+end
+config wireless-controller wtp-group
+end
+config wireless-controller qos-profile
+end
+config wireless-controller wag-profile
+end
+config wireless-controller snmp
+    set engine-id ''
+    set contact-info ''
+    set trap-high-cpu-threshold 80
+    set trap-high-mem-threshold 80
+end
+config wireless-controller mpsk-profile
+end
+config wireless-controller nac-profile
+end
+config wireless-controller ssid-policy
+end
+config wireless-controller access-control-list
+end
+config wireless-controller ap-status
+end
+config user nac-policy
+end
+config extension-controller dataplan
+end
+config extension-controller extender-vap
+end
+config extension-controller extender-profile
+end
+config extension-controller extender
+end
+config extension-controller fortigate-profile
+end
+config extension-controller fortigate
+end
+config system ips
+    set signature-hold-time 0h
+end
+config endpoint-control settings
+    set override disable
+end
+config ips custom
+end
+config ips settings
+    set packet-log-history 1
+    set packet-log-post-attack 0
+    set ips-packet-quota 0
+end
+config alertemail setting
+    set username ''
+    set mailto1 ''
+    set mailto2 ''
+    set mailto3 ''
+    set filter-mode category
+    set email-interval 5
+    set IPS-logs disable
+    set firewall-authentication-failure-logs disable
+    set IPsec-errors-logs disable
+    set PPP-errors-logs disable
+    set sslvpn-authentication-errors-logs disable
+    set antivirus-logs disable
+    set webfilter-logs disable
+    set configuration-changes-logs disable
+    set violation-traffic-logs disable
+    set admin-login-logs disable
+    set log-disk-usage-warning disable
+    set FSSO-disconnect-logs disable
+    set ssh-logs disable
+    set local-disk-usage 75
+end
+config router access-list
+end
+config router access-list6
+end
+config router aspath-list
+end
+config router prefix-list
+end
+config router prefix-list6
+end
+config router key-chain
+end
+config router community-list
+end
+config router extcommunity-list
+end
+config router route-map
+end
+config router rip
+    set default-information-originate disable
+    set default-metric 1
+    set max-out-metric 0
+    config redistribute "connected"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "static"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "ospf"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "bgp"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "isis"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    set update-timer 30
+    set timeout-timer 180
+    set garbage-timer 120
+    set version 2
+end
+config router ripng
+    set default-information-originate disable
+    set default-metric 1
+    set max-out-metric 0
+    config redistribute "connected"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "static"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "ospf"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "bgp"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "isis"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    set update-timer 30
+    set timeout-timer 180
+    set garbage-timer 120
+end
+config router static
+end
+config router policy
+end
+config router policy6
+end
+config router static6
+end
+config router ospf
+    set abr-type standard
+    set auto-cost-ref-bandwidth 1000
+    set distance-external 110
+    set distance-inter-area 110
+    set distance-intra-area 110
+    set database-overflow disable
+    set database-overflow-max-lsas 10000
+    set database-overflow-time-to-recover 300
+    set default-information-originate disable
+    set default-information-metric 10
+    set default-information-metric-type 2
+    set default-information-route-map ''
+    set default-metric 10
+    set distance 110
+    set rfc1583-compatible disable
+    set router-id 0.0.0.0
+    set spf-timers 5 10
+    set bfd disable
+    set log-neighbour-changes enable
+    set distribute-list-in ''
+    set distribute-route-map-in ''
+    set restart-mode none
+    config redistribute "connected"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+        set tag 0
+    end
+    config redistribute "static"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+        set tag 0
+    end
+    config redistribute "rip"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+        set tag 0
+    end
+    config redistribute "bgp"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+        set tag 0
+    end
+    config redistribute "isis"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+        set tag 0
+    end
+end
+config router ospf6
+    set abr-type standard
+    set auto-cost-ref-bandwidth 1000
+    set default-information-originate disable
+    set log-neighbour-changes enable
+    set default-information-metric 10
+    set default-information-metric-type 2
+    set default-information-route-map ''
+    set default-metric 10
+    set router-id 0.0.0.0
+    set spf-timers 5 10
+    set bfd disable
+    set restart-mode none
+    config redistribute "connected"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+    end
+    config redistribute "static"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+    end
+    config redistribute "rip"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+    end
+    config redistribute "bgp"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+    end
+    config redistribute "isis"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+    end
+end
+config router bgp
+    unset as
+    set keepalive-timer 60
+    set holdtime-timer 180
+    set always-compare-med disable
+    set bestpath-as-path-ignore disable
+    set bestpath-cmp-confed-aspath disable
+    set bestpath-cmp-routerid disable
+    set bestpath-med-confed disable
+    set bestpath-med-missing-as-worst disable
+    set client-to-client-reflection enable
+    set dampening disable
+    set deterministic-med disable
+    set ebgp-multipath disable
+    set ibgp-multipath disable
+    set enforce-first-as enable
+    set fast-external-failover enable
+    set log-neighbour-changes enable
+    set network-import-check enable
+    set ignore-optional-capability enable
+    set multipath-recursive-distance disable
+    set recursive-next-hop disable
+    set recursive-inherit-priority disable
+    set tag-resolve-mode disable
+    set cluster-id 0.0.0.0
+    set confederation-identifier 0
+    set default-local-preference 100
+    set scan-time 60
+    set distance-external 20
+    set distance-internal 200
+    set distance-local 200
+    set synchronization disable
+    set graceful-restart disable
+    set cross-family-conditional-adv disable
+    config redistribute "connected"
+        set status disable
+        set route-map ''
+    end
+    config redistribute "rip"
+        set status disable
+        set route-map ''
+    end
+    config redistribute "ospf"
+        set status disable
+        set route-map ''
+    end
+    config redistribute "static"
+        set status disable
+        set route-map ''
+    end
+    config redistribute "isis"
+        set status disable
+        set route-map ''
+    end
+    config redistribute6 "connected"
+        set status disable
+        set route-map ''
+    end
+    config redistribute6 "rip"
+        set status disable
+        set route-map ''
+    end
+    config redistribute6 "ospf"
+        set status disable
+        set route-map ''
+    end
+    config redistribute6 "static"
+        set status disable
+        set route-map ''
+    end
+    config redistribute6 "isis"
+        set status disable
+        set route-map ''
+    end
+end
+config router isis
+    set is-type level-1-2
+    set adv-passive-only disable
+    set adv-passive-only6 disable
+    set auth-mode-l1 password
+    set auth-mode-l2 password
+    set auth-password-l1 ENC drZfb9geM6Hx6+izCk0M2gZpW9jClSHxE+3LzKgZAGBhqzF1Yd+JiCODOt/OfXrHF0YjN6MJSsJ2Z9kTsjZf8z0x1HB17HpiCh5gI7753NwW6YwEFvgnMSCE3l+K2eFxwqv4gzx64RGEqqf926MgDRTAsHc5F/j+GtKrzQ/YcF/s5YBZ4tPTIXf4i3b00laWU6zaWVlmMjY3dkVA
+    set auth-password-l2 ENC CU9qqTHIt36/SRb/TQ2p6Esrrdw/no7NPAml2GarOYDNXUTMqgkjdMrBnMnW9UB42mx97LDiX9RnFAPPPHnoWfbJDc7pblFdO/TaRWwOflXb2vgK7kx1by3oC72ioO+VGM3CkNpCpvUyVNqPRHShqRL4hElCZGqUhKmg2NOBbcGHjdbcno5D9mnUa4/ZE9p8nm+xYVlmMjY3dkVA
+    set auth-sendonly-l1 disable
+    set auth-sendonly-l2 disable
+    set ignore-lsp-errors disable
+    set lsp-gen-interval-l1 30
+    set lsp-gen-interval-l2 30
+    set lsp-refresh-interval 900
+    set max-lsp-lifetime 1200
+    set spf-interval-exp-l1 500 50000
+    set spf-interval-exp-l2 500 50000
+    set dynamic-hostname disable
+    set adjacency-check disable
+    set adjacency-check6 disable
+    set overload-bit disable
+    unset overload-bit-suppress
+    set overload-bit-on-startup 0
+    set default-originate disable
+    set default-originate6 disable
+    set metric-style narrow
+    set redistribute-l1 disable
+    set redistribute-l2 disable
+    set redistribute6-l1 disable
+    set redistribute6-l2 disable
+    config redistribute "connected"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute "rip"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute "ospf"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute "bgp"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute "static"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute6 "connected"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute6 "rip"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute6 "ospf"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute6 "bgp"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute6 "static"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+end
+config router multicast-flow
+end
+config router multicast
+    set route-limit 2147483647
+    set multicast-routing disable
+    config pim-sm-global
+        set message-interval 60
+        set join-prune-holdtime 210
+        set accept-register-list ''
+        set accept-source-list ''
+        set bsr-candidate disable
+        set bsr-allow-quick-refresh disable
+        set cisco-register-checksum disable
+        set cisco-crp-prefix disable
+        set cisco-ignore-rp-set-priority disable
+        set register-rp-reachability enable
+        set register-source disable
+        set register-supression 60
+        set null-register-retries 1
+        set rp-register-keepalive 185
+        set spt-threshold enable
+        set ssm disable
+        set register-rate-limit 0
+        set pim-use-sdwan disable
+        set spt-threshold-group ''
+    end
+end
+config router multicast6
+    set multicast-routing disable
+    config pim-sm-global
+    end
+end
+config router auth-path
+end
+config router setting
+    set show-filter ''
+    set hostname ''
+end
+config router bfd
+end
+config router bfd6
+end
+config system proxy-arp
+end
+config system link-monitor
+end
+config system wccp
+end
+config system dns64
+    set status disable
+    set dns64-prefix 64:ff9b::/96
+    set always-synthesize-aaaa-record enable
+end
+config system nd-proxy
+    set status disable
+end
+config system vne-tunnel
+    set status disable
+end
+end
+
+config vdom
+edit TEST
+config wireless-controller hotspot20 anqp-venue-name
+end
+config wireless-controller hotspot20 anqp-venue-url
+end
+config wireless-controller hotspot20 anqp-network-auth-type
+end
+config wireless-controller hotspot20 anqp-roaming-consortium
+end
+config wireless-controller hotspot20 anqp-nai-realm
+end
+config wireless-controller hotspot20 anqp-3gpp-cellular
+end
+config wireless-controller hotspot20 anqp-ip-address-type
+end
+config wireless-controller hotspot20 h2qp-operator-name
+end
+config wireless-controller hotspot20 h2qp-wan-metric
+end
+config wireless-controller hotspot20 h2qp-conn-capability
+end
+config wireless-controller hotspot20 icon
+end
+config wireless-controller hotspot20 h2qp-osu-provider
+end
+config wireless-controller hotspot20 qos-map
+end
+config wireless-controller hotspot20 h2qp-advice-of-charge
+end
+config wireless-controller hotspot20 h2qp-osu-provider-nai
+end
+config wireless-controller hotspot20 h2qp-terms-and-conditions
+end
+config wireless-controller hotspot20 hs-profile
+end
+config wireless-controller vap
+end
+config system object-tagging
+    edit "default"
+        set address optional
+        set device optional
+        set interface optional
+        set multiple enable
+        set color 0
+    next
+end
+config switch-controller traffic-policy
+    edit "quarantine"
+        set description "Rate control for quarantined traffic"
+        set policer-status enable
+        set guaranteed-bandwidth 163840
+        set guaranteed-burst 8192
+        set maximum-burst 163840
+        set cos-queue 0
+    next
+    edit "sniffer"
+        set description "Rate control for sniffer mirrored traffic"
+        set policer-status enable
+        set guaranteed-bandwidth 50000
+        set guaranteed-burst 8192
+        set maximum-burst 163840
+        set cos-queue 0
+    next
+end
+config switch-controller fortilink-settings
+end
+config system stp
+    set switch-priority 32768
+    set hello-time 2
+    set forward-delay 15
+    set max-age 20
+    set max-hops 20
+end
+config system settings
+    set comments ''
+    set vdom-type traffic
+    set opmode nat
+    set policy-offload-level disable
+    set ngfw-mode profile-based
+    set http-external-dest fortiweb
+    set firewall-session-dirty check-all
+    set bfd disable
+    set utf8-spam-tagging enable
+    set wccp-cache-engine disable
+    set vpn-stats-log ipsec pptp l2tp ssl
+    set vpn-stats-period 600
+    set v4-ecmp-mode source-ip-based
+    set fw-session-hairpin disable
+    set prp-trailer-action disable
+    set snat-hairpin-traffic enable
+    set dhcp-proxy disable
+    set central-nat disable
+    set lldp-reception global
+    set lldp-transmission global
+    set link-down-access enable
+    set nat46-generate-ipv6-fragment-header disable
+    set nat46-force-ipv4-packet-forwarding disable
+    set nat64-force-ipv6-packet-forwarding enable
+    set detect-unknown-esp enable
+    set intree-ses-best-route disable
+    set auxiliary-session disable
+    set asymroute disable
+    set asymroute-icmp disable
+    set tcp-session-without-syn disable
+    set ses-denied-traffic disable
+    set ses-denied-multicast-traffic disable
+    set strict-src-check disable
+    set allow-linkdown-path disable
+    set asymroute6 disable
+    set asymroute6-icmp disable
+    set sctp-session-without-init disable
+    set sip-expectation disable
+    set sip-nat-trace enable
+    set h323-direct-model enable
+    set status enable
+    set sip-tcp-port 5060
+    set sip-udp-port 5060
+    set sip-ssl-port 5061
+    set sccp-port 2000
+    set multicast-forward enable
+    set multicast-ttl-notchange disable
+    set allow-subnet-overlap disable
+    set deny-tcp-with-icmp disable
+    set ecmp-max-paths 255
+    set discovered-device-timeout 28
+    set email-portal-check-dns enable
+    set default-voip-alg-mode proxy-based
+    set gui-proxy-inspection enable
+    set gui-icap disable
+    set gui-implicit-policy enable
+    set gui-dns-database disable
+    set gui-load-balance disable
+    set gui-multicast-policy disable
+    set gui-dos-policy enable
+    set gui-object-colors enable
+    set gui-route-tag-address-creation disable
+    set gui-voip-profile disable
+    set gui-ap-profile enable
+    set gui-security-profile-group disable
+    set gui-local-in-policy disable
+    set gui-wanopt-cache disable
+    set gui-explicit-proxy disable
+    set gui-dynamic-routing enable
+    set gui-policy-based-ipsec disable
+    set gui-threat-weight enable
+    set gui-spamfilter disable
+    set gui-file-filter disable
+    set gui-application-control enable
+    set gui-ips enable
+    set gui-dhcp-advanced enable
+    set gui-vpn enable
+    set gui-sslvpn disable
+    set gui-wireless-controller enable
+    set gui-advanced-wireless-features disable
+    set gui-switch-controller enable
+    set gui-fortiap-split-tunneling disable
+    set gui-webfilter-advanced disable
+    set gui-traffic-shaping enable
+    set gui-wan-load-balancing enable
+    set gui-antivirus enable
+    set gui-webfilter enable
+    set gui-videofilter enable
+    set gui-dnsfilter enable
+    set gui-waf-profile disable
+    set gui-dlp-profile disable
+    set gui-virtual-patch-profile disable
+    set gui-casb disable
+    set gui-fortiextender-controller disable
+    set gui-advanced-policy enable
+    set gui-allow-unnamed-policy disable
+    set gui-email-collection disable
+    set gui-multiple-interface-policy disable
+    set gui-policy-disclaimer disable
+    set gui-ztna enable
+    set gui-ot disable
+    set gui-dynamic-device-os-id disable
+    set location-id 0.0.0.0
+    set ike-session-resume disable
+    set ike-quick-crash-detect disable
+    set ike-dn-format with-space
+    set ike-port 500
+    set ike-tcp-port 4500
+    set ike-policy-route disable
+    set block-land-attack disable
+    set application-bandwidth-tracking disable
+    set fqdn-session-check disable
+    set ext-resource-session-check disable
+    set dyn-addr-session-check disable
+    set default-policy-expiry-days 30
+    set gui-enforce-change-summary require
+    set internet-service-database-cache disable
+    set internet-service-app-ctrl-size 32768
+end
+config system sit-tunnel
+end
+config system arp-table
+end
+config system ipv6-neighbor-cache
+end
+config system vdom-sflow
+    set vdom-sflow disable
+end
+config system vdom-netflow
+    set vdom-netflow disable
+end
+config system vdom-dns
+    set vdom-dns disable
+    set alt-primary 0.0.0.0
+    set alt-secondary 0.0.0.0
+end
+config system replacemsg-group
+    edit "default"
+        set comment "Default replacement message group."
+        set group-type default
+    next
+end
+config system session-ttl
+    set default 3600
+end
+config system dhcp server
+end
+config system dhcp6 server
+end
+config system zone
+    edit "Outside_Zone"
+        set description ''
+        set intrazone deny
+        set interface "port10"
+    next
+    edit "Inside_Zone"
+        set description ''
+        set intrazone deny
+        set interface "port9"
+    next
+end
+config firewall address
+    edit "EMS_ALL_UNKNOWN_CLIENTS"
+        set uuid 4be9e716-c0f6-51f0-b3d5-f72c9ff867b4
+        set type dynamic
+        set sub-type ems-tag
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set fabric-object disable
+        set obj-tag ''
+        set obj-type ip
+        set tag-detection-level ''
+        set tag-type ''
+    next
+    edit "EMS_ALL_UNMANAGEABLE_CLIENTS"
+        set uuid 4be9d096-c0f6-51f0-f066-1fd7f6c53bf9
+        set type dynamic
+        set sub-type ems-tag
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set fabric-object disable
+        set obj-tag ''
+        set obj-type ip
+        set tag-detection-level ''
+        set tag-type ''
+    next
+    edit "none"
+        set uuid 80cf53a0-9fba-51ec-9be6-b74007eabe43
+        set type ipmask
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set subnet 0.0.0.0 255.255.255.255
+    next
+    edit "login.microsoftonline.com"
+        set uuid 80cf6016-9fba-51ec-be0c-028d48d0faf8
+        set type fqdn
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set fqdn "login.microsoftonline.com"
+        set cache-ttl 0
+    next
+    edit "login.microsoft.com"
+        set uuid 80cf6c32-9fba-51ec-c480-ffee0ab26f94
+        set type fqdn
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set fqdn "login.microsoft.com"
+        set cache-ttl 0
+    next
+    edit "login.windows.net"
+        set uuid 80cf7880-9fba-51ec-1117-fb27513a173a
+        set type fqdn
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set fqdn "login.windows.net"
+        set cache-ttl 0
+    next
+    edit "gmail.com"
+        set uuid 80cf8424-9fba-51ec-5659-65d02fd5bf5c
+        set type fqdn
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set fqdn "gmail.com"
+        set cache-ttl 0
+    next
+    edit "wildcard.google.com"
+        set uuid 80cf8fd2-9fba-51ec-7b0c-cc55cf764b96
+        set type fqdn
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set fqdn "*.google.com"
+        set cache-ttl 0
+    next
+    edit "wildcard.dropbox.com"
+        set uuid 80cf9b8a-9fba-51ec-0acd-a8852f2c1f4a
+        set type fqdn
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set fqdn "*.dropbox.com"
+        set cache-ttl 0
+    next
+    edit "SSLVPN_TUNNEL_ADDR1"
+        set uuid 80d94054-9fba-51ec-e630-3567fd1becb8
+        set type iprange
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set start-ip 10.212.134.200
+        set end-ip 10.212.134.210
+    next
+    edit "all"
+        set uuid 80d998e2-9fba-51ec-6ae4-b09445ed7230
+        set type ipmask
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set subnet 0.0.0.0 0.0.0.0
+    next
+    edit "FIREWALL_AUTH_PORTAL_ADDRESS"
+        set uuid 80d99aea-9fba-51ec-6fe2-a17b98274b3e
+        set type ipmask
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set subnet 0.0.0.0 0.0.0.0
+    next
+    edit "FABRIC_DEVICE"
+        set uuid 80d99cb6-9fba-51ec-e62e-b841424fa8c0
+        set type ipmask
+        set comment "IPv4 addresses of Fabric Devices."
+        set associated-interface ''
+        set color 0
+        set fabric-object disable
+        set subnet 0.0.0.0 0.0.0.0
+    next
+    edit "FCTEMS_ALL_FORTICLOUD_SERVERS"
+        set uuid c0ae3c9c-9fbb-51ec-1447-18c5c1fef0f3
+        set type dynamic
+        set sub-type ems-tag
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set fabric-object disable
+        set obj-tag ''
+        set obj-type ip
+        set tag-detection-level ''
+        set tag-type ''
+    next
+    edit "10.0.0.0_8"
+        set uuid 2e3d8790-9fbc-51ec-8bca-5e95c580ea36
+        set type ipmask
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set subnet 10.0.0.0 255.0.0.0
+    next
+    edit "192.168.0.0_16"
+        set uuid 491395a0-9fbc-51ec-1275-3414c9a13da4
+        set type ipmask
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set subnet 192.168.0.0 255.255.0.0
+    next
+    edit "172.16.0.0_12"
+        set uuid 58888298-9fbc-51ec-cca9-312f8a493e61
+        set type ipmask
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set subnet 172.16.0.0 255.240.0.0
+    next
+    edit "Russia"
+        set uuid 96cea918-9fbe-51ec-e0d6-53c4a1fba7cc
+        set type geography
+        set comment ''
+        set associated-interface ''
+        set color 6
+        set fabric-object disable
+        set country "RU"
+    next
+    edit "China"
+        set uuid 7c30cee6-9fbf-51ec-5d85-a2ce4f48568b
+        set type geography
+        set comment ''
+        set associated-interface ''
+        set color 6
+        set fabric-object disable
+        set country "CN"
+    next
+    edit "Belarus"
+        set uuid 8fbf28b8-9fbf-51ec-69ef-572fc83693f8
+        set type geography
+        set comment ''
+        set associated-interface ''
+        set color 6
+        set fabric-object disable
+        set country "BY"
+    next
+end
+config firewall multicast-address
+    edit "all_hosts"
+        set type multicastrange
+        set start-ip 224.0.0.1
+        set end-ip 224.0.0.1
+        set comment ''
+        set associated-interface ''
+        set color 0
+    next
+    edit "all_routers"
+        set type multicastrange
+        set start-ip 224.0.0.2
+        set end-ip 224.0.0.2
+        set comment ''
+        set associated-interface ''
+        set color 0
+    next
+    edit "Bonjour"
+        set type multicastrange
+        set start-ip 224.0.0.251
+        set end-ip 224.0.0.251
+        set comment ''
+        set associated-interface ''
+        set color 0
+    next
+    edit "EIGRP"
+        set type multicastrange
+        set start-ip 224.0.0.10
+        set end-ip 224.0.0.10
+        set comment ''
+        set associated-interface ''
+        set color 0
+    next
+    edit "OSPF"
+        set type multicastrange
+        set start-ip 224.0.0.5
+        set end-ip 224.0.0.6
+        set comment ''
+        set associated-interface ''
+        set color 0
+    next
+    edit "all"
+        set type multicastrange
+        set start-ip 224.0.0.0
+        set end-ip 239.255.255.255
+        set comment ''
+        set associated-interface ''
+        set color 0
+    next
+end
+config firewall address6-template
+end
+config firewall address6
+    edit "all"
+        set uuid 80cfe3c4-9fba-51ec-b885-7ad5ae0f228a
+        set type ipprefix
+        set ip6 ::/0
+        set color 0
+        set comment ''
+        set fabric-object disable
+    next
+    edit "none"
+        set uuid 80cfec3e-9fba-51ec-3afe-9da1db0408ee
+        set type ipprefix
+        set ip6 ::/128
+        set color 0
+        set comment ''
+        set fabric-object disable
+    next
+    edit "SSLVPN_TUNNEL_IPv6_ADDR1"
+        set uuid 80d9441e-9fba-51ec-fb53-0cb27c846ccb
+        set type ipprefix
+        set ip6 fdff:ffff::/120
+        set color 0
+        set comment ''
+        set fabric-object disable
+    next
+end
+config firewall multicast-address6
+    edit "all"
+        set ip6 ff00::/8
+        set comment ''
+        set color 0
+    next
+end
+config system ipv6-tunnel
+end
+config firewall addrgrp
+    edit "G Suite"
+        set type default
+        set category default
+        set uuid 80cfa97c-9fba-51ec-cb88-5fc589094707
+        set member "gmail.com" "wildcard.google.com"
+        set comment ''
+        set exclude disable
+        set color 0
+        set fabric-object disable
+    next
+    edit "Microsoft Office 365"
+        set type default
+        set category default
+        set uuid 80cfc24a-9fba-51ec-53bc-6a6c3d6964c6
+        set member "login.microsoftonline.com" "login.microsoft.com" "login.windows.net"
+        set comment ''
+        set exclude disable
+        set color 0
+        set fabric-object disable
+    next
+    edit "IPv4-Private-All-RFC1918"
+        set type default
+        set category default
+        set uuid 87bcd064-9fbc-51ec-c912-c07ba5dfb345
+        set member "10.0.0.0_8" "172.16.0.0_12" "192.168.0.0_16"
+        set comment ''
+        set exclude disable
+        set color 0
+        set fabric-object disable
+    next
+    edit "Geo_Block_Group"
+        set type default
+        set category default
+        set uuid a62837de-9fbf-51ec-3ddf-ee9c6f1e1784
+        set member "Belarus" "China" "Russia"
+        set comment ''
+        set exclude disable
+        set color 6
+        set fabric-object disable
+    next
+end
+config firewall addrgrp6
+end
+config firewall wildcard-fqdn custom
+    edit "g-Adobe Login"
+        set uuid b5c2c426-7e12-51ec-c8c7-42a0753234df
+        set wildcard-fqdn "*.adobelogin.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-Gotomeeting"
+        set uuid b5c2d1dc-7e12-51ec-0033-c7d538e5fdef
+        set wildcard-fqdn "*.gotomeeting.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-Windows update 2"
+        set uuid b5c2d93e-7e12-51ec-1050-7b6ae64065ac
+        set wildcard-fqdn "*.windowsupdate.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-adobe"
+        set uuid b5c2c30e-7e12-51ec-1da6-1db9bca6406e
+        set wildcard-fqdn "*.adobe.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-android"
+        set uuid b5c2c520-7e12-51ec-66f1-404afb0dad1a
+        set wildcard-fqdn "*.android.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-apple"
+        set uuid b5c2c61a-7e12-51ec-b2cc-2b03b1ad8ac0
+        set wildcard-fqdn "*.apple.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-appstore"
+        set uuid b5c2c714-7e12-51ec-072f-a8d60b6da6c9
+        set wildcard-fqdn "*.appstore.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-auth.gfx.ms"
+        set uuid b5c2c80e-7e12-51ec-3653-8016dcbc28a4
+        set wildcard-fqdn "*.auth.gfx.ms"
+        set color 0
+        set comment ''
+    next
+    edit "g-autoupdate.opera.com"
+        set uuid b5c2de52-7e12-51ec-9c10-927947a6ab3a
+        set wildcard-fqdn "*autoupdate.opera.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-cdn-apple"
+        set uuid 4fcf159e-7cda-51ed-d7ef-7d1c0f82091c
+        set wildcard-fqdn "*.cdn-apple.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-citrix"
+        set uuid b5c2c908-7e12-51ec-01b1-b38ce4989cbb
+        set wildcard-fqdn "*.citrixonline.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-dropbox.com"
+        set uuid b5c2ca02-7e12-51ec-43dc-489077effa44
+        set wildcard-fqdn "*.dropbox.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-eease"
+        set uuid b5c2cafc-7e12-51ec-0777-7e7243cc25fe
+        set wildcard-fqdn "*.eease.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-firefox update server"
+        set uuid b5c2cbf6-7e12-51ec-d213-27b68033a384
+        set wildcard-fqdn "aus*.mozilla.org"
+        set color 0
+        set comment ''
+    next
+    edit "g-fortinet"
+        set uuid b5c2ccf0-7e12-51ec-0b36-46ab64c1ba89
+        set wildcard-fqdn "*.fortinet.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-google-drive"
+        set uuid b5c2cee4-7e12-51ec-9ea0-220ca0ebde0f
+        set wildcard-fqdn "*drive.google.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-google-play"
+        set uuid b5c2db46-7e12-51ec-efc3-be1c278ba621
+        set wildcard-fqdn "*play.google.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-google-play2"
+        set uuid b5c2cfde-7e12-51ec-3f42-4089eb70f096
+        set wildcard-fqdn "*.ggpht.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-google-play3"
+        set uuid b5c2d0d8-7e12-51ec-b5df-6cd900ac767d
+        set wildcard-fqdn "*.books.google.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-googleapis.com"
+        set uuid b5c2cdea-7e12-51ec-c49f-497c9a8f0cc4
+        set wildcard-fqdn "*.googleapis.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-icloud"
+        set uuid b5c2d344-7e12-51ec-c8c1-97b23449d39e
+        set wildcard-fqdn "*.icloud.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-itunes"
+        set uuid b5c2d452-7e12-51ec-d0f4-1605cffaa5b0
+        set wildcard-fqdn "*itunes.apple.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-live.com"
+        set uuid b5c2da42-7e12-51ec-980b-fefb8446bc74
+        set wildcard-fqdn "*.live.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-microsoft"
+        set uuid b5c2d54c-7e12-51ec-66f6-895f67d8072d
+        set wildcard-fqdn "*.microsoft.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-mzstatic-apple"
+        set uuid 4fcf1652-7cda-51ed-df9f-4d198b596ae5
+        set wildcard-fqdn "*.mzstatic.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-skype"
+        set uuid b5c2d646-7e12-51ec-2218-dc4a982afb68
+        set wildcard-fqdn "*.messenger.live.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-softwareupdate.vmware.com"
+        set uuid b5c2d740-7e12-51ec-15f8-f8ef25f4ea30
+        set wildcard-fqdn "*.softwareupdate.vmware.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-swscan.apple.com"
+        set uuid b5c2dd44-7e12-51ec-5fa2-8d51ab678ea9
+        set wildcard-fqdn "*swscan.apple.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-update.microsoft.com"
+        set uuid b5c2dc40-7e12-51ec-7df9-3371c69c0ffb
+        set wildcard-fqdn "*update.microsoft.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-verisign"
+        set uuid b5c2d83a-7e12-51ec-e82e-ffa878b96855
+        set wildcard-fqdn "*.verisign.com"
+        set color 0
+        set comment ''
+    next
+end
+config firewall wildcard-fqdn group
+end
+config firewall traffic-class
+end
+config firewall service category
+    edit "General"
+        set comment "General services."
+        set fabric-object disable
+    next
+    edit "Web Access"
+        set comment "Web access."
+        set fabric-object disable
+    next
+    edit "File Access"
+        set comment "File access."
+        set fabric-object disable
+    next
+    edit "Email"
+        set comment "Email services."
+        set fabric-object disable
+    next
+    edit "Network Services"
+        set comment "Network services."
+        set fabric-object disable
+    next
+    edit "Authentication"
+        set comment "Authentication service."
+        set fabric-object disable
+    next
+    edit "Remote Access"
+        set comment "Remote access."
+        set fabric-object disable
+    next
+    edit "Tunneling"
+        set comment "Tunneling service."
+        set fabric-object disable
+    next
+    edit "VoIP, Messaging & Other Applications"
+        set comment "VoIP, messaging, and other applications."
+        set fabric-object disable
+    next
+    edit "Web Proxy"
+        set comment "Explicit web proxy."
+        set fabric-object disable
+    next
+end
+config firewall service custom
+    edit "ALL"
+        set uuid 8b743d2a-c0f9-51f0-6d5e-bc0b7855a24f
+        set proxy disable
+        set category "General"
+        set protocol IP
+        set helper auto
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set protocol-number 0
+    next
+    edit "FTP"
+        set uuid 8b743e4c-c0f9-51f0-2396-a437ab4fcb0d
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 21
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "FTP_GET"
+        set uuid 8b743f1e-c0f9-51f0-24fb-f75bf24da028
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 21
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "FTP_PUT"
+        set uuid 8b743fdc-c0f9-51f0-5f1a-fe9799588add
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 21
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "DNS"
+        set uuid 96f50166-c0f9-51f0-fc64-b948164f4051
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 53
+        set udp-portrange 53
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "HTTP"
+        set uuid 96f505a8-c0f9-51f0-2b57-daa3596aa8ad
+        set proxy disable
+        set category "Web Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 80
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "HTTPS"
+        set uuid 96f50918-c0f9-51f0-7537-53978cacccdb
+        set proxy disable
+        set category "Web Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 443
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "IMAP"
+        set uuid 96f50c74-c0f9-51f0-839d-2e5fa6a57cab
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 143
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "IMAPS"
+        set uuid 96f50fc6-c0f9-51f0-fb9e-69da6f62d7ee
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 993
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "LDAP"
+        set uuid 96f5130e-c0f9-51f0-95c6-e443dec4365e
+        set proxy disable
+        set category "Authentication"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 389
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "DCE-RPC"
+        set uuid 96f5166a-c0f9-51f0-794d-5266b08e9ef9
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 135
+        set udp-portrange 135
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "POP3"
+        set uuid 96f51a02-c0f9-51f0-20a3-dff9f765beb0
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 110
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "POP3S"
+        set uuid 96f51d54-c0f9-51f0-2f40-36b87fde1373
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 995
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SAMBA"
+        set uuid 96f52092-c0f9-51f0-b4a1-774ae7aa7c46
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 139
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SMTP"
+        set uuid 96f523da-c0f9-51f0-a1c7-5b51f8e03dce
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 25
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SMTPS"
+        set uuid 96f52934-c0f9-51f0-8fe6-124acda85b24
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 465
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "KERBEROS"
+        set uuid 96f52e70-c0f9-51f0-d05f-7485632786fb
+        set proxy disable
+        set category "Authentication"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 88 464
+        set udp-portrange 88 464
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "LDAP_UDP"
+        set uuid 96f53226-c0f9-51f0-1c29-60168b5fd719
+        set proxy disable
+        set category "Authentication"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 389
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SMB"
+        set uuid 96f53582-c0f9-51f0-b95d-7d370a44a7ce
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 445
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "ALL_TCP"
+        set uuid 96f54612-c0f9-51f0-b96c-2b8c4df9ace5
+        set proxy disable
+        set category "General"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1-65535
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "ALL_UDP"
+        set uuid 96f54996-c0f9-51f0-6c20-38c18b6bc125
+        set proxy disable
+        set category "General"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 1-65535
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "ALL_ICMP"
+        set uuid 96f54cf2-c0f9-51f0-68fb-6f1dbc308afd
+        set proxy disable
+        set category "General"
+        set protocol ICMP
+        set helper auto
+        set comment ''
+        set color 0
+        set fabric-object disable
+        unset icmptype
+    next
+    edit "ALL_ICMP6"
+        set uuid 96f5508a-c0f9-51f0-c704-88f3da5a94de
+        set proxy disable
+        set category "General"
+        set protocol ICMP6
+        set helper auto
+        set comment ''
+        set color 0
+        set fabric-object disable
+        unset icmptype
+    next
+    edit "GRE"
+        set uuid 96f55418-c0f9-51f0-4427-4605ffd297d4
+        set proxy disable
+        set category "Tunneling"
+        set protocol IP
+        set helper auto
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set protocol-number 47
+    next
+    edit "AH"
+        set uuid 96f557b0-c0f9-51f0-bd99-8e5631387fd9
+        set proxy disable
+        set category "Tunneling"
+        set protocol IP
+        set helper auto
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set protocol-number 51
+    next
+    edit "ESP"
+        set uuid 96f55b48-c0f9-51f0-4342-a5043beb506b
+        set proxy disable
+        set category "Tunneling"
+        set protocol IP
+        set helper auto
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set protocol-number 50
+    next
+    edit "AOL"
+        set uuid 96f55ecc-c0f9-51f0-fbda-c6a055a2f81f
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 5190-5194
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "BGP"
+        set uuid 96f56192-c0f9-51f0-70c3-ff25ff13d32c
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 179
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "DHCP"
+        set uuid 96f564e4-c0f9-51f0-0467-7f6ad11de689
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 67-68
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "FINGER"
+        set uuid 96f56836-c0f9-51f0-0eea-39bc3a683127
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 79
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "GOPHER"
+        set uuid 96f56b10-c0f9-51f0-7c12-89442e18cd06
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 70
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "H323"
+        set uuid 96f56e6c-c0f9-51f0-f5a4-ffb42ab3fafa
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1720 1503
+        set udp-portrange 1719
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "IKE"
+        set uuid 96f57240-c0f9-51f0-1cab-d6120d1c5ffb
+        set proxy disable
+        set category "Tunneling"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 500 4500
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "Internet-Locator-Service"
+        set uuid 96f57592-c0f9-51f0-e2ac-a576effbe570
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 389
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "IRC"
+        set uuid 96f57858-c0f9-51f0-2b8e-59702cd43b59
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 6660-6669
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "L2TP"
+        set uuid 96f57bc8-c0f9-51f0-056d-c3fb82dbd93d
+        set proxy disable
+        set category "Tunneling"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1701
+        set udp-portrange 1701
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "NetMeeting"
+        set uuid 96f57f6a-c0f9-51f0-f03e-f6c632415cb1
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1720
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "NFS"
+        set uuid 96f58230-c0f9-51f0-43ec-f0d9bdbf460f
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 111 2049
+        set udp-portrange 111 2049
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "NNTP"
+        set uuid 96f585d2-c0f9-51f0-67cc-190ac5c92bf4
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 119
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "NTP"
+        set uuid 96f5888e-c0f9-51f0-321b-fd3a6933a2a9
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 123
+        set udp-portrange 123
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "OSPF"
+        set uuid 96f58c30-c0f9-51f0-44e6-5aa1627d239c
+        set proxy disable
+        set category "Network Services"
+        set protocol IP
+        set helper auto
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set protocol-number 89
+    next
+    edit "PC-Anywhere"
+        set uuid 96f58fbe-c0f9-51f0-b654-11340a330887
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 5631
+        set udp-portrange 5632
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "PING"
+        set uuid 96f59360-c0f9-51f0-1405-ed0aa0c07c1a
+        set proxy disable
+        set category "Network Services"
+        set protocol ICMP
+        set helper auto
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set icmptype 8
+        unset icmpcode
+    next
+    edit "TIMESTAMP"
+        set uuid 96f5973e-c0f9-51f0-7998-bfd03695a594
+        set proxy disable
+        set category ''
+        set protocol ICMP
+        set helper auto
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set icmptype 13
+        unset icmpcode
+    next
+    edit "INFO_REQUEST"
+        set uuid 96f59a86-c0f9-51f0-e6e0-2d68e4fefc6a
+        set proxy disable
+        set category ''
+        set protocol ICMP
+        set helper auto
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set icmptype 15
+        unset icmpcode
+    next
+    edit "INFO_ADDRESS"
+        set uuid 96f59dce-c0f9-51f0-5fa7-7c6d0959e11c
+        set proxy disable
+        set category ''
+        set protocol ICMP
+        set helper auto
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set icmptype 17
+        unset icmpcode
+    next
+    edit "ONC-RPC"
+        set uuid 96f5a12a-c0f9-51f0-b3b4-eec5841bf40a
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 111
+        set udp-portrange 111
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "PPTP"
+        set uuid 96f5a576-c0f9-51f0-82cc-19bb03f63b33
+        set proxy disable
+        set category "Tunneling"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1723
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "QUAKE"
+        set uuid 96f5a9ea-c0f9-51f0-d16d-5f37a8e0c38d
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 26000 27000 27910 27960
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RAUDIO"
+        set uuid 96f5acce-c0f9-51f0-9a5b-ee4f22c9a3d7
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 7070
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "REXEC"
+        set uuid 96f5af8a-c0f9-51f0-66c7-199285d80167
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 512
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RIP"
+        set uuid 96f5b25a-c0f9-51f0-4385-079972061cf1
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 520
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RLOGIN"
+        set uuid 96f5b5a2-c0f9-51f0-0891-75d2d64dc90a
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 513:512-1023
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RSH"
+        set uuid 96f5b872-c0f9-51f0-260b-f2fb645db637
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 514:512-1023
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SCCP"
+        set uuid 96f5bb38-c0f9-51f0-de1d-476c59245428
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 2000
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SIP"
+        set uuid 96f5be94-c0f9-51f0-74ac-d4914dda030b
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 5060
+        set udp-portrange 5060
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SIP-MSNmessenger"
+        set uuid 96f5c240-c0f9-51f0-9fe0-4fd15dee9383
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1863
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SNMP"
+        set uuid 96f5c592-c0f9-51f0-33f7-70134c1048b1
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 161-162
+        set udp-portrange 161-162
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SSH"
+        set uuid 96f5c948-c0f9-51f0-cd48-196a7373bfca
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 22
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SYSLOG"
+        set uuid 96f5cc9a-c0f9-51f0-295a-299522a6e90c
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 514
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "TALK"
+        set uuid 96f5d000-c0f9-51f0-72ed-06d247a926f5
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 517-518
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "TELNET"
+        set uuid 96f5d2d0-c0f9-51f0-0fa1-7004312eaf19
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 23
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "TFTP"
+        set uuid 96f5d622-c0f9-51f0-1eb7-e2ade6f587b2
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 69
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "MGCP"
+        set uuid 96f5da1e-c0f9-51f0-5514-593a0404fb6a
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 2427 2727
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "UUCP"
+        set uuid 96f5dd0c-c0f9-51f0-da54-5ed3c7bc0eaa
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 540
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "VDOLIVE"
+        set uuid 96f5dfc8-c0f9-51f0-ba05-a609adea1a29
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 7000-7010
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "WAIS"
+        set uuid 96f5e2a2-c0f9-51f0-dda0-397d998e360d
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 210
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "WINFRAME"
+        set uuid 96f5e55e-c0f9-51f0-c47e-c352bf16c1ed
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1494 2598
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "X-WINDOWS"
+        set uuid 96f5e824-c0f9-51f0-c3e3-079573af8c63
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 6000-6063
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "PING6"
+        set uuid 96f5eb8a-c0f9-51f0-50b1-801bfeec52de
+        set proxy disable
+        set category ''
+        set protocol ICMP6
+        set helper auto
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set icmptype 128
+        unset icmpcode
+    next
+    edit "MS-SQL"
+        set uuid 96f5eee6-c0f9-51f0-dad2-6b74df69c35c
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1433 1434
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "MYSQL"
+        set uuid 96f5f256-c0f9-51f0-eeba-fc01f740e146
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 3306
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RDP"
+        set uuid 96f5f5a8-c0f9-51f0-5211-9df7685e568c
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 3389
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "VNC"
+        set uuid 96f5f8f0-c0f9-51f0-6b0d-0a4431659dd0
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 5900
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "DHCP6"
+        set uuid 96f5fc42-c0f9-51f0-b7d8-328d514f480c
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 546 547
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SQUID"
+        set uuid 96f5ff94-c0f9-51f0-488f-b629f81f8656
+        set proxy disable
+        set category "Tunneling"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 3128
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SOCKS"
+        set uuid 96f602e6-c0f9-51f0-4dde-2207327d2c7c
+        set proxy disable
+        set category "Tunneling"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1080
+        set udp-portrange 1080
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "WINS"
+        set uuid 96f6067e-c0f9-51f0-51e0-54f3a669ef5e
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1512
+        set udp-portrange 1512
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RADIUS"
+        set uuid 96f60a16-c0f9-51f0-baa0-ce18311324b9
+        set proxy disable
+        set category "Authentication"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 1812 1813
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RADIUS-OLD"
+        set uuid 96f60fc0-c0f9-51f0-31a8-44a563789949
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 1645 1646
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "CVSPSERVER"
+        set uuid 96f612f4-c0f9-51f0-3b26-9bda985825c8
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 2401
+        set udp-portrange 2401
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "AFS3"
+        set uuid 96f61600-c0f9-51f0-bfa6-b69dc2317c41
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 7000-7009
+        set udp-portrange 7000-7009
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "TRACEROUTE"
+        set uuid 96f619ca-c0f9-51f0-61cf-44ef95be8053
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 33434-33535
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RTSP"
+        set uuid 96f61d26-c0f9-51f0-efaa-4003e04ee2b4
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 554 7070 8554
+        set udp-portrange 554
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "MMS"
+        set uuid 96f620dc-c0f9-51f0-fec5-0ca7f54fa4d0
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1755
+        set udp-portrange 1024-5000
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "NONE"
+        set uuid 96f623f2-c0f9-51f0-419a-056f53f453f4
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 0
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "webproxy"
+        set uuid 8b742f9c-c0f9-51f0-c282-a5cb04651e47
+        set proxy enable
+        set category "Web Proxy"
+        set protocol ALL
+        set helper auto
+        set comment ''
+        set color 0
+        set app-service-type disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 0-65535:0-65535
+    next
+end
+config firewall service group
+    edit "Email Access"
+        set uuid 8b744194-c0f9-51f0-1ed8-f394d8e7442d
+        set proxy disable
+        set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
+        set comment ''
+        set color 0
+        set fabric-object disable
+    next
+    edit "Web Access"
+        set uuid 8b744856-c0f9-51f0-1b17-dc35a1e3d206
+        set proxy disable
+        set member "DNS" "HTTP" "HTTPS"
+        set comment ''
+        set color 0
+        set fabric-object disable
+    next
+    edit "Windows AD"
+        set uuid 8b744c02-c0f9-51f0-7f3f-5533ce62b3a3
+        set proxy disable
+        set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
+        set comment ''
+        set color 0
+        set fabric-object disable
+    next
+    edit "Exchange Server"
+        set uuid 8b74517a-c0f9-51f0-e42f-1a0b38c99a34
+        set proxy disable
+        set member "DCE-RPC" "DNS" "HTTPS"
+        set comment ''
+        set color 0
+        set fabric-object disable
+    next
+end
+config firewall internet-service-group
+end
+config firewall internet-service-extension
+end
+config firewall internet-service-custom
+end
+config firewall internet-service-custom-group
+end
+config firewall network-service-dynamic
+end
+config system external-resource
+end
+config vpn certificate ca
+end
+config vpn certificate remote
+end
+config vpn certificate local
+    edit "Fortinet_CA_SSL"
+        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_CA_Untrusted"
+        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_GUI_Server"
+        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_RSA1024"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_RSA2048"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_RSA4096"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_DSA1024"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_DSA2048"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_ECDSA256"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_ECDSA384"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_ECDSA521"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_ED25519"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_ED448"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+end
+config vpn certificate crl
+end
+config vpn certificate ocsp-server
+end
+config vpn certificate setting
+    set ocsp-status disable
+    set ocsp-option server
+    set proxy ''
+    set source-ip ''
+    set ocsp-default-server ''
+    set interface-select-method auto
+    set check-ca-cert enable
+    set check-ca-chain disable
+    set subject-match substring
+    set subject-set subset
+    set cn-match substring
+    set cn-allow-multi enable
+    config crl-verification
+        set expiry ignore
+        set leaf-crl-absence ignore
+        set chain-crl-absence ignore
+    end
+    set strict-ocsp-check disable
+    set ssl-min-proto-version default
+    set cmp-save-extra-certs disable
+    set cmp-key-usage-checking enable
+    set cert-expire-warning 14
+    set certname-rsa1024 "Fortinet_SSL_RSA1024"
+    set certname-rsa2048 "Fortinet_SSL_RSA2048"
+    set certname-rsa4096 "Fortinet_SSL_RSA4096"
+    set certname-dsa1024 "Fortinet_SSL_DSA1024"
+    set certname-dsa2048 "Fortinet_SSL_DSA2048"
+    set certname-ecdsa256 "Fortinet_SSL_ECDSA256"
+    set certname-ecdsa384 "Fortinet_SSL_ECDSA384"
+    set certname-ecdsa521 "Fortinet_SSL_ECDSA521"
+    set certname-ed25519 "Fortinet_SSL_ED25519"
+    set certname-ed448 "Fortinet_SSL_ED448"
+end
+config webfilter ftgd-local-cat
+    edit "custom1"
+        set status enable
+        set id 140
+    next
+    edit "custom2"
+        set status enable
+        set id 141
+    next
+end
+config ips sensor
+    edit "g-default"
+        set comment "Prevent critical attacks."
+        set replacemsg-group ''
+        set block-malicious-url disable
+        set scan-botnet-connections disable
+        set extended-log disable
+        config entries
+            edit 1
+                set location all
+                set severity medium high critical
+                set protocol all
+                set os all
+                set application all
+                set default-action all
+                set default-status all
+                unset last-modified
+                set status default
+                set log enable
+                set log-packet disable
+                set log-attack-context disable
+                set action default
+                set quarantine none
+            next
+        end
+    next
+    edit "g-sniffer-profile"
+        set comment "Monitor IPS attacks."
+        set replacemsg-group ''
+        set block-malicious-url disable
+        set scan-botnet-connections disable
+        set extended-log disable
+        config entries
+            edit 1
+                set location all
+                set severity medium high critical
+                set protocol all
+                set os all
+                set application all
+                set default-action all
+                set default-status all
+                unset last-modified
+                set status default
+                set log enable
+                set log-packet disable
+                set log-attack-context disable
+                set action default
+                set quarantine none
+            next
+        end
+    next
+    edit "g-wifi-default"
+        set comment "Default configuration for offloading WiFi traffic."
+        set replacemsg-group ''
+        set block-malicious-url disable
+        set scan-botnet-connections disable
+        set extended-log disable
+        config entries
+            edit 1
+                set location all
+                set severity medium high critical
+                set protocol all
+                set os all
+                set application all
+                set default-action all
+                set default-status all
+                unset last-modified
+                set status default
+                set log enable
+                set log-packet disable
+                set log-attack-context disable
+                set action default
+                set quarantine none
+            next
+        end
+    next
+    edit "IPS_Test"
+        set comment ''
+        set replacemsg-group ''
+        set block-malicious-url enable
+        set scan-botnet-connections block
+        set extended-log disable
+        config entries
+            edit 1
+                set location all
+                set severity medium high critical
+                set protocol all
+                set os all
+                set application all
+                set default-action all
+                set default-status all
+                unset last-modified
+                set status default
+                set log enable
+                set log-packet disable
+                set log-attack-context disable
+                set action block
+                set quarantine none
+            next
+        end
+    next
+    edit "gdd-botnet C&C IP blocking"
+        set comment "This allows you to enable botnet blocking across all traffic that matches the policy by configuring one setting in the GUI"
+        set replacemsg-group ''
+        set block-malicious-url disable
+        set scan-botnet-connections disable
+        set extended-log disable
+    next
+end
+config sctp-filter profile
+end
+config diameter-filter profile
+end
+config firewall shaper traffic-shaper
+    edit "high-priority"
+        set guaranteed-bandwidth 0
+        set maximum-bandwidth 1048576
+        set bandwidth-unit kbps
+        set priority high
+        set per-policy enable
+        set diffserv disable
+        set cos-marking disable
+        set overhead 0
+    next
+    edit "medium-priority"
+        set guaranteed-bandwidth 0
+        set maximum-bandwidth 1048576
+        set bandwidth-unit kbps
+        set priority medium
+        set per-policy enable
+        set diffserv disable
+        set cos-marking disable
+        set overhead 0
+    next
+    edit "low-priority"
+        set guaranteed-bandwidth 0
+        set maximum-bandwidth 1048576
+        set bandwidth-unit kbps
+        set priority low
+        set per-policy enable
+        set diffserv disable
+        set cos-marking disable
+        set overhead 0
+    next
+    edit "guarantee-100kbps"
+        set guaranteed-bandwidth 100
+        set maximum-bandwidth 1048576
+        set bandwidth-unit kbps
+        set priority high
+        set per-policy enable
+        set diffserv disable
+        set cos-marking disable
+        set overhead 0
+    next
+    edit "shared-1M-pipe"
+        set guaranteed-bandwidth 0
+        set maximum-bandwidth 1024
+        set bandwidth-unit kbps
+        set priority high
+        set per-policy disable
+        set diffserv disable
+        set cos-marking disable
+        set overhead 0
+    next
+end
+config firewall shaper per-ip-shaper
+end
+config firewall proxy-address
+    edit "IPv4-address"
+        set uuid 2a1f31fe-c0f6-51f0-9dea-2fa35c0eace0
+        set type host-regex
+        set host-regex "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}$"
+        set referrer disable
+        set case-sensitivity disable
+        set color 0
+        set comment ''
+    next
+    edit "IPv6-address"
+        set uuid 2a1f3366-c0f6-51f0-3e8a-592ee6504265
+        set type host-regex
+        set host-regex "^\\[(([0-9a-f]{0,4}:){1,7}[0-9a-f]{1,4})\\]$"
+        set referrer disable
+        set case-sensitivity disable
+        set color 0
+        set comment ''
+    next
+end
+config firewall proxy-addrgrp
+end
+config web-proxy profile
+end
+config web-proxy global
+    set ssl-cert "Fortinet_Factory"
+    set ssl-ca-cert "Fortinet_CA_SSL"
+    set fast-policy-match enable
+    set ldap-user-cache disable
+    set proxy-fqdn "default.fqdn"
+    set max-request-length 8
+    set max-message-length 32
+    set strict-web-check disable
+    set forward-proxy-auth disable
+    set forward-server-affinity-timeout 30
+    set max-waf-body-cache-length 1
+    set webproxy-profile ''
+    set learn-client-ip disable
+    set policy-category-deep-inspect enable
+    set log-policy-pending disable
+    set log-forward-server disable
+    set log-app-id disable
+    set proxy-transparent-cert-inspection disable
+    set request-obs-fold keep
+end
+config web-proxy explicit
+    set status disable
+    set secure-web-proxy disable
+    set http-connection-mode static
+    set ipv6-status disable
+    set strict-guest disable
+    set https-replacement-message enable
+    set ssl-algorithm low
+end
+config web-proxy forward-server
+end
+config web-proxy forward-server-group
+end
+config web-proxy debug-url
+end
+config web-proxy wisp
+end
+config wanopt webcache
+    set max-object-size 512000
+    set neg-resp-time 0
+    set fresh-factor 100
+    set max-ttl 7200
+    set min-ttl 5
+    set default-ttl 1440
+    set ignore-ims disable
+    set ignore-conditional disable
+    set ignore-pnc disable
+    set ignore-ie-reload enable
+    set cache-expired disable
+    set cache-cookie disable
+    set reval-pnc disable
+    set always-revalidate disable
+    set cache-by-default disable
+    set host-validate disable
+    set external disable
+end
+config ftp-proxy explicit
+    set status disable
+    set ssl disable
+end
+config web-proxy fast-fallback
+end
+config web-proxy url-match
+end
+config application custom
+end
+config application list
+    edit "g-default"
+        set comment "Monitor all applications."
+        set replacemsg-group ''
+        set extended-log disable
+        set other-application-action pass
+        set app-replacemsg enable
+        set other-application-log disable
+        set enforce-default-app-port disable
+        set force-inclusion-ssl-di-sigs disable
+        set unknown-application-action pass
+        set unknown-application-log disable
+        unset p2p-block-list
+        set deep-app-inspection enable
+        set options allow-dns
+        config entries
+            edit 1
+                set protocols all
+                set vendor all
+                set technology all
+                set behavior all
+                set popularity 1 2 3 4 5
+                set action pass
+                set log enable
+                set log-packet disable
+                set session-ttl 0
+                set shaper ''
+                set shaper-reverse ''
+                set per-ip-shaper ''
+                set quarantine none
+            next
+        end
+        set control-default-network-services disable
+    next
+    edit "g-sniffer-profile"
+        set comment "Monitor all applications."
+        set replacemsg-group ''
+        set extended-log disable
+        set other-application-action pass
+        set app-replacemsg enable
+        set other-application-log disable
+        set enforce-default-app-port disable
+        set force-inclusion-ssl-di-sigs disable
+        set unknown-application-action pass
+        set unknown-application-log disable
+        unset p2p-block-list
+        set deep-app-inspection enable
+        unset options
+        config entries
+            edit 1
+                set protocols all
+                set vendor all
+                set technology all
+                set behavior all
+                set popularity 1 2 3 4 5
+                set action pass
+                set log enable
+                set log-packet disable
+                set session-ttl 0
+                set shaper ''
+                set shaper-reverse ''
+                set per-ip-shaper ''
+                set quarantine none
+            next
+        end
+        set control-default-network-services disable
+    next
+    edit "g-wifi-default"
+        set comment "Default configuration for offloading WiFi traffic."
+        set replacemsg-group ''
+        set extended-log disable
+        set other-application-action pass
+        set app-replacemsg enable
+        set other-application-log disable
+        set enforce-default-app-port disable
+        set force-inclusion-ssl-di-sigs disable
+        set unknown-application-action pass
+        set unknown-application-log disable
+        unset p2p-block-list
+        set deep-app-inspection disable
+        set options allow-dns
+        config entries
+            edit 1
+                set protocols all
+                set vendor all
+                set technology all
+                set behavior all
+                set popularity 1 2 3 4 5
+                set action pass
+                set log disable
+                set log-packet disable
+                set session-ttl 0
+                set shaper ''
+                set shaper-reverse ''
+                set per-ip-shaper ''
+                set quarantine none
+            next
+        end
+        set control-default-network-services disable
+    next
+end
+config application group
+end
+config dlp data-type
+    edit "g-credit-card"
+        set pattern "\\b([2-6]{1}\\d{3})[- ]?(\\d{4})[- ]?(\\d{2})[- ]?(\\d{2})[- ]?(\\d{2,4})\\b"
+        set verify "builtin)credit-card"
+        set verify2 ''
+        set match-around ''
+        set look-back 20
+        set look-ahead 1
+        set transform "\\b\\1[- ]?\\2[- ]?\\3[- ]?\\4[- ]?\\5\\b"
+        set verify-transformed-pattern disable
+        set comment ''
+    next
+    edit "g-edm-keyword"
+        set pattern ".+"
+        set verify ''
+        set match-around ''
+        set transform "/\\b\\0\\b/i"
+        set comment ''
+    next
+    edit "g-hex"
+        set pattern "built-in"
+        set verify ''
+        set match-around ''
+        set transform ''
+        set comment ''
+    next
+    edit "g-keyword"
+        set pattern "built-in"
+        set verify ''
+        set match-around ''
+        set transform ''
+        set comment ''
+    next
+    edit "g-mip-label"
+        set pattern "^[[:xdigit:]]{8}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{12}$"
+        set verify ''
+        set match-around ''
+        set transform "built-in"
+        set comment ''
+    next
+    edit "g-regex"
+        set pattern "built-in"
+        set verify ''
+        set match-around ''
+        set transform ''
+        set comment ''
+    next
+    edit "g-ssn-us"
+        set pattern "\\b(\\d{3})-(\\d{2})-(\\d{4})\\b"
+        set verify "(?<!-)\\b(?!666|000|9\\d{2})\\d{3}-(?!00)\\d{2}-(?!0{4})\\d{4}\\b(?!-)"
+        set verify2 ''
+        set match-around ''
+        set look-back 12
+        set look-ahead 1
+        set transform "\\b\\1-\\2-\\3\\b"
+        set verify-transformed-pattern disable
+        set comment ''
+    next
+end
+config dlp dictionary
+end
+config dlp exact-data-match
+end
+config dlp sensor
+end
+config dlp filepattern
+    edit 1
+        set name "builtin-patterns"
+        set comment ''
+        config entries
+            edit "*.bat"
+                set filter-type pattern
+            next
+            edit "*.com"
+                set filter-type pattern
+            next
+            edit "*.dll"
+                set filter-type pattern
+            next
+            edit "*.doc"
+                set filter-type pattern
+            next
+            edit "*.exe"
+                set filter-type pattern
+            next
+            edit "*.gz"
+                set filter-type pattern
+            next
+            edit "*.hta"
+                set filter-type pattern
+            next
+            edit "*.ppt"
+                set filter-type pattern
+            next
+            edit "*.rar"
+                set filter-type pattern
+            next
+            edit "*.scr"
+                set filter-type pattern
+            next
+            edit "*.tar"
+                set filter-type pattern
+            next
+            edit "*.tgz"
+                set filter-type pattern
+            next
+            edit "*.vb?"
+                set filter-type pattern
+            next
+            edit "*.wps"
+                set filter-type pattern
+            next
+            edit "*.xl?"
+                set filter-type pattern
+            next
+            edit "*.zip"
+                set filter-type pattern
+            next
+            edit "*.pif"
+                set filter-type pattern
+            next
+            edit "*.cpl"
+                set filter-type pattern
+            next
+        end
+    next
+    edit 2
+        set name "all_executables"
+        set comment ''
+        config entries
+            edit "bat"
+                set filter-type type
+                set file-type bat
+            next
+            edit "exe"
+                set filter-type type
+                set file-type exe
+            next
+            edit "elf"
+                set filter-type type
+                set file-type elf
+            next
+            edit "hta"
+                set filter-type type
+                set file-type hta
+            next
+        end
+    next
+end
+config dlp sensitivity
+    edit "Private"
+    next
+    edit "Critical"
+    next
+    edit "Warning"
+    next
+end
+config dlp fp-doc-source
+end
+config dlp profile
+    edit "g-default"
+        set comment "Default profile."
+        set feature-set flow
+        set replacemsg-group ''
+        set dlp-log enable
+        set extended-log disable
+        set nac-quar-log disable
+        unset full-archive-proto
+        unset summary-proto
+    next
+    edit "g-sniffer-profile"
+        set comment "Log a summary of email and web traffic."
+        set feature-set flow
+        set replacemsg-group ''
+        set dlp-log enable
+        set extended-log disable
+        set nac-quar-log disable
+        unset full-archive-proto
+        set summary-proto smtp pop3 imap http-get http-post
+    next
+end
+config webfilter content
+end
+config webfilter content-header
+end
+config webfilter urlfilter
+end
+config videofilter youtube-key
+end
+config videofilter keyword
+end
+config videofilter profile
+end
+config webfilter ips-urlfilter-setting
+    set device ''
+    set distance 1
+    set gateway 0.0.0.0
+    set geo-filter ''
+end
+config webfilter ips-urlfilter-setting6
+    set device ''
+    set distance 1
+    set gateway6 ::
+    set geo-filter ''
+end
+config emailfilter bword
+end
+config emailfilter block-allow-list
+end
+config emailfilter mheader
+end
+config emailfilter dnsbl
+end
+config emailfilter iptrust
+end
+config log threat-weight
+    set status enable
+    config level
+        set low 5
+        set medium 10
+        set high 30
+        set critical 50
+    end
+    set blocked-connection high
+    set failed-connection low
+    set url-block-detected high
+    set botnet-connection-detected critical
+    config malware
+        set virus-infected critical
+        set inline-block critical
+        set file-blocked low
+        set command-blocked disable
+        set oversized disable
+        set virus-scan-error high
+        set switch-proto disable
+        set mimefragmented disable
+        set virus-file-type-executable medium
+        set virus-outbreak-prevention critical
+        set content-disarm medium
+        set malware-list medium
+        set ems-threat-feed medium
+        set fsa-malicious critical
+        set fsa-high-risk high
+        set fsa-medium-risk medium
+    end
+    config ips
+        set info-severity disable
+        set low-severity low
+        set medium-severity medium
+        set high-severity high
+        set critical-severity critical
+    end
+    config web
+        edit 1
+            set category 26
+            set level high
+        next
+        edit 2
+            set category 61
+            set level high
+        next
+        edit 3
+            set category 86
+            set level high
+        next
+        edit 4
+            set category 1
+            set level medium
+        next
+        edit 5
+            set category 3
+            set level medium
+        next
+        edit 6
+            set category 4
+            set level medium
+        next
+        edit 7
+            set category 5
+            set level medium
+        next
+        edit 8
+            set category 6
+            set level medium
+        next
+        edit 9
+            set category 12
+            set level medium
+        next
+        edit 10
+            set category 59
+            set level medium
+        next
+        edit 11
+            set category 62
+            set level medium
+        next
+        edit 12
+            set category 83
+            set level medium
+        next
+        edit 13
+            set category 72
+            set level low
+        next
+        edit 14
+            set category 14
+            set level low
+        next
+        edit 15
+            set category 96
+            set level medium
+        next
+    end
+    config application
+        edit 1
+            set category 2
+            set level low
+        next
+        edit 2
+            set category 6
+            set level medium
+        next
+    end
+end
+config icap server
+end
+config icap server-group
+end
+config icap profile
+    edit "default"
+        set replacemsg-group ''
+        set comment ''
+        set request disable
+        set response disable
+        unset file-transfer
+        set streaming-content-bypass disable
+        set 204-response disable
+        set preview disable
+        set methods delete get head options post put trace connect other
+        set icap-block-log disable
+        set chunk-encap disable
+        unset extension-feature
+        set timeout 30
+        config icap-headers
+            edit 1
+                set name "X-Authenticated-User"
+                set content "$user"
+                set base64-encoding disable
+            next
+            edit 2
+                set name "X-Authenticated-Groups"
+                set content "$local_grp"
+                set base64-encoding disable
+            next
+        end
+    next
+end
+config system network-visibility
+    set destination-visibility enable
+    set source-location enable
+    set destination-hostname-visibility enable
+    set hostname-ttl 86400
+    set hostname-limit 5000
+    set destination-location enable
+end
+config user peer
+end
+config user peergrp
+end
+config vpn qkd
+end
+config user certificate
+end
+config user radius
+end
+config user tacacs+
+end
+config user exchange
+end
+config user ldap
+end
+config user krb-keytab
+end
+config user domain-controller
+end
+config user pop3
+end
+config user saml
+end
+config user external-identity-provider
+end
+config user fsso
+end
+config user adgrp
+end
+config user fsso-polling
+end
+config user fortitoken
+end
+config user password-policy
+end
+config user local
+end
+config user setting
+    set auth-type http https ftp telnet
+    set auth-cert "Fortinet_Factory"
+    set auth-ca-cert ''
+    set auth-secure-http disable
+    set auth-http-basic disable
+    set auth-ssl-allow-renegotiation disable
+    set auth-src-mac enable
+    set auth-on-demand implicitly
+    set auth-timeout 5
+    set auth-timeout-type idle-timeout
+    set auth-portal-timeout 3
+    set radius-ses-timeout-act hard-timeout
+    set auth-blackout-time 0
+    set auth-invalid-max 5
+    set auth-lockout-threshold 3
+    set auth-lockout-duration 0
+    set per-policy-disclaimer disable
+    set auth-ssl-min-proto-version default
+    unset auth-ssl-max-proto-version
+    set auth-ssl-sigalgs all
+    set default-user-password-policy ''
+end
+config user quarantine
+    set quarantine enable
+    set traffic-policy ''
+    set firewall-groups ''
+end
+config user group
+    edit "SSO_Guest_Users"
+        set authtimeout 0
+        set http-digest-realm ''
+    next
+end
+config user security-exempt-list
+end
+config vpn ssl web realm
+end
+config vpn ssl web host-check-software
+    edit "FortiClient-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "1A0271D5-3D4F-46DB-0C2C-AB37BA90D9F7"
+    next
+    edit "FortiClient-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
+    next
+    edit "FortiClient-AV-Vista"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
+    next
+    edit "FortiClient-FW-Vista"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
+    next
+    edit "FortiClient5-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "5EEDDB8C-C27A-6714-3657-DBD811D1F1B7"
+    next
+    edit "AVG-Internet-Security-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
+    next
+    edit "AVG-Internet-Security-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "8DECF618-9569-4340-B34A-D78D28969B66"
+    next
+    edit "AVG-Internet-Security-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
+    next
+    edit "AVG-Internet-Security-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
+    next
+    edit "CA-Anti-Virus"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
+    next
+    edit "CA-Internet-Security-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
+    next
+    edit "CA-Internet-Security-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
+    next
+    edit "CA-Internet-Security-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
+    next
+    edit "CA-Internet-Security-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
+    next
+    edit "CA-Personal-Firewall"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
+    next
+    edit "F-Secure-Internet-Security-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
+    next
+    edit "F-Secure-Internet-Security-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "D4747503-0346-49EB-9262-997542F79BF4"
+    next
+    edit "F-Secure-Internet-Security-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "15414183-282E-D62C-CA37-EF24860A2F17"
+    next
+    edit "F-Secure-Internet-Security-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
+    next
+    edit "Kaspersky-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
+    next
+    edit "Kaspersky-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
+    next
+    edit "Kaspersky-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
+    next
+    edit "Kaspersky-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
+    next
+    edit "McAfee-Internet-Security-Suite-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
+    next
+    edit "McAfee-Internet-Security-Suite-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
+    next
+    edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
+    next
+    edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
+    next
+    edit "McAfee-Virus-Scan-Enterprise"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
+    next
+    edit "Norton-360-2.0-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
+    next
+    edit "Norton-360-2.0-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
+    next
+    edit "Norton-360-3.0-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "E10A9785-9598-4754-B552-92431C1C35F8"
+    next
+    edit "Norton-360-3.0-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
+    next
+    edit "Norton-Internet-Security-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "E10A9785-9598-4754-B552-92431C1C35F8"
+    next
+    edit "Norton-Internet-Security-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
+    next
+    edit "Norton-Internet-Security-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
+    next
+    edit "Norton-Internet-Security-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
+    next
+    edit "Symantec-Endpoint-Protection-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
+    next
+    edit "Symantec-Endpoint-Protection-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
+    next
+    edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
+    next
+    edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
+    next
+    edit "Panda-Antivirus+Firewall-2008-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
+    next
+    edit "Panda-Antivirus+Firewall-2008-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
+    next
+    edit "Panda-Internet-Security-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
+    next
+    edit "Panda-Internet-Security-2006~2007-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
+    next
+    edit "Panda-Internet-Security-2008~2009-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
+    next
+    edit "Sophos-Anti-Virus"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
+    next
+    edit "Sophos-Enpoint-Secuirty-and-Control-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
+    next
+    edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
+    next
+    edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
+    next
+    edit "Trend-Micro-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
+    next
+    edit "Trend-Micro-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
+    next
+    edit "Trend-Micro-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
+    next
+    edit "Trend-Micro-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
+    next
+    edit "ZoneAlarm-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
+    next
+    edit "ZoneAlarm-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
+    next
+    edit "ZoneAlarm-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
+    next
+    edit "ZoneAlarm-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
+    next
+    edit "ESET-Smart-Security-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
+    next
+    edit "ESET-Smart-Security-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
+    next
+end
+config vpn ssl web portal
+    edit "full-access"
+        set tunnel-mode enable
+        set ipv6-tunnel-mode enable
+        set web-mode enable
+        set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
+        set limit-user-logins disable
+        set forticlient-download enable
+        set ip-mode range
+        set auto-connect disable
+        set keep-alive disable
+        set save-password disable
+        set ip-pools "SSLVPN_TUNNEL_ADDR1"
+        set split-tunneling enable
+        set split-tunneling-routing-negate disable
+        set dns-server1 0.0.0.0
+        set dns-server2 0.0.0.0
+        set dns-suffix ''
+        set wins-server1 0.0.0.0
+        set wins-server2 0.0.0.0
+        set dhcp-ra-giaddr 0.0.0.0
+        set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
+        set ipv6-split-tunneling enable
+        set ipv6-split-tunneling-routing-negate disable
+        set ipv6-dns-server1 ::
+        set ipv6-dns-server2 ::
+        set ipv6-wins-server1 ::
+        set ipv6-wins-server2 ::
+        set dhcp6-ra-linkaddr ::
+        set client-src-range disable
+        set landing-page-mode disable
+        set display-bookmark enable
+        set user-bookmark enable
+        set default-protocol web
+        set user-group-bookmark enable
+        set display-connection-tools enable
+        set display-history enable
+        set focus-bookmark disable
+        set display-status enable
+        set rewrite-ip-uri-ui disable
+        set heading "SSL-VPN Portal"
+        set redir-url ''
+        set theme security-fabric
+        set smb-ntlmv1-auth disable
+        set smb-min-version smbv2
+        set smb-max-version smbv3
+        set use-sdwan disable
+        set clipboard enable
+        set default-window-width 1024
+        set default-window-height 768
+        set host-check none
+        set mac-addr-check disable
+        set os-check disable
+        set forticlient-download-method direct
+        set customize-forticlient-download-url disable
+        set hide-sso-credential enable
+    next
+    edit "web-access"
+        set tunnel-mode disable
+        set ipv6-tunnel-mode disable
+        set web-mode enable
+        set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
+        set limit-user-logins disable
+        set forticlient-download enable
+        set dns-suffix ''
+        set landing-page-mode disable
+        set display-bookmark enable
+        set user-bookmark enable
+        set default-protocol web
+        set user-group-bookmark enable
+        set display-connection-tools enable
+        set display-history enable
+        set focus-bookmark disable
+        set display-status enable
+        set rewrite-ip-uri-ui disable
+        set heading "SSL-VPN Portal"
+        set redir-url ''
+        set theme security-fabric
+        set smb-ntlmv1-auth disable
+        set smb-min-version smbv2
+        set smb-max-version smbv3
+        set use-sdwan disable
+        set clipboard enable
+        set default-window-width 1024
+        set default-window-height 768
+        set forticlient-download-method direct
+        set customize-forticlient-download-url disable
+        set hide-sso-credential enable
+    next
+    edit "tunnel-access"
+        set tunnel-mode enable
+        set ipv6-tunnel-mode enable
+        set web-mode disable
+        set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
+        set limit-user-logins disable
+        set forticlient-download enable
+        set ip-mode range
+        set auto-connect disable
+        set keep-alive disable
+        set save-password disable
+        set ip-pools "SSLVPN_TUNNEL_ADDR1"
+        set split-tunneling enable
+        set split-tunneling-routing-negate disable
+        set dns-server1 0.0.0.0
+        set dns-server2 0.0.0.0
+        set dns-suffix ''
+        set wins-server1 0.0.0.0
+        set wins-server2 0.0.0.0
+        set dhcp-ra-giaddr 0.0.0.0
+        set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
+        set ipv6-split-tunneling enable
+        set ipv6-split-tunneling-routing-negate disable
+        set ipv6-dns-server1 ::
+        set ipv6-dns-server2 ::
+        set ipv6-wins-server1 ::
+        set ipv6-wins-server2 ::
+        set dhcp6-ra-linkaddr ::
+        set client-src-range disable
+        set host-check none
+        set mac-addr-check disable
+        set os-check disable
+        set forticlient-download-method direct
+        set customize-forticlient-download-url disable
+    next
+end
+config vpn ssl settings
+    set status enable
+    set reqclientcert disable
+    set ssl-max-proto-ver tls1-3
+    set ssl-min-proto-ver tls1-2
+    set banned-cipher SHA1 SHA256 SHA384
+    set ciphersuite TLS-AES-128-GCM-SHA256 TLS-AES-256-GCM-SHA384 TLS-CHACHA20-POLY1305-SHA256
+    set ssl-insert-empty-fragment enable
+    set https-redirect disable
+    set x-content-type-options enable
+    set ssl-client-renegotiation disable
+    set force-two-factor-auth disable
+    set servercert "Fortinet_Factory"
+    set algorithm high
+    set idle-timeout 300
+    set auth-timeout 28800
+    set login-attempt-limit 2
+    set login-block-time 60
+    set login-timeout 30
+    set dns-suffix ''
+    set dns-server1 0.0.0.0
+    set dns-server2 0.0.0.0
+    set wins-server1 0.0.0.0
+    set wins-server2 0.0.0.0
+    set ipv6-dns-server1 ::
+    set ipv6-dns-server2 ::
+    set ipv6-wins-server1 ::
+    set ipv6-wins-server2 ::
+    set url-obscuration disable
+    set http-compression disable
+    set http-only-cookie enable
+    set port 443
+    set port-precedence enable
+    set auto-tunnel-static-route enable
+    set header-x-forwarded-for add
+    set browser-language-detection enable
+    set dtls-tunnel enable
+    set check-referer disable
+    set http-request-header-timeout 20
+    set http-request-body-timeout 30
+    set auth-session-check-source-ip enable
+    set tunnel-connect-without-reauth disable
+    set hsts-include-subdomains disable
+    set transform-backward-slashes disable
+    set encode-2f-sequence disable
+    set encrypt-and-store-password disable
+    set client-sigalgs all
+    set dual-stack-mode disable
+    set tunnel-addr-assigned-method first-available
+    set saml-redirect-port 8020
+    set ztna-trusted-client disable
+    set server-hostname ''
+    set dtls-hello-timeout 10
+    set dtls-heartbeat-idle-timeout 3
+    set dtls-heartbeat-interval 3
+    set dtls-heartbeat-fail-count 3
+    set dtls-max-proto-ver dtls1-2
+    set dtls-min-proto-ver dtls1-0
+end
+config vpn ssl web user-group-bookmark
+end
+config vpn ssl web user-bookmark
+end
+config vpn ssl client
+end
+config voip profile
+    edit "default"
+        set comment "Default VoIP profile."
+        config sip
+            set status enable
+            set rtp enable
+            set nat-port-range 5117-65533
+            set open-register-pinhole enable
+            set open-contact-pinhole enable
+            set strict-register enable
+            set register-rate 0
+            set invite-rate 0
+            set max-dialogs 0
+            set max-line-length 998
+            set block-long-lines enable
+            set block-unknown enable
+            set call-keepalive 0
+            set block-ack disable
+            set block-bye disable
+            set block-cancel disable
+            set block-info disable
+            set block-invite disable
+            set block-message disable
+            set block-notify disable
+            set block-options disable
+            set block-prack disable
+            set block-publish disable
+            set block-refer disable
+            set block-register disable
+            set block-subscribe disable
+            set block-update disable
+            set register-contact-trace disable
+            set open-via-pinhole disable
+            set open-record-route-pinhole enable
+            set rfc2543-branch disable
+            set log-violations disable
+            set log-call-summary enable
+            set nat-trace enable
+            set subscribe-rate 0
+            set message-rate 0
+            set notify-rate 0
+            set refer-rate 0
+            set update-rate 0
+            set options-rate 0
+            set ack-rate 0
+            set prack-rate 0
+            set info-rate 0
+            set publish-rate 0
+            set bye-rate 0
+            set cancel-rate 0
+            set preserve-override disable
+            set no-sdp-fixup disable
+            set contact-fixup enable
+            set max-idle-dialogs 0
+            set block-geo-red-options disable
+            set hosted-nat-traversal disable
+            set hnt-restrict-source-ip disable
+            set max-body-length 0
+            set unknown-header pass
+            set malformed-request-line pass
+            set malformed-header-via pass
+            set malformed-header-from pass
+            set malformed-header-to pass
+            set malformed-header-call-id pass
+            set malformed-header-cseq pass
+            set malformed-header-rack pass
+            set malformed-header-rseq pass
+            set malformed-header-contact pass
+            set malformed-header-record-route pass
+            set malformed-header-route pass
+            set malformed-header-expires pass
+            set malformed-header-content-type pass
+            set malformed-header-content-length pass
+            set malformed-header-max-forwards pass
+            set malformed-header-allow pass
+            set malformed-header-p-asserted-identity pass
+            set malformed-header-sdp-v pass
+            set malformed-header-sdp-o pass
+            set malformed-header-sdp-s pass
+            set malformed-header-sdp-i pass
+            set malformed-header-sdp-c pass
+            set malformed-header-sdp-b pass
+            set malformed-header-sdp-z pass
+            set malformed-header-sdp-k pass
+            set malformed-header-sdp-a pass
+            set malformed-header-sdp-t pass
+            set malformed-header-sdp-r pass
+            set malformed-header-sdp-m pass
+            set provisional-invite-expiry-time 210
+            set ips-rtp enable
+            set ssl-mode off
+        end
+        config sccp
+            set status enable
+            set block-mcast disable
+            set verify-header disable
+            set log-call-summary disable
+            set log-violations disable
+            set max-calls 0
+        end
+    next
+    edit "strict"
+        set feature-set voipd
+        set comment ''
+        config sip
+            set status enable
+            set rtp enable
+            set nat-port-range 5117-65533
+            set open-register-pinhole enable
+            set open-contact-pinhole enable
+            set strict-register enable
+            set register-rate 0
+            set invite-rate 0
+            set max-dialogs 0
+            set max-line-length 998
+            set block-long-lines enable
+            set block-unknown enable
+            set call-keepalive 0
+            set block-ack disable
+            set block-bye disable
+            set block-cancel disable
+            set block-info disable
+            set block-invite disable
+            set block-message disable
+            set block-notify disable
+            set block-options disable
+            set block-prack disable
+            set block-publish disable
+            set block-refer disable
+            set block-register disable
+            set block-subscribe disable
+            set block-update disable
+            set register-contact-trace disable
+            set open-via-pinhole disable
+            set open-record-route-pinhole enable
+            set rfc2543-branch disable
+            set log-violations disable
+            set log-call-summary enable
+            set nat-trace enable
+            set subscribe-rate 0
+            set message-rate 0
+            set notify-rate 0
+            set refer-rate 0
+            set update-rate 0
+            set options-rate 0
+            set ack-rate 0
+            set prack-rate 0
+            set info-rate 0
+            set publish-rate 0
+            set bye-rate 0
+            set cancel-rate 0
+            set preserve-override disable
+            set no-sdp-fixup disable
+            set contact-fixup enable
+            set max-idle-dialogs 0
+            set block-geo-red-options disable
+            set hosted-nat-traversal disable
+            set hnt-restrict-source-ip disable
+            set max-body-length 0
+            set unknown-header pass
+            set malformed-request-line discard
+            set malformed-header-via discard
+            set malformed-header-from discard
+            set malformed-header-to discard
+            set malformed-header-call-id discard
+            set malformed-header-cseq discard
+            set malformed-header-rack discard
+            set malformed-header-rseq discard
+            set malformed-header-contact discard
+            set malformed-header-record-route discard
+            set malformed-header-route discard
+            set malformed-header-expires discard
+            set malformed-header-content-type discard
+            set malformed-header-content-length discard
+            set malformed-header-max-forwards discard
+            set malformed-header-allow discard
+            set malformed-header-p-asserted-identity discard
+            set malformed-header-sdp-v discard
+            set malformed-header-sdp-o discard
+            set malformed-header-sdp-s discard
+            set malformed-header-sdp-i discard
+            set malformed-header-sdp-c discard
+            set malformed-header-sdp-b discard
+            set malformed-header-sdp-z discard
+            set malformed-header-sdp-k discard
+            set malformed-header-sdp-a discard
+            set malformed-header-sdp-t discard
+            set malformed-header-sdp-r discard
+            set malformed-header-sdp-m discard
+            set provisional-invite-expiry-time 210
+            set ips-rtp enable
+            set ssl-mode off
+        end
+        config sccp
+            set status enable
+            set block-mcast disable
+            set verify-header disable
+            set log-call-summary disable
+            set log-violations disable
+            set max-calls 0
+        end
+    next
+end
+config system sdwan
+    set status disable
+    set load-balance-mode source-ip-based
+    set speedtest-bypass-routing disable
+    set duplication-max-num 2
+    set neighbor-hold-down disable
+    set neighbor-hold-down-time 0
+    set app-perf-log-period 0
+    set neighbor-hold-boot-time 0
+    set fail-detect disable
+    config zone
+        edit "virtual-wan-link"
+            set advpn-select disable
+            set service-sla-tie-break cfg-order
+            set minimum-sla-meet-members 1
+        next
+    end
+    config health-check
+        edit "Default_DNS"
+            set probe-packets enable
+            set addr-mode ipv4
+            set system-dns enable
+            set detect-mode active
+            set ha-priority 1
+            set dns-request-domain "www.example.com"
+            set dns-match-ip 0.0.0.0
+            set interval 1000
+            set probe-timeout 1000
+            set failtime 5
+            set recoverytime 10
+            set probe-count 30
+            set diffservcode 000000
+            set update-cascade-interface enable
+            set update-static-route enable
+            set embed-measured-health disable
+            set sla-id-redistribute 0
+            set sla-fail-log-period 0
+            set sla-pass-log-period 0
+            set threshold-warning-packetloss 0
+            set threshold-alert-packetloss 0
+            set threshold-warning-latency 0
+            set threshold-alert-latency 0
+            set threshold-warning-jitter 0
+            set threshold-alert-jitter 0
+            set vrf 0
+            set source 0.0.0.0
+            set mos-codec g711
+            unset class-id
+            config sla
+                edit 1
+                    set link-cost-factor latency jitter packet-loss
+                    set latency-threshold 250
+                    set jitter-threshold 50
+                    set packetloss-threshold 5
+                    set priority-in-sla 0
+                    set priority-out-sla 0
+                next
+            end
+        next
+        edit "Default_Office_365"
+            set probe-packets enable
+            set addr-mode ipv4
+            set server "www.office.com"
+            set detect-mode active
+            set protocol https
+            set port 0
+            set ha-priority 1
+            set http-get "/"
+            set http-agent "Chrome/ Safari/"
+            set http-match ''
+            set interval 120000
+            set probe-timeout 1000
+            set failtime 5
+            set recoverytime 10
+            set probe-count 30
+            set diffservcode 000000
+            set update-cascade-interface enable
+            set update-static-route enable
+            set embed-measured-health disable
+            set sla-id-redistribute 0
+            set sla-fail-log-period 0
+            set sla-pass-log-period 0
+            set threshold-warning-packetloss 0
+            set threshold-alert-packetloss 0
+            set threshold-warning-latency 0
+            set threshold-alert-latency 0
+            set threshold-warning-jitter 0
+            set threshold-alert-jitter 0
+            set vrf 0
+            set source 0.0.0.0
+            set mos-codec g711
+            unset class-id
+            config sla
+                edit 1
+                    set link-cost-factor latency jitter packet-loss
+                    set latency-threshold 250
+                    set jitter-threshold 50
+                    set packetloss-threshold 5
+                    set priority-in-sla 0
+                    set priority-out-sla 0
+                next
+            end
+        next
+        edit "Default_Gmail"
+            set probe-packets enable
+            set addr-mode ipv4
+            set server "gmail.com"
+            set detect-mode active
+            set protocol ping
+            set ha-priority 1
+            set interval 1000
+            set probe-timeout 1000
+            set failtime 5
+            set recoverytime 10
+            set probe-count 30
+            set diffservcode 000000
+            set update-cascade-interface enable
+            set update-static-route enable
+            set embed-measured-health disable
+            set sla-id-redistribute 0
+            set sla-fail-log-period 0
+            set sla-pass-log-period 0
+            set threshold-warning-packetloss 0
+            set threshold-alert-packetloss 0
+            set threshold-warning-latency 0
+            set threshold-alert-latency 0
+            set threshold-warning-jitter 0
+            set threshold-alert-jitter 0
+            set vrf 0
+            set source 0.0.0.0
+            set mos-codec g711
+            unset class-id
+            config sla
+                edit 1
+                    set link-cost-factor latency jitter packet-loss
+                    set latency-threshold 250
+                    set jitter-threshold 50
+                    set packetloss-threshold 2
+                    set priority-in-sla 0
+                    set priority-out-sla 0
+                next
+            end
+        next
+        edit "Default_Google Search"
+            set probe-packets enable
+            set addr-mode ipv4
+            set server "www.google.com"
+            set detect-mode active
+            set protocol https
+            set port 0
+            set ha-priority 1
+            set http-get "/"
+            set http-agent "Chrome/ Safari/"
+            set http-match ''
+            set interval 120000
+            set probe-timeout 1000
+            set failtime 5
+            set recoverytime 10
+            set probe-count 30
+            set diffservcode 000000
+            set update-cascade-interface enable
+            set update-static-route enable
+            set embed-measured-health disable
+            set sla-id-redistribute 0
+            set sla-fail-log-period 0
+            set sla-pass-log-period 0
+            set threshold-warning-packetloss 0
+            set threshold-alert-packetloss 0
+            set threshold-warning-latency 0
+            set threshold-alert-latency 0
+            set threshold-warning-jitter 0
+            set threshold-alert-jitter 0
+            set vrf 0
+            set source 0.0.0.0
+            set mos-codec g711
+            unset class-id
+            config sla
+                edit 1
+                    set link-cost-factor latency jitter packet-loss
+                    set latency-threshold 250
+                    set jitter-threshold 50
+                    set packetloss-threshold 5
+                    set priority-in-sla 0
+                    set priority-out-sla 0
+                next
+            end
+        next
+        edit "Default_FortiGuard"
+            set probe-packets enable
+            set addr-mode ipv4
+            set server "fortiguard.com"
+            set detect-mode active
+            set protocol https
+            set port 0
+            set ha-priority 1
+            set http-get "/"
+            set http-agent "Chrome/ Safari/"
+            set http-match ''
+            set interval 120000
+            set probe-timeout 1000
+            set failtime 5
+            set recoverytime 10
+            set probe-count 30
+            set diffservcode 000000
+            set update-cascade-interface enable
+            set update-static-route enable
+            set embed-measured-health disable
+            set sla-id-redistribute 0
+            set sla-fail-log-period 0
+            set sla-pass-log-period 0
+            set threshold-warning-packetloss 0
+            set threshold-alert-packetloss 0
+            set threshold-warning-latency 0
+            set threshold-alert-latency 0
+            set threshold-warning-jitter 0
+            set threshold-alert-jitter 0
+            set vrf 0
+            set source 0.0.0.0
+            set mos-codec g711
+            unset class-id
+            config sla
+                edit 1
+                    set link-cost-factor latency jitter packet-loss
+                    set latency-threshold 250
+                    set jitter-threshold 50
+                    set packetloss-threshold 5
+                    set priority-in-sla 0
+                    set priority-out-sla 0
+                next
+            end
+        next
+    end
+end
+config vpn ipsec fec
+end
+config vpn kmip-server
+end
+config vpn ipsec phase1
+end
+config vpn ipsec phase2
+end
+config vpn ipsec manualkey
+end
+config vpn ipsec concentrator
+end
+config vpn ipsec phase1-interface
+end
+config vpn ipsec phase2-interface
+end
+config vpn ipsec manualkey-interface
+end
+config vpn pptp
+    set status disable
+end
+config vpn l2tp
+    set status disable
+    set lcp-max-echo-fails 3
+    set hello-interval 60
+end
+config vpn ipsec forticlient
+end
+config system evpn
+end
+config dnsfilter domain-filter
+end
+config dnsfilter profile
+    edit "default"
+        set comment "Default dns filtering."
+        config domain-filter
+            unset domain-filter-table
+        end
+        config ftgd-dns
+            unset options
+            config filters
+                edit 1
+                    set category 2
+                    set action monitor
+                next
+                edit 2
+                    set category 7
+                    set action monitor
+                next
+                edit 3
+                    set category 8
+                    set action monitor
+                next
+                edit 4
+                    set category 9
+                    set action monitor
+                next
+                edit 5
+                    set category 11
+                    set action monitor
+                next
+                edit 6
+                    set category 12
+                    set action monitor
+                next
+                edit 7
+                    set category 13
+                    set action monitor
+                next
+                edit 8
+                    set category 14
+                    set action monitor
+                next
+                edit 9
+                    set category 15
+                    set action monitor
+                next
+                edit 10
+                    set category 16
+                    set action monitor
+                next
+                edit 11
+                    set category 0
+                    set action monitor
+                next
+                edit 12
+                    set category 57
+                    set action monitor
+                next
+                edit 13
+                    set category 63
+                    set action monitor
+                next
+                edit 14
+                    set category 64
+                    set action monitor
+                next
+                edit 15
+                    set category 65
+                    set action monitor
+                next
+                edit 16
+                    set category 66
+                    set action monitor
+                next
+                edit 17
+                    set category 67
+                    set action monitor
+                next
+                edit 18
+                    set category 26
+                    set action block
+                    set log enable
+                next
+                edit 19
+                    set category 61
+                    set action block
+                    set log enable
+                next
+                edit 20
+                    set category 86
+                    set action block
+                    set log enable
+                next
+                edit 21
+                    set category 88
+                    set action block
+                    set log enable
+                next
+                edit 22
+                    set category 90
+                    set action block
+                    set log enable
+                next
+                edit 23
+                    set category 91
+                    set action block
+                    set log enable
+                next
+            end
+        end
+        set log-all-domain disable
+        set sdns-ftgd-err-log enable
+        set sdns-domain-log enable
+        set block-action redirect
+        set block-botnet enable
+        set safe-search disable
+        set strip-ech enable
+        set redirect-portal 0.0.0.0
+        set redirect-portal6 ::
+    next
+end
+config system gre-tunnel
+end
+config system ipsec-aggregate
+end
+config system ipip-tunnel
+end
+config system mobile-tunnel
+end
+config system pppoe-interface
+end
+config system vxlan
+end
+config system geneve
+end
+config system virtual-wire-pair
+end
+config system dns-database
+end
+config system dns-server
+end
+config log custom-field
+end
+config antivirus settings
+    set machine-learning-detection enable
+    set use-extreme-db disable
+    set grayware enable
+    set override-timeout 0
+    set cache-infected-result enable
+end
+config antivirus quarantine
+    set agelimit 0
+    set maxfilesize 0
+    set quarantine-quota 0
+    unset drop-infected
+    set store-infected imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
+    unset drop-machine-learning
+    set store-machine-learning imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
+    set lowspace ovrw-old
+    set destination disk
+end
+config antivirus exempt-list
+end
+config ssh-filter profile
+end
+config antivirus profile
+    edit "g-default"
+        set comment "Scan files and block viruses."
