From de3f173d0c0c515c8ca08153482c6f2c2dd7b32a Mon Sep 17 00:00:00 2001
From: John Poland <jdpoland@gmail.com>
Date: Thu, 16 Oct 2025 21:08:45 -0400
Subject: [PATCH] fortigate-backup Thu Oct 16 09:08:45 PM EDT 2025

---
 configs/fortigate/fortigate.conf | 34089 +++++++++++++++--------------
 1 file changed, 17064 insertions(+), 17025 deletions(-)

diff --git a/configs/fortigate/fortigate.conf b/configs/fortigate/fortigate.conf
index 2c7e6c4..c0d70e4 100644
--- a/configs/fortigate/fortigate.conf
+++ b/configs/fortigate/fortigate.conf
@@ -1,18 +1,18 @@
- full-configuration

+

 #config-version=F2K61F-7.0.17-FW-build0682-250113:opmode=0:vdom=1:user=jpoland
-#conf_file_ver=55523232681638414
+#conf_file_ver=499096674747857
 #buildno=0682
 #global_vdom=1
 
 config vdom
 edit root
 next
+edit scsd
+next
 edit Policy
 next
 edit TEST
 next
-edit scsd
-next
 end
 
 config global
@@ -108,7 +108,7 @@ config system global
     set gui-wireless-opensecurity disable
     set ha-affinity "0"
     set honor-df enable
-    set hostname "noc-fortigate-b"
+    set hostname "noc-fortigate-a"
     set hyper-scale-vdom-num 250
     set igmp-state-limit 3200
     set internet-service-database full
@@ -4465,7 +4465,7 @@ config system interface
         set dhcp-renew-time 0
         set ipunnumbered 0.0.0.0
         set username ''
-        set password ENC jfcJ49RLEY/+sPwPrCvBkE9geLa/UfoHwQubi9ysVbhsLZ7b7KU2ctUbCXARUTXNitsV3AnXT4ShkFMHRLs2r4iXamX+vAmRO1cnkGTWb4jnQScZ7HPwQFhpFv31AzrHws6J8+s7djRrGR1BHX2e/mdH7v6Bx83FuCce8Yx/9ABiyVtgZbZz8+GBwW5O3b2u/CaVgQ==
+        set password ENC Gmw5ZOSRTsAq6x+q8Qu8bObqDiDC+8lG5q+o7Prm1oE7icUlj6WZ8nQTvgVbhoWnECULPRUs3EBRIfUaTae4Y1XKDY6rF8E/dPZiKy6NkLBf1X3lro7694BW57bYqMWeA2gye72xReBlmEjGMDS/EOdbhftvoMlqtHYbmyRnBevUJNPL/BDia87EaPLQlqYh2gXbXg==
         set idle-timeout 0
         set disc-retry-timeout 1
         set padt-retry-timeout 1
@@ -4716,6 +4716,239 @@ config system interface
         set dns-server-protocol cleartext
         set wccp disable
     next
+    edit "naf.scsd"
+        set vdom "scsd"
+        set vrf 0
+        set distance 5
+        set priority 1
+        set dhcp-relay-interface-select-method auto
+        set dhcp-relay-service disable
+        set ip 0.0.0.0 0.0.0.0
+        set arpforward enable
+        set broadcast-forward disable
+        set bfd global
+        set icmp-send-redirect enable
+        set icmp-accept-redirect enable
+        set reachable-time 30000
+        set ips-sniffer-mode disable
+        set ident-accept disable
+        set ipmac disable
+        set status up
+        set netbios-forward disable
+        set wins-ip 0.0.0.0
+        set type tunnel
+        set netflow-sampler disable
+        set sflow-sampler disable
+        set src-check disable
+        set sample-rate 2000
+        set polling-interval 20
+        set sample-direction both
+        set explicit-web-proxy disable
+        set explicit-ftp-proxy disable
+        set proxy-captive-portal disable
+        set tcp-mss 0
+        set inbandwidth 0
+        set outbandwidth 0
+        set egress-shaping-profile ''
+        set ingress-shaping-profile ''
+        set spillover-threshold 0
+        set ingress-spillover-threshold 0
+        set weight 0
+        set external disable
+        set trunk disable
+        set description ''
+        set alias ''
+        set security-mode none
+        set estimated-upstream-bandwidth 0
+        set estimated-downstream-bandwidth 0
+        set measured-upstream-bandwidth 0
+        set measured-downstream-bandwidth 0
+        set bandwidth-measure-time 0
+        set monitor-bandwidth disable
+        set role undefined
+        set snmp-index 57
+        set preserve-session-route disable
+        set auto-auth-extension-device disable
+        set ap-discover enable
+        set ip-managed-by-fortiipam disable
+        set switch-controller-igmp-snooping-proxy disable
+        set switch-controller-igmp-snooping-fast-leave disable
+        config ipv6
+            set nd-mode basic
+            set ip6-address ::/0
+            set icmp6-send-redirect enable
+            set ra-send-mtu enable
+            set ip6-reachable-time 0
+            set ip6-retrans-time 0
+            set ip6-hop-limit 0
+            set ip6-prefix-mode dhcp6
+            set ip6-delegated-prefix-iaid 0
+            set dhcp6-prefix-delegation disable
+            set dhcp6-information-request disable
+        end
+        set dhcp-relay-request-all-server disable
+        set dns-server-override enable
+        set dns-server-protocol cleartext
+        set wccp disable
+    next
+    edit "l2t.scsd"
+        set vdom "scsd"
+        set vrf 0
+        set distance 5
+        set priority 1
+        set dhcp-relay-interface-select-method auto
+        set dhcp-relay-service disable
+        set ip 0.0.0.0 0.0.0.0
+        unset allowaccess
+        set arpforward enable
+        set broadcast-forward disable
+        set bfd global
+        set icmp-send-redirect enable
+        set icmp-accept-redirect enable
+        set reachable-time 30000
+        set ips-sniffer-mode disable
+        set ident-accept disable
+        set ipmac disable
+        set status up
+        set netbios-forward disable
+        set wins-ip 0.0.0.0
+        set type tunnel
+        set netflow-sampler disable
+        set sflow-sampler disable
+        set src-check enable
+        set sample-rate 2000
+        set polling-interval 20
+        set sample-direction both
+        set explicit-web-proxy disable
+        set explicit-ftp-proxy disable
+        set proxy-captive-portal disable
+        set tcp-mss 0
+        set inbandwidth 0
+        set outbandwidth 0
+        set egress-shaping-profile ''
+        set ingress-shaping-profile ''
+        set spillover-threshold 0
+        set ingress-spillover-threshold 0
+        set weight 0
+        set external disable
+        set trunk disable
+        set description ''
+        set alias ''
+        set security-mode none
+        set estimated-upstream-bandwidth 0
+        set estimated-downstream-bandwidth 0
+        set measured-upstream-bandwidth 0
+        set measured-downstream-bandwidth 0
+        set bandwidth-measure-time 0
+        set monitor-bandwidth disable
+        set role undefined
+        set snmp-index 58
+        set preserve-session-route disable
+        set auto-auth-extension-device disable
+        set ap-discover enable
+        set ip-managed-by-fortiipam disable
+        set switch-controller-igmp-snooping-proxy disable
+        set switch-controller-igmp-snooping-fast-leave disable
+        config ipv6
+            set ip6-mode static
+            set nd-mode basic
+            set ip6-address ::/0
+            unset ip6-allowaccess
+            set icmp6-send-redirect enable
+            set ra-send-mtu enable
+            set ip6-reachable-time 0
+            set ip6-retrans-time 0
+            set ip6-hop-limit 0
+            set dhcp6-prefix-delegation disable
+            set dhcp6-information-request disable
+            set ip6-send-adv disable
+            set autoconf disable
+            set dhcp6-relay-service disable
+        end
+        set dhcp-relay-request-all-server disable
+        set dns-server-override enable
+        set dns-server-protocol cleartext
+        set wccp disable
+    next
+    edit "ssl.scsd"
+        set vdom "scsd"
+        set vrf 0
+        set distance 5
+        set priority 1
+        set dhcp-relay-interface-select-method auto
+        set dhcp-relay-service disable
+        set ip 0.0.0.0 0.0.0.0
+        unset allowaccess
+        set arpforward enable
+        set broadcast-forward disable
+        set bfd global
+        set icmp-send-redirect enable
+        set icmp-accept-redirect enable
+        set reachable-time 30000
+        set ips-sniffer-mode disable
+        set ident-accept disable
+        set ipmac disable
+        set status up
+        set netbios-forward disable
+        set wins-ip 0.0.0.0
+        set type tunnel
+        set netflow-sampler disable
+        set sflow-sampler disable
+        set src-check enable
+        set sample-rate 2000
+        set polling-interval 20
+        set sample-direction both
+        set explicit-web-proxy disable
+        set explicit-ftp-proxy disable