+        set replacemsg-group ''
+        set feature-set flow
+        set mobile-malware-db enable
+        config http
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config ftp
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config imap
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config pop3
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config smtp
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config nntp
+            set av-scan disable
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config cifs
+            set av-scan disable
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config nac-quar
+            set infected none
+            set log disable
+        end
+        set outbreak-prevention-archive-scan disable
+        set external-blocklist-enable-all enable
+        set ems-threat-feed disable
+        set av-virus-log enable
+        set extended-log disable
+    next
+    edit "g-sniffer-profile"
+        set comment "Scan files and monitor viruses."
+        set replacemsg-group ''
+        set feature-set flow
+        set mobile-malware-db enable
+        config http
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config ftp
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config imap
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config pop3
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config smtp
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config nntp
+            set av-scan disable
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config cifs
+            set av-scan disable
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config nac-quar
+            set infected none
+            set log disable
+        end
+        set outbreak-prevention-archive-scan disable
+        set external-blocklist-enable-all enable
+        set ems-threat-feed disable
+        set av-virus-log enable
+        set extended-log disable
+    next
+    edit "g-wifi-default"
+        set comment "Default configuration for offloading WiFi traffic."
+        set replacemsg-group ''
+        set feature-set flow
+        set mobile-malware-db enable
+        config http
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config ftp
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config imap
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config pop3
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config smtp
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config nntp
+            set av-scan disable
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config cifs
+            set av-scan disable
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config nac-quar
+            set infected none
+            set log disable
+        end
+        set outbreak-prevention-archive-scan disable
+        set external-blocklist-enable-all enable
+        set ems-threat-feed disable
+        set av-virus-log enable
+        set extended-log disable
+    next
+end
+config file-filter profile
+    edit "g-default"
+        set comment "File type inspection."
+        set feature-set flow
+        set replacemsg-group ''
+        set log enable
+        set extended-log disable
+        set scan-archive-contents enable
+    next
+    edit "g-sniffer-profile"
+        set comment "File type inspection."
+        set feature-set flow
+        set replacemsg-group ''
+        set log enable
+        set extended-log disable
+        set scan-archive-contents enable
+    next
+end
+config webfilter profile
+    edit "g-default"
+        set comment "Default web filtering."
+        set feature-set flow
+        set replacemsg-group ''
+        unset options
+        set https-replacemsg enable
+        set web-flow-log-encoding utf-8
+        unset ovrd-perm
+        set post-action normal
+        config override
+            set ovrd-cookie deny
+            set ovrd-scope user
+            set profile-type list
+            set ovrd-dur-mode constant
+            set ovrd-dur 15m
+        end
+        config web
+            set bword-threshold 10
+            set blocklist disable
+            unset allowlist
+            unset safe-search
+        end
+        config ftgd-wf
+            unset options
+            unset ovrd
+            config filters
+                edit 1
+                    set category 0
+                    set action block
+                    set log enable
+                next
+                edit 2
+                    set category 2
+                    set action block
+                    set log enable
+                next
+                edit 3
+                    set category 7
+                    set action block
+                    set log enable
+                next
+                edit 4
+                    set category 8
+                    set action block
+                    set log enable
+                next
+                edit 5
+                    set category 9
+                    set action block
+                    set log enable
+                next
+                edit 6
+                    set category 11
+                    set action block
+                    set log enable
+                next
+                edit 7
+                    set category 12
+                    set action block
+                    set log enable
+                next
+                edit 8
+                    set category 13
+                    set action block
+                    set log enable
+                next
+                edit 9
+                    set category 14
+                    set action block
+                    set log enable
+                next
+                edit 10
+                    set category 15
+                    set action block
+                    set log enable
+                next
+                edit 11
+                    set category 16
+                    set action block
+                    set log enable
+                next
+                edit 12
+                    set category 26
+                    set action block
+                    set log enable
+                next
+                edit 13
+                    set category 57
+                    set action block
+                    set log enable
+                next
+                edit 14
+                    set category 61
+                    set action block
+                    set log enable
+                next
+                edit 15
+                    set category 63
+                    set action block
+                    set log enable
+                next
+                edit 16
+                    set category 64
+                    set action block
+                    set log enable
+                next
+                edit 17
+                    set category 65
+                    set action block
+                    set log enable
+                next
+                edit 18
+                    set category 66
+                    set action block
+                    set log enable
+                next
+                edit 19
+                    set category 67
+                    set action block
+                    set log enable
+                next
+                edit 20
+                    set category 86
+                    set action block
+                    set log enable
+                next
+                edit 21
+                    set category 88
+                    set action block
+                    set log enable
+                next
+                edit 22
+                    set category 90
+                    set action block
+                    set log enable
+                next
+                edit 23
+                    set category 91
+                    set action block
+                    set log enable
+                next
+            end
+            set rate-javascript-urls enable
+            set rate-css-urls enable
+            set rate-crl-urls enable
+        end
+        set wisp disable
+        set log-all-url disable
+        set web-content-log enable
+        set web-filter-command-block-log enable
+        set web-filter-cookie-log enable
+        set web-url-log enable
+        set web-invalid-domain-log enable
+        set web-ftgd-err-log enable
+        set extended-log disable
+    next
+    edit "g-sniffer-profile"
+        set comment "Monitor web traffic."
+        set feature-set flow
+        set replacemsg-group ''
+        unset options
+        set https-replacemsg enable
+        set web-flow-log-encoding utf-8
+        unset ovrd-perm
+        set post-action normal
+        config override
+            set ovrd-cookie deny
+            set ovrd-scope user
+            set profile-type list
+            set ovrd-dur-mode constant
+            set ovrd-dur 15m
+        end
+        config web
+            set bword-threshold 10
+            set blocklist disable
+            unset allowlist
+            unset safe-search
+        end
+        config ftgd-wf
+            set options ftgd-disable
+            unset ovrd
+            config filters
+                edit 1
+                    set category 0
+                    set action monitor
+                    set log enable
+                next
+                edit 2
+                    set category 1
+                    set action monitor
+                    set log enable
+                next
+                edit 3
+                    set category 2
+                    set action monitor
+                    set log enable
+                next
+                edit 4
+                    set category 3
+                    set action monitor
+                    set log enable
+                next
+                edit 5
+                    set category 4
+                    set action monitor
+                    set log enable
+                next
+                edit 6
+                    set category 5
+                    set action monitor
+                    set log enable
+                next
+                edit 7
+                    set category 6
+                    set action monitor
+                    set log enable
+                next
+                edit 8
+                    set category 7
+                    set action monitor
+                    set log enable
+                next
+                edit 9
+                    set category 8
+                    set action monitor
+                    set log enable
+                next
+                edit 10
+                    set category 9
+                    set action monitor
+                    set log enable
+                next
+                edit 11
+                    set category 11
+                    set action monitor
+                    set log enable
+                next
+                edit 12
+                    set category 12
+                    set action monitor
+                    set log enable
+                next
+                edit 13
+                    set category 13
+                    set action monitor
+                    set log enable
+                next
+                edit 14
+                    set category 14
+                    set action monitor
+                    set log enable
+                next
+                edit 15
+                    set category 15
+                    set action monitor
+                    set log enable
+                next
+                edit 16
+                    set category 16
+                    set action monitor
+                    set log enable
+                next
+                edit 17
+                    set category 17
+                    set action monitor
+                    set log enable
+                next
+                edit 18
+                    set category 18
+                    set action monitor
+                    set log enable
+                next
+                edit 19
+                    set category 19
+                    set action monitor
+                    set log enable
+                next
+                edit 20
+                    set category 20
+                    set action monitor
+                    set log enable
+                next
+                edit 21
+                    set category 23
+                    set action monitor
+                    set log enable
+                next
+                edit 22
+                    set category 24
+                    set action monitor
+                    set log enable
+                next
+                edit 23
+                    set category 25
+                    set action monitor
+                    set log enable
+                next
+                edit 24
+                    set category 26
+                    set action monitor
+                    set log enable
+                next
+                edit 25
+                    set category 28
+                    set action monitor
+                    set log enable
+                next
+                edit 26
+                    set category 29
+                    set action monitor
+                    set log enable
+                next
+                edit 27
+                    set category 30
+                    set action monitor
+                    set log enable
+                next
+                edit 28
+                    set category 31
+                    set action monitor
+                    set log enable
+                next
+                edit 29
+                    set category 33
+                    set action monitor
+                    set log enable
+                next
+                edit 30
+                    set category 34
+                    set action monitor
+                    set log enable
+                next
+                edit 31
+                    set category 35
+                    set action monitor
+                    set log enable
+                next
+                edit 32
+                    set category 36
+                    set action monitor
+                    set log enable
+                next
+                edit 33
+                    set category 37
+                    set action monitor
+                    set log enable
+                next
+                edit 34
+                    set category 38
+                    set action monitor
+                    set log enable
+                next
+                edit 35
+                    set category 39
+                    set action monitor
+                    set log enable
+                next
+                edit 36
+                    set category 40
+                    set action monitor
+                    set log enable
+                next
+                edit 37
+                    set category 41
+                    set action monitor
+                    set log enable
+                next
+                edit 38
+                    set category 42
+                    set action monitor
+                    set log enable
+                next
+                edit 39
+                    set category 43
+                    set action monitor
+                    set log enable
+                next
+                edit 40
+                    set category 44
+                    set action monitor
+                    set log enable
+                next
+                edit 41
+                    set category 46
+                    set action monitor
+                    set log enable
+                next
+                edit 42
+                    set category 47
+                    set action monitor
+                    set log enable
+                next
+                edit 43
+                    set category 48
+                    set action monitor
+                    set log enable
+                next
+                edit 44
+                    set category 49
+                    set action monitor
+                    set log enable
+                next
+                edit 45
+                    set category 50
+                    set action monitor
+                    set log enable
+                next
+                edit 46
+                    set category 51
+                    set action monitor
+                    set log enable
+                next
+                edit 47
+                    set category 52
+                    set action monitor
+                    set log enable
+                next
+                edit 48
+                    set category 53
+                    set action monitor
+                    set log enable
+                next
+                edit 49
+                    set category 54
+                    set action monitor
+                    set log enable
+                next
+                edit 50
+                    set category 55
+                    set action monitor
+                    set log enable
+                next
+                edit 51
+                    set category 56
+                    set action monitor
+                    set log enable
+                next
+                edit 52
+                    set category 57
+                    set action monitor
+                    set log enable
+                next
+                edit 53
+                    set category 58
+                    set action monitor
+                    set log enable
+                next
+                edit 54
+                    set category 59
+                    set action monitor
+                    set log enable
+                next
+                edit 55
+                    set category 61
+                    set action monitor
+                    set log enable
+                next
+                edit 56
+                    set category 62
+                    set action monitor
+                    set log enable
+                next
+                edit 57
+                    set category 63
+                    set action monitor
+                    set log enable
+                next
+                edit 58
+                    set category 64
+                    set action monitor
+                    set log enable
+                next
+                edit 59
+                    set category 65
+                    set action monitor
+                    set log enable
+                next
+                edit 60
+                    set category 66
+                    set action monitor
+                    set log enable
+                next
+                edit 61
+                    set category 67
+                    set action monitor
+                    set log enable
+                next
+                edit 62
+                    set category 68
+                    set action monitor
+                    set log enable
+                next
+                edit 63
+                    set category 69
+                    set action monitor
+                    set log enable
+                next
+                edit 64
+                    set category 70
+                    set action monitor
+                    set log enable
+                next
+                edit 65
+                    set category 71
+                    set action monitor
+                    set log enable
+                next
+                edit 66
+                    set category 72
+                    set action monitor
+                    set log enable
+                next
+                edit 67
+                    set category 75
+                    set action monitor
+                    set log enable
+                next
+                edit 68
+                    set category 76
+                    set action monitor
+                    set log enable
+                next
+                edit 69
+                    set category 77
+                    set action monitor
+                    set log enable
+                next
+                edit 70
+                    set category 78
+                    set action monitor
+                    set log enable
+                next
+                edit 71
+                    set category 79
+                    set action monitor
+                    set log enable
+                next
+                edit 72
+                    set category 80
+                    set action monitor
+                    set log enable
+                next
+                edit 73
+                    set category 81
+                    set action monitor
+                    set log enable
+                next
+                edit 74
+                    set category 82
+                    set action monitor
+                    set log enable
+                next
+                edit 75
+                    set category 83
+                    set action monitor
+                    set log enable
+                next
+                edit 76
+                    set category 84
+                    set action monitor
+                    set log enable
+                next
+                edit 77
+                    set category 85
+                    set action monitor
+                    set log enable
+                next
+                edit 78
+                    set category 86
+                    set action monitor
+                    set log enable
+                next
+                edit 79
+                    set category 87
+                    set action monitor
+                    set log enable
+                next
+                edit 80
+                    set category 88
+                    set action monitor
+                    set log enable
+                next
+                edit 81
+                    set category 89
+                    set action monitor
+                    set log enable
+                next
+                edit 82
+                    set category 90
+                    set action monitor
+                    set log enable
+                next
+                edit 83
+                    set category 91
+                    set action monitor
+                    set log enable
+                next
+                edit 84
+                    set category 92
+                    set action monitor
+                    set log enable
+                next
+                edit 85
+                    set category 93
+                    set action monitor
+                    set log enable
+                next
+                edit 86
+                    set category 94
+                    set action monitor
+                    set log enable
+                next
+                edit 87
+                    set category 95
+                    set action monitor
+                    set log enable
+                next
+            end
+            set rate-javascript-urls enable
+            set rate-css-urls enable
+            set rate-crl-urls enable
+        end
+        set wisp disable
+        set log-all-url disable
+        set web-content-log enable
+        set web-filter-command-block-log enable
+        set web-filter-cookie-log enable
+        set web-url-log enable
+        set web-invalid-domain-log enable
+        set web-ftgd-err-log enable
+        set extended-log disable
+    next
+    edit "g-wifi-default"
+        set comment "Default configuration for offloading WiFi traffic."
+        set feature-set flow
+        set replacemsg-group ''
+        set options block-invalid-url
+        set https-replacemsg enable
+        set web-flow-log-encoding utf-8
+        unset ovrd-perm
+        set post-action normal
+        config override
+            set ovrd-cookie deny
+            set ovrd-scope user
+            set profile-type list
+            set ovrd-dur-mode constant
+            set ovrd-dur 15m
+        end
+        config web
+            set bword-threshold 10
+            set blocklist disable
+            unset allowlist
+            unset safe-search
+        end
+        config ftgd-wf
+            unset options
+            unset ovrd
+            config filters
+                edit 1
+                    set category 0
+                    set action monitor
+                    set log enable
+                next
+                edit 2
+                    set category 2
+                    set action block
+                    set log enable
+                next
+                edit 3
+                    set category 7
+                    set action block
+                    set log enable
+                next
+                edit 4
+                    set category 8
+                    set action block
+                    set log enable
+                next
+                edit 5
+                    set category 9
+                    set action block
+                    set log enable
+                next
+                edit 6
+                    set category 11
+                    set action block
+                    set log enable
+                next
+                edit 7
+                    set category 12
+                    set action block
+                    set log enable
+                next
+                edit 8
+                    set category 13
+                    set action block
+                    set log enable
+                next
+                edit 9
+                    set category 14
+                    set action block
+                    set log enable
+                next
+                edit 10
+                    set category 15
+                    set action block
+                    set log enable
+                next
+                edit 11
+                    set category 16
+                    set action block
+                    set log enable
+                next
+                edit 12
+                    set category 26
+                    set action block
+                    set log enable
+                next
+                edit 13
+                    set category 57
+                    set action block
+                    set log enable
+                next
+                edit 14
+                    set category 61
+                    set action block
+                    set log enable
+                next
+                edit 15
+                    set category 63
+                    set action block
+                    set log enable
+                next
+                edit 16
+                    set category 64
+                    set action block
+                    set log enable
+                next
+                edit 17
+                    set category 65
+                    set action block
+                    set log enable
+                next
+                edit 18
+                    set category 66
+                    set action block
+                    set log enable
+                next
+                edit 19
+                    set category 67
+                    set action block
+                    set log enable
+                next
+                edit 20
+                    set category 86
+                    set action block
+                    set log enable
+                next
+                edit 21
+                    set category 88
+                    set action block
+                    set log enable
+                next
+                edit 22
+                    set category 90
+                    set action block
+                    set log enable
+                next
+                edit 23
+                    set category 91
+                    set action block
+                    set log enable
+                next
+            end
+            set rate-javascript-urls enable
+            set rate-css-urls enable
+            set rate-crl-urls enable
+        end
+        set wisp disable
+        set log-all-url disable
+        set web-content-log enable
+        set web-filter-command-block-log enable
+        set web-filter-cookie-log enable
+        set web-url-log enable
+        set web-invalid-domain-log enable
+        set web-ftgd-err-log enable
+        set extended-log disable
+    next
+end
+config webfilter override
+end
+config webfilter ftgd-local-rating
+end
+config webfilter search-engine
+    edit "g-baidu"
+        set hostname ".*\\.baidu\\.com"
+        set url "^\\/s?\\?"
+        set query "wd="
+        set safesearch disable
+    next
+    edit "g-baidu2"
+        set hostname ".*\\.baidu\\.com"
+        set url "^\\/(ns|q|m|i|v)\\?"
+        set query "word="
+        set safesearch disable
+    next
+    edit "g-baidu3"
+        set hostname "tieba\\.baidu\\.com"
+        set url "^\\/f\\?"
+        set query "kw="
+        set safesearch disable
+    next
+    edit "g-bing"
+        set hostname ".*\\.bing\\..*"
+        set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
+        set query "q="
+        set safesearch header
+    next
+    edit "g-google"
+        set hostname ".*\\.google\\..*"
+        set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
+        set query "q="
+        set safesearch url
+        set safesearch-str "&safe=active"
+    next
+    edit "g-google-translate-1"
+        set hostname "translate\\.google\\..*"
+        set url "^\\/translate"
+        set query "u="
+        set safesearch translate
+        set safesearch-str "regex::(?:\\?|&)u=([^&]+)::\\1"
+    next
+    edit "g-google-translate-2"
+        set hostname ".*\\.translate\\.goog"
+        set url "^\\/"
+        set query ''
+        set safesearch translate
+        set safesearch-str "case::google-translate"
+    next
+    edit "g-twitter"
+        set hostname "twitter\\.com"
+        set url "^\\/i\\/api\\/graphql\\/.*\\/UserByScreenName"
+        set query "variables="
+        set safesearch translate
+        set safesearch-str "regex::%22screen_name%22:%22([A-Za-z0-9_]{4,15})%22::twitter.com/\\1"
+    next
+    edit "g-vimeo"
+        set hostname ".*vimeo.*"
+        set url "^\\/search\\?"
+        set query "q="
+        set safesearch header
+    next
+    edit "g-yahoo"
+        set hostname ".*\\.yahoo\\..*"
+        set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
+        set query "p="
+        set safesearch url
+        set safesearch-str "&vm=r"
+    next
+    edit "g-yandex"
+        set hostname "yandex\\..*"
+        set url "^\\/((|yand|images\\/|video\\/)(search)|search\\/)\\?"
+        set query "text="
+        set safesearch url
+        set safesearch-str "&family=yes"
+    next
+    edit "g-youtube"
+        set hostname ".*youtube.*"
+        set url ''
+        set query ''
+        set safesearch header
+    next
+    edit "g-yt-channel"
+        set hostname ''
+        set url "www.youtube.com/channel"
+        set query ''
+        set safesearch yt-channel
+    next
+    edit "g-yt-pattern"
+        set hostname ''
+        set url "youtube.com/channel/"
+        set query ''
+        set safesearch yt-pattern
+    next
+    edit "g-yt-scan-1"
+        set hostname ''
+        set url "www.youtube.com/user/"
+        set query ''
+        set safesearch yt-scan
+    next
+    edit "g-yt-scan-2"
+        set hostname ''
+        set url "www.youtube.com/youtubei/v1/browse"
+        set query ''
+        set safesearch yt-scan
+    next
+    edit "g-yt-scan-3"
+        set hostname ''
+        set url "www.youtube.com/youtubei/v1/player"
+        set query ''
+        set safesearch yt-scan
+    next
+    edit "g-yt-scan-4"
+        set hostname ''
+        set url "www.youtube.com/youtubei/v1/navigator"
+        set query ''
+        set safesearch yt-scan
+    next
+    edit "yt-video"
+        set hostname ''
+        set url "www.youtube.com/watch"
+        set query ''
+        set safesearch yt-video
+    next
+end
+config emailfilter profile
+    edit "default"
+        set comment "Malware and phishing URL filtering."
+        set feature-set flow
+        set replacemsg-group ''
+        set spam-log enable
+        set spam-filtering disable
+        unset options
+        config imap
+            set log-all disable
+        end
+        config pop3
+            set log-all disable
+        end
+        config smtp
+            set log-all disable
+        end
+        config msn-hotmail
+            set log-all disable
+        end
+        config gmail
+            set log-all disable
+        end
+        set spam-bword-threshold 10
+        unset spam-bword-table
+        unset spam-bal-table
+        unset spam-mheader-table
+        unset spam-iptrust-table
+    next
+    edit "sniffer-profile"
+        set comment "Malware and phishing URL monitoring."
+        set feature-set flow
+        set replacemsg-group ''
+        set spam-log enable
+        set spam-filtering disable
+        unset options
+        config imap
+            set log-all disable
+        end
+        config pop3
+            set log-all disable
+        end
+        config smtp
+            set log-all disable
+        end
+        config msn-hotmail
+            set log-all disable
+        end
+        config gmail
+            set log-all disable
+        end
+        set spam-bword-threshold 10
+        unset spam-bword-table
+        unset spam-bal-table
+        unset spam-mheader-table
+        unset spam-iptrust-table
+    next
+end
+config virtual-patch profile
+    edit "g-default"
+        set comment ''
+        set severity info low medium high critical
+        set action block
+        set log enable
+    next
+end
+config wanopt settings
+    set host-id "default-id"
+    set tunnel-ssl-algorithm high
+    set auto-detect-algorithm simple
+    set tunnel-optimization balanced
+end
+config wanopt peer
+end
+config wanopt auth-group
+end
+config wanopt profile
+    edit "default"
+        set transparent enable
+        set comments "Default WANopt profile."
+        set auth-group ''
+        config http
+            set status disable
+            set secure-tunnel disable
+            set byte-caching enable
+            set ssl disable
+            set prefer-chunking fix
+            set protocol-opt protocol
+            set tunnel-sharing private
+        end
+        config cifs
+            set status disable
+            set secure-tunnel disable
+            set byte-caching enable
+            set prefer-chunking fix
+            set protocol-opt protocol
+            set tunnel-sharing private
+        end
+        config mapi
+            set status disable
+            set secure-tunnel disable
+            set byte-caching enable
+            set tunnel-sharing private
+        end
+        config ftp
+            set status disable
+            set secure-tunnel disable
+            set byte-caching enable
+            set prefer-chunking fix
+            set protocol-opt protocol
+            set tunnel-sharing private
+        end
+        config tcp
+            set status disable
+        end
+    next
+end
+config system speed-test-server
+end
+config log memory setting
+    set status enable
+end
+config log disk setting
+    set status disable
+end
+config log eventfilter
+    set event enable
+    set system enable
+    set vpn enable
+    set user enable
+    set router enable
+    set wireless-activity enable
+    set wan-opt enable
+    set endpoint enable
+    set ha enable
+    set security-rating enable
+    set fortiextender enable
+    set connector enable
+    set sdwan enable
+    set cifs enable
+    set switch-controller enable
+    set webproxy enable
+end
+config log memory filter
+    set severity information
+    set forward-traffic enable
+    set local-traffic enable
+    set multicast-traffic enable
+    set sniffer-traffic enable
+    set ztna-traffic enable
+    set anomaly enable
+    set voip enable
+    set gtp enable
+    set forti-switch enable
+end
+config log disk filter
+    set severity information
+    set forward-traffic enable
+    set local-traffic enable
+    set multicast-traffic enable
+    set sniffer-traffic enable
+    set ztna-traffic enable
+    set anomaly enable
+    set voip enable
+    set dlp-archive enable
+    set gtp enable
+    set forti-switch enable
+end
+config log fortiguard override-setting
+    set override disable
+    set access-config enable
+end
+config log tacacs+accounting setting
+    set status disable
+    set source-ip ''
+    set interface-select-method auto
+end
+config log tacacs+accounting2 setting
+    set status disable
+    set source-ip ''
+    set interface-select-method auto
+end
+config log tacacs+accounting3 setting
+    set status disable
+    set source-ip ''
+    set interface-select-method auto
+end
+config log tacacs+accounting filter
+    set login-audit enable
+    set config-change-audit enable
+    set cli-cmd-audit disable
+end
+config log tacacs+accounting2 filter
+    set login-audit enable
+    set config-change-audit enable
+    set cli-cmd-audit disable
+end
+config log tacacs+accounting3 filter
+    set login-audit enable
+    set config-change-audit enable
+    set cli-cmd-audit disable
+end
+config log null-device setting
+    set status disable
+end
+config log null-device filter
+    set severity information
+    set forward-traffic enable
+    set local-traffic enable
+    set multicast-traffic enable
+    set sniffer-traffic enable
+    set ztna-traffic enable
+    set anomaly enable
+    set voip enable
+    set gtp enable
+    set forti-switch enable
+end
+config log setting
+    set resolve-ip disable
+    set resolve-port enable
+    set log-user-in-upper disable
+    set fwpolicy-implicit-log disable
+    set fwpolicy6-implicit-log disable
+    set extended-log disable
+    set local-in-allow disable
+    set local-in-deny-unicast disable
+    set local-in-deny-broadcast disable
+    set local-out enable
+    set local-out-ioc-detection enable
+    set neighbor-event disable
+    set brief-traffic-format disable
+    set user-anonymize disable
+    set fortiview-weekly-data disable
+    set expolicy-implicit-log disable
+    set log-policy-comment disable
+    set faz-override disable
+    set syslog-override disable
+    set rest-api-set disable
+    set rest-api-get disable
+    set rest-api-performance disable
+    set long-live-session-stat enable
+end
+config log gui-display
+    set resolve-hosts enable
+    set resolve-apps enable
+    set fortiview-unscanned-apps disable
+end
+config system lldp network-policy
+end
+config system pcp-server
+    set status disable
+end
+config firewall schedule onetime
+end
+config firewall schedule recurring
+    edit "always"
+        set start 00:00
+        set end 00:00
+        set day sunday monday tuesday wednesday thursday friday saturday
+        set color 0
+        set fabric-object disable
+    next
+    edit "none"
+        set start 00:00
+        set end 00:00
+        set day none
+        set color 0
+        set fabric-object disable
+    next
+    edit "default-darrp-optimize"
+        set start 01:00
+        set end 01:30
+        set day sunday monday tuesday wednesday thursday friday saturday
+        set color 0
+        set fabric-object disable
+    next
+end
+config firewall schedule group
+end
+config firewall ippool
+    edit "Outside_Pool"
+        set type overload
+        set startip 198.36.24.240
+        set endip 198.36.24.241
+        set arp-reply enable
+        set arp-intf ''
+        set associated-interface ''
+        set comments ''
+        set nat64 disable
+    next
+end
+config firewall ippool6
+end
+config firewall ldb-monitor
+end
+config firewall vip
+    edit "VIP_Webosphere"
+        set id 0
+        set uuid cee90f74-9fbd-51ec-8812-57713fdf5603
+        set comment ''
+        set type static-nat
+        set extip 198.36.24.16
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
+        set nat44 enable
+        set nat46 disable
+        set mappedip "10.1.48.117"
+        set extintf "port10"
+        set arp-reply enable
+        set nat-source-vip disable
+        set portforward disable
+        set gratuitous-arp-interval 0
+        set ssl-client-rekey-count 0
+        set color 0
+    next
+end
+config firewall vip6
+end
+config firewall vipgrp
+end
+config firewall vipgrp6
+end
+config firewall ssh local-key
+    edit "g-Fortinet_SSH_DSA1024"
+        set password ENC 7y9Ao1vTRGShivYp2a0zte60MVKXRhP74pBAkQ4FR9joMIGSgYLir15b06bF1XUkKkAU1MCeX7DFoJwiTyK+Nv9cbfI8xOJsQi44b2hUrm2SWUyDc7jwbdUJMQ30RHSx5eKIXhmkQMY5dUEWkJTDnZJypPbumI7DMGA8iKDFfMF8UHxDiYrmZ3du9sSy/BlpGKo121lmMjY3dkVA
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDfWpFE0i
+XCd0QURSp4tDCxAAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDho
+KqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTq
+a7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq
+7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXk
+jxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFR
+XsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEe
+P+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5
+lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11G
+wlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQAAAHgS/BQuclL3Fmvho5r
+5vjUwzJbyChZhWxkXG3eKGvkshX8YTRtMWlUDLMIPX6RQk2N8dtWdYo2INAYwzOO/nHgVC
+ZoTlNsCF0gWa0vEbOikSBU2wAJpfTZFbBzxUSKcvK7KxCTDJ0LWNLmTypFhxaappjiy2BN
+x8VJDLG21NU7bR86lFhg1/w+OXsRdSBjJpI5ox2raAyPS6we5ezjPm3y2anL5TF4A4AmM5
+F3KkMZluZGBemTxITZJC2RwRXJkPm+93wC7U5ILVsn2J8KJjX5Jqo3flnXjBe3y2s/NJCx
+31d2C/BqPmzgTus1a+xcAk3H7AoLIlkUQ/Kuvmd4ALcBPIOyz1UgoitYpQrxW2yz9LfAfC
+dsMCsCceYbY5oOPJJ8frLbDkbSfDlkQO2AHP+M9+aY7Sc9ehuttvdQ+kopBP4y0v8k6n5F
+rV/GOPkr0rAThvkiCtectOqIh4pOJdWiHV0UCKuzka4kYqda3nIB59SfjrAJU4Fs8Plgr+
+EaZmSp5z429V2X3bZch5VL2L5yzbwU0H7vtzUM/BCNsVHncqyYJeSHc0Q6+KgSuCsr2rvO
+26/sUh9gQ4OBP5WcKZRcjRtGsXy4Cy8Z5OD0JWIrWlTmXZn9IQaPpsaMEJMF52lV
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDhoKqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTqa7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXkjxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFRXsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEeP+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11GwlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQ="
+        set source built-in
+    next
+    edit "g-Fortinet_SSH_ECDSA256"
+        set password ENC Ch45jwVsWCYhN7GKIYW4Jm3quK1HwZgD9izOVmDVfnenyd7A8SRIUg9YYGULOx8xL3SaxWefVIj/i7lF/xpu+3zRz7zZYX85+7Eu0YMo6/IX/0L/idkx0V+o5WZjLoJ1lcTJlgrsqYIIKX5JPUGjhG10iKdRIr4TLB17tC6whvcYkDCE8GfKQSPcUwI3RS5Y3PPkXFlmMjY3dkVA
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB5/6e7jl
+Mch9M+27aUJHDlAAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
+dHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvK
+y7MHqF8ARHi1glc6RSoarryTUQuCIAAACgkK+gYlQYEjpNKQ3JDiggWfHFxRdEL8J/6GZK
+P/yWY3iwinZj3eg+3XFwyGgbN74kRJLlrbVCkzWkgsTRIce4gVqvD41EvyAv8IrnvqlSgV
+KKhqvOYrICP1ES9y4himR5YrsbHvSaiSCCipl4ohdo8EkA1XuGFaRiWHBoN+J+9YskDuhe
+QNVOZyHrEWqSqVCbiyNDii1wdNYqIQJTkxVWGQ==
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvKy7MHqF8ARHi1glc6RSoarryTUQuCI="
+        set source built-in
+    next
+    edit "g-Fortinet_SSH_ECDSA384"
+        set password ENC OUhRDKb8emHihUy7SVgV7Vpgkvc5hTlpDQW7/TsouxRQ6+EgGIDpWkdrQ6CBMBRQZdX76yyu6pL6jTVfK7WnjxnIvvw1tqrJn+IE7vUe1Xgm3fKYq3B7mVLePcONTx49/xeTuPvPqQ4MLbKe4aaAoDkfeXcGWxRJr/a/f7LAJVOiO8OPwWU/9Ou1AEMXBZT9YA4TLVlmMjY3dkVA
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABD6FGSydb
+MfCfEkjYSDilDQAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
+dHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMj
+U5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXx
+dgAAANCDHSic3ugGkKXrzCRCN4F9+HiSwqQdY+p6vgp4eoW8VbSFvlSOwCJ0YCiUJtfbBt
+w5njw5GMczncUHPNb7z90o9bv6KoSmlEHeXfFoPKl189RWx93tYuKlh87wYucskyv8QgR8
+6jnKX2rSmnjytvCOHahd+dSTOg5zwXzZUBSe69NXYrm7IUV+MUJnqA/wQfUu9gLNqjgEmR
+DkKTxwKb8V778U+acbEaCTglnZSw1Ci036r/1CDOpTHNFnC+8zRFFtn5XW6A2fWfSLYEtU
+GanS
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMjU5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXxdg=="
+        set source built-in
+    next
+    edit "g-Fortinet_SSH_ECDSA521"
+        set password ENC aX7iQCjj3qKYMz9bh5b732yKX6m4LI7/CcG0o20R4wnDVYKvvnDJnWu9aO9d9T/6Ve/ONpwRc1GYaYlZX5jYv1PcnGUxy7jqwAczqnP1SlZoAyloc2WAf5Yv1Il79lovomPdqR8w1iDW6nVaFtsOOGRFTF+FcUhcrqCvRj9Zk+BuHQ338u3TFSGmeq25d/sRaAKMX1lmMjY3dkVA
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDvliYNGu
+EFZjQlDTBzJmi5AAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
+dHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdF
+t5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+K
+HPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RAAAAQABILIpSeVN/21mCe
+eVUgOLmNu2sYRE/pHxZoKsC1BpjGNQWvg78hJ+cpll5cP4ihueTkQ+fgA+0uxO6nEtACEN
+3shPq5zr/OK3JdTlS9NorQjuFv6CMVsP8duQws9NSrt2LJvneAXMN4m31gkVRtmOAFrUBA
+xjViicvdDNxV+Sqz6cxnmRe2zMobQkjVKPOu5WpOVFeRmrjUSoPwrR/28cPHFF6IsdONA1
+BdX7QWIzC9rJrfgET9JRlv7s0oDJWQyqHV8S84TDvTZPnot4pkNAVDr0qJGPoWjCPbMxgD
+jhfbcs7CfjvNT4zfbw30BxniJGjv/WFKDyljfkcNgS9Qgm
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdFt5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+KHPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RA=="
+        set source built-in
+    next
+    edit "g-Fortinet_SSH_ED25519"
+        set password ENC CoRN+eVZ2VzAzeoOJEAQZORAvGssITH4uUrlNhe7R9Lm21hcnFWamU/9Cp7dQcwVj75GN2addMJ3C78oL++2bvVAEXUsyOS5uK3X4xpNMPpHxLpEzGJM6pOgBYATmaJkUFPXOex8OIzLZN/4r5Kk32G4gildwndndItyvUzLMD1hb/IekW/DLig8x8T7TYfq7Vc4KFlmMjY3dkVA
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCypLFkwZ
+tKzdWm6jAo4HMxAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd
+3JUEAvHnugjOGiXz5Puxg/8YfanOAAAAkKGif1mZ2Ci/8Ty3MdUpzVXkVMImU2SyLcQtb2
+zaVVssBq/jtlETxJaMwWR6xOhrVDvIxLzkDnZFsZYsVu1HGOJqk0/CfOTS4VkLxvx10Wro
+gXf/Unv0w7HlUX+hl193A6XuAiSjjRR4TPGfmYrEXMXJ6wS2yLQ9cOfAh2WjfScuZ2dA/f
+II2QDrxxeV8140nA==
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd3JUEAvHnugjOGiXz5Puxg/8YfanO"
+        set source built-in
+    next
+    edit "g-Fortinet_SSH_RSA2048"
+        set password ENC QRvF27g2ZBweGpgZP5tGaC994lFFGTjwkoSFANonFGSIiyB9RgdmJURowfnmZDuDVZbWStB3CPrT0Awvw8akQV41ZdOq89faAjY0vHGS7JgRd7V4yML7Q+KGRL9phyRV6dERrFq6zWyNQ7s0rZSQXVXEf4w9WI1umh9+eeZECW7o9FXVwgMKUkOm6Pq3Y8y6BToTEFlmMjY3dkVA
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDMArkPec
+zvbzQNQLJ+ZhHHAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhh
+Q5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7
+A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GK
+hFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvC
+HA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8z
+OSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0vAAADwIRR9CJ+uKIOJs
+oMuy1BuqQOC29IhsTIfwkRDQK3qwP9D8k/G1TXuP5oXTb4QGPcx0S7DWvwKb5/ZcV684XN
+LtOWypeXIrV+IexC5ihXDXkUnvKY6Gbgtu9q5VB63p2SDuiDGxeASmWtsJ3TU+RdrZ1O4K
+TTVZ5p8Mb7/AFnbpH+lSJDEHaZ9qw/5EtbKfNTvJhXjnM/R7hfFtUW6lxjy3iv3K88Fv5q
+jOvUfF/ARX+TIQZIFPCcEsH29kt1SVo1sq/8/F+dwDPObCpDh2EBjsu5++NMD4Y6/DdDrz
+Jaqv1wjQHsaFYI8ep1pRvBUMrF2Bx3xpnTvx77qqA8dR/tL/t7LeXFHUkHHsBp0U8PMjlc
+Sx+dMtIAtBg1l6j/cHYmgAyo1ZqqyLUyVim/cwBpHBuM9QORdFUskJskB1F/bwOT7FLNzG
+1ffMFVM3HABlaEMOfgIcwfgerew8RbY/SxdF3uvkZ4J8tnd/srxfGjQXO1FGMge8Hp5gwY
+x+fvsvJFIflQaiB4cqeAUZRGhaIq5ccQA298ndlyigGKupIXqdNyNQkShaeQYkCT2Hf9Y1
+PdhfWfBRF6cFw7ZhdxrzlBHsB6RySGVZOIFHFzFcpbE+u6NNseF7LXZOg9eVOIAYW+qcNz
+Stw1O0DtaZEidODJB7t2bj8Gu+7UhvJsyplqbuj7Ohtfc2retEBn6wC8SgfLbIn1qSR/R3
+foTD8xvac3TQTERVbk4o1UEukRfbRv307kj3UdotxTpRpLVYnW/0QxsGf+CKOnxGimBLiX
+x6IJBjRfr3QdkzwosMbC5Cp5nvIukvySAMoSG4+VEJSR90Wf0/G/705999L/G3sUNNTKWI
+7FsF5/DZENcm0xbrXfzLj3tOFMeE9fcqQEZYLzOyZhqYllU5c34BlhtOt7ygivSaJe2a52
+kQ43vq+VRkjCV501sipDiHeic1/bEOs55ERGB8yh3Ge6PHms5yunZXIpM2Y6GPQ2Rgeq4+
+ZvwVtpFtDnL3BOjlxI27TeXYI0x6DsFWzcgl7ljxjNx9HN0KA3mrodjscrAFeBIxQnjyiR
+mx6VURNltMIYMnNQlXW4FHH7yGXzXYk4ojhHgcgpaDbPHQm5G3/Yok51pPtsQ9J+7m+ehm
+BWLKEE1g7lAiYtI6bBbLQuj9VfeonQkO7aNm8pzY2znIQlNh1SQlXnUF1qdggAEXgsEVIt
+cO2ROJsZFsbT7Dw3tZAkyvotKQ0v2SFwboCHCSWVecx6Q4lSid+C+MsbxO1xlEHwNDq17T
+G8Wu6e8A==
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhhQ5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GKhFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvCHA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8zOSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0v"
+        set source built-in
+    next
+end
+config firewall ssh local-ca
+    edit "g-Fortinet_SSH_CA"
+        set password ENC HBkeDMpPDQTnPcg6AUnd8KBNntcrvDem4sgFRzTuvwxTpPtv45eyDTlFr6Klm/VkH17+blNnuSCF7Q9jxPRzLsz5CHRTm8slVTUEcZfk3VNh3vojPPgN0CqrHJIdZ9AQ3PiruJ4JAEFz6iHcyMLVJ80GQpzfsIn5W5EiHDgY4KFjR9DvLot5+vwq1MAPeJJ5YY78ZllmMjY3dkVA
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCyBrOQ1K
+Qw3YmPTDmVPFkpAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAAC
+NC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+U
+ZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGP
+E/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7A
+TB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIa
+Mk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9AAADwM5O35zHniauxJ
+rlIYaSeEQxLsM+X4fapPScsXmQNcmmngwsEgcEZ1YKq8MQENzHOyWw59FYlR9mQPyidwrK
+AbzPVkhnqCDlUBT3GOUrMyfZfuSJmFlH26FCjuXls6Vg4IVRSI99W9hxlbLePvRP94NcgQ
+Hh1vXpUoofhZ6IYt/dob93+fygcR3toCXd2C0EeyP3OXVMGPOnmnEXKliXaimvYpC0csXl
+a7h0taBg5cq9LzkM0ywj9ikKUnkfUKIrqv44Ji+Vgcw8nCRKNsynd9qf578G5FN/VRQ9Ao
+qd9ogC02xXA1HwewhEQYetYd92oGT/neUjfyPWBRNaNdY7lPvQ4OjHeVvS6L2R7zK81AP5
+bQaN3d+fM89jNmcY5KwFxxPHVaGqBZTt0dwT7ET9Z7oo/J4UznUD1a1TK5O4ciy3iDpaWq
+5K55O7cPYyFeR0EJPx9hD1AH9eCzGukHD+KblNRWuSJXTqJSEP62NA+0szxNxCfCp7HZqm
+3iztvJMw/Lx9k9CPnHTsr/0dkocZSZti47Dak7L70BnQC2+KnGkUboddl7Z5eGyBQbtAkS
+IUIlQR7Rv+q+AkqJ36EWnBEVrve7d7TKSdR5pxDet60JJ+yE3cDa/G/IwW00ACC2rS133Y
+FWmMRzZfsZSZ1gQrYiNCUZARKkg7fxnONj0oe+oBZKeYkR+UNejF5vVKQZVPx2fCILZAyn
+J5qenJbZhkmDeVS0fMdoCrmON5wAKvz+WWuGTgJw34vqtvJovJtNno5moJRAWk/RiKYdIo
+X3fFmNPP82dGks7b4A1LGz5qW78zGgOSICVEBRHCMi2MBUsrJ50TwbVNz4jjKP6bYID5vh
+ghM27tO+2GSZHeBt8kRG2qI6aH5IHAKXi8gn+KwqFWtx1Em2KNHW/eMfMkQtD5xnE9F466
+V8Vf9Xe5wltVGE87Bt/IYkVN9wM1XA3p7byitNOXSXw2jwLpG9beWhyV/OzkKKJf0NQ9/v
+mX65nyje4q6+8PKjuRliA5vVMhwK6lxJ6BJBHe6/fd7IjDflm7JMNZc6bLwaeJHbLWlFqC
+4kwtt9SV5YcFDGOn2my/bTrAchhOfOXf+0gk63yVRrQq1kJDqn/lqytJGS5a1YvqsMJ4OS
+W9qQMQY0nzMxkLaNB9Q9G9uVgyDDAsye1yg1bL24CrOT4pNf1JeNlqawNkVj2jycXzqYPh
+gL1mGUSGlPfBVKg4359Ml3rY0bykjU5xXrguyKv95ShhctAilSQY4tg40cOeoMbCg2Hiji
+iYxK2n0w==
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAACNC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+UZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGPE/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7ATB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIaMk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9"
+        set source built-in
+    next
+    edit "g-Fortinet_SSH_CA_Untrusted"
+        set password ENC SrDTN8Ir72EVqIAjHD48GgbBgM7xAp4xUL1xtr46sxa0SuiKzQAki6ZKZKcBuON19rkspipJJq6YzKdAEa6ScDV3qWvJd0EVZ+L2F05n7/bB5W3AgcYCF8DaJJ2IkwnE9Yy6x6fI61W9Sd4NSfJEfgO9mDUKPMqu1VLX+r+6vrgjqNuLbdktpC13nHBmZlm9qjVgEFlmMjY3dkVA
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDOK7jymL
+y7LiXsSxCZXuzqAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9
+RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lE
+ZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eU
+iw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFG
+Xi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mv
+NVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZlAAADwBFA5WgGixZgZA
+aGWDArT5DTEdJ5cnxDdPIU7m7Dj49Na89+BEtuNf/Pjy3FJgzvpcrOvifVK6bmOyn8m6/R
+CCztKhOmNrT0MQVo2Ja8hY9UmVjxkNMB0uGzaNGj+p36qavDzRN1wAuZ75FY4FkqLmGYBq
+AyZIUD30kt+veMQz947ctIEWbQjf+GZwu4UCD0o4g3MvyRsdXUuYOHFE8xn8Ug1n1OtquR
+cqHpCWAe9aK+OcjWvIXg0UrD6GRQbSSw3uoLhapAP1vsMiLfMT/dBUt9Dstcc+S42lZI1q
+JJ4yILP4mdT24ND2itnV+XRRxOg831SECvSMTzc63hhGJFBWYQi86ibxuUgzZc2aH+KRUP
+rDedCTNsZPif5K3Mjn4PK0thYdsZ2srwMtv6rQ8mcIoF9G8XUR3JjekxI/gHrHpFKvWccc
+YCjmEaV45cfwzvN8Vca8mRFncngvQOBEfshU0LGoNZ8VX60IQEyT334tKUv6hiThPOQWnp
+stS/MJtEyLjGbu+0ibZHg+3hCvSRrexUSnJFHrOAEoz1k0TK6tkw8hcF1Jxlu3WuxaL9YK
+tKas//Hs4LTD9r9r/smvSbKi+zb8aP3pacBNCu6Yup1vYCpf/AnxD5CCdq4zmxFT2W5WYb
+rp7tGQjbc3aB7G0zshIk9Biwuu9h/lMIYnzNlvpMouxFM/TTO2STSgKw0+mURFqxQ6kYqF
+YDRmM7pANd9Usg2Hcd/x7CaYmVz+cwkC7dOH9/+FUdtnG05aab9gUv8ySChhPDm84WvLtQ
+ZEkBp15qiOsQjWVk2ei0V0gIjRiS2S2FRLBrM2iueE1GyD8Alm5ztwgmdA17np7iE871wl
+NvzzWxc0KjVHesLlV44RLbw1VD60uUld4jvSaEY9oTILAMFx285Uy53Il8+sWntWvIlQu6
+FjMEIBY8iSd2DWMm4zcVh/qpEyEUv0UjeFlcu7bPqE18aX3V2jV+9G3/a6ms4kqmvfb2RT
++jR/zeg1gE288KRaw7FqNEoP+Wco8jt0q7jo/q963GEgdPG6WOWHz9LfIYouOJPpDSca11
+pFBg29f0rOjynuYmvzZOdUrgrbaZZSprEzdzPJmSOpV6u0VNjuroaN+soU48KEGqJQvHor
+g7H0jRqdNjJbfQcE50Dv5SeZAVmEkvD/nKTqWs77wGzv+OxhY8JS08alQgRINioyCjY/LW
++xR/ydrBw5jsgugYvC3Vd7rZi0oIO0H6Lpa/crJWXf0+u5qd6unckJtWT5tPyZvNwVfXsn
+bhw7G+OA==
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lEZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eUiw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFGXi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mvNVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZl"
+        set source built-in
+    next
+end
+config firewall ssh setting
+    set caname "g-Fortinet_SSH_CA"
+    set untrusted-caname "g-Fortinet_SSH_CA_Untrusted"
+    set hostkey-rsa2048 "g-Fortinet_SSH_RSA2048"
+    set hostkey-dsa1024 "g-Fortinet_SSH_DSA1024"
+    set hostkey-ecdsa256 "g-Fortinet_SSH_ECDSA256"
+    set hostkey-ecdsa384 "g-Fortinet_SSH_ECDSA384"
+    set hostkey-ecdsa521 "g-Fortinet_SSH_ECDSA521"
+    set hostkey-ed25519 "g-Fortinet_SSH_ED25519"
+    set host-trusted-checking enable
+end
+config firewall ssh host-key
+end
+config firewall decrypted-traffic-mirror
+end
+config firewall access-proxy-virtual-host
+end
+config firewall access-proxy-ssh-client-cert
+end
+config firewall access-proxy
+end
+config firewall access-proxy6
+end
+config firewall ipmacbinding setting
+    set bindthroughfw disable
+    set bindtofw disable
+end
+config firewall ipmacbinding table
+end
+config firewall profile-protocol-options
+    edit "default"
+        set comment "All default services."
+        set replacemsg-group ''
+        set oversize-log disable
+        set switching-protocols-log disable
+        config http
+            set ports 80
+            set status enable
+            set inspect-all disable
+            set proxy-after-tcp-handshake disable
+            unset options
+            set comfort-interval 10
+            set comfort-amount 1
+            set range-block disable
+            set strip-x-forwarded-for disable
+            unset post-lang
+            set streaming-content-bypass enable
+            set switching-protocols bypass
+            set unknown-http-version reject
+            set tunnel-non-http enable
+            set h2c disable
+            set unknown-content-encoding block
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set stream-based-uncompressed-limit 0
+            set scan-bzip2 enable
+            set verify-dns-for-policy-matching enable
+            set block-page-status-code 403
+            set retry-count 0
+            set tcp-window-type auto-tuning
+            set ssl-offloaded no
+            set address-ip-rating enable
+        end
+        config ftp
+            set ports 21
+            set status enable
+            set inspect-all disable
+            set options splice
+            set comfort-interval 10
+            set comfort-amount 1
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set stream-based-uncompressed-limit 0
+            set scan-bzip2 enable
+            set tcp-window-type auto-tuning
+            set ssl-offloaded no
+            set explicit-ftp-tls disable
+        end
+        config imap
+            set ports 143
+            set status enable
+            set inspect-all disable
+            set proxy-after-tcp-handshake disable
+            set options fragmail
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set scan-bzip2 enable
+            set ssl-offloaded no
+        end
+        config mapi
+            set ports 135
+            set status enable
+            set options fragmail
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set scan-bzip2 enable
+        end
+        config pop3
+            set ports 110
+            set status enable
+            set inspect-all disable
+            set proxy-after-tcp-handshake disable
+            set options fragmail
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set scan-bzip2 enable
+            set ssl-offloaded no
+        end
+        config smtp
+            set ports 25
+            set status enable
+            set inspect-all disable
+            set proxy-after-tcp-handshake disable
+            set options fragmail splice
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set scan-bzip2 enable
+            set server-busy disable
+            set ssl-offloaded no
+        end
+        config nntp
+            set ports 119
+            set status enable
+            set inspect-all disable
+            set proxy-after-tcp-handshake disable
+            set options splice
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set scan-bzip2 enable
+        end
+        config ssh
+            unset options
+            set comfort-interval 10
+            set comfort-amount 1
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set stream-based-uncompressed-limit 0
+            set scan-bzip2 enable
+            set tcp-window-type auto-tuning
+            set ssl-offloaded no
+        end
+        config dns
+            set ports 53
+            set status enable
+        end
+        config cifs
+            set ports 445
+            set status enable
+            unset options
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set scan-bzip2 enable
+            set tcp-window-type auto-tuning
+            set server-credential-type none
+        end
+        config mail-signature
+            set status disable
+            set signature ''
+        end
+        set rpc-over-http disable
+    next
+end
+config firewall ssl-ssh-profile
+    edit "certificate-inspection"
+        set comment "Read-only SSL handshake inspection profile."
+        config ssl
+            set inspect-all disable
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+        end
+        config https
+            set ports 443
+            set status certificate-inspection
+            set quic inspect
+            set proxy-after-tcp-handshake disable
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set sni-server-cert-check enable
+            set cert-probe-failure block
+            set encrypted-client-hello block
+        end
+        config ftps
+            set status disable
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config imaps
+            set status disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config pop3s
+            set status disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config smtps
+            set status disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config ssh
+            set ports 22
+            set status disable
+            set inspect-all disable
+            set unsupported-version bypass
+            set ssh-tun-policy-check disable
+            set ssh-algorithm compatible
+        end
+        config dot
+            set status disable
+            set quic inspect
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        set block-blocklisted-certificates enable
+        set caname "Fortinet_CA_SSL"
+        set ssl-anomaly-log enable
+        set ssl-negotiation-log enable
+        set ssl-server-cert-log disable
+        set ssl-handshake-log disable
+    next
+    edit "deep-inspection"
+        set comment "Read-only deep inspection profile."
+        config ssl
+            set inspect-all disable
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+        end
+        config https
+            set ports 443
+            set status deep-inspection
+            set quic inspect
+            set proxy-after-tcp-handshake disable
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set sni-server-cert-check enable
+            set cert-probe-failure block
+            set min-allowed-ssl-version tls-1.1
+        end
+        config ftps
+            set ports 990
+            set status deep-inspection
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set min-allowed-ssl-version tls-1.1
+        end
+        config imaps
+            set ports 993
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config pop3s
+            set ports 995
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config smtps
+            set ports 465
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config ssh
+            set ports 22
+            set status disable
+            set inspect-all disable
+            set unsupported-version bypass
+            set ssh-tun-policy-check disable
+            set ssh-algorithm compatible
+        end
+        config dot
+            set status disable
+            set quic inspect
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        set allowlist disable
+        set block-blocklisted-certificates enable
+        config ssl-exempt
+            edit 1
+                set type fortiguard-category
+                set fortiguard-category 31
+            next
+            edit 2
+                set type fortiguard-category
+                set fortiguard-category 33
+            next
+            edit 3
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-adobe"
+            next
+            edit 4
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Adobe Login"
+            next
+            edit 5
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-android"
+            next
+            edit 6
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-apple"
+            next
+            edit 7
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-appstore"
+            next
+            edit 8
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-auth.gfx.ms"
+            next
+            edit 9
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-citrix"
+            next
+            edit 10
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-dropbox.com"
+            next
+            edit 11
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-eease"
+            next
+            edit 12
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-firefox update server"
+            next
+            edit 13
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-fortinet"
+            next
+            edit 14
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-googleapis.com"
+            next
+            edit 15
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-drive"
+            next
+            edit 16
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play2"
+            next
+            edit 17
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play3"
+            next
+            edit 18
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Gotomeeting"
+            next
+            edit 19
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-icloud"
+            next
+            edit 20
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-itunes"
+            next
+            edit 21
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-microsoft"
+            next
+            edit 22
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-skype"
+            next
+            edit 23
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-softwareupdate.vmware.com"
+            next
+            edit 24
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-verisign"
+            next
+            edit 25
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Windows update 2"
+            next
+            edit 26
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-live.com"
+            next
+            edit 27
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play"
+            next
+            edit 28
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-update.microsoft.com"
+            next
+            edit 29
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-swscan.apple.com"
+            next
+            edit 30
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-autoupdate.opera.com"
+            next
+            edit 31
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-cdn-apple"
+            next
+            edit 32
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-mzstatic-apple"
+            next
+        end
+        set server-cert-mode re-sign
+        set caname "Fortinet_CA_SSL"
+        set untrusted-caname "Fortinet_CA_Untrusted"
+        set ssl-exemption-ip-rating enable
+        set ssl-exemption-log disable
+        set ssl-anomaly-log enable
+        set ssl-negotiation-log enable
+        set ssl-server-cert-log disable
+        set ssl-handshake-log disable
+        set rpc-over-https disable
+        set mapi-over-https disable
+        set supported-alpn all
+        set use-ssl-server disable
+    next
+    edit "custom-deep-inspection"
+        set comment "Customizable deep inspection profile."
+        config ssl
+            set inspect-all disable
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+        end
+        config https
+            set ports 443
+            set status deep-inspection
+            set quic inspect
+            set proxy-after-tcp-handshake disable
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set sni-server-cert-check enable
+            set cert-probe-failure block
+            set min-allowed-ssl-version tls-1.1
+        end
+        config ftps
+            set ports 990
+            set status deep-inspection
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set min-allowed-ssl-version tls-1.1
+        end
+        config imaps
+            set ports 993
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config pop3s
+            set ports 995
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config smtps
+            set ports 465
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config ssh
+            set ports 22
+            set status disable
+            set inspect-all disable
+            set unsupported-version bypass
+            set ssh-tun-policy-check disable
+            set ssh-algorithm compatible
+        end
+        config dot
+            set status disable
+            set quic inspect
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        set allowlist disable
+        set block-blocklisted-certificates enable
+        config ssl-exempt
+            edit 1
+                set type fortiguard-category
+                set fortiguard-category 31
+            next
+            edit 2
+                set type fortiguard-category
+                set fortiguard-category 33
+            next
+            edit 3
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-adobe"
+            next
+            edit 4
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Adobe Login"
+            next
+            edit 5
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-android"
+            next
+            edit 6
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-apple"
+            next
+            edit 7
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-appstore"
+            next
+            edit 8
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-auth.gfx.ms"
+            next
+            edit 9
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-citrix"
+            next
+            edit 10
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-dropbox.com"
+            next
+            edit 11
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-eease"
+            next
+            edit 12
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-firefox update server"
+            next
+            edit 13
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-fortinet"
+            next
+            edit 14
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-googleapis.com"
+            next
+            edit 15
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-drive"
+            next
+            edit 16
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play2"
+            next
+            edit 17
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play3"
+            next
+            edit 18
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Gotomeeting"
+            next
+            edit 19
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-icloud"
+            next
+            edit 20
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-itunes"
+            next
+            edit 21
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-microsoft"
+            next
+            edit 22
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-skype"
+            next
+            edit 23
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-softwareupdate.vmware.com"
+            next
+            edit 24
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-verisign"
+            next
+            edit 25
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Windows update 2"
+            next
+            edit 26
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-live.com"
+            next
+            edit 27
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play"
+            next
+            edit 28
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-update.microsoft.com"
+            next
+            edit 29
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-swscan.apple.com"
+            next
+            edit 30
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-autoupdate.opera.com"
+            next
+            edit 31
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-cdn-apple"
+            next
+            edit 32
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-mzstatic-apple"
+            next
+        end
+        set server-cert-mode re-sign
+        set caname "Fortinet_CA_SSL"
+        set untrusted-caname "Fortinet_CA_Untrusted"
+        set ssl-exemption-ip-rating enable
+        set ssl-exemption-log disable
+        set ssl-anomaly-log enable
+        set ssl-negotiation-log enable
+        set ssl-server-cert-log disable
+        set ssl-handshake-log disable
+        set rpc-over-https disable
+        set mapi-over-https disable
+        set supported-alpn all
+        set use-ssl-server disable
+    next
+    edit "no-inspection"
+        set comment "Read-only profile that does no inspection."
+        config ssl
+            set inspect-all disable
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+        end
+        config https
+            set status disable
+            set quic bypass
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set sni-server-cert-check enable
+        end
+        config ftps
+            set status disable
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config imaps
+            set status disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config pop3s
+            set status disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config smtps
+            set status disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config ssh
+            set ports 22
+            set status disable
+            set inspect-all disable
+            set unsupported-version bypass
+            set ssh-tun-policy-check disable
+            set ssh-algorithm compatible
+        end
+        config dot
+            set status disable
+            set quic bypass
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        set block-blocklisted-certificates enable
+        set caname "Fortinet_CA_SSL"
+        set ssl-anomaly-log enable
+        set ssl-negotiation-log enable
+        set ssl-server-cert-log disable
+        set ssl-handshake-log disable
+    next
+end
+config waf profile
+    edit "default"
+        set external disable
+        set extended-log disable
+        config signature
+            config main-class 100000000
+                set status disable
+                set action block
+                set log enable
+                set severity high
+            end
+            config main-class 20000000
+                set status disable
+                set action allow
+                set log enable
+                set severity medium
+            end
+            config main-class 30000000
+                set status enable
+                set action block
+                set log enable
+                set severity high
+            end
+            config main-class 40000000
+                set status disable
+                set action allow
+                set log enable
+                set severity medium
+            end
+            config main-class 50000000
+                set status enable
+                set action block
+                set log enable
+                set severity high
+            end
+            config main-class 60000000
+                set status disable
+                set action allow
+                set log enable
+                set severity medium
+            end
+            config main-class 70000000
+                set status enable
+                set action block
+                set log enable
+                set severity high
+            end
+            config main-class 80000000
+                set status enable
+                set action allow
+                set log enable
+                set severity low
+            end
+            config main-class 110000000
+                set status enable
+                set action allow
+                set log enable
+                set severity high
+            end
+            config main-class 90000000
+                set status enable
+                set action block
+                set log enable
+                set severity high
+            end
+            set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002
+            set credit-card-detection-threshold 3
+        end
+        config constraint
+            config header-length
+                set status enable
+                set length 8192
+                set action allow
+                set log enable
+                set severity low
+            end
+            config content-length
+                set status enable
+                set length 67108864
+                set action allow
+                set log enable
+                set severity low
+            end
+            config param-length
+                set status enable
+                set length 8192
+                set action allow
+                set log enable
+                set severity low
+            end
+            config line-length
+                set status enable
+                set length 1024
+                set action allow
+                set log enable
+                set severity low
+            end
+            config url-param-length
+                set status enable
+                set length 8192
+                set action allow
+                set log enable
+                set severity low
+            end
+            config version
+                set status disable
+                set action allow
+                set log enable
+                set severity medium
+            end
+            config method
+                set status disable
+                set action block
+                set log enable
+                set severity medium
+            end
+            config hostname
+                set status disable
+                set action block
+                set log enable
+                set severity medium
+            end
+            config malformed
+                set status disable
+                set action allow
+                set log enable
+                set severity medium
+            end
+            config max-cookie
+                set status enable
+                set max-cookie 16
+                set action allow
+                set log enable
+                set severity low
+            end
+            config max-header-line
+                set status enable
+                set max-header-line 32
+                set action allow
+                set log enable
+                set severity low
+            end
+            config max-url-param
+                set status enable
+                set max-url-param 16
+                set action allow
+                set log enable
+                set severity low
+            end
+            config max-range-segment
+                set status enable
+                set max-range-segment 5
+                set action allow
+                set log enable
+                set severity high
+            end
+        end
+        config method
+            set status disable
+            set log disable
+            set severity medium
+            unset default-allowed-methods
+        end
+        config address-list
+            set status disable
+            set blocked-log disable
+            set severity medium
+        end
+        set comment ''
+    next
+end
+config firewall ssl-server
+end
+config casb saas-application
+end
+config casb user-activity
+end
+config casb profile
+    edit "default"
+        set comment ''
+    next
+end
+config firewall profile-group
+end
+config firewall identity-based-route
+end
+config firewall auth-portal
+    set portal-addr ''
+    set portal-addr6 ''
+    set identity-based-route ''
+    set proxy-auth disable
+end
+config firewall policy
+    edit 3
+        set status enable
+        set name "Block_Countries_In"
+        set uuid d7dbce76-9fbf-51ec-ab77-fee1db8aeb26
+        set srcintf "Outside_Zone"
+        set dstintf "Inside_Zone"
+        set action deny
+        set ztna-status disable
+        set srcaddr "Geo_Block_Group"
+        set dstaddr "all"
+        set internet-service disable
+        set internet-service-src disable
+        unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
+        set rtp-nat disable
+        set schedule "always"
+        set schedule-timeout disable
+        set policy-expiry disable
+        set service "ALL"
+        set tos-mask 0x00
+        set anti-replay enable
+        set geoip-anycast disable
+        set geoip-match physical-location
+        set logtraffic disable
+        set logtraffic-start disable
+        set np-acceleration enable
+        set session-ttl 0
+        set vlan-cos-fwd 255
+        set vlan-cos-rev 255
+        set fec disable
+        set wccp disable
+        set natip 0.0.0.0 0.0.0.0
+        set match-vip enable
+        set tcp-mss-sender 0
+        set tcp-mss-receiver 0
+        set comments ''
+        set block-notification disable
+        set replacemsg-override-group ''
+        set srcaddr-negate disable
+        set srcaddr6-negate disable
+        set dstaddr-negate disable
+        set dstaddr6-negate disable
+        set service-negate disable
+        set captive-portal-exempt disable
+        set dsri disable
+        set radius-mac-auth-bypass disable
+        set delay-tcp-npu-session disable
+        unset vlan-filter
+        set send-deny-packet disable
+    next
+    edit 4
+        set status enable
+        set name "Block_Countries_Out"
+        set uuid f8b4eb14-9fbf-51ec-ed6e-96e27dc1b1c9
+        set srcintf "Inside_Zone"
+        set dstintf "Outside_Zone"
+        set action deny
+        set ztna-status disable
+        set srcaddr "all"
+        set dstaddr "Geo_Block_Group"
+        set internet-service disable
+        set internet-service-src disable
+        unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
+        set rtp-nat disable
+        set schedule "always"
+        set schedule-timeout disable
+        set policy-expiry disable
+        set service "ALL"
+        set tos-mask 0x00
+        set anti-replay enable
+        set geoip-anycast disable
+        set geoip-match physical-location
+        set logtraffic disable
+        set logtraffic-start disable
+        set np-acceleration enable
+        set session-ttl 0
+        set vlan-cos-fwd 255
+        set vlan-cos-rev 255
+        set fec disable
+        set wccp disable
+        set natip 0.0.0.0 0.0.0.0
+        set match-vip enable
+        set tcp-mss-sender 0
+        set tcp-mss-receiver 0
+        set comments ''
+        set block-notification disable
+        set replacemsg-override-group ''
+        set srcaddr-negate disable
+        set srcaddr6-negate disable
+        set dstaddr-negate disable
+        set dstaddr6-negate disable
+        set service-negate disable
+        set captive-portal-exempt disable
+        set dsri disable
+        set radius-mac-auth-bypass disable
+        set delay-tcp-npu-session disable
+        unset vlan-filter
+        set send-deny-packet disable
+    next
+    edit 2
+        set status enable
+        set name "Webosphere"
+        set uuid 0d8e5202-9fbe-51ec-0286-714f8e196589
+        set srcintf "Outside_Zone"
+        set dstintf "Inside_Zone"
+        set action accept
+        set nat64 disable
+        set nat46 disable
+        set ztna-status disable
+        set srcaddr "all"
+        set dstaddr "VIP_Webosphere"
+        set internet-service disable
+        set internet-service-src disable
+        unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
+        set rtp-nat disable
+        set schedule "always"
+        set schedule-timeout disable
+        set policy-expiry disable
+        set service "HTTP" "HTTPS"
+        set tos-mask 0x00
+        set anti-replay enable
+        set dynamic-shaping disable
+        set passive-wan-health-measurement disable
+        set utm-status enable
+        set inspection-mode flow
+        set profile-type single
+        set profile-protocol-options "default"
+        set ssl-ssh-profile "certificate-inspection"
+        set av-profile ''
+        set webfilter-profile ''
+        set dnsfilter-profile ''
+        set emailfilter-profile ''
+        set dlp-profile ''
+        set file-filter-profile ''
+        set ips-sensor "IPS_Test"
+        set application-list ''
+        set voip-profile ''
+        set ips-voip-filter ''
+        set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
+        set logtraffic utm
+        set logtraffic-start disable
+        set capture-packet disable
+        set auto-asic-offload enable
+        set np-acceleration enable
+        set nat disable
+        set session-ttl 0
+        set vlan-cos-fwd 255
+        set vlan-cos-rev 255
+        set fec disable
+        set wccp disable
+        set disclaimer disable
+        set email-collect disable
+        set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
+        set diffserv-forward disable
+        set diffserv-reverse disable
+        set tcp-mss-sender 0
+        set tcp-mss-receiver 0
+        set comments ''
+        set block-notification disable
+        set replacemsg-override-group ''
+        set srcaddr-negate disable
+        set srcaddr6-negate disable
+        set dstaddr-negate disable
+        set dstaddr6-negate disable
+        set service-negate disable
+        set timeout-send-rst disable
+        set captive-portal-exempt disable
+        set dsri disable
+        set radius-mac-auth-bypass disable
+        set delay-tcp-npu-session disable
+        unset vlan-filter
+        set traffic-shaper ''
+        set traffic-shaper-reverse ''
+        set per-ip-shaper ''
+    next
+    edit 1
+        set status enable
+        set name "Internet_Access"
+        set uuid bfdac172-9fbc-51ec-a83b-8104f6e36fd1
+        set srcintf "Inside_Zone"
+        set dstintf "Outside_Zone"
+        set action accept
+        set ztna-status disable
+        set srcaddr "IPv4-Private-All-RFC1918"
+        set dstaddr "all"
+        set internet-service disable
+        set internet-service-src disable
+        unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
+        set rtp-nat disable
+        set schedule "always"
+        set schedule-timeout disable
+        set policy-expiry disable
+        set service "ALL"
+        set tos-mask 0x00
+        set anti-replay enable
+        set dynamic-shaping disable
+        set passive-wan-health-measurement disable
+        set utm-status enable
+        set inspection-mode flow
+        set profile-type single
+        set profile-protocol-options "default"
+        set ssl-ssh-profile "certificate-inspection"
+        set av-profile ''
+        set webfilter-profile ''
+        set dnsfilter-profile ''
+        set emailfilter-profile ''
+        set dlp-profile ''
+        set file-filter-profile ''
+        set ips-sensor "g-default"
+        set application-list ''
+        set voip-profile ''
+        set ips-voip-filter ''
+        set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
+        set logtraffic utm
+        set logtraffic-start disable
+        set capture-packet disable
+        set auto-asic-offload enable
+        set np-acceleration enable
+        set nat enable
+        set pcp-outbound disable
+        set pcp-inbound disable
+        set permit-any-host disable
+        set permit-stun-host disable
+        set fixedport disable
+        set port-preserve enable
+        set ippool enable
+        set poolname "Outside_Pool"
+        set session-ttl 0
+        set vlan-cos-fwd 255
+        set vlan-cos-rev 255
+        set fec disable
+        set wccp disable
+        set disclaimer disable
+        set email-collect disable
+        set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
+        set diffserv-forward disable
+        set diffserv-reverse disable
+        set tcp-mss-sender 0
+        set tcp-mss-receiver 0
+        set comments ''
+        set block-notification disable
+        set replacemsg-override-group ''
+        set srcaddr-negate disable
+        set srcaddr6-negate disable
+        set dstaddr-negate disable
+        set dstaddr6-negate disable
+        set service-negate disable
+        set timeout-send-rst disable
+        set captive-portal-exempt disable
+        set dsri disable
+        set radius-mac-auth-bypass disable
+        set delay-tcp-npu-session disable
+        unset vlan-filter
+        set traffic-shaper ''
+        set traffic-shaper-reverse ''
+        set per-ip-shaper ''
+    next
+end
+config firewall shaping-policy
+end
+config firewall shaping-profile
+end
+config firewall local-in-policy
+end
+config firewall local-in-policy6
+end
+config firewall ttl-policy
+end
+config firewall proxy-policy
+end
+config firewall dnstranslation
+end
+config firewall multicast-policy
+end
+config firewall multicast-policy6
+end
+config firewall interface-policy
+end
+config firewall interface-policy6
+end
+config firewall DoS-policy
+end
+config firewall DoS-policy6
+end
+config firewall sniffer
+end
+config firewall on-demand-sniffer
+end
+config firewall acl
+end
+config firewall acl6
+end
+config firewall central-snat-map
+end
+config firewall ip-translation
+end
+config authentication scheme
+end
+config authentication rule
+end
+config authentication setting
+    set active-auth-scheme ''
+    set sso-auth-scheme ''
+    set update-time 0000-00-00 00:00:00
+    set persistent-cookie enable
+    set ip-auth-cookie disable
+    set cookie-max-age 480
+    set cookie-refresh-div 2
+    set captive-portal-type fqdn
+    set captive-portal ''
+    set captive-portal6 ''
+    set cert-auth disable
+    set captive-portal-port 7830
+    set auth-https enable
+    set captive-portal-ssl-port 7831
+end
+config system speed-test-schedule
+end
+config switch-controller switch-interface-tag
+end
+config switch-controller 802-1X-settings
+    set link-down-auth set-unauth
+    set reauth-period 60
+    set max-reauth-attempt 3
+    set tx-period 30
+    set mab-reauth disable
+    set mac-username-delimiter hyphen
+    set mac-password-delimiter hyphen
+    set mac-calling-station-delimiter hyphen
+    set mac-called-station-delimiter hyphen
+    set mac-case lowercase
+end
+config switch-controller security-policy 802-1X
+    edit "802-1X-policy-default"
+        set security-mode 802.1X
+        set user-group "SSO_Guest_Users"
+        set mac-auth-bypass disable
+        set open-auth disable
+        set eap-passthru enable
+        set eap-auto-untagged-vlans enable
+        set guest-vlan disable
+        set guest-auth-delay 30
+        set auth-fail-vlan disable
+        set framevid-apply enable
+        set radius-timeout-overwrite disable
+        set policy-type 802.1X
+        set authserver-timeout-vlan disable
+        set dacl disable
+    next
+end
+config switch-controller security-policy local-access
+    edit "default"
+        set mgmt-allowaccess https ping ssh
+        set internal-allowaccess https ping ssh
+    next
+end
+config switch-controller location
+end
+config switch-controller lldp-settings
+    set tx-hold 4
+    set tx-interval 30
+    set fast-start-interval 2
+    set management-interface internal
+    set device-detection enable
+end
+config switch-controller lldp-profile
+    edit "default"
+        set med-tlvs inventory-management network-policy location-identification
+        unset 802.1-tlvs
+        unset 802.3-tlvs
+        set auto-isl disable
+        config med-network-policy
+            edit "voice"
+                set status disable
+            next
+            edit "voice-signaling"
+                set status disable
+            next
+            edit "guest-voice"
+                set status disable
+            next
+            edit "guest-voice-signaling"
+                set status disable
+            next
+            edit "softphone-voice"
+                set status disable
+            next
+            edit "video-conferencing"
+                set status disable
+            next
+            edit "streaming-video"
+                set status disable
+            next
+            edit "video-signaling"
+                set status disable
+            next
+        end
+        config med-location-service
+            edit "coordinates"
+                set status disable
+            next
+            edit "address-civic"
+                set status disable
+            next
+            edit "elin-number"
+                set status disable
+            next
+        end
+    next
+    edit "default-auto-isl"
+        unset med-tlvs
+        unset 802.1-tlvs
+        unset 802.3-tlvs
+        set auto-isl enable
+        set auto-isl-hello-timer 3
+        set auto-isl-receive-timeout 60
+        set auto-isl-port-group 0
+        set auto-mclag-icl disable
+        set auto-isl-auth legacy
+    next
+    edit "default-auto-mclag-icl"
+        unset med-tlvs
+        unset 802.1-tlvs
+        unset 802.3-tlvs
+        set auto-isl enable
+        set auto-isl-hello-timer 3
+        set auto-isl-receive-timeout 60
+        set auto-isl-port-group 0
+        set auto-mclag-icl enable
+        set auto-isl-auth legacy
+    next
+end
+config switch-controller qos dot1p-map
+    edit "voice-dot1p"
+        set description ''
+        set egress-pri-tagging disable
+        set priority-0 queue-4
+        set priority-1 queue-4
+        set priority-2 queue-3
+        set priority-3 queue-2
+        set priority-4 queue-3
+        set priority-5 queue-1
+        set priority-6 queue-2
+        set priority-7 queue-2
+    next
+end
+config switch-controller qos ip-dscp-map
+    edit "voice-dscp"
+        set description ''
+        config map
+            edit "1"
+                set cos-queue 1
+                set value 46
+            next
+            edit "2"
+                set cos-queue 2
+                set value 24,26,48,56
+            next
+            edit "5"
+                set cos-queue 3
+                set value 34
+            next
+        end
+    next
+end
+config switch-controller qos queue-policy
+    edit "default"
+        set schedule round-robin
+        set rate-by kbps
+        config cos-queue
+            edit "queue-0"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-1"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-2"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-3"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-4"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-5"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-6"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-7"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+        end
+    next
+    edit "voice-egress"
+        set schedule weighted
+        set rate-by kbps
+        config cos-queue
+            edit "queue-0"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-1"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 0
+            next
+            edit "queue-2"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 6
+            next
+            edit "queue-3"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 37
+            next
+            edit "queue-4"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 12
+            next
+            edit "queue-5"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-6"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-7"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+        end
+    next
+end
+config switch-controller qos qos-policy
+    edit "default"
+        set default-cos 0
+        set trust-dot1p-map ''
+        set trust-ip-dscp-map ''
+        set queue-policy "default"
+    next
+    edit "voice-qos"
+        set default-cos 0
+        set trust-dot1p-map "voice-dot1p"
+        set trust-ip-dscp-map "voice-dscp"
+        set queue-policy "voice-egress"
+    next
+end
+config switch-controller storm-control-policy
+    edit "default"
+        set description "default storm control on all port"
+        set storm-control-mode global
+    next
+    edit "auto-config"
+        set description "storm control policy for fortilink-isl-icl port"
+        set storm-control-mode disabled
+    next
+end
+config switch-controller auto-config policy
+    edit "pse"
+        set qos-policy "default"
+        set storm-control-policy "auto-config"
+        set poe-status enable
+        set igmp-flood-report disable
+        set igmp-flood-traffic disable
+    next
+    edit "default"
+        set qos-policy "default"
+        set storm-control-policy "auto-config"
+        set poe-status enable
+        set igmp-flood-report disable
+        set igmp-flood-traffic disable
+    next
+    edit "default-icl"
+        set qos-policy "default"
+        set storm-control-policy "auto-config"
+        set poe-status disable
+        set igmp-flood-report enable
+        set igmp-flood-traffic enable
+    next
+end
+config switch-controller auto-config default
+    set fgt-policy "default"
+    set isl-policy "default"
+    set icl-policy "default-icl"
+end
+config switch-controller auto-config custom
+end
+config switch-controller initial-config template
+    edit "_default"
+        set vlanid 1
+        unset allowaccess
+        set dhcp-server disable
+    next
+    edit "quarantine"
+        set vlanid 4093
+        unset allowaccess
+        set auto-ip enable
+        set dhcp-server enable
+    next
+    edit "rspan"
+        set vlanid 4092
+        unset allowaccess
+        set auto-ip enable
+        set dhcp-server enable
+    next
+    edit "voice"
+        set vlanid 4091
+        unset allowaccess
+        set dhcp-server disable
+    next
+    edit "video"
+        set vlanid 4090
+        unset allowaccess
+        set dhcp-server disable
+    next
+    edit "onboarding"
+        set vlanid 4089
+        unset allowaccess
+        set dhcp-server disable
+    next
+    edit "nac_segment"
+        set vlanid 4088
+        unset allowaccess
+        set auto-ip enable
+        set dhcp-server enable
+    next
+end
+config switch-controller initial-config vlans
+    set default-vlan "_default"
+    set quarantine "quarantine"
+    set rspan "rspan"
+    set voice "voice"
+    set video "video"
+    set nac "onboarding"
+    set nac-segment "nac_segment"
+end
+config switch-controller switch-profile
+    edit "default"
+        set login-passwd-override disable
+        set login enable
+        set revision-backup-on-logout disable
+        set revision-backup-on-upgrade disable
+    next
+end
+config switch-controller custom-command
+end
+config switch-controller virtual-port-pool
+end
+config switch-controller ptp profile
+    edit "default"
+        set description ''
+        set mode transparent-e2e
+    next
+end
+config switch-controller ptp interface-policy
+    edit "default"
+        set description ''
+        set vlan ''
+        set vlan-pri 4
+    next
+end
+config switch-controller vlan-policy
+end
+config switch-controller acl ingress
+end
+config switch-controller acl group
+end
+config switch-controller dynamic-port-policy
+end
+config switch-controller managed-switch
+end
+config switch-controller switch-group
+end
+config switch-controller stp-settings
+    set name ''
+    set revision 0
+    set hello-time 2
+    set forward-time 15
+    set max-age 20
+    set max-hops 20
+end
+config switch-controller stp-instance
+end
+config switch-controller storm-control
+    set rate 500
+    set unknown-unicast disable
+    set unknown-multicast disable
+    set broadcast disable
+end
+config switch-controller global
+    set mac-aging-interval 300
+    set https-image-push enable
+    set vlan-optimization enable
+    set vlan-identity name
+    set mac-retention-period 24
+    set default-virtual-switch-vlan ''
+    set dhcp-server-access-list disable
+    set dhcp-option82-format ascii
+    set dhcp-option82-circuit-id intfname vlan mode
+    set dhcp-option82-remote-id mac
+    set dhcp-snoop-client-req drop-untrusted
+    set dhcp-snoop-client-db-exp 86400
+    set dhcp-snoop-db-per-port-learn-limit 64
+    set log-mac-limit-violations disable
+    set sn-dns-resolution enable
+    set mac-event-logging disable
+    set bounce-quarantined-link disable
+    set quarantine-mode by-vlan
+    set update-user-device mac-cache lldp dhcp-snooping l2-db l3-db
+    set fips-enforce enable
+    set firmware-provision-on-authorization disable
+    set switch-on-deauth no-op
+end
+config switch-controller switch-log
+    set status enable
+    set severity notification
+end
+config switch-controller igmp-snooping
+    set aging-time 300
+    set flood-unknown-multicast disable
+    set query-interval 125
+end
+config switch-controller sflow
+    set collector-ip 0.0.0.0
+    set collector-port 6343
+end
+config switch-controller network-monitor-settings
+    set network-monitoring disable
+end
+config switch-controller flow-tracking
+    set sample-mode perimeter
+    set sample-rate 512
+    set format netflow9
+    set level ip
+    set max-export-pkt-size 512
+    set template-export-period 5
+    set timeout-general 3600
+    set timeout-icmp 300
+    set timeout-max 604800
+    set timeout-tcp 3600
+    set timeout-tcp-fin 300
+    set timeout-tcp-rst 120
+    set timeout-udp 300
+end
+config switch-controller snmp-sysinfo
+    set status disable
+    set engine-id ''
+    set description ''
+    set contact-info ''
+    set location ''
+end
+config switch-controller snmp-trap-threshold
+    set trap-high-cpu-threshold 80
+    set trap-low-memory-threshold 80
+    set trap-log-full-threshold 90
+end
+config switch-controller snmp-community
+end
+config switch-controller snmp-user
+end
+config switch-controller traffic-sniffer
+    set mode erspan-auto
+    set erspan-ip 0.0.0.0
+end
+config switch-controller remote-log
+    edit "syslogd"
+        set status disable
+    next
+    edit "syslogd2"
+        set status disable
+    next
+end
+config switch-controller mac-policy
+end
+config wireless-controller setting
+    set account-id ''
+    set country US
+    set duplicate-ssid disable
+    set fapc-compatibility disable
+    set wfa-compatibility disable
+    set phishing-ssid-detect enable
+    set fake-ssid-action log
+    set device-weight 1
+    set device-holdoff 5
+    set device-idle 1440
+    set firmware-provision-on-authorization disable
+    set rolling-wtp-upgrade disable
+    set darrp-optimize 86400
+    set darrp-optimize-schedules "default-darrp-optimize"
+end
+config wireless-controller log
+    set status enable
+    set addrgrp-log notification
+    set ble-log notification
+    set clb-log notification
+    set dhcp-starv-log notification
+    set led-sched-log notification
+    set radio-event-log notification
+    set rogue-event-log notification
+    set sta-event-log notification
+    set sta-locate-log notification
+    set wids-log notification
+    set wtp-event-log notification
+    set wtp-fips-event-log notification
+end
+config wireless-controller apcfg-profile
+end
+config wireless-controller bonjour-profile
+end
+config wireless-controller arrp-profile
+    edit "arrp-default"
+        set comment ''
+        set selection-period 3600
+        set monitor-period 300
+        set weight-managed-ap 50
+        set weight-rogue-ap 10
+        set weight-noise-floor 40
+        set weight-channel-load 20
+        set weight-spectral-rssi 40
+        set weight-weather-channel 0
+        set weight-dfs-channel 0
+        set threshold-ap 250
+        set threshold-noise-floor "-85"
+        set threshold-channel-load 60
+        set threshold-spectral-rssi "-65"
+        set threshold-tx-retries 300
+        set threshold-rx-errors 50
+        set include-weather-channel enable
+        set include-dfs-channel enable
+        set override-darrp-optimize disable
+    next
+end
+config wireless-controller region
+end
+config wireless-controller vap-group
+end
+config wireless-controller wids-profile
+    edit "default"
+        set comment "Default WIDS profile."