+        set proxy-captive-portal disable
+        set tcp-mss 0
+        set inbandwidth 0
+        set outbandwidth 0
+        set egress-shaping-profile ''
+        set ingress-shaping-profile ''
+        set spillover-threshold 0
+        set ingress-spillover-threshold 0
+        set weight 0
+        set external disable
+        set trunk disable
+        set description ''
+        set alias "SSL VPN interface"
+        set security-mode none
+        set estimated-upstream-bandwidth 0
+        set estimated-downstream-bandwidth 0
+        set measured-upstream-bandwidth 0
+        set measured-downstream-bandwidth 0
+        set bandwidth-measure-time 0
+        set monitor-bandwidth disable
+        set role undefined
+        set snmp-index 45
+        set preserve-session-route disable
+        set auto-auth-extension-device disable
+        set ap-discover enable
+        set ip-managed-by-fortiipam disable
+        set switch-controller-igmp-snooping-proxy disable
+        set switch-controller-igmp-snooping-fast-leave disable
+        config ipv6
+            set ip6-mode static
+            set nd-mode basic
+            set ip6-address ::/0
+            unset ip6-allowaccess
+            set icmp6-send-redirect enable
+            set ra-send-mtu enable
+            set ip6-reachable-time 0
+            set ip6-retrans-time 0
+            set ip6-hop-limit 0
+            set dhcp6-prefix-delegation disable
+            set dhcp6-information-request disable
+            set ip6-send-adv disable
+            set autoconf disable
+            set dhcp6-relay-service disable
+        end
+        set dhcp-relay-request-all-server disable
+        set dns-server-override enable
+        set dns-server-protocol cleartext
+        set wccp disable
+    next
     edit "naf.Policy"
         set vdom "Policy"
         set vrf 0
@@ -5173,239 +5406,6 @@ config system interface
         set dns-server-protocol cleartext
         set wccp disable
     next
-    edit "naf.scsd"
-        set vdom "scsd"
-        set vrf 0
-        set distance 5
-        set priority 1
-        set dhcp-relay-interface-select-method auto
-        set dhcp-relay-service disable
-        set ip 0.0.0.0 0.0.0.0
-        set arpforward enable
-        set broadcast-forward disable
-        set bfd global
-        set icmp-send-redirect enable
-        set icmp-accept-redirect enable
-        set reachable-time 30000
-        set ips-sniffer-mode disable
-        set ident-accept disable
-        set ipmac disable
-        set status up
-        set netbios-forward disable
-        set wins-ip 0.0.0.0
-        set type tunnel
-        set netflow-sampler disable
-        set sflow-sampler disable
-        set src-check disable
-        set sample-rate 2000
-        set polling-interval 20
-        set sample-direction both
-        set explicit-web-proxy disable
-        set explicit-ftp-proxy disable
-        set proxy-captive-portal disable
-        set tcp-mss 0
-        set inbandwidth 0
-        set outbandwidth 0
-        set egress-shaping-profile ''
-        set ingress-shaping-profile ''
-        set spillover-threshold 0
-        set ingress-spillover-threshold 0
-        set weight 0
-        set external disable
-        set trunk disable
-        set description ''
-        set alias ''
-        set security-mode none
-        set estimated-upstream-bandwidth 0
-        set estimated-downstream-bandwidth 0
-        set measured-upstream-bandwidth 0
-        set measured-downstream-bandwidth 0
-        set bandwidth-measure-time 0
-        set monitor-bandwidth disable
-        set role undefined
-        set snmp-index 57
-        set preserve-session-route disable
-        set auto-auth-extension-device disable
-        set ap-discover enable
-        set ip-managed-by-fortiipam disable
-        set switch-controller-igmp-snooping-proxy disable
-        set switch-controller-igmp-snooping-fast-leave disable
-        config ipv6
-            set nd-mode basic
-            set ip6-address ::/0
-            set icmp6-send-redirect enable
-            set ra-send-mtu enable
-            set ip6-reachable-time 0
-            set ip6-retrans-time 0
-            set ip6-hop-limit 0
-            set ip6-prefix-mode dhcp6
-            set ip6-delegated-prefix-iaid 0
-            set dhcp6-prefix-delegation disable
-            set dhcp6-information-request disable
-        end
-        set dhcp-relay-request-all-server disable
-        set dns-server-override enable
-        set dns-server-protocol cleartext
-        set wccp disable
-    next
-    edit "l2t.scsd"
-        set vdom "scsd"
-        set vrf 0
-        set distance 5
-        set priority 1
-        set dhcp-relay-interface-select-method auto
-        set dhcp-relay-service disable
-        set ip 0.0.0.0 0.0.0.0
-        unset allowaccess
-        set arpforward enable
-        set broadcast-forward disable
-        set bfd global
-        set icmp-send-redirect enable
-        set icmp-accept-redirect enable
-        set reachable-time 30000
-        set ips-sniffer-mode disable
-        set ident-accept disable
-        set ipmac disable
-        set status up
-        set netbios-forward disable
-        set wins-ip 0.0.0.0
-        set type tunnel
-        set netflow-sampler disable
-        set sflow-sampler disable
-        set src-check enable
-        set sample-rate 2000
-        set polling-interval 20
-        set sample-direction both
-        set explicit-web-proxy disable
-        set explicit-ftp-proxy disable
-        set proxy-captive-portal disable
-        set tcp-mss 0
-        set inbandwidth 0
-        set outbandwidth 0
-        set egress-shaping-profile ''
-        set ingress-shaping-profile ''
-        set spillover-threshold 0
-        set ingress-spillover-threshold 0
-        set weight 0
-        set external disable
-        set trunk disable
-        set description ''
-        set alias ''
-        set security-mode none
-        set estimated-upstream-bandwidth 0
-        set estimated-downstream-bandwidth 0
-        set measured-upstream-bandwidth 0
-        set measured-downstream-bandwidth 0
-        set bandwidth-measure-time 0
-        set monitor-bandwidth disable
-        set role undefined
-        set snmp-index 58
-        set preserve-session-route disable
-        set auto-auth-extension-device disable
-        set ap-discover enable
-        set ip-managed-by-fortiipam disable
-        set switch-controller-igmp-snooping-proxy disable
-        set switch-controller-igmp-snooping-fast-leave disable
-        config ipv6
-            set ip6-mode static
-            set nd-mode basic
-            set ip6-address ::/0
-            unset ip6-allowaccess
-            set icmp6-send-redirect enable
-            set ra-send-mtu enable
-            set ip6-reachable-time 0
-            set ip6-retrans-time 0
-            set ip6-hop-limit 0
-            set dhcp6-prefix-delegation disable
-            set dhcp6-information-request disable
-            set ip6-send-adv disable
-            set autoconf disable
-            set dhcp6-relay-service disable
-        end
-        set dhcp-relay-request-all-server disable
-        set dns-server-override enable
-        set dns-server-protocol cleartext
-        set wccp disable
-    next
-    edit "ssl.scsd"
-        set vdom "scsd"
-        set vrf 0
-        set distance 5
-        set priority 1
-        set dhcp-relay-interface-select-method auto
-        set dhcp-relay-service disable
-        set ip 0.0.0.0 0.0.0.0
-        unset allowaccess
-        set arpforward enable
-        set broadcast-forward disable
-        set bfd global
-        set icmp-send-redirect enable
-        set icmp-accept-redirect enable
-        set reachable-time 30000
-        set ips-sniffer-mode disable
-        set ident-accept disable
-        set ipmac disable
-        set status up
-        set netbios-forward disable
-        set wins-ip 0.0.0.0
-        set type tunnel
-        set netflow-sampler disable
-        set sflow-sampler disable
-        set src-check enable
-        set sample-rate 2000
-        set polling-interval 20
-        set sample-direction both
-        set explicit-web-proxy disable
-        set explicit-ftp-proxy disable
-        set proxy-captive-portal disable
-        set tcp-mss 0
-        set inbandwidth 0
-        set outbandwidth 0
-        set egress-shaping-profile ''
-        set ingress-shaping-profile ''
-        set spillover-threshold 0
-        set ingress-spillover-threshold 0
-        set weight 0
-        set external disable
-        set trunk disable
-        set description ''
-        set alias "SSL VPN interface"
-        set security-mode none
-        set estimated-upstream-bandwidth 0
-        set estimated-downstream-bandwidth 0
-        set measured-upstream-bandwidth 0
-        set measured-downstream-bandwidth 0
-        set bandwidth-measure-time 0
-        set monitor-bandwidth disable
-        set role undefined
-        set snmp-index 45
-        set preserve-session-route disable
-        set auto-auth-extension-device disable
-        set ap-discover enable
-        set ip-managed-by-fortiipam disable
-        set switch-controller-igmp-snooping-proxy disable
-        set switch-controller-igmp-snooping-fast-leave disable
-        config ipv6
-            set ip6-mode static
-            set nd-mode basic
-            set ip6-address ::/0
-            unset ip6-allowaccess
-            set icmp6-send-redirect enable
-            set ra-send-mtu enable
-            set ip6-reachable-time 0
-            set ip6-retrans-time 0
-            set ip6-hop-limit 0
-            set dhcp6-prefix-delegation disable
-            set dhcp6-information-request disable
-            set ip6-send-adv disable
-            set autoconf disable
-            set dhcp6-relay-service disable
-        end
-        set dhcp-relay-request-all-server disable
-        set dns-server-override enable
-        set dns-server-protocol cleartext
-        set wccp disable
-    next
     edit "npu0_vlink0"
         set vdom "root"
         set vrf 0
@@ -6947,8 +6947,8 @@ config system admin
     edit "jkafta72.admin"
         set remote-auth disable
         set peer-auth disable
-        set trusthost1 0.0.0.0 0.0.0.0
-        set trusthost2 0.0.0.0 0.0.0.0
+        set trusthost1 10.1.6.0 255.255.255.0
+        set trusthost2 10.1.40.0 255.255.255.0
         set trusthost3 0.0.0.0 0.0.0.0
         set trusthost4 0.0.0.0 0.0.0.0
         set trusthost5 0.0.0.0 0.0.0.0
@@ -6983,6 +6983,45 @@ config system admin
         set password ENC SH2+WrS1YeN2wN1qqkANtIzxrsLUfFr9LiJpDb6HCiJyT4X4CBY5YkYHLg5LrY=
         set allow-remove-admin-session enable
     next
+    edit "estein66.admin"
+        set remote-auth disable
+        set peer-auth disable
+        set trusthost1 10.1.6.0 255.255.255.0
+        set trusthost2 10.1.40.0 255.255.255.0
+        set trusthost3 0.0.0.0 0.0.0.0
+        set trusthost4 0.0.0.0 0.0.0.0
+        set trusthost5 0.0.0.0 0.0.0.0
+        set trusthost6 0.0.0.0 0.0.0.0
+        set trusthost7 0.0.0.0 0.0.0.0
+        set trusthost8 0.0.0.0 0.0.0.0
+        set trusthost9 0.0.0.0 0.0.0.0
+        set trusthost10 0.0.0.0 0.0.0.0
+        set ip6-trusthost1 ::/0
+        set ip6-trusthost2 ::/0
+        set ip6-trusthost3 ::/0
+        set ip6-trusthost4 ::/0
+        set ip6-trusthost5 ::/0
+        set ip6-trusthost6 ::/0
+        set ip6-trusthost7 ::/0
+        set ip6-trusthost8 ::/0
+        set ip6-trusthost9 ::/0
+        set ip6-trusthost10 ::/0
+        set accprofile "super_admin"
+        set comments ''
+        set vdom "Policy" "root" "scsd" "TEST"
+        unset ssh-public-key1
+        unset ssh-public-key2
+        unset ssh-public-key3
+        set ssh-certificate ''
+        set schedule ''
+        set two-factor disable
+        set email-to ''
+        set sms-server fortiguard
+        set sms-phone ''
+        set guest-auth disable
+        set password ENC SH2eW+Dd/sszYcK2zWKFzhPVZ5275Zpc5W5bCqVyyoHv7tPGTz0G4M+pjXAahY=
+        set allow-remove-admin-session enable
+    next
 end
 config system api-user
 end
@@ -7006,7 +7045,7 @@ config system ha
     set group-name "SCSD_Fortigate"
     set mode a-p
     set sync-packet-balance disable
-    set password ENC Bgy4VdmThUZ8NLkBRKM7IUif+/gFwpftxGrBI7HivH5j/lQDL2/27K2mcsyNXDm/zmz3KazqTD3whXqVa45Fi6RTGbdbRlrHa5VXxrSwiLeFA+l0S6nbWi2F9+2D33HkorHM56tmSPeXRbjm1aTHO3u8JU9irw0t3w+FD4ur0tiKZ/u7yyN5zB4vLIw6wVKIjNCftQ==
+    set password ENC 47q6sFEZr8my0sYXdrdytXyywUIOosOJU9Urt+QmAYE0E4FNK3mYbejxVHYA/jK3NKuNDh2TPM69rIbEO/iuIIooKKKB18bB8i7Cp9n07U5+lK+f7HW9JbizVVO7zQQb69iFqzquSXvGzdBWbvtgWnQLX4OQUbPIPeDdCnfHdHSRT4ric1CJ8sfZUr4ytMGx/Y7exw==
     set hbdev "port1" 50 "port2" 50 
     unset session-sync-dev
     set route-ttl 10
@@ -7033,7 +7072,7 @@ config system ha
     set l2ep-eth-type "8893"
     set ha-uptime-diff-margin 300
     set override disable
-    set priority 100
+    set priority 200
     unset monitor
     unset pingserver-monitor-interface
     unset vdom
@@ -7052,7 +7091,7 @@ config system storage
         set status enable
         set media-status enable
         set order 1
-        set partition "LOGUSEDX4300F88D"
+        set partition "LOGUSEDX45501361"
         set device "/dev/nvme0n1p1"
         set size 937875
         set usage log
@@ -7061,7 +7100,7 @@ config system storage
         set status enable
         set media-status enable
         set order 2
-        set partition "WANOPTXXFFCD85F8"
+        set partition "WANOPTXX808E4B55"
         set device "/dev/nvme1n1p1"
         set size 266562
         set usage wanopt
@@ -17829,7 +17868,7 @@ config system autoupdate tunneling
     set address ''
     set port 0
     set username ''
-    set password ENC TAO6bBiu971LbCkxbbzhppeiQtzMqVK7bVVs5XhBqaTU6jL4oEhAPTZBIjmxmFJofoz9ulxyQ+LRHZ41DfOf6XPP4stC+yWYXhj3Wco2eeH2/7yQlM1kXEohXboKb6RhGh7fUySphRnq+5HpdwzhkIOYxgp2ucISOtv/LUJ+D8tWDKlKV5172tePlmijtUwRdxgCVA==
+    set password ENC oXLZYRbBh1FeoRgdoADGbQnqnCAb6XdPkFLj352Ncuu0Y0orBmtL3k4o2rk+xnNe7Cw8fcxIqpo79BrFchMkMIX7Ppd0IUP9BTlax6nA9QVf834IvB589oDwL4npA0ZJ13MamDaWOlEaA7jjJZnfEJVEYLhI1yjj9EZpfoKdRY8IDmPlyuWx2mVpjyHTi+z2hIOHBA==
 end
 config system alias
 end
@@ -24846,37 +24885,37 @@ config certificate remote
 end
 config certificate local
     edit "Fortinet_CA_SSL"
-        set password ENC wyG5qPZjOi7uB5syu8L36yxcnGOa+RfcgeD5iF/n25VALygOGYLmTIpzGx6ctjcoOdsZJ08SJR8UKedHgAzFUkjy9J/+qYCrYg1b6Q8wOE7wJCp8sxaXHkQrdwo0OGRr3ufm0ZPQqsAJqGH6xml2cdUeW8QLKvFotmPA8KC5/da1vY6EwtjV47cHXmgUWheXXmZ6ow==
+        set password ENC uzn29dAdlp3vu09hOOMOaKfd41cIFNR0OKVpsF3q8KpGg6jYNKReqexruJBYGONUbu7pSoPxX6DVCkbxSx6hmLKKWbL+nbcWnOFyVPs3E6f/6K5P5YuMC2GNatoJuProHlKHuqv/vX/c+CkatUBZV9F/47v0Ei+U6I/A2KkrBsf9Iql5GiuaeamQia+IDdi79wWkZw==
         set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIeKYcNPa/EyUCAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECOqAOiyi69hoBIIEyGNEdi0N9DWd
-JLgpkDxfT7ZwzEMpuWIaOmFlqg/SKuFIvYQ8klUQP7u7o17lOKAcq0K16JPodK6N
-392G9urIwEcdJB99z7B6AlAqfJLaV23emlL9eZbwGAM7ZdmcuKwH2WHUajzcW8+p
-uDnsSfMIsowmigOe6spGsYyvOegCP58opyVbi2cRd2dcv1nZQS/VQcLCtcMXV8x0
-ksU3bHC/Z53OUoh2mHmsO4vqvFuYpCkcdfW0MgWvsULpgGJFHiRmU1JQFCG/t8lW
-b470fBfnFRxVx+t7pwUupkAF+xpsVi4SH1aIQXsWS9fhfq/l9ILuIJy5Gg4ysC87
-afaTe+65Wz5oCxQW6G7bTuw7aXb5BOP2UsY60UwvSaNSGwwtNMaz5cvZsjgp6k1Z
-6cAkd5jL1HQbjnqT+eKBCIAIqwDIuk5T47B3lllpp/4VQtbpHEjN83isYg3t/0pz
-asH21OhMZhGykDmV+sU5rvpTaJKQecLdDzIsNKJ6rWHGFZOLsVs4KMwvijVhZ+eW
-bvx8+CZYmjvzb9P4OZXk3f+efA4KBbWRQie17Adb7IFhD7I+0JWPc2YbbNqJ8k2H
-K70cVPkDH4r4pkWvEd1FXhjAT3bxjJ7mu+0D1qfovzk/MQDKYyVdyxlETn3yft51
-x8SijYj056PTkiYj+7Kg8vel1HJbCf8Y5eVgMU+g7SK9c5mdMqs9M0L5jpOZpIXY
-AT22UQlKfqHHXVGG2UqFa00QVbtdm4FIy6urKkFRX6RgzWxK5YHpczBo1W26LQIA
-eKl8ebl0/a5PMgvn3qmo3yc1h6fsvWhGGI6PQ3mRcZGQkBwc2x96wWw9OgHe7uNz
-UaiSKwGuuAb7bE1H0XTT/oBGrc8qmlcMA4l2pxyyLSF7KMaaXskNtSWljvfobqng
-vKG4wQcoj2gSvGg99A3rcaq74k1IYHTZLOjHqmssOzMuiOIbzRYBRqkAt0V5ee22
-Ss1H2mXWAbd2I9N0SHjxnY/t7a/9rsSnzR9pMyBgFB1N55H/lkSBfX+Api/4iqZa
-jrbf+/rBs9wXpPbf5J4pnz9iZguDj6cUTjV4t3egmNoyd2sbDoDiqkp9E7zwYYlU
-g4cD/NM60s9dVKhYzL4lU9Sri/IoC+7O6Q7sE2Z/IpfXCss71JLIpxfhAlg1D4dC
-SW62f2nYHgH9zl6/WntY7b5rhYTskoO8XTldbB4lhPAEscv01ZPXD+IYGwynh6TA
-ZKRZlh1haWN4N4jKLZ8Yt0T8ucMY7E8mPKftEp4+bYUOiqltaOJDWk8+4oDBXYrL
-aeeD5KAYYUqbvwHnOmbi/7zBkGH2AlDUIsU0sAYUltzjTqJP08DHrU7oVSE4S5Q+
-V8Y5qzo5LYaOQU5e7xomL8AsuEFhqdNhYrxiCGzROH2WGQmRtyRMm1eFFjsdrvbf
-NyUncVhfTNrsa6Ur35JK16dhoo2KRLr0G8UmWn3juoYihFomFu0Iw0qH2SMmMZIJ
-iy9KiffiZCtXrDC0RXz2ftot95pQeQv+zLwpzSfeEDMdNG8tzDX1CY15p3kbrxWC