+        set sensor-mode disable
+        set ap-scan enable
+        set ap-bgscan-period 600
+        set ap-bgscan-intv 1
+        set ap-bgscan-duration 20
+        set ap-bgscan-idle 0
+        set ap-bgscan-report-intv 30
+        set ap-fgscan-report-intv 15
+        set ap-scan-passive disable
+        set ap-scan-threshold "-90"
+        set wireless-bridge enable
+        set deauth-broadcast enable
+        set null-ssid-probe-resp enable
+        set long-duration-attack enable
+        set long-duration-thresh 8200
+        set invalid-mac-oui enable
+        set weak-wep-iv enable
+        set auth-frame-flood enable
+        set auth-flood-time 10
+        set auth-flood-thresh 30
+        set assoc-frame-flood enable
+        set assoc-flood-time 10
+        set assoc-flood-thresh 30
+        set spoofed-deauth enable
+        set asleap-attack enable
+        set eapol-start-flood enable
+        set eapol-start-thresh 10
+        set eapol-start-intv 1
+        set eapol-logoff-flood enable
+        set eapol-logoff-thresh 10
+        set eapol-logoff-intv 1
+        set eapol-succ-flood enable
+        set eapol-succ-thresh 10
+        set eapol-succ-intv 1
+        set eapol-fail-flood enable
+        set eapol-fail-thresh 10
+        set eapol-fail-intv 1
+        set eapol-pre-succ-flood enable
+        set eapol-pre-succ-thresh 10
+        set eapol-pre-succ-intv 1
+        set eapol-pre-fail-flood enable
+        set eapol-pre-fail-thresh 10
+        set eapol-pre-fail-intv 1
+        set deauth-unknown-src-thresh 10
+    next
+    edit "default-wids-apscan-enabled"
+        set comment ''
+        set sensor-mode disable
+        set ap-scan enable
+        set ap-bgscan-period 600
+        set ap-bgscan-intv 1
+        set ap-bgscan-duration 20
+        set ap-bgscan-idle 0
+        set ap-bgscan-report-intv 30
+        set ap-fgscan-report-intv 15
+        set ap-scan-passive disable
+        set ap-scan-threshold "-90"
+        set wireless-bridge disable
+        set deauth-broadcast disable
+        set null-ssid-probe-resp disable
+        set long-duration-attack disable
+        set long-duration-thresh 8200
+        set invalid-mac-oui disable
+        set weak-wep-iv disable
+        set auth-frame-flood disable
+        set assoc-frame-flood disable
+        set spoofed-deauth disable
+        set asleap-attack disable
+        set eapol-start-flood disable
+        set eapol-logoff-flood disable
+        set eapol-succ-flood disable
+        set eapol-fail-flood disable
+        set eapol-pre-succ-flood disable
+        set eapol-pre-fail-flood disable
+        set deauth-unknown-src-thresh 10
+    next
+end
+config wireless-controller ble-profile
+    edit "fortiap-discovery"
+        set comment ''
+        set advertising ibeacon eddystone-uid eddystone-url
+        set ibeacon-uuid "wtp-uuid"
+        set major-id 1000
+        set minor-id 2000
+        set eddystone-namespace "0102030405"
+        set eddystone-instance "abcdef"
+        set eddystone-url "http://www.fortinet.com"
+        set txpower 0
+        set beacon-interval 100
+        set ble-scanning disable
+        set scan-type active
+        set scan-threshold "-90"
+    next
+end
+config wireless-controller syslog-profile
+end
+config wireless-controller wtp-profile
+end
+config wireless-controller wtp
+end
+config wireless-controller wtp-group
+end
+config wireless-controller qos-profile
+end
+config wireless-controller wag-profile
+end
+config wireless-controller snmp
+    set engine-id ''
+    set contact-info ''
+    set trap-high-cpu-threshold 80
+    set trap-high-mem-threshold 80
+end
+config wireless-controller mpsk-profile
+end
+config wireless-controller nac-profile
+end
+config wireless-controller ssid-policy
+end
+config wireless-controller access-control-list
+end
+config wireless-controller ap-status
+end
+config user nac-policy
+end
+config extension-controller dataplan
+end
+config extension-controller extender-vap
+end
+config extension-controller extender-profile
+end
+config extension-controller extender
+end
+config extension-controller fortigate-profile
+end
+config extension-controller fortigate
+end
+config system ips
+    set signature-hold-time 0h
+end
+config endpoint-control settings
+    set override disable
+end
+config ips custom
+end
+config ips settings
+    set packet-log-history 1
+    set packet-log-post-attack 0
+    set ips-packet-quota 0
+    set proxy-inline-ips disable
+end
+config alertemail setting
+    set username ''
+    set mailto1 ''
+    set mailto2 ''
+    set mailto3 ''
+    set filter-mode category
+    set email-interval 5
+    set IPS-logs disable
+    set firewall-authentication-failure-logs disable
+    set IPsec-errors-logs disable
+    set PPP-errors-logs disable
+    set sslvpn-authentication-errors-logs disable
+    set antivirus-logs disable
+    set webfilter-logs disable
+    set configuration-changes-logs disable
+    set violation-traffic-logs disable
+    set admin-login-logs disable
+    set log-disk-usage-warning disable
+    set FSSO-disconnect-logs disable
+    set ssh-logs disable
+    set local-disk-usage 75
+end
+config router access-list
+end
+config router access-list6
+end
+config router aspath-list
+end
+config router prefix-list
+end
+config router prefix-list6
+end
+config router key-chain
+end
+config router community-list
+end
+config router extcommunity-list
+end
+config router route-map
+end
+config router rip
+    set default-information-originate disable
+    set default-metric 1
+    set max-out-metric 0
+    config redistribute "connected"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "static"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "ospf"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "bgp"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "isis"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    set update-timer 30
+    set timeout-timer 180
+    set garbage-timer 120
+    set version 2
+end
+config router ripng
+    set default-information-originate disable
+    set default-metric 1
+    set max-out-metric 0
+    config redistribute "connected"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "static"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "ospf"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "bgp"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "isis"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    set update-timer 30
+    set timeout-timer 180
+    set garbage-timer 120
+end
+config router static
+end
+config router policy
+end
+config router policy6
+end
+config router static6
+end
+config router ospf
+    set abr-type standard
+    set auto-cost-ref-bandwidth 1000
+    set distance-external 110
+    set distance-inter-area 110
+    set distance-intra-area 110
+    set database-overflow disable
+    set database-overflow-max-lsas 10000
+    set database-overflow-time-to-recover 300
+    set default-information-originate disable
+    set default-information-metric 10
+    set default-information-metric-type 2
+    set default-information-route-map ''
+    set default-metric 10
+    set distance 110
+    set rfc1583-compatible disable
+    set router-id 0.0.0.0
+    set spf-timers 5 10
+    set bfd disable
+    set log-neighbour-changes enable
+    set distribute-list-in ''
+    set distribute-route-map-in ''
+    set restart-mode none
+    config redistribute "connected"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+        set tag 0
+    end
+    config redistribute "static"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+        set tag 0
+    end
+    config redistribute "rip"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+        set tag 0
+    end
+    config redistribute "bgp"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+        set tag 0
+    end
+    config redistribute "isis"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+        set tag 0
+    end
+end
+config router ospf6
+    set abr-type standard
+    set auto-cost-ref-bandwidth 1000
+    set default-information-originate disable
+    set log-neighbour-changes enable
+    set default-information-metric 10
+    set default-information-metric-type 2
+    set default-information-route-map ''
+    set default-metric 10
+    set router-id 0.0.0.0
+    set spf-timers 5 10
+    set bfd disable
+    set restart-mode none
+    config redistribute "connected"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+    end
+    config redistribute "static"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+    end
+    config redistribute "rip"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+    end
+    config redistribute "bgp"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+    end
+    config redistribute "isis"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+    end
+end
+config router bgp
+    unset as
+    set keepalive-timer 60
+    set holdtime-timer 180
+    set always-compare-med disable
+    set bestpath-as-path-ignore disable
+    set bestpath-cmp-confed-aspath disable
+    set bestpath-cmp-routerid disable
+    set bestpath-med-confed disable
+    set bestpath-med-missing-as-worst disable
+    set client-to-client-reflection enable
+    set dampening disable
+    set deterministic-med disable
+    set ebgp-multipath disable
+    set ibgp-multipath disable
+    set enforce-first-as enable
+    set fast-external-failover enable
+    set log-neighbour-changes enable
+    set network-import-check enable
+    set ignore-optional-capability enable
+    set multipath-recursive-distance disable
+    set recursive-next-hop disable
+    set recursive-inherit-priority disable
+    set tag-resolve-mode disable
+    set cluster-id 0.0.0.0
+    set confederation-identifier 0
+    set default-local-preference 100
+    set scan-time 60
+    set distance-external 20
+    set distance-internal 200
+    set distance-local 200
+    set synchronization disable
+    set graceful-restart disable
+    set cross-family-conditional-adv disable
+    config redistribute "connected"
+        set status disable
+        set route-map ''
+    end
+    config redistribute "rip"
+        set status disable
+        set route-map ''
+    end
+    config redistribute "ospf"
+        set status disable
+        set route-map ''
+    end
+    config redistribute "static"
+        set status disable
+        set route-map ''
+    end
+    config redistribute "isis"
+        set status disable
+        set route-map ''
+    end
+    config redistribute6 "connected"
+        set status disable
+        set route-map ''
+    end
+    config redistribute6 "rip"
+        set status disable
+        set route-map ''
+    end
+    config redistribute6 "ospf"
+        set status disable
+        set route-map ''
+    end
+    config redistribute6 "static"
+        set status disable
+        set route-map ''
+    end
+    config redistribute6 "isis"
+        set status disable
+        set route-map ''
+    end
+end
+config router isis
+    set is-type level-1-2
+    set adv-passive-only disable
+    set adv-passive-only6 disable
+    set auth-mode-l1 password
+    set auth-mode-l2 password
+    set auth-password-l1 ENC fDZ6r0dILMnuERQkdHeosBGQ15XHLUjurLrXwtA/PhJo+4JrDGS+3sh3bfrxhg/Dap4ZeGdPv3ljHkM6wZ6m1MfrDVsjMPGWWmtUBAEez7zDsKqakWveXXiYt6IZMS01vnZm6gnvo2u+cM+XFpMVa+ezK8lV8OMOFusRns0VPN5JXji3+tUP/DqInylK9Q57z+yujllmMjY3dkVA
+    set auth-password-l2 ENC EpENyWl+/TCkioFvUBFE/+QJ3e8sO5+dGTYQMjBHRXbXQjsO1DefFXEYMfO5IOLlw+HTcK/vOAE6ykJM5toZfxVunK9jME+FSZ1R+jZb4GOpiez7aE4ZrF5o/8kMs2QEClU3uOB/xorVyoAK4YNCHGQjREEFPAUeMeInV/z6OYvTIKvQGoVm2QL1fGSLG2CjYx2iwllmMjY3dkVA
+    set auth-sendonly-l1 disable
+    set auth-sendonly-l2 disable
+    set ignore-lsp-errors disable
+    set lsp-gen-interval-l1 30
+    set lsp-gen-interval-l2 30
+    set lsp-refresh-interval 900
+    set max-lsp-lifetime 1200
+    set spf-interval-exp-l1 500 50000
+    set spf-interval-exp-l2 500 50000
+    set dynamic-hostname disable
+    set adjacency-check disable
+    set adjacency-check6 disable
+    set overload-bit disable
+    unset overload-bit-suppress
+    set overload-bit-on-startup 0
+    set default-originate disable
+    set default-originate6 disable
+    set metric-style narrow
+    set redistribute-l1 disable
+    set redistribute-l2 disable
+    set redistribute6-l1 disable
+    set redistribute6-l2 disable
+    config redistribute "connected"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute "rip"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute "ospf"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute "bgp"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute "static"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute6 "connected"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute6 "rip"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute6 "ospf"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute6 "bgp"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute6 "static"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+end
+config router multicast-flow
+end
+config router multicast
+    set route-limit 2147483647
+    set multicast-routing disable
+    config pim-sm-global
+        set message-interval 60
+        set join-prune-holdtime 210
+        set accept-register-list ''
+        set accept-source-list ''
+        set bsr-candidate disable
+        set bsr-allow-quick-refresh disable
+        set cisco-register-checksum disable
+        set cisco-crp-prefix disable
+        set cisco-ignore-rp-set-priority disable
+        set register-rp-reachability enable
+        set register-source disable
+        set register-supression 60
+        set null-register-retries 1
+        set rp-register-keepalive 185
+        set spt-threshold enable
+        set ssm disable
+        set register-rate-limit 0
+        set pim-use-sdwan disable
         set spt-threshold-group ''
     end
 end
@@ -40204,6 +62199,7 @@ config system stp
 end
 config system settings
     set comments ''
+    set vdom-type traffic
     set opmode nat
     set policy-offload-level disable
     set ngfw-mode profile-based
@@ -40226,11 +62222,14 @@ config system settings
     set nat46-generate-ipv6-fragment-header disable
     set nat46-force-ipv4-packet-forwarding disable
     set nat64-force-ipv6-packet-forwarding enable
+    set detect-unknown-esp enable
+    set intree-ses-best-route disable
     set auxiliary-session disable
     set asymroute disable
     set asymroute-icmp disable
     set tcp-session-without-syn disable
     set ses-denied-traffic disable
+    set ses-denied-multicast-traffic disable
     set strict-src-check disable
     set allow-linkdown-path disable
     set asymroute6 disable
@@ -40252,6 +62251,7 @@ config system settings
     set discovered-device-timeout 28
     set email-portal-check-dns enable
     set default-voip-alg-mode proxy-based
+    set gui-proxy-inspection enable
     set gui-icap disable
     set gui-implicit-policy enable
     set gui-dns-database disable
@@ -40259,6 +62259,7 @@ config system settings
     set gui-multicast-policy disable
     set gui-dos-policy enable
     set gui-object-colors enable
+    set gui-route-tag-address-creation disable
     set gui-voip-profile enable
     set gui-ap-profile enable
     set gui-security-profile-group disable
@@ -40274,11 +62275,11 @@ config system settings
     set gui-file-filter disable
     set gui-application-control enable
     set gui-ips enable
-    set gui-endpoint-control enable
-    set gui-endpoint-control-advanced disable
     set gui-dhcp-advanced enable
     set gui-vpn enable
+    set gui-sslvpn enable
     set gui-wireless-controller disable
+    set gui-advanced-wireless-features disable
     set gui-switch-controller disable
     set gui-fortiap-split-tunneling disable
     set gui-webfilter-advanced disable
@@ -40289,20 +62290,34 @@ config system settings
     set gui-videofilter enable
     set gui-dnsfilter disable
     set gui-waf-profile disable
+    set gui-dlp-profile disable
+    set gui-virtual-patch-profile disable
+    set gui-casb disable
+    set gui-fortiextender-controller disable
     set gui-advanced-policy enable
     set gui-allow-unnamed-policy enable
     set gui-email-collection disable
     set gui-multiple-interface-policy enable
     set gui-policy-disclaimer disable
     set gui-ztna enable
+    set gui-ot disable
+    set gui-dynamic-device-os-id disable
     set location-id 0.0.0.0
     set ike-session-resume disable
     set ike-quick-crash-detect disable
     set ike-dn-format with-space
     set ike-port 500
+    set ike-tcp-port 4500
     set ike-policy-route disable
     set block-land-attack disable
     set application-bandwidth-tracking disable
+    set fqdn-session-check disable
+    set ext-resource-session-check disable
+    set dyn-addr-session-check disable
+    set default-policy-expiry-days 30
+    set gui-enforce-change-summary require
+    set internet-service-database-cache disable
+    set internet-service-app-ctrl-size 32768
 end
 config system sit-tunnel
 end
@@ -40312,11 +62327,9 @@ config system ipv6-neighbor-cache
 end
 config system vdom-sflow
     set vdom-sflow disable
-    set interface-select-method auto
 end
 config system vdom-netflow
     set vdom-netflow disable
-    set interface-select-method auto
 end
 config system vdom-dns
     set vdom-dns disable
@@ -40354,6 +62367,32 @@ config system zone
     next
 end
 config firewall address
+    edit "EMS_ALL_UNKNOWN_CLIENTS"
+        set uuid 4bea81ee-c0f6-51f0-81c4-ac67b6340985
+        set type dynamic
+        set sub-type ems-tag
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set fabric-object disable
+        set obj-tag ''
+        set obj-type ip
+        set tag-detection-level ''
+        set tag-type ''
+    next
+    edit "EMS_ALL_UNMANAGEABLE_CLIENTS"
+        set uuid 4bea23ac-c0f6-51f0-e19e-1a8b5f593de6
+        set type dynamic
+        set sub-type ems-tag
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set fabric-object disable
+        set obj-tag ''
+        set obj-type ip
+        set tag-detection-level ''
+        set tag-type ''
+    next
     edit "SSLVPN_TUNNEL_ADDR1"
         set uuid e532a73a-7e12-51ec-eaa4-fd80b5cf2433
         set type iprange
@@ -45636,10 +67675,10 @@ config firewall addrgrp
         set type default
         set category default
         set uuid c478eae8-103f-51ee-dbce-9ac9740ebb59
+        set allow-routing enable
         set member "City_Side_VoIP_1_Park_Place_A" "City_Side_VoIP_1_Park_Place_B"
         set comment ''
         set color 28
-        set allow-routing enable
         set fabric-object disable
     next
     edit "SchoolTool_Cloud_Internal"
@@ -45826,10 +67865,10 @@ config firewall addrgrp
         set type default
         set category default
         set uuid aa686434-3812-51ef-7899-4b9bccb37ebf
+        set allow-routing enable
         set member "City_Side_CGR_01" "City_Side_CGR_02"
         set comment "City Lights CGR Subnets on their side."
         set color 28
-        set allow-routing enable
         set fabric-object disable
     next
     edit "Access_Control_VLAN_72_Group"
@@ -45856,20 +67895,20 @@ config firewall addrgrp
         set type default
         set category default
         set uuid aa6adb24-3812-51ef-571f-95a97db26ef6
+        set allow-routing enable
         set member "City_Side_VoIP_30" "City_Side_VoIP_56" "City_Side_VoIP_61" "City_Side_VoIP_62" "City_Side_VoIP_63" "City_Side_VoIP_64" "City_Side_VoIP_65" "City_Side_VoIP_66" "City_Side_VoIP_67" "City_Side_VoIP_68" "City_Side_VoIP_72" "City_Side_VoIP_74" "City_Side_VoIP_75" "City_Side_VoIP_76" "City_Side_VoIP_77" "City_Side_VoIP_88" "City_Side_VoIP_132" "City_Side_VoIP_1_Park_Place_A" "City_Side_VoIP_1_Park_Place_B" "City_Side_VoIP_Router_A" "City_Side_VoIP_Router_B"
         set comment "City VoIP Group - except Parks and Water Recorder"
         set color 28
-        set allow-routing enable
         set fabric-object disable
     next
     edit "SPD_Side_Firewall_Group"
         set type default
         set category default
         set uuid aa6d9634-3812-51ef-6a32-4cf9774f0418
+        set allow-routing enable
         set member "SPD_Side_A" "SPD_Side_B"
         set comment "IP Range of SPD Side Firewalls"
         set color 2
-        set allow-routing enable
         set fabric-object disable
     next
     edit "Country Allow"
@@ -45896,10 +67935,10 @@ config firewall addrgrp
         set type default
         set category default
         set uuid aa700f9a-3812-51ef-0b35-4e734284056a
+        set allow-routing enable
         set member "NVR-NOC" "NVR-FAILOVER" "NVR-RING1-CLAR" "NVR-RING1-CLAR2" "NVR-RING1-CORC" "NVR-RING1-CORC2" "NVR-RING2-DANF" "NVR-RING2-DANF2" "NVR-RING3-PSLA" "NVR-RING3-PSLA2" "NVR-RING4-BLOD" "NVR-RING4-FRAZ" "NVR-RING5-CENT" "NVR-RING6-EDSM" "NVR-RING6-HWSM" "NVR-RING6-HWSM2" "NVR-RING6-NOTT" "NVR-RING7-BELL" "NVR-RING7-GRAN" "NVR-RING7-GRAN2" "NVR-RING8-HENN" "NVR-RING8-HENN2" "NVR-RING8-HUNT" "Genetec-Dir" "Genetec-DirBU" "Genetec-Media" "Genetec-MRouter"
         set comment "District NVRs and Genetec Servers for SPD Federation"
         set color 2
-        set allow-routing enable
         set fabric-object disable
     next
     edit "MS_Teams_External_Group"
@@ -45916,20 +67955,20 @@ config firewall addrgrp
         set type default
         set category default
         set uuid aa73bee2-3812-51ef-edf2-99e1febb065d
+        set allow-routing enable
         set member "DataTools" "ST_Internal_2"
         set comment ''
         set color 0
-        set allow-routing enable
         set fabric-object disable
     next
     edit "SchoolTool_AWS_External"
         set type default
         set category default
         set uuid aa742c2e-3812-51ef-0138-94244ea9e863
+        set allow-routing enable
         set member "ST_External_4" "ST_External_5" "ST_External_6" "ST_External_1" "ST_External_2" "ST_External_3"
         set comment ''
         set color 0
-        set allow-routing enable
         set fabric-object disable
     next
     edit "HighStreet_Local"
@@ -45946,20 +67985,20 @@ config firewall addrgrp
         set type default
         set category default
         set uuid 18747224-0031-51f0-ab1a-753462a66a8a
+        set allow-routing enable
         set member "DPS_local_subnet_1"
         set comment "VPN: DPS (Created by VPN wizard)"
         set color 0
-        set allow-routing enable
         set fabric-object disable
     next
     edit "DPS_remote"
         set type default
         set category default
         set uuid 1877201e-0031-51f0-c53a-c65db3b7cf04
+        set allow-routing enable
         set member "DPS_remote_subnet_1"
         set comment "VPN: DPS (Created by VPN wizard)"
         set color 0
-        set allow-routing enable
         set fabric-object disable
     next
     edit "Nutanix_CVM"
@@ -46185,6 +68224,8 @@ config firewall wildcard-fqdn custom
 end
 config firewall wildcard-fqdn group
 end
+config firewall traffic-class
+end
 config firewall service category
     edit "General"
         set comment "General services."
@@ -46228,337 +68269,19 @@ config firewall service category
     next
 end
 config firewall service custom
-    edit "DNS"
+    edit "ALL"
+        set uuid 8b91433e-c0f9-51f0-d815-b351f2139bf0
         set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
+        set category "General"
+        set protocol IP
         set helper auto
-        set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 53
-        set udp-portrange 53
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "HTTP"
-        set proxy disable
-        set category "Web Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 80
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "HTTPS"
-        set proxy disable
-        set category "Web Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 443
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "IMAP"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 143
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "IMAPS"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 993
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "LDAP"
-        set proxy disable
-        set category "Authentication"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 389
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "DCE-RPC"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 135
-        set udp-portrange 135
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "POP3"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 110
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "POP3S"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 995
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SAMBA"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 139
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SMTP"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 25
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SMTPS"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 465
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "KERBEROS"
-        set proxy disable
-        set category "Authentication"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 88 464
-        set udp-portrange 88 464
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "LDAP_UDP"
-        set proxy disable
-        set category "Authentication"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 389
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SMB"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 445
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
+        set protocol-number 0
     next
     edit "FTP"
+        set uuid 8b914460-c0f9-51f0-3dc4-43aaafcb3d26
         set proxy disable
         set category "File Access"
         set protocol TCP/UDP/SCTP
@@ -46566,7 +68289,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -46581,6 +68303,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "FTP_GET"
+        set uuid 8b914532-c0f9-51f0-8140-eaef3ce8112b
         set proxy disable
         set category "File Access"
         set protocol TCP/UDP/SCTP
@@ -46588,7 +68311,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -46603,6 +68325,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "FTP_PUT"
+        set uuid 8b9145fa-c0f9-51f0-cf69-5f693eca039c
         set proxy disable
         set category "File Access"
         set protocol TCP/UDP/SCTP
@@ -46610,7 +68333,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -46624,18 +68346,338 @@ config firewall service custom
         set udp-idle-timer 0
         set session-ttl 0
     next
-    edit "ALL"
+    edit "DNS"
+        set uuid 97290d26-c0f9-51f0-069d-1c2e348ab517
         set proxy disable
-        set category "General"
-        set protocol IP
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
         set helper auto
+        set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
-        set protocol-number 0
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 53
+        set udp-portrange 53
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "HTTP"
+        set uuid 97291172-c0f9-51f0-c9bb-7c94e6411f9e
+        set proxy disable
+        set category "Web Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 80
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "HTTPS"
+        set uuid 972914e2-c0f9-51f0-6438-7ba28f777406
+        set proxy disable
+        set category "Web Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 443
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "IMAP"
+        set uuid 97291848-c0f9-51f0-ef57-e14ceb980aba
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 143
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "IMAPS"
+        set uuid 97291ba4-c0f9-51f0-228a-ae294018fe4b
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 993
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "LDAP"
+        set uuid 97291ef6-c0f9-51f0-0b9f-550b35abb193
+        set proxy disable
+        set category "Authentication"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 389
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "DCE-RPC"
+        set uuid 9729223e-c0f9-51f0-0890-84e6c592010c
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 135
+        set udp-portrange 135
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "POP3"
+        set uuid 972925e0-c0f9-51f0-153a-e686a95378b9
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 110
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "POP3S"
+        set uuid 97292928-c0f9-51f0-5149-b8dd8c1c2784
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 995
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SAMBA"
+        set uuid 97292c66-c0f9-51f0-b0ab-b9c1017649eb
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 139
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SMTP"
+        set uuid 97292fae-c0f9-51f0-eabc-36594ea46346
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 25
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SMTPS"
+        set uuid 972933b4-c0f9-51f0-6166-d72d8d9f371d
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 465
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "KERBEROS"
+        set uuid 972938fa-c0f9-51f0-02e7-71672c232645
+        set proxy disable
+        set category "Authentication"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 88 464
+        set udp-portrange 88 464
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "LDAP_UDP"
+        set uuid 97293cb0-c0f9-51f0-2872-9365e6c4f677
+        set proxy disable
+        set category "Authentication"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 389
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SMB"
+        set uuid 9729400c-c0f9-51f0-49ca-8bed026179eb
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 445
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
     next
     edit "ALL_TCP"
+        set uuid 972950b0-c0f9-51f0-d0aa-c0da2bf415d9
         set proxy disable
         set category "General"
         set protocol TCP/UDP/SCTP
@@ -46643,7 +68685,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -46658,6 +68699,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "ALL_UDP"
+        set uuid 9729542a-c0f9-51f0-75b8-5b95c8ce8f22
         set proxy disable
         set category "General"
         set protocol TCP/UDP/SCTP
@@ -46665,7 +68707,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -46680,61 +68721,62 @@ config firewall service custom
         set session-ttl 0
     next
     edit "ALL_ICMP"
+        set uuid 97295786-c0f9-51f0-aa38-f8d01c55a4aa
         set proxy disable
         set category "General"
         set protocol ICMP
         set helper auto
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         unset icmptype
     next
     edit "ALL_ICMP6"
+        set uuid 97295b14-c0f9-51f0-5220-5992500fdb5f
         set proxy disable
         set category "General"
         set protocol ICMP6
         set helper auto
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         unset icmptype
     next
     edit "GRE"
+        set uuid 97295ea2-c0f9-51f0-2301-c02e324830c5
         set proxy disable
         set category "Tunneling"
         set protocol IP
         set helper auto
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set protocol-number 47
     next
     edit "AH"
+        set uuid 97296230-c0f9-51f0-7e08-94790f64baa3
         set proxy disable
         set category "Tunneling"
         set protocol IP
         set helper auto
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set protocol-number 51
     next
     edit "ESP"
+        set uuid 972965c8-c0f9-51f0-811e-3c00ec7a9655
         set proxy disable
         set category "Tunneling"
         set protocol IP
         set helper auto
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set protocol-number 50
     next
     edit "AOL"
+        set uuid 9729694c-c0f9-51f0-2098-b0fc0cde9878
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -46742,7 +68784,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -46757,6 +68798,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "BGP"
+        set uuid 97296c1c-c0f9-51f0-200b-eca62f44a707
         set proxy disable
         set category "Network Services"
         set protocol TCP/UDP/SCTP
@@ -46764,7 +68806,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -46779,6 +68820,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "DHCP"
+        set uuid 97296f6e-c0f9-51f0-9c3f-ff33a5a8bcf4
         set proxy disable
         set category "Network Services"
         set protocol TCP/UDP/SCTP
@@ -46786,7 +68828,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -46801,6 +68842,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "FINGER"
+        set uuid 972972ca-c0f9-51f0-1154-c2157a472daf
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -46808,7 +68850,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -46823,6 +68864,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "GOPHER"
+        set uuid 97297590-c0f9-51f0-03b8-f6c37d53038e
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -46830,7 +68872,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -46845,6 +68886,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "H323"
+        set uuid 972978ec-c0f9-51f0-2763-ef9dd3f11ce1
         set proxy disable
         set category "VoIP, Messaging & Other Applications"
         set protocol TCP/UDP/SCTP
@@ -46852,7 +68894,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -46867,6 +68908,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "IKE"
+        set uuid 97297cc0-c0f9-51f0-cee8-edd286503ef3
         set proxy disable
         set category "Tunneling"
         set protocol TCP/UDP/SCTP
@@ -46874,7 +68916,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -46889,6 +68930,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "Internet-Locator-Service"
+        set uuid 9729801c-c0f9-51f0-78f0-fe77bc49ad4d
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -46896,7 +68938,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -46911,6 +68952,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "IRC"
+        set uuid 972982e2-c0f9-51f0-544f-36a475da6127
         set proxy disable
         set category "VoIP, Messaging & Other Applications"
         set protocol TCP/UDP/SCTP
@@ -46918,7 +68960,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -46933,6 +68974,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "L2TP"
+        set uuid 97298652-c0f9-51f0-4823-ceec3fbd7cb9
         set proxy disable
         set category "Tunneling"
         set protocol TCP/UDP/SCTP
@@ -46940,7 +68982,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -46955,6 +68996,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "NetMeeting"
+        set uuid 972989ea-c0f9-51f0-9e9b-5b1358089d89
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -46962,7 +69004,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -46977,6 +69018,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "NFS"
+        set uuid 97298ca6-c0f9-51f0-ee4f-e66f806b8562
         set proxy disable
         set category "File Access"
         set protocol TCP/UDP/SCTP
@@ -46984,7 +69026,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -46999,6 +69040,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "NNTP"
+        set uuid 97299048-c0f9-51f0-553a-0317759524a1
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -47006,7 +69048,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47021,6 +69062,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "NTP"
+        set uuid 972992fa-c0f9-51f0-2c81-e5582a8d1d29
         set proxy disable
         set category "Network Services"
         set protocol TCP/UDP/SCTP
@@ -47028,7 +69070,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47043,17 +69084,18 @@ config firewall service custom
         set session-ttl 0
     next
     edit "OSPF"
+        set uuid 972996a6-c0f9-51f0-af0c-a8155a80486c
         set proxy disable
         set category "Network Services"
         set protocol IP
         set helper auto
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set protocol-number 89
     next
     edit "PC-Anywhere"
+        set uuid 97299a34-c0f9-51f0-ef70-840374cf2a78
         set proxy disable
         set category "Remote Access"
         set protocol TCP/UDP/SCTP
@@ -47061,7 +69103,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47076,54 +69117,55 @@ config firewall service custom
         set session-ttl 0
     next
     edit "PING"
+        set uuid 97299dd6-c0f9-51f0-778a-e36519b5af0f
         set proxy disable
         set category "Network Services"
         set protocol ICMP
         set helper auto
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set icmptype 8
         unset icmpcode
     next
     edit "TIMESTAMP"
+        set uuid 9729a1b4-c0f9-51f0-51d6-a533bd0d997b
         set proxy disable
         set category ''
         set protocol ICMP
         set helper auto
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set icmptype 13
         unset icmpcode
     next
     edit "INFO_REQUEST"
+        set uuid 9729a506-c0f9-51f0-a072-f472db9cbfc0
         set proxy disable
         set category ''
         set protocol ICMP
         set helper auto
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set icmptype 15
         unset icmpcode
     next
     edit "INFO_ADDRESS"
+        set uuid 9729a84e-c0f9-51f0-a094-77e24c799462
         set proxy disable
         set category ''
         set protocol ICMP
         set helper auto
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set icmptype 17
         unset icmpcode
     next
     edit "ONC-RPC"
+        set uuid 9729aba0-c0f9-51f0-6976-c784c63bd6e7
         set proxy disable
         set category "Remote Access"
         set protocol TCP/UDP/SCTP
@@ -47131,7 +69173,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47146,6 +69187,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "PPTP"
+        set uuid 9729afec-c0f9-51f0-27ae-52d05e5a58cd
         set proxy disable
         set category "Tunneling"
         set protocol TCP/UDP/SCTP
@@ -47153,7 +69195,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47168,6 +69209,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "QUAKE"
+        set uuid 9729b460-c0f9-51f0-00fb-dced14d16243
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -47175,7 +69217,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47190,6 +69231,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "RAUDIO"
+        set uuid 9729b73a-c0f9-51f0-70f0-71e9337ebd15
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -47197,7 +69239,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47212,6 +69253,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "REXEC"
+        set uuid 9729ba00-c0f9-51f0-7ef9-85ef644d05be
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -47219,7 +69261,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47234,6 +69275,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "RIP"
+        set uuid 9729bcc6-c0f9-51f0-26b5-cd6b8518f36c
         set proxy disable
         set category "Network Services"
         set protocol TCP/UDP/SCTP
@@ -47241,7 +69283,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47256,6 +69297,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "RLOGIN"
+        set uuid 9729c022-c0f9-51f0-c5c2-e2b3376f38a4
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -47263,7 +69305,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47278,6 +69319,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "RSH"
+        set uuid 9729c2e8-c0f9-51f0-401f-7f07423d12f0
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -47285,7 +69327,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47300,6 +69341,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "SCCP"
+        set uuid 9729c5b8-c0f9-51f0-fd9b-c592e61731c6
         set proxy disable
         set category "VoIP, Messaging & Other Applications"
         set protocol TCP/UDP/SCTP
@@ -47307,7 +69349,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47322,6 +69363,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "SIP"
+        set uuid 9729c914-c0f9-51f0-7d6f-33a77cfba02d
         set proxy disable
         set category "VoIP, Messaging & Other Applications"
         set protocol TCP/UDP/SCTP
@@ -47329,7 +69371,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47344,6 +69385,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "SIP-MSNmessenger"
+        set uuid 9729ccc0-c0f9-51f0-9158-f78f3a3ff200
         set proxy disable
         set category "VoIP, Messaging & Other Applications"
         set protocol TCP/UDP/SCTP
@@ -47351,7 +69393,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47366,6 +69407,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "SNMP"
+        set uuid 9729d01c-c0f9-51f0-5fda-4273ce13798a
         set proxy disable
         set category "Network Services"
         set protocol TCP/UDP/SCTP
@@ -47373,7 +69415,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47388,6 +69429,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "SSH"
+        set uuid 9729d3c8-c0f9-51f0-9db4-42a5aae40edb
         set proxy disable
         set category "Remote Access"
         set protocol TCP/UDP/SCTP
@@ -47395,7 +69437,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47410,6 +69451,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "SYSLOG"
+        set uuid 9729d71a-c0f9-51f0-4a2d-b7e4a1614314
         set proxy disable
         set category "Network Services"
         set protocol TCP/UDP/SCTP
@@ -47417,7 +69459,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47432,6 +69473,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TALK"
+        set uuid 9729da62-c0f9-51f0-a043-8247b39e307a
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -47439,7 +69481,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47454,6 +69495,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TELNET"
+        set uuid 9729dd46-c0f9-51f0-7d33-23942885497f
         set proxy disable
         set category "Remote Access"
         set protocol TCP/UDP/SCTP
@@ -47461,7 +69503,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47476,6 +69517,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TFTP"
+        set uuid 9729e08e-c0f9-51f0-6b1a-88a02668cddd
         set proxy disable
         set category "File Access"
         set protocol TCP/UDP/SCTP
@@ -47483,7 +69525,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47498,6 +69539,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "MGCP"
+        set uuid 9729e48a-c0f9-51f0-1030-e0d1ddc4a6cc
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -47505,7 +69547,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47520,6 +69561,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "UUCP"
+        set uuid 9729e76e-c0f9-51f0-0335-8cd99d8f11bc
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -47527,7 +69569,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47542,6 +69583,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "VDOLIVE"
+        set uuid 9729ea34-c0f9-51f0-0c1c-6cf868ecd83b
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -47549,7 +69591,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47564,6 +69605,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "WAIS"
+        set uuid 9729ed04-c0f9-51f0-5525-1f4fb68f8b32
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -47571,7 +69613,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47586,6 +69627,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "WINFRAME"
+        set uuid 9729efc0-c0f9-51f0-bab3-31175ceff85f
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -47593,7 +69635,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47608,6 +69649,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "X-WINDOWS"
+        set uuid 9729f286-c0f9-51f0-8c57-a81d2fd95477
         set proxy disable
         set category "Remote Access"
         set protocol TCP/UDP/SCTP
@@ -47615,7 +69657,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47630,18 +69671,19 @@ config firewall service custom
         set session-ttl 0
     next
     edit "PING6"
+        set uuid 9729f5e2-c0f9-51f0-6c64-735b0ec2a431
         set proxy disable
         set category ''
         set protocol ICMP6
         set helper auto
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set icmptype 128
         unset icmpcode
     next
     edit "MS-SQL"
+        set uuid 9729f93e-c0f9-51f0-31d0-27b547db006b
         set proxy disable
         set category "VoIP, Messaging & Other Applications"
         set protocol TCP/UDP/SCTP
@@ -47649,7 +69691,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47664,6 +69705,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "MYSQL"
+        set uuid 9729fcae-c0f9-51f0-dca4-ffaa9c41c5a8
         set proxy disable
         set category "VoIP, Messaging & Other Applications"
         set protocol TCP/UDP/SCTP
@@ -47671,7 +69713,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47686,6 +69727,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "RDP"
+        set uuid 972a0000-c0f9-51f0-abf4-103d85fd4b14
         set proxy disable
         set category "Remote Access"
         set protocol TCP/UDP/SCTP
@@ -47693,7 +69735,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47708,6 +69749,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "VNC"
+        set uuid 972a0352-c0f9-51f0-7787-578f2bf96a54
         set proxy disable
         set category "Remote Access"
         set protocol TCP/UDP/SCTP
@@ -47715,7 +69757,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47730,6 +69771,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "DHCP6"
+        set uuid 972a069a-c0f9-51f0-0cc8-12315d677e0a
         set proxy disable
         set category "Network Services"
         set protocol TCP/UDP/SCTP
@@ -47737,7 +69779,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47752,6 +69793,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "SQUID"
+        set uuid 972a09ec-c0f9-51f0-4c4b-c48974e31d52
         set proxy disable
         set category "Tunneling"
         set protocol TCP/UDP/SCTP
@@ -47759,7 +69801,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47774,6 +69815,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "SOCKS"
+        set uuid 972a0d3e-c0f9-51f0-b05c-b2f46420bf9e
         set proxy disable
         set category "Tunneling"
         set protocol TCP/UDP/SCTP
@@ -47781,7 +69823,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47796,6 +69837,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "WINS"
+        set uuid 972a10e0-c0f9-51f0-2868-14b36408e24f
         set proxy disable
         set category "Remote Access"
         set protocol TCP/UDP/SCTP
@@ -47803,7 +69845,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47818,6 +69859,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "RADIUS"
+        set uuid 972a146e-c0f9-51f0-9852-37a54d294c9c
         set proxy disable
         set category "Authentication"
         set protocol TCP/UDP/SCTP
@@ -47825,7 +69867,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47840,6 +69881,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "RADIUS-OLD"
+        set uuid 972a1a18-c0f9-51f0-4347-ea7679e73a2e
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -47847,7 +69889,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47862,6 +69903,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "CVSPSERVER"
+        set uuid 972a1d4c-c0f9-51f0-99ee-1c2d3c0dd72a
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -47869,7 +69911,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47884,6 +69925,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "AFS3"
+        set uuid 972a2058-c0f9-51f0-fa85-a4f997081959
         set proxy disable
         set category "File Access"
         set protocol TCP/UDP/SCTP
@@ -47891,7 +69933,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47906,6 +69947,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TRACEROUTE"
+        set uuid 972a2436-c0f9-51f0-e1dc-ed1acfb602db
         set proxy disable
         set category "Network Services"
         set protocol TCP/UDP/SCTP
@@ -47913,7 +69955,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47928,6 +69969,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "RTSP"
+        set uuid 972a2792-c0f9-51f0-a82c-851ba0355ed3
         set proxy disable
         set category "VoIP, Messaging & Other Applications"
         set protocol TCP/UDP/SCTP
@@ -47935,7 +69977,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47950,6 +69991,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "MMS"
+        set uuid 972a2b48-c0f9-51f0-b9fb-6c573cd3c331
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -47957,7 +69999,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47972,6 +70013,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "NONE"
+        set uuid 972a2e5e-c0f9-51f0-adb4-38b92a71f785
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -47979,7 +70021,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility disable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -47994,13 +70035,13 @@ config firewall service custom
         set session-ttl 0
     next
     edit "webproxy"
+        set uuid 8b9135d8-c0f9-51f0-d1cd-95a7ff5b53e3
         set proxy enable
         set category "Web Proxy"
         set protocol ALL
         set helper auto
         set comment ''
         set color 0
-        set visibility enable
         set app-service-type disable
         set fabric-object disable
         set iprange 0.0.0.0
@@ -48008,6 +70049,7 @@ config firewall service custom
         set tcp-portrange 0-65535:0-65535
     next
     edit "TCP-109"
+        set uuid 972a378c-c0f9-51f0-3537-9523868f3883
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48015,7 +70057,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48030,6 +70071,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-1433"
+        set uuid 972a3a7a-c0f9-51f0-fd27-c9aef915db26
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48037,7 +70079,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48052,6 +70093,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-15000-19999"
+        set uuid 972a3d40-c0f9-51f0-d1a3-3121583f0c81
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48059,7 +70101,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48074,6 +70115,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-1521"
+        set uuid 972a4010-c0f9-51f0-746f-a4cdf8eeb6e0
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48081,7 +70123,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48096,6 +70137,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-1859"
+        set uuid 972a42f4-c0f9-51f0-ba53-4ac9c6e0fb96
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48103,7 +70145,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48118,6 +70159,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-1935"
+        set uuid 972a45b0-c0f9-51f0-409e-1cc33a91025f
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48125,7 +70167,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48140,6 +70181,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-20"
+        set uuid 972a4880-c0f9-51f0-d267-5a270cb96bb3
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48147,7 +70189,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48162,6 +70203,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-2195"
+        set uuid 972a4b46-c0f9-51f0-cf55-cc30de167e90
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48169,7 +70211,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48184,6 +70225,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-2196"
+        set uuid 972a4e02-c0f9-51f0-dcf0-609984c81e6e
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48191,7 +70233,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48206,6 +70247,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-2525"
+        set uuid 972a53c0-c0f9-51f0-aac9-9c86077de422
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48213,7 +70255,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48228,6 +70269,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-3268"
+        set uuid 972a56cc-c0f9-51f0-7f93-3397bae8ba00
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48235,7 +70277,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48250,6 +70291,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-3269"
+        set uuid 972a5992-c0f9-51f0-4000-b522aad58531
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48257,7 +70299,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48272,6 +70313,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-3520"
+        set uuid 972a5c4e-c0f9-51f0-ee61-1f4631121922
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48279,7 +70321,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48294,6 +70335,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-389"
+        set uuid 972a5f0a-c0f9-51f0-9397-ec1d3ba651fc
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48301,7 +70343,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48316,6 +70357,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-49152-65535"
+        set uuid 972a61d0-c0f9-51f0-d0e1-c3ab92f413a5
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48323,7 +70365,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48338,6 +70379,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-5001"
+        set uuid 972a64a0-c0f9-51f0-328d-ca270a17b2ee
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48345,7 +70387,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48360,6 +70401,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-5060"
+        set uuid 972a6770-c0f9-51f0-87cf-7b9033989776
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48367,7 +70409,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48382,6 +70423,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-5061"
+        set uuid 972a6a2c-c0f9-51f0-085e-b499d4d1045d
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48389,7 +70431,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48404,6 +70445,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-5120"
+        set uuid 972a6ce8-c0f9-51f0-9fe9-5801089074c7
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48411,7 +70453,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48426,6 +70467,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-5122-5127"
+        set uuid 972a6fae-c0f9-51f0-bcf9-4f0876ded88d
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48433,7 +70475,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48448,6 +70489,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-587"
+        set uuid 972a7274-c0f9-51f0-5ee7-c40ee260bf8a
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48455,7 +70497,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48470,6 +70511,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-5901"
+        set uuid 972a7544-c0f9-51f0-ad70-e37f6dea30c8
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48477,7 +70519,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48492,6 +70533,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-5937"
+        set uuid 972a7800-c0f9-51f0-955a-1d7c8de0cc60
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48499,7 +70541,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48514,6 +70555,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-623"
+        set uuid 972a7abc-c0f9-51f0-b4c7-6b3ddb2ce9e6
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48521,7 +70563,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48536,6 +70577,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-636"
+        set uuid 972a7d78-c0f9-51f0-3333-f6d5de214994
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48543,7 +70585,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48558,6 +70599,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-6502-6510"
+        set uuid 972a80f2-c0f9-51f0-cf30-594e9f8cd65f
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48565,7 +70607,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48580,6 +70621,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-7578"
+        set uuid 972a85ca-c0f9-51f0-21ae-3b833e2b1986
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48587,7 +70629,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48602,6 +70643,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-7582"
+        set uuid 972a8890-c0f9-51f0-b870-23b6032ff3db
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48609,7 +70651,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48624,6 +70665,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-8000"
+        set uuid 972a8b4c-c0f9-51f0-329d-98f339a69825
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48631,7 +70673,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48646,6 +70687,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-8080"
+        set uuid 972a8e08-c0f9-51f0-7321-9a2971d1b536
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48653,7 +70695,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48668,6 +70709,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-8082"
+        set uuid 972a90ba-c0f9-51f0-24b4-0f33f025afe0
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48675,7 +70717,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48690,6 +70731,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-809"
+        set uuid 972a9376-c0f9-51f0-2ec7-b1787fa9fd83
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48697,7 +70739,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48712,6 +70753,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "UDP-110"
+        set uuid 972a963c-c0f9-51f0-3c7c-fefa97084291
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48719,7 +70761,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48734,6 +70775,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "UDP-143"
+        set uuid 972a98f8-c0f9-51f0-7c83-42e32788bb79
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48741,7 +70783,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48756,6 +70797,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "UDP-1433"
+        set uuid 972a9baa-c0f9-51f0-7d3d-000d6e127164
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48763,7 +70805,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48778,6 +70819,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "UDP-25"
+        set uuid 972a9e66-c0f9-51f0-785e-e4b5dab8e168
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48785,7 +70827,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48800,6 +70841,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "UDP-2525"
+        set uuid 972aa122-c0f9-51f0-4901-28053c72430c
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48807,7 +70849,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48822,6 +70863,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "UDP-3389"
+        set uuid 972aa3e8-c0f9-51f0-1741-b18a9474d49f
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48829,7 +70871,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48844,6 +70885,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "UDP-3478"
+        set uuid 972aa6a4-c0f9-51f0-66cd-ed496218e05f
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48851,7 +70893,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48866,6 +70907,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "UDP-443"
+        set uuid 972aa956-c0f9-51f0-9a28-278113f638de
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48873,7 +70915,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48888,6 +70929,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "UDP-465"
+        set uuid 972aac12-c0f9-51f0-803b-b40258c82ed4
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48895,7 +70937,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48910,6 +70951,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "UDP-50000-52399"
+        set uuid 972aaed8-c0f9-51f0-69df-ca544c22612e
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48917,7 +70959,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48932,6 +70973,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "UDP-5001"
+        set uuid 972ab1b2-c0f9-51f0-c4a0-6efcf6b07096
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48939,7 +70981,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48954,6 +70995,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "UDP-587"
+        set uuid 972ab46e-c0f9-51f0-d206-8c9ef784b22f
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48961,7 +71003,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48976,6 +71017,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "UDP-60000-61799"
+        set uuid 972ab72a-c0f9-51f0-be27-18002b4eebd2
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -48983,7 +71025,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -48998,6 +71039,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "UDP-623"
+        set uuid 972ab9e6-c0f9-51f0-f6b8-4b6a21195f75
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -49005,7 +71047,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -49020,6 +71061,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "UDP-80"
+        set uuid 972abca2-c0f9-51f0-1e7e-a42eea6a8b9f
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -49027,7 +71069,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -49042,6 +71083,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "UDP-993"
+        set uuid 972abf68-c0f9-51f0-4b10-3b3803ac7774
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -49049,7 +71091,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -49064,6 +71105,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "UDP-995"
+        set uuid 972ac224-c0f9-51f0-021e-a6d8f3aaaaeb
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -49071,7 +71113,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -49086,6 +71127,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "UDP-SRC-1025-65535-DST-3544"
+        set uuid 972ac4e0-c0f9-51f0-4bd3-ccc8d38e4a23
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -49093,7 +71135,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -49108,6 +71149,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "UDP-SRC-3544-DST-1025-65535"
+        set uuid 972ac7b0-c0f9-51f0-2ab1-69ccfbc830f2
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -49115,7 +71157,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -49130,39 +71171,40 @@ config firewall service custom
         set session-ttl 0
     next
     edit "IP-27"
+        set uuid 972aca80-c0f9-51f0-f101-e5e6ef1aa4c1
         set proxy disable
         set category ''
         set protocol IP
         set helper auto
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set protocol-number 27
     next
     edit "IP-4"
+        set uuid 972acd8c-c0f9-51f0-66f3-71905fdca849
         set proxy disable
         set category ''
         set protocol IP
         set helper auto
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set protocol-number 4
     next
     edit "IP-41"
+        set uuid 972ad084-c0f9-51f0-fbf6-2f0a0bcd1186
         set proxy disable
         set category ''
         set protocol IP
         set helper auto
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set protocol-number 41
     next
     edit "Webosphere_Data"
+        set uuid 972ad372-c0f9-51f0-7c6b-79a0cce0bf1a
         set proxy disable
         set category "File Access"
         set protocol TCP/UDP/SCTP
@@ -49170,7 +71212,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -49185,6 +71226,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-9000-9100"
+        set uuid 972ad6f6-c0f9-51f0-c619-05f76af3472b
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -49192,7 +71234,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -49207,6 +71248,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP_UDP-18443"
+        set uuid 972ad9bc-c0f9-51f0-0dcd-46f300c70a6c
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -49214,7 +71256,6 @@ config firewall service custom
         set check-reset-range default
         set comment "VDI desktop"
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -49229,6 +71270,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-19000"
+        set uuid 972adf0c-c0f9-51f0-912f-ab857dd3d4e4
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -49236,7 +71278,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -49251,6 +71292,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP_UDP-8100"
+        set uuid 972ae20e-c0f9-51f0-d629-253eaeceefc9
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -49258,7 +71300,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -49273,6 +71314,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP 5500"
+        set uuid 972ae51a-c0f9-51f0-f906-1302ec900867
         set proxy disable
         set category "General"
         set protocol TCP/UDP/SCTP
@@ -49280,7 +71322,6 @@ config firewall service custom
         set check-reset-range default
         set comment "SPD Genetec Federation"
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -49295,6 +71336,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP 4502"
+        set uuid 972ae8f8-c0f9-51f0-ffea-60a748a30c71
         set proxy disable
         set category "General"
         set protocol TCP/UDP/SCTP
@@ -49302,7 +71344,6 @@ config firewall service custom
         set check-reset-range default
         set comment "SPD Genetec Federation"
         set color 2
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -49317,6 +71358,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "Genetec Federation"
+        set uuid 972aed1c-c0f9-51f0-f887-a49f143eea87
         set proxy disable
         set category "Network Services"
         set protocol TCP/UDP/SCTP
@@ -49324,7 +71366,6 @@ config firewall service custom
         set check-reset-range default
         set comment "SPD Genetec Federation"
         set color 2
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -49339,6 +71380,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "SBC-UDP-Range"
+        set uuid 972af14a-c0f9-51f0-acf9-ba2d4f490d97
         set proxy disable
         set category "Network Services"
         set protocol TCP/UDP/SCTP
@@ -49346,7 +71388,6 @@ config firewall service custom
         set check-reset-range default
         set comment "For SBC"
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -49361,6 +71402,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "Zoom UDP Ports"
+        set uuid 972af53c-c0f9-51f0-7b95-b1b913361a98
         set proxy disable
         set category "VoIP, Messaging & Other Applications"
         set protocol TCP/UDP/SCTP
@@ -49368,7 +71410,6 @@ config firewall service custom
         set check-reset-range default
         set comment "Firewall rules for Zoom Phone"
         set color 2
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn "static.zdassets.com"
@@ -49383,6 +71424,7 @@ config firewall service custom
         set session-ttl 0
     next
     edit "TCP-8443"
+        set uuid 972afabe-c0f9-51f0-f4bb-ab64782dfb5a
         set proxy disable
         set category ''
         set protocol TCP/UDP/SCTP
@@ -49390,7 +71432,6 @@ config firewall service custom
         set check-reset-range default
         set comment ''
         set color 0
-        set visibility enable
         set fabric-object disable
         set iprange 0.0.0.0
         set fqdn ''
@@ -49407,6 +71448,7 @@ config firewall service custom
 end
 config firewall service group
     edit "Email Access"
+        set uuid 8b914758-c0f9-51f0-52c0-babc82ab9266
         set proxy disable
         set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
         set comment ''
@@ -49414,6 +71456,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "Web Access"
+        set uuid 8b914e24-c0f9-51f0-7360-bed56767670e
         set proxy disable
         set member "DNS" "HTTP" "HTTPS"
         set comment ''
@@ -49421,6 +71464,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "Windows AD"
+        set uuid 8b9151d0-c0f9-51f0-fc02-f826fec7145c
         set proxy disable
         set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
         set comment ''
@@ -49428,6 +71472,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "Exchange Server"
+        set uuid 8b915770-c0f9-51f0-16d4-bece05b54b62
         set proxy disable
         set member "DCE-RPC" "DNS" "HTTPS"
         set comment ''
@@ -49435,6 +71480,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "ContentKeeper-IPMI-Ports_tcp_3520_2"
+        set uuid 972b1ab2-c0f9-51f0-0b0b-44d200e4e51c
         set proxy disable
         set member "TCP-3520"
         set comment ''
@@ -49442,6 +71488,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "ContentKeeper-IPMI-Ports_tcp_5120_3"
+        set uuid 972b2052-c0f9-51f0-1e2d-359707094f02
         set proxy disable
         set member "TCP-5120"
         set comment ''
@@ -49449,6 +71496,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "ContentKeeper-IPMI-Ports_tcp_5122_5127_4"
+        set uuid 972b252a-c0f9-51f0-f9ce-322ea5dd346c
         set proxy disable
         set member "TCP-5122-5127"
         set comment ''
@@ -49456,6 +71504,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "ContentKeeper-IPMI-Ports_tcp_5900_5"
+        set uuid 972b2a66-c0f9-51f0-d85b-8f3320a9456f
         set proxy disable
         set member "VNC"
         set comment ''
@@ -49463,6 +71512,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "ContentKeeper-IPMI-Ports_tcp_5901_6"
+        set uuid 972b2f16-c0f9-51f0-3d26-d905a15b86bb
         set proxy disable
         set member "TCP-5901"
         set comment ''
@@ -49470,6 +71520,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "ContentKeeper-IPMI-Ports_tcp_623_7"
+        set uuid 972b3434-c0f9-51f0-1e48-8e2043be56bb
         set proxy disable
         set member "TCP-623"
         set comment ''
@@ -49477,6 +71528,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "ContentKeeper-IPMI-Ports_tcp_7578_8"
+        set uuid 972b38ee-c0f9-51f0-a76a-a67b4328d361
         set proxy disable
         set member "TCP-7578"
         set comment ''
@@ -49484,6 +71536,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "ContentKeeper-IPMI-Ports_tcp_7582_9"
+        set uuid 972b3e16-c0f9-51f0-981b-e187be493da3
         set proxy disable
         set member "TCP-7582"
         set comment ''
@@ -49491,6 +71544,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "ContentKeeper-IPMI-Ports_tcp_www_10"
+        set uuid 972b42d0-c0f9-51f0-5f5f-c6e93ba521e2
         set proxy disable
         set member "HTTP"
         set comment ''
@@ -49498,6 +71552,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "ContentKeeper-Mobility_tcp_8080_2"
+        set uuid 972b4870-c0f9-51f0-b7e7-f41721f87707
         set proxy disable
         set member "TCP-8080"
         set comment ''
@@ -49505,6 +71560,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "ContentKeeper-Mobility_tcp_993_3"
+        set uuid 972b4d34-c0f9-51f0-7519-620883966390
         set proxy disable
         set member "IMAPS"
         set comment ''
@@ -49512,6 +71568,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "ContentKeeper_UDP_4500"
+        set uuid 972b5252-c0f9-51f0-e936-7b7f2d409865
         set proxy disable
         set member "IKE"
         set comment ''
@@ -49519,6 +71576,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "ContentKeeper_UDP_500"
+        set uuid 972b5856-c0f9-51f0-3b31-4e7ce2439bc5
         set proxy disable
         set member "IKE"
         set comment ''
@@ -49526,6 +71584,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "Day-Server_tcp_6502_6510_2"
+        set uuid 972b5f5e-c0f9-51f0-fcbf-2f4b58364da5
         set proxy disable
         set member "TCP-6502-6510"
         set comment ''
@@ -49533,6 +71592,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "Oracle-SQL_tcp_sqlnet_2"
+        set uuid 972b640e-c0f9-51f0-2e1e-875e5246770a
         set proxy disable
         set member "TCP-1521"
         set comment ''
@@ -49540,6 +71600,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "POP-2"
+        set uuid 972b6936-c0f9-51f0-8350-ac5e199e2154
         set proxy disable
         set member "TCP-109"
         set comment ''
@@ -49547,6 +71608,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "POP-3"
+        set uuid 972b6dd2-c0f9-51f0-1e48-c9bb439f1548
         set proxy disable
         set member "POP3"
         set comment ''
@@ -49554,6 +71616,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "ContentKeeper-IPMI-Ports_tcp_https_11"
+        set uuid 972b72e6-c0f9-51f0-245f-ff5c0f937dd3
         set proxy disable
         set member "HTTPS"
         set comment ''
@@ -49561,6 +71624,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "ContentKeeper-MGMT-Ports_tcp_https_2"
+        set uuid 972b77a0-c0f9-51f0-b1e6-a449f91c984d
         set proxy disable
         set member "HTTPS"
         set comment ''
@@ -49568,6 +71632,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "ContentKeeper-MGMT-Ports_tcp_ssh_3"
+        set uuid 972b7cc8-c0f9-51f0-2029-2ad0400c671d
         set proxy disable
         set member "SSH"
         set comment ''
@@ -49575,6 +71640,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "ContentKeeper-Mobility_tcp_https_4"
+        set uuid 972b816e-c0f9-51f0-a262-73ac5a91666f
         set proxy disable
         set member "HTTPS"
         set comment ''
@@ -49582,6 +71648,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "Airwatch_Services_Group"
+        set uuid 972b86a0-c0f9-51f0-02fb-bde8300aeecc
         set proxy disable
         set member "HTTP" "HTTPS" "Internet-Locator-Service" "SMTP" "SMTPS" "TCP-1433" "TCP-2195" "TCP-2196" "TCP-3268" "TCP-3269" "TCP-636"
         set comment "Air watch service group"
@@ -49589,6 +71656,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "ContentKeeper-IPMI-Ports"
+        set uuid 972b91c2-c0f9-51f0-be4d-244743b304d5
         set proxy disable
         set member "ContentKeeper-IPMI-Ports_tcp_3520_2" "ContentKeeper-IPMI-Ports_tcp_5120_3" "ContentKeeper-IPMI-Ports_tcp_5122_5127_4" "ContentKeeper-IPMI-Ports_tcp_5900_5" "ContentKeeper-IPMI-Ports_tcp_5901_6" "ContentKeeper-IPMI-Ports_tcp_623_7" "ContentKeeper-IPMI-Ports_tcp_7578_8" "ContentKeeper-IPMI-Ports_tcp_7582_9" "ContentKeeper-IPMI-Ports_tcp_www_10" "ContentKeeper-IPMI-Ports_tcp_https_11"
         set comment "Content Keeper IPMI Ports"
@@ -49596,6 +71664,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "Email_Services_Group"
+        set uuid 972b9cf8-c0f9-51f0-9bb4-a69dca943aea
         set proxy disable
         set member "HTTP" "HTTPS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS" "TCP-2525" "TCP-587" "UDP-110" "UDP-143" "UDP-25" "UDP-2525" "UDP-465" "UDP-587" "UDP-993" "UDP-995"
         set comment ''
@@ -49603,6 +71672,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "CK_Mobile_Services_Group"
+        set uuid 972baad6-c0f9-51f0-aa90-bcaa4cebc6d6
         set proxy disable
         set member "HTTPS" "IMAPS" "TCP-8080" "IKE"
         set comment ''
@@ -49610,6 +71680,7 @@ config firewall service group
         set fabric-object disable
     next
     edit "CK_Support_Services_Group"
+        set uuid 972bb09e-c0f9-51f0-2d26-0ee9881a390e
         set proxy disable
         set member "HTTP" "HTTPS" "SSH" "TCP-3520" "TCP-5120" "TCP-5122-5127" "TCP-5901" "TCP-623" "TCP-7578" "TCP-7582" "VNC"
         set comment ''
@@ -49635,6 +71706,8 @@ config firewall internet-service-custom
 end
 config firewall internet-service-custom-group
 end
+config firewall network-service-dynamic
+end
 config system external-resource
 end
 config vpn certificate ca
@@ -49694,6 +71767,16 @@ config vpn certificate local
         set ike-localid-type asn1dn
         set enroll-protocol none
     next
+    edit "Fortinet_GUI_Server"
+        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
     edit "Fortinet_SSL_RSA1024"
         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
         unset private-key
@@ -49795,37 +71878,37 @@ config vpn certificate local
         set enroll-protocol none
     next
     edit "Star Cert Expire 4-24"
-        set password ENC pCJXFAQzuU8C+LY39AG8BfA8KI1FnHMT8bk16R8z3GBZ5QrRxam6chfqViGYoy2/eSFDuvA8d0vmMuEWENNJZVk+m0enb9w8maVOYDOKDX/ro28+HetUV2zIJYm7Oaklbi1Zwrw2P5BmUPPqLkH5PMd+fEhEno9L2ZiLr5wU2BFvsCZUVvIkqdKB6KxGt9063ofnUA==
+        set password ENC SNZ9sCI2Fi/QH54ZSd/LhDJ2n3VovH/7IsaU7QNVEmd8woqafYNiYd+fFHkEOffnvhTm9KWbs3ZcS6I2YWVCzTpsbTgmr7dxVkvhJAOO+6O9gg+b5GI3xEKsYJ+Shh4yoojXQbUPT306/VMSa0GdKeiDup/G8dVrAUJV1TmM4T3FCyeXJ/RTzwhGJgS0PeFW2dP4TllmMjY3dkVA
         set comments ''
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIE8TDWvxJetkCAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECK3vGb5/rdxtBIIEyP5f25XlN7ue
-MWIzFY2xmQmBlhksc2nBLalNGvy9QRKDtFULPTZJMLS5jta1cs81HhGNlQqS5SWf
-o11qE9kC9r4qM7LaeUJDrEbpK2MCJQfrUNmzmGg37w104EfXuTYPLp4BE1Qg9INR
-qwOy3nDzJeYztzlIFzHLIz+Al1M4TPTHLfA9GeC4kx/hU4hAUwhW5gLHblbTh7WI
-62kxaXqlwqmo2ZdP2yTfhhCmXTgmUFkA+cj/A56X1tzocCh4OYPLNoP5mDKjpw8/
-lUgXMK7j5pVqUBOQ7hikCb6r3/Bcj1ezkdVwdgqzGCJtYjlseuIDePOLFos0Ah8e
-FbXQnz42JvWf9HiUv2F0hNFL/vSaBpDSOr40ZpLaCyZdVclFgHD/YnIGNiADEky9
-2MFPP1eqap5IRO3geYyNTWVNxVPgDmZDM2yn8+MIGpuXZSL57TMAknYeJnSOCc0F
-t5JJBfQUi/b+AnkxhtCZ4rY/YCCdeSVPfYznSPTmK6+FsbqOjKIyeCJYj1T7rTv+
-R4M63rXj50/WaY/OA74XJF3M5rUNsS2hBh7Ct1yObZ0u7VPpr0LD17D9BW7fYkuB
-BojDsO7yBFkSQxWK36jhu/z88Hn6bQc8hVmfHJ9i9esKEfrQCLsfTS8jvFLQ/QaB
-hzbmGf25SzG03wDVTWKVceU2f8HYhzltW2kTJ3I0d1G2aqKDVaonPx9o4Wv3qDo2
-6rn6U8ARoIsC1DCTUFmbA9g2tc0vrWD185YDHW4qN1OuxjK5JydEzCdnPVHV8ySj
-/XOb0Dzz/FaeC+xyTpE298JxCo5o45dfWIRbhb9sSrc0kRGJgDsTxVnHepEjRU6e
-uOiWgZWTnnlE3YBzznI05xxydIJS7B0FE1ZnDc17VkEmBJVIF4C5UY45Ghiy4Wj3
-0d+LV1c3ee+O6kgfNHKr3VxYDs8aHBZyBZeR0An6VfiGaNmYMRfhz/9DND8rn65V
-v2kLx7raMnfIVE/QwnhWE/LYub4JPfpWA8WTgMeBcnhbA0QBnU65DsDJMv4cm5VW
-49ttqJPsdTxEk36lcz+0GWtuwjk2AYVe+WdRcONnULuDsPetIPr5IVr8t8WrTXHD
-/eAh+RW/Iz7Z8S52+a/yR5EEuJlOm8s+At9hF+9a8S7OhGLrSqyS7HwUKtrMJ2Yj
-PfVCqtNNeSJMcRnMtOX1gg3G9W0Fx3bLHzKLg6OMmyNZbHctotwF14yA/2c2VQNo
-FocMy/JIqQmbiptX6QwFaz88P477OaqU2SDJxcfPnMc4DO7qvAKIuSvwozSg5ShR
-lgFuZsDLDek6nXVIoEn0px8/39OdSF9XQ3FYvyrHUVYxIdnOn8EUEx1KreDxCdEy
-JP//1vQyeiYxzm8Qe8sPbn7t937CmkGHvSvqIBAjJfM/04zipCgxUFJ2ySl7dxKm
-9Qx4RWczAjO+8TVgZSq+VmBfjNnIz5yr/dyoQQH7AOFSfYTKgXOr3VMANZddiPbJ
-UuA3bSy8VuM3lIMDZ/N9y1vevOCSsc+M03ycye8gv+bc9WXgdCVeWZjDlahKgiEr
-Fv7rynx8j7UPhlEv+FDeZEYrGB3PLDGwHCLJnIPo7RVECPUcr/GRTnqhq033J9cv
-nkFSgs7gwgquzEx3p4nUFQ==
+MIIFJDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQrW8Cu2WOMJju03Pw
+XBHkdwICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIQ8E9kZGG7twEggTI
+EJTnPCn74e59JlaCYk+OKpZtyqaDQcIqeOOb3HCCyxI1HNp/EvIONwOEjgzGwyC7
+tKe0rc0xlZRv0FNMc/MecSSE0AaIA05WKTi+10c9NBHZNgzeR4eFMiPoRNfeU98r
+vUsjZq+/EG1m/mhvvI7QPOGIbbj7Ol6vL6i6tbWAaEq99RFft3ZpOVC4ZsHi3fwI
+YVz1r/bwR5iujv+xxSkqYM1wbCrofh1qlifJWy+gpeir9FTP2jhBf22sJHYYXPXp
+iDPM5/ebADdkQKduXlWbUnyvpJ4/1i7WrSndAVsPzcpk3LVsaEtox5l7HZr5wSnO
+6RaogmMqlj1bLH4SILt6CMkhDiRpfVFfnyr+hRJqEVpjvS+O6cxzoX6AIDF/jtda
+u33vC1cWDmBYqjyOFPGoynu8/EF2C+TWn9OQ3lKwCVlzUzWXOLtV6cH2KkrgYvUg
+QN0ShPa90z9mvh3rbmfX6GUcRQX5FbOXkx2FvNmWe/FsaQxeSyXIYu4EXXy1HPdr
+rni32Ebokkjyb71jWH28Sgjs/vmQEIuxawdzCH0lwksnmtAx4g2DzMJ5Xjl4Kv0+
+bz6kQGqMuXuVXJFFKO7M7C4ST/JEggN0s8ZFN4y+dyT9qev7t+TOxdqGD0X3fLR+
+WvfIxM5xbbeEZzni5Mx8+KrBwwoC7A2HCHQ3h/rzBo8eee8O/SovY7eGoxWJ/PQX
+qpV9Nr+59rmg8eJGcJdxEJ6hTVYXMxPrk14Tmb0+FjoUhBaEy2+D6Oko8R4PtG3f
+NnYemreq6f2PvnN6uDZCLAz8UuYDHfGLlO+jnfC38M1iLcfqoFEv5bKQNp34BqYI
+a5NAhGr3ve+XurDOfKr6+RfJvaSOFfzCoHLGuFdtHR/6SzaB6ehENJLfgP01cDVz
+lFq3WH3MpvfYmFaOuloxFSlxP7dv1K4Ewjb6soJAXAITCVFZpJETxEabkdeUd8x1
+XuTWdQyg0LK0+pw0PqOS9hHvlgcYb7u4bY3T7+rIuw0MYkJ8UWFuKytDKzBxx+Dz
+NqDaQbbBezoOHwtJAGlm14f/hDKn3FL/VMhMt2tD1DKO1aDgXNQBoFg8/VwF2u0o
+RShmdvKQ3pJT+1ElRCZbfsIOVKREAyLdRyEYOSqXEfjPYlRTaWjIcUNYuf+rFjTc
+F6Y5Xs/0vL4ismgfae6DiFh3azG4dJ0gmmWguRLF/H2vuUNPDCozUGsqJKAaWh48
+v/ftFyk9yabH1LCmu6cBN3kMVJeT4lfHV0kFfCBbHjJbBUp7gNdBUNNE3B4sncB8
+ySmfGGLSvP3sONjXCbKGfJGZrEjkYqnDPOW8g8N05ZS0PmzoT57HMmhosLKHk71s
+dXrZeBmHeUsGgwa4sXih50KiakcvJRJ6rDagiMUH9Wmx8u7u95ly/SuOt+QGX/pD
+r4oCyPP4GtWsSqHaetHM71b25Gi/8e7BVLs0dnYopZUw42kSx36RH64k2/S1VSJa
+iGJwiX13KRH3b4UgxoXCmYW8u6an9ed7DbH25Q9ze+PX6Oz3fQfhGfzPZTWBXNCP
+jQbWZXAUfNqT0xm4GHSTrsy5Wjf8OzC8xDyjcSdGAAQ+FnB/UWo8C89vgaoA1PlI
+R2Mvz/tbIvPPH5Z1TzfEpMKSPJBfaRJc
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
 MIIG3jCCBcagAwIBAgIQBkygNqmaAydvr/1eZIzsFjANBgkqhkiG9w0BAQsFADBZ
@@ -49873,37 +71956,37 @@ UrU6RSClqgz4I6f0rJZ21YK2JWlVSRuJoCVOpezPzqqP3g==
         set enroll-protocol none
     next
     edit "StartCert-Expire042025"
-        set password ENC zGfBD56Z3m7xTE7HzYfXzcnKdpDEqcW+viaWnsWJcC2c1VmgECtVw4f1n5aWQlaMPA848GAelwFA3d7s8Z3oqpg25gdvCEGt/38Q3A2gGYfilg3ujYdbvwcAUoyIHDQP/YQGiOb+Db2PKsIana7/Pti5wVGPfh6T/5Hj+PPUaxTYNvUGy4qrd3Cz92+1mv5mufmn5A==
+        set password ENC rgG2GFZPe2zWD47PRMQpesunq7jzpimUQZbRyMLFlVBswkNFWnWJ5IKb+zPdsik5aO9pPimtfXmis1JiHLblSPsHds6UHCJ1Xn58fHhY6flJ+7+06hdu0QVqp185YLrfNxAoVxmr6UA6FTxMyCB+89rdZBgmXXJsI2zBVHBobc47SCwnjFzv/1W/cOs5eykpCIP1bVlmMjY3dkVA
         set comments ''
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIn4HOn3tkmTECAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECKKPbYwj6BCEBIIEyOMN4dCreWhB
-DJ6s8cZLmaiADhbS7US3BEtICru1LsIr9rTVcX9KKtHw5oGnlh2DBIMuyRNngwiz
-OKgtV0rCSyQqmrXiKewfZtYdTjhmQynN/7DuQEpmSuZqTdF8HZ8sNpIFB4MuKuBf
-r/9DTN8CgbdYqgAM+7hQUYQFxLz6eUvrqS47gJ5lHTrr5LDmsQ4YkWi/eYZFblRt
-Xw0lsmCGwBLkaAW+WcPVBIM0k8WRNdJmkM11W0YRJPsp01B1rBeHKGwmd/ZXPtGL
-CPvF51k5Pzr8VlmWjtrBQA2u6Y3xTbz0NREJ82Ez02g6mI06LnbkQjxl9GdTfngy
-Vxz9ZJSi2PRD/HCb1zRSVbsKciWwKCeJuoFgc20e+2VjD+OjaYkCyecFstSgJcuM
-+zOMHuQlvTyNYQoly1vBggs4fzBvFrb5tRPofgw8PBBu4dQcV9NjQU81OYjuyfZu
-V7Fuoq8/JY39P2BRbnLjjnSoHlAEvR9LpW5U8xOK37QxBnivyu/XESBn/TPu/eQb
-5sSiXq12I2bi4hgqGZaXcGiC/ifQBZF/YaXANn0S/FktD3z/N0knIXKrG6M/moxB
-ckpxFlnHO3VX9dXjZK2g5Zgviq+DgkIkOy6spx9s4FovOXnS4M1vM86E8VMWUMS5
-YETd1UQlyUCiH4eShnv/UHOzPkJgZop7FESBc9t/OE9p6mtCK9yRQQdHGI/Zp3Tr
-RWlCnUQdOJ3MYO++AXnoJzG1NAPavoX9GLTbLNRErcPPPTSl10teoMhEppA1qAQ5
-0JfoJTuCqXo/HCfSe/wozujCR/aRI49tHBPUeg/fA/aigwARXcrG8NxufieiqcnR
-SiNUhOHATOF27aTqS8bSCdvIQad3RpNDDN02n/o97ZAHkBkB25Od3gl8dc08cev5
-6Qee/bsbPOKPPMSDtDMBe1i4OD2+yCLZBrfq6AZMow+nP+JD4mg0TeTHx2NIKtCW
-hIIx2BarAe38vWBZT+L3PyElcQMonGE09APenXWLxgTrmzFlBsSACVvQAiwEPjfd
-ec0SKwkBnGQVKP4n0kXarScnULdIAHLKXnk+K6STJMDPVp8OHkaMk7Ba4t+8kao5
-63PUqsfeF59/gjwpay/gKc3Z4aRuaKowRBe4Wb//bfc9+yCDv9yGyQVu8F5JnINH
-DSTNgH8LqOrqz4xNnThzWQ+b76vtrGArjUEUUnUygmdPUWCPtDdIBerYilCEb+lZ
-c5Z4HA9ar9jI6ndsoT1B/bDKmehFo+l9taaiZ/wjDQxbmexL8dr31fNlTsy4Iu5i
-i++XRuvlifNvp8cMaxTskBYm6r8roMjihNP7fWlsncC8Fqm3gz99iRFnTUu6eDMO
-hTOArolUAPmKI/xG0Q6sRKsEeI4GXaDkTk+iNxmptgQBxuzkeWE3XKuvpR//jUOd
-TSdX+zQU7/cT8WgGZukf0XsH2q99hR7+k1WQm5MySFqmTXgTW2BkxPLd7agSZ7l7
-GwaYAkndXB3bYQE8ek9xpstsFlQ2u4AwVUab2S2ao/enslpVy0irkMVzjDzmD1GD
-lRZfW2CvnpgRDrHFL45fUaaNl/kfAoe7bp+/64dL/46c7t2vVP4XygMGFLL5RJwi
-k1TQMOjKC/P3voxijGGwLA==
+MIIFJDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQd+hkzY6EOlqBPMOo
+K7fxzAICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIkBQleNz3CjAEggTI
+2Ro1/FdZZHvG+Aqf8ZcfcVEcPb6h2aS+S5WCKAEA0Mjseu6q9oMMF4sXzM07bt4F
+rBqePbkB3jhtF4LLjztAK6GdBO8PFJu6GJ6fCojC9S8UflIrFQtGgHYi9/ji7mEz
+wGCdq67xGHKQLhSwbLOh8d/N8Sfh1qtNe2DnNY2EA7AKWfXpGGyV5iknUpmShhqN
+E3pubhMZ17otWxZU/Xxl5uvQ0Pvvmq0xDZXgageuclAuA0r1jiPXFb5ylG6rRc6n
+KI0buBHBorILnhghT+8KJW3B1MyomIcJe9QvBQXxQMvqOyJYskYwVbbOKPvk41OP
+LD8tw4zpTcqxP6f04TNS/Qbz2fhG+ZPq2HbY0PZY3A0W+PAZHFJlSeF8E5g/DI/R
+AeQNb1fm2Syw4rHy5qKlH3L+SP/uvGq4ivAsZltQ9t+w0S87int7VU+X4fwDDe8o
+LS0p6f/GGlcp8AqrLa4/Hap3BD42CUFT2y/SWweEsysQG5OC3crE77lISBo8Mvu5
+q+rfNIDQjyQtVBISmgVo9wmpKrBH81cAK/atgwZZk7ST1bIoILQQ7rPq0y/JR1P6
+bjBYk/5NfKX0prniwyiBqQFEU4I9kcrsyLV2NlrURftVUqFaqdLNVxmwRty4aYzm
+wt13FDg0+2KPn/mjSYbg1gyEGx89HK8kKG0hnWkgxsybHB8QuiSu6nAqAbCiAuua
+V9+W0w2+AsD1dN6YVFwUrr4Ma1DpAtZtHRJ7ojAn8OUd/KoSXsqdoQLDUOuvPQn+
+uJ0rqESmyV+XW+1DZba+f8QDpFCue6TQv4I07WsBnegERLYs1TDVfYdhkpkfLzFc
+BoJSF8jbJW4QCZ5LingqEXkkcE3ruUpPS0ggqJyuPxXOQ/hwglavgSS7V8HdgHrV
+Wsm2ueg/ZWvNH9Jgpbd4Rckbe8VC62ssvkhG3rYVyrl0ePARoLNSSWb9R4QYLH1F
+ZJqa7n3TtlC8t7W1e86Rf5oLxyl3/3jOOsjMCGx76W8kkjxGfe7mSCC7DR31JC4M
+f1cKZfmqjjaKHvwDqYB/ZRd7QRHEgmxmtEJoOnNXbjIcyOLbVeodDrbkkDWnvkMb
+Qhp/bDUkhfR21of/k1N9j2WjHYDhOLKQb+YkmZ7i7bGVbaNCPDsOO0m9TtH4X1m8
+jMBg1ItMo68mcx+4XcIVnpl5JLsgH6+QBEZnbKMtNvp0k/7FZE9skdHFWLTfuLCo
+8o5vhuPcL6rhTqi9oV9GQlncSI8gd9o+oZJcS5TsIDnFh97fwyavZGdUjclhXVDV
+AGwh7Gubj+x7SXTpfgx3Pi4LC/6Q/gU8poFGnsGVtlrOLtk9rJIznJjdStXcf2H6
+6wZazfhDRgNJ3XuY9vCv1yEfvA/2sx12EafAFQLnu65CIkD1UeC4acXkfL5ZBdL1
+KoaRn8GuiOE/8EyhaspsP9QxREX3WKMtVv0CZEBkF6xZRcBp+QrE1uVAHcc4BBC3
+HUrhXCY7pdrvo0QJXmf5Mnv4Zft1OSEfGnnJhM2sXqG8SDXd4F/UG5WPe0v73u1n
+oYFqqRmOrmelFTQH89yn7JORI5gDioOwReGkkH/itWcd30+UhqeXn1QoSUJkMZYA
+GXWp9yagbcUsGEZVXdabsABYrfPy2yFK
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
 MIIG4jCCBcqgAwIBAgIQDzJ753SaEbPwC2TYhqhgzzANBgkqhkiG9w0BAQsFADBZ
@@ -49951,37 +72034,37 @@ YkZwsmfv+q3EI9HX4ULuOFo0GfXjdbUR4kRE2EoLk+0prTGuR4pVQI0psfBbaj3K
         set enroll-protocol none
     next
     edit "StarCert-Expire03202026"
-        set password ENC OqUQfcMyDUAotx0HF/wdwzRlD1D6bWYXEdsYwzbi/YZfX8Xwqzuaxzf3aLI3h0Tw1q19MPavPGG3NQQjWfBpETWRMHHLzDcp/Hg0e1RUXswevOHoR4tTegB6l3zkx19ZgilcGoeCbusCUwq6t8VEMwQgdwGR+jijeAClRxJ6YOqvk3jFotjZ/uabo6naq1q951YqEQ==
+        set password ENC HQzwj0qYTkmkWKKLdfzq4knh8m6vZyXpXI0+FN91TfiPNJTsGxHma+z2gZY9ZDC/BRjpBFYpLeAWFZYM97/fHHaPjS5Gndpzd2oPcRwMc7gWCGaShTG5KgpgGjf/7UD3lVYvOR3nAv23PKeJSAbRy72wruz/Tc+xfNRZf06+nciAHP+3CXy0iyLX3hB2tyfWwIDCiVlmMjY3dkVA
         set comments ''
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIyQCLqUqkqe8CAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECI3QdWmeLUKsBIIEyGq3ovqXsBtj
-nO86VGjOlky50bBQVRIYXXcAf2OAQaodaKgW6Col+J/FWM6RbJgqb6mhiHtoyl5+
-DM0elSLvgXIX+VC1YPcuA4Mq4VYQuCKemtEHAxCirKnm84PwBS4tdN9p7ArGUsBA
-l/b4FvI5oF7eacaQavtOFOyjzYU+1pxeTOijOGBRN9XfxuLCQGT4Vjf2rddPzxss
-DpOQVw5ke5z1xcZ0WTCd940+F8Mbmmp4ByfnaFQTzHtIwLK3g0VAn/1mYAwBCWAJ
-8iRAgXnKp3SpxYnOwejxLxuYSoJphOlc92m8caQiBosVuptTCiAIdf3U9TeZDuMi
-R9MFKDmuBB212sglyXs7U+xfS9q1YL5zXnQJRLlEyB3M1oP4oHI9bo8lBi4Aqauh
-iy0SAU2DmKVP4uHwOR9yTqXzHXsm+qrHSoOrGnQ5E+Oz44nUpDfJ/SMEbmoKpFxq
-giXwBfiNHYxIoqGMMM7V9bKsnxo7pL/eZYoXgQMCgZ3PsIPrI72xCLEMswj05siR
-xDTrh5Sn8YWkREKhANUQw+kNsEfuE2x98Aqtu1/FO/Sfr1rr/eSfeDMu5Bv1GiyM
-kpOEiF3mRVJVhlsNlyOwMiRyebpw6AO7srLhloBnxD9G0KnzylCc7AoTKGbzl6kN
-LCcTAvTvXQt/SoUQDctxHCyy3rhc6wUNVnvjZ/Bt0rxwrWJwkwzGuaWoeNvh0PFL
-WOjoDwxpn/HR1cktyClUSP+uCq2sm2ULvYXjaWwmnvccfNqpwvIvhRYHDePvSP1/
-f/zTSzTNHlPxqC4+nomap3dMI+OC4jcqkpJHW3yi1DjT0px1J22+ONeL6c8AOqdn
-v57Kh/sHa4ooAONeOS2q1sqbLyQqIl5To0328YmcHNQxk3NIeGskJBmBvgG9hOqw
-/8YSFUSPtT7fSo/IXEmvrPgJftTlhw3ldFX8lP+VY+XUFEQIMfC8p362tTywpePZ
-ftWveCzHuFbUBPtFAEFXXASkgt+RO/O1pLwsEfB99Q2p8xPXKVh0yJOzmgTyoGmi
-IuO/zNESSkRs5VZ8zRg/1l7PE596SzUcKv2u5NYHVJAmUdYm4t1HF761ju5dzTA+
-/vLQuCMkE/L0DrAuEl8rVX8HuYJcIyOxg0HHPmGAGn4wMQjIfOrIvTsD45+NI1bL
-91goqR5Mdk0Pg3d26H3zihurzk+R4WNNahVwBZJA5ARC47am9aPQ0kc61+2cjvSF
-frwbgVOJiPaVX/CHy7OaxQ/7w9EREjmnWp6rO0UOtVXlzwvbTgkz9MPay6eQ5L/S
-1fkTu3wUzWfhCZBt2kTbefGk5bV4nQGf1OntwPGvyv+s6cJ5oTLfbpPy7ithFoJU
-Mb/ILtya5sNOHNUFWTENC6H96tiZzdoLShV/o8EMLc90Bk+UKIurIsPtdkmH+JBZ
-VVamW8nzis0tMsyzT5vpMp3GZtboKdwOqkuoZVxoRZflUS5tDkQluGmIFVtwvGkB
-nIiT2O7EBFq+m+Zu8NscnzB1O2FREunDtFlPV2SyGmAAl4D0etC8dfUX6cPzxGaq
-tmm1S7M2I/8Fo0NqqBXyc3F8PqLeKuYZHUyTJyE5PXUOjFppqTvEtC4Hr4MxnPgZ
-PzKiGqjfD3Aoy25cSinLJQ==
+MIIFJDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQWppt1+EpojsdZuXB
+jf+SyAICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQI6rdrpujx32sEggTI
+LdmVKu+76E6wEP6nzkCofnYlAveUkv4nMp4R7oVdlfC9TeE06N8aC658oh6OqMZB
+8TBwjLVsD83fft2JpR0lyD/5G/XMLyz5tSQVxNjtPl/kk65LnHiNo9KuCV7vvXu8
++i5fZb3ckDArdxQcxWS0ftkNQaGRrJ/n4WvAAvyh2YXeksvrI9tuFaptIilVfQuT
+wSeXMRaUrZOoxxV3XatkgYxzvnAubkSIkk1yrGoTciDA3agq2zABI9wCpmngphye
+1hjF2n7WXB5iFBLDmacq4kQaDKCjxPYWDPi3yeIofXrBkBlYIGA9e9Tk3lnQ/HtH
+h76R4c/xYC8SkeYXDRU9yH5zbheQgx5yxStlDr5EJrZF4Oo7JLkkSSsZ9M6ktrhW
+YhTGGfC7aBTkSaX2wFM3mfSAXXp4Lkx2YqO/Jn199qx6uJ1SuprVXK+50OJSmbHM
+UQ8dVkzQTyXkua/8wnMOV2ed/nVtWpzvQjIL6/lDdlBHCUpjodXQlXmodLdYKNFE
+C58458rISFyrE2jV24UTUMBYUtXe4uqMkIWV7mR3XtBXIL5TAj9b310JZAQq7ir3
+amo0uKhc9lahjlSnSM6JKQpbmapn7GUXWyXymbozXS8Iw2pW1Sn6TXPC+Iiveb1/
+3cw7ZjMlD2/uidhUxVIu49536QkApBPGsgCkG5zeqn+QmW7tbS59oQyLlgFdHREy
+9HasGYA9GsKUSQRMEkFGij+EVZD9kq72qs7dlgbjENYP7YHVqJTnbNg5QEeQloBD
+IRbXFKPjeAvoKGWIQwsUKihhdTJpam9Lk2+XmKYmIE8+J6lvV4A+zjAUT3gTlQka
+qK20zZ1hSMrdwFK2kczo2j8ANw0nxMbem6FFV922v8Yz+bmOLeM1gVS2hG9tppg3
+9jMIHJOcHmuowo/8aAvkyjN5wQeDrFr/QWwcuxyxa8F4XdUzDdRiAteEBM9/WxZi
+sUwo0UM+9lFrizyEqJzxM+zYA3y8u4tYyU4pSWImL+eahslwC9vjn8G3ix9X/Lt2
+tWrbU7Zwa4Bs7brozfKM0grgntyZeeCxQJNkRwTTeCMbsTbnwt3mUHPAVlC9qqFd
+x9KdumxTEhXEuYw6AmvAE5H1nn/TIczTJ+SVgwY0YdNQ6l8pw7u1uBPvQgRekncp
+GdL7wrqdKAU3y9HQOmxQU7XNZnr0Yj+as9Euvvi2HByQzP99YNwfZOFXeka3sP7A
+6JiKX1K2FMka7ELDY8c2rzpqZyunX5B7CmLaK8hCiZzlkLcSRk8exskLxmerIQ9Z
+et/pUhMg0eDcMWIYDNBYTCOt6N7b7qm3Mb5ypNqEQ7GNjNrMzbPYvKMdQrW+5JzD
+lZVVYw2qHm9cndtJCNATjZosvvrDuJ9/YDRHXumpmMJqjAUQNz8htxrawh0tvq3j
+ryZY2bKDjQoBsqjNTJH0lqJ1FZE8hRW4RH9Ylw2wW584Nl722saDoPvuj0X1WcfX
+Ba/adIvkPnSgl8fjdELOuN7gNkKsanAO+vbffKAvV5Cj+KvYXD3phlXWagUHsHfC
+Kzv6jy5vGV5Yfa89nAy8poZ1W++rc3S+RORIZFdTbs28w4s7Bc42pTI/+1AXpkyx
+NSfM/vKkVPk/jqsajsEugteyK/3rVrgc
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
 MIIG2jCCBcKgAwIBAgIQBEdfHQ5i8A9R/h7gVSxl4zANBgkqhkiG9w0BAQsFADBZ
@@ -50036,6 +72119,8 @@ end
 config vpn certificate setting
     set ocsp-status disable
     set ocsp-option server
+    set proxy ''
+    set source-ip ''
     set ocsp-default-server ''
     set interface-select-method auto
     set check-ca-cert enable
@@ -50053,6 +72138,7 @@ config vpn certificate setting
     set ssl-min-proto-version default
     set cmp-save-extra-certs disable
     set cmp-key-usage-checking enable
+    set cert-expire-warning 14
     set certname-rsa1024 "Fortinet_SSL_RSA1024"
     set certname-rsa2048 "Fortinet_SSL_RSA2048"
     set certname-rsa4096 "Fortinet_SSL_RSA4096"
@@ -50084,10 +72170,13 @@ config ips sensor
         config entries
             edit 1
                 set location all
-                set severity medium high critical 
+                set severity medium high critical
                 set protocol all
                 set os all
                 set application all
+                set default-action all
+                set default-status all
+                unset last-modified
                 set status default
                 set log enable
                 set log-packet disable
@@ -50106,10 +72195,13 @@ config ips sensor
         config entries
             edit 1
                 set location all
-                set severity medium high critical 
+                set severity medium high critical
                 set protocol all
                 set os all
                 set application all
+                set default-action all
+                set default-status all
+                unset last-modified
                 set status default
                 set log enable
                 set log-packet disable
@@ -50128,10 +72220,13 @@ config ips sensor
         config entries
             edit 1
                 set location all
-                set severity medium high critical 
+                set severity medium high critical
                 set protocol all
                 set os all
                 set application all
+                set default-action all
+                set default-status all
+                unset last-modified
                 set status default
                 set log enable
                 set log-packet disable
@@ -50149,11 +72244,14 @@ config ips sensor
         set extended-log disable
         config entries
             edit 1
-                set location server 
-                set severity medium high critical 
+                set location server
+                set severity medium high critical
                 set protocol all
                 set os all
                 set application all
+                set default-action all
+                set default-status all
+                unset last-modified
                 set status default
                 set log enable
                 set log-packet disable
@@ -50171,11 +72269,14 @@ config ips sensor
         set extended-log disable
         config entries
             edit 1
-                set location client 
-                set severity medium high critical 
+                set location client
+                set severity medium high critical
                 set protocol all
                 set os all
                 set application all
+                set default-action all
+                set default-status all
+                unset last-modified
                 set status default
                 set log enable
                 set log-packet disable
@@ -50188,6 +72289,8 @@ config ips sensor
 end
 config sctp-filter profile
 end
+config diameter-filter profile
+end
 config firewall shaper traffic-shaper
     edit "high-priority"
         set guaranteed-bandwidth 0
@@ -50196,6 +72299,7 @@ config firewall shaper traffic-shaper
         set priority high
         set per-policy enable
         set diffserv disable
+        set cos-marking disable
         set overhead 0
     next
     edit "medium-priority"
@@ -50205,6 +72309,7 @@ config firewall shaper traffic-shaper
         set priority medium
         set per-policy enable
         set diffserv disable
+        set cos-marking disable
         set overhead 0
     next
     edit "low-priority"
@@ -50214,6 +72319,7 @@ config firewall shaper traffic-shaper
         set priority low
         set per-policy enable
         set diffserv disable
+        set cos-marking disable
         set overhead 0
     next
     edit "guarantee-100kbps"
@@ -50223,6 +72329,7 @@ config firewall shaper traffic-shaper
         set priority high
         set per-policy enable
         set diffserv disable
+        set cos-marking disable
         set overhead 0
     next
     edit "shared-1M-pipe"
@@ -50232,12 +72339,31 @@ config firewall shaper traffic-shaper
         set priority high
         set per-policy disable
         set diffserv disable
+        set cos-marking disable
         set overhead 0
     next
 end
 config firewall shaper per-ip-shaper
 end
 config firewall proxy-address
+    edit "IPv4-address"
+        set uuid 2a35d328-c0f6-51f0-70a1-f58dfccd36b8
+        set type host-regex
+        set host-regex "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}$"
+        set referrer disable
+        set case-sensitivity disable
+        set color 0
+        set comment ''
+    next
+    edit "IPv6-address"
+        set uuid 2a35d440-c0f6-51f0-0010-6ce2dd483d5b
+        set type host-regex
+        set host-regex "^\\[(([0-9a-f]{0,4}:){1,7}[0-9a-f]{1,4})\\]$"
+        set referrer disable
+        set case-sensitivity disable
+        set color 0
+        set comment ''
+    next
 end
 config firewall proxy-addrgrp
 end
@@ -50254,12 +72380,20 @@ config web-proxy global
     set strict-web-check disable
     set forward-proxy-auth disable
     set forward-server-affinity-timeout 30
-    set max-waf-body-cache-length 32
+    set max-waf-body-cache-length 1
     set webproxy-profile ''
     set learn-client-ip disable
+    set policy-category-deep-inspect enable
+    set log-policy-pending disable
+    set log-forward-server disable
+    set log-app-id disable
+    set proxy-transparent-cert-inspection disable
+    set request-obs-fold keep
 end
 config web-proxy explicit
     set status disable
+    set secure-web-proxy disable
+    set http-connection-mode static
     set ipv6-status disable
     set strict-guest disable
     set https-replacement-message enable
@@ -50296,6 +72430,8 @@ config ftp-proxy explicit
     set status disable
     set ssl disable
 end
+config web-proxy fast-fallback
+end
 config web-proxy url-match
 end
 config application custom
@@ -50529,6 +72665,71 @@ config application list
 end
 config application group
 end
+config dlp data-type
+    edit "g-credit-card"
+        set pattern "\\b([2-6]{1}\\d{3})[- ]?(\\d{4})[- ]?(\\d{2})[- ]?(\\d{2})[- ]?(\\d{2,4})\\b"
+        set verify "builtin)credit-card"
+        set verify2 ''
+        set match-around ''
+        set look-back 20
+        set look-ahead 1
+        set transform "\\b\\1[- ]?\\2[- ]?\\3[- ]?\\4[- ]?\\5\\b"
+        set verify-transformed-pattern disable
+        set comment ''
+    next
+    edit "g-edm-keyword"
+        set pattern ".+"
+        set verify ''
+        set match-around ''
+        set transform "/\\b\\0\\b/i"
+        set comment ''
+    next
+    edit "g-hex"
+        set pattern "built-in"
+        set verify ''
+        set match-around ''
+        set transform ''
+        set comment ''
+    next
+    edit "g-keyword"
+        set pattern "built-in"
+        set verify ''
+        set match-around ''
+        set transform ''
+        set comment ''
+    next
+    edit "g-mip-label"
+        set pattern "^[[:xdigit:]]{8}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{12}$"
+        set verify ''
+        set match-around ''
+        set transform "built-in"
+        set comment ''
+    next
+    edit "g-regex"
+        set pattern "built-in"
+        set verify ''
+        set match-around ''
+        set transform ''
+        set comment ''
+    next
+    edit "g-ssn-us"
+        set pattern "\\b(\\d{3})-(\\d{2})-(\\d{4})\\b"
+        set verify "(?<!-)\\b(?!666|000|9\\d{2})\\d{3}-(?!00)\\d{2}-(?!0{4})\\d{4}\\b(?!-)"
+        set verify2 ''
+        set match-around ''
+        set look-back 12
+        set look-ahead 1
+        set transform "\\b\\1-\\2-\\3\\b"
+        set verify-transformed-pattern disable
+        set comment ''
+    next
+end
+config dlp dictionary
+end
+config dlp exact-data-match
+end
+config dlp sensor
+end
 config dlp filepattern
     edit 1
         set name "builtin-patterns"
@@ -50623,9 +72824,9 @@ config dlp sensitivity
 end
 config dlp fp-doc-source
 end
-config dlp sensor
+config dlp profile
     edit "g-default"
-        set comment "Default sensor."
+        set comment "Default profile."
         set feature-set flow
         set replacemsg-group ''
         set dlp-log enable
@@ -50653,7 +72854,7 @@ config webfilter urlfilter
 end
 config videofilter youtube-key
 end
-config videofilter youtube-channel-filter
+config videofilter keyword
 end
 config videofilter profile
 end
@@ -50693,7 +72894,7 @@ config log threat-weight
     set botnet-connection-detected critical
     config malware
         set virus-infected critical
-        set fortindr critical
+        set inline-block critical
         set file-blocked low
         set command-blocked disable
         set oversized disable
@@ -50791,17 +72992,23 @@ config log threat-weight
 end
 config icap server
 end
+config icap server-group
+end
 config icap profile
     edit "default"
         set replacemsg-group ''
+        set comment ''
         set request disable
         set response disable
+        unset file-transfer
         set streaming-content-bypass disable
+        set 204-response disable
         set preview disable
-        set methods delete get head options post put trace other
+        set methods delete get head options post put trace connect other
         set icap-block-log disable
         set chunk-encap disable
         unset extension-feature
+        set timeout 30
         config icap-headers
             edit 1
                 set name "X-Authenticated-User"
@@ -50824,6 +73031,12 @@ config system network-visibility
     set hostname-limit 5000
     set destination-location enable
 end
+config user peer
+end
+config user peergrp
+end
+config vpn qkd
+end
 config user certificate
 end
 config user radius
@@ -50837,6 +73050,7 @@ config user ldap
         set server "10.1.48.95"
         set secondary-server ''
         set tertiary-server ''
+        set status-ttl 300
         set source-ip ''
         set source-port 0
         set cnid "sAMAccountName"
@@ -50844,7 +73058,7 @@ config user ldap
         set type regular
         set two-factor disable
         set username "fortinet ldap"
-        set password ENC MTAwNEE9KEQkPwRrCgUGcEQPdGDqOTnITAjFrKKxrViQrYIKoGmAmTZin+255Sf2ZNBZxZyeSf+CNSul/lZDrGRJq/KzGdSoRROYiB9VLCeN5dCPmHhfkngZw+k9PBNYl+2Cy35B7RrSUv9Ppp8M9/J6mXR7uNl9FjEglnGD3ld+BIOKRwmaVXQ2nolOoAmfF+YELQ==
+        set password ENC txu44xyRI780kbiWe4hk3sNvmcILo0RNVbZN3Xalb4F80VCzSXPJMA5mZuctaT+NT0lFwYdW8b7oOgPoU1JnfC/E2TYnNEturpY1UBqm6i/gLK6o1i8Cc2IcqsX5YUDUvRNvQRElAVN77GlkzZI0AJMhkH8wR8AGstdIvi5CAsVbRwEBUu5n+kvm9tdTRK67izZQLllmMjY3dkVA
         set group-member-check user-attr
         set group-search-base ''
         set group-filter ''
@@ -50854,6 +73068,7 @@ config user ldap
         set password-renewal disable
         set member-attr "memberOf"
         set account-key-processing same
+        set account-key-cert-field othername
         set account-key-filter "(&(userPrincipalName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))"
         unset search-type
         set obtain-user-info enable
@@ -50865,6 +73080,7 @@ config user ldap
         set server "10.21.48.10"
         set secondary-server ''
         set tertiary-server ''
+        set status-ttl 300
         set source-ip ''
         set source-port 0
         set cnid "sAMAccountName"
@@ -50872,7 +73088,7 @@ config user ldap
         set type regular
         set two-factor disable
         set username "fortinet ldap"
-        set password ENC MTAwNEE9KEQkPwRrCgUGcEQPdGDqOTnITAjFrKKxrViQrYIKoGmAmTZin+255Sf2ZNBZxZyeSf+CNSul/lZDrGRJq/KzGdSoRROYiB9VLCeN5dCPmHhfkngZw+k9PBNYl+2Cy35B7RrSUv9Ppp8M9/J6mXR7uNl9FjEglnGD3ld+BIOKRwmaVXQ2nolOoAmfF+YELQ==
+        set password ENC pnfMWA57NlKsca4zng2BsfLhmfdBizIzW8c4iwYaLrR5A1dsNNU+zeZEk9uA0SaJXUunJwXO1jwWjhuJpL8c8nFWGy44AeoWx8js56fLThQsZxjJsBuGLU/psD3vrbypdS3s+XajW9tjV+FGi5cgKn4+NkWD/xFMD9Bzim1pR2KZhla/7E+UUi5e2yuxAu1UYOdtSFlmMjY3dkVA
         set group-member-check user-attr
         set group-search-base ''
         set group-filter ''
@@ -50882,6 +73098,7 @@ config user ldap
         set password-renewal disable
         set member-attr "memberOf"
         set account-key-processing same
+        set account-key-cert-field othername
         set account-key-filter "(&(userPrincipalName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))"
         unset search-type
         set obtain-user-info enable
@@ -50893,6 +73110,7 @@ config user ldap
         set server "10.1.40.10"
         set secondary-server ''
         set tertiary-server ''
+        set status-ttl 300
         set source-ip ''
         set source-port 0
         set cnid "sAMAccountName"
@@ -50900,7 +73118,7 @@ config user ldap
         set type regular
         set two-factor disable
         set username "fortinet ldap"
-        set password ENC MTAwNEE9KEQkPwRrCgUGcEQPdGDqOTnITAjFrKKxrViQrYIKoGmAmTZin+255Sf2ZNBZxZyeSf+CNSul/lZDrGRJq/KzGdSoRROYiB9VLCeN5dCPmHhfkngZw+k9PBNYl+2Cy35B7RrSUv9Ppp8M9/J6mXR7uNl9FjEglnGD3ld+BIOKRwmaVXQ2nolOoAmfF+YELQ==
+        set password ENC RjVpYFlQps2i5/LVl80hOPk5VHD5PWjqaJNakQ44HzHD0ZocsIjarqfl8vwNzWozlXaa+Lpjaqn4fvMEU3ofg0haCn/l2lV6OchotpdgbXg8QeBQU0/qOD7TxnsTpCMBehnl8UR4Pz8Ax1tn8CiCCktiPhOPe8YU99c7CrOTLGDxKgM8y8f8w9ojd9gyIC772qqBcVlmMjY3dkVA
         set group-member-check user-attr
         set group-search-base ''
         set group-filter ''
@@ -50910,6 +73128,7 @@ config user ldap
         set password-renewal disable
         set member-attr "memberOf"
         set account-key-processing same
+        set account-key-cert-field othername
         set account-key-filter "(&(userPrincipalName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))"
         unset search-type
         set obtain-user-info enable
@@ -50940,6 +73159,7 @@ config user saml
         set limit-relaystate disable
         set clock-tolerance 15
         set adfs-claim disable
+        set reauth disable
     next
     edit "scsd_user_sso"
         set cert "StarCert-Expire03202026"
@@ -50956,6 +73176,7 @@ config user saml
         set limit-relaystate disable
         set clock-tolerance 15
         set adfs-claim disable
+        set reauth disable
     next
     edit "scsd_user2_sso"
         set cert "StarCert-Expire03202026"
@@ -50972,26 +73193,29 @@ config user saml
         set limit-relaystate disable
         set clock-tolerance 15
         set adfs-claim disable
+        set reauth disable
     next
 end
+config user external-identity-provider
+end
 config user fsso
     edit "Orion"
         set type default
         set server "10.1.48.37"
         set port 8000
-        set password ENC /ZCQqbb6+/h3TSq54Tnw820GHMF82JT6sWScYDbHw4mqNlBTTk92y1HRsoeazVp4b9I+h4ilFYPMl8qXQ52sAtNt8WckCa+P+HjGDS/o9BHqqbgfxltAtQeOYfn6bsWWehS3Te6ZTB8xl/qHDEI6/Q0m8WoN0clDrAZjfCS9CfWfUVovKcD0Suc+G3XqRFti33Z1kA==
+        set password ENC C+mlWncskrVSmOwdlLcVLQWGms+JrGJ550JrdggcJc1h43ezLBE30P2GKJeZrhWAVALMgA0G/DyqQTPhnFyGpRXc/y41HK0Fg//avx4IrE4W8EzktDygQC31CZ0fmvNawLOEnELtSNH2kYV1yG6byk9yuynLW6p6y7b2LVAMRryKpCRCkXsLvzlZ3elAC6Uper1rQFlmMjY3dkVA
         set server2 ''
         set port2 8000
-        set password2 ENC HNKCam+bAuw0PeHNM2gsIWibq5z7nBGrXm/MbL8pCfSvj+o5ZkwXNM7PLi6jlw3OleAdxthX5OFHAcAACdoIcMciGtBoTT9uFCANvJD1JkuBHM7/PPALWEFQGIlDiECwHO3gue+LZ35XM76AJllNm9VJZRuA174S5qAiiRC6biouJto+0BhDVBQxCtspR/cwRxLMXg==
+        set password2 ENC WFhHRTd2rFrEVPP2X7e9iThMWbKXoRIyniihxLuSxl45F6sKIH91Fo4MC9PoMEYxOwM1cTxXHlOVW+2tJhNHglDT5Go2cUDiEOxbQCN9akSUEvFrQSGRqABnNsg/J0Co1rN1SCt5JcXGfeXPHZSWsuRismRHWtK/bsUwsoBw6Yrnby4i8GLr6bFhBR2f4j3ZjR10o1lmMjY3dkVA
         set server3 ''
         set port3 8000
-        set password3 ENC qc6f+O6RURyRhszeJWx3PmOWJbQuwJTmVhbLTHJSUIvVXOcSBfrPcE1GFnBcUeQhfSXiWf3t0/Wp3vuukTy1jdLXbG5mkoXd3jYCeFAYNdxHkRnLLCbboxOK3cfWRGorcLTXFwqeL1Hj/0aXtcacY962Vzku2zinNjEoPWyY7MnAV7se37qE/fWcSjKt5+oROdW8fA==
+        set password3 ENC WL/5cu+0x6w3H1G18RrCDFfTRRsDg9b6lRaDuSBeWiUaKwtkL8tOa2XIKz/nwQsemDdz6mUrEeprXpcASzDTDCZQ9nuuUjilgbhvICS1PXeCg7R/rghvNGoZHC966QgDXFSXRm6s5Y5JqeZGV+JjmFGSv0ofFyg1iVxDZ/Y64BqmSmBnmKMjxpH2CPbNSZMBumX3zllmMjY3dkVA
         set server4 ''
         set port4 8000
-        set password4 ENC M9EkWpZMnldsjSGeSoaDoM4ssT12InKeF1XHGovNZXNdZDUphZzIiwJU9P9J3FEnsZpPTt8nxkrMLS0kiIFpgQL/DtEZTKbEm+H6NO31CBE5S8NHrsJiuUh6LSuviA45z1HJSWdVpUaseJmA7SWuG0wDu9uVyL6FsBrnpkkwtQAQld724jX/7S6EF4MX4VSFloUibg==
+        set password4 ENC YJ1+QxJNF/ZTlWPvO4HwkTktQUDxFO509PECUwfPvqvHeemEsxfLqPgECnTKqcViV6sU4enVIn8nBEENyg/QmKyT0TYmbMtKwVczbbFe+sBTDWJp+/5ARTNlqi4YpyO3EGKxjxfsJASCI3tbhBNXWJCJjk1FegIFJgnXyGSyTT3gOqy+GBRAtkujWEQA5z2y/snJgFlmMjY3dkVA
         set server5 ''
         set port5 8000
-        set password5 ENC GSNNzWsx9oAZ0m4P0xU4oscODMdADi9XldJ/tu18k92l6s38Kq0HhdCjDCmkeFVcm1SMCfiYzu57hZ4GwiJ+//Y81R7RJpuP6xpZvlTT4+/OHj231IjYciDZwS/Dzf7I8GUAGg3qSnmV0PuNvB2tyJLzGeGjTO8EX1sjMSknjApzBfiNbX0ZDuraBFOyfOJtXZJKlA==
+        set password5 ENC Fjms/JdUZE6y6qFazoPA7hrxza311fOqNcKRDxyDD3UuIrcAlYbel0jQzTqYcCT3EB9DwHJiW01o43lcOayfM+ej7hdKTW6sFfaIqKsk1+02JSnbeC1IA0rFN3rHqHGyOcCXtN4ROn3bWHnpsG3xhMhQy4Ta+gfjbfGAOOggv+ohG/yR8BcRRVkepz0foubEwQ9/xFlmMjY3dkVA
         set logon-timeout 5
         set ldap-server ''
         set group-poll-interval 0
@@ -56452,12 +78676,13 @@ config user local
         set sms-server fortiguard
         set sms-phone ''
         set passwd-policy ''
-        set passwd-time 2025-10-03 11:14:17
+        set passwd-time 2025-10-02 19:14:17
         set authtimeout 0
         set auth-concurrent-override disable
-        set ppk-secret ENC ovgeKauwurppno5hp9VEmRgdwiDy7YAls9Mm1sArqyOWz5gKP/IyIVE4BfeH7i6C2bWS6aA+9n3BppaSFP8ETISiG7ntpED3hUkh8R8HNOxtQTc+bIEebNFPZ0tuSAOsAae1abOstz8rKH7+59ffQjU6jVutLT2s/HI0lqpz20dgfkenl+XrtK74hSEVFiB3XeiQRg==
+        set ppk-secret ENC V66KfC5llnbfMSY0sBP1m7NCxwoHN1O5WxAyPF4qBlIPFHNsS/RlLuN5YOEB490EX+MjpMVg3VmFUXtkUgYAqJmwBhqWGJ1kG55OuIKpBIpFHjFGlbC7hfWs+3mMKIWMURUzUpmA63mJzG8i10NdbZdmHE0x4OuwkrtmAzEx4pSYPIISmtWddZuwF2RDWDv+9Lb6uVlmMjY3dkVA
         set ppk-identity ''
-        set passwd ENC jUGil6ZHP5GBE5kOU4Z1loX03zqGaIr2oh0MNn9ORyq8ySijxaDJcSes3Fn4FL5gj1ZozPCQcgbf40xtLs+HVy2VsYw87OZugJIUV+Rv+Xl3gJ7mXPZXMcGLvf954IBeXk83ATwSkOKDL4R3yyV29Yn0EkUVi2a8rnZhzOPJ4bTDolzwRtGMasbJStFRkONtjGpzNQ==
+        set qkd-profile ''
+        set passwd ENC NGvLJVrkc89wI8BGLpjl2aFxBWJMYzR6VnyVY2SqroMj7UouUIbiXNmCRDX0nckmdxvN8gvmQ+0VKjvD2kLLvsc5O44uKcXb/JlxQeKosuGxaeJghpeNLwQgqLb2ELGT8XziszXRhSLrhASxuHCGcwQfiDpNxDxh4p2+lwAhkgavTujErdbZ8dO+M7Ng0vfk6Hlxm1lmMjY3dkVA
     next
 end
 config user setting
@@ -56481,10 +78706,7 @@ config user setting
     set auth-ssl-min-proto-version default
     unset auth-ssl-max-proto-version
     set auth-ssl-sigalgs all
-end
-config user peer
-end
-config user peergrp
+    set default-user-password-policy ''
 end
 config user quarantine
     set quarantine enable
@@ -57162,6 +79384,7 @@ config vpn ssl web portal
         set dns-suffix ''
         set wins-server1 0.0.0.0
         set wins-server2 0.0.0.0
+        set dhcp-ra-giaddr 0.0.0.0
         set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
         set ipv6-split-tunneling enable
         set ipv6-split-tunneling-routing-negate disable
@@ -57169,8 +79392,12 @@ config vpn ssl web portal
         set ipv6-dns-server2 ::
         set ipv6-wins-server1 ::
         set ipv6-wins-server2 ::
+        set dhcp6-ra-linkaddr ::
+        set client-src-range disable
+        set landing-page-mode disable
         set display-bookmark enable
         set user-bookmark enable
+        set default-protocol web
         set user-group-bookmark enable
         config bookmark-group
             edit "gui-bookmarks"
@@ -57178,12 +79405,12 @@ config vpn ssl web portal
         end
         set display-connection-tools enable
         set display-history enable
+        set focus-bookmark disable
         set display-status enable
         set rewrite-ip-uri-ui disable
         set heading "SSL-VPN Portal"
         set redir-url ''
-        set theme neutrino
-        set custom-lang ''
+        set theme security-fabric
         set smb-ntlmv1-auth disable
         set smb-min-version smbv2
         set smb-max-version smbv3
@@ -57208,17 +79435,19 @@ config vpn ssl web portal
         set limit-user-logins disable
         set forticlient-download enable
         set dns-suffix ''
+        set landing-page-mode disable
         set display-bookmark enable
         set user-bookmark enable
+        set default-protocol web
         set user-group-bookmark enable
         set display-connection-tools enable
         set display-history enable
+        set focus-bookmark disable
         set display-status enable
         set rewrite-ip-uri-ui disable
         set heading "SSL-VPN Portal"
         set redir-url ''
-        set theme neutrino
-        set custom-lang ''
+        set theme security-fabric
         set smb-ntlmv1-auth disable
         set smb-min-version smbv2
         set smb-max-version smbv3
@@ -57249,6 +79478,7 @@ config vpn ssl web portal
         set dns-suffix ''
         set wins-server1 0.0.0.0
         set wins-server2 0.0.0.0
+        set dhcp-ra-giaddr 0.0.0.0
         set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
         set ipv6-split-tunneling enable
         set ipv6-split-tunneling-routing-negate disable
@@ -57256,6 +79486,8 @@ config vpn ssl web portal
         set ipv6-dns-server2 ::
         set ipv6-wins-server1 ::
         set ipv6-wins-server2 ::
+        set dhcp6-ra-linkaddr ::
+        set client-src-range disable
         set host-check none
         set mac-addr-check disable
         set os-check disable
@@ -57282,8 +79514,12 @@ config vpn ssl web portal
         set dns-suffix ''
         set wins-server1 0.0.0.0
         set wins-server2 0.0.0.0
+        set dhcp-ra-giaddr 0.0.0.0
+        set client-src-range disable
+        set landing-page-mode disable
         set display-bookmark enable
         set user-bookmark enable
+        set default-protocol web
         set user-group-bookmark enable
         config bookmark-group
             edit "gui-bookmarks"
@@ -57291,12 +79527,12 @@ config vpn ssl web portal
         end
         set display-connection-tools enable
         set display-history enable
+        set focus-bookmark disable
         set display-status enable
         set rewrite-ip-uri-ui disable
         set heading "SSL-VPN Portal"
         set redir-url ''
-        set theme neutrino
-        set custom-lang ''
+        set theme security-fabric
         set smb-ntlmv1-auth disable
         set smb-min-version smbv2
         set smb-max-version smbv3
@@ -57333,8 +79569,12 @@ config vpn ssl web portal
         set dns-suffix ''
         set wins-server1 0.0.0.0
         set wins-server2 0.0.0.0
+        set dhcp-ra-giaddr 0.0.0.0
+        set client-src-range disable
+        set landing-page-mode disable
         set display-bookmark enable
         set user-bookmark disable
+        set default-protocol web
         set user-group-bookmark enable
         config bookmark-group
             edit "gui-bookmarks"
@@ -57480,12 +79720,12 @@ config vpn ssl web portal
         end
         set display-connection-tools disable
         set display-history disable
+        set focus-bookmark disable
         set display-status enable
         set rewrite-ip-uri-ui disable
         set heading "SCSD SchoolTool VPN"
         set redir-url ''
-        set theme neutrino
-        set custom-lang ''
+        set theme security-fabric
         set smb-ntlmv1-auth disable
         set smb-min-version smbv2
         set smb-max-version smbv3
@@ -57496,6 +79736,7 @@ config vpn ssl web portal
         set host-check none
         set mac-addr-check disable
         set os-check disable
+        set forticlient-download-method direct
         set hide-sso-credential enable
     next
     edit "Website_Server_Portal"
@@ -57518,8 +79759,12 @@ config vpn ssl web portal
         set dns-suffix ''
         set wins-server1 0.0.0.0
         set wins-server2 0.0.0.0
+        set dhcp-ra-giaddr 0.0.0.0
+        set client-src-range disable
+        set landing-page-mode disable
         set display-bookmark enable
         set user-bookmark disable
+        set default-protocol web
         set user-group-bookmark enable
         config bookmark-group
             edit "gui-bookmarks"
@@ -57529,7 +79774,7 @@ config vpn ssl web portal
                         set description ''
                         set host "10.1.48.117"
                         set keyboard-layout en-us
-                        set security rdp
+                        set security any
                         set send-preconnection-id disable
                         set load-balancing-info ''
                         set restricted-admin disable
@@ -57554,12 +79799,12 @@ config vpn ssl web portal
         end
         set display-connection-tools disable
         set display-history disable
+        set focus-bookmark disable
         set display-status disable
         set rewrite-ip-uri-ui disable
         set heading "SCSD Website VPN Portal"
         set redir-url ''
         set theme mariner
-        set custom-lang ''
         set smb-ntlmv1-auth disable
         set smb-min-version smbv2
         set smb-max-version smbv3
@@ -57596,8 +79841,12 @@ config vpn ssl web portal
         set dns-suffix ''
         set wins-server1 0.0.0.0
         set wins-server2 0.0.0.0
+        set dhcp-ra-giaddr 0.0.0.0
+        set client-src-range disable
+        set landing-page-mode disable
         set display-bookmark enable
         set user-bookmark enable
+        set default-protocol web
         set user-group-bookmark enable
         config bookmark-group
             edit "gui-bookmarks"
@@ -57607,7 +79856,7 @@ config vpn ssl web portal
                         set description ''
                         set host "10.1.40.108"
                         set keyboard-layout en-us
-                        set security rdp
+                        set security any
                         set send-preconnection-id disable
                         set load-balancing-info ''
                         set restricted-admin disable
@@ -57624,7 +79873,7 @@ config vpn ssl web portal
                         set description ''
                         set host "10.1.40.173"
                         set keyboard-layout en-us
-                        set security rdp
+                        set security any
                         set send-preconnection-id disable
                         set load-balancing-info ''
                         set restricted-admin disable
@@ -57641,7 +79890,7 @@ config vpn ssl web portal
                         set description ''
                         set host "10.1.40.188"
                         set keyboard-layout en-us
-                        set security rdp
+                        set security any
                         set send-preconnection-id disable
                         set load-balancing-info ''
                         set restricted-admin disable
@@ -57658,12 +79907,12 @@ config vpn ssl web portal
         end
         set display-connection-tools disable
         set display-history disable
+        set focus-bookmark disable
         set display-status disable
         set rewrite-ip-uri-ui disable
         set heading "SCSD Day Automation VPN Portal"
         set redir-url ''
         set theme melongene
-        set custom-lang ''
         set smb-ntlmv1-auth disable
         set smb-min-version smbv2
         set smb-max-version smbv3
@@ -57700,8 +79949,12 @@ config vpn ssl web portal
         set dns-suffix ''
         set wins-server1 0.0.0.0
         set wins-server2 0.0.0.0
+        set dhcp-ra-giaddr 0.0.0.0
+        set client-src-range disable
+        set landing-page-mode disable
         set display-bookmark enable
         set user-bookmark enable
+        set default-protocol web
         set user-group-bookmark enable
         config bookmark-group
             edit "gui-bookmarks"
@@ -57709,12 +79962,12 @@ config vpn ssl web portal
         end
         set display-connection-tools enable
         set display-history disable
+        set focus-bookmark disable
         set display-status disable
         set rewrite-ip-uri-ui disable
         set heading "SCSD Security VPN Portal"
         set redir-url ''
         set theme mariner
-        set custom-lang ''
         set smb-ntlmv1-auth disable
         set smb-min-version smbv2
         set smb-max-version smbv3
@@ -57751,8 +80004,12 @@ config vpn ssl web portal
         set dns-suffix ''
         set wins-server1 0.0.0.0
         set wins-server2 0.0.0.0
+        set dhcp-ra-giaddr 0.0.0.0
+        set client-src-range disable
+        set landing-page-mode disable
         set display-bookmark enable
         set user-bookmark enable
+        set default-protocol web
         set user-group-bookmark enable
         config bookmark-group
             edit "gui-bookmarks"
@@ -57760,12 +80017,12 @@ config vpn ssl web portal
         end
         set display-connection-tools enable
         set display-history disable
+        set focus-bookmark disable
         set display-status disable
         set rewrite-ip-uri-ui disable
         set heading "SCSD_Hyperion_VPN_Portal"
         set redir-url ''
-        set theme neutrino
-        set custom-lang ''
+        set theme security-fabric
         set smb-ntlmv1-auth disable
         set smb-min-version smbv2
         set smb-max-version smbv3
@@ -57802,8 +80059,12 @@ config vpn ssl web portal
         set dns-suffix ''
         set wins-server1 0.0.0.0
         set wins-server2 0.0.0.0
+        set dhcp-ra-giaddr 0.0.0.0
+        set client-src-range disable
+        set landing-page-mode disable
         set display-bookmark enable
         set user-bookmark enable
+        set default-protocol web
         set user-group-bookmark enable
         config bookmark-group
             edit "gui-bookmarks"
@@ -57811,12 +80072,12 @@ config vpn ssl web portal
         end
         set display-connection-tools enable
         set display-history disable
+        set focus-bookmark disable
         set display-status disable
         set rewrite-ip-uri-ui disable
         set heading "SCSD_Peoplesoft_VPN_Portal"
         set redir-url ''
-        set theme neutrino
-        set custom-lang ''
+        set theme security-fabric
         set smb-ntlmv1-auth disable
         set smb-min-version smbv2
         set smb-max-version smbv3
@@ -57853,8 +80114,12 @@ config vpn ssl web portal
         set dns-suffix ''
         set wins-server1 0.0.0.0
         set wins-server2 0.0.0.0
+        set dhcp-ra-giaddr 0.0.0.0
+        set client-src-range disable
+        set landing-page-mode disable
         set display-bookmark enable
         set user-bookmark enable
+        set default-protocol web
         set user-group-bookmark enable
         config bookmark-group
             edit "gui-bookmarks"
@@ -57862,12 +80127,12 @@ config vpn ssl web portal
         end
         set display-connection-tools enable
         set display-history disable
+        set focus-bookmark disable
         set display-status disable
         set rewrite-ip-uri-ui disable
         set heading "SCSD_WebCRD_VPN_Portal"
         set redir-url ''
-        set theme neutrino
-        set custom-lang ''
+        set theme security-fabric
         set smb-ntlmv1-auth disable
         set smb-min-version smbv2
         set smb-max-version smbv3
@@ -57904,8 +80169,12 @@ config vpn ssl web portal
         set dns-suffix ''
         set wins-server1 0.0.0.0
         set wins-server2 0.0.0.0
+        set dhcp-ra-giaddr 0.0.0.0
+        set client-src-range disable
+        set landing-page-mode disable
         set display-bookmark enable
         set user-bookmark disable
+        set default-protocol web
         set user-group-bookmark enable
         config bookmark-group
             edit "gui-bookmarks"
@@ -57955,12 +80224,12 @@ config vpn ssl web portal
         end
         set display-connection-tools disable
         set display-history disable
+        set focus-bookmark disable
         set display-status disable
         set rewrite-ip-uri-ui disable
         set heading "SCSD Access411 VPN Portal"
         set redir-url ''
-        set theme neutrino
-        set custom-lang ''
+        set theme security-fabric
         set smb-ntlmv1-auth disable
         set smb-min-version smbv2
         set smb-max-version smbv3
@@ -57971,6 +80240,7 @@ config vpn ssl web portal
         set host-check none
         set mac-addr-check disable
         set os-check disable
+        set forticlient-download-method direct
         set hide-sso-credential enable
     next
     edit "DocHolliday_Portal"
@@ -57993,8 +80263,12 @@ config vpn ssl web portal
         set dns-suffix ''
         set wins-server1 0.0.0.0
         set wins-server2 0.0.0.0
+        set dhcp-ra-giaddr 0.0.0.0
+        set client-src-range disable
+        set landing-page-mode disable
         set display-bookmark enable
         set user-bookmark enable
+        set default-protocol web
         set user-group-bookmark enable
         config bookmark-group
             edit "gui-bookmarks"
@@ -58002,12 +80276,12 @@ config vpn ssl web portal
         end
         set display-connection-tools enable
         set display-history disable
+        set focus-bookmark disable
         set display-status disable
         set rewrite-ip-uri-ui disable
         set heading "SCSD DocHolliday Portal"
         set redir-url ''
-        set theme neutrino
-        set custom-lang ''
+        set theme security-fabric
         set smb-ntlmv1-auth disable
         set smb-min-version smbv2
         set smb-max-version smbv3
@@ -58044,8 +80318,12 @@ config vpn ssl web portal
         set dns-suffix ''
         set wins-server1 0.0.0.0
         set wins-server2 0.0.0.0
+        set dhcp-ra-giaddr 0.0.0.0
+        set client-src-range disable
+        set landing-page-mode disable
         set display-bookmark enable
         set user-bookmark enable
+        set default-protocol web
         set user-group-bookmark enable
         config bookmark-group
             edit "gui-bookmarks"
@@ -58053,12 +80331,12 @@ config vpn ssl web portal
         end
         set display-connection-tools enable
         set display-history disable
+        set focus-bookmark disable
         set display-status disable
         set rewrite-ip-uri-ui disable
         set heading "SCSD Access Control VPN Portal"
         set redir-url ''
-        set theme neutrino
-        set custom-lang ''
+        set theme security-fabric
         set smb-ntlmv1-auth disable
         set smb-min-version smbv2
         set smb-max-version smbv3
@@ -58095,8 +80373,12 @@ config vpn ssl web portal
         set dns-suffix ''
         set wins-server1 0.0.0.0
         set wins-server2 0.0.0.0
+        set dhcp-ra-giaddr 0.0.0.0
+        set client-src-range disable
+        set landing-page-mode disable
         set display-bookmark enable
         set user-bookmark enable
+        set default-protocol web
         set user-group-bookmark enable
         config bookmark-group
             edit "gui-bookmarks"
@@ -58118,12 +80400,12 @@ config vpn ssl web portal
         end
         set display-connection-tools enable
         set display-history enable
+        set focus-bookmark disable
         set display-status enable
         set rewrite-ip-uri-ui disable
         set heading "SSL-VPN Portal"
         set redir-url ''
-        set theme neutrino
-        set custom-lang ''
+        set theme security-fabric
         set smb-ntlmv1-auth disable
         set smb-min-version smbv2
         set smb-max-version smbv3
@@ -58134,6 +80416,7 @@ config vpn ssl web portal
         set host-check none
         set mac-addr-check disable
         set os-check disable
+        set forticlient-download-method direct
         set hide-sso-credential enable
     next
     edit "Azure_Test_Portal"
@@ -58156,8 +80439,12 @@ config vpn ssl web portal
         set dns-suffix ''
         set wins-server1 0.0.0.0
         set wins-server2 0.0.0.0
+        set dhcp-ra-giaddr 0.0.0.0
+        set client-src-range disable
+        set landing-page-mode disable
         set display-bookmark enable
         set user-bookmark enable
+        set default-protocol web
         set user-group-bookmark enable
         config bookmark-group
             edit "gui-bookmarks"
@@ -58165,12 +80452,12 @@ config vpn ssl web portal
         end
         set display-connection-tools enable
         set display-history enable
+        set focus-bookmark disable
         set display-status enable
         set rewrite-ip-uri-ui disable
         set heading "Azure-VPN Portal"
         set redir-url ''
-        set theme neutrino
-        set custom-lang ''
+        set theme security-fabric
         set smb-ntlmv1-auth disable
         set smb-min-version smbv2
         set smb-max-version smbv3
@@ -58205,8 +80492,12 @@ config vpn ssl web portal
         set dns-suffix ''
         set wins-server1 0.0.0.0
         set wins-server2 0.0.0.0
+        set dhcp-ra-giaddr 0.0.0.0
+        set client-src-range disable
+        set landing-page-mode disable
         set display-bookmark enable
         set user-bookmark enable
+        set default-protocol web
         set user-group-bookmark enable
         config bookmark-group
             edit "gui-bookmarks"
@@ -58214,12 +80505,12 @@ config vpn ssl web portal
         end
         set display-connection-tools enable
         set display-history enable
+        set focus-bookmark disable
         set display-status enable
         set rewrite-ip-uri-ui disable
         set heading "SCSD-USER-PORTAL"
         set redir-url ''
-        set theme neutrino
-        set custom-lang ''
+        set theme security-fabric
         set smb-ntlmv1-auth disable
         set smb-min-version smbv2
         set smb-max-version smbv3
@@ -58230,6 +80521,7 @@ config vpn ssl web portal
         set host-check none
         set mac-addr-check disable
         set os-check disable
+        set forticlient-download-method direct
         set hide-sso-credential enable
     next
 end
@@ -58238,7 +80530,7 @@ config vpn ssl settings
     set reqclientcert disable
     set ssl-max-proto-ver tls1-3
     set ssl-min-proto-ver tls1-2
-    unset banned-cipher
+    set banned-cipher SHA1 SHA256 SHA384
     set ciphersuite TLS-AES-128-GCM-SHA256 TLS-AES-256-GCM-SHA384 TLS-CHACHA20-POLY1305-SHA256
     set ssl-insert-empty-fragment enable
     set https-redirect disable
@@ -58252,7 +80544,6 @@ config vpn ssl settings
     set login-attempt-limit 2
     set login-block-time 60
     set login-timeout 180
-    set dtls-hello-timeout 10
     set tunnel-ip-pools "SSL_VPN_Range"
     set dns-suffix ''
     set dns-server1 10.1.40.10
@@ -58398,6 +80689,7 @@ config vpn ssl settings
             set auth any
         next
     end
+    set browser-language-detection enable
     set dtls-tunnel enable
     set check-referer disable
     set http-request-header-timeout 60
@@ -58412,6 +80704,12 @@ config vpn ssl settings
     set dual-stack-mode disable
     set tunnel-addr-assigned-method first-available
     set saml-redirect-port 8020
+    set ztna-trusted-client disable
+    set server-hostname ''
+    set dtls-hello-timeout 10
+    set dtls-heartbeat-idle-timeout 3
+    set dtls-heartbeat-interval 3
+    set dtls-heartbeat-fail-count 3
     set dtls-max-proto-ver dtls1-2
     set dtls-min-proto-ver dtls1-0
 end
@@ -58453,8 +80751,9 @@ config vpn ssl web user-bookmark
                 set host "10.1.7.110"
                 set port 5900
                 set logon-user "tmarris"
-                set logon-password ENC PJ7eRzw36aodeSwfb7ovE75usiYDm/zzdw1yhZxoqExFBR4nPSjZ5Yjn2/OjxjuF7aM7KQJYUPJ06q8k1ObmAYx3gOXxfCgjUa3tQV5BHXZtfAHDUGZPskAzVZ8wc5s2BoOBFS/NOWJ8MtKiAgvXalIAHTdUAwQlbQtqFkWv8IGN8b376ZFfR9fa/qr2tc7PBuHklw==
+                set logon-password ENC q2c3SwvxakQ1qZQNzW7LE3wJfSOFYhN3t6EA4qtR9HAvr/kXCMgHRZGJmnDixnnvtq5G8EUZ/BMqpUKjwGPWl3U4rD5qDyVi8SVTZefUZBKdU60dLiXktrvWnVT19FKVw7HWTbUcWjG8o2V78er+koaB9kmcq2xJxy/VxPJYZTPjJT81pQpsVB5nZWHpBMbltR04nFlmMjY3dkVA
                 set color-depth 16
+                set vnc-keyboard-layout default
             next
         end
     next
@@ -58486,7 +80785,7 @@ config vpn ssl web user-bookmark
                 set description ''
                 set host "10.1.48.202"
                 set keyboard-layout en-us
-                set security rdp
+                set security any
                 set send-preconnection-id disable
                 set load-balancing-info ''
                 set restricted-admin disable
@@ -58610,7 +80909,6 @@ config vpn ssl client
 end
 config voip profile
     edit "default"
-        set feature-set proxy
         set comment "Default VoIP profile."
         config sip
             set status enable
@@ -58711,7 +81009,7 @@ config voip profile
         end
     next
     edit "strict"
-        set feature-set proxy
+        set feature-set voipd
         set comment ''
         config sip
             set status enable
@@ -58812,7 +81110,7 @@ config voip profile
         end
     next
     edit "parks_sip"
-        set feature-set proxy
+        set feature-set voipd
         set comment "VoIP Profile for Parks SIP"
         config sip
             set status enable
@@ -58920,11 +81218,14 @@ config system sdwan
     set duplication-max-num 2
     set neighbor-hold-down disable
     set neighbor-hold-down-time 0
+    set app-perf-log-period 0
     set neighbor-hold-boot-time 0
     set fail-detect disable
     config zone
         edit "virtual-wan-link"
+            set advpn-select disable
             set service-sla-tie-break cfg-order
+            set minimum-sla-meet-members 1
         next
     end
     config health-check
@@ -58944,6 +81245,8 @@ config system sdwan
             set diffservcode 000000
             set update-cascade-interface enable
             set update-static-route enable
+            set embed-measured-health disable
+            set sla-id-redistribute 0
             set sla-fail-log-period 0
             set sla-pass-log-period 0
             set threshold-warning-packetloss 0
@@ -58952,12 +81255,18 @@ config system sdwan
             set threshold-alert-latency 0
             set threshold-warning-jitter 0
             set threshold-alert-jitter 0
+            set vrf 0
+            set source 0.0.0.0
+            set mos-codec g711
+            unset class-id
             config sla
                 edit 1
                     set link-cost-factor latency jitter packet-loss
                     set latency-threshold 250
                     set jitter-threshold 50
                     set packetloss-threshold 5
+                    set priority-in-sla 0
+                    set priority-out-sla 0
                 next
             end
         next
@@ -58966,13 +81275,13 @@ config system sdwan
             set addr-mode ipv4
             set server "www.office.com"
             set detect-mode active
-            set protocol http
+            set protocol https
             set port 0
             set ha-priority 1
             set http-get "/"
             set http-agent "Chrome/ Safari/"
             set http-match ''
-            set interval 1000
+            set interval 120000
             set probe-timeout 1000
             set failtime 5
             set recoverytime 10
@@ -58980,6 +81289,8 @@ config system sdwan
             set diffservcode 000000
             set update-cascade-interface enable
             set update-static-route enable
+            set embed-measured-health disable
+            set sla-id-redistribute 0
             set sla-fail-log-period 0
             set sla-pass-log-period 0
             set threshold-warning-packetloss 0
@@ -58988,12 +81299,18 @@ config system sdwan
             set threshold-alert-latency 0
             set threshold-warning-jitter 0
             set threshold-alert-jitter 0
+            set vrf 0
+            set source 0.0.0.0
+            set mos-codec g711
+            unset class-id
             config sla
                 edit 1
                     set link-cost-factor latency jitter packet-loss
                     set latency-threshold 250
                     set jitter-threshold 50
                     set packetloss-threshold 5
+                    set priority-in-sla 0
+                    set priority-out-sla 0
                 next
             end
         next
@@ -59012,6 +81329,8 @@ config system sdwan
             set diffservcode 000000
             set update-cascade-interface enable
             set update-static-route enable
+            set embed-measured-health disable
+            set sla-id-redistribute 0
             set sla-fail-log-period 0
             set sla-pass-log-period 0
             set threshold-warning-packetloss 0
@@ -59020,12 +81339,18 @@ config system sdwan
             set threshold-alert-latency 0
             set threshold-warning-jitter 0
             set threshold-alert-jitter 0
+            set vrf 0
+            set source 0.0.0.0
+            set mos-codec g711
+            unset class-id
             config sla
                 edit 1
                     set link-cost-factor latency jitter packet-loss
                     set latency-threshold 250
                     set jitter-threshold 50
                     set packetloss-threshold 2
+                    set priority-in-sla 0
+                    set priority-out-sla 0
                 next
             end
         next
@@ -59034,13 +81359,13 @@ config system sdwan
             set addr-mode ipv4
             set server "www.google.com"
             set detect-mode active
-            set protocol http
+            set protocol https
             set port 0
             set ha-priority 1
             set http-get "/"
             set http-agent "Chrome/ Safari/"
             set http-match ''
-            set interval 1000
+            set interval 120000
             set probe-timeout 1000
             set failtime 5
             set recoverytime 10
@@ -59048,6 +81373,8 @@ config system sdwan
             set diffservcode 000000
             set update-cascade-interface enable
             set update-static-route enable
+            set embed-measured-health disable
+            set sla-id-redistribute 0
             set sla-fail-log-period 0
             set sla-pass-log-period 0
             set threshold-warning-packetloss 0
@@ -59056,12 +81383,18 @@ config system sdwan
             set threshold-alert-latency 0
             set threshold-warning-jitter 0
             set threshold-alert-jitter 0
+            set vrf 0
+            set source 0.0.0.0
+            set mos-codec g711
+            unset class-id
             config sla
                 edit 1
                     set link-cost-factor latency jitter packet-loss
                     set latency-threshold 250
                     set jitter-threshold 50
                     set packetloss-threshold 5
+                    set priority-in-sla 0
+                    set priority-out-sla 0
                 next
             end
         next
@@ -59070,13 +81403,13 @@ config system sdwan
             set addr-mode ipv4
             set server "fortiguard.com"
             set detect-mode active
-            set protocol http
+            set protocol https
             set port 0
             set ha-priority 1
             set http-get "/"
             set http-agent "Chrome/ Safari/"
             set http-match ''
-            set interval 1000
+            set interval 120000
             set probe-timeout 1000
             set failtime 5
             set recoverytime 10
@@ -59084,6 +81417,8 @@ config system sdwan
             set diffservcode 000000
             set update-cascade-interface enable
             set update-static-route enable
+            set embed-measured-health disable
+            set sla-id-redistribute 0
             set sla-fail-log-period 0
             set sla-pass-log-period 0
             set threshold-warning-packetloss 0
@@ -59092,17 +81427,27 @@ config system sdwan
             set threshold-alert-latency 0
             set threshold-warning-jitter 0
             set threshold-alert-jitter 0
+            set vrf 0
+            set source 0.0.0.0
+            set mos-codec g711
+            unset class-id
             config sla
                 edit 1
                     set link-cost-factor latency jitter packet-loss
                     set latency-threshold 250
                     set jitter-threshold 50
                     set packetloss-threshold 5
+                    set priority-in-sla 0
+                    set priority-out-sla 0
                 next
             end
         next
     end
 end
+config vpn ipsec fec
+end
+config vpn kmip-server
+end
 config vpn ipsec phase1
 end
 config vpn ipsec phase2
@@ -59111,8 +81456,6 @@ config vpn ipsec manualkey
 end
 config vpn ipsec concentrator
 end
-config vpn ipsec fec
-end
 config vpn ipsec phase1-interface
     edit "SRIC_BOCES"
         set type static
@@ -59124,10 +81467,12 @@ config vpn ipsec phase1-interface
         set authmethod psk
         unset authmethod-remote
         set peertype any
+        set monitor-min 0
         set net-device disable
         set passive-mode disable
         set exchange-interface-ip disable
         set aggregate-member disable
+        set packet-redistribution disable
         set mode-cfg disable
         set proposal aes256-sha256
         set localid ''
@@ -59137,7 +81482,6 @@ config vpn ipsec phase1-interface
         set fragmentation enable
         set ip-fragmentation post-encapsulation
         set dpd on-demand
-        set forticlient-enforcement disable
         set comments ''
         set npu-offload enable
         set dhgrp 14
@@ -59162,10 +81506,17 @@ config vpn ipsec phase1-interface
         set fec-egress disable
         set fec-ingress disable
         set network-overlay disable
+        set dev-id-notification disable
+        set link-cost 0
+        set kms ''
+        set exchange-fgt-device-id disable
+        set ems-sn-check disable
+        set qkd disable
+        set qkd-profile ''
+        set transport udp
         set remote-gw 170.161.52.25
-        set monitor ''
         set add-gw-route disable
-        set psksecret ENC Thv4qDQZDuOMksNSbmGyGfXbFwFUn65/uWe5Ua/ZglDWaevldXAE+g4GxE3K6j1Wkw5jfhn4gAUaaog9+RlBAAvPsPXxr30rq3X/0VGFRpFbc5O8LKNTuqJlYaGs1IGuE16dCTZ7nClVjXfflKhwx/4ReCCSZML0l6qwsmyr7dzKGNUomdiAMXpp3JvSMp5OT5ol2g==
+        set psksecret ENC UdeqApjPeXAhk0YkE5p3tNmWkymQUGomuPhqN+5dCjp/2ieeBYj63jqIDIE9qf1v4KYqZJnJaCMt8SQZZky4WmxyV0ueZ0OCv8FK6GUO3s1MnMMHhKGvb5T4oe7eyc5FRmowXeCgZtmotNOQXWA5svemIYvSLFWlekkXSuDiUzf3wNhz0qDp3pcH1tylPQUYQ1EccllmMjY3dkVA
         set dpd-retrycount 3
         set dpd-retryinterval 20
     next
@@ -59179,10 +81530,12 @@ config vpn ipsec phase1-interface
         set authmethod psk
         unset authmethod-remote
         set peertype any
+        set monitor-min 0
         set net-device disable
         set passive-mode disable
         set exchange-interface-ip disable
         set aggregate-member disable
+        set packet-redistribution disable
         set mode-cfg disable
         set proposal aes256-sha256
         set localid ''
@@ -59192,7 +81545,6 @@ config vpn ipsec phase1-interface
         set fragmentation enable
         set ip-fragmentation post-encapsulation
         set dpd on-demand
-        set forticlient-enforcement disable
         set comments ''
         set npu-offload enable
         set dhgrp 19
@@ -59217,10 +81569,17 @@ config vpn ipsec phase1-interface
         set fec-egress disable
         set fec-ingress disable
         set network-overlay disable
+        set dev-id-notification disable
+        set link-cost 0
+        set kms ''
+        set exchange-fgt-device-id disable
+        set ems-sn-check disable
+        set qkd disable
+        set qkd-profile ''
+        set transport udp
         set remote-gw 52.61.115.188
-        set monitor ''
         set add-gw-route disable
-        set psksecret ENC P/xchn5pt3WZAagt3WbQRYvJ9qNFW65fzPL9S+MqrZxSjR6G+AhvoHnLF+1dRpj5+hZ/i6tTQp1nI3kL4XiACZGCwoq3BicKsMmQv5T718kpxRNNZ7q9cHyzQNFCxQrpZLl6p/dmMKK1J4L8DYJrpUNQR92iepTqKT1dUvaFAcZWWGVv5oBonpKFUpF5zNjWGSO0Sw==
+        set psksecret ENC 5398xg6BKbh5zjj1sz8OMz06t9Wpi0cjfGaNmJZZWHKIxlK3AKXE7oq0eQOW4UL003wqB8piIOLbcCSFGE1ZqZRczyDn2sOKn6KxagqWhLCN7butC8hCUeqc3yppeK7D+g3HdvCCaF4toI/tqDmevXHqOokiIWVK2zk7ORp6asEGF/ceeWEYTnhtS69wJUh2YcUBUllmMjY3dkVA
         set keepalive 10
         set dpd-retrycount 3
         set dpd-retryinterval 30
@@ -59235,10 +81594,12 @@ config vpn ipsec phase1-interface
         set authmethod psk
         unset authmethod-remote
         set peertype any
+        set monitor-min 0
         set net-device disable
         set passive-mode disable
         set exchange-interface-ip disable
         set aggregate-member disable
+        set packet-redistribution disable
         set mode-cfg disable
         set proposal aes256-sha256
         set localid ''
@@ -59248,7 +81609,6 @@ config vpn ipsec phase1-interface
         set fragmentation enable
         set ip-fragmentation post-encapsulation
         set dpd on-demand
-        set forticlient-enforcement disable
         set comments ''
         set npu-offload enable
         set dhgrp 14 5
@@ -59273,10 +81633,17 @@ config vpn ipsec phase1-interface
         set fec-egress disable
         set fec-ingress disable
         set network-overlay disable
+        set dev-id-notification disable
+        set link-cost 0
+        set kms ''
+        set exchange-fgt-device-id disable
+        set ems-sn-check disable
+        set qkd disable
+        set qkd-profile ''
+        set transport udp
         set remote-gw 209.217.202.173
-        set monitor ''
         set add-gw-route disable
-        set psksecret ENC h8V2yVeqHHEe14GTuyduqIj7T/DsuFMTA/cDA2PSzwlDnKOuOQg7zXc7c81sD4uB13evTAXx+GHMSGmiCbl+peXU5ltYL/MolMzOmpDMuqw+EoD3gZR9+KTrEK6PzPH5zSY091xUhDBMOIcWYmikfzMDeeY4jTEESHfOOYYGmkvhX9k5XVMPX4gZy3Dd8pZ6TQADBg==
+        set psksecret ENC YpRPMjopupfhAPbtuHyCtJBfKnxr5kpMta4xVIUfvgLAPBztsI/MMyEtsZqMf7kDIlCIunA6dv37PqnR6ARj38HhTAH4aNKTDdmTNUq0QmtteA4mLPQu2p/qVSZ3knTG03G5RrPAoaDaOIEBlSrao4kWnC8qycIcgD7LXFwNaVASNIJV+HyI8Q0ZecASgaIwQISmIFlmMjY3dkVA
         set keepalive 10
         set dpd-retrycount 3
         set dpd-retryinterval 20
@@ -59291,10 +81658,12 @@ config vpn ipsec phase1-interface
         set authmethod psk
         set mode main
         set peertype any
+        set monitor-min 0
         set net-device disable
         set passive-mode disable
         set exchange-interface-ip disable
         set aggregate-member disable
+        set packet-redistribution disable
         set mode-cfg disable
         set proposal aes128-sha1
         set localid ''
@@ -59304,7 +81673,6 @@ config vpn ipsec phase1-interface
         set fragmentation enable
         set ip-fragmentation post-encapsulation
         set dpd on-demand
-        set forticlient-enforcement disable
         set comments "SchoolTool Tunnel"
         set npu-offload enable
         set dhgrp 2
@@ -59325,10 +81693,14 @@ config vpn ipsec phase1-interface
         set rekey enable
         set fec-egress disable
         set fec-ingress disable
+        set link-cost 0
+        set exchange-fgt-device-id disable
+        set ems-sn-check disable
+        set qkd disable
+        set qkd-profile ''
         set remote-gw 34.194.174.170
-        set monitor ''
         set add-gw-route disable
-        set psksecret ENC br2H+NgJWMWmSAu7lnp16BvAIhUbu3cxWcO3j6OQgLFqEFbH/k6eF5+2UFxCtL38ER62N7PSZBGVUvt4HsTR2gKro7jEfKSQ7htPD9l/xzrsA1toI16uxYaUJoUp/MdHUhjxgbrlXh4eLO/sLIe3kbvlKs1xYQdQ0HQ3xyVMJ2dafhZG1rJ2scvxpACtOPYjZGJMRw==
+        set psksecret ENC exGc/haxgkZ2N1G2pLm2QXDtVmmGg5FO0ZxOH8c9WOrfMrPQZ/dAUQi2OBaWclwqU7rLeSjtCk4Fu3TPZLML18IWXQQPNk8hSUnxArXKd9KVMYwxyNwmJWZ8VjB/Y01u33K3Vi+sUjSj3zRt5TsTCag8S86g2xf6rf4OoWKHMQSL8Qn0M2fkkXi9e7528OwcuwEbGllmMjY3dkVA
         set keepalive 10
         set dpd-retrycount 3
         set dpd-retryinterval 20
@@ -59343,10 +81715,12 @@ config vpn ipsec phase1-interface
         set authmethod psk
         unset authmethod-remote
         set peertype any
+        set monitor-min 0
         set net-device disable
         set passive-mode disable
         set exchange-interface-ip disable
         set aggregate-member disable
+        set packet-redistribution disable
         set mode-cfg disable
         set proposal aes256-sha256
         set localid ''
@@ -59356,7 +81730,6 @@ config vpn ipsec phase1-interface
         set fragmentation enable
         set ip-fragmentation post-encapsulation
         set dpd on-demand
-        set forticlient-enforcement disable
         set comments "eScholar Tunnel"
         set npu-offload enable
         set dhgrp 19
@@ -59381,10 +81754,17 @@ config vpn ipsec phase1-interface
         set fec-egress disable
         set fec-ingress disable
         set network-overlay disable
+        set dev-id-notification disable
+        set link-cost 0
+        set kms ''
+        set exchange-fgt-device-id disable
+        set ems-sn-check disable
+        set qkd disable
+        set qkd-profile ''
+        set transport udp
         set remote-gw 44.216.12.227
-        set monitor ''
         set add-gw-route disable
-        set psksecret ENC 66aP1+o+Z4MuSP0zKROQ5RnP1mPuBkX+Hd6BzGsjELW7sfTKb+s8ZSxz9qf+z3dKtvfzYHYn1yTNyRozj0BeZOibv25CUudFUBpuRAMWN/eEb2zrXqnB3adwEfjEhBfW4lcvViDp0+PY/hTWPvhHze3IL29+KY3CdGZJh/QSqtAyMD8o9Cn2TJnWqS69sSJqiFptCw==
+        set psksecret ENC u1GtdnDAPPQq+TwMgFsN2kt8YW8G8XceS8Mxo3fWCnivUun2jylDlEzLJcfd9ruaflTRjwdHnca7vilt6H/XRSHB2pobd67bEjCayZQz0ASoaGcIl4ctUSf96SMRdWVhIEKvlWdyAArWv2U+gat78yljVKDWyNUo4kmntJYQC0sGDcaVHpKYzZNnVg7+twPVVgOOyVlmMjY3dkVA
         set keepalive 10
         set dpd-retrycount 3
         set dpd-retryinterval 30
@@ -59399,10 +81779,12 @@ config vpn ipsec phase1-interface
         set authmethod psk
         unset authmethod-remote
         set peertype any
+        set monitor-min 0
         set net-device disable
         set passive-mode disable
         set exchange-interface-ip disable
         set aggregate-member disable
+        set packet-redistribution disable
         set mode-cfg disable
         set proposal aes128-sha1
         set localid ''
@@ -59412,7 +81794,6 @@ config vpn ipsec phase1-interface
         set fragmentation enable
         set ip-fragmentation post-encapsulation
         set dpd on-demand
-        set forticlient-enforcement disable
         set comments ''
         set npu-offload enable
         set dhgrp 2
@@ -59437,10 +81818,17 @@ config vpn ipsec phase1-interface
         set fec-egress disable
         set fec-ingress disable
         set network-overlay disable
+        set dev-id-notification disable
+        set link-cost 0
+        set kms ''
+        set exchange-fgt-device-id disable
+        set ems-sn-check disable
+        set qkd disable
+        set qkd-profile ''
+        set transport udp
         set remote-gw 3.20.191.182
-        set monitor ''
         set add-gw-route disable
-        set psksecret ENC tP4eeigWlrSo0C2/pVI6rI5rGKCIYDDEFD8ZJCnhfEu0Qq6/JL95YogjkQ1Awq/kVBZBKGVFKi/oiqE6a3+RsLL1x6caltjj11eTOprw357H7dCxbe+Xisk6mbuVTTecNWtM5Dgd/D28Knc5NDm37OIErTMcyv9uMx3PrjIe7I9EON0fbNIPZvYb6lmU7Zr/A03gaw==
+        set psksecret ENC Mxwj6e9xUhV/FnEfGqK1PSBvQ/kgTBA36Ca2zQVTMRZmYCncBwlnXhGiXboKwqloXC9q1Q8KevFk5OY7IdDZ0wEv+mOvrofe0DxIHNlalyvRvOhb7wrO679dL2fcVrG/cLDIin67xcwDIjt920yTWiuvCKrQBgZaKDcSge9ulZSA75vIF/R7hD/KhQfqTFq7b2VydFlmMjY3dkVA
         set dpd-retrycount 3
         set dpd-retryinterval 20
     next
@@ -59454,10 +81842,12 @@ config vpn ipsec phase1-interface
         set authmethod psk
         unset authmethod-remote
         set peertype any
+        set monitor-min 0
         set net-device disable
         set passive-mode disable
         set exchange-interface-ip disable
         set aggregate-member disable
+        set packet-redistribution disable
         set mode-cfg disable
         set proposal aes128-sha1
         set localid ''
@@ -59467,7 +81857,6 @@ config vpn ipsec phase1-interface
         set fragmentation enable
         set ip-fragmentation post-encapsulation
         set dpd on-demand
-        set forticlient-enforcement disable
         set comments ''
         set npu-offload enable
         set dhgrp 2
@@ -59492,10 +81881,17 @@ config vpn ipsec phase1-interface
         set fec-egress disable
         set fec-ingress disable
         set network-overlay disable
+        set dev-id-notification disable
+        set link-cost 0
+        set kms ''
+        set exchange-fgt-device-id disable
+        set ems-sn-check disable
+        set qkd disable
+        set qkd-profile ''
+        set transport udp
         set remote-gw 3.146.135.243
-        set monitor ''
         set add-gw-route disable
-        set psksecret ENC msrPc3qo5xWDlD+qQGtjUbph6vCwWjbo2yYTv1hkjUuI2QrtRN7fQZ45bB7KPl6qaaHC/b6iMVaehdKCvpntvj6WWouquJ/K6hKkaqR/IdCCGTuTokyzxl0d2O/2Yv1TSISqQej0uG5fK0oJDkBMtqevZqXIqo1bs+HI4E5+H2NAu+SpYiKmq1j20yc4m9rTC02JQg==
+        set psksecret ENC z9rhGL7kEhcOEP/rUdD0fWbf71vEMYbQBohgyzh0zuTEo4SSjk5dF1oyaWF2rI/EGMsYziavdOAiAehSi2W5CmuuitnFxxzUGk0Jq6oCXmMeiPhdh/kTtj+qBOtLZs6i+iw7vToKAXcQkmYuJ2uEARt2uuW+41GnjUSysFYlczdOeIwGysCQsg5JA0VBfW/xujdEp1lmMjY3dkVA
         set dpd-retrycount 3
         set dpd-retryinterval 20
     next
@@ -59509,10 +81905,12 @@ config vpn ipsec phase1-interface
         set authmethod psk
         unset authmethod-remote
         set peertype any
+        set monitor-min 0
         set net-device disable
         set passive-mode disable
         set exchange-interface-ip disable
         set aggregate-member disable
+        set packet-redistribution disable
         set mode-cfg disable
         set proposal aes256-sha256
         set localid ''
@@ -59522,7 +81920,6 @@ config vpn ipsec phase1-interface
         set fragmentation enable
         set ip-fragmentation post-encapsulation
         set dpd on-demand
-        set forticlient-enforcement disable
         set comments "VPN: DPS"
         set npu-offload enable
         set dhgrp 14 5
@@ -59547,10 +81944,17 @@ config vpn ipsec phase1-interface
         set fec-egress disable
         set fec-ingress disable
         set network-overlay disable
+        set dev-id-notification disable
+        set link-cost 0
+        set kms ''
+        set exchange-fgt-device-id disable
+        set ems-sn-check disable
+        set qkd disable
+        set qkd-profile ''
+        set transport udp
         set remote-gw 24.39.213.214
-        set monitor ''
         set add-gw-route disable
-        set psksecret ENC AO3lyWWG9K0c4Y2VOizFQErraPOp1KHXVSKn5Mj2MNst8v7n5XfUYiGl5FxHPXr4fm4L3GoPzBJsYfAJZtGsbOIbKam7046l3EJ9YAGk46VJwhk1/HxIPSoJpAkOuR+JI+Ag1QZ0CbXIFg47RlI5cBp9L220tB8f1eUE70SQEF3ZbVhIETfNNoUeIFZt72FO/72nTA==
+        set psksecret ENC oInNvifrAsG/GKS02sVpZRn0aIkzVIyMattqjmpA0bMNIZq0o6mLjCxjTSAorhHyprSafVBu8DDvhrHMwmbpaZkAG5BW1mMNQEBSLw6Jy8wcBXXSYDBng78SnWcRRxwk/Aeles//i/FVzpC2Aceme6hrFtFqRWj1wIPf9d4RPYB4+iUmIuFSKkNGGD8HpsuwTE/4fllmMjY3dkVA
         set keepalive 10
         set dpd-retrycount 3
         set dpd-retryinterval 20
@@ -59565,10 +81969,12 @@ config vpn ipsec phase1-interface
         set authmethod psk
         unset authmethod-remote
         set peertype any
+        set monitor-min 0
         set net-device disable
         set passive-mode disable
         set exchange-interface-ip disable
         set aggregate-member disable
+        set packet-redistribution disable
         set mode-cfg disable
         set proposal aes256-sha256
         set localid ''
@@ -59578,7 +81984,6 @@ config vpn ipsec phase1-interface
         set fragmentation enable
         set ip-fragmentation post-encapsulation
         set dpd on-demand
-        set forticlient-enforcement disable
         set comments ''
         set npu-offload enable
         set dhgrp 14 5
@@ -59603,10 +82008,17 @@ config vpn ipsec phase1-interface
         set fec-egress disable
         set fec-ingress disable
         set network-overlay disable
+        set dev-id-notification disable
+        set link-cost 0
+        set kms ''
+        set exchange-fgt-device-id disable
+        set ems-sn-check disable
+        set qkd disable
+        set qkd-profile ''
+        set transport udp
         set remote-gw 24.105.188.54
-        set monitor ''
         set add-gw-route disable
-        set psksecret ENC mMswMzGWsJmz2wDPVHbTFnnLqRLXhmCHnas3HoAH/yxhBT9O516Z4LVzPHPQVTl3bxmV228aC9pjukggbm6vwU7l7pV7NOHBCdSgRVwPl7SRToHeIz0CFT+rSH+FYvrKhBFrqJ1BGFns5T5MdmVOntT3H1NQ0C7KALeCozNGMga7gFyYVqOn6SifMA6FyzO6bHxqdA==
+        set psksecret ENC 6BoC3RZLcOOWQxTvnBMiLnWvC1kYJNvwK6WBDeEepeE0QBUe4zmi4GN88FdGcaOlpYBv8PtVJvTmUOJl3gt+MYJl60MF49A4kYoGaXc4E0roDdoIKB8XdUBU9GEyQHQ9CUpDSSErnOsc222AR0iQ6ew2oBSQvdXCtbF+5ug4hgA/gCNL1G5vUSJGzVgc1dfentz4P1lmMjY3dkVA
         set dpd-retrycount 3
         set dpd-retryinterval 20
     next
@@ -59852,6 +82264,8 @@ config vpn l2tp
 end
 config vpn ipsec forticlient
 end
+config system evpn
+end
 config dnsfilter domain-filter
 end
 config dnsfilter profile
@@ -59969,6 +82383,7 @@ config dnsfilter profile
         set block-action redirect
         set block-botnet enable
         set safe-search disable
+        set strip-ech enable
         set redirect-portal 0.0.0.0
         set redirect-portal6 ::
     next
@@ -60080,6 +82495,7 @@ config dnsfilter profile
         set block-action redirect
         set block-botnet disable
         set safe-search disable
+        set strip-ech enable
         set redirect-portal 0.0.0.0
         set redirect-portal6 ::
     next
@@ -60119,13 +82535,13 @@ config antivirus quarantine
     set quarantine-quota 0
     unset drop-infected
     set store-infected imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
-    unset drop-blocked
-    set store-blocked imap smtp pop3 http ftp nntp imaps smtps pop3s ftps mapi cifs ssh
     unset drop-machine-learning
     set store-machine-learning imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
     set lowspace ovrw-old
     set destination disk
 end
+config antivirus exempt-list
+end
 config ssh-filter profile
 end
 config antivirus profile
@@ -60208,7 +82624,6 @@ config antivirus profile
         set external-blocklist-enable-all enable
         set ems-threat-feed disable
         set av-virus-log enable
-        set av-block-log enable
         set extended-log disable
     next
     edit "g-sniffer-profile"
@@ -60290,7 +82705,6 @@ config antivirus profile
         set external-blocklist-enable-all enable
         set ems-threat-feed disable
         set av-virus-log enable
-        set av-block-log enable
         set extended-log disable
     next
     edit "g-wifi-default"
@@ -60372,7 +82786,6 @@ config antivirus profile
         set external-blocklist-enable-all enable
         set ems-threat-feed disable
         set av-virus-log enable
-        set av-block-log enable
         set extended-log disable
     next
 end
@@ -60401,6 +82814,7 @@ config webfilter profile
         set replacemsg-group ''
         unset options
         set https-replacemsg enable
+        set web-flow-log-encoding utf-8
         unset ovrd-perm
         set post-action normal
         config override
@@ -60412,11 +82826,9 @@ config webfilter profile
         end
         config web
             set bword-threshold 10
-            unset bword-table
-            unset urlfilter-table
-            unset content-header-list
             set blocklist disable
             unset allowlist
+            unset safe-search
         end
         config ftgd-wf
             unset options
@@ -60542,6 +82954,7 @@ config webfilter profile
             set rate-css-urls enable
             set rate-crl-urls enable
         end
+        set wisp disable
         set log-all-url disable
         set web-content-log enable
         set web-filter-command-block-log enable
@@ -60557,6 +82970,7 @@ config webfilter profile
         set replacemsg-group ''
         unset options
         set https-replacemsg enable
+        set web-flow-log-encoding utf-8
         unset ovrd-perm
         set post-action normal
         config override
@@ -60568,11 +82982,9 @@ config webfilter profile
         end
         config web
             set bword-threshold 10
-            unset bword-table
-            unset urlfilter-table
-            unset content-header-list
             set blocklist disable
             unset allowlist
+            unset safe-search
         end
         config ftgd-wf
             set options ftgd-disable
@@ -61018,6 +83430,7 @@ config webfilter profile
             set rate-css-urls enable
             set rate-crl-urls enable
         end
+        set wisp disable
         set log-all-url disable
         set web-content-log enable
         set web-filter-command-block-log enable
@@ -61033,6 +83446,7 @@ config webfilter profile
         set replacemsg-group ''
         set options block-invalid-url
         set https-replacemsg enable
+        set web-flow-log-encoding utf-8
         unset ovrd-perm
         set post-action normal
         config override
@@ -61044,11 +83458,9 @@ config webfilter profile
         end
         config web
             set bword-threshold 10
-            unset bword-table
-            unset urlfilter-table
-            unset content-header-list
             set blocklist disable
             unset allowlist
+            unset safe-search
         end
         config ftgd-wf
             unset options
@@ -61174,6 +83586,7 @@ config webfilter profile
             set rate-css-urls enable
             set rate-crl-urls enable
         end
+        set wisp disable
         set log-all-url disable
         set web-content-log enable
         set web-filter-command-block-log enable
@@ -61225,18 +83638,21 @@ config webfilter search-engine
         set url "^\\/translate"
         set query "u="
         set safesearch translate
+        set safesearch-str "regex::(?:\\?|&)u=([^&]+)::\\1"
     next
     edit "g-google-translate-2"
         set hostname ".*\\.translate\\.goog"
         set url "^\\/"
         set query ''
         set safesearch translate
+        set safesearch-str "case::google-translate"
     next
     edit "g-twitter"
         set hostname "twitter\\.com"
         set url "^\\/i\\/api\\/graphql\\/.*\\/UserByScreenName"
         set query "variables="
         set safesearch translate
+        set safesearch-str "regex::%22screen_name%22:%22([A-Za-z0-9_]{4,15})%22::twitter.com/\\1"
     next
     edit "g-vimeo"
         set hostname ".*vimeo.*"
@@ -61253,7 +83669,7 @@ config webfilter search-engine
     next
     edit "g-yandex"
         set hostname "yandex\\..*"
-        set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"
+        set url "^\\/((|yand|images\\/|video\\/)(search)|search\\/)\\?"
         set query "text="
         set safesearch url
         set safesearch-str "&family=yes"
@@ -61300,12 +83716,6 @@ config webfilter search-engine
         set query ''
         set safesearch yt-scan
     next
-    edit "translate"
-        set hostname "translate\\.google\\..*"
-        set url "^\\/translate\\?"
-        set query "u="
-        set safesearch translate
-    next
     edit "yt-video"
         set hostname ''
         set url "www.youtube.com/watch"
@@ -61320,7 +83730,6 @@ config emailfilter profile
         set replacemsg-group ''
         set spam-log enable
         set spam-filtering disable
-        set external disable
         unset options
         config imap
             set log-all disable
@@ -61341,9 +83750,7 @@ config emailfilter profile
         unset spam-bword-table
         unset spam-bal-table
         unset spam-mheader-table
-        unset spam-rbl-table
         unset spam-iptrust-table
-        set spam-log-fortiguard-response disable
     next
     edit "sniffer-profile"
         set comment "Malware and phishing URL monitoring."