-qL0ehisV6FczHYZSrSPhUd0FAh/oM7SLbdkiUiPWmL2S4P7dY39OFQKbFmUIIPun
-BqN08bPmROZSPuvkMG1Glg==
+MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI1xV3mRSXugkCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECEyaZfbyRlQ5BIIEyEmx8akuqJH0
+RqC9r4A//zoZhsqIdSNnvJu0ZDneYPpEEnhKlagJigdRLFDe7zC6OCkP/KNTwVXO
++ZLhPJZ91TKdnJrIPYTrIz2giUgxZaptFLPhqPP/8q3YofQX9mvzm54aw8k/RTto
+TQiOmKKC45Azw5hCDpLDKwuIlHsLV4TtpZ4vxlkY30q34HX2eRjUA7taprsPJd75
+neVdAg2ZDW/8303ZuXBNdUyzVq6aa6YHg4aIPNuQdr4tUI33aiwY17Y6lLIjvhKd
+/ZkFCijVf7dXSalISdTpJdZCcTQhrD3KF8irjyWi+syxY8tgzOJoK6jQ1ilA/Y61
+hvtcMdVBnPgYTT1K/sjrsoxbLHB+woxfs5QYvmd8U6zqBG+xsgbjB8KIx8JRWxeq
+KF6HrsaJfnwrwt7NrwqPYyS/iIC8lGCyVV+hFvUAEMLwwTtDlR9rU7MDiQFvv6S/
+VgQc/jk+phUm8gAkrf8w/qcWGLON/jLQfp4VNbaeILOEShZCchapLVisEbMysVxF
+8DzP2IsiABnOKL7q7BXrYff+hDn0BcwmsEAojHE+DtzmQ8ZZ5MTjlzEKYgqbgrKT
+bPYVF0iTZ7Tp+SeAeTmlW/FxOl8RYbg/paJrFiGBpNdn16EfkWpiOuOz5lOtmsl5
+6Q2qzrGqsN+yEp3XIb4dFTpWcx9avaozWfVUEseAyThBKE8wZMFGVNGprkP9GmRE
+PKdVcgXTbCDKCJC2OMhxWPSn9k02a+NJ/g6XR7jOy7WQGKcX3pF0Vy2SvrekNRC3
+kzwFw3Z3gvtOOyIaTJjl0JGNQLJrdOg/7GKVHwP1lwGT43X6QOybDuNVPRb7bXsb
+uaXJib5z1ef4dclWH6twMH1pASMQ6zP9FE5WCm5ib4I2Eft+Kpj07ZiOMaXGr6Ts
+w/ecI/xDI5yxeciZHa1EhG1Dehakb2HBqzBWo1dEsYwk2qZeP/zibmNK8pekvjtg
+5PDgvgsXbrggXCVn1dA+eA//8to5d9jIWR1fyU6oiLUqBvYvXhwqboUQy8Of6LRS
+3qqKFYTeGk/SbgYwpHhXBa0Q3JFiYqpYgNXozIpnlLf7iHD1LpVardXZucEeaOmt
+E/nmzE41dofyDmMYYkbkltwbQBLS2O7tbh0C2m+gPovurJGpZ2Rpblw/meaq2Dka
+G6vM5hpOtUWChCa03w4jmv8144V3npyGlDlPwCU5YJKfUipe+pbDVMVUzeV+tDnb
+5sfxzdhpl5UkL3E1rTOY02M7Pd8ZH/Hvjuuf6+zBtVQ0tg6sganctJbxoJ1xCN8g
+1tD8gKHkq83O4gRlYRHumNHflXIiU/lEet2TFUVJFLii7KRGl6rhWT7/jjaDa6H2
+OKb2JZbPLdmaRSV4Pe33g+XLXmGc+F7AGv+K14YqcM7eFM+OLpkmjeT71+zHOx3O
+xwDbUHVv2Z9QBFdGDG/EgMt6iQ8A5dTWJWoYb68nDQR2gK7GF/RvSkIICB6A/GDh
+cJqU8gYh/98aJATXH/Br/8Ya4SL8N2ZYmn3DnmdqZjZ95Z5yyBn/QSQzXC17DWxk
+2BBcCBVGIA+YP5GxH6vVgjTCPVMLI1pJDBwMil0WSE393wRT2QQXsNrJweoS3uE2
+96j0gdGq51PdTUTCZL34jQ==
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
 MIID5jCCAs6gAwIBAgIIB7EKemWPvOQwDQYJKoZIhvcNAQELBQAwgakxCzAJBgNV
@@ -24908,37 +24947,37 @@ xXZbFhu6d5a9mB1ykfdnxwlXwL44T273UzikwDl6YJNpJ+F8++WYJmhS
         set enroll-protocol none
     next
     edit "Fortinet_CA_Untrusted"
-        set password ENC pIUZRD2tgmDUd4dW/xz18bze0hLI9pPrKEuBePgh0E8TSLhDXLpPgA0DyasTCgKkU+qxAiN6kLIN+kE1WJkIQwRuEocCsM+7TcNzvCYLXt+9oBn8xREOuLnfgGymSgKPkW+8r3lTaIaDQOuvha+Eg/bBfl2u+pyKi4dMXz7h/Q4ZdTX0y0sSbkTCS9IFAw7AHLYrbg==
+        set password ENC BuH+GnT3dZA7hhuB7MtgRary5ey9t5rcNM0uIOA3ZVzZSHzY4i4hjPeiWIy6b/ow6qGSg65VfUPDVd/rAr2hiZAs/k/19rZD5ywqomlFHI85Upvms6nMKsvKLmAYMhfVCwZc264HZcV/bLIJTPynpYYRwz5jM/b1ylQk8v318yIm84DzGYlhu1lSTfhFei/hr3jxjg==
         set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIWWa4Wq7Lt+UCAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECN7k9hzjaXs8BIIEyE45Po/0xBDF
-BhpVHzVpY06A8eN/pd4EutnwmlKYMFOk4N3yKzKi0x/yaS0tbPtgvL3DNNnHtM+C
-tWdooc3Ebs74M2h4YqG2Nz1HEtlQDAWLHcD7ToyepdYI9GhJeo9nI51E0n9TM+H9
-U+wCK2ycsmO7i7s7QR61hokj2q23gTamJuiAdXQoPNYyXrGUl+IN8+T1TC+w/dJC
-9WTXtftDSVCWA5b161RZwA2W+KAL7+p9tuy8s3Sa2Eg2CLMLnYeTlolfNGP2w6Xh
-DyySCMpS3PGAF8qRC0b+MG7FH3xJjE2j1PKzb3Re9o7KEps96SJ3OkyXcSYTt/Fw
-v+0xvCqFg+CMn7+olW8lVkdajwMBDEM44dLSRGijOOaHZtFOe2MfhgKMbblDYuyB
-uSZeysm7AotLXOUmjF8QdQynTh8jvKmCEWaD9xWlvadBPrB/DR1E3pdIMV2bsysI
-FowEsVFibLA1KaIncr4/M+w6jqU/qJg9F0HjExr3jSauzGm12GuPxvl5knoi+Dnr
-sa1OkygQA6BLdSxz9NIlFaglUMXIsFH+0KH8eB4CtUjlBliBDIOZaJ1NFNExIrRT
-Zt+UBKhBnlrOnDwhspy+DY2Hg3HuvwI79oBDUlDB4ZoAcWryMxbgYOwS/c3BxT7h
-PKa+UlB23Uh5FwZKIMDzeUw1XdbFQBn5QRfy5coeyrbZbAXYNEpoSb1wCAe/SOeh
-gKyVfxpwpSu3YuR3qDgcTBa4MOJ27th+Otl+00/hzvqy/ZGx4VneCNCdfjAcSt74
-z9znYyM5oeVd8PZROw0LlPgd8hPJSFVhHUwKNGC1vpX4ogd2aHlA59SYZyeq6zxL
-rv6pvyNQ++Nrjtd7OUbv3eiNoSkwCDq57TrStDJfKmdsExloiFjXq6MeET/NCDsi
-djlVUgoMNqFToxLZwOxNeMEwPXLMjFX7Wjf9QsIllqnIJxRTieahRxTw4NAX4z8Q
-BwllzNRPwMZkWVMJO/t1SWlAPD05PnIdbrXh8FKUNDpABMaXmTLOy2UoXVLPhbu6
-RXgDo+46+r5ZMk6oUTtERU0x88o+Yf1g+0xgh0yy1Im249iGYrGF+ydVJqyyxgop
-Q+vfCy2W3mGZKFnwd2fxEyEU/410cbI6pkAGIKpZgCRmnFHRvLCoUFyTw2eQTa3+
-ug2As3pM0SUu5fjAYD22LrI7oWHSWIN1Pt823rz+sKBexdhIWiMmz2SOLt6Un77V
-BWQ30p5F5elLz/Ck2vyW0SqZwZ3LwcGB5SxqTuQlKMsEw+rnvraexFMZ4IviEek/
-L9wfYbnisuAQW3mBTpXLCE/qztw+Yt3zgBtdTURsqU32gsv71tpKpU+l5kyuf1LT
-BG9J274z6ZpQprqZM7+7K53WHzl3sq8vFfqBSRSLstlOMVSgJySeSg6dP73OKJ8N
-5vSQ1MitkvsRLkTczdNQPsmmVRh978cIbu05BQvhnr+uTA0wBq9UP62PqP+KjQwp
-3W1Ju8OsRsY1uqb2MN46IckISShPNW7iwqelStg982+7RHLgCKdmvz9yXKLW74Re
-qblmhD7nkwDFrO5sGg6gx10Uaa91LVUo6GfMmfscBNEzbsaBMzX1YjW+L3l/0Ccc
-xNWqLGg/F7qJyleKpDC3Hg==
+MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIypXD7uJ50cACAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECBZHOAuvE/bIBIIEyIay/qBxGsSZ
+1pN8Y1S/Rf7e19+P++bDnSSRBHaPa+90iflOLSEmgVSXoiksHZnp1qebjOeSU2k+
+p8ZEBsMTqhldHq7jDu/zQ4VBSudMZoJh8cRx35QGD15Ys9zepJlBzvnW0G5FgYxw
+mVitRhNfM4eSheiguhFgsnW1d3jIrPZqEBPlNJ0iA187tPR6AhwB+qiMuKHBAjXR
+lgATrLLmHDCyVs9eH8WY9naUS2OshgG8j2DaGSwqX3WnskpJe8XOfrOuKPtIP3QS
+SVcK6kpTI5mxJVBvdPySEn12dCFeSvJx/rBwAlBpAFrd3hBEJ9fpWHvipmCZ3qEJ
+1B96UmusDwfFGNaHIdDB2yghv5dgpw3AJS49tDThpNYcaSX3+77FbGM0hzKGVt6X
+dJAu07UDHzdl/pIXh5mK2o16BIjEELYcprQGUEZsEGhK7j2GgZ22htNRTZPCdm9h
+3xUQ+NS5d2wn+7HpN3pyy1DMc5mYmWQ4Sf1C6FIfvhZoVnldxU4lNb2BjE4GbeyB
+Yp0OKcfYxpOrOAfKtRFRmctHo5ifIiQByncUsthc8knEOH/1gYuSN308UnFNCjMF
+zoibKu2Npke93SjCi/EGjsQwDmWbgb/uajgD/eSxkysLMldgJLYFy37vucLtGjal
+LMhnDzbF080LvLq2Vfq+SjpF/NxTEAddKGQIAXvxJ8SZmNOTzqlv5E5MOZNT3vTD
+OrWlpFGKVuQqO3TSgU31ucxroD9n4+0+RBU2/xTXYaTe68lzFBC65lzXsqQEnrbJ
+KsG5jHeHM5YBCscbvsj1h3DADfy3zS8+zu4vATo37lM27kvKo7ZPxTVPWVVPn0zw
+BZT6CAWU+dQJ6qResflUxZKAgb5SgS41cjTUh+x1mNMTQUGNiPKEC6gN/q7dtiYW
+SwgWA3J5Htrh0hdwVfQwkZBCWxriIcEWZP/muChrclQvYQmCglJG3G8eucqyZaTT
+SXd4f//eAnDMb64aW6At+qhQ+v11515cYH8+6zZU0t86Fc7zkNJf9LD8QBB21ZmS
+J5dzYiKEgcx4IrndFpLKLIr6C5DkSAkz4rr/WID+WcLauRW6xBlwzI5f3fUMA2a5
+tIo/rxkzDZMO1xjogF9Bz6WhaIwntMUQs7en/uM6AxHC7doLySXzZ9HZ5KW8M3Vz
+9t4WXe8pLGXc2kZnEZQCppYj7J/dRVNyRx5VY7BB1o7FDqUf73dryp3peVqQJTaX
+RewCTyDoOZU6lQ7kc5M28UY2dDYGen8BXwHgSRZX3EhCeF/w9yM+rt0S8PYMB65I
+UsqyW0uVP8HqwyW4cHJwXdMWiU2jmfUQfv3rssTzW5h7oEXBQDwjjzc2QW3mKxqS
+Lsb9PKkx8Ltuiyo/QXvfAHRf8UjOql1JEva5as4H8ihdUQdQ6ey3iVF8xPFXM33d
+UCETF7ECJwXQo0QoPpu/N56Zm+UQNxPrsINWFn4iSriEorvqkfb++xQr+b8REVLe
+m3pGxsyB23fz9F/oFG/R+LS8zDTPYx8V6L01w51YueeLGWbqKiQ67ptprl9YJaWw
+PQ/B3X+Y6CgZAYPHntz6PLdFEgqlis5pDUCcMLiQMkDtIT0DPRv+iGB+z9R5qYcX
+DSvBWBDFu3mQrel8B7PmXw==
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
 MIID8DCCAtigAwIBAgIIJJ5p1RsocBEwDQYJKoZIhvcNAQELBQAwga4xCzAJBgNV
@@ -24971,37 +25010,37 @@ q0ik2r7sts/s3V+z8yMore1n8FcMX7ADoGjCSNHe5gOq/kThWWVR2EHwkDTnraYp
         set enroll-protocol none
     next
     edit "Fortinet_SSL"
-        set password ENC z4kFa8x/t+1T9rz5iMtaibF0XpY4skaBEC+iGDGTU1fGR3SclZEHPSuQ0YwMFbwws6sSfxMQ92DBlYQ2V8TACjFjG1n1cnJZDH0mZBYmcghbJ4r1VHUCCH+FIxm+VGlTaRm0wFgbpxeuXYyLBNShWMmdoKX4flygpElJGvGccVCqbb3GsHhOkmA2m8RhHoOCDq5rgw==
+        set password ENC jwYdVGJB5T95Ubpw40ScVbwIgfuRkoXcePrAfbFJmudq6RACs/8d1Xct8hYn7ogXHeyxSHBjjwWIWypeiXTxrOpizV7bGepZk5BgkdzySMEBfqiMKcBy/idVs4l0l4oFpe5fnc68txXSo050yDWmnsB3trjVqe/EXPaEWsHVZAudZZOvUzrHTvyE1tQUDiWbvDiPkA==
         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIy9cNub+Ob9UCAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHWMyUjCY6LKBIIEyJWfz8RZtKMb
-77COCMKlMywSMhuzt/IhFrZTwvjX8NezCqDIEB5OB6eBA8BhUaXpmL7JUIN7e0Rt
-OC4hc37bbUygz9frNhICz4EXR8P8iw+kyu29LgRfcWh7yUOgM7aV7e1mPPHGMpgm
-vwRCWU1ru8SPQlXT3nHey1deKMCyxKv02OxH+dEgCGWwILYVoaVbZ8svzuSANDvo
-krluDuRF8n7B96Az2VOK49yW9atAPIzAUZgfQ7x3KEu8LrYfJb8IiGC/5q6aTmaT
-99uotmwFqpJY4bjDITSI4eTZ1yQfEedv6ZO4G/YtqzgTYZZGkeBgd4QoicErnGfB
-e8rjHHoHts2HyjJ2MUnGgr5OZWjUesKaysy2qnqXWptyEIM2uZcESLEr0tQpzFno
-b0KwrLU4mXDupDGiCmX2xgkYvL4aIB1612qKR2jlT98mWRJpbzj31Hx9brEsoedp
-+gJlIp+c6phAHCnZLEcop7m+gnjXfpCzawUXqIpKdKkHxhNyWpMa+oqQgahvBDpq
-jU3J5V2jR4CaNJi7nAA+2sjPcD16bJOUWsDo1HXxEKLGZP8ygEeDDk9IeRzKS/VH
-sqopb0M2W9RFH9B3GsqRdyfyfX4kx85lK7GLBp+DlqQQEHUhFXGfuYcar/al3PMg
-PvaJQLsPKRys4eiqt7Zu4chnMHcYYer0OIBnejQC0ZNw9xR/ey12+4rKPyf1nsRK
-xrCgPf0vrBrlyxqkDxsJiGea1rWge0TcNsj/19vW12+J1qAGhcTOtE+bwiBF+J0v
-UehpQE031DuhK3YnmKsqH3gXRfX1YTcc0W5HaMhrAODD12sVBKtoMoa2iasTj2WU
-q9UZDy4nfshwuE//HSeU+MIUPsCFkTtcYF6+ZfwLpOxRpdmbEbYBUrvUy0GgLMTF
-JPrqyu8Ad3eg4fTaeGbpwg0gqdJ48vGt8bjUBXr0+DvL3zkSpTgXU4EzcgVOGFaW
-k2IOso5fov+n04YfHos0QD/LeBPYP6Yw/Jql9YHEgUaoe9uj+KDXJiH92/g1R+0B
-H/oAi9hUHgf/+SRLMwwUzr9S4i6gAnrRB4YNWxvGhVhMy0BJq6eP/UWMAG7ARh6J
-O7YlVgfsACV2dJkwLud1MloFsn6dtpT40GL8885wybe9q4gbpfaTLoVXgZVok6Sq
-x6ofvdAEp3Sa/FhkYciuuoy1Eq6AdKz6VDr+Q0QSENVh8TTYBXM81EUtk9O+pOW1
-xLkMeyZq8lLf5NKgFS4SIMMdls2zko/OEWVtUTz0bqCygOi/sMQS9P6ifyAch3Oe
-JUd15sIAxHj2wymXrkiovgwIrwPxuBlupgSm2HnXdQJiA3xdexrsktsvIQezVMTq
-5R5YT00G7a2MJQFhYmbTH0Ay2jhMCXaj2BFySdag685ENSYQ+nxCSiF7TFvXJI16
-0tpcdS2qPH8j4UdawajwSJLz7Ec40Ph245SBmT0IAZBE2N5+cZGee6gNUFjaw71X
-9boJ7owkmOlYybmneF6KWb+tbi5OZhimqD4+MoZXXXC8Ly1LZicC2ZBFm/r+Cff9
-p4hrY2yWvC8ZIkJo7eIh+pr6mNz1tlyYLOGQKyu3yRkHhKTsdbJqQsEQ0nv52qxs
-8jDu6VCAJg5mj3hYf6dX9g==
+MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQItUSAlADx2ZcCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECEA0a1DOddR0BIIEyGF3DGOZc/jw
+Zjhat1mGeaXvsI9nXskRfAeR0WcVwL64eQ/kBvP/ti8FC//H0kQjD/qJnnXMFgz/
+Z9CvGJQ1oLhe/D8Kcuxs0UdO5akbd69Xa8GX02/NXDkl2E10treXfon74I8L53e9
+oJWRgwoM7JTiXY3CcuDFKAK60DmU/Vq5PCq1HKWN66uZNSkyJXvOquhAB/WaiIXi
+h6QH59kSrAsxvqebRRqsMTOn69mMu7WylFIwrSmiUz6LroO/0kpHyGpkZm+dy7a0
+/FwIsORRG3LUZVpq/2xSO3Uzs9L2yy61168azrfcsM8decCQ5MVNmrT8z3Bj3EDu
+zRyy+7gt9J76n3vv2jIRUjv7Jjj60Vt58YFyjyedC8tE+/G7+T4SBZwKE9k+z8Kk
+z+g1PpZUNTd3fA85XAqf1Snm6Qu5GJcM3UXsu8B1C1+FShDKb3rPbGXEUW+7LGAp
+fUgUx6/c8tEe+jjbsZseTUPwlqVyc5iTWBEIVXEwuXE5YvaFZXMAvLDq0iSPcGwe
+4aXy/RsY9JXy71ukRP7JeTrSHSFAXj1iY8dfN10LmQCtGsJ0AGmgGFKFG0mhBvqK
+Cd10KgAhwTEcmu6jsiCP906kfQJOoeuVqhTNQraiTZApa02UTkgC9CJ6EGvgAYha
+RUF7sb5vx5D/J9qMx8f/ofbkvC9o4YtZfoBsYvBLX9Yc8qvTmQuVn/kCN7RorVIg
+TW+mUVECGVncAxyVdwMimYFK8CVRdigXflQnOicyJ9oQ5Lj2jVMhpJp5ngSqpsEh
+sMED85FrlxZ2ezDzlykUnV5Cr+4ikZ3XRrCirXil4yo5kx4ZkmnN7PjQOrw+RrG2
+CAu9GU6E/MjOpQpVcznPQavgw0uJSxlB6Cm6eEqRtk6rccYpYx8EIFhVuUH9skPF
+WxYJ96a+JnwIa9ifyIyXV6ly135NLNVcOOoXDXEsDbq5zLJEnpLQQ7mj+5+yO/QV
+Ne0uBm3q4aOeqqchKPu06MP348KhMfwvmcqlnkG8918k2YFlmCwaggR6m6+gRSK4
+buwoHVMFiUm3whZu4baZfF5QoJrM6dJcjooRTxdUHQQX82vPOHKNfjVewzfMImau
+gx0+GTFu4k5QelZ3tPkaGmppwwXaVh3aLTaHF7u7yRwIa51hAMnkGQHNnJI4Sl6B
+P4dXTNouNCQXDw7901Vzl+mGlw1Ia4cyP+/YrjreeahwSrJRis5jLQK+fP5Ee0dv
+snJjMAUhzxZXv4XHsXFpTaxv2SNgvIvthP7Op0Gt40TaY9ZB3Vo06S5fLbZPj1sM
+JGBTdp5oPHr1di068T7FgWE9AlPNUvFrLqrYZn0V6RCS7yAbbHiaraQBwxvCdFFE
+zXJca2ddB1qjdAk562UhZTSvk3AzJeus+KUEsIr/W8OY8J47yG88lkcAxpp3+ys+
+tTrBrCJDY95EyrKF+mBrzyY7Hou3tuFKYT+rcctEbLNcCjf6oTYfqcydY2gkJ0rh
+kWGETbNTRWe61/x3uyOZRydskNgjz7kWPwmYtO085r87/z06L1z4jiS9VzmLDe/H
+1comdGxdi/jOdNev79eYX5MAqXi2GWBCPy9cj2BlkHPqWsr07dDJ8D1NbiOmcJpv
+NgiU/R4Ng6/NtRvSKyqzpQ==
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
 MIID4DCCAsigAwIBAgIIDpscz/0cckAwDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
@@ -25033,25 +25072,25 @@ GIkjH1RQNZqgIWm9oqyVE6p2U5ZWpVghjAgxibuofpuddUTG
         set enroll-protocol none
     next
     edit "Fortinet_SSL_RSA1024"
-        set password ENC uxzBRlOsSH98xvfxE3ix5N2+QeeDA+JDKj8HUFYbT8HLr/MxpYUN8qnaGrlByfKJCztaz7HhWC16d0DYYH0k5NpErhz1Y7+STEVpEdVTDj64YXSkb5rt7MxDlru8lt0yboxpzlo8kmOjaU7bP7JQmSwr8cMoc3LYTCCG4y3uCVUPUUpwnwki9vmqZHPedX6t/J8MkA==
+        set password ENC tW3Qan1idi1fKTDDfyZUeeRlivkdOnueYG9OQF4tgqXld+BXzjrIck9yYaRBdBo/6ffDa2fbrwa/Nhy2OWtEar2CLcJfgQrvOgWydtER2JSGOJNp8tMUyvPV756NtKJwuynrx4gYwEbDaXBJJd3tQsnJwwu2P/72fdkD4/chffo9nAA0ryDn3hvD9bYnXzU6vmdlzw==
         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIC1DBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIStZL1SoNwhMCAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECFnGktgqHMXhBIICgFpaefD/Szpp
-L7qGTHphASIvpspG2FnqfkXM6zow4VYwsIQHKlosKSJ8V6Xo5GkttYM8lHE5WOy5
-4BoRiuNj+ptfEwNeFQ32etFpu/bKuWFKq8yDFrzww61VKUb6qe0vjuP0FNpf5xOs
-vh59EE3UCPlf+T7BJzI6n3WShkgoEI47MFQtQg6WeJn/4/ls6lsAJQg8359nw+28
-/btY+yOseaijn/J8mTEkOpObBcBfTHhAosMbsb5BPWNq0JypXPJHjYAxKHJpgN2X
-AefMHwhTwTLn3wKemeOassmdrGRofcPFlkffox1edaobqFPl8nVTrphv6+4NvUL0
-mPEGEJHAsuTW7ZnZQBP/0kp0tMj1sZDVccsk4VHTpRkliePWEuq+n5HsRMgVd30G
-KCkQqP9IBNl5MOriUy3Z/2VB22rFigjwNb+cTZnn7kk/9uxMKeMaPF0bp/+znawk
-ZMMFAlOouybmK4nrVZ9GY5eO4RtMJVupHxJFVoin6Eb1aOpj5v/1sW78chbwFh2f
-SWNC2X8jlmOsEWSqDZwuo+JpBXaXYLW7P2t+bSEr7xOuAOmeWGP3vz5SqI8Vsrxx
-TqxTYsX/tnwxt7+GCILfgYlrcrlcl3d3KzKa1Xi1Ylud0wxEyVt24JFGv5xa5tbX
-pI6FqvxIPNssEmXNLv5ZVC1AzdpAmiOCqYPdf3w26AiHA5cBAIZHGjg8eWtMe+OL
-LDHD8QhqAOB25MNMczge2yGc7n89WU2ErWBiL6lQjciYUKNlAp7M0Diq8AuGHsTo
-FYecX4P3/6ScHH7wA0VaVlP5g1Ai2/bZs3DTmnRuMzBQEEAFU14Qw3f1icVzfPxI
-rKLWq9l2Q5A=
+MIIC1DBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI6ujflQThd/ACAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECECp1pMwY3ddBIICgPjyDJZ8pIHL
+J7OSmaXXDQFQt73pBKUKIlAO7ErOTshtsTgi7UuJAqOWzmwKnhr4mvxOqcg2aq6g
+FfyVrTjC0I72nhv/HULbErj7hJmL7d0DQXf7gtAZxNiExV+cO+j7bU0MRMeXoftC
+BeARTqwnkvgYc+MwdZG1k1QPK3m416FrIXJoDXzaGXhKbaBgnR9VhaTuS3CGllCq
+/Mm0faXEpHoJPZPJ7hs9cG5IB7DG8ev7VfggLa/oin5vgv3ILE/MJGrjb90gFK3c
+fGB3pyDZcQY/E/oOTMXZBddGYW+r1bRZGi6CdpgY4vR14lzXyzY6oSLP0qICV7Rn
+Xod6rBVuLR/74RQodxANdXMhV8dSZDzd9Y0+nipnEJYqjwIm4lG4GWVf3okdX7/u
+d5q5Zh/mwQyuHyCKCo8p8Dy4uxGjlsF4UrRtSlZmoJokdkTUd3bGDEW6zy4BWZav
+xkCF2qpClsGZfmsfhvflnoNBWoZspj8h/cCSAcWlMr/XJFWcvH9SNCinvQMZEEgV
+2Q0ypdvZro9H3KSmZqMNmPH1VSzgM6cwCJS7D2Z0M4ymQu7zsoFgOkBAtr3UU7kM
+lUx0GLzaOJ6rMAShJ4mA0iN3xtzFvaaqWA1Xe4BMuTvbG94wYuw0Fd/cjWzuwui9
+ag1dthao4CWp215vaHPwIpos/cfLVdkAud5eCp/7JyiYJD0zdyQI9SP0gCYic45f
+sZpXpilA6dUUHYXTRbLKXnbG91r5yTllyC8D29/EZH/7DgqYqc/He7/SsYGw9vAa
+LWHuuJX6sE8uS1VrOCWgxB3g2gEm78LesdNmxFEM1XQIXCs0KtmQ2UwV0wcAPGeL
+wubi+j49euo=
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
 MIIC2zCCAkSgAwIBAgIIYcPBSSh9j04wDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
@@ -25078,37 +25117,37 @@ xAelnLljOrOuiruJT7LDEWlvt7MeQFVbXIo1VbYAN3cThA2iG4wWURJjqSNDHJkt
         set enroll-protocol none
     next
     edit "Fortinet_SSL_RSA2048"
-        set password ENC DettF3mJVhZ55Rr9QhOArPYiAgqYNO4zRCsoZ6C+GfrN8+2f1rXkwjEKJT60W9lVyLK06u+1gnG/LX/jlAUpjQ8K50TWMjUiK0qf8YwIzVV8W2XJn4JtVFtVC8b7XDKXJIBC+xEuIhwHxXsQAnkIkDBESWQDbRiKOLUCje0zHdAHd/zX7UknBj3BNK88a0X9TjdCwg==
+        set password ENC 8xV1NM6Sad0EuQrY/WY8ceZqECsoLaUFnboi8LcFwP8gPrVwc8mUGakCgrtF8ByPZ2TH8I6oEShVuk780USazKPIx8mARvbmU3ppxNACU3xoKp9j82w3orVM3Gh4rbrE0Gx8c8tY4NaPg9hNJ30Z3EJbKSWsNx/ZNs+tQZdtHWETqxmWwSAYg7EBF9+JqFspIIClWA==
         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQITWYHTtt2ItYCAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECMRKJPNb18tABIIEyK8FV43DyvOd
-cJkDi5JV51AGN6thvRQYrOzC47Pab9PTGljWt/SD2q7pouRxx4JhCNecxe7jW2dT
-ohoP/ckJ4JwxlEGua0/NlZtbQZRqLr4fUDqJhBdaA9nQcx9FevKkty9eRIERXOT1
-uh7tDo3UtRyto+4rj7teWuzp4mpf56guTPnRY1JVakj8A8kyrarmybFLsH7s2p4w
-yPv2+T2Owd+1FCgTHLG9e5UncaqnkXWg6ZW+6B0nRZ+LAUjkH96DxTTjJil4dGcz
-l5SJg3znoLeSshHqRwxQvRgDBJOl8Y+GzOT67H4OFLgsFsZddXPHrHV7zcwIZouR
-8fNjYZbJJPoNWpjlTkzC6+td7qb7mSzOV7pyZXtb6H+J5Z8WSFN/KEJOff8T2Mx/
-AKLqk81Y/P9nM19id5IHHNfHJoD+Z0AapQALnYRyqvhLM1c4Hf24hWnL7GFuXlLE
-bhJpM8PYyMpjzggFPWTU76Ld90pzooon55IVDhhsOamM0DcWr5fVPgVUifnRKD7+
-KeR49LOJq5cDgH79DcIeyN0goWvbN5LbC2OR+B/4YDt8ENByFGpo6KneizucrY58
-dkAI/yUx3O04FwSFPTpJBv4us+eA6Y3shkycYKQUqqby8S5EaZv2/NT9xtJ10C15
-C43gglCdsRy0te727Yz8O/q53mj7WaWCGAR1voAePRpyqRWvESO2WddrL44W4krN
-m+jhEsHM0+d4rmMqOI/Z+B4eR04IK7WEzHzWQVy7+DILr7wS53hZiZkc3wixHFf2
-Q23emnM1GOZJ/KcrrxV8oPOfkUzm3lys39UC5XwtGZzq50gBwEuWnUy4BKJugyAD
-hZkwKYpPNXAmL2C9NunsTNZQ/syPzpHZDKYcVsEIO81+QBl2DfFjMi+xa49bvDEV
-5K7FGtlLpki3gu/3zkvmJd5atfgj11Uxby8Tu/YuPSrB/BrH6TIxXrXpErM3ao8E
-X+ap1mpbLouQjYFSFOcUQdrtrYMmpgNUQK39p1uiPhwr5kkMDZBCKOROpIFqJenR
-yEsY1UAfZiTOoYJwTwo9ghBnJdXurT/tWZklKi1pg8HNWFByt6f21zuTmwLocN+u
-KVon5RzFJc8FZAxLnxHFpD0nqSlBZj7ZkvPhIOyfTNZmE6N1KoJwsuCwCTQqA5xr
-/M546iEG+JvwHq4efGfg7Y7Rze4q4Xfe86UBBkWV4SYgvVeKFLCMmmvCjq+Scvxn
-Jl30cJKv5BxduvmfLgeRKJf9R1on/xC/E4S+jC2IHPOyO5Ldf1s7EvmsErFK5iEn
-gXSyXUM47WgIjRPSX/EpKuavTha0FUXDxhIIqQL8kf9RrbWf8J1ShHEuqji5JSun
-nHq6onHCYywcHxuNRn2YEMDNhJej0t7Jr3CPtqmClPwp1BTcDcSdn8uoU711L0iL
-aR4itdbRUnd0gs3BDUIbFQTc1lGH0Uk9SpJw4BcTHCgHTmtd4L1s2/p2nHzBRNV3
-jF1lkOass/JwGGWOo770Pw1ovKIVAp0RjYp1Kwx5LbrTO0ARCYRt1pdKPYocdxST
-YzWTUgsVfv2L/4C/V+EP3xqdh3elVeTFU6R0i6dZnHnGkleQxUlDJ2RcQIjvIgc8
-LMTZpMfFC6JzKOFkaP1lGg==
+MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI1gB986eRs2ECAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECOYyY7vmzpNlBIIEyByz0WMBw15S
+EVRAhVOrblVAAig6wWoFKiWKqabfQUdlfnDu6xUYzTQ88ktSt6F4lGNYtJ7UKO8k
++ftt9578jXRnyzXBWmAt89tWBUZkYhl0B34o2t7dCBraSsFM627HROgrZ2MF0Qk5
+HgHzCgXYaoi0zJPnrlXC4sENUQX4x5niS6nbLfO3mJNIzujbxEMxX6ugQgqydZBU
+7JwmrvnAf6TYTKVacUqn5+cW/knf+KzZPC2r9qZBzheU+O0SFx4CKBQL0/7CEteY
+F1niIrm6VBU85WZ5G2PXzw2mewo/RDmbYeMOx+fcVXR8KynaRLGdeEfytU0HNAwC
+TCeZ1pVTYaXAurKsiwbuLEwJ48fhhJDZcXpquzsh65fI9zQX4f2lIu+eUkmasUAD