@@ -61351,7 +83758,6 @@ config emailfilter profile
         set replacemsg-group ''
         set spam-log enable
         set spam-filtering disable
-        set external disable
         unset options
         config imap
             set log-all disable
@@ -61372,9 +83778,15 @@ config emailfilter profile
         unset spam-bword-table
         unset spam-bal-table
         unset spam-mheader-table
-        unset spam-rbl-table
         unset spam-iptrust-table
-        set spam-log-fortiguard-response disable
+    next
+end
+config virtual-patch profile
+    edit "g-default"
+        set comment ''
+        set severity info low medium high critical
+        set action block
+        set log enable
     next
 end
 config wanopt settings
@@ -61400,7 +83812,6 @@ config wanopt profile
             set prefer-chunking fix
             set protocol-opt protocol
             set tunnel-sharing private
-            set log-traffic enable
         end
         config cifs
             set status disable
@@ -61409,24 +83820,20 @@ config wanopt profile
             set prefer-chunking fix
             set protocol-opt protocol
             set tunnel-sharing private
-            set log-traffic enable
         end
         config mapi
             set status disable
             set secure-tunnel disable
             set byte-caching enable
             set tunnel-sharing private
-            set log-traffic enable
         end
         config ftp
             set status disable
             set secure-tunnel disable
             set byte-caching enable
-            set ssl disable
             set prefer-chunking fix
             set protocol-opt protocol
             set tunnel-sharing private
-            set log-traffic enable
         end
         config tcp
             set status disable
@@ -61457,6 +83864,7 @@ config log eventfilter
     set sdwan enable
     set cifs enable
     set switch-controller enable
+    set webproxy enable
 end
 config log memory filter
     set severity information
@@ -61468,6 +83876,7 @@ config log memory filter
     set anomaly enable
     set voip enable
     set gtp enable
+    set forti-switch enable
 end
 config log disk filter
     set severity information
@@ -61480,6 +83889,7 @@ config log disk filter
     set voip enable
     set dlp-archive enable
     set gtp enable
+    set forti-switch enable
 end
 config log fortiguard override-setting
     set override disable
@@ -61487,27 +83897,33 @@ config log fortiguard override-setting
 end
 config log tacacs+accounting setting
     set status disable
+    set source-ip ''
+    set interface-select-method auto
 end
 config log tacacs+accounting2 setting
     set status disable
+    set source-ip ''
+    set interface-select-method auto
 end
 config log tacacs+accounting3 setting
     set status disable
+    set source-ip ''
+    set interface-select-method auto
 end
 config log tacacs+accounting filter
     set login-audit enable
     set config-change-audit enable
-    set cli-cmd-audit enable
+    set cli-cmd-audit disable
 end
 config log tacacs+accounting2 filter
     set login-audit enable
     set config-change-audit enable
-    set cli-cmd-audit enable
+    set cli-cmd-audit disable
 end
 config log tacacs+accounting3 filter
     set login-audit enable
     set config-change-audit enable
-    set cli-cmd-audit enable
+    set cli-cmd-audit disable
 end
 config log null-device setting
     set status disable
@@ -61522,6 +83938,7 @@ config log null-device filter
     set anomaly enable
     set voip enable
     set gtp enable
+    set forti-switch enable
 end
 config log setting
     set resolve-ip disable
@@ -61529,11 +83946,12 @@ config log setting
     set log-user-in-upper disable
     set fwpolicy-implicit-log disable
     set fwpolicy6-implicit-log disable
-    set log-invalid-packet disable
+    set extended-log disable
     set local-in-allow enable
     set local-in-deny-unicast enable
     set local-in-deny-broadcast enable
     set local-out enable
+    set local-out-ioc-detection enable
     set neighbor-event disable
     set brief-traffic-format disable
     set user-anonymize disable
@@ -61544,6 +83962,8 @@ config log setting
     set syslog-override disable
     set rest-api-set disable
     set rest-api-get disable
+    set rest-api-performance disable
+    set long-live-session-stat enable
 end
 config log gui-display
     set resolve-hosts enable
@@ -61552,6 +83972,9 @@ config log gui-display
 end
 config system lldp network-policy
 end
+config system pcp-server
+    set status disable
+end
 config firewall schedule onetime
 end
 config firewall schedule recurring
@@ -61587,7 +84010,6 @@ config firewall ippool
         set arp-reply enable
         set arp-intf ''
         set associated-interface ''
-        set cgn-client-ipv6shift 0
         set comments ''
         set nat64 disable
     next
@@ -61598,7 +84020,6 @@ config firewall ippool
         set arp-reply enable
         set arp-intf ''
         set associated-interface ''
-        set cgn-client-ipv6shift 0
         set comments ''
         set nat64 disable
     next
@@ -61609,7 +84030,6 @@ config firewall ippool
         set arp-reply enable
         set arp-intf ''
         set associated-interface ''
-        set cgn-client-ipv6shift 0
         set comments ''
         set nat64 disable
     next
@@ -61620,7 +84040,6 @@ config firewall ippool
         set arp-reply enable
         set arp-intf ''
         set associated-interface ''
-        set cgn-client-ipv6shift 0
         set comments ''
         set nat64 disable
     next
@@ -61631,7 +84050,6 @@ config firewall ippool
         set arp-reply enable
         set arp-intf ''
         set associated-interface ''
-        set cgn-client-ipv6shift 0
         set comments ''
         set nat64 disable
     next
@@ -61642,7 +84060,6 @@ config firewall ippool
         set arp-reply enable
         set arp-intf ''
         set associated-interface ''
-        set cgn-client-ipv6shift 0
         set comments ''
         set nat64 disable
     next
@@ -61653,7 +84070,6 @@ config firewall ippool
         set arp-reply enable
         set arp-intf ''
         set associated-interface ''
-        set cgn-client-ipv6shift 0
         set comments ''
         set nat64 disable
     next
@@ -61664,7 +84080,6 @@ config firewall ippool
         set arp-reply enable
         set arp-intf ''
         set associated-interface ''
-        set cgn-client-ipv6shift 0
         set comments ''
         set nat64 disable
     next
@@ -61675,7 +84090,6 @@ config firewall ippool
         set arp-reply enable
         set arp-intf ''
         set associated-interface ''
-        set cgn-client-ipv6shift 0
         set comments ''
         set nat64 disable
     next
@@ -61694,7 +84108,18 @@ config firewall vip
 description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set type static-nat
         set src-filter "170.161.52.27-170.161.52.27"
+        set src-vip-filter disable
         set extip 198.36.24.68
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.1.48.68"
@@ -61713,6 +84138,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "ContentKeeper"
         set type static-nat
         set extip 198.36.26.31
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.251.1.31"
@@ -61731,6 +84166,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "ContentKeeper"
         set type static-nat
         set extip 198.36.26.21
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.251.1.21"
@@ -61748,6 +84193,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "ContentKeeper"
         set type static-nat
         set extip 198.36.26.32
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.251.1.32"
@@ -61765,6 +84220,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "ContentKeeper"
         set type static-nat
         set extip 198.36.26.22
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.251.1.22"
@@ -61782,6 +84247,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "ContentKeeper"
         set type static-nat
         set extip 198.36.26.30
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.251.1.30"
@@ -61799,6 +84274,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "ContentKeeper"
         set type static-nat
         set extip 198.36.26.20
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.251.1.20"
@@ -61816,6 +84301,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "ContentKeeper"
         set type static-nat
         set extip 198.36.26.28
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.251.1.28"
@@ -61833,6 +84328,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "ContentKeeper"
         set type static-nat
         set extip 198.36.26.23
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.251.1.23"
@@ -61850,6 +84355,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "ContentKeeper"
         set type static-nat
         set extip 198.36.26.33
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.251.1.33"
@@ -61867,6 +84382,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "ContentKeeper"
         set type static-nat
         set extip 198.36.26.34
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.251.1.34"
@@ -61884,6 +84409,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "ContentKeeper"
         set type static-nat
         set extip 198.36.26.24
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.251.1.24"
@@ -61901,6 +84436,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "ContentKeeper"
         set type static-nat
         set extip 198.36.26.35
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.251.1.35"
@@ -61918,6 +84463,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "ContentKeeper"
         set type static-nat
         set extip 198.36.26.25
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.251.1.25"
@@ -61935,6 +84490,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "ContentKeeper"
         set type static-nat
         set extip 198.36.26.29
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.251.1.29"
@@ -61952,6 +84517,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "ContentKeeper"
         set type static-nat
         set extip 198.36.26.36
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.251.1.36"
@@ -61969,6 +84544,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "ContentKeeper"
         set type static-nat
         set extip 198.36.26.26
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.251.1.26"
@@ -61986,6 +84571,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "ContentKeeper"
         set type static-nat
         set extip 198.36.26.27
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.251.1.27"
@@ -62003,6 +84598,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "ESS"
         set type static-nat
         set extip 198.36.24.100
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.1.140.14"
@@ -62021,6 +84626,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "Apple caching server for managing Apple device updates"
         set type static-nat
         set extip 198.36.24.57
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.1.40.107"
@@ -62039,6 +84654,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "Domain Controller for LDAP"
         set type static-nat
         set extip 198.36.25.45
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.1.40.95"
@@ -62057,6 +84682,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "Tableau"
         set type static-nat
         set extip 198.36.24.61
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.1.140.12"
@@ -62075,6 +84710,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "DNS External"
         set type static-nat
         set extip 198.36.22.245
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.1.48.45"
@@ -62093,6 +84738,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "DNS External"
         set type static-nat
         set extip 198.36.22.19
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.1.40.41"
@@ -62111,6 +84766,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "Web Help Desk"
         set type static-nat
         set extip 198.36.25.20
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.1.140.6"
@@ -62128,6 +84793,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "Airwatch (Workspace One) MDM"
         set type static-nat
         set extip 198.36.24.56
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.1.140.9"
@@ -62146,6 +84821,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "SCSD Website"
         set type static-nat
         set extip 198.36.24.16
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.1.140.11"
@@ -62164,6 +84849,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "Address Lookup"
         set type static-nat
         set extip 198.36.24.210
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.1.40.210"
@@ -62181,6 +84876,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "Barracuda Email"
         set type static-nat
         set extip 198.36.22.229
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.1.40.17"
@@ -62199,6 +84904,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "Barracuda Email"
         set type static-nat
         set extip 198.36.22.228
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.1.40.16"
@@ -62217,6 +84932,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "Email"
         set type static-nat
         set extip 198.36.22.143
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.1.48.49"
@@ -62234,6 +84959,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "Ribbon ITC NOC"
         set type static-nat
         set extip 198.36.26.37
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.1.150.21"
@@ -62251,6 +84986,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "Ribbon Danforth"
         set type static-nat
         set extip 198.36.26.38
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.21.150.21"
@@ -62268,6 +85013,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "Oracle Printer"
         set type static-nat
         set extip 198.36.26.119
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.1.40.219"
@@ -62285,6 +85040,16 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
         set comment "FortiClient EMS"
         set type static-nat
         set extip 198.36.24.202
+        config quic
+            set max-idle-timeout 30000
+            set max-udp-payload-size 1500
+            set active-connection-id-limit 2
+            set ack-delay-exponent 3
+            set max-ack-delay 25
+            set max-datagram-frame-size 1500
+            set active-migration disable
+            set grease-quic-bit enable
+        end
         set nat44 enable
         set nat46 disable
         set mappedip "10.1.40.22"
@@ -62333,10 +85098,10 @@ config firewall vipgrp6
 end
 config firewall ssh local-key
     edit "g-Fortinet_SSH_DSA1024"
-        set password ENC v2Ry9yDXW9WHmeGCIorkE7M3UQOieZ32e1O/zbL0DN7qW/eKEtgZi38ADq7URJPFGzBEMmGlsJA6rzO8Q+Ilqylx83OJQpzbuIEN8M1q3ingDC/AXmWN+cTD6Hlj4U1SjdyvyIXWzkBkYoztaHKtdsExUWr7AS5aKQsuXdHRYs0kaS28q2VhPTmV3N8vgt1pQn6YIw==
+        set password ENC ZwGs5QOx947dS+JtuNEXU+SjWsLmix67NzOtdjxojdJNYFREjb2TwmPPIkoM1WvdiDh96FbdESTmed4Fr9K/2Wu3ETwEUuyLAxMHQDYOD0SgUgs2kI/wXygSatoyw/WbVQ/N41thVEGKRxtBrKo90sxhs3i0QTweExaxqmoXCVzDy6FIU2D6WmUMQpT3OvkfWnLKqFlmMjY3dkVA
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCsTsvNYA
-0b26004l8z8i7xAAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDho
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDfWpFE0i
+XCd0QURSp4tDCxAAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDho
 KqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTq
 a7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq
 7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXk
@@ -62344,114 +85109,114 @@ jxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFR
 XsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEe
 P+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5
 lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11G
-wlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQAAAHgzgAOtcSS6fPeDulJ
-39PdJTzYpcTKSuHcUZV/mNHTzVhJqQxB6B9HLzfNKCy3EryifKql5HG2hhH6sggu00PbIl
-iLwFSIZRomdxWdDEC/0iOm/SvFkMMDR4R1VjNiqNsZcalKL0MuUbD65eRQEMhNwU+NnfD3
-w9zUGnQIrY823ehOaomlgzFJyBj88c3wOp/QAnaJwkK0q+F6pPUrA8Elyxjx95e2ysstac
-xjp4WRnWaAh13goad2tKPYRZr7LBYRpJMDLrTuedPzSbe+qgKEeMG3LiOX5dSEzRYh0CdL
-YihrYMyiosE9Q42QWGVt1tostNWY+P84pl6Ums5yH2ePz0htMhv6Ykcw+zuDGgDPQPIep+
-YivEsMViSNYAftgwHjKZY9vSm9Z080nCD1Y7am2KxKiDxLZjMpGoCqUVj0bgMRatalRs9e
-ZeRwi8Snls61FjQiyIFMcfKsihvBrZaFKIz53IBgSFp3t3vmOB1PVHy9oW0DqP8vgCu6qy
-wgqiinAB9ITb6R899zqkf6OTL/gTmZvZJQdG6X/L6xM/GeqAlbNqq/XUI2W/3AGGFYurRb
-floJVo0ZGUcsZBwbJZf83CXohyF0ZxU+BA7z/THjasuxqgW+xil417cAAMx1kY0x
+wlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQAAAHgS/BQuclL3Fmvho5r
+5vjUwzJbyChZhWxkXG3eKGvkshX8YTRtMWlUDLMIPX6RQk2N8dtWdYo2INAYwzOO/nHgVC
+ZoTlNsCF0gWa0vEbOikSBU2wAJpfTZFbBzxUSKcvK7KxCTDJ0LWNLmTypFhxaappjiy2BN
+x8VJDLG21NU7bR86lFhg1/w+OXsRdSBjJpI5ox2raAyPS6we5ezjPm3y2anL5TF4A4AmM5
+F3KkMZluZGBemTxITZJC2RwRXJkPm+93wC7U5ILVsn2J8KJjX5Jqo3flnXjBe3y2s/NJCx
+31d2C/BqPmzgTus1a+xcAk3H7AoLIlkUQ/Kuvmd4ALcBPIOyz1UgoitYpQrxW2yz9LfAfC
+dsMCsCceYbY5oOPJJ8frLbDkbSfDlkQO2AHP+M9+aY7Sc9ehuttvdQ+kopBP4y0v8k6n5F
+rV/GOPkr0rAThvkiCtectOqIh4pOJdWiHV0UCKuzka4kYqda3nIB59SfjrAJU4Fs8Plgr+
+EaZmSp5z429V2X3bZch5VL2L5yzbwU0H7vtzUM/BCNsVHncqyYJeSHc0Q6+KgSuCsr2rvO
+26/sUh9gQ4OBP5WcKZRcjRtGsXy4Cy8Z5OD0JWIrWlTmXZn9IQaPpsaMEJMF52lV
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDhoKqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTqa7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXkjxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFRXsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEeP+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11GwlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQ="
         set source built-in
     next
     edit "g-Fortinet_SSH_ECDSA256"
-        set password ENC jUV6WqnsQMVPrBVTUUwbtIutBExeN8w+fpS+r1+yoj2H5sxwMIFJ0TTF9NwVDnmpOCUxIxOTOaVbFAMLhliCCeedvWmKp8QpXxTqHxN4LMkfBaBJhEWvURZUjgODx9ZVVXweeMX9KQ2nhQQpj1gEN7GLhs/1qe/qkQQKg9kFhBuOmMU6MZSnnsJIbEYM0xgdRoaiAA==
+        set password ENC nd3G+OWKOH47xHdLq7yfvn7dhfhSzIGBPJgObiBwcfG1MksVzIjn1FYsHuWMs1y569CA8uzweYCcYFwscnrwvtywTaYh5n1PDnd4CNbDhAH3CvwucTyaNlcPF9bwha/qX7+CToc3u/6bbz8yAPE67tqBQJmfMYjoP3CiLcyplw1o2M2ElL62dxA1S5VVBS868KFM0llmMjY3dkVA
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABC6LqlkPY
-/Hdb6OrWPuEFY0AAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB5/6e7jl
+Mch9M+27aUJHDlAAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
 dHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvK
-y7MHqF8ARHi1glc6RSoarryTUQuCIAAACgVxupR7dKdgRH81tvCGVVIDuY//Vx1Yi/Yk0h
-BPrtDwxQhyoplotmX9mTOqazAvefWgTaNjvM9ijdzDa4ZaqNRnnG3P2I6Q9MPhjJtAXU8d
-6sLeriRKwNwnKx2IOvUqw/Pwe6rsubJPij0vXYi/cYVz21DERJvAG+5+1ADdYBbCKG7eEH
-84sWnBQ98dSS7TCNT3vSK6o2Bd6JddGULj+UPw==
+y7MHqF8ARHi1glc6RSoarryTUQuCIAAACgkK+gYlQYEjpNKQ3JDiggWfHFxRdEL8J/6GZK
+P/yWY3iwinZj3eg+3XFwyGgbN74kRJLlrbVCkzWkgsTRIce4gVqvD41EvyAv8IrnvqlSgV
+KKhqvOYrICP1ES9y4himR5YrsbHvSaiSCCipl4ohdo8EkA1XuGFaRiWHBoN+J+9YskDuhe
+QNVOZyHrEWqSqVCbiyNDii1wdNYqIQJTkxVWGQ==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvKy7MHqF8ARHi1glc6RSoarryTUQuCI="
         set source built-in
     next
     edit "g-Fortinet_SSH_ECDSA384"
-        set password ENC EgeGkihB2n/Hnxx5ig0zo4av+FEl8G7/zo27gIh+eNtHsov7WEy7xTIXioJV3xRs57XI9xhnM3RzNd0txBBVGAd7S2/AkXps2HFmzj4i6jR6CFK+8CIie4MFFoL9pPi12JMmaIyxlv7GHGul6r3AqH0WZlFsLK90u5HuhU+2EBoCmPEIS7EPuSmu0E3hBMvmNRgBZQ==
+        set password ENC 4zwDTXA54voVBObNKGETVip91IY1IwPzc7Nn2k/Hfr/DVPK9ZE6MAyIYb+HiZaiGyYYb3MChxGaeZowMJfcB6AdQcDHZggRnQYrtB0PKY1RAPp9nKO/eSTs0rJEf/Bw2VYNLr1tEuDcpKDwBqGJzit1G62HHnSBtdvdV4EOaaMcvNM/ru3Wpc1BNfQDCp9JXYLI8PVlmMjY3dkVA
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB0uOieAX
-++ifn8DLavtjHxAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABD6FGSydb
+MfCfEkjYSDilDQAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
 dHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMj
 U5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXx
-dgAAANBLValBjOP2r5C1kT+Yr9A5Ce28py9bbFBwKGsyJRRyVOmJJvq/CjlgWrdenCuNED
-QUokZvQZZhhbXnk4KZcl/XWrq1b2lCxwSBLiiGLpyNUg+AvIRs13UiMZtLJLbxRR43BNpZ
-9FDCpid1AfE6TwpGvdx1dn6Ah4nfcxO7emsKe15Gri6KKxZxLD2ITDErEPrfZ5S8FBNKYW
-HQFDVYdALCo70/aeJhlUqqW4Xq2SW4LLvSFw0aeRi1GGUS+ym6ffR9h8h9cVatLZs8h6st
-2F3+
+dgAAANCDHSic3ugGkKXrzCRCN4F9+HiSwqQdY+p6vgp4eoW8VbSFvlSOwCJ0YCiUJtfbBt
+w5njw5GMczncUHPNb7z90o9bv6KoSmlEHeXfFoPKl189RWx93tYuKlh87wYucskyv8QgR8
+6jnKX2rSmnjytvCOHahd+dSTOg5zwXzZUBSe69NXYrm7IUV+MUJnqA/wQfUu9gLNqjgEmR
+DkKTxwKb8V778U+acbEaCTglnZSw1Ci036r/1CDOpTHNFnC+8zRFFtn5XW6A2fWfSLYEtU
+GanS
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMjU5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXxdg=="
         set source built-in
     next
     edit "g-Fortinet_SSH_ECDSA521"
-        set password ENC rdBANqlKXuU/nC0Jzh0s2ie864QC7NGxqWwls1tQkkdryAEnj93RJBbrB5uzPKbYgXDlVP9XwLQ4i6VGKfyOBtzXqanUy5uj3L6XZi2rthd0d6MTo3jJAunqlPnpo/ERqPg7Yflo9f88KMmbTK0choqNwbEy38AHIXht25TGKLgGQ31cdrfMOyI4B1laTIbJA9ugHw==
+        set password ENC WOAsqSnIfH16J4F/wJOHqBfn8Ux/Rm5wnNdDf1WSVJYFhpU5qPl51ZalzyGxNYAAdkXB4U0tysO+1ad1kzahIxLMPr/xkI5NO+J45xYZz0tB/XBAVhWb1dQ22UnBMDijcm27XV7WCFmRC0/psgjOVaV2BORbDdcTUSNROT7tRicegstW4/Cl9BDzrcDnMldiKzvsuFlmMjY3dkVA
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCBJpFvQr
-+3HPGMTII33aC8AAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDvliYNGu
+EFZjQlDTBzJmi5AAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
 dHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdF
 t5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+K
-HPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RAAAAQAIIfxsaGk5HnTJGL
-gKLEvymOn6YH6QOWCl3sPREJV3f1eePm1s+1AYbP9In7PkE7QJAxsFua8lebxEp6Uif4xA
-NkmFr2DxyTQX109wM71cssRrSvjlYiMJqFd2l8xeqlZA+2YEYCKkVZnJBry/oKoDfcELyX
-1EJVj9DPHrjRA1Y0VqOyXqLbmf5iZaLZskZ3LzRE2mH08rL5h+eYbeJVD0UmKN7NdwJtU9
-We+TPo2xrB6elHZIMlV4ppGUPifwR5ni+ZRgS+o/+zoHu29PEvGztRWNBN957ZaTGd5eNY
-v/mW78+7F5tmt/KkV2SW7sJmZxcPoA0ONHwtHmaHqdhuua
+HPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RAAAAQABILIpSeVN/21mCe
+eVUgOLmNu2sYRE/pHxZoKsC1BpjGNQWvg78hJ+cpll5cP4ihueTkQ+fgA+0uxO6nEtACEN
+3shPq5zr/OK3JdTlS9NorQjuFv6CMVsP8duQws9NSrt2LJvneAXMN4m31gkVRtmOAFrUBA
+xjViicvdDNxV+Sqz6cxnmRe2zMobQkjVKPOu5WpOVFeRmrjUSoPwrR/28cPHFF6IsdONA1
+BdX7QWIzC9rJrfgET9JRlv7s0oDJWQyqHV8S84TDvTZPnot4pkNAVDr0qJGPoWjCPbMxgD
+jhfbcs7CfjvNT4zfbw30BxniJGjv/WFKDyljfkcNgS9Qgm
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdFt5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+KHPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RA=="
         set source built-in
     next
     edit "g-Fortinet_SSH_ED25519"
-        set password ENC lazobvNGbCtv0IU1yl6jnn7eo4KyuYtVzk4OiaLEGS6VgE1WoLxObk3zsgGy4jUT+AONypIN0WLeuZruIIVpI1XxsZM+g4Khv+RTN1vGeUYL8Gq9BLgf0Pc6G7oeGQ6BucmBdBsK0eUPRIKtoeCobvMm5ZBSF+V4TT7pgl5Rz6eXplSG4MGBLravsx5BP4DnSqEyFg==
+        set password ENC ITtjqOm1+yGyOtSEfmcsVfNoPqyjInZydjA8qe5VneghZAz5tr36QhV7UQao0KdqItkb2FrB1y+JaMSd+fdrO55hROl98qzIxNIRPg0P9CjeuB4jgbPsdDG5f99A/WUh7c4I698mHJtpCtHMF5BrMyGx7ah72SzE/udS0648Y1QN2D7aE4LyixFrCOyA8LFDLYkxdllmMjY3dkVA
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDW2SdDDT
-+IBJQ0+eayPutWAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd
-3JUEAvHnugjOGiXz5Puxg/8YfanOAAAAkMpcWN7RXKH/uB0iWRlrAKTPHK0f1xqBoz6yqO
-V89vDInRfhlwYhS9AuFfm2OElbDGek4zOMNpFrGa7tlJw1NC74SQlDkBe1wrLauUy9MLyk
-ZCBfC6Gw8g7S3xwMYKQ+AVUjfQ2x/800xJhBLKH/3X5gtyjIKuXhRTEjZQBbBQjWtDw++i
-9pkiQ2ltDNDw2Upw==
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCypLFkwZ
+tKzdWm6jAo4HMxAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd
+3JUEAvHnugjOGiXz5Puxg/8YfanOAAAAkKGif1mZ2Ci/8Ty3MdUpzVXkVMImU2SyLcQtb2
+zaVVssBq/jtlETxJaMwWR6xOhrVDvIxLzkDnZFsZYsVu1HGOJqk0/CfOTS4VkLxvx10Wro
+gXf/Unv0w7HlUX+hl193A6XuAiSjjRR4TPGfmYrEXMXJ6wS2yLQ9cOfAh2WjfScuZ2dA/f
+II2QDrxxeV8140nA==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd3JUEAvHnugjOGiXz5Puxg/8YfanO"
         set source built-in
     next
     edit "g-Fortinet_SSH_RSA2048"
-        set password ENC m+EAQZU7xjkmDkBOH4zlXinpGwOIYF+6j82I9puzdfoz9FGs4RsBb0s+Y7m7vo7FvfkbD35xQfq5PNPn/EHPGqDu0SoOvJTUt68BJjcT28KpOSpvIQ/7pTuKD6mABrRvnnX3tmXnSBtonnDR5BiEOQmbCIBUtbmcgXfUtpjm6Oeg/EFoEUgnSZuYjA+XxUyukRo/CA==
+        set password ENC 1ocsxiW/UKERSGSji61eD6ANUCZvEpWnq7usghsotSucemRBvJByzdLp8i0dtYA4oztEm8vDIn0m7VWT2qIRNd0YEERzY7CKOxoTDQBiIYtpr4/lea0UpYuP0l+nE7j/S8gTw0zXsIKONdqGrjMle5TbDBWHHhoR/3CkC1iz0zrgN00HRSFtlI1G6a7h3+1Aab50T1lmMjY3dkVA
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAFQPGDpG
-Q8o+mktySPJqK5AAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhh
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDMArkPec
+zvbzQNQLJ+ZhHHAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhh
 Q5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7
 A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GK
 hFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvC
 HA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8z
-OSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0vAAADwBoKo+7xugNDDC
-Xb+rcQGbPgkSpeDCY6NocfPJ99rrKPm2/Q230fzQ6LHbVTujGV3K+BamTb+CjXkZaXlvU/
-OrscZtORhABTRBd4/oY1nRjSDvQerQD8jjKAgJvqWE2KwPZJkenrdLPQeSjvfCTt28whuU
-FBEEsoQe3/L6FKL09xCmyjv4nozCDd6+/qHKhTXa3X9kuRHgjifu0GKAgVzVCbNCt4DHKD
-NzMLQEBvluihTyHefkeb0jY1InbckYU20NljTqEk0/F2koKrYi3YAg0mvZjM9tVx95zJNo
-TnsdlfdUZXMuWAV11rn6QrLfd8QrGwOUEWtYzZRhCcSFV1c32dCWMf7F6Zcn84g64HVMqB
-cd0ullOU9HmEtnbgZjtGXAWLFF+4SjmsHqI8TL0AZU85+aW6JB5XZ7WxunNSiP2DrF9Fss
-x8Qz5S/QJRb8d7lO5Laq4MGXyjaWpPQU+4Hl1lSBtuUp7lcMHMYy3jKXSroSzcDGocEN/A
-Ori4Mgc/nt7i7HHXOO2wEXHO5ibYfbSibPeUsbgdf6+777ND7kEXbcGJPvraeR4LmrO6T8
-cTLkXCakcXp6tLzwF0YEASKEEsr8gJcAPahsV2ITa1peppN/yA3+mW4bfAoNOE9HZYiYgO
-/1RGz1eIW5voQdPWbnw0kFGFBv4u4XT1dbXJUPpa/g+jfWjwyb4TDgVpMGMezfyYo7EBCz
-E3b0Rruyfo6AGgK0UmbrznOR6vApeRcjr+BrjNUPpqBcwfEbAPJMOlqaOVP3B37UBpbgDX
-pRoIAOTwEKtWwKN/wM8CmrRxqInWUBxf3FD4wc0O6eXUDQzKsQp/+X3l8sgtrNFa554LbW
-V5QF9BfO1IJig8yaki3xg+M8Hrf3kMlMeOWLXkCJ9aJf9GUFf4InyhXeyj4YwBPNb4FRCS
-ETU45sLhXhvRVPQGW9/PBj6y7i6qIE9oqlqiQ1SE0bUJTxey+4qD3WkPpHqSPQMeMkUmIv
-tpWKE15D5NTdKKtziX9e7D9mjfFh4Ab1CSZQALodWo9racYYIgl7Lfq/iLBt/lCRb75ZDx
-+gPGjDrAuj+A4xbRmrRZbSHAVunAm2LEKgrILzfPG1GcWSdB0Yd3cc2HTrEuWQQsbNPiuN
-tRMPA5JODd1sqFRkUjZ2GWqL6YW2TlRXr8ZbLgzyWTlWY860QRUoEZKAKuZzFva1/MnHYc
-D9EWV32z3WAFXeOkdO53LirfXoyvz2JkQ1sDLFpLfpnvZPjy6fUd1t4uZ9oL4AUcG5A+sH
-Xt1vvScA==
+OSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0vAAADwIRR9CJ+uKIOJs
+oMuy1BuqQOC29IhsTIfwkRDQK3qwP9D8k/G1TXuP5oXTb4QGPcx0S7DWvwKb5/ZcV684XN
+LtOWypeXIrV+IexC5ihXDXkUnvKY6Gbgtu9q5VB63p2SDuiDGxeASmWtsJ3TU+RdrZ1O4K
+TTVZ5p8Mb7/AFnbpH+lSJDEHaZ9qw/5EtbKfNTvJhXjnM/R7hfFtUW6lxjy3iv3K88Fv5q
+jOvUfF/ARX+TIQZIFPCcEsH29kt1SVo1sq/8/F+dwDPObCpDh2EBjsu5++NMD4Y6/DdDrz
+Jaqv1wjQHsaFYI8ep1pRvBUMrF2Bx3xpnTvx77qqA8dR/tL/t7LeXFHUkHHsBp0U8PMjlc
+Sx+dMtIAtBg1l6j/cHYmgAyo1ZqqyLUyVim/cwBpHBuM9QORdFUskJskB1F/bwOT7FLNzG
+1ffMFVM3HABlaEMOfgIcwfgerew8RbY/SxdF3uvkZ4J8tnd/srxfGjQXO1FGMge8Hp5gwY
+x+fvsvJFIflQaiB4cqeAUZRGhaIq5ccQA298ndlyigGKupIXqdNyNQkShaeQYkCT2Hf9Y1
+PdhfWfBRF6cFw7ZhdxrzlBHsB6RySGVZOIFHFzFcpbE+u6NNseF7LXZOg9eVOIAYW+qcNz
+Stw1O0DtaZEidODJB7t2bj8Gu+7UhvJsyplqbuj7Ohtfc2retEBn6wC8SgfLbIn1qSR/R3
+foTD8xvac3TQTERVbk4o1UEukRfbRv307kj3UdotxTpRpLVYnW/0QxsGf+CKOnxGimBLiX
+x6IJBjRfr3QdkzwosMbC5Cp5nvIukvySAMoSG4+VEJSR90Wf0/G/705999L/G3sUNNTKWI
+7FsF5/DZENcm0xbrXfzLj3tOFMeE9fcqQEZYLzOyZhqYllU5c34BlhtOt7ygivSaJe2a52
+kQ43vq+VRkjCV501sipDiHeic1/bEOs55ERGB8yh3Ge6PHms5yunZXIpM2Y6GPQ2Rgeq4+
+ZvwVtpFtDnL3BOjlxI27TeXYI0x6DsFWzcgl7ljxjNx9HN0KA3mrodjscrAFeBIxQnjyiR
+mx6VURNltMIYMnNQlXW4FHH7yGXzXYk4ojhHgcgpaDbPHQm5G3/Yok51pPtsQ9J+7m+ehm
+BWLKEE1g7lAiYtI6bBbLQuj9VfeonQkO7aNm8pzY2znIQlNh1SQlXnUF1qdggAEXgsEVIt
+cO2ROJsZFsbT7Dw3tZAkyvotKQ0v2SFwboCHCSWVecx6Q4lSid+C+MsbxO1xlEHwNDq17T
+G8Wu6e8A==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhhQ5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GKhFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvCHA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8zOSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0v"
@@ -62460,68 +85225,68 @@ Xt1vvScA==
 end
 config firewall ssh local-ca
     edit "g-Fortinet_SSH_CA"
-        set password ENC YgOo9ER7p3jtxP6uUPEAKQEBdFWrnaJGJA+eMSrLCP8A4ItexJZQbPh6Q3bq6MFtK0VoMOj4JBCKVFuq9jHZxQNe57lVNdstPZv3Dp/QI2vLFWHtiS4LzLcKnMbA4QWRkAqeYsWhqvVkQDgVd/O1efGXnv5mkt9JoHZZcNdEqsKXTqXPuY7caNVv+lN7t7mGQkMKfQ==
+        set password ENC 5bHHJEQnhK90LSKx7xxGfkmDj+drSip1HnwBMNhHDHAq0Ior4q5+UUItfSUKyF8YNIZleeV+QEWFdN09pvI91/a7I4ikeS5cQ1yWDRIz+8qTqxfi9RFu1TiwZ0udYkLA6z3mzCmjffdnyLjguUU+tnFJoIHJQMWDTBEkXUsDrzljL7YbOr1NY2fymvYZsirTq5A+TFlmMjY3dkVA
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBXtpsaPd
-cKixlCrpH1L+AaAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAAC
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCyBrOQ1K
+Qw3YmPTDmVPFkpAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAAC
 NC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+U
 ZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGP
 E/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7A
 TB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIa
-Mk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9AAADwP015jrfUNd4Is
-nXeV2jaurZ4OE4N//EUdqSfty0cK61mhaqrWUdyzDhnsPacuNYO8Qf23oNsuBMgQk4VgKT
-+RhSuipr6Q4i+7AFEdDz8JknAaIYmQQUgPli583uyXKk3tCeOu3lna6rCl0LQTUigS6oby
-5Ha/qPEZiTqGkydWdVm0J9q8VvBDBMIxYF2IEZTr+Ie9+N+fy53FwnK0Hfn9ZzC8eH2GWI
-pdDeCRNUlNbwFcNIbpOlo7HelDLxWvrLexIhdbEsZYfK98sCDkHAg8J1UtjiRXDnWOyamx
-MYL1FfzQG1dl/d5uR5OH8H0ULsu/PgJYGtNeumS7phEJOoqVjrWEoGCte3WEDdLl9kOxJz
-8B6JR1U0DifuSr64LrCuaLXjSd0RMQ/pqJdUfpyjVhBg+voS78b0J2CrMT6iFlVTgiJN/U
-wvCx4lh970xWzf/wwpRGN8aYM3oCZs/bDtDVwJxMttMFn/3dNTa6+E0/g3vPWM+o+/FUz+
-OKptMFTGqCLNwtLatTSRWFG3xu/5hIH8zlcSjycgu8GHeYjq3PRZdy2dFsAW9pUiaPIdHD
-PjoQgl13NZvl5NZYUDTKGqOnowLkI00NvoGlCqCtdMHtZ+ZMVZpFhgYBTnM+AprRbtiwWq
-JFRmwJlqDYZd+J1ugxuzS1UeN2lzs56GOPFnjqkhelrHxqq45H6KRNLEyCxyI6BhFFO69C
-Qest9C8MkpXOjU1+9MAXJ6JPbJJT5o2Fm1r6W7IlpMVifgDya2dSkvUBV/bUrRTB1jWAlN
-+dwlacXiJrOEmllFNQr7ZG4aIN+tCGnRPO3LBIy5EQqORaM6XxmlN0Ok4KELiVQz+lYRx4
-KgREH9C7Bfh9GKZJQL7aWXb8+GgkD4WGN77iwKu6LIE6mOogapRn71Ci80/+NL6uMCrBKl
-uArsYelYs+3iZDAfRb67cqDSYWIm2uWJ9j6ZePWjqB7etXLfheIgPEXALsHfbzFqVxqeqZ
-8hIoe2BIrWxdAKSk0ZBeGhU+8pWqNNfr3FAbelg7en3/3hddLFKYJnImCsJnUESdySg0nL
-s/IjFJJoVg1KhtMsGH5nJyDBLRRSk2hIQ86OKbsWmtQV81kwLpssDBAtvI46Yi3aR1jqof
-S5QDHEI2fEhbvSFhdY26Vt9M+NGxYRASMoak6f6CYAC9xAG3BHjiBiEPzhkK6vmcfjjX+4
-+y5RZ3i75Vodx9N1FYWlhGo/430Q8E1IlWSAYlW7elypTnrfpHhTBJ5KN/cH0jRECai4gr
-ABMNge5w==
+Mk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9AAADwM5O35zHniauxJ
+rlIYaSeEQxLsM+X4fapPScsXmQNcmmngwsEgcEZ1YKq8MQENzHOyWw59FYlR9mQPyidwrK
+AbzPVkhnqCDlUBT3GOUrMyfZfuSJmFlH26FCjuXls6Vg4IVRSI99W9hxlbLePvRP94NcgQ
+Hh1vXpUoofhZ6IYt/dob93+fygcR3toCXd2C0EeyP3OXVMGPOnmnEXKliXaimvYpC0csXl
+a7h0taBg5cq9LzkM0ywj9ikKUnkfUKIrqv44Ji+Vgcw8nCRKNsynd9qf578G5FN/VRQ9Ao
+qd9ogC02xXA1HwewhEQYetYd92oGT/neUjfyPWBRNaNdY7lPvQ4OjHeVvS6L2R7zK81AP5
+bQaN3d+fM89jNmcY5KwFxxPHVaGqBZTt0dwT7ET9Z7oo/J4UznUD1a1TK5O4ciy3iDpaWq
+5K55O7cPYyFeR0EJPx9hD1AH9eCzGukHD+KblNRWuSJXTqJSEP62NA+0szxNxCfCp7HZqm
+3iztvJMw/Lx9k9CPnHTsr/0dkocZSZti47Dak7L70BnQC2+KnGkUboddl7Z5eGyBQbtAkS
+IUIlQR7Rv+q+AkqJ36EWnBEVrve7d7TKSdR5pxDet60JJ+yE3cDa/G/IwW00ACC2rS133Y
+FWmMRzZfsZSZ1gQrYiNCUZARKkg7fxnONj0oe+oBZKeYkR+UNejF5vVKQZVPx2fCILZAyn
+J5qenJbZhkmDeVS0fMdoCrmON5wAKvz+WWuGTgJw34vqtvJovJtNno5moJRAWk/RiKYdIo
+X3fFmNPP82dGks7b4A1LGz5qW78zGgOSICVEBRHCMi2MBUsrJ50TwbVNz4jjKP6bYID5vh
+ghM27tO+2GSZHeBt8kRG2qI6aH5IHAKXi8gn+KwqFWtx1Em2KNHW/eMfMkQtD5xnE9F466
+V8Vf9Xe5wltVGE87Bt/IYkVN9wM1XA3p7byitNOXSXw2jwLpG9beWhyV/OzkKKJf0NQ9/v
+mX65nyje4q6+8PKjuRliA5vVMhwK6lxJ6BJBHe6/fd7IjDflm7JMNZc6bLwaeJHbLWlFqC
+4kwtt9SV5YcFDGOn2my/bTrAchhOfOXf+0gk63yVRrQq1kJDqn/lqytJGS5a1YvqsMJ4OS
+W9qQMQY0nzMxkLaNB9Q9G9uVgyDDAsye1yg1bL24CrOT4pNf1JeNlqawNkVj2jycXzqYPh
+gL1mGUSGlPfBVKg4359Ml3rY0bykjU5xXrguyKv95ShhctAilSQY4tg40cOeoMbCg2Hiji
+iYxK2n0w==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAACNC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+UZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGPE/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7ATB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIaMk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9"
         set source built-in
     next
     edit "g-Fortinet_SSH_CA_Untrusted"
-        set password ENC KbKdc/xXOIgggQFilofFnoaSs0/zPz95xnzX1ogzFnBDPHN2T8VUsTWKimuSIC/Yy2Nedtv+r1j0m0aaz0MzBiXsmcS7tOp2a3bc+7nYWyZE9X/Q35V1IU8UGpypr9T0SJNefLskkHwMTxwYbyXLy+/ucH9sltwO/hsPwRJADji0/3PCXe6/d1voc0YD5ieZpFoQVg==
+        set password ENC o7luMt/gKfsJGsDMLWGGUIY3gKdLqr92cESix45/VWKOtTaiR/icWVaLP02wVnkd4+R7/LbYPM58H3Dxzu0B+4cwgv+fL0++5/2QFMPgQ0ozm3eV4n6OPWTQopO5r215pU6tCDDZM0OVW/453zTCXPKnqs2a8OxG7URgysxNk87GJGDxtdNUyIm23mrjjT+lCiV/qVlmMjY3dkVA
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABD/KlvLSV
-ypHyY6ugUeE/hMAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDOK7jymL
+y7LiXsSxCZXuzqAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9
 RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lE
 ZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eU
 iw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFG
 Xi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mv
-NVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZlAAADwDMtKa5JA56wxK
-0V/lnCF4yiSneXjb/G6Sdt6RMxopk4ZeIrHTzQYZejJcYWY4fq/1Ifu/bhWryo4fimHzQB
-Emd8yKx3JVno0jqb+DXgC0ggoOVyEoSxImfjeX9utZifTv7IDppx5JIUy9fV0uTa3K4OH+
-xhExXukD4qKjlkmOoa1+Pn8GuuayjIzWY/45Vvmgx6cRQJ2zK9YzMrf+1atXJzEmjsQ0t/
-UZd0hWfYfTebwR0JTt3tF9nUJPMx8vI564EuHz+xN1I7CQdj+Oif2bTyv3Fu/3yKQuAm6n
-NRDCNj+NgMHyAu5q6rxIqHTH4oZnJ0OQwu1Gsk8FhzMHZdW7ZHOIxihR71axts/g5NuBri
-aUyfDT6X6w847kQO/ijODuTD3N0lnsPQMWCijRUrF4F0l3D2hXM1fNVELAHkO1hO27LSrC
-iNWtrhbn1NmJSitwYSieTTczKa6+TkRg31w52JR8Cjpk0Q/9Xih8p5m48Ywo35ZBWE3jC4
-NGeXKX5t8hNilVuHb6amgNXtoREM178ursALABc4uPoqV5jdKjZ5HfDgxPayJP0a02iD3F
-zpXvq5+Povk0WbuRW0cOg6Xri3pL5zr0YrGysKKV02urJv7AMRr3e81kzIs6hGDAdFRZEB
-VaLk8e8GIm1KdutZ5VyunrhEEQuXjwRbgUMHWbLYGyl6NcR6VrTR3mAxietZJ+vpO/j1U+
-jL+RcZwQs2RF0l/sKJ4GYXEKG1Dg7HaduzQVX5MZMkf4YDs43SZMCP2gecIKrqZpn9MEGk
-1JewLIQq7bioSpXHzLgE6WyXVLsNNWrEv1/BxJIKtZ5BySsL8H14kzQYZxcobQ3jZX3GSL
-eaPyZwBs+M5VadHELZp61eUB1+OGMYQOHogihV5KRfudQAjmtak3e5xDtmXzrNaKF+webM
-vMvSL6na2ADlDjS5m6FB4SQhcO/e4DERGKHZVV0r00CSamcTDCtcBHXNkoIQJVH0+uZxfo
-/5Tzu5Nsy6QieR3zwT7Jqv3jgJt7hnhm3tjE+eomJ7i05qYihnvj0XAAtRllhq25UhJXh1
-Uaw0c0H18jz0NP63FbFNXcPJJrhQkiELsZvNDi/U+XvbLlwwZZjXYrzSB7Gi1ImFRx85/S
-pkYR0drWgEM1k17hqSpS6RxxnL4ReX4UuwC8pJnkHFkmlz6oFWGJC07qcS7WXaTTLnvKNn
-vf2tdICS8wHNDfNVNnLha8hJHEZ3s6CwPVAZ+/M3YB4/RsSiK0D6aTTfcJi0aluTZtYF02
-PWD7d7mw==
+NVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZlAAADwBFA5WgGixZgZA
+aGWDArT5DTEdJ5cnxDdPIU7m7Dj49Na89+BEtuNf/Pjy3FJgzvpcrOvifVK6bmOyn8m6/R
+CCztKhOmNrT0MQVo2Ja8hY9UmVjxkNMB0uGzaNGj+p36qavDzRN1wAuZ75FY4FkqLmGYBq
+AyZIUD30kt+veMQz947ctIEWbQjf+GZwu4UCD0o4g3MvyRsdXUuYOHFE8xn8Ug1n1OtquR
+cqHpCWAe9aK+OcjWvIXg0UrD6GRQbSSw3uoLhapAP1vsMiLfMT/dBUt9Dstcc+S42lZI1q
+JJ4yILP4mdT24ND2itnV+XRRxOg831SECvSMTzc63hhGJFBWYQi86ibxuUgzZc2aH+KRUP
+rDedCTNsZPif5K3Mjn4PK0thYdsZ2srwMtv6rQ8mcIoF9G8XUR3JjekxI/gHrHpFKvWccc
+YCjmEaV45cfwzvN8Vca8mRFncngvQOBEfshU0LGoNZ8VX60IQEyT334tKUv6hiThPOQWnp
+stS/MJtEyLjGbu+0ibZHg+3hCvSRrexUSnJFHrOAEoz1k0TK6tkw8hcF1Jxlu3WuxaL9YK
+tKas//Hs4LTD9r9r/smvSbKi+zb8aP3pacBNCu6Yup1vYCpf/AnxD5CCdq4zmxFT2W5WYb
+rp7tGQjbc3aB7G0zshIk9Biwuu9h/lMIYnzNlvpMouxFM/TTO2STSgKw0+mURFqxQ6kYqF
+YDRmM7pANd9Usg2Hcd/x7CaYmVz+cwkC7dOH9/+FUdtnG05aab9gUv8ySChhPDm84WvLtQ
+ZEkBp15qiOsQjWVk2ei0V0gIjRiS2S2FRLBrM2iueE1GyD8Alm5ztwgmdA17np7iE871wl
+NvzzWxc0KjVHesLlV44RLbw1VD60uUld4jvSaEY9oTILAMFx285Uy53Il8+sWntWvIlQu6
+FjMEIBY8iSd2DWMm4zcVh/qpEyEUv0UjeFlcu7bPqE18aX3V2jV+9G3/a6ms4kqmvfb2RT
++jR/zeg1gE288KRaw7FqNEoP+Wco8jt0q7jo/q963GEgdPG6WOWHz9LfIYouOJPpDSca11
+pFBg29f0rOjynuYmvzZOdUrgrbaZZSprEzdzPJmSOpV6u0VNjuroaN+soU48KEGqJQvHor
+g7H0jRqdNjJbfQcE50Dv5SeZAVmEkvD/nKTqWs77wGzv+OxhY8JS08alQgRINioyCjY/LW
++xR/ydrBw5jsgugYvC3Vd7rZi0oIO0H6Lpa/crJWXf0+u5qd6unckJtWT5tPyZvNwVfXsn
+bhw7G+OA==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lEZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eUiw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFGXi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mvNVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZl"
@@ -62578,11 +85343,14 @@ config firewall profile-protocol-options
             set switching-protocols bypass
             set unknown-http-version reject
             set tunnel-non-http enable
+            set h2c disable
+            set unknown-content-encoding block
             set oversize-limit 10
             set uncompressed-oversize-limit 10
             set uncompressed-nest-limit 12
             set stream-based-uncompressed-limit 0
             set scan-bzip2 enable
+            set verify-dns-for-policy-matching enable
             set block-page-status-code 403
             set retry-count 0
             set tcp-window-type auto-tuning
@@ -62705,11 +85473,11 @@ config firewall ssl-ssh-profile
             set unsupported-ssl-version block
             set unsupported-ssl-cipher allow
             set unsupported-ssl-negotiation allow
-            set min-allowed-ssl-version tls-1.1
         end
         config https
             set ports 443
             set status certificate-inspection
+            set quic inspect
             set proxy-after-tcp-handshake disable
             set client-certificate bypass
             set unsupported-ssl-version allow
@@ -62722,7 +85490,7 @@ config firewall ssl-ssh-profile
             set cert-validation-failure block
             set sni-server-cert-check enable
             set cert-probe-failure block
-            set min-allowed-ssl-version tls-1.1
+            set encrypted-client-hello block
         end
         config ftps
             set status disable
@@ -62735,7 +85503,6 @@ config firewall ssl-ssh-profile
             set untrusted-server-cert allow
             set cert-validation-timeout allow
             set cert-validation-failure block
-            set min-allowed-ssl-version tls-1.1
         end
         config imaps
             set status disable
@@ -62783,6 +85550,7 @@ config firewall ssl-ssh-profile
         end
         config dot
             set status disable
+            set quic inspect
             set client-certificate bypass
             set unsupported-ssl-version block
             set unsupported-ssl-cipher allow
@@ -62796,7 +85564,7 @@ config firewall ssl-ssh-profile
         set block-blocklisted-certificates enable
         set caname "Fortinet_CA_SSL"
         set ssl-anomaly-log enable
-        set ssl-negotiation-log disable
+        set ssl-negotiation-log enable
         set ssl-server-cert-log disable
         set ssl-handshake-log disable
     next
@@ -62808,11 +85576,11 @@ config firewall ssl-ssh-profile
             set unsupported-ssl-version block
             set unsupported-ssl-cipher allow
             set unsupported-ssl-negotiation allow
-            set min-allowed-ssl-version tls-1.1
         end
         config https
             set ports 443
             set status deep-inspection
+            set quic inspect
             set proxy-after-tcp-handshake disable
             set client-certificate bypass
             set unsupported-ssl-version allow
@@ -62824,6 +85592,7 @@ config firewall ssl-ssh-profile
             set cert-validation-timeout allow
             set cert-validation-failure block
             set sni-server-cert-check enable
+            set cert-probe-failure block
             set min-allowed-ssl-version tls-1.1
         end
         config ftps
@@ -62892,6 +85661,7 @@ config firewall ssl-ssh-profile
         end
         config dot
             set status disable
+            set quic inspect
             set client-certificate bypass
             set unsupported-ssl-version block
             set unsupported-ssl-cipher allow
@@ -63040,7 +85810,7 @@ config firewall ssl-ssh-profile
         set ssl-exemption-ip-rating enable
         set ssl-exemption-log disable
         set ssl-anomaly-log enable
-        set ssl-negotiation-log disable
+        set ssl-negotiation-log enable
         set ssl-server-cert-log disable
         set ssl-handshake-log disable
         set rpc-over-https disable
@@ -63056,11 +85826,11 @@ config firewall ssl-ssh-profile
             set unsupported-ssl-version block
             set unsupported-ssl-cipher allow
             set unsupported-ssl-negotiation allow
-            set min-allowed-ssl-version tls-1.1
         end
         config https
             set ports 443
             set status deep-inspection
+            set quic inspect
             set proxy-after-tcp-handshake disable
             set client-certificate bypass
             set unsupported-ssl-version allow
@@ -63072,6 +85842,7 @@ config firewall ssl-ssh-profile
             set cert-validation-timeout allow
             set cert-validation-failure block
             set sni-server-cert-check enable
+            set cert-probe-failure block
             set min-allowed-ssl-version tls-1.1
         end
         config ftps
@@ -63140,6 +85911,7 @@ config firewall ssl-ssh-profile
         end
         config dot
             set status disable
+            set quic inspect
             set client-certificate bypass
             set unsupported-ssl-version block
             set unsupported-ssl-cipher allow
@@ -63292,7 +86064,7 @@ config firewall ssl-ssh-profile
         set ssl-exemption-ip-rating enable
         set ssl-exemption-log disable
         set ssl-anomaly-log enable
-        set ssl-negotiation-log disable
+        set ssl-negotiation-log enable
         set ssl-server-cert-log disable
         set ssl-handshake-log disable
         set rpc-over-https disable
@@ -63308,10 +86080,10 @@ config firewall ssl-ssh-profile
             set unsupported-ssl-version block
             set unsupported-ssl-cipher allow
             set unsupported-ssl-negotiation allow
-            set min-allowed-ssl-version tls-1.1
         end
         config https
             set status disable
+            set quic bypass
             set client-certificate bypass
             set unsupported-ssl-version allow
             set unsupported-ssl-cipher allow
@@ -63322,7 +86094,6 @@ config firewall ssl-ssh-profile
             set cert-validation-timeout allow
             set cert-validation-failure block
             set sni-server-cert-check enable
-            set min-allowed-ssl-version tls-1.1
         end
         config ftps
             set status disable
@@ -63335,7 +86106,6 @@ config firewall ssl-ssh-profile
             set untrusted-server-cert allow
             set cert-validation-timeout allow
             set cert-validation-failure block
-            set min-allowed-ssl-version tls-1.1
         end
         config imaps
             set status disable
@@ -63383,6 +86153,7 @@ config firewall ssl-ssh-profile
         end
         config dot
             set status disable
+            set quic bypass
             set client-certificate bypass
             set unsupported-ssl-version block
             set unsupported-ssl-cipher allow
@@ -63396,7 +86167,7 @@ config firewall ssl-ssh-profile
         set block-blocklisted-certificates enable
         set caname "Fortinet_CA_SSL"
         set ssl-anomaly-log enable
-        set ssl-negotiation-log disable
+        set ssl-negotiation-log enable
         set ssl-server-cert-log disable
         set ssl-handshake-log disable
     next
@@ -63408,11 +86179,11 @@ config firewall ssl-ssh-profile
             set unsupported-ssl-version block
             set unsupported-ssl-cipher allow
             set unsupported-ssl-negotiation allow
-            set min-allowed-ssl-version tls-1.1
         end
         config https
             set ports 443
             set status certificate-inspection
+            set quic inspect
             set proxy-after-tcp-handshake disable
             set client-certificate bypass
             set unsupported-ssl-version allow
@@ -63425,7 +86196,7 @@ config firewall ssl-ssh-profile
             set cert-validation-failure block
             set sni-server-cert-check enable
             set cert-probe-failure block
-            set min-allowed-ssl-version tls-1.1
+            set encrypted-client-hello block
         end
         config ftps
             set status disable
@@ -63438,7 +86209,6 @@ config firewall ssl-ssh-profile
             set untrusted-server-cert allow
             set cert-validation-timeout allow
             set cert-validation-failure block
-            set min-allowed-ssl-version tls-1.1
         end
         config imaps
             set status disable
@@ -63486,6 +86256,7 @@ config firewall ssl-ssh-profile
         end
         config dot
             set status disable
+            set quic inspect
             set client-certificate bypass
             set unsupported-ssl-version block
             set unsupported-ssl-cipher allow
@@ -63499,7 +86270,7 @@ config firewall ssl-ssh-profile
         set block-blocklisted-certificates enable
         set caname "Fortinet_CA_SSL"
         set ssl-anomaly-log enable
-        set ssl-negotiation-log disable
+        set ssl-negotiation-log enable
         set ssl-server-cert-log disable
         set ssl-handshake-log disable
     next
@@ -63511,11 +86282,11 @@ config firewall ssl-ssh-profile
             set unsupported-ssl-version block
             set unsupported-ssl-cipher allow
             set unsupported-ssl-negotiation allow
-            set min-allowed-ssl-version tls-1.1
         end
         config https
             set ports 443
             set status deep-inspection
+            set quic inspect
             set proxy-after-tcp-handshake disable
             set client-certificate bypass
             set unsupported-ssl-version allow
@@ -63527,6 +86298,7 @@ config firewall ssl-ssh-profile
             set cert-validation-timeout allow
             set cert-validation-failure block
             set sni-server-cert-check enable
+            set cert-probe-failure block
             set min-allowed-ssl-version tls-1.1
         end
         config ftps
@@ -63595,6 +86367,7 @@ config firewall ssl-ssh-profile
         end
         config dot
             set status disable
+            set quic inspect
             set client-certificate bypass
             set unsupported-ssl-version block
             set unsupported-ssl-cipher allow
@@ -63739,7 +86512,7 @@ config firewall ssl-ssh-profile
         set ssl-exemption-ip-rating enable
         set ssl-exemption-log disable
         set ssl-anomaly-log enable
-        set ssl-negotiation-log disable
+        set ssl-negotiation-log enable
         set ssl-server-cert-log disable
         set ssl-handshake-log disable
         set rpc-over-https disable
@@ -63919,16 +86692,26 @@ config waf profile
         set comment ''
     next
 end
-config firewall profile-group
-end
 config firewall ssl-server
 end
+config casb saas-application
+end
+config casb user-activity
+end
+config casb profile
+    edit "default"
+        set comment ''
+    next
+end
+config firewall profile-group
+end
 config firewall identity-based-route
 end
 config firewall auth-portal
     set portal-addr ''
     set portal-addr6 ''
     set identity-based-route ''
+    set proxy-auth disable
 end
 config firewall policy
     edit 89
@@ -63946,9 +86729,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "HTTPS"
         set tos-mask 0x00
         set anti-replay enable
@@ -63963,18 +86750,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "g-default"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic utm
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -63983,6 +86774,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -63991,7 +86783,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -64018,9 +86812,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "HTTPS"
         set tos-mask 0x00
         set anti-replay enable
@@ -64035,18 +86833,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "g-default"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic utm
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -64055,6 +86857,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -64063,7 +86866,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -64088,9 +86893,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -64112,7 +86921,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set captive-portal-exempt disable
         set dsri disable
@@ -64134,9 +86945,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -64158,7 +86973,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set captive-portal-exempt disable
         set dsri disable
@@ -64180,9 +86997,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -64202,7 +87023,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set captive-portal-exempt disable
         set dsri disable
@@ -64224,9 +87047,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -64246,7 +87073,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set captive-portal-exempt disable
         set dsri disable
@@ -64270,9 +87099,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -64287,18 +87120,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -64309,6 +87146,7 @@ config firewall policy
         set auth-path disable
         set disclaimer disable
         set email-collect disable
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -64319,7 +87157,9 @@ config firewall policy
         set identity-based-route ''
         set block-notification disable
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set dsri disable
@@ -64346,9 +87186,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -64363,18 +87207,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -64385,6 +87233,7 @@ config firewall policy
         set auth-path disable
         set disclaimer disable
         set email-collect disable
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -64395,7 +87244,9 @@ config firewall policy
         set identity-based-route ''
         set block-notification disable
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set dsri disable
@@ -64422,9 +87273,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -64439,18 +87294,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -64461,6 +87320,7 @@ config firewall policy
         set auth-path disable
         set disclaimer disable
         set email-collect disable
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -64471,7 +87331,9 @@ config firewall policy
         set identity-based-route ''
         set block-notification disable
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set dsri disable
@@ -64498,9 +87360,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "RDP" "UDP-3389" "HTTP" "HTTPS" "TCP-19000"
         set tos-mask 0x00
         set anti-replay enable
@@ -64515,18 +87381,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -64537,6 +87407,7 @@ config firewall policy
         set auth-path disable
         set disclaimer disable
         set email-collect disable
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -64547,7 +87418,9 @@ config firewall policy
         set identity-based-route ''
         set block-notification disable
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set dsri disable
@@ -64574,9 +87447,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "RDP" "UDP-3389" "FTP" "FTP_GET" "FTP_PUT" "TFTP" "Webosphere_Data" "HTTP" "HTTPS"
         set tos-mask 0x00
         set anti-replay enable
@@ -64591,18 +87468,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -64613,6 +87494,7 @@ config firewall policy
         set auth-path disable
         set disclaimer disable
         set email-collect disable
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -64623,7 +87505,9 @@ config firewall policy
         set identity-based-route ''
         set block-notification disable
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set dsri disable
@@ -64650,9 +87534,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "RDP" "UDP-3389" "HTTPS" "TCP-6502-6510"
         set tos-mask 0x00
         set anti-replay enable
@@ -64667,18 +87555,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -64689,6 +87581,7 @@ config firewall policy
         set auth-path disable
         set disclaimer disable
         set email-collect disable
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -64699,7 +87592,9 @@ config firewall policy
         set identity-based-route ''
         set block-notification disable
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set dsri disable
@@ -64726,9 +87621,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "HTTP" "HTTPS" "UDP-3389"
         set tos-mask 0x00
         set anti-replay enable
@@ -64743,18 +87642,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -64765,6 +87668,7 @@ config firewall policy
         set auth-path disable
         set disclaimer disable
         set email-collect disable
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -64775,7 +87679,9 @@ config firewall policy
         set identity-based-route ''
         set block-notification disable
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set dsri disable
@@ -64802,9 +87708,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "HTTPS" "SSH"
         set tos-mask 0x00
         set anti-replay enable
@@ -64819,18 +87729,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -64841,6 +87755,7 @@ config firewall policy
         set auth-path disable
         set disclaimer disable
         set email-collect disable
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -64851,7 +87766,9 @@ config firewall policy
         set identity-based-route ''
         set block-notification disable
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set dsri disable
@@ -64878,9 +87795,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "RDP" "UDP-3389" "SMB" "HTTP" "HTTPS" "PING"
         set tos-mask 0x00
         set anti-replay enable
@@ -64895,18 +87816,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -64917,6 +87842,7 @@ config firewall policy
         set auth-path disable
         set disclaimer disable
         set email-collect disable
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -64927,7 +87853,9 @@ config firewall policy
         set identity-based-route ''
         set block-notification disable
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set dsri disable
@@ -64954,9 +87882,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "DNS"
         set tos-mask 0x00
         set anti-replay enable
@@ -64971,18 +87903,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -64993,6 +87929,7 @@ config firewall policy
         set auth-path disable
         set disclaimer disable
         set email-collect disable
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -65003,7 +87940,9 @@ config firewall policy
         set identity-based-route ''
         set block-notification disable
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set dsri disable
@@ -65030,9 +87969,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "RDP" "UDP-3389" "HTTP" "HTTPS"
         set tos-mask 0x00
         set anti-replay enable
@@ -65047,18 +87990,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -65069,6 +88016,7 @@ config firewall policy
         set auth-path disable
         set disclaimer disable
         set email-collect disable
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -65079,7 +88027,9 @@ config firewall policy
         set identity-based-route ''
         set block-notification disable
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set dsri disable
@@ -65106,9 +88056,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "HTTP" "HTTPS" "TCP_UDP-8100"
         set tos-mask 0x00
         set anti-replay enable
@@ -65123,18 +88077,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -65145,6 +88103,7 @@ config firewall policy
         set auth-path disable
         set disclaimer disable
         set email-collect disable
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -65155,7 +88114,9 @@ config firewall policy
         set identity-based-route ''
         set block-notification disable
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set dsri disable
@@ -65182,9 +88143,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "RDP" "UDP-3389"
         set tos-mask 0x00
         set anti-replay enable
@@ -65199,18 +88164,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -65221,6 +88190,7 @@ config firewall policy
         set auth-path disable
         set disclaimer disable
         set email-collect disable
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -65231,7 +88201,9 @@ config firewall policy
         set identity-based-route ''
         set block-notification disable
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set dsri disable
@@ -65258,9 +88230,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "SSH"
         set tos-mask 0x00
         set anti-replay enable
@@ -65275,18 +88251,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -65297,6 +88277,7 @@ config firewall policy
         set auth-path disable
         set disclaimer disable
         set email-collect disable
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -65307,7 +88288,9 @@ config firewall policy
         set identity-based-route ''
         set block-notification disable
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set dsri disable
@@ -65332,9 +88315,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -65349,21 +88336,27 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat enable
+        set pcp-outbound disable
+        set pcp-inbound disable
         set permit-any-host disable
         set permit-stun-host disable
         set fixedport disable
+        set port-preserve enable
         set ippool enable
         set poolname "ippool-198.36.23.251" "ippool-198.36.23.253" "ippool-198.36.23.254" "ippool-198.36.23.252"
         set session-ttl 0
@@ -65374,6 +88367,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -65382,7 +88376,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -65409,9 +88405,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -65426,18 +88426,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -65446,6 +88450,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -65454,7 +88459,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -65479,9 +88486,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -65497,9 +88508,12 @@ config firewall policy
         set auto-asic-offload enable
         set np-acceleration enable
         set nat enable
+        set pcp-outbound disable
+        set pcp-inbound disable
         set permit-any-host disable
         set permit-stun-host disable
         set fixedport disable
+        set port-preserve enable
         set ippool enable
         set poolname "ippool-198.36.23.251" "ippool-198.36.23.253" "ippool-198.36.23.254" "ippool-198.36.23.252"
         set session-ttl 0
@@ -65510,6 +88524,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -65518,7 +88533,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -65543,9 +88560,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "SMTP" "SMTPS"
         set tos-mask 0x00
         set anti-replay enable
@@ -65560,21 +88581,27 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat enable
+        set pcp-outbound disable
+        set pcp-inbound disable
         set permit-any-host disable
         set permit-stun-host disable
         set fixedport disable
+        set port-preserve enable
         set ippool enable
         set poolname "MailOut_Outside"
         set session-ttl 0
@@ -65585,6 +88612,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -65593,7 +88621,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -65618,9 +88648,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "FTP" "SSH" "TFTP"
         set tos-mask 0x00
         set anti-replay enable
@@ -65635,21 +88669,27 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat enable
+        set pcp-outbound disable
+        set pcp-inbound disable
         set permit-any-host disable
         set permit-stun-host disable
         set fixedport disable
+        set port-preserve enable
         set ippool enable
         set poolname "Nighttime_Outside"
         set session-ttl 0
@@ -65660,6 +88700,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -65668,7 +88709,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -65695,9 +88738,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "HTTPS"
         set tos-mask 0x00
         set anti-replay enable
@@ -65714,18 +88761,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -65734,6 +88785,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -65742,7 +88794,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -65767,9 +88821,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -65784,21 +88842,27 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Outgoing_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat enable
+        set pcp-outbound disable
+        set pcp-inbound disable
         set permit-any-host disable
         set permit-stun-host disable
         set fixedport disable
+        set port-preserve enable
         set ippool enable
         set poolname "SBC-NOC-Outside"
         set session-ttl 0
@@ -65809,6 +88873,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -65817,7 +88882,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -65842,9 +88909,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -65859,21 +88930,27 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Outgoing_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat enable
+        set pcp-outbound disable
+        set pcp-inbound disable
         set permit-any-host disable
         set permit-stun-host disable
         set fixedport disable
+        set port-preserve enable
         set ippool enable
         set poolname "SBC-DAN-Outside"
         set session-ttl 0
@@ -65884,6 +88961,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -65892,7 +88970,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -65919,9 +88999,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL_ICMP" "HTTP" "HTTPS" "TCP-1521" "TCP-9000-9100"
         set tos-mask 0x00
         set anti-replay enable
@@ -65936,12 +89020,15 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
@@ -65956,6 +89043,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -65964,7 +89052,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -65989,9 +89079,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -66006,21 +89100,27 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat enable
+        set pcp-outbound disable
+        set pcp-inbound disable
         set permit-any-host disable
         set permit-stun-host disable
         set fixedport disable
+        set port-preserve enable
         set ippool enable
         set poolname "NTSS_Outside"
         set session-ttl 0
@@ -66031,6 +89131,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -66039,7 +89140,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -66066,9 +89169,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -66083,18 +89190,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "g-default"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -66103,6 +89214,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -66111,7 +89223,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -66138,9 +89252,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -66155,18 +89273,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "g-default"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -66175,6 +89297,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -66183,7 +89306,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -66210,9 +89335,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -66227,18 +89356,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -66247,6 +89380,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -66255,7 +89389,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -66282,9 +89418,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -66299,18 +89439,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -66319,6 +89463,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -66327,7 +89472,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -66354,9 +89501,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -66372,6 +89523,7 @@ config firewall policy
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -66380,6 +89532,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -66388,7 +89541,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -66415,9 +89570,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -66432,18 +89591,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -66452,6 +89615,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -66460,7 +89624,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -66487,9 +89653,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -66504,18 +89674,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -66524,6 +89698,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -66532,7 +89707,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -66559,9 +89736,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -66576,18 +89757,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -66596,6 +89781,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -66604,7 +89790,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -66631,9 +89819,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -66648,18 +89840,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -66668,6 +89864,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -66676,7 +89873,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -66703,9 +89902,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -66720,18 +89923,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -66740,6 +89947,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -66748,7 +89956,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -66773,9 +89983,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -66790,21 +90004,27 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list "App_Ctrl_1"
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat enable
+        set pcp-outbound disable
+        set pcp-inbound disable
         set permit-any-host disable
         set permit-stun-host disable
         set fixedport disable
+        set port-preserve enable
         set ippool enable
         set poolname "ippool-198.36.23.251" "ippool-198.36.23.253" "ippool-198.36.23.254" "ippool-198.36.23.252"
         set session-ttl 0
@@ -66815,6 +90035,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 1400
@@ -66823,7 +90044,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -66849,9 +90072,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -66867,9 +90094,12 @@ config firewall policy
         set auto-asic-offload enable
         set np-acceleration enable
         set nat enable
+        set pcp-outbound disable
+        set pcp-inbound disable
         set permit-any-host disable
         set permit-stun-host disable
         set fixedport disable
+        set port-preserve enable
         set ippool disable
         set session-ttl 0
         set vlan-cos-fwd 255
@@ -66879,6 +90109,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -66887,7 +90118,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -66912,9 +90145,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -66930,9 +90167,12 @@ config firewall policy
         set auto-asic-offload enable
         set np-acceleration enable
         set nat enable
+        set pcp-outbound disable
+        set pcp-inbound disable
         set permit-any-host disable
         set permit-stun-host disable
         set fixedport disable
+        set port-preserve enable
         set ippool enable
         set poolname "ippool-198.36.23.251" "ippool-198.36.23.253" "ippool-198.36.23.254" "ippool-198.36.23.252"
         set session-ttl 0
@@ -66943,6 +90183,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 1400
@@ -66951,7 +90192,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -66976,9 +90219,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -66993,21 +90240,27 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Outgoing_IPS"
         set application-list "IoT"
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat enable
+        set pcp-outbound disable
+        set pcp-inbound disable
         set permit-any-host disable
         set permit-stun-host disable
         set fixedport disable
+        set port-preserve enable
         set ippool enable
         set poolname "ippool-198.36.23.251"
         set session-ttl 0
@@ -67018,6 +90271,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -67026,7 +90280,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -67051,9 +90307,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -67068,21 +90328,27 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Outgoing_IPS"
         set application-list "App_Ctrl_1"
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat enable
+        set pcp-outbound disable
+        set pcp-inbound disable
         set permit-any-host disable
         set permit-stun-host disable
         set fixedport disable
+        set port-preserve enable
         set ippool enable
         set poolname "ippool-198.36.23.251" "ippool-198.36.23.253" "ippool-198.36.23.254" "ippool-198.36.23.252"
         set session-ttl 0
@@ -67093,6 +90359,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 1400
@@ -67101,7 +90368,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -67128,9 +90397,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "HTTP" "HTTPS"
         set tos-mask 0x00
         set anti-replay enable
@@ -67146,6 +90419,7 @@ config firewall policy
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -67154,6 +90428,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -67162,7 +90437,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -67189,9 +90466,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "HTTP" "HTTPS"
         set tos-mask 0x00
         set anti-replay enable
@@ -67207,6 +90488,7 @@ config firewall policy
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -67215,6 +90497,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -67223,7 +90506,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -67250,9 +90535,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "DNS"
         set tos-mask 0x00
         set anti-replay enable
@@ -67268,6 +90557,7 @@ config firewall policy
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -67276,6 +90566,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -67284,7 +90575,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -67311,9 +90604,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ESP" "IKE" "PING" "SSH"
         set tos-mask 0x00
         set anti-replay enable
@@ -67329,6 +90626,7 @@ config firewall policy
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -67337,6 +90635,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -67345,7 +90644,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -67372,9 +90673,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ESP" "IKE" "PING" "SSH"
         set tos-mask 0x00
         set anti-replay enable
@@ -67390,6 +90695,7 @@ config firewall policy
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -67398,6 +90704,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -67406,7 +90713,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -67433,9 +90742,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -67451,6 +90764,7 @@ config firewall policy
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -67459,6 +90773,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -67467,7 +90782,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -67494,9 +90811,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -67512,6 +90833,7 @@ config firewall policy
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -67520,6 +90842,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -67528,7 +90851,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -67555,9 +90880,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -67579,6 +90908,7 @@ config firewall policy
         set webcache disable
         set webproxy-forward-server ''
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -67587,6 +90917,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -67595,7 +90926,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -67622,9 +90955,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -67646,6 +90983,7 @@ config firewall policy
         set webcache disable
         set webproxy-forward-server ''
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -67654,6 +90992,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -67662,7 +91001,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -67689,9 +91030,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -67713,6 +91058,7 @@ config firewall policy
         set webcache disable
         set webproxy-forward-server ''
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -67721,6 +91067,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -67729,7 +91076,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -67756,9 +91105,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -67780,6 +91133,7 @@ config firewall policy
         set webcache disable
         set webproxy-forward-server ''
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -67788,6 +91142,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -67796,7 +91151,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -67821,9 +91178,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "DNS"
         set tos-mask 0x00
         set anti-replay enable
@@ -67843,7 +91204,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set captive-portal-exempt disable
         set dsri disable
@@ -67867,9 +91230,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ESP" "IKE" "SNMP" "SSH" "ALL_ICMP" "HTTPS" "HTTP"
         set tos-mask 0x00
         set anti-replay enable
@@ -67885,6 +91252,7 @@ config firewall policy
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -67893,6 +91261,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -67901,7 +91270,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -67928,9 +91299,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ESP" "IKE" "SNMP" "SSH" "ALL_ICMP" "HTTPS" "HTTP"
         set tos-mask 0x00
         set anti-replay enable
@@ -67946,6 +91321,7 @@ config firewall policy
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -67954,6 +91330,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -67962,7 +91339,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -67989,9 +91368,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "Genetec Federation"
         set tos-mask 0x00
         set anti-replay enable
@@ -68007,6 +91390,7 @@ config firewall policy
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -68015,6 +91399,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -68023,7 +91408,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -68050,9 +91437,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "Genetec Federation"
         set tos-mask 0x00
         set anti-replay enable
@@ -68068,6 +91459,7 @@ config firewall policy
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -68076,6 +91468,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -68084,7 +91477,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -68111,9 +91506,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -68129,6 +91528,7 @@ config firewall policy
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -68137,6 +91537,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -68145,7 +91546,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -68172,9 +91575,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -68190,6 +91597,7 @@ config firewall policy
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -68198,6 +91606,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -68206,7 +91615,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -68233,9 +91644,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "HTTPS" "TCP-8080"
         set tos-mask 0x00
         set anti-replay enable
@@ -68250,12 +91665,15 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
@@ -68270,6 +91688,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -68278,7 +91697,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -68305,9 +91726,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "CK_Support_Services_Group"
         set tos-mask 0x00
         set anti-replay enable
@@ -68322,12 +91747,15 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
@@ -68342,6 +91770,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -68350,7 +91779,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -68377,9 +91808,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "CK_Mobile_Services_Group"
         set tos-mask 0x00
         set anti-replay enable
@@ -68394,12 +91829,15 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
@@ -68414,6 +91852,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -68422,7 +91861,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -68449,9 +91890,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "HTTP" "HTTPS" "SMTP" "SMTPS"
         set tos-mask 0x00
         set anti-replay enable
@@ -68466,12 +91911,15 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
@@ -68486,6 +91934,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -68494,7 +91943,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -68521,9 +91972,13 @@ config firewall policy
         set internet-service-src enable
         set internet-service-src-group "Microsoft_ISDB_Both"
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "HTTP" "HTTPS" "SMTP" "SMTPS"
         set tos-mask 0x00
         set anti-replay enable
@@ -68538,12 +91993,15 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
@@ -68558,6 +92016,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -68565,7 +92024,9 @@ config firewall policy
         set comments "Barracuda Archivers from Microsoft"
         set block-notification disable
         set replacemsg-override-group ''
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set internet-service-src-negate disable
         set timeout-send-rst disable
@@ -68593,9 +92054,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "HTTP" "HTTPS"
         set tos-mask 0x00
         set anti-replay enable
@@ -68611,6 +92076,7 @@ config firewall policy
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -68619,6 +92085,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -68627,7 +92094,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -68654,9 +92123,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL_TCP"
         set tos-mask 0x00
         set anti-replay enable
@@ -68671,12 +92144,15 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
@@ -68691,6 +92167,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -68699,7 +92176,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -68726,9 +92205,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "DNS"
         set tos-mask 0x00
         set anti-replay enable
@@ -68743,12 +92226,15 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
@@ -68763,6 +92249,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -68771,7 +92258,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -68798,9 +92287,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "DNS"
         set tos-mask 0x00
         set anti-replay enable
@@ -68815,12 +92308,15 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
@@ -68835,6 +92331,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -68843,7 +92340,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -68870,9 +92369,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "LDAP" "LDAP_UDP" "TCP-636"
         set tos-mask 0x00
         set anti-replay enable
@@ -68887,12 +92390,15 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
@@ -68907,6 +92413,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -68915,7 +92422,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -68942,9 +92451,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "Airwatch_Services_Group"
         set tos-mask 0x00
         set anti-replay enable
@@ -68959,12 +92472,15 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
@@ -68979,6 +92495,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -68987,7 +92504,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -69014,9 +92533,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "HTTP" "HTTPS"
         set tos-mask 0x00
         set anti-replay enable
@@ -69033,12 +92556,15 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
@@ -69053,6 +92579,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -69061,7 +92588,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -69088,9 +92617,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "HTTPS"
         set tos-mask 0x00
         set anti-replay enable
@@ -69107,12 +92640,15 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
@@ -69127,6 +92663,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -69135,7 +92672,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -69162,9 +92701,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -69179,18 +92722,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list "App_Ctrl_1"
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -69199,6 +92746,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -69207,7 +92755,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -69234,9 +92784,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "HTTP" "HTTPS"
         set tos-mask 0x00
         set anti-replay enable
@@ -69253,12 +92807,15 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
@@ -69273,6 +92830,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -69281,7 +92839,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -69308,9 +92868,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "HTTPS"
         set tos-mask 0x00
         set anti-replay enable
@@ -69327,12 +92891,15 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
@@ -69347,6 +92914,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -69355,7 +92923,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -69382,9 +92952,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "HTTP" "HTTPS"
         set tos-mask 0x00
         set anti-replay enable
@@ -69401,12 +92975,15 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
@@ -69421,6 +92998,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -69429,7 +93007,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -69456,9 +93036,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "HTTPS"
         set tos-mask 0x00
         set anti-replay enable
@@ -69475,12 +93059,15 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
@@ -69495,6 +93082,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -69503,7 +93091,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -69530,9 +93120,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -69547,12 +93141,15 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
@@ -69567,6 +93164,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -69575,7 +93173,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -69602,9 +93202,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "HTTP" "HTTPS" "TCP-8443"
         set tos-mask 0x00
         set anti-replay enable
@@ -69619,12 +93223,15 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list ''
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
@@ -69639,6 +93246,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -69647,7 +93255,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -69674,9 +93284,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -69691,18 +93305,22 @@ config firewall policy
         set webfilter-profile ''
         set dnsfilter-profile ''
         set emailfilter-profile ''
-        set dlp-sensor ''
+        set dlp-profile ''
         set file-filter-profile ''
         set ips-sensor "Incoming_IPS"
         set application-list "App_Ctrl_1"
         set voip-profile ''
+        set ips-voip-filter ''
         set sctp-filter-profile ''
+        set diameter-filter-profile ''
+        set virtual-patch-profile ''
         set logtraffic all
         set logtraffic-start disable
         set capture-packet disable
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -69711,6 +93329,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -69719,7 +93338,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -69746,9 +93367,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -69764,6 +93389,7 @@ config firewall policy
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -69772,6 +93398,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -69780,7 +93407,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -69807,9 +93436,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -69825,6 +93458,7 @@ config firewall policy
         set auto-asic-offload enable
         set np-acceleration enable
         set nat disable
+        set pcp-inbound disable
         set session-ttl 0
         set vlan-cos-fwd 255
         set vlan-cos-rev 255
@@ -69833,6 +93467,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -69841,7 +93476,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -69866,9 +93503,13 @@ config firewall policy
         set internet-service disable
         set internet-service-src disable
         unset reputation-minimum
+        set internet-service6 disable
+        set internet-service6-src disable
+        unset reputation-minimum6
         set rtp-nat disable
         set schedule "always"
         set schedule-timeout disable
+        set policy-expiry disable
         set service "ALL"
         set tos-mask 0x00
         set anti-replay enable
@@ -69884,9 +93525,12 @@ config firewall policy
         set auto-asic-offload enable
         set np-acceleration enable
         set nat enable
+        set pcp-outbound disable
+        set pcp-inbound disable
         set permit-any-host disable
         set permit-stun-host disable
         set fixedport disable
+        set port-preserve enable
         set ippool enable
         set poolname "ippool-198.36.23.253"
         set session-ttl 0
@@ -69897,6 +93541,7 @@ config firewall policy
         set disclaimer disable
         set email-collect disable
         set natip 0.0.0.0 0.0.0.0
+        set diffserv-copy disable
         set diffserv-forward disable
         set diffserv-reverse disable
         set tcp-mss-sender 0
@@ -69905,7 +93550,9 @@ config firewall policy
         set block-notification disable
         set replacemsg-override-group ''
         set srcaddr-negate disable
+        set srcaddr6-negate disable
         set dstaddr-negate disable
+        set dstaddr6-negate disable
         set service-negate disable
         set timeout-send-rst disable
         set captive-portal-exempt disable
@@ -69918,8 +93565,6 @@ config firewall policy
         set per-ip-shaper ''
     next
 end
-config firewall traffic-class
-end
 config firewall shaping-policy
 end
 config firewall shaping-profile
@@ -70359,6 +94004,7 @@ config firewall DoS-policy6
 end
 config firewall sniffer
     edit 8
+        set uuid 36fa8310-c0f6-51f0-af3f-cf024bc5cd86
         set status enable
         set logtraffic utm
         set ipv6 disable
@@ -70369,9 +94015,9 @@ config firewall sniffer
         set protocol ''
         set vlan ''
         set dsri disable
-        set max-packet-count 100
     next
     edit 4
+        set uuid 36fa8db0-c0f6-51f0-6346-78d55fc36abd
         set status enable
         set logtraffic utm
         set ipv6 disable
@@ -70382,9 +94028,9 @@ config firewall sniffer
         set protocol ''
         set vlan ''
         set dsri disable
-        set max-packet-count 2000
     next
     edit 6
+        set uuid 36fa97e2-c0f6-51f0-1f91-602bb9d08d10
         set status enable
         set logtraffic utm
         set ipv6 disable
@@ -70395,9 +94041,9 @@ config firewall sniffer
         set protocol ''
         set vlan ''
         set dsri disable
-        set max-packet-count 50
     next
     edit 5
+        set uuid 36faa2f0-c0f6-51f0-d0a3-a5b6aa82d820
         set status enable
         set logtraffic utm
         set ipv6 disable
@@ -70408,9 +94054,9 @@ config firewall sniffer
         set protocol ''
         set vlan ''
         set dsri disable
-        set max-packet-count 4000
     next
     edit 7
+        set uuid 36faa958-c0f6-51f0-f06c-44f6e557b95a
         set status enable
         set logtraffic utm
         set ipv6 disable
@@ -70421,9 +94067,9 @@ config firewall sniffer
         set protocol ''
         set vlan ''
         set dsri disable
-        set max-packet-count 4000
     next
     edit 9
+        set uuid 36fab1f0-c0f6-51f0-a43f-71f4623d82eb
         set status enable
         set logtraffic utm
         set ipv6 disable
@@ -70434,9 +94080,9 @@ config firewall sniffer
         set protocol ''
         set vlan ''
         set dsri disable
-        set max-packet-count 4000
     next
     edit 10
+        set uuid 36fab84e-c0f6-51f0-515c-1e42d3f07a15
         set status enable
         set logtraffic utm
         set ipv6 disable
@@ -70447,9 +94093,9 @@ config firewall sniffer
         set protocol ''
         set vlan ''
         set dsri disable
-        set max-packet-count 4000
     next
     edit 11
+        set uuid 36fac0c8-c0f6-51f0-e9e7-ad190564024f
         set status enable
         set logtraffic utm
         set ipv6 disable
@@ -70460,9 +94106,9 @@ config firewall sniffer
         set protocol ''
         set vlan ''
         set dsri disable
-        set max-packet-count 4000
     next
     edit 12
+        set uuid 36fac938-c0f6-51f0-3e0a-9e48923f6653
         set status enable
         set logtraffic utm
         set ipv6 disable
@@ -70473,9 +94119,9 @@ config firewall sniffer
         set protocol ''
         set vlan ''
         set dsri disable
-        set max-packet-count 4000
     next
     edit 13
+        set uuid 36fad0c2-c0f6-51f0-cc14-10d54ecdbbb9
         set status enable
         set logtraffic utm
         set ipv6 disable
@@ -70486,9 +94132,9 @@ config firewall sniffer
         set protocol ''
         set vlan ''
         set dsri disable
-        set max-packet-count 4000
     next
     edit 14
+        set uuid 36fadb9e-c0f6-51f0-dd8e-fdcc0d853ca2
         set status enable
         set logtraffic utm
         set ipv6 disable
@@ -70499,9 +94145,9 @@ config firewall sniffer
         set protocol ''
         set vlan ''
         set dsri disable
-        set max-packet-count 4000
     next
     edit 15
+        set uuid 36fae666-c0f6-51f0-dc3f-12317d604f06
         set status enable
         set logtraffic utm
         set ipv6 disable
@@ -70512,9 +94158,9 @@ config firewall sniffer
         set protocol ''
         set vlan ''
         set dsri disable
-        set max-packet-count 10000
     next
     edit 16
+        set uuid 36faeeae-c0f6-51f0-9ee8-abe6590ce728
         set status enable
         set logtraffic utm
         set ipv6 disable
@@ -70525,9 +94171,10 @@ config firewall sniffer
         set protocol ''
         set vlan ''
         set dsri disable
-        set max-packet-count 4000
     next
 end
+config firewall on-demand-sniffer
+end
 config firewall acl
 end
 config firewall acl6
@@ -70543,6 +94190,11 @@ end
 config authentication setting
     set active-auth-scheme ''
     set sso-auth-scheme ''
+    set update-time 0000-00-00 00:00:00
+    set persistent-cookie enable
+    set ip-auth-cookie disable
+    set cookie-max-age 480
+    set cookie-refresh-div 2
     set captive-portal-type fqdn
     set captive-portal ''
     set captive-portal6 ''
@@ -70560,6 +94212,12 @@ config switch-controller 802-1X-settings
     set reauth-period 60
     set max-reauth-attempt 3
     set tx-period 30
+    set mab-reauth disable
+    set mac-username-delimiter hyphen
+    set mac-password-delimiter hyphen
+    set mac-calling-station-delimiter hyphen
+    set mac-called-station-delimiter hyphen
+    set mac-case lowercase
 end
 config switch-controller security-policy 802-1X
     edit "802-1X-policy-default"
@@ -70576,6 +94234,7 @@ config switch-controller security-policy 802-1X
         set radius-timeout-overwrite disable
         set policy-type 802.1X
         set authserver-timeout-vlan disable
+        set dacl disable
     next
 end
 config switch-controller security-policy local-access
@@ -70646,6 +94305,7 @@ config switch-controller lldp-profile
         set auto-isl-receive-timeout 60
         set auto-isl-port-group 0
         set auto-mclag-icl disable
+        set auto-isl-auth legacy
     next
     edit "default-auto-mclag-icl"
         unset med-tlvs
@@ -70656,6 +94316,7 @@ config switch-controller lldp-profile
         set auto-isl-receive-timeout 60
         set auto-isl-port-group 0
         set auto-mclag-icl enable
+        set auto-isl-auth legacy
     next
 end
 config switch-controller qos dot1p-map
@@ -70842,6 +94503,13 @@ config switch-controller storm-control-policy
     next
 end
 config switch-controller auto-config policy
+    edit "pse"
+        set qos-policy "default"
+        set storm-control-policy "auto-config"
+        set poe-status enable
+        set igmp-flood-report disable
+        set igmp-flood-traffic disable
+    next
     edit "default"
         set qos-policy "default"
         set storm-control-policy "auto-config"
@@ -70916,22 +94584,34 @@ end
 config switch-controller switch-profile
     edit "default"
         set login-passwd-override disable
+        set login enable
+        set revision-backup-on-logout disable
+        set revision-backup-on-upgrade disable
     next
 end
 config switch-controller custom-command
 end
 config switch-controller virtual-port-pool
 end
-config switch-controller ptp settings
-    set mode disable
-end
-config switch-controller ptp policy
+config switch-controller ptp profile
     edit "default"
-        set status enable
+        set description ''
+        set mode transparent-e2e
+    next
+end
+config switch-controller ptp interface-policy
+    edit "default"
+        set description ''
+        set vlan ''
+        set vlan-pri 4
     next
 end
 config switch-controller vlan-policy
 end
+config switch-controller acl ingress
+end
+config switch-controller acl group
+end
 config switch-controller dynamic-port-policy
 end
 config switch-controller managed-switch
@@ -70958,9 +94638,16 @@ config switch-controller global
     set mac-aging-interval 300
     set https-image-push enable
     set vlan-optimization enable
+    set vlan-identity name
     set mac-retention-period 24
     set default-virtual-switch-vlan ''
     set dhcp-server-access-list disable
+    set dhcp-option82-format ascii
+    set dhcp-option82-circuit-id intfname vlan mode
+    set dhcp-option82-remote-id mac
+    set dhcp-snoop-client-req drop-untrusted
+    set dhcp-snoop-client-db-exp 86400
+    set dhcp-snoop-db-per-port-learn-limit 64
     set log-mac-limit-violations disable
     set sn-dns-resolution enable
     set mac-event-logging disable
@@ -70969,6 +94656,7 @@ config switch-controller global
     set update-user-device mac-cache lldp dhcp-snooping l2-db l3-db
     set fips-enforce enable
     set firmware-provision-on-authorization disable
+    set switch-on-deauth no-op
 end
 config switch-controller switch-log
     set status enable
@@ -70990,11 +94678,9 @@ config switch-controller flow-tracking
     set sample-mode perimeter
     set sample-rate 512
     set format netflow9
-    set collector-ip 0.0.0.0
-    set collector-port 0
-    set transport udp
     set level ip
     set max-export-pkt-size 512
+    set template-export-period 5
     set timeout-general 3600
     set timeout-icmp 300
     set timeout-max 604800
@@ -71045,6 +94731,7 @@ config wireless-controller setting
     set device-holdoff 5
     set device-idle 1440
     set firmware-provision-on-authorization disable
+    set rolling-wtp-upgrade disable
     set darrp-optimize 86400
     set darrp-optimize-schedules "default-darrp-optimize"
 end
@@ -71061,6 +94748,7 @@ config wireless-controller log
     set sta-locate-log notification
     set wids-log notification
     set wtp-event-log notification
+    set wtp-fips-event-log notification
 end
 config wireless-controller apcfg-profile
 end
@@ -71076,16 +94764,16 @@ config wireless-controller arrp-profile
         set weight-noise-floor 40
         set weight-channel-load 20
         set weight-spectral-rssi 40
-        set weight-weather-channel 1000
-        set weight-dfs-channel 500
+        set weight-weather-channel 0
+        set weight-dfs-channel 0
         set threshold-ap 250
         set threshold-noise-floor "-85"
         set threshold-channel-load 60
         set threshold-spectral-rssi "-65"
         set threshold-tx-retries 300
         set threshold-rx-errors 50
-        set include-weather-channel disable
-        set include-dfs-channel disable
+        set include-weather-channel enable
+        set include-dfs-channel enable
         set override-darrp-optimize disable
     next
 end
@@ -71186,6 +94874,8 @@ config wireless-controller ble-profile
         set txpower 0
         set beacon-interval 100
         set ble-scanning disable
+        set scan-type active
+        set scan-threshold "-90"
     next
 end
 config wireless-controller syslog-profile
@@ -71200,10 +94890,6 @@ config wireless-controller qos-profile
 end
 config wireless-controller wag-profile
 end
-config wireless-controller address
-end
-config wireless-controller addrgrp
-end
 config wireless-controller snmp
     set engine-id ''
     set contact-info ''
@@ -71222,21 +94908,31 @@ config wireless-controller ap-status
 end
 config user nac-policy
 end
-config extender-controller dataplan
+config extension-controller dataplan
 end
-config extender-controller extender-profile
+config extension-controller extender-vap
 end
-config extender-controller extender
+config extension-controller extender-profile
+end
+config extension-controller extender
+end
+config extension-controller fortigate-profile
+end
+config extension-controller fortigate
 end
 config system ips
     set signature-hold-time 0h
 end
+config endpoint-control settings
+    set override disable
+end
 config ips custom
 end
 config ips settings
     set packet-log-history 1
     set packet-log-post-attack 0
     set ips-packet-quota 0
+    set proxy-inline-ips disable
 end
 config alertemail setting
     set username ''
@@ -71274,6 +94970,8 @@ config router key-chain
 end
 config router community-list
 end
+config router extcommunity-list
+end
 config router route-map
 end
 config router rip
@@ -71348,6 +95046,7 @@ config router static
         set status enable
         set dst 0.0.0.0 0.0.0.0
         set gateway 198.36.24.1
+        set preferred-source 0.0.0.0
         set distance 1
         set weight 0
         set priority 1
@@ -71359,12 +95058,14 @@ config router static
         unset internet-service
         set internet-service-custom ''
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 2
         set status enable
         set dst 10.0.0.0 255.0.0.0
         set gateway 10.251.1.1
+        set preferred-source 0.0.0.0
         set distance 1
         set weight 0
         set priority 1
@@ -71373,12 +95074,14 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 3
         set status enable
         set dst 10.250.201.0 255.255.255.0
         set gateway 10.251.1.1
+        set preferred-source 0.0.0.0
         set distance 1
         set weight 0
         set priority 1
@@ -71387,12 +95090,14 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 4
         set status enable
         set dst 10.250.202.0 255.255.255.0
         set gateway 10.251.1.1
+        set preferred-source 0.0.0.0
         set distance 1
         set weight 0
         set priority 1
@@ -71401,12 +95106,14 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 5
         set status enable
         set dst 10.250.203.0 255.255.255.0
         set gateway 10.251.1.1
+        set preferred-source 0.0.0.0
         set distance 1
         set weight 0
         set priority 1
@@ -71415,12 +95122,14 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 6
         set status enable
         set dst 10.250.204.0 255.255.255.0
         set gateway 10.251.1.1
+        set preferred-source 0.0.0.0
         set distance 1
         set weight 0
         set priority 1
@@ -71429,12 +95138,14 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 7
         set status enable
         set dst 10.250.205.0 255.255.255.0
         set gateway 10.251.1.1
+        set preferred-source 0.0.0.0
         set distance 1
         set weight 0
         set priority 1
@@ -71443,12 +95154,14 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 8
         set status enable
         set dst 10.250.206.0 255.255.255.0
         set gateway 10.251.1.1
+        set preferred-source 0.0.0.0
         set distance 1
         set weight 0
         set priority 1
@@ -71457,12 +95170,14 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 9
         set status enable
         set dst 10.250.207.0 255.255.255.0
         set gateway 10.251.1.1
+        set preferred-source 0.0.0.0
         set distance 1
         set weight 0
         set priority 1
@@ -71471,12 +95186,14 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 10
         set status enable
         set dst 10.250.208.0 255.255.255.0
         set gateway 10.251.1.1
+        set preferred-source 0.0.0.0
         set distance 1
         set weight 0
         set priority 1
@@ -71485,12 +95202,14 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 11
         set status enable
         set dst 172.17.0.0 255.255.0.0
         set gateway 10.251.1.1
+        set preferred-source 0.0.0.0
         set distance 1
         set weight 0
         set priority 1
@@ -71499,12 +95218,14 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 12
         set status enable
         set dst 172.18.0.0 255.255.0.0
         set gateway 10.251.1.1
+        set preferred-source 0.0.0.0
         set distance 1
         set weight 0
         set priority 1
@@ -71513,12 +95234,14 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 13
         set status enable
         set dst 172.19.0.0 255.255.0.0
         set gateway 10.251.1.1
+        set preferred-source 0.0.0.0
         set distance 1
         set weight 0
         set priority 1
@@ -71527,12 +95250,14 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 14
         set status enable
         set dst 192.168.0.0 255.255.0.0
         set gateway 10.251.1.1
+        set preferred-source 0.0.0.0
         set distance 1
         set weight 0
         set priority 1
@@ -71541,12 +95266,14 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 15
         set status enable
         set dst 10.212.134.0 255.255.255.0
         set gateway 10.251.1.1
+        set preferred-source 0.0.0.0
         set distance 1
         set weight 0
         set priority 1
@@ -71555,11 +95282,13 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 16
         set status enable
         set dst 170.161.52.27 255.255.255.255
+        set preferred-source 0.0.0.0
         set distance 1
         set weight 0
         set priority 1
@@ -71568,11 +95297,13 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 17
         set status enable
         set dst 10.222.0.0 255.255.0.0
+        set preferred-source 0.0.0.0
         set distance 10
         set weight 0
         set priority 1
@@ -71581,12 +95312,14 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 18
         set status enable
         set dst 10.250.0.0 255.255.0.0
         set gateway 10.250.100.92
+        set preferred-source 0.0.0.0
         set distance 10
         set weight 0
         set priority 1
@@ -71595,11 +95328,13 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 19
         set status enable
         set dst 10.107.49.0 255.255.255.0
+        set preferred-source 0.0.0.0
         set distance 10
         set weight 0
         set priority 1
@@ -71608,11 +95343,13 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 20
         set status enable
         set dst 10.107.100.0 255.255.255.0
+        set preferred-source 0.0.0.0
         set distance 10
         set weight 0
         set priority 1
@@ -71621,11 +95358,13 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 21
         set status enable
         set dst 10.107.50.0 255.255.255.0
+        set preferred-source 0.0.0.0
         set distance 10
         set weight 0
         set priority 1
@@ -71634,12 +95373,14 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 22
         set status enable
         set dst 10.253.17.0 255.255.255.0
         set gateway 10.250.100.92
+        set preferred-source 0.0.0.0
         set distance 10
         set weight 0
         set priority 1
@@ -71648,12 +95389,14 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 23
         set status enable
         set dst 10.253.18.0 255.255.255.0
         set gateway 10.250.100.92
+        set preferred-source 0.0.0.0
         set distance 10
         set weight 0
         set priority 1
@@ -71662,12 +95405,14 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 24
         set status enable
         set dst 0.0.0.0 0.0.0.0
         set gateway 10.250.100.92
+        set preferred-source 0.0.0.0
         set distance 10
         set weight 0
         set priority 1
@@ -71677,12 +95422,14 @@ config router static
         set dynamic-gateway disable
         set dstaddr "City_Side_VoIP_Park_Place_Group"
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 25
         set status enable
         set dst 10.249.0.46 255.255.255.255
         set gateway 10.250.100.92
+        set preferred-source 0.0.0.0
         set distance 10
         set weight 0
         set priority 1
@@ -71691,12 +95438,14 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 26
         set status enable
         set dst 0.0.0.0 0.0.0.0
         set gateway 10.250.100.92
+        set preferred-source 0.0.0.0
         set distance 10
         set weight 0
         set priority 1
@@ -71706,11 +95455,13 @@ config router static
         set dynamic-gateway disable
         set dstaddr "SPD_Side_Genetec"
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 34
         set status enable
         set dst 172.30.44.0 255.255.254.0
+        set preferred-source 0.0.0.0
         set distance 10
         set weight 0
         set priority 1
@@ -71719,11 +95470,13 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 28
         set status disable
         set dst 172.30.45.35 255.255.255.255
+        set preferred-source 0.0.0.0
         set distance 10
         set weight 0
         set priority 1
@@ -71732,6 +95485,7 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 29
@@ -71743,11 +95497,13 @@ config router static
         set comment ''
         set blackhole enable
         set link-monitor-exempt disable
+        set tag 0
         set vrf 0
     next
     edit 30
         set status enable
         set dst 10.11.0.0 255.255.240.0
+        set preferred-source 0.0.0.0
         set distance 10
         set weight 0
         set priority 1
@@ -71756,11 +95512,13 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 31
         set status enable
         set dst 10.46.0.0 255.255.0.0
+        set preferred-source 0.0.0.0
         set distance 10
         set weight 0
         set priority 1
@@ -71769,11 +95527,13 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 32
         set status enable
         set dst 192.168.46.0 255.255.255.0
+        set preferred-source 0.0.0.0
         set distance 10
         set weight 0
         set priority 1
@@ -71782,11 +95542,13 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 33
         set status enable
         set dst 10.51.62.0 255.255.255.0
+        set preferred-source 0.0.0.0
         set distance 10
         set weight 0
         set priority 1
@@ -71795,11 +95557,13 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 37
         set status enable
         set dst 192.168.146.0 255.255.255.0
+        set preferred-source 0.0.0.0
         set distance 10
         set weight 0
         set priority 1
@@ -71808,11 +95572,13 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 35
         set status enable
         set dst 192.168.67.0 255.255.255.0
+        set preferred-source 0.0.0.0
         set distance 10
         set weight 0
         set priority 1
@@ -71821,11 +95587,13 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
     edit 36
         set status enable
         set dst 10.67.0.0 255.255.0.0
+        set preferred-source 0.0.0.0
         set distance 10
         set weight 0
         set priority 1
@@ -71834,6 +95602,7 @@ config router static
         set blackhole disable
         set dynamic-gateway disable
         set link-monitor-exempt disable
+        set tag 0
         set bfd disable
     next
 end
@@ -71866,7 +95635,6 @@ config router ospf
     set distribute-list-in ''
     set distribute-route-map-in ''
     set restart-mode none
-    set restart-period 120
     config redistribute "connected"
         set status disable
         set metric 0
@@ -71915,6 +95683,7 @@ config router ospf6
     set router-id 0.0.0.0
     set spf-timers 5 10
     set bfd disable
+    set restart-mode none
     config redistribute "connected"
         set status disable
         set metric 0
@@ -71947,7 +95716,7 @@ config router ospf6
     end
 end
 config router bgp
-    set as 0
+    unset as
     set keepalive-timer 60
     set holdtime-timer 180
     set always-compare-med disable
@@ -71968,6 +95737,7 @@ config router bgp
     set ignore-optional-capability enable
     set multipath-recursive-distance disable
     set recursive-next-hop disable
+    set recursive-inherit-priority disable
     set tag-resolve-mode disable
     set cluster-id 0.0.0.0
     set confederation-identifier 0
@@ -71978,6 +95748,7 @@ config router bgp
     set distance-local 200
     set synchronization disable
     set graceful-restart disable
+    set cross-family-conditional-adv disable
     config redistribute "connected"
         set status disable
         set route-map ''
@@ -72025,8 +95796,8 @@ config router isis
     set adv-passive-only6 disable
     set auth-mode-l1 password
     set auth-mode-l2 password
-    set auth-password-l1 ENC FnIZexadaa0A1RJ161oXd1GAYUWGu03eZ43oq61QfHiQx+oovMTNdBINWYM8cGM6n65y0bUfOLW/TrRIIkrpxOYTGUc0fFcmU0gImrLd8JpBMR+JB7PCvGhooCDgh8btOPBY+7qARiqA119Q3V1qjPgi8jWy0SIEYle4IEkHIdQl19W+TL+OhxBusYKBEljtojGD3g==
-    set auth-password-l2 ENC p08NjlsHInO7c9/SNxo9UBcNSOurVfIolYjeMP96oL+mhRIA7jiD0bT8XkMdEQqoRdIApZZr8JZyzaMkTDAVlROyDhyBL+g7Gr3xECEtGv2hIsPVxAMb+k/kIGB1a42LqGjCkXJsDMDYV+cGr4y020tl6iKLYUt+NmTz5NM0eVrPyte9dBsHMGCLsBB7/xTsKQxtFg==
+    set auth-password-l1 ENC FR21ACmdd+jonT9B1Vzu3VX0JAFaYGAzZXlKTTvhygJJe8nPaCGDarkVy1dwgcHDUFuqEx5Zoj+admxxd7VrkCQseZ3jrtC0XKFTEQ3GOfFqTDGTVh6/37fqH2V/hDT2g6FM3NUa8xKudWqc57BDqjA3qXrR2F/3+vvNnf7tMV8PDnfr1K8/ZG99PjdMm2crvJEy11lmMjY3dkVA
+    set auth-password-l2 ENC TDTJ+3Z8X2HuZvTPPoyE88ahPFaGz1McgRl4gObItowesYA3rGRy/mkb1srecEP4jZH6Sk2IzMnGSH9cg0paActbWt0pYeuWnHPqnOpOTXFCgtr8+lDIdZUq9ft69drq01cU04mpz5bQ2Gja18CSI5WIG/ToIl0+Bv5DcJHKwxn1QX9PKo+ODmugh09kNZQ1C7G4/llmMjY3dkVA
     set auth-sendonly-l1 disable
     set auth-sendonly-l2 disable
     set ignore-lsp-errors disable
@@ -72143,6 +95914,7 @@ config router multicast
         set spt-threshold enable
         set ssm disable
         set register-rate-limit 0
+        set pim-use-sdwan disable
         set spt-threshold-group ''
     end
 end
@@ -72168,6 +95940,7 @@ config system link-monitor
         set addr-mode ipv4
         set srcintf "vpn-0fc50345"
         set server-config default
+        set server-type static
         set server "169.254.54.77"
         set protocol ping
         set gateway-ip 0.0.0.0
@@ -72202,16055 +95975,3 @@ config system vne-tunnel
 end
 end
 
-config vdom
-edit Policy
-config wireless-controller hotspot20 anqp-venue-name
-end
-config wireless-controller hotspot20 anqp-venue-url
-end
-config wireless-controller hotspot20 anqp-network-auth-type
-end
-config wireless-controller hotspot20 anqp-roaming-consortium
-end
-config wireless-controller hotspot20 anqp-nai-realm
-end
-config wireless-controller hotspot20 anqp-3gpp-cellular
-end
-config wireless-controller hotspot20 anqp-ip-address-type
-end
-config wireless-controller hotspot20 h2qp-operator-name
-end
-config wireless-controller hotspot20 h2qp-wan-metric
-end
-config wireless-controller hotspot20 h2qp-conn-capability
-end
-config wireless-controller hotspot20 icon
-end
-config wireless-controller hotspot20 h2qp-osu-provider
-end
-config wireless-controller hotspot20 qos-map
-end
-config wireless-controller hotspot20 h2qp-advice-of-charge
-end
-config wireless-controller hotspot20 h2qp-osu-provider-nai
-end
-config wireless-controller hotspot20 h2qp-terms-and-conditions
-end
-config wireless-controller hotspot20 hs-profile
-end
-config wireless-controller vap
-end
-config system object-tagging
-    edit "default"
-        set address optional
-        set device optional
-        set interface optional
-        set multiple enable
-        set color 0
-    next
-end
-config switch-controller traffic-policy
-    edit "quarantine"
-        set description "Rate control for quarantined traffic"
-        set policer-status enable
-        set guaranteed-bandwidth 163840
-        set guaranteed-burst 8192
-        set maximum-burst 163840
-        set cos-queue 0
-    next
-    edit "sniffer"
-        set description "Rate control for sniffer mirrored traffic"
-        set policer-status enable
-        set guaranteed-bandwidth 50000
-        set guaranteed-burst 8192
-        set maximum-burst 163840
-        set cos-queue 0
-    next
-end
-config switch-controller fortilink-settings
-end
-config system stp
-    set switch-priority 32768
-    set hello-time 2
-    set forward-delay 15
-    set max-age 20
-    set max-hops 20
-end
-config system settings
-    set comments "Test VDOM for Policy-based"
-    set opmode nat
-    set policy-offload-level disable
-    set ngfw-mode policy-based
-    set http-external-dest fortiweb
-    set firewall-session-dirty check-all
-    set bfd disable
-    set utf8-spam-tagging enable
-    set wccp-cache-engine disable
-    set vpn-stats-log ipsec pptp l2tp ssl
-    set vpn-stats-period 600
-    set v4-ecmp-mode source-ip-based
-    set fw-session-hairpin disable
-    set prp-trailer-action disable
-    set snat-hairpin-traffic enable
-    set dhcp-proxy disable
-    set lldp-reception global
-    set lldp-transmission global
-    set link-down-access enable
-    set nat46-generate-ipv6-fragment-header disable
-    set nat46-force-ipv4-packet-forwarding disable
-    set nat64-force-ipv6-packet-forwarding enable
-    set auxiliary-session disable
-    set asymroute disable
-    set asymroute-icmp disable
-    set ses-denied-traffic disable
-    set strict-src-check disable
-    set allow-linkdown-path disable
-    set asymroute6 disable
-    set asymroute6-icmp disable
-    set sctp-session-without-init disable
-    set sip-expectation disable
-    set sip-nat-trace enable
-    set h323-direct-model enable
-    set status enable
-    set sip-tcp-port 5060
-    set sip-udp-port 5060
-    set sip-ssl-port 5061
-    set sccp-port 2000
-    set multicast-forward enable
-    set multicast-ttl-notchange disable
-    set allow-subnet-overlap disable
-    set deny-tcp-with-icmp disable
-    set ecmp-max-paths 255
-    set discovered-device-timeout 28
-    set email-portal-check-dns enable
-    set default-voip-alg-mode proxy-based
-    set gui-implicit-policy enable
-    set gui-dns-database disable
-    set gui-load-balance disable
-    set gui-multicast-policy disable
-    set gui-dos-policy enable
-    set gui-object-colors enable
-    set gui-ap-profile enable
-    set gui-security-profile-group disable
-    set gui-local-in-policy disable
-    set gui-dynamic-routing enable
-    set gui-sslvpn-personal-bookmarks disable
-    set gui-sslvpn-realms disable
-    set gui-threat-weight enable
-    set gui-spamfilter disable
-    set gui-file-filter disable
-    set gui-ips enable
-    set gui-endpoint-control enable
-    set gui-endpoint-control-advanced disable
-    set gui-dhcp-advanced enable
-    set gui-vpn enable
-    set gui-wireless-controller enable
-    set gui-switch-controller enable
-    set gui-fortiap-split-tunneling disable
-    set gui-webfilter-advanced disable
-    set gui-traffic-shaping enable
-    set gui-wan-load-balancing enable
-    set gui-antivirus enable
-    set gui-webfilter enable
-    set gui-videofilter enable
-    set gui-advanced-policy disable
-    set gui-allow-unnamed-policy disable
-    set gui-email-collection disable
-    set gui-multiple-interface-policy disable
-    set gui-ztna enable
-    set location-id 0.0.0.0
-    set ike-session-resume disable
-    set ike-quick-crash-detect disable
-    set ike-dn-format with-space
-    set ike-port 500
-    set ike-policy-route disable
-    set block-land-attack disable
-    set application-bandwidth-tracking disable
-end
-config system sit-tunnel
-end
-config system arp-table
-end
-config system ipv6-neighbor-cache
-end
-config system vdom-sflow
-    set vdom-sflow disable
-    set interface-select-method auto
-end
-config system vdom-netflow
-    set vdom-netflow disable
-    set interface-select-method auto
-end
-config system vdom-dns
-    set vdom-dns disable
-    set alt-primary 0.0.0.0
-    set alt-secondary 0.0.0.0
-end
-config system replacemsg-group
-    edit "default"
-        set comment "Default replacement message group."
-        set group-type default
-    next
-end
-config system session-ttl
-    set default 3600
-end
-config system dhcp server
-end
-config system dhcp6 server
-end
-config system zone
-end
-config firewall address
-    edit "none"
-        set uuid bde11ce6-3520-51ed-9974-a5b4264be0b3
-        set type ipmask
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set subnet 0.0.0.0 255.255.255.255
-    next
-    edit "login.microsoftonline.com"
-        set uuid bde12b0a-3520-51ed-d2a0-e807d4a14a3f
-        set type fqdn
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set fqdn "login.microsoftonline.com"
-        set cache-ttl 0
-    next
-    edit "login.microsoft.com"
-        set uuid bde139e2-3520-51ed-d55f-33931d299d78
-        set type fqdn
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set fqdn "login.microsoft.com"
-        set cache-ttl 0
-    next
-    edit "login.windows.net"
-        set uuid bde14b94-3520-51ed-a1e7-319da9a479ea
-        set type fqdn
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set fqdn "login.windows.net"
-        set cache-ttl 0
-    next
-    edit "gmail.com"
-        set uuid bde158b4-3520-51ed-b71e-57f937fa40cb
-        set type fqdn
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set fqdn "gmail.com"
-        set cache-ttl 0
-    next
-    edit "wildcard.google.com"
-        set uuid bde165c0-3520-51ed-0783-860a2a214ffd
-        set type fqdn
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set fqdn "*.google.com"
-        set cache-ttl 0
-    next
-    edit "wildcard.dropbox.com"
-        set uuid bde17240-3520-51ed-a328-5346f2fa7447
-        set type fqdn
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set fqdn "*.dropbox.com"
-        set cache-ttl 0
-    next
-    edit "SSLVPN_TUNNEL_ADDR1"
-        set uuid bde88710-3520-51ed-728e-76461d6221fe
-        set type iprange
-        set comment ''
-        set color 0
-        set fabric-object disable
-        set start-ip 10.212.134.200
-        set end-ip 10.212.134.210
-    next
-    edit "all"
-        set uuid bde8d012-3520-51ed-6285-eddc784a24b1
-        set type ipmask
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set subnet 0.0.0.0 0.0.0.0
-    next
-    edit "FIREWALL_AUTH_PORTAL_ADDRESS"
-        set uuid bde8d1f2-3520-51ed-0936-132ed3b829c9
-        set type ipmask
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set subnet 0.0.0.0 0.0.0.0
-    next
-    edit "FABRIC_DEVICE"
-        set uuid bde8d3c8-3520-51ed-3305-2f204031c35c
-        set type ipmask
-        set comment "IPv4 addresses of Fabric Devices."
-        set associated-interface ''
-        set color 0
-        set fabric-object disable
-        set subnet 0.0.0.0 0.0.0.0
-    next
-    edit "FCTEMS_ALL_FORTICLOUD_SERVERS"
-        set uuid 516aa2ce-3522-51ed-0c4a-0d18239acea9
-        set type dynamic
-        set sub-type ems-tag
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set fabric-object disable
-        set obj-tag ''
-        set obj-type ip
-        set tag-detection-level ''
-        set tag-type ''
-    next
-end
-config firewall multicast-address
-    edit "all_hosts"
-        set type multicastrange
-        set start-ip 224.0.0.1
-        set end-ip 224.0.0.1
-        set comment ''
-        set associated-interface ''
-        set color 0
-    next
-    edit "all_routers"
-        set type multicastrange
-        set start-ip 224.0.0.2
-        set end-ip 224.0.0.2
-        set comment ''
-        set associated-interface ''
-        set color 0
-    next
-    edit "Bonjour"
-        set type multicastrange
-        set start-ip 224.0.0.251
-        set end-ip 224.0.0.251
-        set comment ''
-        set associated-interface ''
-        set color 0
-    next
-    edit "EIGRP"
-        set type multicastrange
-        set start-ip 224.0.0.10
-        set end-ip 224.0.0.10
-        set comment ''
-        set associated-interface ''
-        set color 0
-    next
-    edit "OSPF"
-        set type multicastrange
-        set start-ip 224.0.0.5
-        set end-ip 224.0.0.6
-        set comment ''
-        set associated-interface ''
-        set color 0
-    next
-    edit "all"
-        set type multicastrange
-        set start-ip 224.0.0.0
-        set end-ip 239.255.255.255
-        set comment ''
-        set associated-interface ''
-        set color 0
-    next
-end
-config firewall address6-template
-end
-config firewall address6
-    edit "all"
-        set uuid bde1bfa2-3520-51ed-7b6a-7bad8cadabaa
-        set type ipprefix
-        set ip6 ::/0
-        set color 0
-        set comment ''
-        set fabric-object disable
-    next
-    edit "none"
-        set uuid bde1c8d0-3520-51ed-d759-9123906c2212
-        set type ipprefix
-        set ip6 ::/128
-        set color 0
-        set comment ''
-        set fabric-object disable
-    next
-    edit "SSLVPN_TUNNEL_IPv6_ADDR1"
-        set uuid bde88a26-3520-51ed-47a2-8ac186cdb86d
-        set type ipprefix
-        set ip6 fdff:ffff::/120
-        set color 0
-        set comment ''
-        set fabric-object disable
-    next
-end
-config firewall multicast-address6
-    edit "all"
-        set ip6 ff00::/8
-        set comment ''
-        set color 0
-    next
-end
-config system ipv6-tunnel
-end
-config firewall addrgrp
-    edit "G Suite"
-        set type default
-        set category default
-        set uuid bde18140-3520-51ed-b156-8feccd84c03c
-        set member "gmail.com" "wildcard.google.com"
-        set comment ''
-        set exclude disable
-        set color 0
-        set fabric-object disable
-    next
-    edit "Microsoft Office 365"
-        set type default
-        set category default
-        set uuid bde19b44-3520-51ed-cc72-40627cfd767c
-        set member "login.microsoftonline.com" "login.microsoft.com" "login.windows.net"
-        set comment ''
-        set exclude disable
-        set color 0
-        set fabric-object disable
-    next
-end
-config firewall addrgrp6
-end
-config firewall wildcard-fqdn custom
-    edit "g-Adobe Login"
-        set uuid b5c2c426-7e12-51ec-c8c7-42a0753234df
-        set wildcard-fqdn "*.adobelogin.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-Gotomeeting"
-        set uuid b5c2d1dc-7e12-51ec-0033-c7d538e5fdef
-        set wildcard-fqdn "*.gotomeeting.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-Windows update 2"
-        set uuid b5c2d93e-7e12-51ec-1050-7b6ae64065ac
-        set wildcard-fqdn "*.windowsupdate.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-adobe"
-        set uuid b5c2c30e-7e12-51ec-1da6-1db9bca6406e
-        set wildcard-fqdn "*.adobe.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-android"
-        set uuid b5c2c520-7e12-51ec-66f1-404afb0dad1a
-        set wildcard-fqdn "*.android.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-apple"
-        set uuid b5c2c61a-7e12-51ec-b2cc-2b03b1ad8ac0
-        set wildcard-fqdn "*.apple.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-appstore"
-        set uuid b5c2c714-7e12-51ec-072f-a8d60b6da6c9
-        set wildcard-fqdn "*.appstore.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-auth.gfx.ms"
-        set uuid b5c2c80e-7e12-51ec-3653-8016dcbc28a4
-        set wildcard-fqdn "*.auth.gfx.ms"
-        set color 0
-        set comment ''
-    next
-    edit "g-autoupdate.opera.com"
-        set uuid b5c2de52-7e12-51ec-9c10-927947a6ab3a
-        set wildcard-fqdn "*autoupdate.opera.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-cdn-apple"
-        set uuid 4fcf159e-7cda-51ed-d7ef-7d1c0f82091c
-        set wildcard-fqdn "*.cdn-apple.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-citrix"
-        set uuid b5c2c908-7e12-51ec-01b1-b38ce4989cbb
-        set wildcard-fqdn "*.citrixonline.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-dropbox.com"
-        set uuid b5c2ca02-7e12-51ec-43dc-489077effa44
-        set wildcard-fqdn "*.dropbox.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-eease"
-        set uuid b5c2cafc-7e12-51ec-0777-7e7243cc25fe
-        set wildcard-fqdn "*.eease.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-firefox update server"
-        set uuid b5c2cbf6-7e12-51ec-d213-27b68033a384
-        set wildcard-fqdn "aus*.mozilla.org"
-        set color 0
-        set comment ''
-    next
-    edit "g-fortinet"
-        set uuid b5c2ccf0-7e12-51ec-0b36-46ab64c1ba89
-        set wildcard-fqdn "*.fortinet.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-google-drive"
-        set uuid b5c2cee4-7e12-51ec-9ea0-220ca0ebde0f
-        set wildcard-fqdn "*drive.google.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-google-play"
-        set uuid b5c2db46-7e12-51ec-efc3-be1c278ba621
-        set wildcard-fqdn "*play.google.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-google-play2"
-        set uuid b5c2cfde-7e12-51ec-3f42-4089eb70f096
-        set wildcard-fqdn "*.ggpht.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-google-play3"
-        set uuid b5c2d0d8-7e12-51ec-b5df-6cd900ac767d
-        set wildcard-fqdn "*.books.google.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-googleapis.com"
-        set uuid b5c2cdea-7e12-51ec-c49f-497c9a8f0cc4
-        set wildcard-fqdn "*.googleapis.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-icloud"
-        set uuid b5c2d344-7e12-51ec-c8c1-97b23449d39e
-        set wildcard-fqdn "*.icloud.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-itunes"
-        set uuid b5c2d452-7e12-51ec-d0f4-1605cffaa5b0
-        set wildcard-fqdn "*itunes.apple.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-live.com"
-        set uuid b5c2da42-7e12-51ec-980b-fefb8446bc74
-        set wildcard-fqdn "*.live.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-microsoft"
-        set uuid b5c2d54c-7e12-51ec-66f6-895f67d8072d
-        set wildcard-fqdn "*.microsoft.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-mzstatic-apple"
-        set uuid 4fcf1652-7cda-51ed-df9f-4d198b596ae5
-        set wildcard-fqdn "*.mzstatic.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-skype"
-        set uuid b5c2d646-7e12-51ec-2218-dc4a982afb68
-        set wildcard-fqdn "*.messenger.live.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-softwareupdate.vmware.com"
-        set uuid b5c2d740-7e12-51ec-15f8-f8ef25f4ea30
-        set wildcard-fqdn "*.softwareupdate.vmware.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-swscan.apple.com"
-        set uuid b5c2dd44-7e12-51ec-5fa2-8d51ab678ea9
-        set wildcard-fqdn "*swscan.apple.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-update.microsoft.com"
-        set uuid b5c2dc40-7e12-51ec-7df9-3371c69c0ffb
-        set wildcard-fqdn "*update.microsoft.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-verisign"
-        set uuid b5c2d83a-7e12-51ec-e82e-ffa878b96855
-        set wildcard-fqdn "*.verisign.com"
-        set color 0
-        set comment ''
-    next
-end
-config firewall wildcard-fqdn group
-end
-config firewall service category
-    edit "General"
-        set comment "General services."
-        set fabric-object disable
-    next
-    edit "Web Access"
-        set comment "Web access."
-        set fabric-object disable
-    next
-    edit "File Access"
-        set comment "File access."
-        set fabric-object disable
-    next
-    edit "Email"
-        set comment "Email services."
-        set fabric-object disable
-    next
-    edit "Network Services"
-        set comment "Network services."
-        set fabric-object disable
-    next
-    edit "Authentication"
-        set comment "Authentication service."
-        set fabric-object disable
-    next
-    edit "Remote Access"
-        set comment "Remote access."
-        set fabric-object disable
-    next
-    edit "Tunneling"
-        set comment "Tunneling service."
-        set fabric-object disable
-    next
-    edit "VoIP, Messaging & Other Applications"
-        set comment "VoIP, messaging, and other applications."
-        set fabric-object disable
-    next
-    edit "Web Proxy"
-        set comment "Explicit web proxy."
-        set fabric-object disable
-    next
-end
-config firewall service custom
-    edit "DNS"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 53
-        set udp-portrange 53
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "HTTP"
-        set proxy disable
-        set category "Web Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 80
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "HTTPS"
-        set proxy disable
-        set category "Web Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 443
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "IMAP"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 143
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "IMAPS"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 993
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "LDAP"
-        set proxy disable
-        set category "Authentication"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 389
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "DCE-RPC"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 135
-        set udp-portrange 135
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "POP3"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 110
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "POP3S"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 995
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SAMBA"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 139
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SMTP"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 25
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SMTPS"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 465
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "KERBEROS"
-        set proxy disable
-        set category "Authentication"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 88 464
-        set udp-portrange 88 464
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "LDAP_UDP"
-        set proxy disable
-        set category "Authentication"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 389
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SMB"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 445
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "FTP"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 21
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "FTP_GET"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 21
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "FTP_PUT"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 21
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "ALL"
-        set proxy disable
-        set category "General"
-        set protocol IP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set protocol-number 0
-    next
-    edit "ALL_TCP"
-        set proxy disable
-        set category "General"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1-65535
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "ALL_UDP"
-        set proxy disable
-        set category "General"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 1-65535
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "ALL_ICMP"
-        set proxy disable
-        set category "General"
-        set protocol ICMP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        unset icmptype
-    next
-    edit "ALL_ICMP6"
-        set proxy disable
-        set category "General"
-        set protocol ICMP6
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        unset icmptype
-    next
-    edit "GRE"
-        set proxy disable
-        set category "Tunneling"
-        set protocol IP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set protocol-number 47
-    next
-    edit "AH"
-        set proxy disable
-        set category "Tunneling"
-        set protocol IP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set protocol-number 51
-    next
-    edit "ESP"
-        set proxy disable
-        set category "Tunneling"
-        set protocol IP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set protocol-number 50
-    next
-    edit "AOL"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 5190-5194
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "BGP"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 179
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "DHCP"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 67-68
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "FINGER"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 79
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "GOPHER"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 70
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "H323"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1720 1503
-        set udp-portrange 1719
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "IKE"
-        set proxy disable
-        set category "Tunneling"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 500 4500
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "Internet-Locator-Service"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 389
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "IRC"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 6660-6669
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "L2TP"
-        set proxy disable
-        set category "Tunneling"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1701
-        set udp-portrange 1701
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "NetMeeting"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1720
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "NFS"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 111 2049
-        set udp-portrange 111 2049
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "NNTP"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 119
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "NTP"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 123
-        set udp-portrange 123
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "OSPF"
-        set proxy disable
-        set category "Network Services"
-        set protocol IP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set protocol-number 89
-    next
-    edit "PC-Anywhere"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 5631
-        set udp-portrange 5632
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "PING"
-        set proxy disable
-        set category "Network Services"
-        set protocol ICMP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set icmptype 8
-        unset icmpcode
-    next
-    edit "TIMESTAMP"
-        set proxy disable
-        set category ''
-        set protocol ICMP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set icmptype 13
-        unset icmpcode
-    next
-    edit "INFO_REQUEST"
-        set proxy disable
-        set category ''
-        set protocol ICMP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set icmptype 15
-        unset icmpcode
-    next
-    edit "INFO_ADDRESS"
-        set proxy disable
-        set category ''
-        set protocol ICMP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set icmptype 17
-        unset icmpcode
-    next
-    edit "ONC-RPC"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 111
-        set udp-portrange 111
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "PPTP"
-        set proxy disable
-        set category "Tunneling"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1723
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "QUAKE"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 26000 27000 27910 27960
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RAUDIO"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 7070
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "REXEC"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 512
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RIP"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 520
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RLOGIN"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 513:512-1023
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RSH"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 514:512-1023
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SCCP"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 2000
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SIP"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 5060
-        set udp-portrange 5060
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SIP-MSNmessenger"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1863
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SNMP"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 161-162
-        set udp-portrange 161-162
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SSH"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 22
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SYSLOG"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 514
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "TALK"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 517-518
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "TELNET"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 23
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "TFTP"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 69
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "MGCP"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 2427 2727
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "UUCP"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 540
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "VDOLIVE"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 7000-7010
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "WAIS"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 210
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "WINFRAME"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1494 2598
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "X-WINDOWS"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 6000-6063
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "PING6"
-        set proxy disable
-        set category ''
-        set protocol ICMP6
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set icmptype 128
-        unset icmpcode
-    next
-    edit "MS-SQL"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1433 1434
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "MYSQL"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 3306
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RDP"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 3389
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "VNC"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 5900
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "DHCP6"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 546 547
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SQUID"
-        set proxy disable
-        set category "Tunneling"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 3128
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SOCKS"
-        set proxy disable
-        set category "Tunneling"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1080
-        set udp-portrange 1080
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "WINS"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1512
-        set udp-portrange 1512
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RADIUS"
-        set proxy disable
-        set category "Authentication"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 1812 1813
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RADIUS-OLD"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 1645 1646
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "CVSPSERVER"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 2401
-        set udp-portrange 2401
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "AFS3"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 7000-7009
-        set udp-portrange 7000-7009
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "TRACEROUTE"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 33434-33535
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RTSP"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 554 7070 8554
-        set udp-portrange 554
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "MMS"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1755
-        set udp-portrange 1024-5000
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "NONE"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 0
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "webproxy"
-        set proxy enable
-        set category "Web Proxy"
-        set protocol ALL
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set app-service-type disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 0-65535:0-65535
-    next
-end
-config firewall service group
-    edit "Email Access"
-        set proxy disable
-        set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
-        set comment ''
-        set color 0
-        set fabric-object disable
-    next
-    edit "Web Access"
-        set proxy disable
-        set member "DNS" "HTTP" "HTTPS"
-        set comment ''
-        set color 0
-        set fabric-object disable
-    next
-    edit "Windows AD"
-        set proxy disable
-        set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
-        set comment ''
-        set color 0
-        set fabric-object disable
-    next
-    edit "Exchange Server"
-        set proxy disable
-        set member "DCE-RPC" "DNS" "HTTPS"
-        set comment ''
-        set color 0
-        set fabric-object disable
-    next
-end
-config firewall internet-service-group
-end
-config firewall internet-service-extension
-end
-config firewall internet-service-custom
-end
-config firewall internet-service-custom-group
-end
-config system external-resource
-end
-config vpn certificate ca
-end
-config vpn certificate remote
-end
-config vpn certificate local
-    edit "Fortinet_CA_SSL"
-        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_CA_Untrusted"
-        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_RSA1024"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_RSA2048"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_RSA4096"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_DSA1024"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_DSA2048"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_ECDSA256"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_ECDSA384"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_ECDSA521"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_ED25519"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_ED448"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-end
-config vpn certificate crl
-end
-config vpn certificate ocsp-server
-end
-config vpn certificate setting
-    set ocsp-status disable
-    set ocsp-option server
-    set ocsp-default-server ''
-    set interface-select-method auto
-    set check-ca-cert enable
-    set check-ca-chain disable
-    set subject-match substring
-    set subject-set subset
-    set cn-match substring
-    set cn-allow-multi enable
-    config crl-verification
-        set expiry ignore
-        set leaf-crl-absence ignore
-        set chain-crl-absence ignore
-    end
-    set strict-ocsp-check disable
-    set ssl-min-proto-version default
-    set cmp-save-extra-certs disable
-    set cmp-key-usage-checking enable
-    set certname-rsa1024 "Fortinet_SSL_RSA1024"
-    set certname-rsa2048 "Fortinet_SSL_RSA2048"
-    set certname-rsa4096 "Fortinet_SSL_RSA4096"
-    set certname-dsa1024 "Fortinet_SSL_DSA1024"
-    set certname-dsa2048 "Fortinet_SSL_DSA2048"
-    set certname-ecdsa256 "Fortinet_SSL_ECDSA256"
-    set certname-ecdsa384 "Fortinet_SSL_ECDSA384"
-    set certname-ecdsa521 "Fortinet_SSL_ECDSA521"
-    set certname-ed25519 "Fortinet_SSL_ED25519"
-    set certname-ed448 "Fortinet_SSL_ED448"
-end
-config webfilter ftgd-local-cat
-    edit "custom1"
-        set status enable
-        set id 140
-    next
-    edit "custom2"
-        set status enable
-        set id 141
-    next
-end
-config ips sensor
-    edit "g-default"
-        set comment "Prevent critical attacks."
-        set replacemsg-group ''
-        set block-malicious-url disable
-        set scan-botnet-connections disable
-        set extended-log disable
-        config entries
-            edit 1
-                set location all
-                set severity medium high critical 
-                set protocol all
-                set os all
-                set application all
-                set status default
-                set log enable
-                set log-packet disable
-                set log-attack-context disable
-                set action default
-                set quarantine none
-            next
-        end
-    next
-    edit "g-sniffer-profile"
-        set comment "Monitor IPS attacks."
-        set replacemsg-group ''
-        set block-malicious-url disable
-        set scan-botnet-connections disable
-        set extended-log disable
-        config entries
-            edit 1
-                set location all
-                set severity medium high critical 
-                set protocol all
-                set os all
-                set application all
-                set status default
-                set log enable
-                set log-packet disable
-                set log-attack-context disable
-                set action default
-                set quarantine none
-            next
-        end
-    next
-    edit "g-wifi-default"
-        set comment "Default configuration for offloading WiFi traffic."
-        set replacemsg-group ''
-        set block-malicious-url disable
-        set scan-botnet-connections disable
-        set extended-log disable
-        config entries
-            edit 1
-                set location all
-                set severity medium high critical 
-                set protocol all
-                set os all
-                set application all
-                set status default
-                set log enable
-                set log-packet disable
-                set log-attack-context disable
-                set action default
-                set quarantine none
-            next
-        end
-    next
-end
-config sctp-filter profile
-end
-config firewall shaper traffic-shaper
-    edit "high-priority"
-        set guaranteed-bandwidth 0
-        set maximum-bandwidth 1048576
-        set bandwidth-unit kbps
-        set priority high
-        set per-policy enable
-        set diffserv disable
-        set overhead 0
-    next
-    edit "medium-priority"
-        set guaranteed-bandwidth 0
-        set maximum-bandwidth 1048576
-        set bandwidth-unit kbps
-        set priority medium
-        set per-policy enable
-        set diffserv disable
-        set overhead 0
-    next
-    edit "low-priority"
-        set guaranteed-bandwidth 0
-        set maximum-bandwidth 1048576
-        set bandwidth-unit kbps
-        set priority low
-        set per-policy enable
-        set diffserv disable
-        set overhead 0
-    next
-    edit "guarantee-100kbps"
-        set guaranteed-bandwidth 100
-        set maximum-bandwidth 1048576
-        set bandwidth-unit kbps
-        set priority high
-        set per-policy enable
-        set diffserv disable
-        set overhead 0
-    next
-    edit "shared-1M-pipe"
-        set guaranteed-bandwidth 0
-        set maximum-bandwidth 1024
-        set bandwidth-unit kbps
-        set priority high
-        set per-policy disable
-        set diffserv disable
-        set overhead 0
-    next
-end
-config firewall shaper per-ip-shaper
-end
-config firewall proxy-address
-end
-config firewall proxy-addrgrp
-end
-config web-proxy profile
-end
-config web-proxy global
-    set ssl-cert "Fortinet_Factory"
-    set ssl-ca-cert "Fortinet_CA_SSL"
-    set fast-policy-match enable
-    set ldap-user-cache disable
-    set proxy-fqdn "default.fqdn"
-    set max-request-length 8
-    set max-message-length 32
-    set strict-web-check disable
-    set forward-proxy-auth disable
-    set forward-server-affinity-timeout 30
-    set max-waf-body-cache-length 32
-    set webproxy-profile ''
-    set learn-client-ip disable
-end
-config web-proxy forward-server
-end
-config web-proxy forward-server-group
-end
-config web-proxy debug-url
-end
-config web-proxy wisp
-end
-config wanopt webcache
-    set max-object-size 512000
-    set neg-resp-time 0
-    set fresh-factor 100
-    set max-ttl 7200
-    set min-ttl 5
-    set default-ttl 1440
-    set ignore-ims disable
-    set ignore-conditional disable
-    set ignore-pnc disable
-    set ignore-ie-reload enable
-    set cache-expired disable
-    set cache-cookie disable
-    set reval-pnc disable
-    set always-revalidate disable
-    set cache-by-default disable
-    set host-validate disable
-    set external disable
-end
-config web-proxy url-match
-end
-config application custom
-end
-config application group
-end
-config dlp filepattern
-    edit 1
-        set name "builtin-patterns"
-        set comment ''
-        config entries
-            edit "*.bat"
-                set filter-type pattern
-            next
-            edit "*.com"
-                set filter-type pattern
-            next
-            edit "*.dll"
-                set filter-type pattern
-            next
-            edit "*.doc"
-                set filter-type pattern
-            next
-            edit "*.exe"
-                set filter-type pattern
-            next
-            edit "*.gz"
-                set filter-type pattern
-            next
-            edit "*.hta"
-                set filter-type pattern
-            next
-            edit "*.ppt"
-                set filter-type pattern
-            next
-            edit "*.rar"
-                set filter-type pattern
-            next
-            edit "*.scr"
-                set filter-type pattern
-            next
-            edit "*.tar"
-                set filter-type pattern
-            next
-            edit "*.tgz"
-                set filter-type pattern
-            next
-            edit "*.vb?"
-                set filter-type pattern
-            next
-            edit "*.wps"
-                set filter-type pattern
-            next
-            edit "*.xl?"
-                set filter-type pattern
-            next
-            edit "*.zip"
-                set filter-type pattern
-            next
-            edit "*.pif"
-                set filter-type pattern
-            next
-            edit "*.cpl"
-                set filter-type pattern
-            next
-        end
-    next
-    edit 2
-        set name "all_executables"
-        set comment ''
-        config entries
-            edit "bat"
-                set filter-type type
-                set file-type bat
-            next
-            edit "exe"
-                set filter-type type
-                set file-type exe
-            next
-            edit "elf"
-                set filter-type type
-                set file-type elf
-            next
-            edit "hta"
-                set filter-type type
-                set file-type hta
-            next
-        end
-    next
-end
-config dlp sensitivity
-    edit "Private"
-    next
-    edit "Critical"
-    next
-    edit "Warning"
-    next
-end
-config dlp fp-doc-source
-end
-config dlp sensor
-    edit "g-default"
-        set comment "Default sensor."
-        set replacemsg-group ''
-        set dlp-log enable
-        set extended-log disable
-        set nac-quar-log disable
-        unset full-archive-proto
-        unset summary-proto
-    next
-    edit "g-sniffer-profile"
-        set comment "Log a summary of email and web traffic."
-        set replacemsg-group ''
-        set dlp-log enable
-        set extended-log disable
-        set nac-quar-log disable
-        unset full-archive-proto
-        set summary-proto smtp pop3 imap http-get http-post
-    next
-end
-config webfilter content
-end
-config webfilter content-header
-end
-config webfilter urlfilter
-end
-config videofilter youtube-key
-end
-config videofilter youtube-channel-filter
-end
-config videofilter profile
-end
-config webfilter ips-urlfilter-setting
-    set device ''
-    set distance 1
-    set gateway 0.0.0.0
-    set geo-filter ''
-end
-config webfilter ips-urlfilter-setting6
-    set device ''
-    set distance 1
-    set gateway6 ::
-    set geo-filter ''
-end
-config emailfilter bword
-end
-config emailfilter block-allow-list
-end
-config emailfilter mheader
-end
-config emailfilter dnsbl
-end
-config emailfilter iptrust
-end
-config log threat-weight
-    set status enable
-    config level
-        set low 5
-        set medium 10
-        set high 30
-        set critical 50
-    end
-    set blocked-connection high
-    set failed-connection low
-    set url-block-detected high
-    set botnet-connection-detected critical
-    config malware
-        set virus-infected critical
-        set fortindr critical
-        set file-blocked low
-        set command-blocked disable
-        set oversized disable
-        set virus-scan-error high
-        set switch-proto disable
-        set mimefragmented disable
-        set virus-file-type-executable medium
-        set virus-outbreak-prevention critical
-        set content-disarm medium
-        set malware-list medium
-        set ems-threat-feed medium
-        set fsa-malicious critical
-        set fsa-high-risk high
-        set fsa-medium-risk medium
-    end
-    config ips
-        set info-severity disable
-        set low-severity low
-        set medium-severity medium
-        set high-severity high
-        set critical-severity critical
-    end
-    config web
-        edit 1
-            set category 26
-            set level high
-        next
-        edit 2
-            set category 61
-            set level high
-        next
-        edit 3
-            set category 86
-            set level high
-        next
-        edit 4
-            set category 1
-            set level medium
-        next
-        edit 5
-            set category 3
-            set level medium
-        next
-        edit 6
-            set category 4
-            set level medium
-        next
-        edit 7
-            set category 5
-            set level medium
-        next
-        edit 8
-            set category 6
-            set level medium
-        next
-        edit 9
-            set category 12
-            set level medium
-        next
-        edit 10
-            set category 59
-            set level medium
-        next
-        edit 11
-            set category 62
-            set level medium
-        next
-        edit 12
-            set category 83
-            set level medium
-        next
-        edit 13
-            set category 72
-            set level low
-        next
-        edit 14
-            set category 14
-            set level low
-        next
-        edit 15
-            set category 96
-            set level medium
-        next
-    end
-    config application
-        edit 1
-            set category 2
-            set level low
-        next
-        edit 2
-            set category 6
-            set level medium
-        next
-    end
-end
-config icap server
-end
-config icap profile
-    edit "default"
-        set replacemsg-group ''
-        set request disable
-        set response disable
-        set streaming-content-bypass disable
-        set preview disable
-        set methods delete get head options post put trace other
-        set icap-block-log disable
-        set chunk-encap disable
-        unset extension-feature
-        config icap-headers
-            edit 1
-                set name "X-Authenticated-User"
-                set content "$user"
-                set base64-encoding disable
-            next
-            edit 2
-                set name "X-Authenticated-Groups"
-                set content "$local_grp"
-                set base64-encoding disable
-            next
-        end
-    next
-end
-config system network-visibility
-    set destination-visibility enable
-    set source-location enable
-    set destination-hostname-visibility enable
-    set hostname-ttl 86400
-    set hostname-limit 5000
-    set destination-location enable
-end
-config user certificate
-end
-config user radius
-end
-config user tacacs+
-end
-config user exchange
-end
-config user ldap
-end
-config user krb-keytab
-end
-config user domain-controller
-end
-config user pop3
-end
-config user saml
-end
-config user fsso
-end
-config user adgrp
-end
-config user fsso-polling
-end
-config user fortitoken
-end
-config user password-policy
-end
-config user local
-end
-config user setting
-    set auth-type http https ftp telnet
-    set auth-cert "Fortinet_Factory"
-    set auth-ca-cert ''
-    set auth-secure-http disable
-    set auth-http-basic disable
-    set auth-ssl-allow-renegotiation disable
-    set auth-src-mac enable
-    set auth-on-demand implicitly
-    set auth-timeout 5
-    set auth-timeout-type idle-timeout
-    set auth-portal-timeout 3
-    set radius-ses-timeout-act hard-timeout
-    set auth-blackout-time 0
-    set auth-invalid-max 5
-    set auth-lockout-threshold 3
-    set auth-lockout-duration 0
-    set per-policy-disclaimer disable
-    set auth-ssl-min-proto-version default
-    unset auth-ssl-max-proto-version
-    set auth-ssl-sigalgs all
-end
-config user peer
-end
-config user peergrp
-end
-config user quarantine
-    set quarantine enable
-    set traffic-policy ''
-    set firewall-groups ''
-end
-config user group
-    edit "SSO_Guest_Users"
-        set authtimeout 0
-        set http-digest-realm ''
-    next
-end
-config user security-exempt-list
-end
-config vpn ssl web realm
-end
-config vpn ssl web host-check-software
-    edit "FortiClient-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "1A0271D5-3D4F-46DB-0C2C-AB37BA90D9F7"
-    next
-    edit "FortiClient-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
-    next
-    edit "FortiClient-AV-Vista"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
-    next
-    edit "FortiClient-FW-Vista"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
-    next
-    edit "FortiClient5-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "5EEDDB8C-C27A-6714-3657-DBD811D1F1B7"
-    next
-    edit "AVG-Internet-Security-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
-    next
-    edit "AVG-Internet-Security-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "8DECF618-9569-4340-B34A-D78D28969B66"
-    next
-    edit "AVG-Internet-Security-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
-    next
-    edit "AVG-Internet-Security-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
-    next
-    edit "CA-Anti-Virus"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
-    next
-    edit "CA-Internet-Security-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
-    next
-    edit "CA-Internet-Security-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
-    next
-    edit "CA-Internet-Security-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
-    next
-    edit "CA-Internet-Security-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
-    next
-    edit "CA-Personal-Firewall"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
-    next
-    edit "F-Secure-Internet-Security-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
-    next
-    edit "F-Secure-Internet-Security-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "D4747503-0346-49EB-9262-997542F79BF4"
-    next
-    edit "F-Secure-Internet-Security-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "15414183-282E-D62C-CA37-EF24860A2F17"
-    next
-    edit "F-Secure-Internet-Security-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
-    next
-    edit "Kaspersky-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
-    next
-    edit "Kaspersky-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
-    next
-    edit "Kaspersky-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
-    next
-    edit "Kaspersky-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
-    next
-    edit "McAfee-Internet-Security-Suite-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
-    next
-    edit "McAfee-Internet-Security-Suite-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
-    next
-    edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
-    next
-    edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
-    next
-    edit "McAfee-Virus-Scan-Enterprise"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
-    next
-    edit "Norton-360-2.0-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
-    next
-    edit "Norton-360-2.0-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
-    next
-    edit "Norton-360-3.0-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "E10A9785-9598-4754-B552-92431C1C35F8"
-    next
-    edit "Norton-360-3.0-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
-    next
-    edit "Norton-Internet-Security-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "E10A9785-9598-4754-B552-92431C1C35F8"
-    next
-    edit "Norton-Internet-Security-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
-    next
-    edit "Norton-Internet-Security-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
-    next
-    edit "Norton-Internet-Security-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
-    next
-    edit "Symantec-Endpoint-Protection-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
-    next
-    edit "Symantec-Endpoint-Protection-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
-    next
-    edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
-    next
-    edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
-    next
-    edit "Panda-Antivirus+Firewall-2008-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
-    next
-    edit "Panda-Antivirus+Firewall-2008-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
-    next
-    edit "Panda-Internet-Security-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
-    next
-    edit "Panda-Internet-Security-2006~2007-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
-    next
-    edit "Panda-Internet-Security-2008~2009-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
-    next
-    edit "Sophos-Anti-Virus"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
-    next
-    edit "Sophos-Enpoint-Secuirty-and-Control-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
-    next
-    edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
-    next
-    edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
-    next
-    edit "Trend-Micro-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
-    next
-    edit "Trend-Micro-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
-    next
-    edit "Trend-Micro-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
-    next
-    edit "Trend-Micro-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
-    next
-    edit "ZoneAlarm-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
-    next
-    edit "ZoneAlarm-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
-    next
-    edit "ZoneAlarm-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
-    next
-    edit "ZoneAlarm-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
-    next
-    edit "ESET-Smart-Security-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
-    next
-    edit "ESET-Smart-Security-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
-    next
-end
-config vpn ssl web portal
-    edit "full-access"
-        set tunnel-mode enable
-        set ipv6-tunnel-mode enable
-        set web-mode enable
-        set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
-        set limit-user-logins disable
-        set forticlient-download enable
-        set ip-mode range
-        set auto-connect disable
-        set keep-alive disable
-        set save-password disable
-        set ip-pools "SSLVPN_TUNNEL_ADDR1"
-        set split-tunneling enable
-        set split-tunneling-routing-negate disable
-        set dns-server1 0.0.0.0
-        set dns-server2 0.0.0.0
-        set dns-suffix ''
-        set wins-server1 0.0.0.0
-        set wins-server2 0.0.0.0
-        set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
-        set ipv6-split-tunneling enable
-        set ipv6-split-tunneling-routing-negate disable
-        set ipv6-dns-server1 ::
-        set ipv6-dns-server2 ::
-        set ipv6-wins-server1 ::
-        set ipv6-wins-server2 ::
-        set display-bookmark enable
-        set user-bookmark enable
-        set user-group-bookmark enable
-        set display-connection-tools enable
-        set display-history enable
-        set display-status enable
-        set rewrite-ip-uri-ui disable
-        set heading "SSL-VPN Portal"
-        set redir-url ''
-        set theme neutrino
-        set custom-lang ''
-        set smb-ntlmv1-auth disable
-        set smb-min-version smbv2
-        set smb-max-version smbv3
-        set use-sdwan disable
-        set clipboard enable
-        set default-window-width 1024
-        set default-window-height 768
-        set host-check none
-        set mac-addr-check disable
-        set os-check disable
-        set forticlient-download-method direct
-        set customize-forticlient-download-url disable
-        set hide-sso-credential enable
-    next
-    edit "web-access"
-        set tunnel-mode disable
-        set ipv6-tunnel-mode disable
-        set web-mode enable
-        set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
-        set limit-user-logins disable
-        set forticlient-download enable
-        set dns-suffix ''
-        set display-bookmark enable
-        set user-bookmark enable
-        set user-group-bookmark enable
-        set display-connection-tools enable
-        set display-history enable
-        set display-status enable
-        set rewrite-ip-uri-ui disable
-        set heading "SSL-VPN Portal"
-        set redir-url ''
-        set theme neutrino
-        set custom-lang ''
-        set smb-ntlmv1-auth disable
-        set smb-min-version smbv2
-        set smb-max-version smbv3
-        set use-sdwan disable
-        set clipboard enable
-        set default-window-width 1024
-        set default-window-height 768
-        set forticlient-download-method direct
-        set customize-forticlient-download-url disable
-        set hide-sso-credential enable
-    next
-    edit "tunnel-access"
-        set tunnel-mode enable
-        set ipv6-tunnel-mode enable
-        set web-mode disable
-        set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
-        set limit-user-logins disable
-        set forticlient-download enable
-        set ip-mode range
-        set auto-connect disable
-        set keep-alive disable
-        set save-password disable
-        set ip-pools "SSLVPN_TUNNEL_ADDR1"
-        set split-tunneling enable
-        set split-tunneling-routing-negate disable
-        set dns-server1 0.0.0.0
-        set dns-server2 0.0.0.0
-        set dns-suffix ''
-        set wins-server1 0.0.0.0
-        set wins-server2 0.0.0.0
-        set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
-        set ipv6-split-tunneling enable
-        set ipv6-split-tunneling-routing-negate disable
-        set ipv6-dns-server1 ::
-        set ipv6-dns-server2 ::
-        set ipv6-wins-server1 ::
-        set ipv6-wins-server2 ::
-        set host-check none
-        set mac-addr-check disable
-        set os-check disable
-        set forticlient-download-method direct
-        set customize-forticlient-download-url disable
-    next
-end
-config vpn ssl settings
-    set status enable
-    set reqclientcert disable
-    set ssl-max-proto-ver tls1-3
-    set ssl-min-proto-ver tls1-2
-    unset banned-cipher
-    set ciphersuite TLS-AES-128-GCM-SHA256 TLS-AES-256-GCM-SHA384 TLS-CHACHA20-POLY1305-SHA256
-    set ssl-insert-empty-fragment enable
-    set https-redirect disable
-    set x-content-type-options enable
-    set ssl-client-renegotiation disable
-    set force-two-factor-auth disable
-    set servercert "Fortinet_Factory"
-    set algorithm high
-    set idle-timeout 300
-    set auth-timeout 28800
-    set login-attempt-limit 2
-    set login-block-time 60
-    set login-timeout 30
-    set dtls-hello-timeout 10
-    set dns-suffix ''
-    set dns-server1 0.0.0.0
-    set dns-server2 0.0.0.0
-    set wins-server1 0.0.0.0
-    set wins-server2 0.0.0.0
-    set ipv6-dns-server1 ::
-    set ipv6-dns-server2 ::
-    set ipv6-wins-server1 ::
-    set ipv6-wins-server2 ::
-    set url-obscuration disable
-    set http-compression disable
-    set http-only-cookie enable
-    set port 443
-    set port-precedence enable
-    set auto-tunnel-static-route enable
-    set header-x-forwarded-for add
-    set dtls-tunnel enable
-    set check-referer disable
-    set http-request-header-timeout 20
-    set http-request-body-timeout 30
-    set auth-session-check-source-ip enable
-    set tunnel-connect-without-reauth disable
-    set hsts-include-subdomains disable
-    set transform-backward-slashes disable
-    set encode-2f-sequence disable
-    set encrypt-and-store-password disable
-    set client-sigalgs all
-    set dual-stack-mode disable
-    set tunnel-addr-assigned-method first-available
-    set saml-redirect-port 8020
-    set dtls-max-proto-ver dtls1-2
-    set dtls-min-proto-ver dtls1-0
-end
-config vpn ssl web user-group-bookmark
-end
-config vpn ssl web user-bookmark
-end
-config vpn ssl client
-end
-config system sdwan
-    set status disable
-    set load-balance-mode source-ip-based
-    set speedtest-bypass-routing disable
-    set duplication-max-num 2
-    set neighbor-hold-down disable
-    set neighbor-hold-down-time 0
-    set neighbor-hold-boot-time 0
-    set fail-detect disable
-    config zone
-        edit "virtual-wan-link"
-            set service-sla-tie-break cfg-order
-        next
-    end
-    config health-check
-        edit "Default_DNS"
-            set probe-packets enable
-            set addr-mode ipv4
-            set system-dns enable
-            set detect-mode active
-            set ha-priority 1
-            set dns-request-domain "www.example.com"
-            set dns-match-ip 0.0.0.0
-            set interval 1000
-            set probe-timeout 1000
-            set failtime 5
-            set recoverytime 10
-            set probe-count 30
-            set diffservcode 000000
-            set update-cascade-interface enable
-            set update-static-route enable
-            set sla-fail-log-period 0
-            set sla-pass-log-period 0
-            set threshold-warning-packetloss 0
-            set threshold-alert-packetloss 0
-            set threshold-warning-latency 0
-            set threshold-alert-latency 0
-            set threshold-warning-jitter 0
-            set threshold-alert-jitter 0
-            config sla
-                edit 1
-                    set link-cost-factor latency jitter packet-loss
-                    set latency-threshold 250
-                    set jitter-threshold 50
-                    set packetloss-threshold 5
-                next
-            end
-        next
-        edit "Default_Office_365"
-            set probe-packets enable
-            set addr-mode ipv4
-            set server "www.office.com"
-            set detect-mode active
-            set protocol http
-            set port 0
-            set ha-priority 1
-            set http-get "/"
-            set http-agent "Chrome/ Safari/"
-            set http-match ''
-            set interval 1000
-            set probe-timeout 1000
-            set failtime 5
-            set recoverytime 10
-            set probe-count 30
-            set diffservcode 000000
-            set update-cascade-interface enable
-            set update-static-route enable
-            set sla-fail-log-period 0
-            set sla-pass-log-period 0
-            set threshold-warning-packetloss 0
-            set threshold-alert-packetloss 0
-            set threshold-warning-latency 0
-            set threshold-alert-latency 0
-            set threshold-warning-jitter 0
-            set threshold-alert-jitter 0
-            config sla
-                edit 1
-                    set link-cost-factor latency jitter packet-loss
-                    set latency-threshold 250
-                    set jitter-threshold 50
-                    set packetloss-threshold 5
-                next
-            end
-        next
-        edit "Default_Gmail"
-            set probe-packets enable
-            set addr-mode ipv4
-            set server "gmail.com"
-            set detect-mode active
-            set protocol ping
-            set ha-priority 1
-            set interval 1000
-            set probe-timeout 1000
-            set failtime 5
-            set recoverytime 10
-            set probe-count 30
-            set diffservcode 000000
-            set update-cascade-interface enable
-            set update-static-route enable
-            set sla-fail-log-period 0
-            set sla-pass-log-period 0
-            set threshold-warning-packetloss 0
-            set threshold-alert-packetloss 0
-            set threshold-warning-latency 0
-            set threshold-alert-latency 0
-            set threshold-warning-jitter 0
-            set threshold-alert-jitter 0
-            config sla
-                edit 1
-                    set link-cost-factor latency jitter packet-loss
-                    set latency-threshold 250
-                    set jitter-threshold 50
-                    set packetloss-threshold 2
-                next
-            end
-        next
-        edit "Default_Google Search"
-            set probe-packets enable
-            set addr-mode ipv4
-            set server "www.google.com"
-            set detect-mode active
-            set protocol http
-            set port 0
-            set ha-priority 1
-            set http-get "/"
-            set http-agent "Chrome/ Safari/"
-            set http-match ''
-            set interval 1000
-            set probe-timeout 1000
-            set failtime 5
-            set recoverytime 10
-            set probe-count 30
-            set diffservcode 000000
-            set update-cascade-interface enable
-            set update-static-route enable
-            set sla-fail-log-period 0
-            set sla-pass-log-period 0
-            set threshold-warning-packetloss 0
-            set threshold-alert-packetloss 0
-            set threshold-warning-latency 0
-            set threshold-alert-latency 0
-            set threshold-warning-jitter 0
-            set threshold-alert-jitter 0
-            config sla
-                edit 1
-                    set link-cost-factor latency jitter packet-loss
-                    set latency-threshold 250
-                    set jitter-threshold 50
-                    set packetloss-threshold 5
-                next
-            end
-        next
-        edit "Default_FortiGuard"
-            set probe-packets enable
-            set addr-mode ipv4
-            set server "fortiguard.com"
-            set detect-mode active
-            set protocol http
-            set port 0
-            set ha-priority 1
-            set http-get "/"
-            set http-agent "Chrome/ Safari/"
-            set http-match ''
-            set interval 1000
-            set probe-timeout 1000
-            set failtime 5
-            set recoverytime 10
-            set probe-count 30
-            set diffservcode 000000
-            set update-cascade-interface enable
-            set update-static-route enable
-            set sla-fail-log-period 0
-            set sla-pass-log-period 0
-            set threshold-warning-packetloss 0
-            set threshold-alert-packetloss 0
-            set threshold-warning-latency 0
-            set threshold-alert-latency 0
-            set threshold-warning-jitter 0
-            set threshold-alert-jitter 0
-            config sla
-                edit 1
-                    set link-cost-factor latency jitter packet-loss
-                    set latency-threshold 250
-                    set jitter-threshold 50
-                    set packetloss-threshold 5
-                next
-            end
-        next
-    end
-end
-config vpn ipsec phase1
-end
-config vpn ipsec phase2
-end
-config vpn ipsec manualkey
-end
-config vpn ipsec concentrator
-end
-config vpn ipsec fec
-end
-config vpn ipsec phase1-interface
-end
-config vpn ipsec phase2-interface
-end
-config vpn ipsec manualkey-interface
-end
-config vpn pptp
-    set status disable
-end
-config vpn l2tp
-    set status disable
-    set lcp-max-echo-fails 3
-    set hello-interval 60
-end
-config vpn ipsec forticlient
-end
-config dnsfilter domain-filter
-end
-config dnsfilter profile
-    edit "default"
-        set comment "Default dns filtering."
-        config domain-filter
-            unset domain-filter-table
-        end
-        config ftgd-dns
-            unset options
-            config filters
-                edit 1
-                    set category 2
-                    set action monitor
-                next
-                edit 2
-                    set category 7
-                    set action monitor
-                next
-                edit 3
-                    set category 8
-                    set action monitor
-                next
-                edit 4
-                    set category 9
-                    set action monitor
-                next
-                edit 5
-                    set category 11
-                    set action monitor
-                next
-                edit 6
-                    set category 12
-                    set action monitor
-                next
-                edit 7
-                    set category 13
-                    set action monitor
-                next
-                edit 8
-                    set category 14
-                    set action monitor
-                next
-                edit 9
-                    set category 15
-                    set action monitor
-                next
-                edit 10
-                    set category 16
-                    set action monitor
-                next
-                edit 11
-                    set category 0
-                    set action monitor
-                next
-                edit 12
-                    set category 57
-                    set action monitor
-                next
-                edit 13
-                    set category 63
-                    set action monitor
-                next
-                edit 14
-                    set category 64
-                    set action monitor
-                next
-                edit 15
-                    set category 65
-                    set action monitor
-                next
-                edit 16
-                    set category 66
-                    set action monitor
-                next
-                edit 17
-                    set category 67
-                    set action monitor
-                next
-                edit 18
-                    set category 26
-                    set action block
-                    set log enable
-                next
-                edit 19
-                    set category 61
-                    set action block
-                    set log enable
-                next
-                edit 20
-                    set category 86
-                    set action block
-                    set log enable
-                next
-                edit 21
-                    set category 88
-                    set action block
-                    set log enable
-                next
-                edit 22
-                    set category 90
-                    set action block
-                    set log enable
-                next
-                edit 23
-                    set category 91
-                    set action block
-                    set log enable
-                next
-            end
-        end
-        set log-all-domain disable
-        set sdns-ftgd-err-log enable
-        set sdns-domain-log enable
-        set block-action redirect
-        set block-botnet enable
-        set safe-search disable
-        set redirect-portal 0.0.0.0
-        set redirect-portal6 ::
-    next
-end
-config system gre-tunnel
-end
-config system ipsec-aggregate
-end
-config system ipip-tunnel
-end
-config system mobile-tunnel
-end
-config system pppoe-interface
-end
-config system vxlan
-end
-config system geneve
-end
-config system virtual-wire-pair
-end
-config system dns-database
-end
-config system dns-server
-end
-config log custom-field
-end
-config antivirus settings
-    set machine-learning-detection enable
-    set use-extreme-db disable
-    set grayware enable
-    set override-timeout 0
-    set cache-infected-result enable
-end
-config antivirus quarantine
-    set agelimit 0
-    set maxfilesize 0
-    set quarantine-quota 0
-    unset drop-infected
-    set store-infected imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
-    unset drop-blocked
-    set store-blocked imap smtp pop3 http ftp nntp imaps smtps pop3s ftps mapi cifs ssh
-    unset drop-machine-learning
-    set store-machine-learning imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
-    set lowspace ovrw-old
-    set destination disk
-end
-config ssh-filter profile
-end
-config antivirus profile
-    edit "g-default"
-        set comment "Scan files and block viruses."
-        set replacemsg-group ''
-        set mobile-malware-db enable
-        config http
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config ftp
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config imap
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config pop3
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config smtp
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config nntp
-            set av-scan disable
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config cifs
-            set av-scan disable
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config nac-quar
-            set infected none
-            set log disable
-        end
-        set outbreak-prevention-archive-scan disable
-        set external-blocklist-enable-all enable
-        set ems-threat-feed disable
-        set av-virus-log enable
-        set av-block-log enable
-        set extended-log disable
-    next
-    edit "g-sniffer-profile"
-        set comment "Scan files and monitor viruses."
-        set replacemsg-group ''
-        set mobile-malware-db enable
-        config http
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config ftp
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config imap
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config pop3
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config smtp
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config nntp
-            set av-scan disable
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config cifs
-            set av-scan disable
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config nac-quar
-            set infected none
-            set log disable
-        end
-        set outbreak-prevention-archive-scan disable
-        set external-blocklist-enable-all enable
-        set ems-threat-feed disable
-        set av-virus-log enable
-        set av-block-log enable
-        set extended-log disable
-    next
-    edit "g-wifi-default"
-        set comment "Default configuration for offloading WiFi traffic."
-        set replacemsg-group ''
-        set mobile-malware-db enable
-        config http
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config ftp
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config imap
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config pop3
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config smtp
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config nntp
-            set av-scan disable
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config cifs
-            set av-scan disable
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config nac-quar
-            set infected none
-            set log disable
-        end
-        set outbreak-prevention-archive-scan disable
-        set external-blocklist-enable-all enable
-        set ems-threat-feed disable
-        set av-virus-log enable
-        set av-block-log enable
-        set extended-log disable
-    next
-end
-config file-filter profile
-    edit "g-default"
-        set comment "File type inspection."
-        set replacemsg-group ''
-        set log enable
-        set extended-log disable
-        set scan-archive-contents enable
-    next
-    edit "g-sniffer-profile"
-        set comment "File type inspection."
-        set replacemsg-group ''
-        set log enable
-        set extended-log disable
-        set scan-archive-contents enable
-    next
-end
-config webfilter profile
-    edit "g-default"
-        set comment "Default web filtering."
-        set replacemsg-group ''
-        unset options
-        set https-replacemsg enable
-        set post-action normal
-        config web
-            set bword-threshold 10
-            unset bword-table
-            unset urlfilter-table
-            unset content-header-list
-            set blocklist disable
-            unset allowlist
-        end
-        set log-all-url disable
-        set web-content-log enable
-        set web-filter-command-block-log enable
-        set web-filter-cookie-log enable
-        set web-url-log enable
-        set web-invalid-domain-log enable
-        set extended-log disable
-    next
-    edit "g-sniffer-profile"
-        set comment "Monitor web traffic."
-        set replacemsg-group ''
-        unset options
-        set https-replacemsg enable
-        set post-action normal
-        config web
-            set bword-threshold 10
-            unset bword-table
-            unset urlfilter-table
-            unset content-header-list
-            set blocklist disable
-            unset allowlist
-        end
-        set log-all-url disable
-        set web-content-log enable
-        set web-filter-command-block-log enable
-        set web-filter-cookie-log enable
-        set web-url-log enable
-        set web-invalid-domain-log enable
-        set extended-log disable
-    next
-    edit "g-wifi-default"
-        set comment "Default configuration for offloading WiFi traffic."
-        set replacemsg-group ''
-        set options block-invalid-url
-        set https-replacemsg enable
-        set post-action normal
-        config web
-            set bword-threshold 10
-            unset bword-table
-            unset urlfilter-table
-            unset content-header-list
-            set blocklist disable
-            unset allowlist
-        end
-        set log-all-url disable
-        set web-content-log enable
-        set web-filter-command-block-log enable
-        set web-filter-cookie-log enable
-        set web-url-log enable
-        set web-invalid-domain-log enable
-        set extended-log disable
-    next
-end
-config webfilter ftgd-local-rating
-end
-config webfilter search-engine
-    edit "g-baidu"
-        set hostname ".*\\.baidu\\.com"
-        set url "^\\/s?\\?"
-        set query "wd="
-        set safesearch disable
-    next
-    edit "g-baidu2"
-        set hostname ".*\\.baidu\\.com"
-        set url "^\\/(ns|q|m|i|v)\\?"
-        set query "word="
-        set safesearch disable
-    next
-    edit "g-baidu3"
-        set hostname "tieba\\.baidu\\.com"
-        set url "^\\/f\\?"
-        set query "kw="
-        set safesearch disable
-    next
-    edit "g-bing"
-        set hostname ".*\\.bing\\..*"
-        set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
-        set query "q="
-        set safesearch header
-    next
-    edit "g-google"
-        set hostname ".*\\.google\\..*"
-        set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
-        set query "q="
-        set safesearch url
-        set safesearch-str "&safe=active"
-    next
-    edit "g-google-translate-1"
-        set hostname "translate\\.google\\..*"
-        set url "^\\/translate"
-        set query "u="
-        set safesearch translate
-    next
-    edit "g-google-translate-2"
-        set hostname ".*\\.translate\\.goog"
-        set url "^\\/"
-        set query ''
-        set safesearch translate
-    next
-    edit "g-twitter"
-        set hostname "twitter\\.com"
-        set url "^\\/i\\/api\\/graphql\\/.*\\/UserByScreenName"
-        set query "variables="
-        set safesearch translate
-    next
-    edit "g-vimeo"
-        set hostname ".*vimeo.*"
-        set url "^\\/search\\?"
-        set query "q="
-        set safesearch header
-    next
-    edit "g-yahoo"
-        set hostname ".*\\.yahoo\\..*"
-        set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
-        set query "p="
-        set safesearch url
-        set safesearch-str "&vm=r"
-    next
-    edit "g-yandex"
-        set hostname "yandex\\..*"
-        set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"
-        set query "text="
-        set safesearch url
-        set safesearch-str "&family=yes"
-    next
-    edit "g-youtube"
-        set hostname ".*youtube.*"
-        set url ''
-        set query ''
-        set safesearch header
-    next
-    edit "g-yt-channel"
-        set hostname ''
-        set url "www.youtube.com/channel"
-        set query ''
-        set safesearch yt-channel
-    next
-    edit "g-yt-pattern"
-        set hostname ''
-        set url "youtube.com/channel/"
-        set query ''
-        set safesearch yt-pattern
-    next
-    edit "g-yt-scan-1"
-        set hostname ''
-        set url "www.youtube.com/user/"
-        set query ''
-        set safesearch yt-scan
-    next
-    edit "g-yt-scan-2"
-        set hostname ''
-        set url "www.youtube.com/youtubei/v1/browse"
-        set query ''
-        set safesearch yt-scan
-    next
-    edit "g-yt-scan-3"
-        set hostname ''
-        set url "www.youtube.com/youtubei/v1/player"
-        set query ''
-        set safesearch yt-scan
-    next
-    edit "g-yt-scan-4"
-        set hostname ''
-        set url "www.youtube.com/youtubei/v1/navigator"
-        set query ''
-        set safesearch yt-scan
-    next
-    edit "translate"
-        set hostname "translate\\.google\\..*"
-        set url "^\\/translate\\?"
-        set query "u="
-        set safesearch translate
-    next
-    edit "yt-video"
-        set hostname ''
-        set url "www.youtube.com/watch"
-        set query ''
-        set safesearch yt-video
-    next
-end
-config emailfilter profile
-    edit "default"
-        set comment "Malware and phishing URL filtering."
-        set replacemsg-group ''
-        set spam-log enable
-        set spam-filtering disable
-        set external disable
-        unset options
-        config imap
-            set log-all disable
-        end
-        config pop3
-            set log-all disable
-        end
-        config smtp
-            set log-all disable
-        end
-        config msn-hotmail
-            set log-all disable
-        end
-        config gmail
-            set log-all disable
-        end
-        set spam-bword-threshold 10
-        unset spam-bword-table
-        unset spam-bal-table
-        unset spam-mheader-table
-        unset spam-rbl-table
-        unset spam-iptrust-table
-        set spam-log-fortiguard-response disable
-    next
-    edit "sniffer-profile"
-        set comment "Malware and phishing URL monitoring."
-        set replacemsg-group ''
-        set spam-log enable
-        set spam-filtering disable
-        set external disable
-        unset options
-        config imap
-            set log-all disable
-        end
-        config pop3
-            set log-all disable
-        end
-        config smtp
-            set log-all disable
-        end
-        config msn-hotmail
-            set log-all disable
-        end
-        config gmail
-            set log-all disable
-        end
-        set spam-bword-threshold 10
-        unset spam-bword-table
-        unset spam-bal-table
-        unset spam-mheader-table
-        unset spam-rbl-table
-        unset spam-iptrust-table
-        set spam-log-fortiguard-response disable
-    next
-end
-config wanopt settings
-    set host-id "default-id"
-    set tunnel-ssl-algorithm high
-    set auto-detect-algorithm simple
-    set tunnel-optimization balanced
-end
-config wanopt peer
-end
-config wanopt auth-group
-end
-config wanopt profile
-    edit "default"
-        set transparent enable
-        set comments "Default WANopt profile."
-        set auth-group ''
-        config http
-            set status disable
-            set secure-tunnel disable
-            set byte-caching enable
-            set ssl disable
-            set prefer-chunking fix
-            set protocol-opt protocol
-            set tunnel-sharing private
-            set log-traffic enable
-        end
-        config cifs
-            set status disable
-            set secure-tunnel disable
-            set byte-caching enable
-            set prefer-chunking fix
-            set protocol-opt protocol
-            set tunnel-sharing private
-            set log-traffic enable
-        end
-        config mapi
-            set status disable
-            set secure-tunnel disable
-            set byte-caching enable
-            set tunnel-sharing private
-            set log-traffic enable
-        end
-        config ftp
-            set status disable
-            set secure-tunnel disable
-            set byte-caching enable
-            set ssl disable
-            set prefer-chunking fix
-            set protocol-opt protocol
-            set tunnel-sharing private
-            set log-traffic enable
-        end
-        config tcp
-            set status disable
-        end
-    next
-end
-config system speed-test-server
-end
-config log memory setting
-    set status enable
-end
-config log disk setting
-    set status disable
-end
-config log eventfilter
-    set event enable
-    set system enable
-    set vpn enable
-    set user enable
-    set router enable
-    set wireless-activity enable
-    set wan-opt enable
-    set endpoint enable
-    set ha enable
-    set security-rating enable
-    set fortiextender enable
-    set connector enable
-    set sdwan enable
-    set cifs enable
-    set switch-controller enable
-end
-config log memory filter
-    set severity information
-    set forward-traffic enable
-    set local-traffic enable
-    set multicast-traffic enable
-    set sniffer-traffic enable
-    set ztna-traffic enable
-    set anomaly enable
-    set voip enable
-    set gtp enable
-end
-config log disk filter
-    set severity information
-    set forward-traffic enable
-    set local-traffic enable
-    set multicast-traffic enable
-    set sniffer-traffic enable
-    set ztna-traffic enable
-    set anomaly enable
-    set voip enable
-    set dlp-archive enable
-    set gtp enable
-end
-config log fortiguard override-setting
-    set override disable
-    set access-config enable
-end
-config log tacacs+accounting setting
-    set status disable
-end
-config log tacacs+accounting2 setting
-    set status disable
-end
-config log tacacs+accounting3 setting
-    set status disable
-end
-config log tacacs+accounting filter
-    set login-audit enable
-    set config-change-audit enable
-    set cli-cmd-audit enable
-end
-config log tacacs+accounting2 filter
-    set login-audit enable
-    set config-change-audit enable
-    set cli-cmd-audit enable
-end
-config log tacacs+accounting3 filter
-    set login-audit enable
-    set config-change-audit enable
-    set cli-cmd-audit enable
-end
-config log null-device setting
-    set status disable
-end
-config log null-device filter
-    set severity information
-    set forward-traffic enable
-    set local-traffic enable
-    set multicast-traffic enable
-    set sniffer-traffic enable
-    set ztna-traffic enable
-    set anomaly enable
-    set voip enable
-    set gtp enable
-end
-config log setting
-    set resolve-ip disable
-    set resolve-port enable
-    set log-user-in-upper disable
-    set fwpolicy-implicit-log disable
-    set fwpolicy6-implicit-log disable
-    set log-invalid-packet disable
-    set local-in-allow disable
-    set local-in-deny-unicast disable
-    set local-in-deny-broadcast disable
-    set local-out disable
-    set neighbor-event disable
-    set brief-traffic-format disable
-    set user-anonymize disable
-    set fortiview-weekly-data disable
-    set expolicy-implicit-log disable
-    set log-policy-comment disable
-    set faz-override disable
-    set syslog-override disable
-    set rest-api-set disable
-    set rest-api-get disable
-end
-config log gui-display
-    set resolve-hosts enable
-    set resolve-apps enable
-    set fortiview-unscanned-apps disable
-end
-config system lldp network-policy
-end
-config firewall schedule onetime
-end
-config firewall schedule recurring
-    edit "always"
-        set start 00:00
-        set end 00:00
-        set day sunday monday tuesday wednesday thursday friday saturday
-        set color 0
-        set fabric-object disable
-    next
-    edit "none"
-        set start 00:00
-        set end 00:00
-        set day none
-        set color 0
-        set fabric-object disable
-    next
-    edit "default-darrp-optimize"
-        set start 01:00
-        set end 01:30
-        set day sunday monday tuesday wednesday thursday friday saturday
-        set color 0
-        set fabric-object disable
-    next
-end
-config firewall schedule group
-end
-config firewall ippool
-end
-config firewall ippool6
-end
-config firewall ldb-monitor
-end
-config firewall vip
-end
-config firewall vip6
-end
-config firewall vipgrp
-end
-config firewall vipgrp6
-end
-config firewall ssh local-key
-    edit "g-Fortinet_SSH_DSA1024"
-        set password ENC /mSj8ZN0WXh1ljeTnvYM3JJFNw/1dEx4vvZASVDmJFbuAEltcBCEvVB6PiJ4oHLweB6/n+XEHbuPRiV5mNySIPdB7b3im1soLShHtySOgIP//gFav5TzkdDKMQQ4yvu9FwQ2ol37XTlwM3OmQsoFhKYIwifT0FaNk2+WKtUyt1ggZdvLSZOEoCkswjeD34r5ESvOKQ==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCsTsvNYA
-0b26004l8z8i7xAAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDho
-KqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTq
-a7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq
-7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXk
-jxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFR
-XsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEe
-P+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5
-lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11G
-wlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQAAAHgzgAOtcSS6fPeDulJ
-39PdJTzYpcTKSuHcUZV/mNHTzVhJqQxB6B9HLzfNKCy3EryifKql5HG2hhH6sggu00PbIl
-iLwFSIZRomdxWdDEC/0iOm/SvFkMMDR4R1VjNiqNsZcalKL0MuUbD65eRQEMhNwU+NnfD3
-w9zUGnQIrY823ehOaomlgzFJyBj88c3wOp/QAnaJwkK0q+F6pPUrA8Elyxjx95e2ysstac
-xjp4WRnWaAh13goad2tKPYRZr7LBYRpJMDLrTuedPzSbe+qgKEeMG3LiOX5dSEzRYh0CdL
-YihrYMyiosE9Q42QWGVt1tostNWY+P84pl6Ums5yH2ePz0htMhv6Ykcw+zuDGgDPQPIep+
-YivEsMViSNYAftgwHjKZY9vSm9Z080nCD1Y7am2KxKiDxLZjMpGoCqUVj0bgMRatalRs9e
-ZeRwi8Snls61FjQiyIFMcfKsihvBrZaFKIz53IBgSFp3t3vmOB1PVHy9oW0DqP8vgCu6qy
-wgqiinAB9ITb6R899zqkf6OTL/gTmZvZJQdG6X/L6xM/GeqAlbNqq/XUI2W/3AGGFYurRb
-floJVo0ZGUcsZBwbJZf83CXohyF0ZxU+BA7z/THjasuxqgW+xil417cAAMx1kY0x
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDhoKqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTqa7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXkjxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFRXsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEeP+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11GwlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQ="
-        set source built-in
-    next
-    edit "g-Fortinet_SSH_ECDSA256"
-        set password ENC BOtI3oe5vj+ZmhN95DWZgUXsZOzllcErzSY1yaE6pyaNN9y5naN4xfZOD/Tr6AzAxfmmmX1zXXgNNFvCvmlDSsw65G9z/aFeIBqmHx/YtIxzJhxzWQMBYXdoWNpbPFREVBgad4YJ2KGgrv8rj2tWTM+W5eTlhDe7REsxhAX1R10gVgf5ztqvIC3LtyWRSlR/3vydug==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABC6LqlkPY
-/Hdb6OrWPuEFY0AAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
-dHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvK
-y7MHqF8ARHi1glc6RSoarryTUQuCIAAACgVxupR7dKdgRH81tvCGVVIDuY//Vx1Yi/Yk0h
-BPrtDwxQhyoplotmX9mTOqazAvefWgTaNjvM9ijdzDa4ZaqNRnnG3P2I6Q9MPhjJtAXU8d
-6sLeriRKwNwnKx2IOvUqw/Pwe6rsubJPij0vXYi/cYVz21DERJvAG+5+1ADdYBbCKG7eEH
-84sWnBQ98dSS7TCNT3vSK6o2Bd6JddGULj+UPw==
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvKy7MHqF8ARHi1glc6RSoarryTUQuCI="
-        set source built-in
-    next
-    edit "g-Fortinet_SSH_ECDSA384"
-        set password ENC VjdjD28ghmr/CMiMJjoJsug+wMWoDfVpsxwDHS7UjcFJ7CfxhL+txBOZ8gPDrQqtxtjZ+8U8Cz/LoXCwaZVG8RHE/8ozutSMCjgMNolLR1i6Yo98fBFdcXRV/qKPisLpXJ0Kkmhy0vR+xfA5VSdVfhuWH0RKX3+ETSz8X2i0e2+YXO00B/+muakGSpWYIl5YW7pA2Q==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB0uOieAX
-++ifn8DLavtjHxAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
-dHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMj
-U5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXx
-dgAAANBLValBjOP2r5C1kT+Yr9A5Ce28py9bbFBwKGsyJRRyVOmJJvq/CjlgWrdenCuNED
-QUokZvQZZhhbXnk4KZcl/XWrq1b2lCxwSBLiiGLpyNUg+AvIRs13UiMZtLJLbxRR43BNpZ
-9FDCpid1AfE6TwpGvdx1dn6Ah4nfcxO7emsKe15Gri6KKxZxLD2ITDErEPrfZ5S8FBNKYW
-HQFDVYdALCo70/aeJhlUqqW4Xq2SW4LLvSFw0aeRi1GGUS+ym6ffR9h8h9cVatLZs8h6st
-2F3+
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMjU5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXxdg=="
-        set source built-in
-    next
-    edit "g-Fortinet_SSH_ECDSA521"
-        set password ENC 4Gsn+wHWjLUSsyRTVoKSHuPAX9CnTZmDejMdYG57OQnJZ4dPb3TGwBYG7WMGWONKMQ+Q7QCZpacMqfzu/rhVagLxyNNQmtdQ/V6iq/EBscPI/Dccb4oAMsBz5WJ2v4vSA2QqSfOA+6vqK9WJRcaHjK2CqvTI2KVeNl6xAreXx5SFD1OzVO3XmPTEMahFQ9iwEtrQCQ==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCBJpFvQr
-+3HPGMTII33aC8AAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
-dHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdF
-t5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+K
-HPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RAAAAQAIIfxsaGk5HnTJGL
-gKLEvymOn6YH6QOWCl3sPREJV3f1eePm1s+1AYbP9In7PkE7QJAxsFua8lebxEp6Uif4xA
-NkmFr2DxyTQX109wM71cssRrSvjlYiMJqFd2l8xeqlZA+2YEYCKkVZnJBry/oKoDfcELyX
-1EJVj9DPHrjRA1Y0VqOyXqLbmf5iZaLZskZ3LzRE2mH08rL5h+eYbeJVD0UmKN7NdwJtU9
-We+TPo2xrB6elHZIMlV4ppGUPifwR5ni+ZRgS+o/+zoHu29PEvGztRWNBN957ZaTGd5eNY
-v/mW78+7F5tmt/KkV2SW7sJmZxcPoA0ONHwtHmaHqdhuua
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdFt5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+KHPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RA=="
-        set source built-in
-    next
-    edit "g-Fortinet_SSH_ED25519"
-        set password ENC ZOwcmRlHAiP9Z0EjtF2Z0B2D2zs2VJGZJOpMoxjtx0xdWOmGcYhFt2Wx5bKqDPtVZBLfOyKQI6RU0KqilkcNGSwFePb6MdrGjngqQRYDPz0PFWHuVTmo5KoypJeKHrdEhfhlSBAYNSBVivKHqO95G9OO+MKju+og2IAvK7y0eLB2DgsuOiSco80Y5sMmF3BWYo2DFw==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDW2SdDDT
-+IBJQ0+eayPutWAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd
-3JUEAvHnugjOGiXz5Puxg/8YfanOAAAAkMpcWN7RXKH/uB0iWRlrAKTPHK0f1xqBoz6yqO
-V89vDInRfhlwYhS9AuFfm2OElbDGek4zOMNpFrGa7tlJw1NC74SQlDkBe1wrLauUy9MLyk
-ZCBfC6Gw8g7S3xwMYKQ+AVUjfQ2x/800xJhBLKH/3X5gtyjIKuXhRTEjZQBbBQjWtDw++i
-9pkiQ2ltDNDw2Upw==
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd3JUEAvHnugjOGiXz5Puxg/8YfanO"
-        set source built-in
-    next
-    edit "g-Fortinet_SSH_RSA2048"
-        set password ENC UMPO9o5vVMyRMKQ2AEfIyvTU41H4d+vsDBKcLzUKEwHryKrh54wgufo+gdnwMgwSF7m8XA6+QJGMAblNhcjjVlzYoMKB0IZ2BxqfNLrvsdxVU6ycAXwmdBq+OEluQOeTbUp/iYRAfCEjsacDRCxT9DyPlXCgVv8aVZledA7eD10vhBcFZoIco9MmQymiMOvqgGGZmA==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAFQPGDpG
-Q8o+mktySPJqK5AAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhh
-Q5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7
-A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GK
-hFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvC
-HA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8z
-OSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0vAAADwBoKo+7xugNDDC
-Xb+rcQGbPgkSpeDCY6NocfPJ99rrKPm2/Q230fzQ6LHbVTujGV3K+BamTb+CjXkZaXlvU/
-OrscZtORhABTRBd4/oY1nRjSDvQerQD8jjKAgJvqWE2KwPZJkenrdLPQeSjvfCTt28whuU
-FBEEsoQe3/L6FKL09xCmyjv4nozCDd6+/qHKhTXa3X9kuRHgjifu0GKAgVzVCbNCt4DHKD
-NzMLQEBvluihTyHefkeb0jY1InbckYU20NljTqEk0/F2koKrYi3YAg0mvZjM9tVx95zJNo
-TnsdlfdUZXMuWAV11rn6QrLfd8QrGwOUEWtYzZRhCcSFV1c32dCWMf7F6Zcn84g64HVMqB
-cd0ullOU9HmEtnbgZjtGXAWLFF+4SjmsHqI8TL0AZU85+aW6JB5XZ7WxunNSiP2DrF9Fss
-x8Qz5S/QJRb8d7lO5Laq4MGXyjaWpPQU+4Hl1lSBtuUp7lcMHMYy3jKXSroSzcDGocEN/A
-Ori4Mgc/nt7i7HHXOO2wEXHO5ibYfbSibPeUsbgdf6+777ND7kEXbcGJPvraeR4LmrO6T8
-cTLkXCakcXp6tLzwF0YEASKEEsr8gJcAPahsV2ITa1peppN/yA3+mW4bfAoNOE9HZYiYgO
-/1RGz1eIW5voQdPWbnw0kFGFBv4u4XT1dbXJUPpa/g+jfWjwyb4TDgVpMGMezfyYo7EBCz
-E3b0Rruyfo6AGgK0UmbrznOR6vApeRcjr+BrjNUPpqBcwfEbAPJMOlqaOVP3B37UBpbgDX
-pRoIAOTwEKtWwKN/wM8CmrRxqInWUBxf3FD4wc0O6eXUDQzKsQp/+X3l8sgtrNFa554LbW
-V5QF9BfO1IJig8yaki3xg+M8Hrf3kMlMeOWLXkCJ9aJf9GUFf4InyhXeyj4YwBPNb4FRCS
-ETU45sLhXhvRVPQGW9/PBj6y7i6qIE9oqlqiQ1SE0bUJTxey+4qD3WkPpHqSPQMeMkUmIv
-tpWKE15D5NTdKKtziX9e7D9mjfFh4Ab1CSZQALodWo9racYYIgl7Lfq/iLBt/lCRb75ZDx
-+gPGjDrAuj+A4xbRmrRZbSHAVunAm2LEKgrILzfPG1GcWSdB0Yd3cc2HTrEuWQQsbNPiuN
-tRMPA5JODd1sqFRkUjZ2GWqL6YW2TlRXr8ZbLgzyWTlWY860QRUoEZKAKuZzFva1/MnHYc
-D9EWV32z3WAFXeOkdO53LirfXoyvz2JkQ1sDLFpLfpnvZPjy6fUd1t4uZ9oL4AUcG5A+sH
-Xt1vvScA==
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhhQ5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GKhFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvCHA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8zOSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0v"
-        set source built-in
-    next
-end
-config firewall ssh local-ca
-    edit "g-Fortinet_SSH_CA"
-        set password ENC viZVdE+5Bw+pVcvvfJsxrhXEywRLF7gg2AM5EwTFeN32C3rWOfg48a9/41aSakInXJraaZeLL8UheFDdYdVYToyfmRKlf0ieI76b9XD5hE5S2H6pJ7pBV6pOn/AjJcCb5Al0LN/Fj76y57GW8UQrGIu7MUPHXsDAEm0wr4xanqSLdhlWU9v+0pEvCx1GorItOkOA2g==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBXtpsaPd
-cKixlCrpH1L+AaAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAAC
-NC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+U
-ZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGP
-E/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7A
-TB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIa
-Mk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9AAADwP015jrfUNd4Is
-nXeV2jaurZ4OE4N//EUdqSfty0cK61mhaqrWUdyzDhnsPacuNYO8Qf23oNsuBMgQk4VgKT
-+RhSuipr6Q4i+7AFEdDz8JknAaIYmQQUgPli583uyXKk3tCeOu3lna6rCl0LQTUigS6oby
-5Ha/qPEZiTqGkydWdVm0J9q8VvBDBMIxYF2IEZTr+Ie9+N+fy53FwnK0Hfn9ZzC8eH2GWI
-pdDeCRNUlNbwFcNIbpOlo7HelDLxWvrLexIhdbEsZYfK98sCDkHAg8J1UtjiRXDnWOyamx
-MYL1FfzQG1dl/d5uR5OH8H0ULsu/PgJYGtNeumS7phEJOoqVjrWEoGCte3WEDdLl9kOxJz
-8B6JR1U0DifuSr64LrCuaLXjSd0RMQ/pqJdUfpyjVhBg+voS78b0J2CrMT6iFlVTgiJN/U
-wvCx4lh970xWzf/wwpRGN8aYM3oCZs/bDtDVwJxMttMFn/3dNTa6+E0/g3vPWM+o+/FUz+
-OKptMFTGqCLNwtLatTSRWFG3xu/5hIH8zlcSjycgu8GHeYjq3PRZdy2dFsAW9pUiaPIdHD
-PjoQgl13NZvl5NZYUDTKGqOnowLkI00NvoGlCqCtdMHtZ+ZMVZpFhgYBTnM+AprRbtiwWq
-JFRmwJlqDYZd+J1ugxuzS1UeN2lzs56GOPFnjqkhelrHxqq45H6KRNLEyCxyI6BhFFO69C
-Qest9C8MkpXOjU1+9MAXJ6JPbJJT5o2Fm1r6W7IlpMVifgDya2dSkvUBV/bUrRTB1jWAlN
-+dwlacXiJrOEmllFNQr7ZG4aIN+tCGnRPO3LBIy5EQqORaM6XxmlN0Ok4KELiVQz+lYRx4
-KgREH9C7Bfh9GKZJQL7aWXb8+GgkD4WGN77iwKu6LIE6mOogapRn71Ci80/+NL6uMCrBKl
-uArsYelYs+3iZDAfRb67cqDSYWIm2uWJ9j6ZePWjqB7etXLfheIgPEXALsHfbzFqVxqeqZ
-8hIoe2BIrWxdAKSk0ZBeGhU+8pWqNNfr3FAbelg7en3/3hddLFKYJnImCsJnUESdySg0nL
-s/IjFJJoVg1KhtMsGH5nJyDBLRRSk2hIQ86OKbsWmtQV81kwLpssDBAtvI46Yi3aR1jqof
-S5QDHEI2fEhbvSFhdY26Vt9M+NGxYRASMoak6f6CYAC9xAG3BHjiBiEPzhkK6vmcfjjX+4
-+y5RZ3i75Vodx9N1FYWlhGo/430Q8E1IlWSAYlW7elypTnrfpHhTBJ5KN/cH0jRECai4gr
-ABMNge5w==
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAACNC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+UZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGPE/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7ATB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIaMk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9"
-        set source built-in
-    next
-    edit "g-Fortinet_SSH_CA_Untrusted"
-        set password ENC 1ynofa7PYYeHNaXNehag9uxW0X/O5ZoSR9hbSZaFGslqaXuWhWOEUUVS0fdJF1tGrj/628rIr1QOABNtqkWKFcRajYysoCdN90oD6VRZRy54mJI7IbVXFY31KB8QEkaJQI3j2mGjK9R4APT7TuwAGrC2ualsS5k8L/L+8ggaQ82235MVKAs3edimeQonNuThw3osRA==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABD/KlvLSV
-ypHyY6ugUeE/hMAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9
-RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lE
-ZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eU
-iw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFG
-Xi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mv
-NVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZlAAADwDMtKa5JA56wxK
-0V/lnCF4yiSneXjb/G6Sdt6RMxopk4ZeIrHTzQYZejJcYWY4fq/1Ifu/bhWryo4fimHzQB
-Emd8yKx3JVno0jqb+DXgC0ggoOVyEoSxImfjeX9utZifTv7IDppx5JIUy9fV0uTa3K4OH+
-xhExXukD4qKjlkmOoa1+Pn8GuuayjIzWY/45Vvmgx6cRQJ2zK9YzMrf+1atXJzEmjsQ0t/
-UZd0hWfYfTebwR0JTt3tF9nUJPMx8vI564EuHz+xN1I7CQdj+Oif2bTyv3Fu/3yKQuAm6n
-NRDCNj+NgMHyAu5q6rxIqHTH4oZnJ0OQwu1Gsk8FhzMHZdW7ZHOIxihR71axts/g5NuBri
-aUyfDT6X6w847kQO/ijODuTD3N0lnsPQMWCijRUrF4F0l3D2hXM1fNVELAHkO1hO27LSrC
-iNWtrhbn1NmJSitwYSieTTczKa6+TkRg31w52JR8Cjpk0Q/9Xih8p5m48Ywo35ZBWE3jC4
-NGeXKX5t8hNilVuHb6amgNXtoREM178ursALABc4uPoqV5jdKjZ5HfDgxPayJP0a02iD3F
-zpXvq5+Povk0WbuRW0cOg6Xri3pL5zr0YrGysKKV02urJv7AMRr3e81kzIs6hGDAdFRZEB
-VaLk8e8GIm1KdutZ5VyunrhEEQuXjwRbgUMHWbLYGyl6NcR6VrTR3mAxietZJ+vpO/j1U+
-jL+RcZwQs2RF0l/sKJ4GYXEKG1Dg7HaduzQVX5MZMkf4YDs43SZMCP2gecIKrqZpn9MEGk
-1JewLIQq7bioSpXHzLgE6WyXVLsNNWrEv1/BxJIKtZ5BySsL8H14kzQYZxcobQ3jZX3GSL
-eaPyZwBs+M5VadHELZp61eUB1+OGMYQOHogihV5KRfudQAjmtak3e5xDtmXzrNaKF+webM
-vMvSL6na2ADlDjS5m6FB4SQhcO/e4DERGKHZVV0r00CSamcTDCtcBHXNkoIQJVH0+uZxfo
-/5Tzu5Nsy6QieR3zwT7Jqv3jgJt7hnhm3tjE+eomJ7i05qYihnvj0XAAtRllhq25UhJXh1
-Uaw0c0H18jz0NP63FbFNXcPJJrhQkiELsZvNDi/U+XvbLlwwZZjXYrzSB7Gi1ImFRx85/S
-pkYR0drWgEM1k17hqSpS6RxxnL4ReX4UuwC8pJnkHFkmlz6oFWGJC07qcS7WXaTTLnvKNn
-vf2tdICS8wHNDfNVNnLha8hJHEZ3s6CwPVAZ+/M3YB4/RsSiK0D6aTTfcJi0aluTZtYF02
-PWD7d7mw==
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lEZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eUiw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFGXi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mvNVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZl"
-        set source built-in
-    next
-end
-config firewall ssh setting
-    set caname "g-Fortinet_SSH_CA"
-    set untrusted-caname "g-Fortinet_SSH_CA_Untrusted"
-    set hostkey-rsa2048 "g-Fortinet_SSH_RSA2048"
-    set hostkey-dsa1024 "g-Fortinet_SSH_DSA1024"
-    set hostkey-ecdsa256 "g-Fortinet_SSH_ECDSA256"
-    set hostkey-ecdsa384 "g-Fortinet_SSH_ECDSA384"
-    set hostkey-ecdsa521 "g-Fortinet_SSH_ECDSA521"
-    set hostkey-ed25519 "g-Fortinet_SSH_ED25519"
-    set host-trusted-checking enable
-end
-config firewall ssh host-key
-end
-config firewall decrypted-traffic-mirror
-end
-config firewall access-proxy-virtual-host
-end
-config firewall access-proxy-ssh-client-cert
-end
-config firewall access-proxy
-end
-config firewall access-proxy6
-end
-config firewall ipmacbinding setting
-    set bindthroughfw disable
-    set bindtofw disable
-end
-config firewall ipmacbinding table
-end
-config firewall profile-protocol-options
-    edit "default"
-        set comment "All default services."
-        set replacemsg-group ''
-        set oversize-log disable
-        set switching-protocols-log disable
-        config http
-            set ports 80
-            set status enable
-            set inspect-all disable
-            set proxy-after-tcp-handshake disable
-            unset options
-            set comfort-interval 10
-            set comfort-amount 1
-            set range-block disable
-            set strip-x-forwarded-for disable
-            unset post-lang
-            set streaming-content-bypass enable
-            set switching-protocols bypass
-            set unknown-http-version reject
-            set tunnel-non-http enable
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set stream-based-uncompressed-limit 0
-            set scan-bzip2 enable
-            set block-page-status-code 403
-            set retry-count 0
-            set tcp-window-type auto-tuning
-            set ssl-offloaded no
-            set address-ip-rating enable
-        end
-        config ftp
-            set ports 21
-            set status enable
-            set inspect-all disable
-            set options splice
-            set comfort-interval 10
-            set comfort-amount 1
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set stream-based-uncompressed-limit 0
-            set scan-bzip2 enable
-            set tcp-window-type auto-tuning
-            set ssl-offloaded no
-            set explicit-ftp-tls disable
-        end
-        config imap
-            set ports 143
-            set status enable
-            set inspect-all disable
-            set proxy-after-tcp-handshake disable
-            set options fragmail
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set scan-bzip2 enable
-            set ssl-offloaded no
-        end
-        config mapi
-            set ports 135
-            set status enable
-            set options fragmail
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set scan-bzip2 enable
-        end
-        config pop3
-            set ports 110
-            set status enable
-            set inspect-all disable
-            set proxy-after-tcp-handshake disable
-            set options fragmail
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set scan-bzip2 enable
-            set ssl-offloaded no
-        end
-        config smtp
-            set ports 25
-            set status enable
-            set inspect-all disable
-            set proxy-after-tcp-handshake disable
-            set options fragmail splice
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set scan-bzip2 enable
-            set server-busy disable
-            set ssl-offloaded no
-        end
-        config nntp
-            set ports 119
-            set status enable
-            set inspect-all disable
-            set proxy-after-tcp-handshake disable
-            set options splice
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set scan-bzip2 enable
-        end
-        config ssh
-            unset options
-            set comfort-interval 10
-            set comfort-amount 1
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set stream-based-uncompressed-limit 0
-            set scan-bzip2 enable
-            set tcp-window-type auto-tuning
-            set ssl-offloaded no
-        end
-        config dns
-            set ports 53
-            set status enable
-        end
-        config cifs
-            set ports 445
-            set status enable
-            unset options
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set scan-bzip2 enable
-            set tcp-window-type auto-tuning
-            set server-credential-type none
-        end
-        config mail-signature
-            set status disable
-            set signature ''
-        end
-        set rpc-over-http disable
-    next
-end
-config firewall ssl-ssh-profile
-    edit "certificate-inspection"
-        set comment "Read-only SSL handshake inspection profile."
-        config ssl
-            set inspect-all disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set min-allowed-ssl-version tls-1.1
-        end
-        config https
-            set ports 443
-            set status certificate-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set sni-server-cert-check enable
-            set cert-probe-failure block
-            set min-allowed-ssl-version tls-1.1
-        end
-        config ftps
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set min-allowed-ssl-version tls-1.1
-        end
-        config imaps
-            set status disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config pop3s
-            set status disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config smtps
-            set status disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config ssh
-            set ports 22
-            set status disable
-            set inspect-all disable
-            set unsupported-version bypass
-            set ssh-tun-policy-check disable
-            set ssh-algorithm compatible
-        end
-        config dot
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        set block-blocklisted-certificates enable
-        set caname "Fortinet_CA_SSL"
-        set ssl-anomaly-log enable
-        set ssl-negotiation-log disable
-        set ssl-server-cert-log disable
-        set ssl-handshake-log disable
-    next
-    edit "deep-inspection"
-        set comment "Read-only deep inspection profile."
-        config ssl
-            set inspect-all disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set min-allowed-ssl-version tls-1.1
-        end
-        config https
-            set ports 443
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set sni-server-cert-check enable
-            set min-allowed-ssl-version tls-1.1
-        end
-        config ftps
-            set ports 990
-            set status deep-inspection
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set min-allowed-ssl-version tls-1.1
-        end
-        config imaps
-            set ports 993
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config pop3s
-            set ports 995
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config smtps
-            set ports 465
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config ssh
-            set ports 22
-            set status disable
-            set inspect-all disable
-            set unsupported-version bypass
-            set ssh-tun-policy-check disable
-            set ssh-algorithm compatible
-        end
-        config dot
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        set allowlist disable
-        set block-blocklisted-certificates enable
-        config ssl-exempt
-            edit 1
-                set type fortiguard-category
-                set fortiguard-category 31
-            next
-            edit 2
-                set type fortiguard-category
-                set fortiguard-category 33
-            next
-            edit 3
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-adobe"
-            next
-            edit 4
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Adobe Login"
-            next
-            edit 5
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-android"
-            next
-            edit 6
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-apple"
-            next
-            edit 7
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-appstore"
-            next
-            edit 8
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-auth.gfx.ms"
-            next
-            edit 9
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-citrix"
-            next
-            edit 10
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-dropbox.com"
-            next
-            edit 11
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-eease"
-            next
-            edit 12
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-firefox update server"
-            next
-            edit 13
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-fortinet"
-            next
-            edit 14
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-googleapis.com"
-            next
-            edit 15
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-drive"
-            next
-            edit 16
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play2"
-            next
-            edit 17
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play3"
-            next
-            edit 18
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Gotomeeting"
-            next
-            edit 19
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-icloud"
-            next
-            edit 20
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-itunes"
-            next
-            edit 21
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-microsoft"
-            next
-            edit 22
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-skype"
-            next
-            edit 23
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-softwareupdate.vmware.com"
-            next
-            edit 24
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-verisign"
-            next
-            edit 25
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Windows update 2"
-            next
-            edit 26
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-live.com"
-            next
-            edit 27
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play"
-            next
-            edit 28
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-update.microsoft.com"
-            next
-            edit 29
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-swscan.apple.com"
-            next
-            edit 30
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-autoupdate.opera.com"
-            next
-            edit 31
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-cdn-apple"
-            next
-            edit 32
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-mzstatic-apple"
-            next
-        end
-        set server-cert-mode re-sign
-        set caname "Fortinet_CA_SSL"
-        set untrusted-caname "Fortinet_CA_Untrusted"
-        set ssl-exemption-ip-rating enable
-        set ssl-exemption-log disable
-        set ssl-anomaly-log enable
-        set ssl-negotiation-log disable
-        set ssl-server-cert-log disable
-        set ssl-handshake-log disable
-        set rpc-over-https disable
-        set mapi-over-https disable
-        set supported-alpn all
-        set use-ssl-server disable
-    next
-    edit "custom-deep-inspection"
-        set comment "Customizable deep inspection profile."
-        config ssl
-            set inspect-all disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set min-allowed-ssl-version tls-1.1
-        end
-        config https
-            set ports 443
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set sni-server-cert-check enable
-            set min-allowed-ssl-version tls-1.1
-        end
-        config ftps
-            set ports 990
-            set status deep-inspection
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set min-allowed-ssl-version tls-1.1
-        end
-        config imaps
-            set ports 993
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config pop3s
-            set ports 995
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config smtps
-            set ports 465
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config ssh
-            set ports 22
-            set status disable
-            set inspect-all disable
-            set unsupported-version bypass
-            set ssh-tun-policy-check disable
-            set ssh-algorithm compatible
-        end
-        config dot
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        set allowlist disable
-        set block-blocklisted-certificates enable
-        config ssl-exempt
-            edit 1
-                set type fortiguard-category
-                set fortiguard-category 31
-            next
-            edit 2
-                set type fortiguard-category
-                set fortiguard-category 33
-            next
-            edit 3
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-adobe"
-            next
-            edit 4
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Adobe Login"
-            next
-            edit 5
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-android"
-            next
-            edit 6
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-apple"
-            next
-            edit 7
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-appstore"
-            next
-            edit 8
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-auth.gfx.ms"
-            next
-            edit 9
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-citrix"
-            next
-            edit 10
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-dropbox.com"
-            next
-            edit 11
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-eease"
-            next
-            edit 12
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-firefox update server"
-            next
-            edit 13
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-fortinet"
-            next
-            edit 14
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-googleapis.com"
-            next
-            edit 15
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-drive"
-            next
-            edit 16
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play2"
-            next
-            edit 17
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play3"
-            next
-            edit 18
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Gotomeeting"
-            next
-            edit 19
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-icloud"
-            next
-            edit 20
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-itunes"
-            next
-            edit 21
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-microsoft"
-            next
-            edit 22
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-skype"
-            next
-            edit 23
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-softwareupdate.vmware.com"
-            next
-            edit 24
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-verisign"
-            next
-            edit 25
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Windows update 2"
-            next
-            edit 26
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-live.com"
-            next
-            edit 27
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play"
-            next
-            edit 28
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-update.microsoft.com"
-            next
-            edit 29
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-swscan.apple.com"
-            next
-            edit 30
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-autoupdate.opera.com"
-            next
-            edit 31
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-cdn-apple"
-            next
-            edit 32
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-mzstatic-apple"
-            next
-        end
-        set server-cert-mode re-sign
-        set caname "Fortinet_CA_SSL"
-        set untrusted-caname "Fortinet_CA_Untrusted"
-        set ssl-exemption-ip-rating enable
-        set ssl-exemption-log disable
-        set ssl-anomaly-log enable
-        set ssl-negotiation-log disable
-        set ssl-server-cert-log disable
-        set ssl-handshake-log disable
-        set rpc-over-https disable
-        set mapi-over-https disable
-        set supported-alpn all
-        set use-ssl-server disable
-    next
-    edit "no-inspection"
-        set comment "Read-only profile that does no inspection."