+NyTuaUkRvbg/W+0g0WvGTFY2I/KpSVkcHLonkwJ8OLdk9yANdqi4Rkhv758g0MCW
+NcvFutvT+XmP8xZXJqpeSFKG2xzRQnD9dPK/bQw9krPhA3bABQ2ObO2iMokmXjjH
+ApLw7AOz3Xls09TCoGFzebHgo7DYxEAPAqH9xev38woT8xtH9yQGilagzjYAqftH
+yxOZWcBqiumdEWoGWgFZSnrxfn7zG5GQh/1F8LjY0nowHvhBO8yBTyAYYuKrs0WN
+WmOJ8A0TWfco01k82fhE3q4D/WUreOkLZJHOixYPz61CITyXNOuq4YDhzTjTQ2HQ
+rEhQzq+YzSLUzAEjXz1wtNvhZRYXbyqkPy+uZzKbo0AKVjWKwrwvJ7DYOkjMQx1l
+oKHvnxvyCtN8rdqkMV5mkrtQk/z30ilirKY5qHK9LbqmiRCGbfrK6WJkTpbzuJQU
+1OinjhjFRh4ytj5yI3MvMDys+tfU0zNP+uSmYFxv5s8EDqaqXsPdwTpUKAnbMl8e
+ycV0/l7yHhAxxRHOiydEjMACQ6sjRkdcTAVMH4sjXdAaYzUWslxbcqe88E3sjJru
+IiJ6FZVBAHYzi2XvaQ0WNerxwHnxTFjEnqEzFa/+5W4Z8ObxVuIzzdddgQKjAmu8
+fYgDXltvCPctZ/xYQzAJPt4RWcHO3FNZIXFu3LeagL+/KIm7mmqZMiheLk4lRFMp
+QF0/GF0JETEjhv0nm9ZbgpsOUxzpl9W4eZqK5eyVEtnGaVpSHomnwSA/P+9cy/qc
+t9EQTXUgGJglcF1Mk6VWwmC7Ztn29R19PXnKH3TClnCudEWfAv1KfoSPsRLREs1D
+kGea4SIds9e9bB6yfjjzlkRujUPnxUVPXQQn5ZsdYC1BxpYhP86JSU18wo2fvc0W
+lWvs/nUcn520Q3VMqhECrND1JtghXwryQDSu78z1OM9N6nKe+eOS6us1VC6jkS11
+puvcXFBklVv6d35z4VuAA+3s1Npv8rIDh/uLiAAJ1JNnKcc7X++uEw16x09SnV2f
+i41weU9om5X3KdhXoAyhm15zOSvVCID8JvjJvj9HeqtHcnw0/vaKHZQ5I3C9IInu
+nvKvSTXoY/W5oSK4/IJh1yhVyC/wVJ42FPHIpjAKANBl798KETWQeeLk4vf3NHZ7
+D7v/NPIL+YYtEpVoXirbCiy0pWVOr/l9fMeLLo0+g2pvpvwws40gxfyBVBPDyjir
+zTs04aIzjB4S94426a6zoA==
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
 MIID4DCCAsigAwIBAgIIA3GupZAm+lAwDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
@@ -25140,61 +25179,61 @@ yJ7HMjDau9HMqeaxnKWVubbZ3tVPDM4iYZEeRFbBx8V2Dmv6
         set enroll-protocol none
     next
     edit "Fortinet_SSL_RSA4096"
-        set password ENC ejQwiKsIi82xX+ji2wt8u7SsHlSmwqZ0yeuLkDZVna12SUvD2arAvqJMq2vomMs/4kfiA17YExxmDn5HmPSv/+zMxlgjr4cbOL2NN7K0zWBZX9sHah6RyI+yYtOYLO6eW70DIO+fHe7YdQDXyVuGIXB9HBb1SPnw2MeYTAfLnDDz74irM670cFSRYe774b8/368yiA==
+        set password ENC aJ/Sg6NOKAXrVLHqUD+6V1LdLKcWwnSj5L5lU+AFFisllZrodTPLJT0l3OtRtLWoqOoqf2JkgX1CRKrHtKqpJdh7kgsdTlMNos8K665HdoMmY8eABEMcW4jgZVk6Gce/NlD2lL/WvbLd7H5fvXAEYtHxIJJAl8JtRgh6xQUXPb7AFEGkxuv+FMHwCK6hodMq1G4Giw==
         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQInfCTFS5Sv28CAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECKd//de+jDIDBIIJSFs5Ar1Rg8jW
-HsM3DfecyTezUEm3sbqe71TwB/Z2t9YuxGvxT3JosSqGD6aat1/VWuUC4FogyK1F
-YIAFFoqZq1HsHQI/PX7sj7D/9j9zQeDCgegN+vkniy/Up2ft+MM8SRmbWZgJU1cm
-lpDdntBxTNIBq5w6X22zKaM4DRyW+V/mUPMqvibIyFeggq6JMRJwzNWTxxL0JHYf
-QGVXGDfilYAgIDjcoo/+BN2vjx+T6TLHASidv28RCIkUJK6QS3mvIao2rR8Rhe70
-oAGBQuIRAfW2V/pAbO4gwyiQq9eBJUBik43Ux7aqbP1aWdUBno8L9DeqngcVvwd5
-p8hpq4s0kM0n3OSuJvVMbUzffoayxeJ2bQDThvcaSwSa+h9mCK/1kQNFiWE2lfJx
-S14NsUPq21T2k12F0Ac6DHWf6GK7d1f8fUjn+ptMHnGvyHNdD/fU3Klfd+rv38u+
-5eJ9wA5D/XloBO9153cTkAGLCB/lw67m617xja1HwmR05NSxY8hnRaOXNA/nPKfq
-aRuS3+xB7fBvFBBhtvZLkZJImnLaZvPgfyFl+SzSh5t5MW7HXvoSskmmKGvF+5Ef
-ushcn/47zkNgMnY3vUGnx/HJyjRIDodf6jqO4AiHXTRqtLG3/Uvq4yytdfAWyXBM
-YEdRwq4B1/QMxA0JRtLciEyDmZBjS+pMcbZQVv1Xf0jmaGPyE99FkwC6r6AFkgfH
-Hx21oBoP9xtIYOoWcM5zgybA6XlPtaqnrkjAOEGPj/bi4iBtSUTGzcsWXI5reb99
-0AxY3ElwdnOf8XwqTqosK2SLqWKcDN22ju8sWfliEvG6n/ZVWGo+d4Qh3dqOfI7H
-HYa5bWeqosAexh0VEV8Zj2Uu8OFq9QLvS672HoimyziRHUTCxGaBaGdoFNR1A4ed
-4Ih1M5T20Giu+W+jkFon2TEVPWUSxoak5rhP5b3qbW5LbpkSp4jYnzYENIKjwRIv
-bz9J6hzKDbQNvKX+x5Aavo6fyb0pQLei4QAv5tWfWLYXySDkSSa1qIHsR2E+9ZUQ
-7O87dBgfd56MnsEVGvladNGS75ABUfLqFOJXLHPzCuCRAdhoKASYR0wGkH/VTqrP
-UpwQ1brME8wPqWsCwRNZS6m3XquHYuHmrohwlUlEJTa1psg6rmDFrE6GXdddt2LZ
-yJOv/LRJf4tlkXTtQqJ6qTitIyhmKIr9xEnWFVgN+s72aPlSGzLdF1doeSkRTk/r
-9amNxPP0E7wsa2rqknh8P3OZoNGq4DdqmjN8kysPJ4ixzQpm60L+zkB17TD6Jut6
-BTKWXFvpRHoadm6ehf3FK+rtNYwwmv4S4nABy+8IZAl9we3TWeyweCD4Q1sw5XJZ
-tIN9GaOgWTQofA5kRsC6ClAqmFHrQc6fy+q2cYVF11WTU+pUIpzJ5J7UALJ74Se4
-vYW4VSiJMrnH2OWj1nzLpxLcbWzVXFVitSgl35m8E4ZymnE8UHIpORlVpqd+W15/
-whE4opmf+ygUC2VIPxrGdS54zHVeC37S4CwZR6hfj+U/8JSvvOE5nTFLuETKb2bX
-tf1N9lw2QJanUgHSHUV/fYnPQJmKuUJpNu/Cn/39ElLgoa7om+BiZTJXWNnNFiQB
-aN/54nLtgOdw5qr0Lqz4LXxQwEeVPrmWfsxNvBzWVRklhoYlU8v/THDhCsH7Wu7S
-PFhKbbXvnIZmeDPgo6KMlupdoi9pEuimOdVFuq005ca6BnJdzw9WPcF+9sHPXDtx
-MFrlXtt8oOtgRtlQxp2lZ6G6BD47ZPR0aA90/bRkNVY6FQnCG2+HY9gY/jynhNqd
-NdjtqBqev/3LJASELysJ+eIU5Rcg40CX0D5iLXbvR7F1ySxGa3sHKHPbSHbbT3VD
-FCpi8EpvF60rDhf1Fln6UHnkKAvjD/pZF9KKRNI3RCZ9UBQgc2HSj47FCn+uW/yg
-lrjJynCNVOiEKwyKCSgi4pudDHPW8q4pLPsgwgnIp1p+82mAhYdRFpmJlsjhZWnz
-ZxnjgcZiHIuTsnRTI3Mdt95EPnhDOtxwFivoGCbnBodZ5Qjg0m7CICgWx26QdEI+
-NvoFobrDRUQ8/Fqxijca8tifW0IK8BrvahSBBVsXl+vMKjCKIw1Vd1tHmHU43kch
-1TMtUjN09UshwsV1CGV/SJUXLLtNmPeSHAFpa/Crpl/XplYlJ+mPirh8CsieWUlk
-Nl8x5F6puURiP/1DyyBfU0Aa8iSxfwwWz2AMT0dRjvF7APvXjNhsRub8a3FgrBuV
-4IhnYVmnA+CPPa5qf0sTW9kIid6nk2kapWiFRqk5ivDp7RzJ3f/rVijiRWgfUBQh
-oFTMMw6no3hp+v+rm+kfbQZv97eGEC3S41BDitaeWxhuuSO7kUBIhGYuhUZ2S/j9
-4oMi7abIPMch8fxv1HTzWcZBSEqXvYscK0EtlAMbJm+TmkoWc+nimHDlu8Z+k7M/
-OEqVicV69Z4nvStCMXR7zp6RanrRtwoMCUac8Bdf3qbfl7IV/NTWBl1WQbIhn+D0
-L//a6v2sb4Fog+eESA6zRypH1uFZ9LUvrUPVRxMQNudf3xKAUUgTZkHH5zcNyL+K
-M43B28PqfbQifSOaZ+lo5Bc23Eq4ZOJwTzF84JLOrwtxZiJD42F62FJXc2EndE/D
-YF8kExLq4uIwPV2Qq8CkxUED1FloWTQ9wL506dtWHNMWGGSsun5s1IjV63epWLLo
-VVmXRU+juHgIpZ1FuEcXWa4MpXMoMEUhac7gkkq4q6raFr0E2kwshGPA3EmiUcwG
-L6IrxyETe3G0jKxUIdepCGQfKcPs5aBzOC2JzYpFzS75cmEo8JCNy7SvLosAGQh/
-a/Z2x06Yyx/inPfwEUb6/LGWdNzcM2SAAQQ7H5THv1pC7RtkuFsZ9RWaOj8wklww
-LNgPRXALJ+F3dLrDT5QAoft/Hv7KDTx7ToOUcCxrDlTu01KkTB4L+INZjyLBHoWT
-pVeLNPocR7VVMcuDcPnM/E/vkBkxc/ut7N8mZN4qcNPuxlcJ5z4pLzO3sVr7WT8V
-0smKOGnAvUjLOg06Ref1phzog862CMjlQzZJOjBLO3B9F4KJ3V12/Ja7kADx1Huk
-sZlJUYuptGqostVnCXaVikiN+jZXtGVDqmyyw6DJ/dbSy9Na5YME31Om6xfXwR8A
-MFzkBzDil4xWF1gYBWv1ig==
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQICkZi7GtOS64CAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECLF77JZ+HZl2BIIJSDsKdGK8x8XD
+lCEiOTJdq+SwOlYJDdrmu7NbO2eCa3MqeWDl3qIGnyO9HTQSSna5p5QMvc4qQokV
+ILzotbwvDXbONRpU3tQDEgxd53gDsBm09YftUqej3rluLH5jKKAGeCDIHwXwWBco
+S4gnflEsz8VNomhI0foWlezBbVDYFihOtDm05NTNluBJQmALu1e/sYkgfwc/JviV
+yFE2vk1mqR8P81vDnr4sQw6BbSghpU/26oKmEn0aF1BR9ZI/xuGmkR7vnM58nZxI
+d3UncLWUiuuImv0NwNC6tGa2Gc+DnfKo8YaRqNySoyjLSApNJwhdbj6YXSsEKhzD
+iS4MxBZz6W+7flEzgR7yE+C57MKi1Jlo+/90wPVruxKw3LYi2pHE9hgLGoYDFHdq
+iqQjO1iZFSvW93l9CIajn/N61Y/IoUyUAqrzhvcrAnX+Gwek7cEqDutm+T3KWCiW
+kOJDiW6UI9Ug0x++NLneEQGsJsAF7vxnvegurusYcYKIxYkuy7uVo0v2WYkjOsNd
+KgYCgFIXv4/HHQRh+/+64vQO6ovqLmTw1wNGWeq4aXdjUMjjICF2SQGSW1iB/IBx
+pi/JhPOCuAlS9QtzQdFyCFNOztQY41YHtcDO+eI6KbnNMYGMNrnsLOXjpAaSrVnJ
+bDeEHSwmJaRofB2hO3gek7Jv2dOC13INCdtoNen1+qWg1BvWAMip1hd2FDUA/rvL
+5QxCkvNU8GZlM9ev6tVPYoZOFBr0S5yGmL/EeF5k6XFbB6RDKALUsSJFzhgFpK1Y
+2z0plOK4MnpItB2KLErGPD3h8gmhFpJYI/HMehZWLyxDNnQOKROFarKAwXUeJgtz
+ztYrvbrJ8eHR+smMpvbBZ31ZBc94YX7KpLtFe+8YU6hD013W6vm3v0yhD7Fyt9NX
+vi8mKQZqeTXpKv3CjxLzFlnhtuK4gOwf4Klinrd0iFWbGbzRguaDRiWiX5j5AKw5
+X/5gIONTwZ/mBYiqWESb1JaeeNpg4M+1btd6hqoUPkjArF8NgqqWXSskcW+Gew2+
+Fnz9Y1PlkLi6tyogmfkGYpIU67ogP/wRiS7fmKO+cFLvP1P9sTvwd7bn92kkRXeJ
+f3lDOpxWeRo4R4xJWsFnP6j8sQFwmuOptqFByB5WzGr09bjZH+mOlfiwnjWIIzCl
+EVZ5GEZj4dLlZerFYg+NTd3H6EMOZ1vPvOiHcTYS1oM1l41bqPkFTDAXFhypVzV/
+ZCRbc2t0kuz9/8Y9xl7qf+rAjE5nZHoz29fb3c6i+Uzoqqm9SMl69LE/9LyoGcxE
+5yvXOECnFjTasjL5sRNRWuFPAnm0KWNdeKclslEeSQ4XyzXBVrgUQkJHEj4/W1F9
+jw+kN1u3pOffomCzDiiV5ttFNThQqZsjO7qg3r8UsNZVjhfBtN9ZzjZ3Rtk5ihde
+GoFqMnsu8lDp3W4r9yJNpnCSyIaBHZ/iheoxGlkma4SZ80YJjX8VZ4U3YVr7oJQ6
+sLvnyMgCRa2d7DKd5kRlRWxAmmBMbTtaIaUEiqn0/tG9F0qvKCMyc5MECj5YE6sb
+xzFMCcU5INQX01irZ4FANjUBoc1/Lh0FSAvdfhS7CAwlxagaYXQyDjpsjaGC9Jj+
+Lg4L79GbmmOOZSB1cbQyEKedwjyydjCzdQqoLjSY2G0dkYt6Y6jsEIP1iyqlCKAc
+5Ty3X1a/xVG7fS+AAmyDxBKdSwW9ldwqvMFIknz5q7wcNdJ1HGKCd+n2Xc6Ow78V
+IkcoY69VEne7FAQ2V5hZTJ5y7KjTZWSFJK7Vad7y8g7I4v/33FKFYREntzX2rxgX
+i9tZh3o7Ape/UqWxmSI+SxUQcbQFUFH6irUbvWtS5F4T/B5Zpd651ylVwwWOdjQp
+ehDPJxgO1PVj9c5rU8YC9+2AdNU3jWosIfHRqNlOZImC/fxb2I/IB8Ux4Ue4KBw/
+NbKVS/YYBeCt9GjCGEdLKgPIeR3O4XHAsfwE4m6r2LN2+DxS4ioTXB4f23vUeT93
+75jBDvoYvinJyB0WFQrAmc4mzaZpVeQdY7O+3xCoBcXBOSI59uyPLRMx7CwhWnMK
+qf33vyXVruzihl3erHOKQiVEUNMDB9WFXl87qyT3N1itPEeQJ9FHM+bVtMK0dCpR
+oZBGcl+j4SVpcy9cP1FEsZe1J2SrnCwzLx+6r5Ali5mNQSEW6h3RWdm1sLiUlgTc
+nokdK64qYrUcZlio63+qT00tgBV1crzKyn8MnL9psZjD1/NlYBAIidaF6l3tSoae
+8RaHtj0pWxvXmQ7KtS+M6ejSjxgj4UlwgQzjhJQy5/TUMckFVlIQ94S0PxlFR9On
+nKwSQEpqkhzldUsGqrOsmki94ODjWz1lC+Smv5kTSNSjC7mOVHxdY4RdVYZM33Dy
+gOxR0rCa0gZGo9YqWKPA11LTAQx34kY0LctN4igCXXeNUldGIrk8mzes2QQKuDfG
+jKdIddnjai8s5H9ke27rC0MJba7moH+XucHICZxJ2XBs9jZtpJSj3Fwd/pi5sHKm
+yLc5wgOauzfpNr7mFfRB0Xak0l/piC6J0t7qGKo0khFvHF6sOvCJjpqI1rLNqPPl
+ky6aDDGfHafU1lhpGtOmVvm7YVKbY1Y9vu64PjtiFbPOowDxGWJlAO8A4Bjfzyuw