-        config ssl
-            set inspect-all disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set min-allowed-ssl-version tls-1.1
-        end
-        config https
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set sni-server-cert-check enable
-            set min-allowed-ssl-version tls-1.1
-        end
-        config ftps
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set min-allowed-ssl-version tls-1.1
-        end
-        config imaps
-            set status disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config pop3s
-            set status disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config smtps
-            set status disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config ssh
-            set ports 22
-            set status disable
-            set inspect-all disable
-            set unsupported-version bypass
-            set ssh-tun-policy-check disable
-            set ssh-algorithm compatible
-        end
-        config dot
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        set block-blocklisted-certificates enable
-        set caname "Fortinet_CA_SSL"
-        set ssl-anomaly-log enable
-        set ssl-negotiation-log disable
-        set ssl-server-cert-log disable
-        set ssl-handshake-log disable
-    next
-end
-config waf profile
-    edit "default"
-        set external disable
-        set extended-log disable
-        config signature
-            config main-class 100000000
-                set status disable
-                set action block
-                set log enable
-                set severity high
-            end
-            config main-class 20000000
-                set status disable
-                set action allow
-                set log enable
-                set severity medium
-            end
-            config main-class 30000000
-                set status enable
-                set action block
-                set log enable
-                set severity high
-            end
-            config main-class 40000000
-                set status disable
-                set action allow
-                set log enable
-                set severity medium
-            end
-            config main-class 50000000
-                set status enable
-                set action block
-                set log enable
-                set severity high
-            end
-            config main-class 60000000
-                set status disable
-                set action allow
-                set log enable
-                set severity medium
-            end
-            config main-class 70000000
-                set status enable
-                set action block
-                set log enable
-                set severity high
-            end
-            config main-class 80000000
-                set status enable
-                set action allow
-                set log enable
-                set severity low
-            end
-            config main-class 110000000
-                set status enable
-                set action allow
-                set log enable
-                set severity high
-            end
-            config main-class 90000000
-                set status enable
-                set action block
-                set log enable
-                set severity high
-            end
-            set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002
-            set credit-card-detection-threshold 3
-        end
-        config constraint
-            config header-length
-                set status enable
-                set length 8192
-                set action allow
-                set log enable
-                set severity low
-            end
-            config content-length
-                set status enable
-                set length 67108864
-                set action allow
-                set log enable
-                set severity low
-            end
-            config param-length
-                set status enable
-                set length 8192
-                set action allow
-                set log enable
-                set severity low
-            end
-            config line-length
-                set status enable
-                set length 1024
-                set action allow
-                set log enable
-                set severity low
-            end
-            config url-param-length
-                set status enable
-                set length 8192
-                set action allow
-                set log enable
-                set severity low
-            end
-            config version
-                set status disable
-                set action allow
-                set log enable
-                set severity medium
-            end
-            config method
-                set status disable
-                set action block
-                set log enable
-                set severity medium
-            end
-            config hostname
-                set status disable
-                set action block
-                set log enable
-                set severity medium
-            end
-            config malformed
-                set status disable
-                set action allow
-                set log enable
-                set severity medium
-            end
-            config max-cookie
-                set status enable
-                set max-cookie 16
-                set action allow
-                set log enable
-                set severity low
-            end
-            config max-header-line
-                set status enable
-                set max-header-line 32
-                set action allow
-                set log enable
-                set severity low
-            end
-            config max-url-param
-                set status enable
-                set max-url-param 16
-                set action allow
-                set log enable
-                set severity low
-            end
-            config max-range-segment
-                set status enable
-                set max-range-segment 5
-                set action allow
-                set log enable
-                set severity high
-            end
-        end
-        config method
-            set status disable
-            set log disable
-            set severity medium
-            unset default-allowed-methods
-        end
-        config address-list
-            set status disable
-            set blocked-log disable
-            set severity medium
-        end
-        set comment ''
-    next
-end
-config firewall profile-group
-end
-config firewall ssl-server
-end
-config firewall identity-based-route
-end
-config firewall auth-portal
-    set portal-addr ''
-    set portal-addr6 ''
-    set identity-based-route ''
-end
-config firewall security-policy
-end
-config firewall policy
-    edit 1
-        set status enable
-        set name "Default"
-        set uuid bdf03fc8-3520-51ed-3963-cb429fce01ab
-        set srcintf "any"
-        set dstintf "any"
-        set nat64 disable
-        set nat46 disable
-        set ztna-status disable
-        set srcaddr "all"
-        set dstaddr "all"
-        set srcaddr6 "all"
-        set dstaddr6 "all"
-        set internet-service disable
-        set internet-service-src disable
-        set service "ALL"
-        set dynamic-shaping disable
-        set passive-wan-health-measurement disable
-        set ssl-ssh-profile "certificate-inspection"
-        set auto-asic-offload enable
-        set session-ttl 0
-        set fec disable
-        set diffserv-forward disable
-        set diffserv-reverse disable
-        set tcp-mss-sender 0
-        set tcp-mss-receiver 0
-        set comments ''
-        set srcaddr-negate disable
-        set dstaddr-negate disable
-        set service-negate disable
-    next
-end
-config firewall traffic-class
-end
-config firewall shaping-policy
-end
-config firewall shaping-profile
-end
-config firewall local-in-policy
-end
-config firewall local-in-policy6
-end
-config firewall ttl-policy
-end
-config firewall dnstranslation
-end
-config firewall multicast-policy
-end
-config firewall multicast-policy6
-end
-config firewall interface-policy
-end
-config firewall interface-policy6
-end
-config firewall DoS-policy
-end
-config firewall DoS-policy6
-end
-config firewall sniffer
-end
-config firewall acl
-end
-config firewall acl6
-end
-config firewall central-snat-map
-end
-config firewall ip-translation
-end
-config authentication scheme
-end
-config authentication rule
-end
-config authentication setting
-    set active-auth-scheme ''
-    set sso-auth-scheme ''
-    set captive-portal-type fqdn
-    set captive-portal ''
-    set captive-portal6 ''
-    set cert-auth disable
-    set captive-portal-port 7830
-    set auth-https enable
-    set captive-portal-ssl-port 7831
-end
-config system speed-test-schedule
-end
-config switch-controller switch-interface-tag
-end
-config switch-controller 802-1X-settings
-    set link-down-auth set-unauth
-    set reauth-period 60
-    set max-reauth-attempt 3
-    set tx-period 30
-end
-config switch-controller security-policy 802-1X
-    edit "802-1X-policy-default"
-        set security-mode 802.1X
-        set user-group "SSO_Guest_Users"
-        set mac-auth-bypass disable
-        set open-auth disable
-        set eap-passthru enable
-        set eap-auto-untagged-vlans enable
-        set guest-vlan disable
-        set guest-auth-delay 30
-        set auth-fail-vlan disable
-        set framevid-apply enable
-        set radius-timeout-overwrite disable
-        set policy-type 802.1X
-        set authserver-timeout-vlan disable
-    next
-end
-config switch-controller security-policy local-access
-    edit "default"
-        set mgmt-allowaccess https ping ssh
-        set internal-allowaccess https ping ssh
-    next
-end
-config switch-controller location
-end
-config switch-controller lldp-settings
-    set tx-hold 4
-    set tx-interval 30
-    set fast-start-interval 2
-    set management-interface internal
-    set device-detection enable
-end
-config switch-controller lldp-profile
-    edit "default"
-        set med-tlvs inventory-management network-policy location-identification
-        unset 802.1-tlvs
-        unset 802.3-tlvs
-        set auto-isl disable
-        config med-network-policy
-            edit "voice"
-                set status disable
-            next
-            edit "voice-signaling"
-                set status disable
-            next
-            edit "guest-voice"
-                set status disable
-            next
-            edit "guest-voice-signaling"
-                set status disable
-            next
-            edit "softphone-voice"
-                set status disable
-            next
-            edit "video-conferencing"
-                set status disable
-            next
-            edit "streaming-video"
-                set status disable
-            next
-            edit "video-signaling"
-                set status disable
-            next
-        end
-        config med-location-service
-            edit "coordinates"
-                set status disable
-            next
-            edit "address-civic"
-                set status disable
-            next
-            edit "elin-number"
-                set status disable
-            next
-        end
-    next
-    edit "default-auto-isl"
-        unset med-tlvs
-        unset 802.1-tlvs
-        unset 802.3-tlvs
-        set auto-isl enable
-        set auto-isl-hello-timer 3
-        set auto-isl-receive-timeout 60
-        set auto-isl-port-group 0
-        set auto-mclag-icl disable
-    next
-    edit "default-auto-mclag-icl"
-        unset med-tlvs
-        unset 802.1-tlvs
-        unset 802.3-tlvs
-        set auto-isl enable
-        set auto-isl-hello-timer 3
-        set auto-isl-receive-timeout 60
-        set auto-isl-port-group 0
-        set auto-mclag-icl enable
-    next
-end
-config switch-controller qos dot1p-map
-    edit "voice-dot1p"
-        set description ''
-        set egress-pri-tagging disable
-        set priority-0 queue-4
-        set priority-1 queue-4
-        set priority-2 queue-3
-        set priority-3 queue-2
-        set priority-4 queue-3
-        set priority-5 queue-1
-        set priority-6 queue-2
-        set priority-7 queue-2
-    next
-end
-config switch-controller qos ip-dscp-map
-    edit "voice-dscp"
-        set description ''
-        config map
-            edit "1"
-                set cos-queue 1
-                set value 46
-            next
-            edit "2"
-                set cos-queue 2
-                set value 24,26,48,56
-            next
-            edit "5"
-                set cos-queue 3
-                set value 34
-            next
-        end
-    next
-end
-config switch-controller qos queue-policy
-    edit "default"
-        set schedule round-robin
-        set rate-by kbps
-        config cos-queue
-            edit "queue-0"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-1"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-2"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-3"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-4"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-5"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-6"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-7"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-        end
-    next
-    edit "voice-egress"
-        set schedule weighted
-        set rate-by kbps
-        config cos-queue
-            edit "queue-0"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-1"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 0
-            next
-            edit "queue-2"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 6
-            next
-            edit "queue-3"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 37
-            next
-            edit "queue-4"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 12
-            next
-            edit "queue-5"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-6"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-7"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-        end
-    next
-end
-config switch-controller qos qos-policy
-    edit "default"
-        set default-cos 0
-        set trust-dot1p-map ''
-        set trust-ip-dscp-map ''
-        set queue-policy "default"
-    next
-    edit "voice-qos"
-        set default-cos 0
-        set trust-dot1p-map "voice-dot1p"
-        set trust-ip-dscp-map "voice-dscp"
-        set queue-policy "voice-egress"
-    next
-end
-config switch-controller storm-control-policy
-    edit "default"
-        set description "default storm control on all port"
-        set storm-control-mode global
-    next
-    edit "auto-config"
-        set description "storm control policy for fortilink-isl-icl port"
-        set storm-control-mode disabled
-    next
-end
-config switch-controller auto-config policy
-    edit "default"
-        set qos-policy "default"
-        set storm-control-policy "auto-config"
-        set poe-status enable
-        set igmp-flood-report disable
-        set igmp-flood-traffic disable
-    next
-    edit "default-icl"
-        set qos-policy "default"
-        set storm-control-policy "auto-config"
-        set poe-status disable
-        set igmp-flood-report enable
-        set igmp-flood-traffic enable
-    next
-end
-config switch-controller auto-config default
-    set fgt-policy "default"
-    set isl-policy "default"
-    set icl-policy "default-icl"
-end
-config switch-controller auto-config custom
-end
-config switch-controller initial-config template
-    edit "_default"
-        set vlanid 1
-        unset allowaccess
-        set dhcp-server disable
-    next
-    edit "quarantine"
-        set vlanid 4093
-        unset allowaccess
-        set auto-ip enable
-        set dhcp-server enable
-    next
-    edit "rspan"
-        set vlanid 4092
-        unset allowaccess
-        set auto-ip enable
-        set dhcp-server enable
-    next
-    edit "voice"
-        set vlanid 4091
-        unset allowaccess
-        set dhcp-server disable
-    next
-    edit "video"
-        set vlanid 4090
-        unset allowaccess
-        set dhcp-server disable
-    next
-    edit "onboarding"
-        set vlanid 4089
-        unset allowaccess
-        set dhcp-server disable
-    next
-    edit "nac_segment"
-        set vlanid 4088
-        unset allowaccess
-        set auto-ip enable
-        set dhcp-server enable
-    next
-end
-config switch-controller initial-config vlans
-    set default-vlan "_default"
-    set quarantine "quarantine"
-    set rspan "rspan"
-    set voice "voice"
-    set video "video"
-    set nac "onboarding"
-    set nac-segment "nac_segment"
-end
-config switch-controller switch-profile
-    edit "default"
-        set login-passwd-override disable
-    next
-end
-config switch-controller custom-command
-end
-config switch-controller virtual-port-pool
-end
-config switch-controller ptp settings
-    set mode disable
-end
-config switch-controller ptp policy
-    edit "default"
-        set status enable
-    next
-end
-config switch-controller vlan-policy
-end
-config switch-controller dynamic-port-policy
-end
-config switch-controller managed-switch
-end
-config switch-controller switch-group
-end
-config switch-controller stp-settings
-    set name ''
-    set revision 0
-    set hello-time 2
-    set forward-time 15
-    set max-age 20
-    set max-hops 20
-end
-config switch-controller stp-instance
-end
-config switch-controller storm-control
-    set rate 500
-    set unknown-unicast disable
-    set unknown-multicast disable
-    set broadcast disable
-end
-config switch-controller global
-    set mac-aging-interval 300
-    set https-image-push enable
-    set vlan-optimization enable
-    set mac-retention-period 24
-    set default-virtual-switch-vlan ''
-    set dhcp-server-access-list disable
-    set log-mac-limit-violations disable
-    set sn-dns-resolution enable
-    set mac-event-logging disable
-    set bounce-quarantined-link disable
-    set quarantine-mode by-vlan
-    set update-user-device mac-cache lldp dhcp-snooping l2-db l3-db
-    set fips-enforce enable
-    set firmware-provision-on-authorization disable
-end
-config switch-controller switch-log
-    set status enable
-    set severity notification
-end
-config switch-controller igmp-snooping
-    set aging-time 300
-    set flood-unknown-multicast disable
-    set query-interval 125
-end
-config switch-controller sflow
-    set collector-ip 0.0.0.0
-    set collector-port 6343
-end
-config switch-controller network-monitor-settings
-    set network-monitoring disable
-end
-config switch-controller flow-tracking
-    set sample-mode perimeter
-    set sample-rate 512
-    set format netflow9
-    set collector-ip 0.0.0.0
-    set collector-port 0
-    set transport udp
-    set level ip
-    set max-export-pkt-size 512
-    set timeout-general 3600
-    set timeout-icmp 300
-    set timeout-max 604800
-    set timeout-tcp 3600
-    set timeout-tcp-fin 300
-    set timeout-tcp-rst 120
-    set timeout-udp 300
-end
-config switch-controller snmp-sysinfo
-    set status disable
-    set engine-id ''
-    set description ''
-    set contact-info ''
-    set location ''
-end
-config switch-controller snmp-trap-threshold
-    set trap-high-cpu-threshold 80
-    set trap-low-memory-threshold 80
-    set trap-log-full-threshold 90
-end
-config switch-controller snmp-community
-end
-config switch-controller snmp-user
-end
-config switch-controller traffic-sniffer
-    set mode erspan-auto
-    set erspan-ip 0.0.0.0
-end
-config switch-controller remote-log
-    edit "syslogd"
-        set status disable
-    next
-    edit "syslogd2"
-        set status disable
-    next
-end
-config switch-controller mac-policy
-end
-config wireless-controller setting
-    set account-id ''
-    set country US
-    set duplicate-ssid disable
-    set fapc-compatibility disable
-    set wfa-compatibility disable
-    set phishing-ssid-detect enable
-    set fake-ssid-action log
-    set device-weight 1
-    set device-holdoff 5
-    set device-idle 1440
-    set firmware-provision-on-authorization disable
-    set darrp-optimize 86400
-    set darrp-optimize-schedules "default-darrp-optimize"
-end
-config wireless-controller log
-    set status enable
-    set addrgrp-log notification
-    set ble-log notification
-    set clb-log notification
-    set dhcp-starv-log notification
-    set led-sched-log notification
-    set radio-event-log notification
-    set rogue-event-log notification
-    set sta-event-log notification
-    set sta-locate-log notification
-    set wids-log notification
-    set wtp-event-log notification
-end
-config wireless-controller apcfg-profile
-end
-config wireless-controller bonjour-profile
-end
-config wireless-controller arrp-profile
-    edit "arrp-default"
-        set comment ''
-        set selection-period 3600
-        set monitor-period 300
-        set weight-managed-ap 50
-        set weight-rogue-ap 10
-        set weight-noise-floor 40
-        set weight-channel-load 20
-        set weight-spectral-rssi 40
-        set weight-weather-channel 1000
-        set weight-dfs-channel 500
-        set threshold-ap 250
-        set threshold-noise-floor "-85"
-        set threshold-channel-load 60
-        set threshold-spectral-rssi "-65"
-        set threshold-tx-retries 300
-        set threshold-rx-errors 50
-        set include-weather-channel disable
-        set include-dfs-channel disable
-        set override-darrp-optimize disable
-    next
-end
-config wireless-controller region
-end
-config wireless-controller vap-group
-end
-config wireless-controller wids-profile
-    edit "default"
-        set comment "Default WIDS profile."
-        set sensor-mode disable
-        set ap-scan enable
-        set ap-bgscan-period 600
-        set ap-bgscan-intv 1
-        set ap-bgscan-duration 20
-        set ap-bgscan-idle 0
-        set ap-bgscan-report-intv 30
-        set ap-fgscan-report-intv 15
-        set ap-scan-passive disable
-        set ap-scan-threshold "-90"
-        set wireless-bridge enable
-        set deauth-broadcast enable
-        set null-ssid-probe-resp enable
-        set long-duration-attack enable
-        set long-duration-thresh 8200
-        set invalid-mac-oui enable
-        set weak-wep-iv enable
-        set auth-frame-flood enable
-        set auth-flood-time 10
-        set auth-flood-thresh 30
-        set assoc-frame-flood enable
-        set assoc-flood-time 10
-        set assoc-flood-thresh 30
-        set spoofed-deauth enable
-        set asleap-attack enable
-        set eapol-start-flood enable
-        set eapol-start-thresh 10
-        set eapol-start-intv 1
-        set eapol-logoff-flood enable
-        set eapol-logoff-thresh 10
-        set eapol-logoff-intv 1
-        set eapol-succ-flood enable
-        set eapol-succ-thresh 10
-        set eapol-succ-intv 1
-        set eapol-fail-flood enable
-        set eapol-fail-thresh 10
-        set eapol-fail-intv 1
-        set eapol-pre-succ-flood enable
-        set eapol-pre-succ-thresh 10
-        set eapol-pre-succ-intv 1
-        set eapol-pre-fail-flood enable
-        set eapol-pre-fail-thresh 10
-        set eapol-pre-fail-intv 1
-        set deauth-unknown-src-thresh 10
-    next
-    edit "default-wids-apscan-enabled"
-        set comment ''
-        set sensor-mode disable
-        set ap-scan enable
-        set ap-bgscan-period 600
-        set ap-bgscan-intv 1
-        set ap-bgscan-duration 20
-        set ap-bgscan-idle 0
-        set ap-bgscan-report-intv 30
-        set ap-fgscan-report-intv 15
-        set ap-scan-passive disable
-        set ap-scan-threshold "-90"
-        set wireless-bridge disable
-        set deauth-broadcast disable
-        set null-ssid-probe-resp disable
-        set long-duration-attack disable
-        set long-duration-thresh 8200
-        set invalid-mac-oui disable
-        set weak-wep-iv disable
-        set auth-frame-flood disable
-        set assoc-frame-flood disable
-        set spoofed-deauth disable
-        set asleap-attack disable
-        set eapol-start-flood disable
-        set eapol-logoff-flood disable
-        set eapol-succ-flood disable
-        set eapol-fail-flood disable
-        set eapol-pre-succ-flood disable
-        set eapol-pre-fail-flood disable
-        set deauth-unknown-src-thresh 10
-    next
-end
-config wireless-controller ble-profile
-    edit "fortiap-discovery"
-        set comment ''
-        set advertising ibeacon eddystone-uid eddystone-url
-        set ibeacon-uuid "wtp-uuid"
-        set major-id 1000
-        set minor-id 2000
-        set eddystone-namespace "0102030405"
-        set eddystone-instance "abcdef"
-        set eddystone-url "http://www.fortinet.com"
-        set txpower 0
-        set beacon-interval 100
-        set ble-scanning disable
-    next
-end
-config wireless-controller syslog-profile
-end
-config wireless-controller wtp-profile
-end
-config wireless-controller wtp
-end
-config wireless-controller wtp-group
-end
-config wireless-controller qos-profile
-end
-config wireless-controller wag-profile
-end
-config wireless-controller address
-end
-config wireless-controller addrgrp
-end
-config wireless-controller snmp
-    set engine-id ''
-    set contact-info ''
-    set trap-high-cpu-threshold 80
-    set trap-high-mem-threshold 80
-end
-config wireless-controller mpsk-profile
-end
-config wireless-controller nac-profile
-end
-config wireless-controller ssid-policy
-end
-config wireless-controller access-control-list
-end
-config wireless-controller ap-status
-end
-config user nac-policy
-end
-config extender-controller dataplan
-end
-config extender-controller extender-profile
-end
-config extender-controller extender
-end
-config system ips
-    set signature-hold-time 0h
-end
-config ips custom
-end
-config ips settings
-    set packet-log-history 1
-    set packet-log-post-attack 0
-    set ips-packet-quota 0
-end
-config alertemail setting
-    set username ''
-    set mailto1 ''
-    set mailto2 ''
-    set mailto3 ''
-    set filter-mode category
-    set email-interval 5
-    set IPS-logs disable
-    set firewall-authentication-failure-logs disable
-    set IPsec-errors-logs disable
-    set PPP-errors-logs disable
-    set sslvpn-authentication-errors-logs disable
-    set antivirus-logs disable
-    set webfilter-logs disable
-    set configuration-changes-logs disable
-    set violation-traffic-logs disable
-    set admin-login-logs disable
-    set log-disk-usage-warning disable
-    set FSSO-disconnect-logs disable
-    set ssh-logs disable
-    set local-disk-usage 75
-end
-config router access-list
-end
-config router access-list6
-end
-config router aspath-list
-end
-config router prefix-list
-end
-config router prefix-list6
-end
-config router key-chain
-end
-config router community-list
-end
-config router route-map
-end
-config router rip
-    set default-information-originate disable
-    set default-metric 1
-    set max-out-metric 0
-    config redistribute "connected"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "static"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "ospf"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "bgp"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "isis"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    set update-timer 30
-    set timeout-timer 180
-    set garbage-timer 120
-    set version 2
-end
-config router ripng
-    set default-information-originate disable
-    set default-metric 1
-    set max-out-metric 0
-    config redistribute "connected"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "static"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "ospf"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "bgp"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "isis"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    set update-timer 30
-    set timeout-timer 180
-    set garbage-timer 120
-end
-config router static
-end
-config router policy
-end
-config router policy6
-end
-config router static6
-end
-config router ospf
-    set abr-type standard
-    set auto-cost-ref-bandwidth 1000
-    set distance-external 110
-    set distance-inter-area 110
-    set distance-intra-area 110
-    set database-overflow disable
-    set database-overflow-max-lsas 10000
-    set database-overflow-time-to-recover 300
-    set default-information-originate disable
-    set default-information-metric 10
-    set default-information-metric-type 2
-    set default-information-route-map ''
-    set default-metric 10
-    set distance 110
-    set rfc1583-compatible disable
-    set router-id 0.0.0.0
-    set spf-timers 5 10
-    set bfd disable
-    set log-neighbour-changes enable
-    set distribute-list-in ''
-    set distribute-route-map-in ''
-    set restart-mode none
-    set restart-period 120
-    config redistribute "connected"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-        set tag 0
-    end
-    config redistribute "static"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-        set tag 0
-    end
-    config redistribute "rip"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-        set tag 0
-    end
-    config redistribute "bgp"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-        set tag 0
-    end
-    config redistribute "isis"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-        set tag 0
-    end
-end
-config router ospf6
-    set abr-type standard
-    set auto-cost-ref-bandwidth 1000
-    set default-information-originate disable
-    set log-neighbour-changes enable
-    set default-information-metric 10
-    set default-information-metric-type 2
-    set default-information-route-map ''
-    set default-metric 10
-    set router-id 0.0.0.0
-    set spf-timers 5 10
-    set bfd disable
-    config redistribute "connected"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-    end
-    config redistribute "static"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-    end
-    config redistribute "rip"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-    end
-    config redistribute "bgp"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-    end
-    config redistribute "isis"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-    end
-end
-config router bgp
-    set as 0
-    set keepalive-timer 60
-    set holdtime-timer 180
-    set always-compare-med disable
-    set bestpath-as-path-ignore disable
-    set bestpath-cmp-confed-aspath disable
-    set bestpath-cmp-routerid disable
-    set bestpath-med-confed disable
-    set bestpath-med-missing-as-worst disable
-    set client-to-client-reflection enable
-    set dampening disable
-    set deterministic-med disable
-    set ebgp-multipath disable
-    set ibgp-multipath disable
-    set enforce-first-as enable
-    set fast-external-failover enable
-    set log-neighbour-changes enable
-    set network-import-check enable
-    set ignore-optional-capability enable
-    set multipath-recursive-distance disable
-    set recursive-next-hop disable
-    set tag-resolve-mode disable
-    set cluster-id 0.0.0.0
-    set confederation-identifier 0
-    set default-local-preference 100
-    set scan-time 60
-    set distance-external 20
-    set distance-internal 200
-    set distance-local 200
-    set synchronization disable
-    set graceful-restart disable
-    config redistribute "connected"
-        set status disable
-        set route-map ''
-    end
-    config redistribute "rip"
-        set status disable
-        set route-map ''
-    end
-    config redistribute "ospf"
-        set status disable
-        set route-map ''
-    end
-    config redistribute "static"
-        set status disable
-        set route-map ''
-    end
-    config redistribute "isis"
-        set status disable
-        set route-map ''
-    end
-    config redistribute6 "connected"
-        set status disable
-        set route-map ''
-    end
-    config redistribute6 "rip"
-        set status disable
-        set route-map ''
-    end
-    config redistribute6 "ospf"
-        set status disable
-        set route-map ''
-    end
-    config redistribute6 "static"
-        set status disable
-        set route-map ''
-    end
-    config redistribute6 "isis"
-        set status disable
-        set route-map ''
-    end
-end
-config router isis
-    set is-type level-1-2
-    set adv-passive-only disable
-    set adv-passive-only6 disable
-    set auth-mode-l1 password
-    set auth-mode-l2 password
-    set auth-password-l1 ENC Q5TbEFX7vKWT3Sfn65nZLeaSkUCEf+nON9wiOx4AVJId86ZygO2azpbvrW8dob9JsOnNqSarEYwsczzA+AYfoyoZB/aTtPDmeEjglTqa9tqNyfeUoReovgAnhRUaLQwFUFyBPVqpWi8MoJu3oZQIKyONUCk++jYkKju9489fa8SVJ3NnPgBWSfSYuleSj6pm8qPOIA==
-    set auth-password-l2 ENC 7+Mxp/lKLLtgye5YpbguhfT96K+2+Jo/Fbi8KWiFOtWqkOyz8ZAfWuPIjHP7tZgiJ8TONWLKQi9XXMb6LCvYDc1TfPPfUuAKUUuBEG9qz6/uY7yGrHvUNqcSnnq7zllDtYZPqrNiImafs/XaFmQWQeh9HwQI11Yq8J1xP0hkuitrYKc0BfgNrsJnVzWyjM0eayrO+g==
-    set auth-sendonly-l1 disable
-    set auth-sendonly-l2 disable
-    set ignore-lsp-errors disable
-    set lsp-gen-interval-l1 30
-    set lsp-gen-interval-l2 30
-    set lsp-refresh-interval 900
-    set max-lsp-lifetime 1200
-    set spf-interval-exp-l1 500 50000
-    set spf-interval-exp-l2 500 50000
-    set dynamic-hostname disable
-    set adjacency-check disable
-    set adjacency-check6 disable
-    set overload-bit disable
-    unset overload-bit-suppress
-    set overload-bit-on-startup 0
-    set default-originate disable
-    set default-originate6 disable
-    set metric-style narrow
-    set redistribute-l1 disable
-    set redistribute-l2 disable
-    set redistribute6-l1 disable
-    set redistribute6-l2 disable
-    config redistribute "connected"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute "rip"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute "ospf"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute "bgp"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute "static"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute6 "connected"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute6 "rip"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute6 "ospf"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute6 "bgp"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute6 "static"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-end
-config router multicast-flow
-end
-config router multicast
-    set route-limit 2147483647
-    set multicast-routing disable
-    config pim-sm-global
-        set message-interval 60
-        set join-prune-holdtime 210
-        set accept-register-list ''
-        set accept-source-list ''
-        set bsr-candidate disable
-        set bsr-allow-quick-refresh disable
-        set cisco-register-checksum disable
-        set cisco-crp-prefix disable
-        set cisco-ignore-rp-set-priority disable
-        set register-rp-reachability enable
-        set register-source disable
-        set register-supression 60
-        set null-register-retries 1
-        set rp-register-keepalive 185
-        set spt-threshold enable
-        set ssm disable
-        set register-rate-limit 0
-        set spt-threshold-group ''
-    end
-end
-config router multicast6
-    set multicast-routing disable
-    config pim-sm-global
-    end
-end
-config router auth-path
-end
-config router setting
-    set show-filter ''
-    set hostname ''
-end
-config router bfd
-end
-config router bfd6
-end
-config system proxy-arp
-end
-config system link-monitor
-end
-config system wccp
-end
-config system dns64
-    set status disable
-    set dns64-prefix 64:ff9b::/96
-    set always-synthesize-aaaa-record enable
-end
-config system nd-proxy
-    set status disable
-end
-config system vne-tunnel
-    set status disable
-end
-end
-
-config vdom
-edit TEST
-config wireless-controller hotspot20 anqp-venue-name
-end
-config wireless-controller hotspot20 anqp-venue-url
-end
-config wireless-controller hotspot20 anqp-network-auth-type
-end
-config wireless-controller hotspot20 anqp-roaming-consortium
-end
-config wireless-controller hotspot20 anqp-nai-realm
-end
-config wireless-controller hotspot20 anqp-3gpp-cellular
-end
-config wireless-controller hotspot20 anqp-ip-address-type
-end
-config wireless-controller hotspot20 h2qp-operator-name
-end
-config wireless-controller hotspot20 h2qp-wan-metric
-end
-config wireless-controller hotspot20 h2qp-conn-capability
-end
-config wireless-controller hotspot20 icon
-end
-config wireless-controller hotspot20 h2qp-osu-provider
-end
-config wireless-controller hotspot20 qos-map
-end
-config wireless-controller hotspot20 h2qp-advice-of-charge
-end
-config wireless-controller hotspot20 h2qp-osu-provider-nai
-end
-config wireless-controller hotspot20 h2qp-terms-and-conditions
-end
-config wireless-controller hotspot20 hs-profile
-end
-config wireless-controller vap
-end
-config system object-tagging
-    edit "default"
-        set address optional
-        set device optional
-        set interface optional
-        set multiple enable
-        set color 0
-    next
-end
-config switch-controller traffic-policy
-    edit "quarantine"
-        set description "Rate control for quarantined traffic"
-        set policer-status enable
-        set guaranteed-bandwidth 163840
-        set guaranteed-burst 8192
-        set maximum-burst 163840
-        set cos-queue 0
-    next
-    edit "sniffer"
-        set description "Rate control for sniffer mirrored traffic"
-        set policer-status enable
-        set guaranteed-bandwidth 50000
-        set guaranteed-burst 8192
-        set maximum-burst 163840
-        set cos-queue 0
-    next
-end
-config switch-controller fortilink-settings
-end
-config system stp
-    set switch-priority 32768
-    set hello-time 2
-    set forward-delay 15
-    set max-age 20
-    set max-hops 20
-end
-config system settings
-    set comments ''
-    set opmode nat
-    set policy-offload-level disable
-    set ngfw-mode profile-based
-    set http-external-dest fortiweb
-    set firewall-session-dirty check-all
-    set bfd disable
-    set utf8-spam-tagging enable
-    set wccp-cache-engine disable
-    set vpn-stats-log ipsec pptp l2tp ssl
-    set vpn-stats-period 600
-    set v4-ecmp-mode source-ip-based
-    set fw-session-hairpin disable
-    set prp-trailer-action disable
-    set snat-hairpin-traffic enable
-    set dhcp-proxy disable
-    set central-nat disable
-    set lldp-reception global
-    set lldp-transmission global
-    set link-down-access enable
-    set nat46-generate-ipv6-fragment-header disable
-    set nat46-force-ipv4-packet-forwarding disable
-    set nat64-force-ipv6-packet-forwarding enable
-    set auxiliary-session disable
-    set asymroute disable
-    set asymroute-icmp disable
-    set tcp-session-without-syn disable
-    set ses-denied-traffic disable
-    set strict-src-check disable
-    set allow-linkdown-path disable
-    set asymroute6 disable
-    set asymroute6-icmp disable
-    set sctp-session-without-init disable
-    set sip-expectation disable
-    set sip-nat-trace enable
-    set h323-direct-model enable
-    set status enable
-    set sip-tcp-port 5060
-    set sip-udp-port 5060
-    set sip-ssl-port 5061
-    set sccp-port 2000
-    set multicast-forward enable
-    set multicast-ttl-notchange disable
-    set allow-subnet-overlap disable
-    set deny-tcp-with-icmp disable
-    set ecmp-max-paths 255
-    set discovered-device-timeout 28
-    set email-portal-check-dns enable
-    set default-voip-alg-mode proxy-based
-    set gui-icap disable
-    set gui-implicit-policy enable
-    set gui-dns-database disable
-    set gui-load-balance disable
-    set gui-multicast-policy disable
-    set gui-dos-policy enable
-    set gui-object-colors enable
-    set gui-voip-profile disable
-    set gui-ap-profile enable
-    set gui-security-profile-group disable
-    set gui-local-in-policy disable
-    set gui-wanopt-cache disable
-    set gui-explicit-proxy disable
-    set gui-dynamic-routing enable
-    set gui-sslvpn-personal-bookmarks disable
-    set gui-sslvpn-realms disable
-    set gui-policy-based-ipsec disable
-    set gui-threat-weight enable
-    set gui-spamfilter disable
-    set gui-file-filter disable
-    set gui-application-control enable
-    set gui-ips enable
-    set gui-endpoint-control enable
-    set gui-endpoint-control-advanced disable
-    set gui-dhcp-advanced enable
-    set gui-vpn enable
-    set gui-wireless-controller enable
-    set gui-switch-controller enable
-    set gui-fortiap-split-tunneling disable
-    set gui-webfilter-advanced disable
-    set gui-traffic-shaping enable
-    set gui-wan-load-balancing enable
-    set gui-antivirus enable
-    set gui-webfilter enable
-    set gui-videofilter enable
-    set gui-dnsfilter enable
-    set gui-waf-profile disable
-    set gui-advanced-policy enable
-    set gui-allow-unnamed-policy disable
-    set gui-email-collection disable
-    set gui-multiple-interface-policy disable
-    set gui-policy-disclaimer disable
-    set gui-ztna enable
-    set location-id 0.0.0.0
-    set ike-session-resume disable
-    set ike-quick-crash-detect disable
-    set ike-dn-format with-space
-    set ike-port 500
-    set ike-policy-route disable
-    set block-land-attack disable
-    set application-bandwidth-tracking disable
-end
-config system sit-tunnel
-end
-config system arp-table
-end
-config system ipv6-neighbor-cache
-end
-config system vdom-sflow
-    set vdom-sflow disable
-    set interface-select-method auto
-end
-config system vdom-netflow
-    set vdom-netflow disable
-    set interface-select-method auto
-end
-config system vdom-dns
-    set vdom-dns disable
-    set alt-primary 0.0.0.0
-    set alt-secondary 0.0.0.0
-end
-config system replacemsg-group
-    edit "default"
-        set comment "Default replacement message group."
-        set group-type default
-    next
-end
-config system session-ttl
-    set default 3600
-end
-config system dhcp server
-end
-config system dhcp6 server
-end
-config system zone
-    edit "Outside_Zone"
-        set description ''
-        set intrazone deny
-        set interface "port10"
-    next
-    edit "Inside_Zone"
-        set description ''
-        set intrazone deny
-        set interface "port9"
-    next
-end
-config firewall address
-    edit "none"
-        set uuid 80cf53a0-9fba-51ec-9be6-b74007eabe43
-        set type ipmask
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set subnet 0.0.0.0 255.255.255.255
-    next
-    edit "login.microsoftonline.com"
-        set uuid 80cf6016-9fba-51ec-be0c-028d48d0faf8
-        set type fqdn
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set fqdn "login.microsoftonline.com"
-        set cache-ttl 0
-    next
-    edit "login.microsoft.com"
-        set uuid 80cf6c32-9fba-51ec-c480-ffee0ab26f94
-        set type fqdn
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set fqdn "login.microsoft.com"
-        set cache-ttl 0
-    next
-    edit "login.windows.net"
-        set uuid 80cf7880-9fba-51ec-1117-fb27513a173a
-        set type fqdn
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set fqdn "login.windows.net"
-        set cache-ttl 0
-    next
-    edit "gmail.com"
-        set uuid 80cf8424-9fba-51ec-5659-65d02fd5bf5c
-        set type fqdn
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set fqdn "gmail.com"
-        set cache-ttl 0
-    next
-    edit "wildcard.google.com"
-        set uuid 80cf8fd2-9fba-51ec-7b0c-cc55cf764b96
-        set type fqdn
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set fqdn "*.google.com"
-        set cache-ttl 0
-    next
-    edit "wildcard.dropbox.com"
-        set uuid 80cf9b8a-9fba-51ec-0acd-a8852f2c1f4a
-        set type fqdn
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set fqdn "*.dropbox.com"
-        set cache-ttl 0
-    next
-    edit "SSLVPN_TUNNEL_ADDR1"
-        set uuid 80d94054-9fba-51ec-e630-3567fd1becb8
-        set type iprange
-        set comment ''
-        set color 0
-        set fabric-object disable
-        set start-ip 10.212.134.200
-        set end-ip 10.212.134.210
-    next
-    edit "all"
-        set uuid 80d998e2-9fba-51ec-6ae4-b09445ed7230
-        set type ipmask
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set subnet 0.0.0.0 0.0.0.0
-    next
-    edit "FIREWALL_AUTH_PORTAL_ADDRESS"
-        set uuid 80d99aea-9fba-51ec-6fe2-a17b98274b3e
-        set type ipmask
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set subnet 0.0.0.0 0.0.0.0
-    next
-    edit "FABRIC_DEVICE"
-        set uuid 80d99cb6-9fba-51ec-e62e-b841424fa8c0
-        set type ipmask
-        set comment "IPv4 addresses of Fabric Devices."
-        set associated-interface ''
-        set color 0
-        set fabric-object disable
-        set subnet 0.0.0.0 0.0.0.0
-    next
-    edit "FCTEMS_ALL_FORTICLOUD_SERVERS"
-        set uuid c0ae3c9c-9fbb-51ec-1447-18c5c1fef0f3
-        set type dynamic
-        set sub-type ems-tag
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set fabric-object disable
-        set obj-tag ''
-        set obj-type ip
-        set tag-detection-level ''
-        set tag-type ''
-    next
-    edit "10.0.0.0_8"
-        set uuid 2e3d8790-9fbc-51ec-8bca-5e95c580ea36
-        set type ipmask
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set subnet 10.0.0.0 255.0.0.0
-    next
-    edit "192.168.0.0_16"
-        set uuid 491395a0-9fbc-51ec-1275-3414c9a13da4
-        set type ipmask
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set subnet 192.168.0.0 255.255.0.0
-    next
-    edit "172.16.0.0_12"
-        set uuid 58888298-9fbc-51ec-cca9-312f8a493e61
-        set type ipmask
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set subnet 172.16.0.0 255.240.0.0
-    next
-    edit "Russia"
-        set uuid 96cea918-9fbe-51ec-e0d6-53c4a1fba7cc
-        set type geography
-        set comment ''
-        set associated-interface ''
-        set color 6
-        set fabric-object disable
-        set country "RU"
-    next
-    edit "China"
-        set uuid 7c30cee6-9fbf-51ec-5d85-a2ce4f48568b
-        set type geography
-        set comment ''
-        set associated-interface ''
-        set color 6
-        set fabric-object disable
-        set country "CN"
-    next
-    edit "Belarus"
-        set uuid 8fbf28b8-9fbf-51ec-69ef-572fc83693f8
-        set type geography
-        set comment ''
-        set associated-interface ''
-        set color 6
-        set fabric-object disable
-        set country "BY"
-    next
-end
-config firewall multicast-address
-    edit "all_hosts"
-        set type multicastrange
-        set start-ip 224.0.0.1
-        set end-ip 224.0.0.1
-        set comment ''
-        set associated-interface ''
-        set color 0
-    next
-    edit "all_routers"
-        set type multicastrange
-        set start-ip 224.0.0.2
-        set end-ip 224.0.0.2
-        set comment ''
-        set associated-interface ''
-        set color 0
-    next
-    edit "Bonjour"
-        set type multicastrange
-        set start-ip 224.0.0.251
-        set end-ip 224.0.0.251
-        set comment ''
-        set associated-interface ''
-        set color 0
-    next
-    edit "EIGRP"
-        set type multicastrange
-        set start-ip 224.0.0.10
-        set end-ip 224.0.0.10
-        set comment ''
-        set associated-interface ''
-        set color 0
-    next
-    edit "OSPF"
-        set type multicastrange
-        set start-ip 224.0.0.5
-        set end-ip 224.0.0.6
-        set comment ''
-        set associated-interface ''
-        set color 0
-    next
-    edit "all"
-        set type multicastrange
-        set start-ip 224.0.0.0
-        set end-ip 239.255.255.255
-        set comment ''
-        set associated-interface ''
-        set color 0
-    next
-end
-config firewall address6-template
-end
-config firewall address6
-    edit "all"
-        set uuid 80cfe3c4-9fba-51ec-b885-7ad5ae0f228a
-        set type ipprefix
-        set ip6 ::/0
-        set color 0
-        set comment ''
-        set fabric-object disable
-    next
-    edit "none"
-        set uuid 80cfec3e-9fba-51ec-3afe-9da1db0408ee
-        set type ipprefix
-        set ip6 ::/128
-        set color 0
-        set comment ''
-        set fabric-object disable
-    next
-    edit "SSLVPN_TUNNEL_IPv6_ADDR1"
-        set uuid 80d9441e-9fba-51ec-fb53-0cb27c846ccb
-        set type ipprefix
-        set ip6 fdff:ffff::/120
-        set color 0
-        set comment ''
-        set fabric-object disable
-    next
-end
-config firewall multicast-address6
-    edit "all"
-        set ip6 ff00::/8
-        set comment ''
-        set color 0
-    next
-end
-config system ipv6-tunnel
-end
-config firewall addrgrp
-    edit "G Suite"
-        set type default
-        set category default
-        set uuid 80cfa97c-9fba-51ec-cb88-5fc589094707
-        set member "gmail.com" "wildcard.google.com"
-        set comment ''
-        set exclude disable
-        set color 0
-        set fabric-object disable
-    next
-    edit "Microsoft Office 365"
-        set type default
-        set category default
-        set uuid 80cfc24a-9fba-51ec-53bc-6a6c3d6964c6
-        set member "login.microsoftonline.com" "login.microsoft.com" "login.windows.net"
-        set comment ''
-        set exclude disable
-        set color 0
-        set fabric-object disable
-    next
-    edit "IPv4-Private-All-RFC1918"
-        set type default
-        set category default
-        set uuid 87bcd064-9fbc-51ec-c912-c07ba5dfb345
-        set member "10.0.0.0_8" "172.16.0.0_12" "192.168.0.0_16"
-        set comment ''
-        set exclude disable
-        set color 0
-        set fabric-object disable
-    next
-    edit "Geo_Block_Group"
-        set type default
-        set category default
-        set uuid a62837de-9fbf-51ec-3ddf-ee9c6f1e1784
-        set member "Belarus" "China" "Russia"
-        set comment ''
-        set exclude disable
-        set color 6
-        set fabric-object disable
-    next
-end
-config firewall addrgrp6
-end
-config firewall wildcard-fqdn custom
-    edit "g-Adobe Login"
-        set uuid b5c2c426-7e12-51ec-c8c7-42a0753234df
-        set wildcard-fqdn "*.adobelogin.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-Gotomeeting"
-        set uuid b5c2d1dc-7e12-51ec-0033-c7d538e5fdef
-        set wildcard-fqdn "*.gotomeeting.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-Windows update 2"
-        set uuid b5c2d93e-7e12-51ec-1050-7b6ae64065ac
-        set wildcard-fqdn "*.windowsupdate.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-adobe"
-        set uuid b5c2c30e-7e12-51ec-1da6-1db9bca6406e
-        set wildcard-fqdn "*.adobe.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-android"
-        set uuid b5c2c520-7e12-51ec-66f1-404afb0dad1a
-        set wildcard-fqdn "*.android.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-apple"
-        set uuid b5c2c61a-7e12-51ec-b2cc-2b03b1ad8ac0
-        set wildcard-fqdn "*.apple.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-appstore"
-        set uuid b5c2c714-7e12-51ec-072f-a8d60b6da6c9
-        set wildcard-fqdn "*.appstore.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-auth.gfx.ms"
-        set uuid b5c2c80e-7e12-51ec-3653-8016dcbc28a4
-        set wildcard-fqdn "*.auth.gfx.ms"
-        set color 0
-        set comment ''
-    next
-    edit "g-autoupdate.opera.com"
-        set uuid b5c2de52-7e12-51ec-9c10-927947a6ab3a
-        set wildcard-fqdn "*autoupdate.opera.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-cdn-apple"
-        set uuid 4fcf159e-7cda-51ed-d7ef-7d1c0f82091c
-        set wildcard-fqdn "*.cdn-apple.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-citrix"
-        set uuid b5c2c908-7e12-51ec-01b1-b38ce4989cbb
-        set wildcard-fqdn "*.citrixonline.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-dropbox.com"
-        set uuid b5c2ca02-7e12-51ec-43dc-489077effa44
-        set wildcard-fqdn "*.dropbox.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-eease"
-        set uuid b5c2cafc-7e12-51ec-0777-7e7243cc25fe
-        set wildcard-fqdn "*.eease.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-firefox update server"
-        set uuid b5c2cbf6-7e12-51ec-d213-27b68033a384
-        set wildcard-fqdn "aus*.mozilla.org"
-        set color 0
-        set comment ''
-    next
-    edit "g-fortinet"
-        set uuid b5c2ccf0-7e12-51ec-0b36-46ab64c1ba89
-        set wildcard-fqdn "*.fortinet.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-google-drive"
-        set uuid b5c2cee4-7e12-51ec-9ea0-220ca0ebde0f
-        set wildcard-fqdn "*drive.google.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-google-play"
-        set uuid b5c2db46-7e12-51ec-efc3-be1c278ba621
-        set wildcard-fqdn "*play.google.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-google-play2"
-        set uuid b5c2cfde-7e12-51ec-3f42-4089eb70f096
-        set wildcard-fqdn "*.ggpht.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-google-play3"
-        set uuid b5c2d0d8-7e12-51ec-b5df-6cd900ac767d
-        set wildcard-fqdn "*.books.google.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-googleapis.com"
-        set uuid b5c2cdea-7e12-51ec-c49f-497c9a8f0cc4
-        set wildcard-fqdn "*.googleapis.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-icloud"
-        set uuid b5c2d344-7e12-51ec-c8c1-97b23449d39e
-        set wildcard-fqdn "*.icloud.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-itunes"
-        set uuid b5c2d452-7e12-51ec-d0f4-1605cffaa5b0
-        set wildcard-fqdn "*itunes.apple.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-live.com"
-        set uuid b5c2da42-7e12-51ec-980b-fefb8446bc74
-        set wildcard-fqdn "*.live.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-microsoft"
-        set uuid b5c2d54c-7e12-51ec-66f6-895f67d8072d
-        set wildcard-fqdn "*.microsoft.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-mzstatic-apple"
-        set uuid 4fcf1652-7cda-51ed-df9f-4d198b596ae5
-        set wildcard-fqdn "*.mzstatic.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-skype"
-        set uuid b5c2d646-7e12-51ec-2218-dc4a982afb68
-        set wildcard-fqdn "*.messenger.live.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-softwareupdate.vmware.com"
-        set uuid b5c2d740-7e12-51ec-15f8-f8ef25f4ea30
-        set wildcard-fqdn "*.softwareupdate.vmware.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-swscan.apple.com"
-        set uuid b5c2dd44-7e12-51ec-5fa2-8d51ab678ea9
-        set wildcard-fqdn "*swscan.apple.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-update.microsoft.com"
-        set uuid b5c2dc40-7e12-51ec-7df9-3371c69c0ffb
-        set wildcard-fqdn "*update.microsoft.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-verisign"
-        set uuid b5c2d83a-7e12-51ec-e82e-ffa878b96855
-        set wildcard-fqdn "*.verisign.com"
-        set color 0
-        set comment ''
-    next
-end
-config firewall wildcard-fqdn group
-end
-config firewall service category
-    edit "General"
-        set comment "General services."
-        set fabric-object disable
-    next
-    edit "Web Access"
-        set comment "Web access."
-        set fabric-object disable
-    next
-    edit "File Access"
-        set comment "File access."
-        set fabric-object disable
-    next
-    edit "Email"
-        set comment "Email services."
-        set fabric-object disable
-    next
-    edit "Network Services"
-        set comment "Network services."
-        set fabric-object disable
-    next
-    edit "Authentication"
-        set comment "Authentication service."
-        set fabric-object disable
-    next
-    edit "Remote Access"
-        set comment "Remote access."
-        set fabric-object disable
-    next
-    edit "Tunneling"
-        set comment "Tunneling service."
-        set fabric-object disable
-    next
-    edit "VoIP, Messaging & Other Applications"
-        set comment "VoIP, messaging, and other applications."
-        set fabric-object disable
-    next
-    edit "Web Proxy"
-        set comment "Explicit web proxy."
-        set fabric-object disable
-    next
-end
-config firewall service custom
-    edit "DNS"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 53
-        set udp-portrange 53
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "HTTP"
-        set proxy disable
-        set category "Web Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 80
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "HTTPS"
-        set proxy disable
-        set category "Web Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 443
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "IMAP"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 143
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "IMAPS"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 993
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "LDAP"
-        set proxy disable
-        set category "Authentication"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 389
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "DCE-RPC"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 135
-        set udp-portrange 135
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "POP3"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 110
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "POP3S"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 995
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SAMBA"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 139
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SMTP"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 25
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SMTPS"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 465
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "KERBEROS"
-        set proxy disable
-        set category "Authentication"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 88 464
-        set udp-portrange 88 464
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "LDAP_UDP"
-        set proxy disable
-        set category "Authentication"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 389
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SMB"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 445
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "FTP"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 21
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "FTP_GET"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 21
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "FTP_PUT"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 21
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "ALL"
-        set proxy disable
-        set category "General"
-        set protocol IP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set protocol-number 0
-    next
-    edit "ALL_TCP"
-        set proxy disable
-        set category "General"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1-65535
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "ALL_UDP"
-        set proxy disable
-        set category "General"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 1-65535
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "ALL_ICMP"
-        set proxy disable
-        set category "General"
-        set protocol ICMP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        unset icmptype
-    next
-    edit "ALL_ICMP6"
-        set proxy disable
-        set category "General"
-        set protocol ICMP6
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        unset icmptype
-    next
-    edit "GRE"
-        set proxy disable
-        set category "Tunneling"
-        set protocol IP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set protocol-number 47
-    next
-    edit "AH"
-        set proxy disable
-        set category "Tunneling"
-        set protocol IP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set protocol-number 51
-    next
-    edit "ESP"
-        set proxy disable
-        set category "Tunneling"
-        set protocol IP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set protocol-number 50
-    next
-    edit "AOL"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 5190-5194
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "BGP"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 179
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "DHCP"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 67-68
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "FINGER"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 79
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "GOPHER"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 70
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "H323"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1720 1503
-        set udp-portrange 1719
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "IKE"
-        set proxy disable
-        set category "Tunneling"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 500 4500
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "Internet-Locator-Service"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 389
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "IRC"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 6660-6669
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "L2TP"
-        set proxy disable
-        set category "Tunneling"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1701
-        set udp-portrange 1701
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "NetMeeting"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1720
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "NFS"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 111 2049
-        set udp-portrange 111 2049
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "NNTP"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 119
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "NTP"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 123
-        set udp-portrange 123
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "OSPF"
-        set proxy disable
-        set category "Network Services"
-        set protocol IP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set protocol-number 89
-    next
-    edit "PC-Anywhere"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 5631
-        set udp-portrange 5632
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "PING"
-        set proxy disable
-        set category "Network Services"
-        set protocol ICMP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set icmptype 8
-        unset icmpcode
-    next
-    edit "TIMESTAMP"
-        set proxy disable
-        set category ''
-        set protocol ICMP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set icmptype 13
-        unset icmpcode
-    next
-    edit "INFO_REQUEST"
-        set proxy disable
-        set category ''
-        set protocol ICMP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set icmptype 15
-        unset icmpcode
-    next
-    edit "INFO_ADDRESS"
-        set proxy disable
-        set category ''
-        set protocol ICMP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set icmptype 17
-        unset icmpcode
-    next
-    edit "ONC-RPC"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 111
-        set udp-portrange 111
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "PPTP"
-        set proxy disable
-        set category "Tunneling"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1723
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "QUAKE"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 26000 27000 27910 27960
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RAUDIO"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 7070
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "REXEC"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 512
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RIP"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 520
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RLOGIN"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 513:512-1023
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RSH"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 514:512-1023
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SCCP"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 2000
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SIP"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 5060
-        set udp-portrange 5060
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SIP-MSNmessenger"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1863
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SNMP"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 161-162
-        set udp-portrange 161-162
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SSH"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 22
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SYSLOG"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 514
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "TALK"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 517-518
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "TELNET"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 23
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "TFTP"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 69
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "MGCP"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 2427 2727
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "UUCP"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 540
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "VDOLIVE"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 7000-7010
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "WAIS"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 210
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "WINFRAME"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1494 2598
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "X-WINDOWS"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 6000-6063
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "PING6"
-        set proxy disable
-        set category ''
-        set protocol ICMP6
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set icmptype 128
-        unset icmpcode
-    next
-    edit "MS-SQL"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1433 1434
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "MYSQL"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 3306
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RDP"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 3389
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "VNC"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 5900
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "DHCP6"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 546 547
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SQUID"
-        set proxy disable
-        set category "Tunneling"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 3128
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SOCKS"
-        set proxy disable
-        set category "Tunneling"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1080
-        set udp-portrange 1080
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "WINS"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1512
-        set udp-portrange 1512
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RADIUS"
-        set proxy disable
-        set category "Authentication"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 1812 1813
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RADIUS-OLD"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 1645 1646
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "CVSPSERVER"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 2401
-        set udp-portrange 2401
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "AFS3"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 7000-7009
-        set udp-portrange 7000-7009
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "TRACEROUTE"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 33434-33535
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RTSP"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 554 7070 8554
-        set udp-portrange 554
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "MMS"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1755
-        set udp-portrange 1024-5000
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "NONE"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 0
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "webproxy"
-        set proxy enable
-        set category "Web Proxy"
-        set protocol ALL
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set app-service-type disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 0-65535:0-65535
-    next
-end
-config firewall service group
-    edit "Email Access"
-        set proxy disable
-        set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
-        set comment ''
-        set color 0
-        set fabric-object disable
-    next
-    edit "Web Access"
-        set proxy disable
-        set member "DNS" "HTTP" "HTTPS"
-        set comment ''
-        set color 0
-        set fabric-object disable
-    next
-    edit "Windows AD"
-        set proxy disable
-        set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
-        set comment ''
-        set color 0
-        set fabric-object disable
-    next
-    edit "Exchange Server"
-        set proxy disable
-        set member "DCE-RPC" "DNS" "HTTPS"
-        set comment ''
-        set color 0
-        set fabric-object disable
-    next
-end
-config firewall internet-service-group
-end
-config firewall internet-service-extension
-end
-config firewall internet-service-custom
-end
-config firewall internet-service-custom-group
-end
-config system external-resource
-end
-config vpn certificate ca
-end
-config vpn certificate remote
-end
-config vpn certificate local
-    edit "Fortinet_CA_SSL"
-        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_CA_Untrusted"
-        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_RSA1024"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_RSA2048"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_RSA4096"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_DSA1024"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_DSA2048"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_ECDSA256"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_ECDSA384"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_ECDSA521"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_ED25519"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_ED448"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-end
-config vpn certificate crl
-end
-config vpn certificate ocsp-server
-end
-config vpn certificate setting
-    set ocsp-status disable
-    set ocsp-option server
-    set ocsp-default-server ''
-    set interface-select-method auto
-    set check-ca-cert enable
-    set check-ca-chain disable
-    set subject-match substring
-    set subject-set subset
-    set cn-match substring
-    set cn-allow-multi enable
-    config crl-verification
-        set expiry ignore
-        set leaf-crl-absence ignore
-        set chain-crl-absence ignore
-    end
-    set strict-ocsp-check disable
-    set ssl-min-proto-version default
-    set cmp-save-extra-certs disable
-    set cmp-key-usage-checking enable
-    set certname-rsa1024 "Fortinet_SSL_RSA1024"
-    set certname-rsa2048 "Fortinet_SSL_RSA2048"
-    set certname-rsa4096 "Fortinet_SSL_RSA4096"
-    set certname-dsa1024 "Fortinet_SSL_DSA1024"
-    set certname-dsa2048 "Fortinet_SSL_DSA2048"
-    set certname-ecdsa256 "Fortinet_SSL_ECDSA256"
-    set certname-ecdsa384 "Fortinet_SSL_ECDSA384"
-    set certname-ecdsa521 "Fortinet_SSL_ECDSA521"
-    set certname-ed25519 "Fortinet_SSL_ED25519"
-    set certname-ed448 "Fortinet_SSL_ED448"
-end
-config webfilter ftgd-local-cat
-    edit "custom1"
-        set status enable
-        set id 140
-    next
-    edit "custom2"
-        set status enable
-        set id 141
-    next
-end
-config ips sensor
-    edit "g-default"
-        set comment "Prevent critical attacks."
-        set replacemsg-group ''
-        set block-malicious-url disable
-        set scan-botnet-connections disable
-        set extended-log disable
-        config entries
-            edit 1
-                set location all
-                set severity medium high critical 
-                set protocol all
-                set os all
-                set application all
-                set status default
-                set log enable
-                set log-packet disable
-                set log-attack-context disable
-                set action default
-                set quarantine none
-            next
-        end
-    next
-    edit "g-sniffer-profile"
-        set comment "Monitor IPS attacks."
-        set replacemsg-group ''
-        set block-malicious-url disable
-        set scan-botnet-connections disable
-        set extended-log disable
-        config entries
-            edit 1
-                set location all
-                set severity medium high critical 
-                set protocol all
-                set os all
-                set application all
-                set status default
-                set log enable
-                set log-packet disable
-                set log-attack-context disable
-                set action default
-                set quarantine none
-            next
-        end
-    next
-    edit "g-wifi-default"
-        set comment "Default configuration for offloading WiFi traffic."
-        set replacemsg-group ''
-        set block-malicious-url disable
-        set scan-botnet-connections disable
-        set extended-log disable
-        config entries
-            edit 1
-                set location all
-                set severity medium high critical 
-                set protocol all
-                set os all
-                set application all
-                set status default
-                set log enable
-                set log-packet disable
-                set log-attack-context disable
-                set action default
-                set quarantine none
-            next
-        end
-    next
-    edit "IPS_Test"
-        set comment ''
-        set replacemsg-group ''
-        set block-malicious-url enable
-        set scan-botnet-connections block
-        set extended-log disable
-        config entries
-            edit 1
-                set location all
-                set severity medium high critical 
-                set protocol all
-                set os all
-                set application all
-                set status default
-                set log enable
-                set log-packet disable
-                set log-attack-context disable
-                set action block
-                set quarantine none
-            next
-        end
-    next
-    edit "gdd-botnet C&C IP blocking"
-        set comment "This allows you to enable botnet blocking across all traffic that matches the policy by configuring one setting in the GUI"
-        set replacemsg-group ''
-        set block-malicious-url disable
-        set scan-botnet-connections disable
-        set extended-log disable
-    next
-end
-config sctp-filter profile
-end
-config firewall shaper traffic-shaper
-    edit "high-priority"
-        set guaranteed-bandwidth 0
-        set maximum-bandwidth 1048576
-        set bandwidth-unit kbps
-        set priority high
-        set per-policy enable
-        set diffserv disable
-        set overhead 0
-    next
-    edit "medium-priority"
-        set guaranteed-bandwidth 0
-        set maximum-bandwidth 1048576
-        set bandwidth-unit kbps
-        set priority medium
-        set per-policy enable
-        set diffserv disable
-        set overhead 0
-    next
-    edit "low-priority"
-        set guaranteed-bandwidth 0
-        set maximum-bandwidth 1048576
-        set bandwidth-unit kbps
-        set priority low
-        set per-policy enable
-        set diffserv disable
-        set overhead 0
-    next
-    edit "guarantee-100kbps"
-        set guaranteed-bandwidth 100
-        set maximum-bandwidth 1048576
-        set bandwidth-unit kbps
-        set priority high
-        set per-policy enable
-        set diffserv disable
-        set overhead 0
-    next
-    edit "shared-1M-pipe"
-        set guaranteed-bandwidth 0
-        set maximum-bandwidth 1024
-        set bandwidth-unit kbps
-        set priority high
-        set per-policy disable
-        set diffserv disable
-        set overhead 0
-    next
-end
-config firewall shaper per-ip-shaper
-end
-config firewall proxy-address
-end
-config firewall proxy-addrgrp
-end
-config web-proxy profile
-end
-config web-proxy global
-    set ssl-cert "Fortinet_Factory"
-    set ssl-ca-cert "Fortinet_CA_SSL"
-    set fast-policy-match enable
-    set ldap-user-cache disable
-    set proxy-fqdn "default.fqdn"
-    set max-request-length 8
-    set max-message-length 32
-    set strict-web-check disable
-    set forward-proxy-auth disable
-    set forward-server-affinity-timeout 30
-    set max-waf-body-cache-length 32
-    set webproxy-profile ''
-    set learn-client-ip disable
-end
-config web-proxy explicit
-    set status disable
-    set ipv6-status disable
-    set strict-guest disable
-    set https-replacement-message enable
-    set ssl-algorithm low
-end
-config web-proxy forward-server
-end
-config web-proxy forward-server-group
-end
-config web-proxy debug-url
-end
-config web-proxy wisp
-end
-config wanopt webcache
-    set max-object-size 512000
-    set neg-resp-time 0
-    set fresh-factor 100
-    set max-ttl 7200
-    set min-ttl 5
-    set default-ttl 1440
-    set ignore-ims disable
-    set ignore-conditional disable
-    set ignore-pnc disable
-    set ignore-ie-reload enable
-    set cache-expired disable
-    set cache-cookie disable
-    set reval-pnc disable
-    set always-revalidate disable
-    set cache-by-default disable
-    set host-validate disable
-    set external disable
-end
-config ftp-proxy explicit
-    set status disable
-    set ssl disable
-end
-config web-proxy url-match
-end
-config application custom
-end
-config application list
-    edit "g-default"
-        set comment "Monitor all applications."
-        set replacemsg-group ''
-        set extended-log disable
-        set other-application-action pass
-        set app-replacemsg enable
-        set other-application-log disable
-        set enforce-default-app-port disable
-        set force-inclusion-ssl-di-sigs disable
-        set unknown-application-action pass
-        set unknown-application-log disable
-        unset p2p-block-list
-        set deep-app-inspection enable
-        set options allow-dns
-        config entries
-            edit 1
-                set protocols all
-                set vendor all
-                set technology all
-                set behavior all
-                set popularity 1 2 3 4 5
-                set action pass
-                set log enable
-                set log-packet disable
-                set session-ttl 0
-                set shaper ''
-                set shaper-reverse ''
-                set per-ip-shaper ''
-                set quarantine none
-            next
-        end
-        set control-default-network-services disable
-    next
-    edit "g-sniffer-profile"
-        set comment "Monitor all applications."
-        set replacemsg-group ''
-        set extended-log disable
-        set other-application-action pass
-        set app-replacemsg enable
-        set other-application-log disable
-        set enforce-default-app-port disable
-        set force-inclusion-ssl-di-sigs disable
-        set unknown-application-action pass
-        set unknown-application-log disable
-        unset p2p-block-list
-        set deep-app-inspection enable
-        unset options
-        config entries
-            edit 1
-                set protocols all
-                set vendor all
-                set technology all
-                set behavior all
-                set popularity 1 2 3 4 5
-                set action pass
-                set log enable
-                set log-packet disable
-                set session-ttl 0
-                set shaper ''
-                set shaper-reverse ''
-                set per-ip-shaper ''
-                set quarantine none
-            next
-        end
-        set control-default-network-services disable
-    next
-    edit "g-wifi-default"
-        set comment "Default configuration for offloading WiFi traffic."
-        set replacemsg-group ''
-        set extended-log disable
-        set other-application-action pass
-        set app-replacemsg enable
-        set other-application-log disable
-        set enforce-default-app-port disable
-        set force-inclusion-ssl-di-sigs disable
-        set unknown-application-action pass
-        set unknown-application-log disable
-        unset p2p-block-list
-        set deep-app-inspection disable
-        set options allow-dns
-        config entries
-            edit 1
-                set protocols all
-                set vendor all
-                set technology all
-                set behavior all
-                set popularity 1 2 3 4 5
-                set action pass
-                set log disable
-                set log-packet disable
-                set session-ttl 0
-                set shaper ''
-                set shaper-reverse ''
-                set per-ip-shaper ''
-                set quarantine none
-            next
-        end
-        set control-default-network-services disable
-    next
-end
-config application group
-end
-config dlp filepattern
-    edit 1
-        set name "builtin-patterns"
-        set comment ''
-        config entries
-            edit "*.bat"
-                set filter-type pattern
-            next
-            edit "*.com"
-                set filter-type pattern
-            next
-            edit "*.dll"
-                set filter-type pattern
-            next
-            edit "*.doc"
-                set filter-type pattern
-            next
-            edit "*.exe"
-                set filter-type pattern
-            next
-            edit "*.gz"
-                set filter-type pattern
-            next
-            edit "*.hta"
-                set filter-type pattern
-            next
-            edit "*.ppt"
-                set filter-type pattern
-            next
-            edit "*.rar"
-                set filter-type pattern
-            next
-            edit "*.scr"
-                set filter-type pattern
-            next
-            edit "*.tar"
-                set filter-type pattern
-            next
-            edit "*.tgz"
-                set filter-type pattern
-            next
-            edit "*.vb?"
-                set filter-type pattern
-            next
-            edit "*.wps"
-                set filter-type pattern
-            next
-            edit "*.xl?"
-                set filter-type pattern
-            next
-            edit "*.zip"
-                set filter-type pattern
-            next
-            edit "*.pif"
-                set filter-type pattern
-            next
-            edit "*.cpl"
-                set filter-type pattern
-            next
-        end
-    next
-    edit 2
-        set name "all_executables"
-        set comment ''
-        config entries
-            edit "bat"
-                set filter-type type
-                set file-type bat
-            next
-            edit "exe"
-                set filter-type type
-                set file-type exe
-            next
-            edit "elf"
-                set filter-type type
-                set file-type elf
-            next
-            edit "hta"
-                set filter-type type
-                set file-type hta
-            next
-        end
-    next
-end
-config dlp sensitivity
-    edit "Private"
-    next
-    edit "Critical"
-    next
-    edit "Warning"
-    next
-end
-config dlp fp-doc-source
-end
-config dlp sensor
-    edit "g-default"
-        set comment "Default sensor."
-        set feature-set flow
-        set replacemsg-group ''
-        set dlp-log enable
-        set extended-log disable
-        set nac-quar-log disable
-        unset full-archive-proto
-        unset summary-proto
-    next
-    edit "g-sniffer-profile"
-        set comment "Log a summary of email and web traffic."
-        set feature-set flow
-        set replacemsg-group ''
-        set dlp-log enable
-        set extended-log disable
-        set nac-quar-log disable
-        unset full-archive-proto
-        set summary-proto smtp pop3 imap http-get http-post
-    next
-end
-config webfilter content
-end
-config webfilter content-header
-end
-config webfilter urlfilter
-end
-config videofilter youtube-key
-end
-config videofilter youtube-channel-filter
-end
-config videofilter profile
-end
-config webfilter ips-urlfilter-setting
-    set device ''
-    set distance 1
-    set gateway 0.0.0.0
-    set geo-filter ''
-end
-config webfilter ips-urlfilter-setting6
-    set device ''
-    set distance 1
-    set gateway6 ::
-    set geo-filter ''
-end
-config emailfilter bword
-end
-config emailfilter block-allow-list
-end
-config emailfilter mheader
-end
-config emailfilter dnsbl
-end
-config emailfilter iptrust
-end
-config log threat-weight
-    set status enable
-    config level
-        set low 5
-        set medium 10
-        set high 30
-        set critical 50
-    end
-    set blocked-connection high
-    set failed-connection low
-    set url-block-detected high
-    set botnet-connection-detected critical
-    config malware
-        set virus-infected critical
-        set fortindr critical
-        set file-blocked low
-        set command-blocked disable
-        set oversized disable
-        set virus-scan-error high
-        set switch-proto disable
-        set mimefragmented disable
-        set virus-file-type-executable medium
-        set virus-outbreak-prevention critical
-        set content-disarm medium
-        set malware-list medium
-        set ems-threat-feed medium
-        set fsa-malicious critical
-        set fsa-high-risk high
-        set fsa-medium-risk medium
-    end
-    config ips
-        set info-severity disable
-        set low-severity low
-        set medium-severity medium
-        set high-severity high
-        set critical-severity critical
-    end
-    config web
-        edit 1
-            set category 26
-            set level high
-        next
-        edit 2
-            set category 61
-            set level high
-        next
-        edit 3
-            set category 86
-            set level high
-        next
-        edit 4
-            set category 1
-            set level medium
-        next
-        edit 5
-            set category 3
-            set level medium
-        next
-        edit 6
-            set category 4
-            set level medium
-        next
-        edit 7
-            set category 5
-            set level medium
-        next
-        edit 8
-            set category 6
-            set level medium
-        next
-        edit 9
-            set category 12
-            set level medium
-        next
-        edit 10
-            set category 59
-            set level medium
-        next
-        edit 11
-            set category 62
-            set level medium
-        next
-        edit 12
-            set category 83
-            set level medium
-        next
-        edit 13
-            set category 72
-            set level low
-        next
-        edit 14
-            set category 14
-            set level low
-        next
-        edit 15
-            set category 96
-            set level medium
-        next
-    end
-    config application
-        edit 1
-            set category 2
-            set level low
-        next
-        edit 2
-            set category 6
-            set level medium
-        next
-    end
-end
-config icap server
-end
-config icap profile
-    edit "default"
-        set replacemsg-group ''
-        set request disable
-        set response disable
-        set streaming-content-bypass disable
-        set preview disable
-        set methods delete get head options post put trace other
-        set icap-block-log disable
-        set chunk-encap disable
-        unset extension-feature
-        config icap-headers
-            edit 1
-                set name "X-Authenticated-User"
-                set content "$user"
-                set base64-encoding disable
-            next
-            edit 2
-                set name "X-Authenticated-Groups"
-                set content "$local_grp"
-                set base64-encoding disable
-            next
-        end
-    next
-end
-config system network-visibility
-    set destination-visibility enable
-    set source-location enable
-    set destination-hostname-visibility enable
-    set hostname-ttl 86400
-    set hostname-limit 5000
-    set destination-location enable
-end
-config user certificate
-end
-config user radius
-end
-config user tacacs+
-end
-config user exchange
-end
-config user ldap
-end
-config user krb-keytab
-end
-config user domain-controller
-end
-config user pop3
-end
-config user saml
-end
-config user fsso
-end
-config user adgrp
-end
-config user fsso-polling
-end
-config user fortitoken
-end
-config user password-policy
-end
-config user local
-end
-config user setting
-    set auth-type http https ftp telnet
-    set auth-cert "Fortinet_Factory"
-    set auth-ca-cert ''
-    set auth-secure-http disable
-    set auth-http-basic disable
-    set auth-ssl-allow-renegotiation disable
-    set auth-src-mac enable
-    set auth-on-demand implicitly
-    set auth-timeout 5
-    set auth-timeout-type idle-timeout
-    set auth-portal-timeout 3
-    set radius-ses-timeout-act hard-timeout
-    set auth-blackout-time 0
-    set auth-invalid-max 5
-    set auth-lockout-threshold 3
-    set auth-lockout-duration 0
-    set per-policy-disclaimer disable
-    set auth-ssl-min-proto-version default
-    unset auth-ssl-max-proto-version
-    set auth-ssl-sigalgs all
-end
-config user peer
-end
-config user peergrp
-end
-config user quarantine
-    set quarantine enable
-    set traffic-policy ''
-    set firewall-groups ''
-end
-config user group
-    edit "SSO_Guest_Users"
-        set authtimeout 0
-        set http-digest-realm ''
-    next
-end
-config user security-exempt-list
-end
-config vpn ssl web realm
-end
-config vpn ssl web host-check-software
-    edit "FortiClient-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "1A0271D5-3D4F-46DB-0C2C-AB37BA90D9F7"
-    next
-    edit "FortiClient-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
-    next
-    edit "FortiClient-AV-Vista"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
-    next
-    edit "FortiClient-FW-Vista"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
-    next
-    edit "FortiClient5-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "5EEDDB8C-C27A-6714-3657-DBD811D1F1B7"
-    next
-    edit "AVG-Internet-Security-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
-    next
-    edit "AVG-Internet-Security-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "8DECF618-9569-4340-B34A-D78D28969B66"
-    next
-    edit "AVG-Internet-Security-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
-    next
-    edit "AVG-Internet-Security-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
-    next
-    edit "CA-Anti-Virus"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
-    next
-    edit "CA-Internet-Security-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
-    next
-    edit "CA-Internet-Security-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
-    next
-    edit "CA-Internet-Security-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
-    next
-    edit "CA-Internet-Security-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
-    next
-    edit "CA-Personal-Firewall"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
-    next
-    edit "F-Secure-Internet-Security-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
-    next
-    edit "F-Secure-Internet-Security-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "D4747503-0346-49EB-9262-997542F79BF4"
-    next
-    edit "F-Secure-Internet-Security-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "15414183-282E-D62C-CA37-EF24860A2F17"
-    next
-    edit "F-Secure-Internet-Security-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
-    next
-    edit "Kaspersky-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
-    next
-    edit "Kaspersky-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
-    next
-    edit "Kaspersky-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
-    next
-    edit "Kaspersky-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
-    next
-    edit "McAfee-Internet-Security-Suite-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
-    next
-    edit "McAfee-Internet-Security-Suite-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
-    next
-    edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
-    next
-    edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
-    next
-    edit "McAfee-Virus-Scan-Enterprise"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
-    next
-    edit "Norton-360-2.0-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
-    next
-    edit "Norton-360-2.0-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
-    next
-    edit "Norton-360-3.0-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "E10A9785-9598-4754-B552-92431C1C35F8"
-    next
-    edit "Norton-360-3.0-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
-    next
-    edit "Norton-Internet-Security-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "E10A9785-9598-4754-B552-92431C1C35F8"
-    next
-    edit "Norton-Internet-Security-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
-    next
-    edit "Norton-Internet-Security-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
-    next
-    edit "Norton-Internet-Security-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
-    next
-    edit "Symantec-Endpoint-Protection-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
-    next
-    edit "Symantec-Endpoint-Protection-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
-    next
-    edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
-    next
-    edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
-    next
-    edit "Panda-Antivirus+Firewall-2008-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
-    next
-    edit "Panda-Antivirus+Firewall-2008-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
-    next
-    edit "Panda-Internet-Security-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
-    next
-    edit "Panda-Internet-Security-2006~2007-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
-    next
-    edit "Panda-Internet-Security-2008~2009-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
-    next
-    edit "Sophos-Anti-Virus"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
-    next
-    edit "Sophos-Enpoint-Secuirty-and-Control-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
-    next
-    edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
-    next
-    edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
-    next
-    edit "Trend-Micro-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
-    next
-    edit "Trend-Micro-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
-    next
-    edit "Trend-Micro-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
-    next
-    edit "Trend-Micro-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
-    next
-    edit "ZoneAlarm-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
-    next
-    edit "ZoneAlarm-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
-    next
-    edit "ZoneAlarm-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
-    next
-    edit "ZoneAlarm-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
-    next
-    edit "ESET-Smart-Security-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
-    next
-    edit "ESET-Smart-Security-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
-    next
-end
-config vpn ssl web portal
-    edit "full-access"
-        set tunnel-mode enable
-        set ipv6-tunnel-mode enable
-        set web-mode enable
-        set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
-        set limit-user-logins disable
-        set forticlient-download enable
-        set ip-mode range
-        set auto-connect disable
-        set keep-alive disable
-        set save-password disable
-        set ip-pools "SSLVPN_TUNNEL_ADDR1"
-        set split-tunneling enable
-        set split-tunneling-routing-negate disable
-        set dns-server1 0.0.0.0
-        set dns-server2 0.0.0.0
-        set dns-suffix ''
-        set wins-server1 0.0.0.0
-        set wins-server2 0.0.0.0
-        set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
-        set ipv6-split-tunneling enable
-        set ipv6-split-tunneling-routing-negate disable
-        set ipv6-dns-server1 ::
-        set ipv6-dns-server2 ::
-        set ipv6-wins-server1 ::
-        set ipv6-wins-server2 ::
-        set display-bookmark enable
-        set user-bookmark enable
-        set user-group-bookmark enable
-        set display-connection-tools enable
-        set display-history enable
-        set display-status enable
-        set rewrite-ip-uri-ui disable
-        set heading "SSL-VPN Portal"
-        set redir-url ''
-        set theme neutrino
-        set custom-lang ''
-        set smb-ntlmv1-auth disable
-        set smb-min-version smbv2
-        set smb-max-version smbv3
-        set use-sdwan disable
-        set clipboard enable
-        set default-window-width 1024
-        set default-window-height 768
-        set host-check none
-        set mac-addr-check disable
-        set os-check disable
-        set forticlient-download-method direct
-        set customize-forticlient-download-url disable
-        set hide-sso-credential enable
-    next
-    edit "web-access"
-        set tunnel-mode disable
-        set ipv6-tunnel-mode disable
-        set web-mode enable
-        set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
-        set limit-user-logins disable
-        set forticlient-download enable
-        set dns-suffix ''
-        set display-bookmark enable
-        set user-bookmark enable
-        set user-group-bookmark enable
-        set display-connection-tools enable
-        set display-history enable
-        set display-status enable
-        set rewrite-ip-uri-ui disable
-        set heading "SSL-VPN Portal"
-        set redir-url ''
-        set theme neutrino
-        set custom-lang ''
-        set smb-ntlmv1-auth disable
-        set smb-min-version smbv2
-        set smb-max-version smbv3
-        set use-sdwan disable
-        set clipboard enable
-        set default-window-width 1024
-        set default-window-height 768
-        set forticlient-download-method direct
-        set customize-forticlient-download-url disable
-        set hide-sso-credential enable
-    next
-    edit "tunnel-access"
-        set tunnel-mode enable
-        set ipv6-tunnel-mode enable
-        set web-mode disable
-        set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
-        set limit-user-logins disable
-        set forticlient-download enable
-        set ip-mode range
-        set auto-connect disable
-        set keep-alive disable
-        set save-password disable
-        set ip-pools "SSLVPN_TUNNEL_ADDR1"
-        set split-tunneling enable
-        set split-tunneling-routing-negate disable
-        set dns-server1 0.0.0.0
-        set dns-server2 0.0.0.0
-        set dns-suffix ''
-        set wins-server1 0.0.0.0
-        set wins-server2 0.0.0.0
-        set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
-        set ipv6-split-tunneling enable
-        set ipv6-split-tunneling-routing-negate disable
-        set ipv6-dns-server1 ::
-        set ipv6-dns-server2 ::
-        set ipv6-wins-server1 ::
-        set ipv6-wins-server2 ::
-        set host-check none
-        set mac-addr-check disable
-        set os-check disable
-        set forticlient-download-method direct
-        set customize-forticlient-download-url disable
-    next
-end
-config vpn ssl settings
-    set status enable
-    set reqclientcert disable
-    set ssl-max-proto-ver tls1-3
-    set ssl-min-proto-ver tls1-2
-    unset banned-cipher
-    set ciphersuite TLS-AES-128-GCM-SHA256 TLS-AES-256-GCM-SHA384 TLS-CHACHA20-POLY1305-SHA256
-    set ssl-insert-empty-fragment enable
-    set https-redirect disable
-    set x-content-type-options enable
-    set ssl-client-renegotiation disable
-    set force-two-factor-auth disable
-    set servercert "Fortinet_Factory"
-    set algorithm high
-    set idle-timeout 300
-    set auth-timeout 28800
-    set login-attempt-limit 2
-    set login-block-time 60
-    set login-timeout 30
-    set dtls-hello-timeout 10
-    set dns-suffix ''
-    set dns-server1 0.0.0.0
-    set dns-server2 0.0.0.0
-    set wins-server1 0.0.0.0
-    set wins-server2 0.0.0.0
-    set ipv6-dns-server1 ::
-    set ipv6-dns-server2 ::
-    set ipv6-wins-server1 ::
-    set ipv6-wins-server2 ::
-    set url-obscuration disable
-    set http-compression disable
-    set http-only-cookie enable
-    set port 443
-    set port-precedence enable
-    set auto-tunnel-static-route enable
-    set header-x-forwarded-for add
-    set dtls-tunnel enable
-    set check-referer disable
-    set http-request-header-timeout 20
-    set http-request-body-timeout 30
-    set auth-session-check-source-ip enable
-    set tunnel-connect-without-reauth disable
-    set hsts-include-subdomains disable
-    set transform-backward-slashes disable
-    set encode-2f-sequence disable
-    set encrypt-and-store-password disable
-    set client-sigalgs all
-    set dual-stack-mode disable
-    set tunnel-addr-assigned-method first-available
-    set saml-redirect-port 8020
-    set dtls-max-proto-ver dtls1-2
-    set dtls-min-proto-ver dtls1-0
-end
-config vpn ssl web user-group-bookmark
-end
-config vpn ssl web user-bookmark
-end
-config vpn ssl client
-end
-config voip profile
-    edit "default"
-        set feature-set proxy
-        set comment "Default VoIP profile."
-        config sip
-            set status enable
-            set rtp enable
-            set nat-port-range 5117-65533
-            set open-register-pinhole enable
-            set open-contact-pinhole enable
-            set strict-register enable
-            set register-rate 0
-            set invite-rate 0
-            set max-dialogs 0
-            set max-line-length 998
-            set block-long-lines enable
-            set block-unknown enable
-            set call-keepalive 0
-            set block-ack disable
-            set block-bye disable
-            set block-cancel disable
-            set block-info disable
-            set block-invite disable
-            set block-message disable
-            set block-notify disable
-            set block-options disable
-            set block-prack disable
-            set block-publish disable
-            set block-refer disable
-            set block-register disable
-            set block-subscribe disable
-            set block-update disable
-            set register-contact-trace disable
-            set open-via-pinhole disable
-            set open-record-route-pinhole enable
-            set rfc2543-branch disable
-            set log-violations disable
-            set log-call-summary enable
-            set nat-trace enable
-            set subscribe-rate 0
-            set message-rate 0
-            set notify-rate 0
-            set refer-rate 0
-            set update-rate 0
-            set options-rate 0
-            set ack-rate 0
-            set prack-rate 0
-            set info-rate 0
-            set publish-rate 0
-            set bye-rate 0
-            set cancel-rate 0
-            set preserve-override disable
-            set no-sdp-fixup disable
-            set contact-fixup enable
-            set max-idle-dialogs 0
-            set block-geo-red-options disable
-            set hosted-nat-traversal disable
-            set hnt-restrict-source-ip disable
-            set max-body-length 0
-            set unknown-header pass
-            set malformed-request-line pass
-            set malformed-header-via pass
-            set malformed-header-from pass
-            set malformed-header-to pass
-            set malformed-header-call-id pass
-            set malformed-header-cseq pass
-            set malformed-header-rack pass
-            set malformed-header-rseq pass
-            set malformed-header-contact pass
-            set malformed-header-record-route pass
-            set malformed-header-route pass
-            set malformed-header-expires pass
-            set malformed-header-content-type pass
-            set malformed-header-content-length pass
-            set malformed-header-max-forwards pass
-            set malformed-header-allow pass
-            set malformed-header-p-asserted-identity pass
-            set malformed-header-sdp-v pass
-            set malformed-header-sdp-o pass
-            set malformed-header-sdp-s pass
-            set malformed-header-sdp-i pass
-            set malformed-header-sdp-c pass
-            set malformed-header-sdp-b pass
-            set malformed-header-sdp-z pass
-            set malformed-header-sdp-k pass
-            set malformed-header-sdp-a pass
-            set malformed-header-sdp-t pass
-            set malformed-header-sdp-r pass
-            set malformed-header-sdp-m pass
-            set provisional-invite-expiry-time 210
-            set ips-rtp enable
-            set ssl-mode off
-        end
-        config sccp
-            set status enable
-            set block-mcast disable
-            set verify-header disable
-            set log-call-summary disable
-            set log-violations disable
-            set max-calls 0
-        end
-    next
-    edit "strict"
-        set feature-set proxy
-        set comment ''
-        config sip
-            set status enable
-            set rtp enable
-            set nat-port-range 5117-65533
-            set open-register-pinhole enable
-            set open-contact-pinhole enable
-            set strict-register enable
-            set register-rate 0
-            set invite-rate 0
-            set max-dialogs 0
-            set max-line-length 998
-            set block-long-lines enable
-            set block-unknown enable
-            set call-keepalive 0
-            set block-ack disable
-            set block-bye disable
-            set block-cancel disable
-            set block-info disable
-            set block-invite disable
-            set block-message disable
-            set block-notify disable
-            set block-options disable
-            set block-prack disable
-            set block-publish disable
-            set block-refer disable
-            set block-register disable
-            set block-subscribe disable
-            set block-update disable
-            set register-contact-trace disable
-            set open-via-pinhole disable
-            set open-record-route-pinhole enable
-            set rfc2543-branch disable
-            set log-violations disable
-            set log-call-summary enable
-            set nat-trace enable
-            set subscribe-rate 0
-            set message-rate 0
-            set notify-rate 0
-            set refer-rate 0
-            set update-rate 0
-            set options-rate 0
-            set ack-rate 0
-            set prack-rate 0
-            set info-rate 0
-            set publish-rate 0
-            set bye-rate 0
-            set cancel-rate 0
-            set preserve-override disable
-            set no-sdp-fixup disable
-            set contact-fixup enable
-            set max-idle-dialogs 0
-            set block-geo-red-options disable
-            set hosted-nat-traversal disable
-            set hnt-restrict-source-ip disable
-            set max-body-length 0
-            set unknown-header pass
-            set malformed-request-line discard
-            set malformed-header-via discard
-            set malformed-header-from discard
-            set malformed-header-to discard
-            set malformed-header-call-id discard
-            set malformed-header-cseq discard
-            set malformed-header-rack discard
-            set malformed-header-rseq discard
-            set malformed-header-contact discard
-            set malformed-header-record-route discard
-            set malformed-header-route discard
-            set malformed-header-expires discard
-            set malformed-header-content-type discard
-            set malformed-header-content-length discard
-            set malformed-header-max-forwards discard
-            set malformed-header-allow discard
-            set malformed-header-p-asserted-identity discard
-            set malformed-header-sdp-v discard
-            set malformed-header-sdp-o discard
-            set malformed-header-sdp-s discard
-            set malformed-header-sdp-i discard
-            set malformed-header-sdp-c discard
-            set malformed-header-sdp-b discard
-            set malformed-header-sdp-z discard
-            set malformed-header-sdp-k discard
-            set malformed-header-sdp-a discard
-            set malformed-header-sdp-t discard
-            set malformed-header-sdp-r discard
-            set malformed-header-sdp-m discard
-            set provisional-invite-expiry-time 210
-            set ips-rtp enable
-            set ssl-mode off
-        end
-        config sccp
-            set status enable
-            set block-mcast disable
-            set verify-header disable
-            set log-call-summary disable
-            set log-violations disable
-            set max-calls 0
-        end
-    next
-end
-config system sdwan
-    set status disable
-    set load-balance-mode source-ip-based
-    set speedtest-bypass-routing disable
-    set duplication-max-num 2
-    set neighbor-hold-down disable
-    set neighbor-hold-down-time 0
-    set neighbor-hold-boot-time 0
-    set fail-detect disable
-    config zone
-        edit "virtual-wan-link"
-            set service-sla-tie-break cfg-order
-        next
-    end
-    config health-check
-        edit "Default_DNS"
-            set probe-packets enable
-            set addr-mode ipv4
-            set system-dns enable
-            set detect-mode active
-            set ha-priority 1
-            set dns-request-domain "www.example.com"
-            set dns-match-ip 0.0.0.0
-            set interval 1000
-            set probe-timeout 1000
-            set failtime 5
-            set recoverytime 10
-            set probe-count 30
-            set diffservcode 000000
-            set update-cascade-interface enable
-            set update-static-route enable
-            set sla-fail-log-period 0
-            set sla-pass-log-period 0
-            set threshold-warning-packetloss 0
-            set threshold-alert-packetloss 0
-            set threshold-warning-latency 0
-            set threshold-alert-latency 0
-            set threshold-warning-jitter 0
-            set threshold-alert-jitter 0
-            config sla
-                edit 1
-                    set link-cost-factor latency jitter packet-loss
-                    set latency-threshold 250
-                    set jitter-threshold 50
-                    set packetloss-threshold 5
-                next
-            end
-        next
-        edit "Default_Office_365"
-            set probe-packets enable
-            set addr-mode ipv4
-            set server "www.office.com"
-            set detect-mode active
-            set protocol http
-            set port 0
-            set ha-priority 1
-            set http-get "/"
-            set http-agent "Chrome/ Safari/"
-            set http-match ''
-            set interval 1000
-            set probe-timeout 1000
-            set failtime 5
-            set recoverytime 10
-            set probe-count 30
-            set diffservcode 000000
-            set update-cascade-interface enable
-            set update-static-route enable
-            set sla-fail-log-period 0
-            set sla-pass-log-period 0
-            set threshold-warning-packetloss 0
-            set threshold-alert-packetloss 0
-            set threshold-warning-latency 0
-            set threshold-alert-latency 0
-            set threshold-warning-jitter 0
-            set threshold-alert-jitter 0
-            config sla
-                edit 1
-                    set link-cost-factor latency jitter packet-loss
-                    set latency-threshold 250
-                    set jitter-threshold 50
-                    set packetloss-threshold 5
-                next
-            end
-        next
-        edit "Default_Gmail"
-            set probe-packets enable
-            set addr-mode ipv4
-            set server "gmail.com"
-            set detect-mode active
-            set protocol ping
-            set ha-priority 1
-            set interval 1000
-            set probe-timeout 1000
-            set failtime 5
-            set recoverytime 10
-            set probe-count 30
-            set diffservcode 000000
-            set update-cascade-interface enable
-            set update-static-route enable
-            set sla-fail-log-period 0
-            set sla-pass-log-period 0
-            set threshold-warning-packetloss 0
-            set threshold-alert-packetloss 0
-            set threshold-warning-latency 0
-            set threshold-alert-latency 0
-            set threshold-warning-jitter 0
-            set threshold-alert-jitter 0
-            config sla
-                edit 1
-                    set link-cost-factor latency jitter packet-loss
-                    set latency-threshold 250
-                    set jitter-threshold 50
-                    set packetloss-threshold 2
-                next
-            end
-        next
-        edit "Default_Google Search"
-            set probe-packets enable
-            set addr-mode ipv4
-            set server "www.google.com"
-            set detect-mode active
-            set protocol http
-            set port 0
-            set ha-priority 1
-            set http-get "/"
-            set http-agent "Chrome/ Safari/"
-            set http-match ''
-            set interval 1000
-            set probe-timeout 1000
-            set failtime 5
-            set recoverytime 10
-            set probe-count 30
-            set diffservcode 000000
-            set update-cascade-interface enable
-            set update-static-route enable
-            set sla-fail-log-period 0
-            set sla-pass-log-period 0
-            set threshold-warning-packetloss 0
-            set threshold-alert-packetloss 0
-            set threshold-warning-latency 0
-            set threshold-alert-latency 0
-            set threshold-warning-jitter 0
-            set threshold-alert-jitter 0
-            config sla
-                edit 1
-                    set link-cost-factor latency jitter packet-loss
-                    set latency-threshold 250
-                    set jitter-threshold 50
-                    set packetloss-threshold 5
-                next
-            end
-        next
-        edit "Default_FortiGuard"
-            set probe-packets enable
-            set addr-mode ipv4
-            set server "fortiguard.com"
-            set detect-mode active
-            set protocol http
-            set port 0
-            set ha-priority 1
-            set http-get "/"
-            set http-agent "Chrome/ Safari/"
-            set http-match ''
-            set interval 1000
-            set probe-timeout 1000
-            set failtime 5
-            set recoverytime 10
-            set probe-count 30
-            set diffservcode 000000
-            set update-cascade-interface enable
-            set update-static-route enable
-            set sla-fail-log-period 0
-            set sla-pass-log-period 0
-            set threshold-warning-packetloss 0
-            set threshold-alert-packetloss 0
-            set threshold-warning-latency 0
-            set threshold-alert-latency 0
-            set threshold-warning-jitter 0
-            set threshold-alert-jitter 0
-            config sla
-                edit 1
-                    set link-cost-factor latency jitter packet-loss
-                    set latency-threshold 250
-                    set jitter-threshold 50
-                    set packetloss-threshold 5
-                next
-            end
-        next
-    end
-end
-config vpn ipsec phase1
-end
-config vpn ipsec phase2
-end
-config vpn ipsec manualkey
-end
-config vpn ipsec concentrator
-end
-config vpn ipsec fec
-end
-config vpn ipsec phase1-interface
-end
-config vpn ipsec phase2-interface
-end
-config vpn ipsec manualkey-interface
-end
-config vpn pptp
-    set status disable
-end
-config vpn l2tp
-    set status disable
-    set lcp-max-echo-fails 3
-    set hello-interval 60
-end
-config vpn ipsec forticlient
-end
-config dnsfilter domain-filter
-end
-config dnsfilter profile
-    edit "default"
-        set comment "Default dns filtering."
-        config domain-filter
-            unset domain-filter-table
-        end
-        config ftgd-dns
-            unset options
-            config filters
-                edit 1
-                    set category 2
-                    set action monitor
-                next
-                edit 2
-                    set category 7
-                    set action monitor
-                next
-                edit 3
-                    set category 8
-                    set action monitor
-                next
-                edit 4
-                    set category 9
-                    set action monitor
-                next
-                edit 5
-                    set category 11
-                    set action monitor
-                next
-                edit 6
-                    set category 12
-                    set action monitor
-                next
-                edit 7
-                    set category 13
-                    set action monitor
-                next
-                edit 8
-                    set category 14
-                    set action monitor
-                next
-                edit 9
-                    set category 15
-                    set action monitor
-                next
-                edit 10
-                    set category 16
-                    set action monitor
-                next
-                edit 11
-                    set category 0
-                    set action monitor
-                next
-                edit 12
-                    set category 57
-                    set action monitor
-                next
-                edit 13
-                    set category 63
-                    set action monitor
-                next
-                edit 14
-                    set category 64
-                    set action monitor
-                next
-                edit 15
-                    set category 65
-                    set action monitor
-                next
-                edit 16
-                    set category 66
-                    set action monitor
-                next
-                edit 17
-                    set category 67
-                    set action monitor
-                next
-                edit 18
-                    set category 26
-                    set action block
-                    set log enable
-                next
-                edit 19
-                    set category 61
-                    set action block
-                    set log enable
-                next
-                edit 20
-                    set category 86
-                    set action block
-                    set log enable
-                next
-                edit 21
-                    set category 88
-                    set action block
-                    set log enable
-                next
-                edit 22
-                    set category 90
-                    set action block
-                    set log enable
-                next
-                edit 23
-                    set category 91
-                    set action block
-                    set log enable
-                next
-            end
-        end
-        set log-all-domain disable
-        set sdns-ftgd-err-log enable
-        set sdns-domain-log enable
-        set block-action redirect
-        set block-botnet enable
-        set safe-search disable
-        set redirect-portal 0.0.0.0
-        set redirect-portal6 ::
-    next
-end
-config system gre-tunnel
-end
-config system ipsec-aggregate
-end
-config system ipip-tunnel
-end
-config system mobile-tunnel
-end
-config system pppoe-interface
-end
-config system vxlan
-end
-config system geneve
-end
-config system virtual-wire-pair
-end
-config system dns-database
-end
-config system dns-server
-end
-config log custom-field
-end
-config antivirus settings
-    set machine-learning-detection enable
-    set use-extreme-db disable
-    set grayware enable
-    set override-timeout 0
-    set cache-infected-result enable
-end
-config antivirus quarantine
-    set agelimit 0
-    set maxfilesize 0
-    set quarantine-quota 0
-    unset drop-infected
-    set store-infected imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
-    unset drop-blocked
-    set store-blocked imap smtp pop3 http ftp nntp imaps smtps pop3s ftps mapi cifs ssh
-    unset drop-machine-learning
-    set store-machine-learning imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
-    set lowspace ovrw-old
-    set destination disk
-end
-config ssh-filter profile
-end
-config antivirus profile
-    edit "g-default"
-        set comment "Scan files and block viruses."
-        set replacemsg-group ''
-        set feature-set flow
-        set mobile-malware-db enable
-        config http
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config ftp
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config imap
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config pop3
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config smtp
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config nntp
-            set av-scan disable
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config cifs
-            set av-scan disable
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config nac-quar
-            set infected none
-            set log disable
-        end
-        set outbreak-prevention-archive-scan disable
-        set external-blocklist-enable-all enable
-        set ems-threat-feed disable
-        set av-virus-log enable
-        set av-block-log enable
-        set extended-log disable
-    next
-    edit "g-sniffer-profile"
-        set comment "Scan files and monitor viruses."
-        set replacemsg-group ''
-        set feature-set flow
-        set mobile-malware-db enable
-        config http
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config ftp
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config imap
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config pop3
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config smtp
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config nntp
-            set av-scan disable
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config cifs
-            set av-scan disable
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config nac-quar
-            set infected none
-            set log disable
-        end
-        set outbreak-prevention-archive-scan disable
-        set external-blocklist-enable-all enable
-        set ems-threat-feed disable
-        set av-virus-log enable
-        set av-block-log enable
-        set extended-log disable
-    next
-    edit "g-wifi-default"
-        set comment "Default configuration for offloading WiFi traffic."
-        set replacemsg-group ''
-        set feature-set flow
-        set mobile-malware-db enable
-        config http
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config ftp
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config imap
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config pop3
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config smtp
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config nntp
-            set av-scan disable
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config cifs
-            set av-scan disable
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config nac-quar
-            set infected none
-            set log disable
-        end
-        set outbreak-prevention-archive-scan disable
-        set external-blocklist-enable-all enable
-        set ems-threat-feed disable
-        set av-virus-log enable
-        set av-block-log enable
-        set extended-log disable
-    next
-end
-config file-filter profile
-    edit "g-default"
-        set comment "File type inspection."
-        set feature-set flow
-        set replacemsg-group ''
-        set log enable
-        set extended-log disable
-        set scan-archive-contents enable
-    next
-    edit "g-sniffer-profile"
-        set comment "File type inspection."
-        set feature-set flow
-        set replacemsg-group ''
-        set log enable
-        set extended-log disable
-        set scan-archive-contents enable
-    next
-end
-config webfilter profile
-    edit "g-default"
-        set comment "Default web filtering."
-        set feature-set flow
-        set replacemsg-group ''
-        unset options
-        set https-replacemsg enable
-        unset ovrd-perm
-        set post-action normal
-        config override
-            set ovrd-cookie deny
-            set ovrd-scope user
-            set profile-type list
-            set ovrd-dur-mode constant
-            set ovrd-dur 15m
-        end
-        config web
-            set bword-threshold 10
-            unset bword-table
-            unset urlfilter-table
-            unset content-header-list
-            set blocklist disable
-            unset allowlist
-        end
-        config ftgd-wf
-            unset options
-            unset ovrd
-            config filters
-                edit 1
-                    set category 0
-                    set action block
-                    set log enable
-                next
-                edit 2
-                    set category 2
-                    set action block
-                    set log enable
-                next
-                edit 3
-                    set category 7
-                    set action block
-                    set log enable
-                next
-                edit 4
-                    set category 8
-                    set action block
-                    set log enable
-                next
-                edit 5
-                    set category 9
-                    set action block
-                    set log enable
-                next
-                edit 6
-                    set category 11
-                    set action block
-                    set log enable
-                next
-                edit 7
-                    set category 12
-                    set action block
-                    set log enable
-                next
-                edit 8
-                    set category 13
-                    set action block
-                    set log enable
-                next
-                edit 9
-                    set category 14
-                    set action block
-                    set log enable
-                next
-                edit 10
-                    set category 15
-                    set action block
-                    set log enable
-                next
-                edit 11
-                    set category 16
-                    set action block
-                    set log enable
-                next
-                edit 12
-                    set category 26
-                    set action block
-                    set log enable
-                next
-                edit 13
-                    set category 57
-                    set action block
-                    set log enable
-                next
-                edit 14
-                    set category 61
-                    set action block
-                    set log enable
-                next
-                edit 15
-                    set category 63
-                    set action block
-                    set log enable
-                next
-                edit 16
-                    set category 64
-                    set action block
-                    set log enable
-                next
-                edit 17
-                    set category 65
-                    set action block
-                    set log enable
-                next
-                edit 18
-                    set category 66
-                    set action block
-                    set log enable
-                next
-                edit 19
-                    set category 67
-                    set action block
-                    set log enable
-                next
-                edit 20
-                    set category 86
-                    set action block
-                    set log enable
-                next
-                edit 21
-                    set category 88
-                    set action block
-                    set log enable
-                next
-                edit 22
-                    set category 90
-                    set action block
-                    set log enable
-                next
-                edit 23
-                    set category 91
-                    set action block
-                    set log enable
-                next
-            end
-            set rate-javascript-urls enable
-            set rate-css-urls enable
-            set rate-crl-urls enable
-        end
-        set log-all-url disable
-        set web-content-log enable
-        set web-filter-command-block-log enable
-        set web-filter-cookie-log enable
-        set web-url-log enable
-        set web-invalid-domain-log enable
-        set web-ftgd-err-log enable
-        set extended-log disable
-    next
-    edit "g-sniffer-profile"
-        set comment "Monitor web traffic."
-        set feature-set flow
-        set replacemsg-group ''
-        unset options
-        set https-replacemsg enable
-        unset ovrd-perm
-        set post-action normal
-        config override
-            set ovrd-cookie deny
-            set ovrd-scope user
-            set profile-type list
-            set ovrd-dur-mode constant
-            set ovrd-dur 15m
-        end
-        config web
-            set bword-threshold 10
-            unset bword-table
-            unset urlfilter-table
-            unset content-header-list
-            set blocklist disable
-            unset allowlist
-        end
-        config ftgd-wf
-            set options ftgd-disable
-            unset ovrd
-            config filters
-                edit 1
-                    set category 0
-                    set action monitor
-                    set log enable
-                next
-                edit 2
-                    set category 1
-                    set action monitor
-                    set log enable
-                next
-                edit 3
-                    set category 2
-                    set action monitor
-                    set log enable
-                next
-                edit 4
-                    set category 3
-                    set action monitor
-                    set log enable
-                next
-                edit 5
-                    set category 4
-                    set action monitor
-                    set log enable
-                next
-                edit 6
-                    set category 5
-                    set action monitor
-                    set log enable
-                next
-                edit 7
-                    set category 6
-                    set action monitor
-                    set log enable
-                next
-                edit 8
-                    set category 7
-                    set action monitor
-                    set log enable
-                next
-                edit 9
-                    set category 8
-                    set action monitor
-                    set log enable
-                next
-                edit 10
-                    set category 9
-                    set action monitor
-                    set log enable
-                next
-                edit 11
-                    set category 11
-                    set action monitor
-                    set log enable
-                next
-                edit 12
-                    set category 12
-                    set action monitor
-                    set log enable
-                next
-                edit 13
-                    set category 13
-                    set action monitor
-                    set log enable
-                next
-                edit 14
-                    set category 14
-                    set action monitor
-                    set log enable
-                next
-                edit 15
-                    set category 15
-                    set action monitor
-                    set log enable
-                next
-                edit 16
-                    set category 16
-                    set action monitor
-                    set log enable
-                next
-                edit 17
-                    set category 17
-                    set action monitor
-                    set log enable
-                next
-                edit 18
-                    set category 18
-                    set action monitor
-                    set log enable
-                next
-                edit 19
-                    set category 19
-                    set action monitor
-                    set log enable
-                next
-                edit 20
-                    set category 20
-                    set action monitor
-                    set log enable
-                next
-                edit 21
-                    set category 23
-                    set action monitor
-                    set log enable
-                next
-                edit 22
-                    set category 24
-                    set action monitor
-                    set log enable
-                next
-                edit 23
-                    set category 25
-                    set action monitor
-                    set log enable
-                next
-                edit 24
-                    set category 26
-                    set action monitor
-                    set log enable
-                next
-                edit 25
-                    set category 28
-                    set action monitor
-                    set log enable
-                next
-                edit 26
-                    set category 29
-                    set action monitor
-                    set log enable
-                next
-                edit 27
-                    set category 30
-                    set action monitor
-                    set log enable
-                next
-                edit 28
-                    set category 31
-                    set action monitor
-                    set log enable
-                next
-                edit 29
-                    set category 33
-                    set action monitor
-                    set log enable
-                next
-                edit 30
-                    set category 34
-                    set action monitor
-                    set log enable
-                next
-                edit 31
-                    set category 35
-                    set action monitor
-                    set log enable
-                next
-                edit 32
-                    set category 36
-                    set action monitor
-                    set log enable
-                next
-                edit 33
-                    set category 37
-                    set action monitor
-                    set log enable
-                next
-                edit 34
-                    set category 38
-                    set action monitor
-                    set log enable
-                next
-                edit 35
-                    set category 39
-                    set action monitor
-                    set log enable
-                next
-                edit 36
-                    set category 40
-                    set action monitor
-                    set log enable
-                next
-                edit 37
-                    set category 41
-                    set action monitor
-                    set log enable
-                next
-                edit 38
-                    set category 42
-                    set action monitor
-                    set log enable
-                next
-                edit 39
-                    set category 43
-                    set action monitor
-                    set log enable
-                next
-                edit 40
-                    set category 44
-                    set action monitor
-                    set log enable
-                next
-                edit 41
-                    set category 46
-                    set action monitor
-                    set log enable
-                next
-                edit 42
-                    set category 47
-                    set action monitor
-                    set log enable
-                next
-                edit 43
-                    set category 48
-                    set action monitor
-                    set log enable
-                next
-                edit 44
-                    set category 49
-                    set action monitor
-                    set log enable
-                next
-                edit 45
-                    set category 50
-                    set action monitor
-                    set log enable
-                next
-                edit 46
-                    set category 51
-                    set action monitor
-                    set log enable
-                next
-                edit 47
-                    set category 52
-                    set action monitor
-                    set log enable
-                next
-                edit 48
-                    set category 53
-                    set action monitor
-                    set log enable
-                next
-                edit 49
-                    set category 54
-                    set action monitor
-                    set log enable
-                next
-                edit 50
-                    set category 55
-                    set action monitor
-                    set log enable
-                next
-                edit 51
-                    set category 56
-                    set action monitor
-                    set log enable
-                next
-                edit 52
-                    set category 57
-                    set action monitor
-                    set log enable
-                next
-                edit 53
-                    set category 58
-                    set action monitor
-                    set log enable
-                next
-                edit 54
-                    set category 59
-                    set action monitor
-                    set log enable
-                next
-                edit 55
-                    set category 61
-                    set action monitor
-                    set log enable
-                next
-                edit 56
-                    set category 62
-                    set action monitor
-                    set log enable
-                next
-                edit 57
-                    set category 63
-                    set action monitor
-                    set log enable
-                next
-                edit 58
-                    set category 64
-                    set action monitor
-                    set log enable
-                next
-                edit 59
-                    set category 65
-                    set action monitor
-                    set log enable
-                next
-                edit 60
-                    set category 66
-                    set action monitor
-                    set log enable
-                next
-                edit 61
-                    set category 67
-                    set action monitor
-                    set log enable
-                next
-                edit 62
-                    set category 68
-                    set action monitor
-                    set log enable
-                next
-                edit 63
-                    set category 69
-                    set action monitor
-                    set log enable
-                next
-                edit 64
-                    set category 70
-                    set action monitor
-                    set log enable
-                next
-                edit 65
-                    set category 71
-                    set action monitor
-                    set log enable
-                next
-                edit 66
-                    set category 72
-                    set action monitor
-                    set log enable
-                next
-                edit 67
-                    set category 75
-                    set action monitor
-                    set log enable
-                next
-                edit 68
-                    set category 76
-                    set action monitor
-                    set log enable
-                next
-                edit 69
-                    set category 77
-                    set action monitor
-                    set log enable
-                next
-                edit 70
-                    set category 78
-                    set action monitor
-                    set log enable
-                next
-                edit 71
-                    set category 79
-                    set action monitor
-                    set log enable
-                next
-                edit 72
-                    set category 80
-                    set action monitor
-                    set log enable
-                next
-                edit 73
-                    set category 81
-                    set action monitor
-                    set log enable
-                next
-                edit 74
-                    set category 82
-                    set action monitor
-                    set log enable
-                next
-                edit 75
-                    set category 83
-                    set action monitor
-                    set log enable
-                next
-                edit 76
-                    set category 84
-                    set action monitor
-                    set log enable
-                next
-                edit 77
-                    set category 85
-                    set action monitor
-                    set log enable
-                next
-                edit 78
-                    set category 86
-                    set action monitor
-                    set log enable
-                next
-                edit 79
-                    set category 87
-                    set action monitor
-                    set log enable
-                next
-                edit 80
-                    set category 88
-                    set action monitor
-                    set log enable
-                next
-                edit 81
-                    set category 89
-                    set action monitor
-                    set log enable
-                next
-                edit 82
-                    set category 90
-                    set action monitor
-                    set log enable
-                next
-                edit 83
-                    set category 91
-                    set action monitor
-                    set log enable
-                next
-                edit 84
-                    set category 92
-                    set action monitor
-                    set log enable
-                next
-                edit 85
-                    set category 93
-                    set action monitor
-                    set log enable
-                next
-                edit 86
-                    set category 94
-                    set action monitor
-                    set log enable
-                next
-                edit 87
-                    set category 95
-                    set action monitor
-                    set log enable
-                next
-            end
-            set rate-javascript-urls enable
-            set rate-css-urls enable
-            set rate-crl-urls enable
-        end
-        set log-all-url disable
-        set web-content-log enable
-        set web-filter-command-block-log enable
-        set web-filter-cookie-log enable
-        set web-url-log enable
-        set web-invalid-domain-log enable
-        set web-ftgd-err-log enable
-        set extended-log disable
-    next
-    edit "g-wifi-default"
-        set comment "Default configuration for offloading WiFi traffic."
-        set feature-set flow
-        set replacemsg-group ''
-        set options block-invalid-url
-        set https-replacemsg enable
-        unset ovrd-perm
-        set post-action normal
-        config override
-            set ovrd-cookie deny
-            set ovrd-scope user
-            set profile-type list
-            set ovrd-dur-mode constant
-            set ovrd-dur 15m
-        end
-        config web
-            set bword-threshold 10
-            unset bword-table
-            unset urlfilter-table
-            unset content-header-list
-            set blocklist disable
-            unset allowlist
-        end
-        config ftgd-wf
-            unset options
-            unset ovrd
-            config filters
-                edit 1
-                    set category 0
-                    set action monitor
-                    set log enable
-                next
-                edit 2
-                    set category 2
-                    set action block
-                    set log enable
-                next
-                edit 3
-                    set category 7
-                    set action block
-                    set log enable
-                next
-                edit 4
-                    set category 8
-                    set action block
-                    set log enable
-                next
-                edit 5
-                    set category 9
-                    set action block
-                    set log enable
-                next
-                edit 6
-                    set category 11
-                    set action block
-                    set log enable
-                next
-                edit 7
-                    set category 12
-                    set action block
-                    set log enable
-                next
-                edit 8
-                    set category 13
-                    set action block
-                    set log enable
-                next
-                edit 9
-                    set category 14
-                    set action block
-                    set log enable
-                next
-                edit 10
-                    set category 15
-                    set action block
-                    set log enable
-                next
-                edit 11
-                    set category 16
-                    set action block
-                    set log enable
-                next
-                edit 12
-                    set category 26
-                    set action block
-                    set log enable
-                next
-                edit 13
-                    set category 57
-                    set action block
-                    set log enable
-                next
-                edit 14
-                    set category 61
-                    set action block
-                    set log enable
-                next
-                edit 15
-                    set category 63
-                    set action block
-                    set log enable
-                next
-                edit 16
-                    set category 64
-                    set action block
-                    set log enable
-                next
-                edit 17
-                    set category 65
-                    set action block
-                    set log enable
-                next
-                edit 18
-                    set category 66
-                    set action block
-                    set log enable
-                next
-                edit 19
-                    set category 67
-                    set action block
-                    set log enable
-                next
-                edit 20
-                    set category 86
-                    set action block
-                    set log enable
-                next
-                edit 21
-                    set category 88
-                    set action block
-                    set log enable
-                next
-                edit 22
-                    set category 90
-                    set action block
-                    set log enable
-                next
-                edit 23
-                    set category 91
-                    set action block
-                    set log enable
-                next
-            end
-            set rate-javascript-urls enable
-            set rate-css-urls enable
-            set rate-crl-urls enable
-        end
-        set log-all-url disable
-        set web-content-log enable
-        set web-filter-command-block-log enable
-        set web-filter-cookie-log enable
-        set web-url-log enable
-        set web-invalid-domain-log enable
-        set web-ftgd-err-log enable
-        set extended-log disable
-    next
-end
-config webfilter override
-end
-config webfilter ftgd-local-rating
-end
-config webfilter search-engine
-    edit "g-baidu"
-        set hostname ".*\\.baidu\\.com"
-        set url "^\\/s?\\?"
-        set query "wd="
-        set safesearch disable
-    next
-    edit "g-baidu2"
-        set hostname ".*\\.baidu\\.com"
-        set url "^\\/(ns|q|m|i|v)\\?"
-        set query "word="
-        set safesearch disable
-    next
-    edit "g-baidu3"
-        set hostname "tieba\\.baidu\\.com"
-        set url "^\\/f\\?"
-        set query "kw="
-        set safesearch disable
-    next
-    edit "g-bing"
-        set hostname ".*\\.bing\\..*"
-        set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
-        set query "q="
-        set safesearch header
-    next
-    edit "g-google"
-        set hostname ".*\\.google\\..*"
-        set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
-        set query "q="
-        set safesearch url
-        set safesearch-str "&safe=active"
-    next
-    edit "g-google-translate-1"
-        set hostname "translate\\.google\\..*"
-        set url "^\\/translate"
-        set query "u="
-        set safesearch translate
-    next
-    edit "g-google-translate-2"
-        set hostname ".*\\.translate\\.goog"
-        set url "^\\/"
-        set query ''
-        set safesearch translate
-    next
-    edit "g-twitter"
-        set hostname "twitter\\.com"
-        set url "^\\/i\\/api\\/graphql\\/.*\\/UserByScreenName"
-        set query "variables="
-        set safesearch translate
-    next
-    edit "g-vimeo"
-        set hostname ".*vimeo.*"
-        set url "^\\/search\\?"
-        set query "q="
-        set safesearch header
-    next
-    edit "g-yahoo"
-        set hostname ".*\\.yahoo\\..*"
-        set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
-        set query "p="
-        set safesearch url
-        set safesearch-str "&vm=r"
-    next
-    edit "g-yandex"
-        set hostname "yandex\\..*"
-        set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"
-        set query "text="
-        set safesearch url
-        set safesearch-str "&family=yes"
-    next
-    edit "g-youtube"
-        set hostname ".*youtube.*"
-        set url ''
-        set query ''
-        set safesearch header
-    next
-    edit "g-yt-channel"
-        set hostname ''
-        set url "www.youtube.com/channel"
-        set query ''
-        set safesearch yt-channel
-    next
-    edit "g-yt-pattern"
-        set hostname ''
-        set url "youtube.com/channel/"
-        set query ''
-        set safesearch yt-pattern
-    next
-    edit "g-yt-scan-1"
-        set hostname ''
-        set url "www.youtube.com/user/"
-        set query ''
-        set safesearch yt-scan
-    next
-    edit "g-yt-scan-2"
-        set hostname ''
-        set url "www.youtube.com/youtubei/v1/browse"
-        set query ''
-        set safesearch yt-scan
-    next
-    edit "g-yt-scan-3"
-        set hostname ''
-        set url "www.youtube.com/youtubei/v1/player"
-        set query ''
-        set safesearch yt-scan
-    next
-    edit "g-yt-scan-4"
-        set hostname ''
-        set url "www.youtube.com/youtubei/v1/navigator"
-        set query ''
-        set safesearch yt-scan
-    next
-    edit "translate"
-        set hostname "translate\\.google\\..*"
-        set url "^\\/translate\\?"
-        set query "u="
-        set safesearch translate
-    next
-    edit "yt-video"
-        set hostname ''
-        set url "www.youtube.com/watch"
-        set query ''
-        set safesearch yt-video
-    next
-end
-config emailfilter profile
-    edit "default"
-        set comment "Malware and phishing URL filtering."
-        set feature-set flow
-        set replacemsg-group ''
-        set spam-log enable
-        set spam-filtering disable
-        set external disable
-        unset options
-        config imap
-            set log-all disable
-        end
-        config pop3
-            set log-all disable
-        end
-        config smtp
-            set log-all disable
-        end
-        config msn-hotmail
-            set log-all disable
-        end
-        config gmail
-            set log-all disable
-        end
-        set spam-bword-threshold 10
-        unset spam-bword-table
-        unset spam-bal-table
-        unset spam-mheader-table
-        unset spam-rbl-table
-        unset spam-iptrust-table
-        set spam-log-fortiguard-response disable
-    next
-    edit "sniffer-profile"
-        set comment "Malware and phishing URL monitoring."
-        set feature-set flow
-        set replacemsg-group ''
-        set spam-log enable
-        set spam-filtering disable
-        set external disable
-        unset options
-        config imap
-            set log-all disable
-        end
-        config pop3
-            set log-all disable
-        end
-        config smtp
-            set log-all disable
-        end
-        config msn-hotmail
-            set log-all disable
-        end
-        config gmail
-            set log-all disable
-        end
-        set spam-bword-threshold 10
-        unset spam-bword-table
-        unset spam-bal-table
-        unset spam-mheader-table
-        unset spam-rbl-table
-        unset spam-iptrust-table
-        set spam-log-fortiguard-response disable
-    next
-end
-config wanopt settings
-    set host-id "default-id"
-    set tunnel-ssl-algorithm high
-    set auto-detect-algorithm simple
-    set tunnel-optimization balanced
-end
-config wanopt peer
-end
-config wanopt auth-group
-end
-config wanopt profile
-    edit "default"
-        set transparent enable
-        set comments "Default WANopt profile."
-        set auth-group ''
-        config http
-            set status disable
-            set secure-tunnel disable
-            set byte-caching enable
-            set ssl disable
-            set prefer-chunking fix
-            set protocol-opt protocol
-            set tunnel-sharing private
-            set log-traffic enable
-        end
-        config cifs
-            set status disable
-            set secure-tunnel disable
-            set byte-caching enable
-            set prefer-chunking fix
-            set protocol-opt protocol
-            set tunnel-sharing private
-            set log-traffic enable
-        end
-        config mapi
-            set status disable
-            set secure-tunnel disable
-            set byte-caching enable
-            set tunnel-sharing private
-            set log-traffic enable
-        end
-        config ftp
-            set status disable
-            set secure-tunnel disable
-            set byte-caching enable
-            set ssl disable
-            set prefer-chunking fix
-            set protocol-opt protocol
-            set tunnel-sharing private
-            set log-traffic enable
-        end
-        config tcp
-            set status disable
-        end
-    next
-end
-config system speed-test-server
-end
-config log memory setting
-    set status enable
-end
-config log disk setting
-    set status disable
-end
-config log eventfilter
-    set event enable
-    set system enable
-    set vpn enable
-    set user enable
-    set router enable
-    set wireless-activity enable
-    set wan-opt enable
-    set endpoint enable
-    set ha enable
-    set security-rating enable
-    set fortiextender enable
-    set connector enable
-    set sdwan enable
-    set cifs enable
-    set switch-controller enable
-end
-config log memory filter
-    set severity information
-    set forward-traffic enable
-    set local-traffic enable
-    set multicast-traffic enable
-    set sniffer-traffic enable
-    set ztna-traffic enable
-    set anomaly enable
-    set voip enable
-    set gtp enable
-end
-config log disk filter
-    set severity information
-    set forward-traffic enable
-    set local-traffic enable
-    set multicast-traffic enable
-    set sniffer-traffic enable
-    set ztna-traffic enable
-    set anomaly enable
-    set voip enable
-    set dlp-archive enable
-    set gtp enable
-end
-config log fortiguard override-setting
-    set override disable
-    set access-config enable
-end
-config log tacacs+accounting setting
-    set status disable
-end
-config log tacacs+accounting2 setting
-    set status disable
-end
-config log tacacs+accounting3 setting
-    set status disable
-end
-config log tacacs+accounting filter
-    set login-audit enable
-    set config-change-audit enable
-    set cli-cmd-audit enable
-end
-config log tacacs+accounting2 filter
-    set login-audit enable
-    set config-change-audit enable
-    set cli-cmd-audit enable
-end
-config log tacacs+accounting3 filter
-    set login-audit enable
-    set config-change-audit enable
-    set cli-cmd-audit enable
-end
-config log null-device setting
-    set status disable
-end
-config log null-device filter
-    set severity information
-    set forward-traffic enable
-    set local-traffic enable
-    set multicast-traffic enable
-    set sniffer-traffic enable
-    set ztna-traffic enable
-    set anomaly enable
-    set voip enable
-    set gtp enable
-end
-config log setting
-    set resolve-ip disable
-    set resolve-port enable
-    set log-user-in-upper disable
-    set fwpolicy-implicit-log disable
-    set fwpolicy6-implicit-log disable
-    set log-invalid-packet disable
-    set local-in-allow disable
-    set local-in-deny-unicast disable
-    set local-in-deny-broadcast disable
-    set local-out disable
-    set neighbor-event disable
-    set brief-traffic-format disable
-    set user-anonymize disable
-    set fortiview-weekly-data disable
-    set expolicy-implicit-log disable
-    set log-policy-comment disable
-    set faz-override disable
-    set syslog-override disable
-    set rest-api-set disable
-    set rest-api-get disable
-end
-config log gui-display
-    set resolve-hosts enable
-    set resolve-apps enable
-    set fortiview-unscanned-apps disable
-end
-config system lldp network-policy
-end
-config firewall schedule onetime
-end
-config firewall schedule recurring
-    edit "always"
-        set start 00:00
-        set end 00:00
-        set day sunday monday tuesday wednesday thursday friday saturday
-        set color 0
-        set fabric-object disable
-    next
-    edit "none"
-        set start 00:00
-        set end 00:00
-        set day none
-        set color 0
-        set fabric-object disable
-    next
-    edit "default-darrp-optimize"
-        set start 01:00
-        set end 01:30
-        set day sunday monday tuesday wednesday thursday friday saturday
-        set color 0
-        set fabric-object disable
-    next
-end
-config firewall schedule group
-end
-config firewall ippool
-    edit "Outside_Pool"
-        set type overload
-        set startip 198.36.24.240
-        set endip 198.36.24.241
-        set arp-reply enable
-        set arp-intf ''
-        set associated-interface ''
-        set cgn-client-ipv6shift 0
-        set comments ''
-        set nat64 disable
-    next
-end
-config firewall ippool6
-end
-config firewall ldb-monitor
-end
-config firewall vip
-    edit "VIP_Webosphere"
-        set id 0
-        set uuid cee90f74-9fbd-51ec-8812-57713fdf5603
-        set comment ''
-        set type static-nat
-        set extip 198.36.24.16
-        set nat44 enable
-        set nat46 disable
-        set mappedip "10.1.48.117"
-        set extintf "port10"
-        set arp-reply enable
-        set nat-source-vip disable
-        set portforward disable
-        set gratuitous-arp-interval 0
-        set ssl-client-rekey-count 0
-        set color 0
-    next
-end
-config firewall vip6
-end
-config firewall vipgrp
-end
-config firewall vipgrp6
-end
-config firewall ssh local-key
-    edit "g-Fortinet_SSH_DSA1024"
-        set password ENC QdEO/WQ+iF/lGuEoQUOHsqLy87+yai0suF6/3Qw+jpaDcshNXsvrDDkROSShO+BkWX0cE6JO8rK686OzAEWvCr0xTYqNJhvX/mV0Nh08wK0s/P4kbqXv6rQSmGQuk/gXTfrkYQcWdGcAXyA5wVL5gJnAKn3aezA3nHVZPyYChX9vs34A+wSNCOH4dOA1X49OQjTj4A==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCsTsvNYA
-0b26004l8z8i7xAAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDho
-KqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTq
-a7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq
-7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXk
-jxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFR
-XsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEe
-P+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5
-lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11G
-wlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQAAAHgzgAOtcSS6fPeDulJ
-39PdJTzYpcTKSuHcUZV/mNHTzVhJqQxB6B9HLzfNKCy3EryifKql5HG2hhH6sggu00PbIl
-iLwFSIZRomdxWdDEC/0iOm/SvFkMMDR4R1VjNiqNsZcalKL0MuUbD65eRQEMhNwU+NnfD3
-w9zUGnQIrY823ehOaomlgzFJyBj88c3wOp/QAnaJwkK0q+F6pPUrA8Elyxjx95e2ysstac
-xjp4WRnWaAh13goad2tKPYRZr7LBYRpJMDLrTuedPzSbe+qgKEeMG3LiOX5dSEzRYh0CdL
-YihrYMyiosE9Q42QWGVt1tostNWY+P84pl6Ums5yH2ePz0htMhv6Ykcw+zuDGgDPQPIep+
-YivEsMViSNYAftgwHjKZY9vSm9Z080nCD1Y7am2KxKiDxLZjMpGoCqUVj0bgMRatalRs9e
-ZeRwi8Snls61FjQiyIFMcfKsihvBrZaFKIz53IBgSFp3t3vmOB1PVHy9oW0DqP8vgCu6qy
-wgqiinAB9ITb6R899zqkf6OTL/gTmZvZJQdG6X/L6xM/GeqAlbNqq/XUI2W/3AGGFYurRb
-floJVo0ZGUcsZBwbJZf83CXohyF0ZxU+BA7z/THjasuxqgW+xil417cAAMx1kY0x
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDhoKqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTqa7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXkjxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFRXsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEeP+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11GwlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQ="
-        set source built-in
-    next
-    edit "g-Fortinet_SSH_ECDSA256"
-        set password ENC 5zUQLVqK/OmAZZMQjYn2qDJkISRUM4TZ4MlwXKg2JPcjDWiDBoofKXIVXRUBYlAGGzs7ddzf1elzdcj+MDGV007CbuR4XR+Jre3pFxGvOMdxtnO0SKIc2np1MMkw9ShaOtoTzUvUHY4zt4I/L48ybkdeyMFuN83kozIB7NwX7pDrvFhmrf/+bJqU5l5zlzoi/hGEdA==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABC6LqlkPY
-/Hdb6OrWPuEFY0AAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
-dHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvK
-y7MHqF8ARHi1glc6RSoarryTUQuCIAAACgVxupR7dKdgRH81tvCGVVIDuY//Vx1Yi/Yk0h
-BPrtDwxQhyoplotmX9mTOqazAvefWgTaNjvM9ijdzDa4ZaqNRnnG3P2I6Q9MPhjJtAXU8d
-6sLeriRKwNwnKx2IOvUqw/Pwe6rsubJPij0vXYi/cYVz21DERJvAG+5+1ADdYBbCKG7eEH
-84sWnBQ98dSS7TCNT3vSK6o2Bd6JddGULj+UPw==
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvKy7MHqF8ARHi1glc6RSoarryTUQuCI="
-        set source built-in
-    next
-    edit "g-Fortinet_SSH_ECDSA384"
-        set password ENC P3ENShbD7zM0LHC4LvAYV1fKsuz1MOLLL9MKC47mCoj/L7Dza2o2jiZ7jWftr7cytqr6w5qss2C69z7CAbqS+cf9qKVk7tEfZHS/fesLTvs/eKERZQYOnLJzvxpneZJ6kCkoKwDTgunJdONuiXpdqpNyRjJXOaacFJJ4DMWP13x86f5eZhvxpbo+w8aGCnUi4kyk+Q==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB0uOieAX
-++ifn8DLavtjHxAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
-dHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMj
-U5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXx
-dgAAANBLValBjOP2r5C1kT+Yr9A5Ce28py9bbFBwKGsyJRRyVOmJJvq/CjlgWrdenCuNED
-QUokZvQZZhhbXnk4KZcl/XWrq1b2lCxwSBLiiGLpyNUg+AvIRs13UiMZtLJLbxRR43BNpZ
-9FDCpid1AfE6TwpGvdx1dn6Ah4nfcxO7emsKe15Gri6KKxZxLD2ITDErEPrfZ5S8FBNKYW
-HQFDVYdALCo70/aeJhlUqqW4Xq2SW4LLvSFw0aeRi1GGUS+ym6ffR9h8h9cVatLZs8h6st
-2F3+
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMjU5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXxdg=="
-        set source built-in
-    next
-    edit "g-Fortinet_SSH_ECDSA521"
-        set password ENC QUnj5gOr5jjm/pzF8aJV+DP3JKLD7HLNT1GOlY7hsXyfdWHf1iia0lWwuvquS4eM3kOZuHkEXWOBMWDYhZN17K9TaC7xjZjzUWja8FNbZZYxs6EQh434QTT5OXJ0oDum/wTaxhlSEGNYkP821OWEKuPwpdkoj//IoPNetreeSRuYeEsI/mLKD3H2ltbDMf3OYue4Qg==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCBJpFvQr
-+3HPGMTII33aC8AAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
-dHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdF
-t5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+K
-HPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RAAAAQAIIfxsaGk5HnTJGL
-gKLEvymOn6YH6QOWCl3sPREJV3f1eePm1s+1AYbP9In7PkE7QJAxsFua8lebxEp6Uif4xA
-NkmFr2DxyTQX109wM71cssRrSvjlYiMJqFd2l8xeqlZA+2YEYCKkVZnJBry/oKoDfcELyX
-1EJVj9DPHrjRA1Y0VqOyXqLbmf5iZaLZskZ3LzRE2mH08rL5h+eYbeJVD0UmKN7NdwJtU9
-We+TPo2xrB6elHZIMlV4ppGUPifwR5ni+ZRgS+o/+zoHu29PEvGztRWNBN957ZaTGd5eNY
-v/mW78+7F5tmt/KkV2SW7sJmZxcPoA0ONHwtHmaHqdhuua
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdFt5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+KHPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RA=="
-        set source built-in
-    next
-    edit "g-Fortinet_SSH_ED25519"
-        set password ENC /+JwF7xXYiqM2izVMKkxGxU2BpXIlUjAtaYL2bLUpriBGJV+j1a1FeqM3IWDsLaPFL3J1SFN5NDWVhQC/uUVjyqB6vh5rxhNTuk0CAFFUn4sPaCNfLLkHRZ1de9DAqWzg2aixq2xihf21SOzW2RUy88exVLc1c6vg++qmwi+g8Gkgt7HtheHSlFftTTWDotui9Jy9A==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDW2SdDDT
-+IBJQ0+eayPutWAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd
-3JUEAvHnugjOGiXz5Puxg/8YfanOAAAAkMpcWN7RXKH/uB0iWRlrAKTPHK0f1xqBoz6yqO
-V89vDInRfhlwYhS9AuFfm2OElbDGek4zOMNpFrGa7tlJw1NC74SQlDkBe1wrLauUy9MLyk
-ZCBfC6Gw8g7S3xwMYKQ+AVUjfQ2x/800xJhBLKH/3X5gtyjIKuXhRTEjZQBbBQjWtDw++i
-9pkiQ2ltDNDw2Upw==
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd3JUEAvHnugjOGiXz5Puxg/8YfanO"
-        set source built-in
-    next
-    edit "g-Fortinet_SSH_RSA2048"
-        set password ENC AOsjhcdCi8SuwZEEY6xsw8KekvN2ZOepSB3QDQZHeqUNIlAKhzHvYDWBlb+ZrVQpntNItCkxvpN0Mt5rrPQKWJiH+7oyDCIqo0qFOVtS93yCRatRGN4J60qRXc/IwYcRVPgPaUULwc5WWBQZ143PG9nx7Fu1NryROQpRBdOeqAsQnsonzGvEKRaHnt+UgZD5Zekmgg==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAFQPGDpG
-Q8o+mktySPJqK5AAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhh
-Q5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7
-A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GK
-hFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvC
-HA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8z
-OSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0vAAADwBoKo+7xugNDDC
-Xb+rcQGbPgkSpeDCY6NocfPJ99rrKPm2/Q230fzQ6LHbVTujGV3K+BamTb+CjXkZaXlvU/
-OrscZtORhABTRBd4/oY1nRjSDvQerQD8jjKAgJvqWE2KwPZJkenrdLPQeSjvfCTt28whuU
-FBEEsoQe3/L6FKL09xCmyjv4nozCDd6+/qHKhTXa3X9kuRHgjifu0GKAgVzVCbNCt4DHKD
-NzMLQEBvluihTyHefkeb0jY1InbckYU20NljTqEk0/F2koKrYi3YAg0mvZjM9tVx95zJNo
-TnsdlfdUZXMuWAV11rn6QrLfd8QrGwOUEWtYzZRhCcSFV1c32dCWMf7F6Zcn84g64HVMqB
-cd0ullOU9HmEtnbgZjtGXAWLFF+4SjmsHqI8TL0AZU85+aW6JB5XZ7WxunNSiP2DrF9Fss
-x8Qz5S/QJRb8d7lO5Laq4MGXyjaWpPQU+4Hl1lSBtuUp7lcMHMYy3jKXSroSzcDGocEN/A
-Ori4Mgc/nt7i7HHXOO2wEXHO5ibYfbSibPeUsbgdf6+777ND7kEXbcGJPvraeR4LmrO6T8
-cTLkXCakcXp6tLzwF0YEASKEEsr8gJcAPahsV2ITa1peppN/yA3+mW4bfAoNOE9HZYiYgO
-/1RGz1eIW5voQdPWbnw0kFGFBv4u4XT1dbXJUPpa/g+jfWjwyb4TDgVpMGMezfyYo7EBCz
-E3b0Rruyfo6AGgK0UmbrznOR6vApeRcjr+BrjNUPpqBcwfEbAPJMOlqaOVP3B37UBpbgDX
-pRoIAOTwEKtWwKN/wM8CmrRxqInWUBxf3FD4wc0O6eXUDQzKsQp/+X3l8sgtrNFa554LbW
-V5QF9BfO1IJig8yaki3xg+M8Hrf3kMlMeOWLXkCJ9aJf9GUFf4InyhXeyj4YwBPNb4FRCS
-ETU45sLhXhvRVPQGW9/PBj6y7i6qIE9oqlqiQ1SE0bUJTxey+4qD3WkPpHqSPQMeMkUmIv
-tpWKE15D5NTdKKtziX9e7D9mjfFh4Ab1CSZQALodWo9racYYIgl7Lfq/iLBt/lCRb75ZDx
-+gPGjDrAuj+A4xbRmrRZbSHAVunAm2LEKgrILzfPG1GcWSdB0Yd3cc2HTrEuWQQsbNPiuN
-tRMPA5JODd1sqFRkUjZ2GWqL6YW2TlRXr8ZbLgzyWTlWY860QRUoEZKAKuZzFva1/MnHYc
-D9EWV32z3WAFXeOkdO53LirfXoyvz2JkQ1sDLFpLfpnvZPjy6fUd1t4uZ9oL4AUcG5A+sH
-Xt1vvScA==
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhhQ5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GKhFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvCHA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8zOSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0v"
-        set source built-in
-    next
-end
-config firewall ssh local-ca
-    edit "g-Fortinet_SSH_CA"
-        set password ENC +6eke+RxJCi5x3Wwz5S9Zj5GbB+fNHmf7uczXmu0olO6hlarTRIGZkvYOu4EALfXUnrGg8p9P55+d+dj1Q1WDWoLcLm4YxrBHiruIdqVoHOpjkiVt8YDMhUYd17l9WsrwsLJ7y86np9Mlej3oJAmZ4rBbGPS8kw+1Pw5UJG+iR3+kltp3M+1GvxcC/e+YzH1qUpPFw==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBXtpsaPd
-cKixlCrpH1L+AaAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAAC
-NC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+U
-ZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGP
-E/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7A
-TB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIa
-Mk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9AAADwP015jrfUNd4Is
-nXeV2jaurZ4OE4N//EUdqSfty0cK61mhaqrWUdyzDhnsPacuNYO8Qf23oNsuBMgQk4VgKT
-+RhSuipr6Q4i+7AFEdDz8JknAaIYmQQUgPli583uyXKk3tCeOu3lna6rCl0LQTUigS6oby
-5Ha/qPEZiTqGkydWdVm0J9q8VvBDBMIxYF2IEZTr+Ie9+N+fy53FwnK0Hfn9ZzC8eH2GWI
-pdDeCRNUlNbwFcNIbpOlo7HelDLxWvrLexIhdbEsZYfK98sCDkHAg8J1UtjiRXDnWOyamx
-MYL1FfzQG1dl/d5uR5OH8H0ULsu/PgJYGtNeumS7phEJOoqVjrWEoGCte3WEDdLl9kOxJz
-8B6JR1U0DifuSr64LrCuaLXjSd0RMQ/pqJdUfpyjVhBg+voS78b0J2CrMT6iFlVTgiJN/U
-wvCx4lh970xWzf/wwpRGN8aYM3oCZs/bDtDVwJxMttMFn/3dNTa6+E0/g3vPWM+o+/FUz+
-OKptMFTGqCLNwtLatTSRWFG3xu/5hIH8zlcSjycgu8GHeYjq3PRZdy2dFsAW9pUiaPIdHD
-PjoQgl13NZvl5NZYUDTKGqOnowLkI00NvoGlCqCtdMHtZ+ZMVZpFhgYBTnM+AprRbtiwWq
-JFRmwJlqDYZd+J1ugxuzS1UeN2lzs56GOPFnjqkhelrHxqq45H6KRNLEyCxyI6BhFFO69C
-Qest9C8MkpXOjU1+9MAXJ6JPbJJT5o2Fm1r6W7IlpMVifgDya2dSkvUBV/bUrRTB1jWAlN
-+dwlacXiJrOEmllFNQr7ZG4aIN+tCGnRPO3LBIy5EQqORaM6XxmlN0Ok4KELiVQz+lYRx4
-KgREH9C7Bfh9GKZJQL7aWXb8+GgkD4WGN77iwKu6LIE6mOogapRn71Ci80/+NL6uMCrBKl
-uArsYelYs+3iZDAfRb67cqDSYWIm2uWJ9j6ZePWjqB7etXLfheIgPEXALsHfbzFqVxqeqZ
-8hIoe2BIrWxdAKSk0ZBeGhU+8pWqNNfr3FAbelg7en3/3hddLFKYJnImCsJnUESdySg0nL
-s/IjFJJoVg1KhtMsGH5nJyDBLRRSk2hIQ86OKbsWmtQV81kwLpssDBAtvI46Yi3aR1jqof
-S5QDHEI2fEhbvSFhdY26Vt9M+NGxYRASMoak6f6CYAC9xAG3BHjiBiEPzhkK6vmcfjjX+4
-+y5RZ3i75Vodx9N1FYWlhGo/430Q8E1IlWSAYlW7elypTnrfpHhTBJ5KN/cH0jRECai4gr
-ABMNge5w==
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAACNC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+UZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGPE/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7ATB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIaMk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9"
-        set source built-in
-    next
-    edit "g-Fortinet_SSH_CA_Untrusted"
-        set password ENC gRulslEjCVAfHZdzwghA1O4wa/zbY3uIeVjnD91T1J+XVqFj0aXfu4oVRnkrrtwUiKDMSFULWufjOrBY9pBWwdhwnbA/1FWc5313HfJlueZnG/3fyWkXfVyPyph6I88l36m5zL2L71kkHosA9EUZf6p3plLJ+fln/5pm4nr8Voq+fg4W03ItIDD2x+YmnkNI1fpgyA==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABD/KlvLSV
-ypHyY6ugUeE/hMAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9
-RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lE
-ZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eU
-iw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFG
-Xi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mv
-NVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZlAAADwDMtKa5JA56wxK
-0V/lnCF4yiSneXjb/G6Sdt6RMxopk4ZeIrHTzQYZejJcYWY4fq/1Ifu/bhWryo4fimHzQB
-Emd8yKx3JVno0jqb+DXgC0ggoOVyEoSxImfjeX9utZifTv7IDppx5JIUy9fV0uTa3K4OH+
-xhExXukD4qKjlkmOoa1+Pn8GuuayjIzWY/45Vvmgx6cRQJ2zK9YzMrf+1atXJzEmjsQ0t/
-UZd0hWfYfTebwR0JTt3tF9nUJPMx8vI564EuHz+xN1I7CQdj+Oif2bTyv3Fu/3yKQuAm6n
-NRDCNj+NgMHyAu5q6rxIqHTH4oZnJ0OQwu1Gsk8FhzMHZdW7ZHOIxihR71axts/g5NuBri
-aUyfDT6X6w847kQO/ijODuTD3N0lnsPQMWCijRUrF4F0l3D2hXM1fNVELAHkO1hO27LSrC
-iNWtrhbn1NmJSitwYSieTTczKa6+TkRg31w52JR8Cjpk0Q/9Xih8p5m48Ywo35ZBWE3jC4
-NGeXKX5t8hNilVuHb6amgNXtoREM178ursALABc4uPoqV5jdKjZ5HfDgxPayJP0a02iD3F
-zpXvq5+Povk0WbuRW0cOg6Xri3pL5zr0YrGysKKV02urJv7AMRr3e81kzIs6hGDAdFRZEB
-VaLk8e8GIm1KdutZ5VyunrhEEQuXjwRbgUMHWbLYGyl6NcR6VrTR3mAxietZJ+vpO/j1U+
-jL+RcZwQs2RF0l/sKJ4GYXEKG1Dg7HaduzQVX5MZMkf4YDs43SZMCP2gecIKrqZpn9MEGk
-1JewLIQq7bioSpXHzLgE6WyXVLsNNWrEv1/BxJIKtZ5BySsL8H14kzQYZxcobQ3jZX3GSL
-eaPyZwBs+M5VadHELZp61eUB1+OGMYQOHogihV5KRfudQAjmtak3e5xDtmXzrNaKF+webM
-vMvSL6na2ADlDjS5m6FB4SQhcO/e4DERGKHZVV0r00CSamcTDCtcBHXNkoIQJVH0+uZxfo
-/5Tzu5Nsy6QieR3zwT7Jqv3jgJt7hnhm3tjE+eomJ7i05qYihnvj0XAAtRllhq25UhJXh1
-Uaw0c0H18jz0NP63FbFNXcPJJrhQkiELsZvNDi/U+XvbLlwwZZjXYrzSB7Gi1ImFRx85/S
-pkYR0drWgEM1k17hqSpS6RxxnL4ReX4UuwC8pJnkHFkmlz6oFWGJC07qcS7WXaTTLnvKNn
-vf2tdICS8wHNDfNVNnLha8hJHEZ3s6CwPVAZ+/M3YB4/RsSiK0D6aTTfcJi0aluTZtYF02
-PWD7d7mw==
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lEZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eUiw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFGXi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mvNVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZl"
-        set source built-in
-    next
-end
-config firewall ssh setting
-    set caname "g-Fortinet_SSH_CA"
-    set untrusted-caname "g-Fortinet_SSH_CA_Untrusted"
-    set hostkey-rsa2048 "g-Fortinet_SSH_RSA2048"
-    set hostkey-dsa1024 "g-Fortinet_SSH_DSA1024"
-    set hostkey-ecdsa256 "g-Fortinet_SSH_ECDSA256"
-    set hostkey-ecdsa384 "g-Fortinet_SSH_ECDSA384"
-    set hostkey-ecdsa521 "g-Fortinet_SSH_ECDSA521"
-    set hostkey-ed25519 "g-Fortinet_SSH_ED25519"
-    set host-trusted-checking enable
-end
-config firewall ssh host-key
-end
-config firewall decrypted-traffic-mirror
-end
-config firewall access-proxy-virtual-host
-end
-config firewall access-proxy-ssh-client-cert
-end
-config firewall access-proxy
-end
-config firewall access-proxy6
-end
-config firewall ipmacbinding setting
-    set bindthroughfw disable
-    set bindtofw disable
-end
-config firewall ipmacbinding table
-end
-config firewall profile-protocol-options
-    edit "default"
-        set comment "All default services."
-        set replacemsg-group ''
-        set oversize-log disable
-        set switching-protocols-log disable
-        config http
-            set ports 80
-            set status enable
-            set inspect-all disable
-            set proxy-after-tcp-handshake disable
-            unset options
-            set comfort-interval 10
-            set comfort-amount 1
-            set range-block disable
-            set strip-x-forwarded-for disable
-            unset post-lang
-            set streaming-content-bypass enable
-            set switching-protocols bypass
-            set unknown-http-version reject
-            set tunnel-non-http enable
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set stream-based-uncompressed-limit 0
-            set scan-bzip2 enable
-            set block-page-status-code 403
-            set retry-count 0
-            set tcp-window-type auto-tuning
-            set ssl-offloaded no
-            set address-ip-rating enable
-        end
-        config ftp
-            set ports 21
-            set status enable
-            set inspect-all disable
-            set options splice
-            set comfort-interval 10
-            set comfort-amount 1
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set stream-based-uncompressed-limit 0
-            set scan-bzip2 enable
-            set tcp-window-type auto-tuning
-            set ssl-offloaded no
-            set explicit-ftp-tls disable
-        end
-        config imap
-            set ports 143
-            set status enable
-            set inspect-all disable
-            set proxy-after-tcp-handshake disable
-            set options fragmail
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set scan-bzip2 enable
-            set ssl-offloaded no
-        end
-        config mapi
-            set ports 135
-            set status enable
-            set options fragmail
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set scan-bzip2 enable
-        end
-        config pop3
-            set ports 110
-            set status enable
-            set inspect-all disable
-            set proxy-after-tcp-handshake disable
-            set options fragmail
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set scan-bzip2 enable
-            set ssl-offloaded no
-        end
-        config smtp
-            set ports 25
-            set status enable
-            set inspect-all disable
-            set proxy-after-tcp-handshake disable
-            set options fragmail splice
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set scan-bzip2 enable
-            set server-busy disable
-            set ssl-offloaded no
-        end
-        config nntp
-            set ports 119
-            set status enable
-            set inspect-all disable
-            set proxy-after-tcp-handshake disable
-            set options splice
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set scan-bzip2 enable
-        end
-        config ssh
-            unset options
-            set comfort-interval 10
-            set comfort-amount 1
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set stream-based-uncompressed-limit 0
-            set scan-bzip2 enable
-            set tcp-window-type auto-tuning
-            set ssl-offloaded no
-        end
-        config dns
-            set ports 53
-            set status enable
-        end
-        config cifs
-            set ports 445
-            set status enable
-            unset options
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set scan-bzip2 enable
-            set tcp-window-type auto-tuning
-            set server-credential-type none
-        end
-        config mail-signature
-            set status disable
-            set signature ''
-        end
-        set rpc-over-http disable
-    next
-end
-config firewall ssl-ssh-profile
-    edit "certificate-inspection"
-        set comment "Read-only SSL handshake inspection profile."
-        config ssl
-            set inspect-all disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set min-allowed-ssl-version tls-1.1
-        end
-        config https
-            set ports 443
-            set status certificate-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set sni-server-cert-check enable
-            set cert-probe-failure block
-            set min-allowed-ssl-version tls-1.1
-        end
-        config ftps
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set min-allowed-ssl-version tls-1.1
-        end
-        config imaps
-            set status disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config pop3s
-            set status disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config smtps
-            set status disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config ssh
-            set ports 22
-            set status disable
-            set inspect-all disable
-            set unsupported-version bypass
-            set ssh-tun-policy-check disable
-            set ssh-algorithm compatible
-        end
-        config dot
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        set block-blocklisted-certificates enable
-        set caname "Fortinet_CA_SSL"
-        set ssl-anomaly-log enable
-        set ssl-negotiation-log disable
-        set ssl-server-cert-log disable
-        set ssl-handshake-log disable
-    next
-    edit "deep-inspection"
-        set comment "Read-only deep inspection profile."
-        config ssl
-            set inspect-all disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set min-allowed-ssl-version tls-1.1
-        end
-        config https
-            set ports 443
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set sni-server-cert-check enable
-            set min-allowed-ssl-version tls-1.1
-        end
-        config ftps
-            set ports 990
-            set status deep-inspection
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set min-allowed-ssl-version tls-1.1
-        end
-        config imaps
-            set ports 993
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config pop3s
-            set ports 995
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config smtps
-            set ports 465
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config ssh
-            set ports 22
-            set status disable
-            set inspect-all disable
-            set unsupported-version bypass
-            set ssh-tun-policy-check disable
-            set ssh-algorithm compatible
-        end
-        config dot
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        set allowlist disable
-        set block-blocklisted-certificates enable
-        config ssl-exempt
-            edit 1
-                set type fortiguard-category
-                set fortiguard-category 31
-            next
-            edit 2
-                set type fortiguard-category
-                set fortiguard-category 33
-            next
-            edit 3
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-adobe"
-            next
-            edit 4
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Adobe Login"
-            next
-            edit 5
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-android"
-            next
-            edit 6
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-apple"
-            next
-            edit 7
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-appstore"
-            next
-            edit 8
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-auth.gfx.ms"
-            next
-            edit 9
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-citrix"
-            next
-            edit 10
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-dropbox.com"
-            next
-            edit 11
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-eease"
-            next
-            edit 12
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-firefox update server"
-            next
-            edit 13
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-fortinet"
-            next
-            edit 14
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-googleapis.com"
-            next
-            edit 15
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-drive"
-            next
-            edit 16
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play2"
-            next
-            edit 17
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play3"
-            next
-            edit 18
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Gotomeeting"
-            next
-            edit 19
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-icloud"
-            next
-            edit 20
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-itunes"
-            next
-            edit 21
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-microsoft"
-            next
-            edit 22
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-skype"
-            next
-            edit 23
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-softwareupdate.vmware.com"
-            next
-            edit 24
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-verisign"
-            next
-            edit 25
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Windows update 2"
-            next
-            edit 26
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-live.com"
-            next
-            edit 27
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play"
-            next
-            edit 28
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-update.microsoft.com"
-            next
-            edit 29
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-swscan.apple.com"
-            next
-            edit 30
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-autoupdate.opera.com"
-            next
-            edit 31
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-cdn-apple"
-            next
-            edit 32
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-mzstatic-apple"
-            next
-        end
-        set server-cert-mode re-sign
-        set caname "Fortinet_CA_SSL"
-        set untrusted-caname "Fortinet_CA_Untrusted"
-        set ssl-exemption-ip-rating enable
-        set ssl-exemption-log disable
-        set ssl-anomaly-log enable
-        set ssl-negotiation-log disable
-        set ssl-server-cert-log disable
-        set ssl-handshake-log disable
-        set rpc-over-https disable
-        set mapi-over-https disable
-        set supported-alpn all
-        set use-ssl-server disable
-    next
-    edit "custom-deep-inspection"
-        set comment "Customizable deep inspection profile."
-        config ssl
-            set inspect-all disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set min-allowed-ssl-version tls-1.1
-        end
-        config https
-            set ports 443
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set sni-server-cert-check enable
-            set min-allowed-ssl-version tls-1.1
-        end
-        config ftps
-            set ports 990
-            set status deep-inspection
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set min-allowed-ssl-version tls-1.1
-        end
-        config imaps
-            set ports 993
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config pop3s
-            set ports 995
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config smtps
-            set ports 465
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config ssh
-            set ports 22
-            set status disable
-            set inspect-all disable
-            set unsupported-version bypass
-            set ssh-tun-policy-check disable
-            set ssh-algorithm compatible
-        end
-        config dot
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        set allowlist disable
-        set block-blocklisted-certificates enable
-        config ssl-exempt
-            edit 1
-                set type fortiguard-category
-                set fortiguard-category 31
-            next
-            edit 2
-                set type fortiguard-category
-                set fortiguard-category 33
-            next
-            edit 3
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-adobe"
-            next
-            edit 4
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Adobe Login"
-            next
-            edit 5
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-android"
-            next
-            edit 6
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-apple"
-            next
-            edit 7
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-appstore"
-            next
-            edit 8
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-auth.gfx.ms"
-            next
-            edit 9
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-citrix"
-            next
-            edit 10
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-dropbox.com"
-            next
-            edit 11
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-eease"
-            next
-            edit 12
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-firefox update server"
-            next
-            edit 13
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-fortinet"
-            next
-            edit 14
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-googleapis.com"
-            next
-            edit 15
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-drive"
-            next
-            edit 16
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play2"
-            next
-            edit 17
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play3"
-            next
-            edit 18
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Gotomeeting"
-            next
-            edit 19
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-icloud"
-            next
-            edit 20
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-itunes"
-            next
-            edit 21
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-microsoft"
-            next
-            edit 22
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-skype"
-            next
-            edit 23
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-softwareupdate.vmware.com"
-            next
-            edit 24
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-verisign"
-            next
-            edit 25
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Windows update 2"
-            next
-            edit 26
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-live.com"
-            next
-            edit 27
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play"
-            next
-            edit 28
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-update.microsoft.com"
-            next
-            edit 29
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-swscan.apple.com"
-            next
-            edit 30
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-autoupdate.opera.com"
-            next
-            edit 31
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-cdn-apple"
-            next
-            edit 32
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-mzstatic-apple"
-            next
-        end
-        set server-cert-mode re-sign
-        set caname "Fortinet_CA_SSL"
-        set untrusted-caname "Fortinet_CA_Untrusted"
-        set ssl-exemption-ip-rating enable
-        set ssl-exemption-log disable
-        set ssl-anomaly-log enable
-        set ssl-negotiation-log disable
-        set ssl-server-cert-log disable
-        set ssl-handshake-log disable
-        set rpc-over-https disable
-        set mapi-over-https disable
-        set supported-alpn all
-        set use-ssl-server disable
-    next
-    edit "no-inspection"
-        set comment "Read-only profile that does no inspection."
-        config ssl
-            set inspect-all disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set min-allowed-ssl-version tls-1.1
-        end
-        config https
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set sni-server-cert-check enable
-            set min-allowed-ssl-version tls-1.1
-        end
-        config ftps
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set min-allowed-ssl-version tls-1.1
-        end
-        config imaps
-            set status disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config pop3s
-            set status disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config smtps
-            set status disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config ssh
-            set ports 22
-            set status disable
-            set inspect-all disable
-            set unsupported-version bypass
-            set ssh-tun-policy-check disable
-            set ssh-algorithm compatible
-        end
-        config dot
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        set block-blocklisted-certificates enable
-        set caname "Fortinet_CA_SSL"
-        set ssl-anomaly-log enable
-        set ssl-negotiation-log disable
-        set ssl-server-cert-log disable
-        set ssl-handshake-log disable
-    next
-end
-config waf profile
-    edit "default"
-        set external disable
-        set extended-log disable
-        config signature
-            config main-class 100000000
-                set status disable
-                set action block
-                set log enable
-                set severity high
-            end
-            config main-class 20000000
-                set status disable
-                set action allow
-                set log enable
-                set severity medium
-            end
-            config main-class 30000000
-                set status enable
-                set action block
-                set log enable
-                set severity high
-            end
-            config main-class 40000000
-                set status disable
-                set action allow
-                set log enable
-                set severity medium
-            end
-            config main-class 50000000
-                set status enable
-                set action block
-                set log enable
-                set severity high
-            end
-            config main-class 60000000
-                set status disable
-                set action allow
-                set log enable
-                set severity medium
-            end
-            config main-class 70000000
-                set status enable
-                set action block
-                set log enable
-                set severity high
-            end
-            config main-class 80000000
-                set status enable
-                set action allow
-                set log enable
-                set severity low
-            end
-            config main-class 110000000
-                set status enable
-                set action allow
-                set log enable
-                set severity high
-            end
-            config main-class 90000000
-                set status enable
-                set action block
-                set log enable
-                set severity high
-            end
-            set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002
-            set credit-card-detection-threshold 3
-        end
-        config constraint
-            config header-length
-                set status enable
-                set length 8192
-                set action allow
-                set log enable
-                set severity low
-            end
-            config content-length
-                set status enable
-                set length 67108864
-                set action allow
-                set log enable
-                set severity low
-            end
-            config param-length
-                set status enable
-                set length 8192
-                set action allow
-                set log enable
-                set severity low
-            end
-            config line-length
-                set status enable
-                set length 1024
-                set action allow
-                set log enable
-                set severity low
-            end
-            config url-param-length
-                set status enable
-                set length 8192
-                set action allow
-                set log enable
-                set severity low
-            end
-            config version
-                set status disable
-                set action allow
-                set log enable
-                set severity medium
-            end
-            config method
-                set status disable
-                set action block
-                set log enable
-                set severity medium
-            end
-            config hostname
-                set status disable
-                set action block
-                set log enable
-                set severity medium
-            end
-            config malformed
-                set status disable
-                set action allow
-                set log enable
-                set severity medium
-            end
-            config max-cookie
-                set status enable
-                set max-cookie 16
-                set action allow
-                set log enable
-                set severity low
-            end
-            config max-header-line
-                set status enable
-                set max-header-line 32
-                set action allow
-                set log enable
-                set severity low
-            end
-            config max-url-param
-                set status enable
-                set max-url-param 16
-                set action allow
-                set log enable
-                set severity low
-            end
-            config max-range-segment
-                set status enable
-                set max-range-segment 5
-                set action allow
-                set log enable
-                set severity high
-            end
-        end
-        config method
-            set status disable
-            set log disable
-            set severity medium
-            unset default-allowed-methods
-        end
-        config address-list
-            set status disable
-            set blocked-log disable
-            set severity medium
-        end
-        set comment ''
-    next
-end
-config firewall profile-group
-end
-config firewall ssl-server
-end
-config firewall identity-based-route
-end
-config firewall auth-portal
-    set portal-addr ''
-    set portal-addr6 ''
-    set identity-based-route ''
-end
-config firewall policy
-    edit 3
-        set status enable
-        set name "Block_Countries_In"
-        set uuid d7dbce76-9fbf-51ec-ab77-fee1db8aeb26
-        set srcintf "Outside_Zone"
-        set dstintf "Inside_Zone"
-        set action deny
-        set ztna-status disable
-        set srcaddr "Geo_Block_Group"
-        set dstaddr "all"
-        set internet-service disable
-        set internet-service-src disable
-        unset reputation-minimum
-        set rtp-nat disable
-        set schedule "always"
-        set schedule-timeout disable
-        set service "ALL"
-        set tos-mask 0x00
-        set anti-replay enable
-        set geoip-anycast disable
-        set geoip-match physical-location
-        set logtraffic disable
-        set logtraffic-start disable
-        set np-acceleration enable
-        set session-ttl 0
-        set vlan-cos-fwd 255
-        set vlan-cos-rev 255
-        set fec disable
-        set wccp disable
-        set natip 0.0.0.0 0.0.0.0
-        set match-vip enable
-        set tcp-mss-sender 0
-        set tcp-mss-receiver 0
-        set comments ''
-        set block-notification disable
-        set replacemsg-override-group ''
-        set srcaddr-negate disable
-        set dstaddr-negate disable
-        set service-negate disable
-        set captive-portal-exempt disable
-        set dsri disable
-        set radius-mac-auth-bypass disable
-        set delay-tcp-npu-session disable
-        unset vlan-filter
-        set send-deny-packet disable
-    next
-    edit 4
-        set status enable
-        set name "Block_Countries_Out"
-        set uuid f8b4eb14-9fbf-51ec-ed6e-96e27dc1b1c9
-        set srcintf "Inside_Zone"
-        set dstintf "Outside_Zone"
-        set action deny
-        set ztna-status disable
-        set srcaddr "all"
-        set dstaddr "Geo_Block_Group"
-        set internet-service disable
-        set internet-service-src disable
-        unset reputation-minimum
-        set rtp-nat disable
-        set schedule "always"
-        set schedule-timeout disable
-        set service "ALL"
-        set tos-mask 0x00
-        set anti-replay enable
-        set geoip-anycast disable
-        set geoip-match physical-location
-        set logtraffic disable
-        set logtraffic-start disable
-        set np-acceleration enable
-        set session-ttl 0
-        set vlan-cos-fwd 255
-        set vlan-cos-rev 255
-        set fec disable
-        set wccp disable
-        set natip 0.0.0.0 0.0.0.0
-        set match-vip enable
-        set tcp-mss-sender 0
-        set tcp-mss-receiver 0
-        set comments ''
-        set block-notification disable
-        set replacemsg-override-group ''
-        set srcaddr-negate disable
-        set dstaddr-negate disable
-        set service-negate disable
-        set captive-portal-exempt disable
-        set dsri disable
-        set radius-mac-auth-bypass disable
-        set delay-tcp-npu-session disable
-        unset vlan-filter
-        set send-deny-packet disable
-    next
-    edit 2
-        set status enable
-        set name "Webosphere"
-        set uuid 0d8e5202-9fbe-51ec-0286-714f8e196589
-        set srcintf "Outside_Zone"
-        set dstintf "Inside_Zone"
-        set action accept
-        set nat64 disable
-        set nat46 disable
-        set ztna-status disable
-        set srcaddr "all"
-        set dstaddr "VIP_Webosphere"
-        set internet-service disable
-        set internet-service-src disable
-        unset reputation-minimum
-        set rtp-nat disable
-        set schedule "always"
-        set schedule-timeout disable
-        set service "HTTP" "HTTPS"
-        set tos-mask 0x00
-        set anti-replay enable
-        set dynamic-shaping disable
-        set passive-wan-health-measurement disable
-        set utm-status enable
-        set inspection-mode flow
-        set profile-type single
-        set profile-protocol-options "default"
-        set ssl-ssh-profile "certificate-inspection"
-        set av-profile ''
-        set webfilter-profile ''
-        set dnsfilter-profile ''
-        set emailfilter-profile ''
-        set dlp-sensor ''
-        set file-filter-profile ''
-        set ips-sensor "IPS_Test"
-        set application-list ''
-        set voip-profile ''
-        set sctp-filter-profile ''
-        set logtraffic utm
-        set logtraffic-start disable
-        set capture-packet disable
-        set auto-asic-offload enable
-        set np-acceleration enable
-        set nat disable
-        set session-ttl 0
-        set vlan-cos-fwd 255
-        set vlan-cos-rev 255
-        set fec disable
-        set wccp disable
-        set disclaimer disable
-        set email-collect disable
-        set natip 0.0.0.0 0.0.0.0
-        set diffserv-forward disable
-        set diffserv-reverse disable
-        set tcp-mss-sender 0
-        set tcp-mss-receiver 0
-        set comments ''
-        set block-notification disable
-        set replacemsg-override-group ''
-        set srcaddr-negate disable
-        set dstaddr-negate disable
-        set service-negate disable
-        set timeout-send-rst disable
-        set captive-portal-exempt disable
-        set dsri disable
-        set radius-mac-auth-bypass disable
-        set delay-tcp-npu-session disable
-        unset vlan-filter
-        set traffic-shaper ''
-        set traffic-shaper-reverse ''
-        set per-ip-shaper ''
-    next
-    edit 1
-        set status enable
-        set name "Internet_Access"
-        set uuid bfdac172-9fbc-51ec-a83b-8104f6e36fd1
-        set srcintf "Inside_Zone"
-        set dstintf "Outside_Zone"
-        set action accept
-        set ztna-status disable
-        set srcaddr "IPv4-Private-All-RFC1918"
-        set dstaddr "all"
-        set internet-service disable
-        set internet-service-src disable
-        unset reputation-minimum
-        set rtp-nat disable
-        set schedule "always"
-        set schedule-timeout disable
-        set service "ALL"
-        set tos-mask 0x00
-        set anti-replay enable
-        set dynamic-shaping disable
-        set passive-wan-health-measurement disable
-        set utm-status enable
-        set inspection-mode flow
-        set profile-type single
-        set profile-protocol-options "default"
-        set ssl-ssh-profile "certificate-inspection"
-        set av-profile ''
-        set webfilter-profile ''
-        set dnsfilter-profile ''
-        set emailfilter-profile ''
-        set dlp-sensor ''
-        set file-filter-profile ''
-        set ips-sensor "g-default"
-        set application-list ''
-        set voip-profile ''
-        set sctp-filter-profile ''
-        set logtraffic utm
-        set logtraffic-start disable
-        set capture-packet disable
-        set auto-asic-offload enable
-        set np-acceleration enable
-        set nat enable
-        set permit-any-host disable
-        set permit-stun-host disable
-        set fixedport disable
-        set ippool enable
-        set poolname "Outside_Pool"
-        set session-ttl 0
-        set vlan-cos-fwd 255
-        set vlan-cos-rev 255
-        set fec disable
-        set wccp disable
-        set disclaimer disable
-        set email-collect disable
-        set natip 0.0.0.0 0.0.0.0
-        set diffserv-forward disable
-        set diffserv-reverse disable
-        set tcp-mss-sender 0
-        set tcp-mss-receiver 0
-        set comments ''
-        set block-notification disable
-        set replacemsg-override-group ''
-        set srcaddr-negate disable
-        set dstaddr-negate disable
-        set service-negate disable
-        set timeout-send-rst disable
-        set captive-portal-exempt disable
-        set dsri disable
-        set radius-mac-auth-bypass disable
-        set delay-tcp-npu-session disable
-        unset vlan-filter
-        set traffic-shaper ''
-        set traffic-shaper-reverse ''
-        set per-ip-shaper ''
-    next
-end
-config firewall traffic-class
-end
-config firewall shaping-policy
-end
-config firewall shaping-profile
-end
-config firewall local-in-policy
-end
-config firewall local-in-policy6
-end
-config firewall ttl-policy
-end
-config firewall proxy-policy
-end
-config firewall dnstranslation
-end
-config firewall multicast-policy
-end
-config firewall multicast-policy6
-end
-config firewall interface-policy
-end
-config firewall interface-policy6
-end
-config firewall DoS-policy
-end
-config firewall DoS-policy6
-end
-config firewall sniffer
-end
-config firewall acl
-end
-config firewall acl6
-end
-config firewall central-snat-map
-end
-config firewall ip-translation
-end
-config authentication scheme
-end
-config authentication rule
-end
-config authentication setting
-    set active-auth-scheme ''
-    set sso-auth-scheme ''
-    set captive-portal-type fqdn
-    set captive-portal ''
-    set captive-portal6 ''
-    set cert-auth disable
-    set captive-portal-port 7830
-    set auth-https enable
-    set captive-portal-ssl-port 7831
-end
-config system speed-test-schedule
-end
-config switch-controller switch-interface-tag
-end
-config switch-controller 802-1X-settings
-    set link-down-auth set-unauth
-    set reauth-period 60
-    set max-reauth-attempt 3
-    set tx-period 30
-end
-config switch-controller security-policy 802-1X
-    edit "802-1X-policy-default"
-        set security-mode 802.1X
-        set user-group "SSO_Guest_Users"
-        set mac-auth-bypass disable
-        set open-auth disable
-        set eap-passthru enable
-        set eap-auto-untagged-vlans enable
-        set guest-vlan disable
-        set guest-auth-delay 30
-        set auth-fail-vlan disable
-        set framevid-apply enable
-        set radius-timeout-overwrite disable
-        set policy-type 802.1X
-        set authserver-timeout-vlan disable
-    next
-end
-config switch-controller security-policy local-access
-    edit "default"
-        set mgmt-allowaccess https ping ssh
-        set internal-allowaccess https ping ssh
-    next
-end
-config switch-controller location
-end
-config switch-controller lldp-settings
-    set tx-hold 4
-    set tx-interval 30
-    set fast-start-interval 2
-    set management-interface internal
-    set device-detection enable
-end
-config switch-controller lldp-profile
-    edit "default"
-        set med-tlvs inventory-management network-policy location-identification
-        unset 802.1-tlvs
-        unset 802.3-tlvs
-        set auto-isl disable
-        config med-network-policy
-            edit "voice"
-                set status disable
-            next
-            edit "voice-signaling"
-                set status disable
-            next
-            edit "guest-voice"
-                set status disable
-            next
-            edit "guest-voice-signaling"
-                set status disable
-            next
-            edit "softphone-voice"
-                set status disable
-            next
-            edit "video-conferencing"
-                set status disable
-            next
-            edit "streaming-video"
-                set status disable
-            next
-            edit "video-signaling"
-                set status disable
-            next
-        end
-        config med-location-service
-            edit "coordinates"
-                set status disable
-            next
-            edit "address-civic"
-                set status disable
-            next
-            edit "elin-number"
-                set status disable
-            next
-        end
-    next
-    edit "default-auto-isl"
-        unset med-tlvs
-        unset 802.1-tlvs
-        unset 802.3-tlvs
-        set auto-isl enable
-        set auto-isl-hello-timer 3
-        set auto-isl-receive-timeout 60
-        set auto-isl-port-group 0
-        set auto-mclag-icl disable
-    next
-    edit "default-auto-mclag-icl"
-        unset med-tlvs
-        unset 802.1-tlvs
-        unset 802.3-tlvs
-        set auto-isl enable
-        set auto-isl-hello-timer 3
-        set auto-isl-receive-timeout 60
-        set auto-isl-port-group 0
-        set auto-mclag-icl enable
-    next
-end
-config switch-controller qos dot1p-map
-    edit "voice-dot1p"
-        set description ''
-        set egress-pri-tagging disable
-        set priority-0 queue-4
-        set priority-1 queue-4
-        set priority-2 queue-3
-        set priority-3 queue-2
-        set priority-4 queue-3
-        set priority-5 queue-1
-        set priority-6 queue-2
-        set priority-7 queue-2
-    next
-end
-config switch-controller qos ip-dscp-map
-    edit "voice-dscp"
-        set description ''
-        config map
-            edit "1"
-                set cos-queue 1
-                set value 46
-            next
-            edit "2"
-                set cos-queue 2
-                set value 24,26,48,56
-            next
-            edit "5"
-                set cos-queue 3
-                set value 34
-            next
-        end
-    next
-end
-config switch-controller qos queue-policy
-    edit "default"
-        set schedule round-robin
-        set rate-by kbps
-        config cos-queue
-            edit "queue-0"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-1"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-2"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-3"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-4"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-5"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-6"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-7"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-        end
-    next
-    edit "voice-egress"
-        set schedule weighted
-        set rate-by kbps
-        config cos-queue
-            edit "queue-0"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-1"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 0
-            next
-            edit "queue-2"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 6
-            next
-            edit "queue-3"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 37
-            next
-            edit "queue-4"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 12
-            next
-            edit "queue-5"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-6"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-7"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-        end
-    next
-end
-config switch-controller qos qos-policy
-    edit "default"
-        set default-cos 0
-        set trust-dot1p-map ''
-        set trust-ip-dscp-map ''
-        set queue-policy "default"
-    next
-    edit "voice-qos"
-        set default-cos 0
-        set trust-dot1p-map "voice-dot1p"
-        set trust-ip-dscp-map "voice-dscp"
-        set queue-policy "voice-egress"
-    next
-end
-config switch-controller storm-control-policy
-    edit "default"
-        set description "default storm control on all port"
-        set storm-control-mode global
-    next
-    edit "auto-config"
-        set description "storm control policy for fortilink-isl-icl port"
-        set storm-control-mode disabled
-    next
-end
-config switch-controller auto-config policy
-    edit "default"
-        set qos-policy "default"
-        set storm-control-policy "auto-config"
-        set poe-status enable
-        set igmp-flood-report disable
-        set igmp-flood-traffic disable
-    next
-    edit "default-icl"
-        set qos-policy "default"
-        set storm-control-policy "auto-config"
-        set poe-status disable
-        set igmp-flood-report enable
-        set igmp-flood-traffic enable
-    next
-end
-config switch-controller auto-config default
-    set fgt-policy "default"
-    set isl-policy "default"
-    set icl-policy "default-icl"
-end
-config switch-controller auto-config custom
-end
-config switch-controller initial-config template
-    edit "_default"
-        set vlanid 1
-        unset allowaccess
-        set dhcp-server disable
-    next
-    edit "quarantine"
-        set vlanid 4093
-        unset allowaccess
-        set auto-ip enable
-        set dhcp-server enable
-    next
-    edit "rspan"
-        set vlanid 4092
-        unset allowaccess
-        set auto-ip enable
-        set dhcp-server enable
-    next
-    edit "voice"
-        set vlanid 4091
-        unset allowaccess
-        set dhcp-server disable
-    next
-    edit "video"
-        set vlanid 4090
-        unset allowaccess
-        set dhcp-server disable
-    next
-    edit "onboarding"
-        set vlanid 4089
-        unset allowaccess
-        set dhcp-server disable
-    next
-    edit "nac_segment"
-        set vlanid 4088
-        unset allowaccess
-        set auto-ip enable
-        set dhcp-server enable
-    next
-end
-config switch-controller initial-config vlans
-    set default-vlan "_default"
-    set quarantine "quarantine"
-    set rspan "rspan"
-    set voice "voice"
-    set video "video"
-    set nac "onboarding"
-    set nac-segment "nac_segment"
-end
-config switch-controller switch-profile
-    edit "default"
-        set login-passwd-override disable
-    next
-end
-config switch-controller custom-command
-end
-config switch-controller virtual-port-pool
-end
-config switch-controller ptp settings
-    set mode disable
-end
-config switch-controller ptp policy
-    edit "default"
-        set status enable
-    next
-end
-config switch-controller vlan-policy
-end
-config switch-controller dynamic-port-policy
-end
-config switch-controller managed-switch
-end
-config switch-controller switch-group
-end
-config switch-controller stp-settings
-    set name ''
-    set revision 0
-    set hello-time 2
-    set forward-time 15
-    set max-age 20
-    set max-hops 20
-end
-config switch-controller stp-instance
-end
-config switch-controller storm-control
-    set rate 500
-    set unknown-unicast disable
-    set unknown-multicast disable
-    set broadcast disable
-end
-config switch-controller global
-    set mac-aging-interval 300
-    set https-image-push enable
-    set vlan-optimization enable
-    set mac-retention-period 24
-    set default-virtual-switch-vlan ''
-    set dhcp-server-access-list disable
-    set log-mac-limit-violations disable
-    set sn-dns-resolution enable
-    set mac-event-logging disable
-    set bounce-quarantined-link disable
-    set quarantine-mode by-vlan
-    set update-user-device mac-cache lldp dhcp-snooping l2-db l3-db
-    set fips-enforce enable
-    set firmware-provision-on-authorization disable
-end
-config switch-controller switch-log
-    set status enable
-    set severity notification
-end
-config switch-controller igmp-snooping
-    set aging-time 300
-    set flood-unknown-multicast disable
-    set query-interval 125
-end
-config switch-controller sflow
-    set collector-ip 0.0.0.0
-    set collector-port 6343
-end
-config switch-controller network-monitor-settings
-    set network-monitoring disable
-end
-config switch-controller flow-tracking
-    set sample-mode perimeter
-    set sample-rate 512
-    set format netflow9
-    set collector-ip 0.0.0.0
-    set collector-port 0
-    set transport udp
-    set level ip
-    set max-export-pkt-size 512
-    set timeout-general 3600
-    set timeout-icmp 300
-    set timeout-max 604800
-    set timeout-tcp 3600
-    set timeout-tcp-fin 300
-    set timeout-tcp-rst 120
-    set timeout-udp 300
-end
-config switch-controller snmp-sysinfo
-    set status disable
-    set engine-id ''
-    set description ''
-    set contact-info ''
-    set location ''
-end
-config switch-controller snmp-trap-threshold
-    set trap-high-cpu-threshold 80
-    set trap-low-memory-threshold 80
-    set trap-log-full-threshold 90
-end
-config switch-controller snmp-community
-end
-config switch-controller snmp-user
-end
-config switch-controller traffic-sniffer
-    set mode erspan-auto
-    set erspan-ip 0.0.0.0
-end
-config switch-controller remote-log
-    edit "syslogd"
-        set status disable
-    next
-    edit "syslogd2"
-        set status disable
-    next
-end
-config switch-controller mac-policy
-end
-config wireless-controller setting
-    set account-id ''
-    set country US
-    set duplicate-ssid disable
-    set fapc-compatibility disable
-    set wfa-compatibility disable
-    set phishing-ssid-detect enable
-    set fake-ssid-action log
-    set device-weight 1
-    set device-holdoff 5
-    set device-idle 1440
-    set firmware-provision-on-authorization disable
-    set darrp-optimize 86400
-    set darrp-optimize-schedules "default-darrp-optimize"
-end
-config wireless-controller log
-    set status enable
-    set addrgrp-log notification
-    set ble-log notification
-    set clb-log notification
-    set dhcp-starv-log notification
-    set led-sched-log notification
-    set radio-event-log notification
-    set rogue-event-log notification
-    set sta-event-log notification
-    set sta-locate-log notification
-    set wids-log notification
-    set wtp-event-log notification
-end
-config wireless-controller apcfg-profile
-end
-config wireless-controller bonjour-profile
-end
-config wireless-controller arrp-profile
-    edit "arrp-default"
-        set comment ''
-        set selection-period 3600
-        set monitor-period 300
-        set weight-managed-ap 50
-        set weight-rogue-ap 10
-        set weight-noise-floor 40
-        set weight-channel-load 20
-        set weight-spectral-rssi 40
-        set weight-weather-channel 1000
-        set weight-dfs-channel 500
-        set threshold-ap 250
-        set threshold-noise-floor "-85"
-        set threshold-channel-load 60
-        set threshold-spectral-rssi "-65"
-        set threshold-tx-retries 300
-        set threshold-rx-errors 50
-        set include-weather-channel disable
-        set include-dfs-channel disable
-        set override-darrp-optimize disable
-    next
-end
-config wireless-controller region
-end
-config wireless-controller vap-group
-end
-config wireless-controller wids-profile
-    edit "default"
-        set comment "Default WIDS profile."
-        set sensor-mode disable
-        set ap-scan enable
-        set ap-bgscan-period 600
-        set ap-bgscan-intv 1
-        set ap-bgscan-duration 20
-        set ap-bgscan-idle 0
-        set ap-bgscan-report-intv 30
-        set ap-fgscan-report-intv 15
-        set ap-scan-passive disable
-        set ap-scan-threshold "-90"
-        set wireless-bridge enable
-        set deauth-broadcast enable
-        set null-ssid-probe-resp enable
-        set long-duration-attack enable
-        set long-duration-thresh 8200
-        set invalid-mac-oui enable
-        set weak-wep-iv enable
-        set auth-frame-flood enable
-        set auth-flood-time 10
-        set auth-flood-thresh 30
-        set assoc-frame-flood enable
-        set assoc-flood-time 10
-        set assoc-flood-thresh 30
-        set spoofed-deauth enable
-        set asleap-attack enable
-        set eapol-start-flood enable
-        set eapol-start-thresh 10
-        set eapol-start-intv 1
-        set eapol-logoff-flood enable
-        set eapol-logoff-thresh 10
-        set eapol-logoff-intv 1
-        set eapol-succ-flood enable
-        set eapol-succ-thresh 10
-        set eapol-succ-intv 1
-        set eapol-fail-flood enable
-        set eapol-fail-thresh 10
-        set eapol-fail-intv 1
-        set eapol-pre-succ-flood enable
-        set eapol-pre-succ-thresh 10
-        set eapol-pre-succ-intv 1
-        set eapol-pre-fail-flood enable
-        set eapol-pre-fail-thresh 10
-        set eapol-pre-fail-intv 1
-        set deauth-unknown-src-thresh 10
-    next
-    edit "default-wids-apscan-enabled"
-        set comment ''
-        set sensor-mode disable
-        set ap-scan enable
-        set ap-bgscan-period 600
-        set ap-bgscan-intv 1
-        set ap-bgscan-duration 20
-        set ap-bgscan-idle 0
-        set ap-bgscan-report-intv 30
-        set ap-fgscan-report-intv 15
-        set ap-scan-passive disable
-        set ap-scan-threshold "-90"
-        set wireless-bridge disable
-        set deauth-broadcast disable
-        set null-ssid-probe-resp disable
-        set long-duration-attack disable
-        set long-duration-thresh 8200
-        set invalid-mac-oui disable
-        set weak-wep-iv disable
-        set auth-frame-flood disable
-        set assoc-frame-flood disable
-        set spoofed-deauth disable
-        set asleap-attack disable
-        set eapol-start-flood disable
-        set eapol-logoff-flood disable
-        set eapol-succ-flood disable
-        set eapol-fail-flood disable
-        set eapol-pre-succ-flood disable
-        set eapol-pre-fail-flood disable
-        set deauth-unknown-src-thresh 10
-    next
-end
-config wireless-controller ble-profile
-    edit "fortiap-discovery"
-        set comment ''
-        set advertising ibeacon eddystone-uid eddystone-url
-        set ibeacon-uuid "wtp-uuid"
-        set major-id 1000
-        set minor-id 2000
-        set eddystone-namespace "0102030405"
-        set eddystone-instance "abcdef"
-        set eddystone-url "http://www.fortinet.com"
-        set txpower 0
-        set beacon-interval 100
-        set ble-scanning disable
-    next
-end
-config wireless-controller syslog-profile
-end
-config wireless-controller wtp-profile
-end
-config wireless-controller wtp
-end
-config wireless-controller wtp-group
-end
-config wireless-controller qos-profile
-end
-config wireless-controller wag-profile
-end
-config wireless-controller address
-end
-config wireless-controller addrgrp
-end
-config wireless-controller snmp
-    set engine-id ''
-    set contact-info ''
-    set trap-high-cpu-threshold 80
-    set trap-high-mem-threshold 80
-end
-config wireless-controller mpsk-profile
-end
-config wireless-controller nac-profile
-end
-config wireless-controller ssid-policy
-end
-config wireless-controller access-control-list
-end
-config wireless-controller ap-status
-end
-config user nac-policy
-end
-config extender-controller dataplan
-end
-config extender-controller extender-profile
-end
-config extender-controller extender
-end
-config system ips
-    set signature-hold-time 0h
-end
-config ips custom
-end
-config ips settings
-    set packet-log-history 1
-    set packet-log-post-attack 0
-    set ips-packet-quota 0
-end
-config alertemail setting
-    set username ''
-    set mailto1 ''
-    set mailto2 ''
-    set mailto3 ''
-    set filter-mode category
-    set email-interval 5
-    set IPS-logs disable
-    set firewall-authentication-failure-logs disable
-    set IPsec-errors-logs disable
-    set PPP-errors-logs disable
-    set sslvpn-authentication-errors-logs disable
-    set antivirus-logs disable
-    set webfilter-logs disable
-    set configuration-changes-logs disable
-    set violation-traffic-logs disable
-    set admin-login-logs disable
-    set log-disk-usage-warning disable
-    set FSSO-disconnect-logs disable
-    set ssh-logs disable
-    set local-disk-usage 75
-end
-config router access-list
-end
-config router access-list6
-end
-config router aspath-list
-end
-config router prefix-list
-end
-config router prefix-list6
-end
-config router key-chain
-end
-config router community-list
-end
-config router route-map
-end
-config router rip
-    set default-information-originate disable
-    set default-metric 1
-    set max-out-metric 0
-    config redistribute "connected"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "static"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "ospf"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "bgp"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "isis"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    set update-timer 30
-    set timeout-timer 180
-    set garbage-timer 120
-    set version 2
-end
-config router ripng
-    set default-information-originate disable
-    set default-metric 1
-    set max-out-metric 0
-    config redistribute "connected"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "static"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "ospf"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "bgp"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "isis"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    set update-timer 30
-    set timeout-timer 180
-    set garbage-timer 120
-end
-config router static
-end
-config router policy
-end
-config router policy6
-end
-config router static6
-end
-config router ospf
-    set abr-type standard
-    set auto-cost-ref-bandwidth 1000
-    set distance-external 110
-    set distance-inter-area 110
-    set distance-intra-area 110
-    set database-overflow disable
-    set database-overflow-max-lsas 10000
-    set database-overflow-time-to-recover 300
-    set default-information-originate disable
-    set default-information-metric 10
-    set default-information-metric-type 2
-    set default-information-route-map ''
-    set default-metric 10
-    set distance 110
-    set rfc1583-compatible disable
-    set router-id 0.0.0.0
-    set spf-timers 5 10
-    set bfd disable
-    set log-neighbour-changes enable
-    set distribute-list-in ''
-    set distribute-route-map-in ''
-    set restart-mode none
-    set restart-period 120
-    config redistribute "connected"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-        set tag 0
-    end
-    config redistribute "static"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-        set tag 0
-    end
-    config redistribute "rip"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-        set tag 0
-    end
-    config redistribute "bgp"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-        set tag 0
-    end
-    config redistribute "isis"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-        set tag 0
-    end
-end
-config router ospf6
-    set abr-type standard
-    set auto-cost-ref-bandwidth 1000
-    set default-information-originate disable
-    set log-neighbour-changes enable
-    set default-information-metric 10
-    set default-information-metric-type 2
-    set default-information-route-map ''
-    set default-metric 10
-    set router-id 0.0.0.0
-    set spf-timers 5 10
-    set bfd disable
-    config redistribute "connected"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-    end
-    config redistribute "static"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-    end
-    config redistribute "rip"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-    end
-    config redistribute "bgp"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-    end
-    config redistribute "isis"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-    end
-end
-config router bgp
-    set as 0
-    set keepalive-timer 60
-    set holdtime-timer 180
-    set always-compare-med disable
-    set bestpath-as-path-ignore disable
-    set bestpath-cmp-confed-aspath disable
-    set bestpath-cmp-routerid disable
-    set bestpath-med-confed disable
-    set bestpath-med-missing-as-worst disable
-    set client-to-client-reflection enable
-    set dampening disable
-    set deterministic-med disable
-    set ebgp-multipath disable
-    set ibgp-multipath disable
-    set enforce-first-as enable
-    set fast-external-failover enable
-    set log-neighbour-changes enable
-    set network-import-check enable
-    set ignore-optional-capability enable
-    set multipath-recursive-distance disable
-    set recursive-next-hop disable
-    set tag-resolve-mode disable
-    set cluster-id 0.0.0.0
-    set confederation-identifier 0
-    set default-local-preference 100
-    set scan-time 60
-    set distance-external 20
-    set distance-internal 200
-    set distance-local 200
-    set synchronization disable
-    set graceful-restart disable
-    config redistribute "connected"
-        set status disable
-        set route-map ''
-    end
-    config redistribute "rip"
-        set status disable
-        set route-map ''
-    end
-    config redistribute "ospf"
-        set status disable
-        set route-map ''
-    end
-    config redistribute "static"
-        set status disable
-        set route-map ''
-    end
-    config redistribute "isis"
-        set status disable
-        set route-map ''
-    end
-    config redistribute6 "connected"
-        set status disable
-        set route-map ''
-    end
-    config redistribute6 "rip"
-        set status disable
-        set route-map ''
-    end
-    config redistribute6 "ospf"
-        set status disable
-        set route-map ''
-    end
-    config redistribute6 "static"
-        set status disable
-        set route-map ''
-    end
-    config redistribute6 "isis"
-        set status disable
-        set route-map ''
-    end
-end
-config router isis
-    set is-type level-1-2
-    set adv-passive-only disable
-    set adv-passive-only6 disable
-    set auth-mode-l1 password
-    set auth-mode-l2 password
-    set auth-password-l1 ENC c1lwGBcQKzvPTBMiulob+QYuta1xJfI87j51d0mqZh7BQj3gOtNz0qZBl038s1/JcW4+0b3jeFbdQrRjKvv4pLjxjC1GDT1IWKstKbxBOZMHhZE7zFNRGSKdcuDUraun7dSsQ1Xkfhr7aLq6IiBXtYCADDb6zrysVQaa6X8GvFv4PS8kwQSvmi1GMPmv3VTANLXj1w==
-    set auth-password-l2 ENC mdg2qDQdrIfKNWOI+ZbwqkdZUBUNEJfZJI0kQi+iYuSLql1PtBuUCooaXg7Ww+rek1orncuIZD0ZKskj5qCnC6mHnVw8ksDbeUym7IAeSwn7PlIkKFvdTWiuRJel3/7t9I5xCLzeUCdiZ6uPjSoeh7sKLRiGaOnruRXmSN3cRQ4cJnco1lDAx9t2VUOoctf4a0JX7A==
-    set auth-sendonly-l1 disable
-    set auth-sendonly-l2 disable
-    set ignore-lsp-errors disable
-    set lsp-gen-interval-l1 30
-    set lsp-gen-interval-l2 30
-    set lsp-refresh-interval 900
-    set max-lsp-lifetime 1200
-    set spf-interval-exp-l1 500 50000
-    set spf-interval-exp-l2 500 50000
-    set dynamic-hostname disable
-    set adjacency-check disable
-    set adjacency-check6 disable
-    set overload-bit disable
-    unset overload-bit-suppress
-    set overload-bit-on-startup 0
-    set default-originate disable
-    set default-originate6 disable
-    set metric-style narrow
-    set redistribute-l1 disable
-    set redistribute-l2 disable
-    set redistribute6-l1 disable
-    set redistribute6-l2 disable
-    config redistribute "connected"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute "rip"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute "ospf"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute "bgp"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute "static"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute6 "connected"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute6 "rip"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute6 "ospf"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute6 "bgp"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute6 "static"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-end
-config router multicast-flow
-end
-config router multicast
-    set route-limit 2147483647
-    set multicast-routing disable
-    config pim-sm-global
-        set message-interval 60
-        set join-prune-holdtime 210
-        set accept-register-list ''
-        set accept-source-list ''
-        set bsr-candidate disable
-        set bsr-allow-quick-refresh disable
-        set cisco-register-checksum disable
-        set cisco-crp-prefix disable
-        set cisco-ignore-rp-set-priority disable
-        set register-rp-reachability enable
-        set register-source disable
-        set register-supression 60
-        set null-register-retries 1
-        set rp-register-keepalive 185
-        set spt-threshold enable
-        set ssm disable
-        set register-rate-limit 0
-        set spt-threshold-group ''
-    end
-end
-config router multicast6
-    set multicast-routing disable
-    config pim-sm-global
-    end
-end
-config router auth-path
-end
-config router setting
-    set show-filter ''
-    set hostname ''
-end
-config router bfd
-end
-config router bfd6
-end
-config system proxy-arp
-end
-config system link-monitor
-end
-config system wccp
-end
-config system dns64
-    set status disable
-    set dns64-prefix 64:ff9b::/96
-    set always-synthesize-aaaa-record enable
-end
-config system nd-proxy
-    set status disable
-end
-config system vne-tunnel
-    set status disable
-end
-end
-