+jt9WHR44Bvq+NkGazsg0Z5GMsr+9p3OA08+BqvQrxFmA3E4BASSjyaBga6Zu/A+g
+2iHSV8TcfvXquwU7w8nnfws0zO+1V9O6MeJVfbEyD7rKui/xdK+M2Cw/9EPgG0IH
+1On6lqhkA7PlcMTClFKVoWzYMik/cdmffHZCKKT02tvAVvvR9dgqdxjV5Ht0PMR/
+AWzOPtvIMwsAYuDPnFm1MOzMiuKQ2rhzwOTPCOy1ckp4oCHRHLjI51g9Xl43KeOV
+VqVY/Q8LqfCoSWC3eTQAa+LpxelV70cAxDnGApAEXF84desAgz2vHyZRf70YAARG
+ctwg2RPdAvXjOP7kax+X3z62rFX+jrvqBAHBcXXVDo8bf2ydC6a4UVJIxKG3QT4q
+f9vEkFV8GYVVFBP7slpDVsX4XwNiU/s5B4LQnBQMzn+RBDiAH07u1gZcQQNNvSRs
+ynxcjwSNPnwoYraKuiA18U4tVcVFekE5Jo8zwlaSmECUV5R4JfHWYRQMCFX0DoJs
+omQabaO2WmE/rWPSdsri9A==
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
 MIIF4DCCA8igAwIBAgIIOyuSlXiAZz0wDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
@@ -25237,18 +25276,18 @@ UM9qCGu2uhHLRu7OJt1t2qWPS/w=
         set enroll-protocol none
     next
     edit "Fortinet_SSL_DSA1024"
-        set password ENC G7dcgoRdiqwTAxaE2d6RdZG5XKZW1fi6BUsMCchCA9rH1bPV3joBJ93Me7H4BA8+kCgTOLxRSDlRQbtdwo50jXIkpnl9KrDa7ep07+anEFx+lQ/nRFtQD31UTXdpBFtjEEW7cEP3Q+k2xgLABVHevDozMQdSXYpYV2rLr/WUsYIsNf05DM1gNzqbQNkBg3iwD+ItNw==
+        set password ENC EZCGTE3lP6l7rLdmIQSIbfHgqfa0/yRT60bZlr9/pJtYHnzJhvLUnCbrZPfVW2PmuQgVZXFj1+BaD0pq2ItfwASHnWPKof/tps6byYC/+hKZLq5urQGjdvFN9EHoJj5hGBRrfZRpWjzZ8ects18VjOtdXz3SLav6MXD1+1365yyg43RhUGN+7cO66qqN9ctrA7Tk2w==
         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIBpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI7Ej4vA/yS/MCAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECCab0XiQqU6uBIIBUP9eJWhY4SXJ
-ct0+t281f0QIj519reNSdwe4/Rgr5PefvlnaR0RYc1AEvvWxF9klr136wupAA4lQ
-k32C3wwhBsIK8VwOlcmufTSHpu/RqBLWtle4uPkdFGoPkKmajGeX7aSS/8IeY/An
-C/PCXFvAb5wY3TCfXKVj74A7Wv76bTErTw6P7EnuJD6533hsB9gQNma2OKENRwyn
-ygflx41F41SNnajOemZ07+dtjltgzd+YFtJeSrjdMiRionZsHSRiMHCOvxrVSIHb
-lo5q7IBfq2J8KuZeDmFgTyPiXty0qlv4kmJesDSg1Ksg6MLH1EOiTzTU20y3g1YZ
-LBNlphJRb7MiAttezcq0EhsC/vqnTqq8dLu/cYQQ5EAiB6m5AhlEU8qbF2uEOi+N
-Zp7mmVeHas3JLi9u7bc2pd3A4wr+dQ4HnSL7CNTfT4iCKJSHctYbAQ==
+MIIBpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI89oWQjwkHxMCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECKxs5Y1sRxRZBIIBUF+Qv+iLS+nB
+Pd2irdYuYv30zqyLe5lfgZJ0Ngdm9rmnoTzl5rjPWw6+swfWOaxjB6FpuMZ/UufQ
+jB0N24ML6SbjX7qvZng9oUJem0G6Reyjh/PaZ7UfnBL1wxtMS1vaVzyDMfg1vnN3
+kImyi/StNE2ttexYO2V46FTByS2XMam2wqsAJblOBM/tTXVovMJUbR2Kf1yODcEf
+xhmf0ECscCvMLR8A0EG2yZjpCeFVFkRsAbVc+7S7/acvy/0tmGbWUeKyJo5N3u/v
+MwcaeOJssGo++H85OcqA3S3xY/y419mHnqNjDAtWqISAZ4BHiTLsleHx77MSv92+
+jbO6YaBLZ3BShBxrO9y3lzwHegWO+9539FX81HPbM5yIIvzbPPXrxIyMGa4xGbVZ
+c3RpXFzjXTsz+u685LRxazKv/F/fyQqd4M/z3XUh5RFBseuOHlS+ww==
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
 MIIDnjCCA1ugAwIBAgIICnJZiuQT5kwwCwYJYIZIAWUDBAMCMIGdMQswCQYDVQQG
@@ -25279,24 +25318,24 @@ vncZsUn3T4/gdogfFYgsj1Z2
         set enroll-protocol none
     next
     edit "Fortinet_SSL_DSA2048"
-        set password ENC HAvd5VGHf7p/2/xD+U7IdUo327RaYPM7/FHgW0HGJkcUOnAlHp9voZhJjyMRq60c34kU0eXiOiW8wecJG4DfUsijrTMggpfj2UB7CJ+J6zZSpebDMazqo8PErkdqawMhOe54NydhRYChmkqnImlp93gPhzVRQYoFQ+P2NfTuQAQX34neNVZg8isduiU8e7e/VKpsmg==
+        set password ENC Mb0kjmMkFsj8goM8KEgkWB8wUHswFjmeKJ6sCv4ff/1hFjMTU2nW03TNbHhFESDxA82la4m21Oj/HhzwcvbgDqbKrxWylkIy8pZKWlS0m3zMzxob711ADpzumadd4B487O63HTnvZ05vuD2lU7bD23nM2aSWj9A0kobOpkM1zYzIlux1JxTfhGi+eZ1RYsH+eWz3rQ==
         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIICxDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIABKfUtK3YY4CAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECGrZvn3Rc2nIBIICcGJ7K+dgxi1m
-st7IDedrA/791Fh4AA2Fw2Tg2S8lUkB4biR+PfJtkRiMcZG2qkH92bmHQQi+cNcD
-vRbvAoLA0HeLStdsZH6Y66hyeWrU2rmYErtiQ4BPqGTq0VKBUtSePiFGb8v0u8v6
-9nksfhiLzJ2uroLa0o7L11ID15ffp3VrK3nbBMRmp9LJa37UBduIcxcwO1o/Hl9U
-E4ZHXfTqiATibRoUJnQDz6Z+eTq2uj5T2Wq7TSBo0VsG5Zej4glYXFQuseXoaxOY
-TVsbT6Tlg7QWYoef6P6PeS4BdUpOwAl42c4Rx4Qf5UgxeC2xqzziVDylnBY4PcWT
-tnAXf/Mko7lVaLTC8ZsS7xh048oUHBrd3V9daYAsNEbbxFAB+shybU7CyXVGiO3z
-4LS9rCt5wCViN3HwCQweHPu1rG0+LV9UrSepZxLzZn/uBzpQ8CwF7RW12muWl1tY
-TUvCnX3dp+oVyt38PBSLTB90XOxYOtsSfgeaHajoVlWyZV+8IndJGmjdn3doRngA
-CCEVAusBqk2CyPK8+W2pBX5rfvYnbLJnYwwN5y//xHLS8Vr/XZtrSWORLjmSwgiY
-5+hKNFSZlpuvvakVTYqUSkzQ65HLH8siUGLHZPwdVehBRxwMOhvCmV0jWzubwlPc
-QI/zoyE7dahuRRZvCCUytTOv1Vw/psjkQvSdZVTR5f/COPFUBfIJa3Lwx3g2jeSs
-naKON93cUQy28DPuRcmIj5d++cQSNG+4Zunl12teAEMnZrkfYUr8FLTeyNwF+1IJ
-4+QY2bIUJFiCejzMnMMStBvvthqzEZnd5AOIxmx/BVGB9XRUvTbruw==
+MIICxDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIgPDvlO9r4RkCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECLxU11HE2ENsBIICcGscffGWss05
+xDqOdLdE1wGiiXmUD5Alw0DYn8cAs5IsQ+kqyt0CuuNTTmuuw8XXMmmY2ftxVK1I
++N9QeIliu7PASJmoQDGmg/+Dw7asadImWtHb9i+Wo+PKn+XvhlztaCtfPo0hMqPO
+WBfHXiiicvDPdYugZT7eNS92PkTq0ttOQTO2tEWwfxmATzjha44Uwdougn8KLE4t
+8qXmT+kw03gQJSXG9UlTbWu2YkhKj9dXDbu6C/LiXhIEaxxxxFBvUhkEKE4iEqxn
+1AA3DVKT6JczE/CYh7vWPDmKNQxMXX0siTvZgn8rTpCkV0+tJmf8ibag23zQkhJt
+o6QfFPSrfy+40dJuztUJ49+zK2L4JvO7Xum9fbQbe34MhCJkp9QKOF9PN1YE5Utu
+Z1K9RPnvKRzsbhcSD76Jky9mmZEI1X5pxRFWekV/r2dgwJg/D2OAigVNm3l/jUDv
+6s43P/8t9PIscHmbwLnTQuiWR1LBlSYn3Fq80x6M6pjpIgcvf2EtSRyAdmAuelrV
+jg71f2sK259JiXRSxMtVzuTzwi4gBJlWlDjaRzgWkXszxWukKjpOi4r2GE3FL8nO
+LTt/AQO6u6swhaHy/7wpWE+4fJMqVG284frujP3KIZbWSI7WlF7e3pFtne5+1Lge
+0Zj0giWTj/iI4Q4BwBAOuqyJMUsW7J/zvLhpVih0fHs7jZ/3srNRt9gJ+vXXx+92
+kXP7iVzc35Fq3n8X4cM53wEnipYguJAVyCx4i4mXSPTxuIsBQz3rQafXjyT6xG7X
+amBHi6WDuWB1UxNmq8GuBByqg9Ie4LUAmrZpb7OghwE0z8NF9N2LGA==
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
 MIIFRjCCBOugAwIBAgIIb9Ue9OCxwc4wCwYJYIZIAWUDBAMCMIGdMQswCQYDVQQG
@@ -25336,14 +25375,14 @@ MJWQytLYT+txcQ==
         set enroll-protocol none
     next
     edit "Fortinet_SSL_ECDSA256"
-        set password ENC RSI0LKqRBPwzMeerG8sTm5CRx6323R+D8ToRZdDb6tooIhVn27SX/CZeX+FE/PUM4Qy69VDD75IRFUOn1MXdlkhk5eco6/dOBQqPKHC/6uVgqmHjhxT6WuxpXr54PCU0i9sAs8RLeKw6o2MeSV+JjfiL0ED1JAwKOVJnyN48f8RCWeBzWl2chZXSkiV0HxPp6y8tzg==
+        set password ENC uKIv1XLazYU6yhN1DjNs9UDoVdRpCbsMHrN0DOZreEbqJJTv3eBGCUSL/SYPqz6ug6ix8NPPGGU149LViDA1HQfONJMz0TMaMcZLZPnQO/Y4dbJa2dfQrFkR2KmryMYBijY2qkvbvk8O3kcqw+QV5olQsdXVmMYw7MsS0eHqlQokAopd2RbftBE22FTg9rUkgbrmUw==
         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIHjME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAhDVC/zR8KCowICCAAw
-DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIzXvrQ99uwHUEgZCAFl8A3dgwNaBr
-ZCCuUi8lnGcsCRa6ZqnjrkK49I2XpFE+KrC88OPQq9A4QGGa370F9gWkfA829Sep
-fr1G9UtQTDmxim8SKdQeMIVxK0RGd6rxKUtUhQl9r1M/0jUiWKQYXCD4wEd709jF
-Jz/M/rqzJKRzk7sB7B5pgqLZokDfBfeiA2Vgh7GFemqGwZN/qb8=
+MIHjME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAgLioVPORymtgICCAAw
+DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIsJJQomLe05cEgZA5+ydtNRONSk1K
+BS4MsOFQFlx3jkyy8RQdgiRv4vV6L230bM2RLBSUvLBKW0LApB5RyQGtfbJF+q3p
+Wika9fbsbxdGlBFwkpAH0PVRniTvOkkulzeG2wwqegafX2wlnHsMVMXdITQvt+DZ
+hDFOlckbIB5pnckqL9K0CdBwjogEOxRlIKzcTNfzY/n+Zb3DJrw=
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
 MIICUzCCAfqgAwIBAgIIZRi7f/MAJXcwCgYIKoZIzj0EAwIwgZ0xCzAJBgNVBAYT
@@ -25367,15 +25406,15 @@ aPVOyJd/Vo4LhganarUtReirtMNLteE=
         set enroll-protocol none
     next
     edit "Fortinet_SSL_ECDSA384"
-        set password ENC 1bQaZ8apuI4E7uZetEbRMQfTCXfKKcIzin8OzjPuM9VJ9nyPGbx+0yI1jwTE4HE16XYpLrOKWxrZDIcLyKAHc13RU/WNxAgKh6GcSbLcdKcODvromUQ6A1PnPhIRh8KCezOeKck0aqNHdvC85dehMW+fayJsOVDPTF9mG7TePPFc97dGAblncIdMxs8OVblQzI2RwA==
+        set password ENC DQzIfd9NgDeRz9RvuR+Qz+sM4bcGZIjhPXIAxpsoIfhJzs11BYjVe/s1L2+ORMncEA69R7piG/AO8Oy0S3xBCbIG9nLggqayPi3u8HSKUkBWurRVwYVWHxuPWXvLPpgHgTVSEXXiL4lCGo5AdtoLEuG8Wq4sIJRRqgNTCHOI/o8IiEFpQpkxkubHcz+lQorfy/fF3g==
         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIBEzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIL1YNqz3KRJECAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECG09d4g1dQOBBIHA1YBkWD7AUhCb
-26TAv+SSgdnklbQ3jgDhRdEdjgMKzmb425Uaf2JH7P29uWWheEZ8XZaRNZatrfuP
-1GynJ5fmIrHHFDDKt88md5nEwpN0KecFUzTFoptMPVBCiRgq8DWdJj2Zz51zon12
-Th+VeyUkW6tTw/1llozKP2KxnsBeDZI3sY8TG/zCOMEiCaMsWff4Fer1b6V9J+sN
-X8TNzrAbgnw0+L8h2BiVnrALGBbn0OFU/fAqYfVL1pT6ypLN/VQL
+MIIBEzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIEIiRJFgfvd8CAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECBnI8+JDW2KTBIHAc4hF8/D8BW1C
+znUR3afuL21srcM5SDriYURYJGjUcoAiW5klI9XjXrXzpJQKqUM6Z6RNx9I0uQim
+CteGMtnaPsH7egzjuEEedca+liH7IEAwBzr/5Il7qqUm9y+zTdMTHksriBXfNDT3
+LIc7GOU9sMCxg8Bm4a9eW+0GI3ffYx5lONrmGzUu9g2m7rg/mYaT139HjzMD8f0x
+unvRgXPA5A4Cke0wdjqnQFWSR6pKJTUsI/K6RZMiBiZiaiHpW1Jm
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
 MIICkTCCAhegAwIBAgIIaKfzT0doMX0wCgYIKoZIzj0EAwIwgZ0xCzAJBgNVBAYT
@@ -25400,16 +25439,16 @@ rXRhJBy9Awg19h5c3UFoaQRlfUIYy70XRPrIUGaxGZms7t2qpQ==
         set enroll-protocol none
     next
     edit "Fortinet_SSL_ECDSA521"
-        set password ENC 0MKCkBgDd3ySFaCpqBVywDYnlqCfW9z1+Wnnfos5daDaOBMCfu/2z8cmEDeBys070QmZzbEm+1lbnvv1B6A/8sFZIMTvZ7k+FOuKLT+D5lTG0AYft/fBbwCiMuTv7wOwlhay2H3jHSuhgzcVAE74q24YoFaDGu/pV3rhjdDP/wdXzqSPboGwDmvE7MPi4YE/wBNjYw==
+        set password ENC D3XAjNPrf73sOW/FEHJwkvVhUhRC5tXtGl/q0zC9fOMVAiX3fGgd6qa7tXtoy0f10VvfLC3X5c603pdb8y30O+mygbTLx/S84k6C6T0gJjwKZB+j8wFBsHeFg+Ttcv15Ep5XwIi+EbebhgX5xdQHUOHnz4m/cGQ/K97kns0ZmnDowym9H223DZfAK+pmAdGe9PCLCg==
         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIBSzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQItluxz5gczGACAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECOIOpdc1zQv8BIH4jhN8gSPu7Lu+
-Vmfnd3urrEssjNEfevxDM9+oZxGitvJLqoxrQkQ2Fx+g3MLPO0J3UscaFRudeo4/
-ueMGKCBTzbQhcIo38zQ1UciitaXtdutVuhRT1sbQ6u0z/87MYnEqR8ytZ45yBAKD
-/cEPvbhVPJ2PwLj767GArjGwAqmGa3FCnz224/VE7/9aUTQT3DLpAM8OyZPteRUs
-pWpc4WWJoLnhnL3lK/cExT2EJyypg9EucKHsvoEVkjdAKB2xY/QTxpEW5wGjoFOe
-cMUAZuOWI+FUS4QqphhQM+NH2qnYgYKZQbkwNyoAHUCW3neax3EeeJAeKTv1l9Y=
+MIIBSzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQImVhUvZX6LLoCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECGqIA15VrCb/BIH4eVxth1nPw3e2
+yiIYGoKxjcsNowWZ9knJWlXZzW0TfCEEWXLO2LhW5AI4MWoQZtAIlEKJnnXWWGbR
+8gwZYOIVSo0GyeTRK65rr21x95HWShwcuVtJ/bwEbQKtifWVX5fbTxA//XlWLMWO
+znnjkSPXm8rKQC1uzjsKQSdA5fky6gYVUxWMOtJo7hI57SqaLMrhyjZ3iW/bIOI8
+tJ4+s9WVUkgVnyNWfUsZh4QfgvzBgEMni44zc29AhfmwtwJ/0uy0yMnYzICw5p5T
+ZJDot1e371ROVY2VRBTZBvUzB1E+EMblkPHxpwYiGayTfhEkJ1R1yd+smm1YzMY=
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
 MIIC3DCCAj2gAwIBAgIIVq8ihaRoKLgwCgYIKoZIzj0EAwIwgZ0xCzAJBgNVBAYT
@@ -25436,12 +25475,12 @@ AJvskQzNTa+n/oTmPe0ksw==
         set enroll-protocol none
     next
     edit "Fortinet_SSL_ED25519"
-        set password ENC rGx8W7r/1PFjG1HKP45s7x7psyZwagy3FiXd3gTQ7JpIOZDmr9S44tt5/Khc0gUNtXctTY8HHnrGvbDl+b3tC9O+eiKXPkONBzvrQOvpUXToNFnhMhOSolbKZ6h4Kny3n0Z0YvWBJL2L8sOAfnFjCVERde2r4yTGVJYLHC7u6khyWhw385unCda+yub4SCSeUO/CZg==
+        set password ENC TcEDYxaSRN761h4jgxzZi0Iwm3KMVsGCXwKeTrGofIrte/z9BlbiK9AgCAauji7KpM46XNj+97RlSl0TLwf8/sTLurzw15NBo/iiyRfyEvUTCsE9LdTY9PI9tspPQBz7DRF0cBNngeYqnLLi5QtZ3PWhKoiorgE34ebssQKzIAzpxS3DLCgD5MyK40IoaE2zNROi6w==
         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIGKME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAjqbg+hLk9mmgICCAAw
-DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQI4SstyeVuZxUEOLmyVQjkQnXSgVrc
-17HGzoaDn0V5O54a/pbuyYPg43sAPfelZJIIdykHhmXU/sTagbjgWl2/afQD
+MIGKME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAj5o/EL+lddJQICCAAw
+DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQI+nq7hwPWGEkEOLJOITI4xUwzKPMZ
+NtB2fxfbRAFmnZ7XggOpikhAyPiOrwnagFIZUM0bJgTW+84NTbU/oLQkAuMn
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
 MIICFDCCAcagAwIBAgIIe9Jk9bbV9AowBQYDK2VwMIGdMQswCQYDVQQGEwJVUzET
@@ -25464,13 +25503,13 @@ dB6YzHdvZAE=
         set enroll-protocol none
     next
     edit "Fortinet_SSL_ED448"
-        set password ENC An6bNH3+wZ4oRz9QH4oaFe4C6ECUUoSV7j+bOBSVmIG52lnIL4JIItJHrnWLkL1Mj6zyQMRrpv+7kStmatLs3IttlfR+I3vb5pSZQ9OMMEY0L+X+vhMAgOHK72TmrWL3MeGiXYvWbeHVZevsNLXiMSL9dbSHuXxqzFeH4Zjf68sjU7oUGgClTrD7aoHhxYRcdjvG2w==
+        set password ENC zDy8lVrwEUDJjLXidyCmCri4XQ9Mb3r44zWh656+T2ZMRfvpcjwkDwzOqZzSFgQ5MBD9jNJ3BqjKvZsjpTHr05cSLHqHCiUp6WBv+T8+E2GMPUU5sb+gsHnAHC9hYHop4zdDtchihy3QhhxkKet0+5gmOdX/NrBQEY5r36Om+dvliQtHgYnwBEpys6wRfnfOGUyMTg==
         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIGiME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAhDe8KJgnGZEAICCAAw
-DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIBs9bVqUMc2oEUCepoIh9PjAPGre/
-Xn6kt6bxxjaHiOWRnSTevdI0VHnMetcJkcxiuVd6I2xBaOMjCyQuaOOwxeO+JMlm
-T+9mGIM5imVhjdqdg40dZ7xjximl
+MIGiME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAh5NEL7dsL3uAICCAAw
+DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIkANeCNzHCh8EUF8li1B2SGpv0gfx
+ubHKOBC2dv+QrIYTvd+BmZFsr8fzzD3/RGpaND8g93mm7rfrzv88j27GH3zHX+NY
+hwko6qH5LEOkOtm6iUbbkt/QM2ck
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
 MIICXzCCAd+gAwIBAgIIEpo4xm2L33kwBQYDK2VxMIGdMQswCQYDVQQGEwJVUzET
@@ -28941,6 +28980,28 @@ config system vdom-property
         set proxy 0 0
         set log-disk-quota 0 0
     next
+    edit "scsd"
+        set description "property limits for vdom scsd"
+        set snmp-index 2
+        set session 0 0
+        set ipsec-phase1 0 0
+        set ipsec-phase2 0 0
+        set ipsec-phase1-interface 0 0
+        set ipsec-phase2-interface 0 0
+        set dialup-tunnel 0 0
+        set firewall-policy 0 0
+        set firewall-address 0 0
+        set firewall-addrgrp 0 0
+        set custom-service 0 0
+        set service-group 0 0
+        set onetime-schedule 0 0
+        set recurring-schedule 0 0
+        set user 0 0
+        set user-group 0 0
+        set sslvpn 0 0
+        set proxy 0 0
+        set log-disk-quota 0 0
+    next
     edit "Policy"
         set description "property limits for vdom Policy"
         set snmp-index 4
@@ -28985,28 +29046,6 @@ config system vdom-property
         set proxy 0 0
         set log-disk-quota 0 0
     next
-    edit "scsd"
-        set description "property limits for vdom scsd"
-        set snmp-index 2
-        set session 0 0
-        set ipsec-phase1 0 0
-        set ipsec-phase2 0 0
-        set ipsec-phase1-interface 0 0
-        set ipsec-phase2-interface 0 0
-        set dialup-tunnel 0 0
-        set firewall-policy 0 0
-        set firewall-address 0 0
-        set firewall-addrgrp 0 0
-        set custom-service 0 0
-        set service-group 0 0
-        set onetime-schedule 0 0
-        set recurring-schedule 0 0
-        set user 0 0
-        set user-group 0 0
-        set sslvpn 0 0
-        set proxy 0 0
-        set log-disk-quota 0 0
-    next
 end
 config log syslogd setting
     set status disable
@@ -29134,44 +29173,44 @@ config log fortianalyzer filter
 end
 config firewall ssh local-key
     edit "g-Fortinet_SSH_RSA2048"
-        set password ENC S/jBH+OwC3lNJlHicAZMVf3wgUL5Ax8ufMyew3Dzbk4VkHlcWl3A/WUyqfAbtJ6rAhpRcy8pfLjtq3WvvYJ52Qu35dneygzooyhPFHir2C5WGCK/DCjEtlhFgFLKeIrn8JkkYEb/ffBYU6l5Pd7X1SeUkm2z5eLnLL7WtSml0XeGUGJmnf78KRzc4xm0PY7lsyMxGw==
+        set password ENC 2OjPYTb3FR3R4zaBTiZvQUJFt6i8P6CzJS+YWJkw6cDH8bxKJbsgP8GEMg/5ihKHZQ9x2kMUrC871z8Yxzg+cPXdH4rB2xQtpyJS0QCla9/STP0JJ+nlxzos0u0B9Qm8YcdZpx6lB6JXdAKaWujUE/OIlG55xgo2uRKP4yFCzHF/dng5gAtNPr6BGnLOUSu3/4odbw==
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABA1mO561N
-c7CpF0rN+BdOBQAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhh
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAFQPGDpG
+Q8o+mktySPJqK5AAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhh
 Q5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7
 A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GK
 hFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvC
 HA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8z
-OSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0vAAADwMcyMNKCNYzFHF
-tA305t53D83ogXcTrwO8f3ScWdcLBap5o0aqwfOrswdChdOytbHMx3lmpnLZvFt2JbcqT0
-jDm+ZSb5NwFCW2h5MJlnLolIx85H0ab7XO+JhK1c/J3U0K/m0Y6q3uXObJsAInPNAJDjqL
-VUxgIU438n7dB/NkWQWNjVaddEO/tK9UzzUd5a5JuG2lsukXLGFRC0XIJ94Q9BFuiziNmX
-QUZ7LRqm59ZcsixGSQ1YApEvTZFf+Yd/umWIh9bbHeCAZOWZukDy47VLy2uVd3H+HLOSno
-ZBpX7xa3c6mjI/oHgz7lQAybNzbPoJiBKq5VlTBhR9kTdB3JnnzKegLNwRtsdtEim/O4xJ
-QPxfwGSzE57M9OgPGZMOuFu8Fh07tV06dUnfe9mGDLiQ3HWCZoRW5tuCE0fsieAseqqEiS
-Vy13DPGtkSSLUKmBpJQvR6yK79GtMyIxZEmC43xHmCghHTebSnK45ikagYh0BsK01Q1rx1
-syqY2Ul3bwCSCTuK2sjqnmgGEIIUI8Yikj0kDLSVJukfxdjU/c4eOcqj8yuRbQyfzFmHsv
-debbeU1+oI08M0c5kKVTNeTWQ0iXuETJX1G3gu44xtkQLbCmF4K3byAPGnR2FIBG8tnPaJ
-JCjhZQmN1nohNXt5F7nSALJ3UVSpzD6fnKBQSfxbKN4EAggu0NpX3QyhoDvWx378MRukGn
-OkLi2Z7c/iZrS5w6Jt+kTJ7n6T5ciiaIvzgi7YjtS7ogwNQfodpXC/pd9KE/H7hgrtwclt
-bP9bkpWQKIh/Z4hl2B8hqHDk1wDhNRHRyT2rvuoipJLroyYAZKxS1qerGuArwmxv1YNeNm
-oq5Ibisn/CTLT6zVaKmdHD+qBGd46IlEobgLRd3bmKsBIf5hUfd+LcThhOT4OgjgK2jqAS
-zOLrNH/Ns+Ut+tz7DhzoRhoTzfitjKdjHl8libziHU4rbulbEuqhnxlGrb9G6xKeFOG1Ha
-JUkWoRzX5/tljM2GZRQciN6BF/L9kDboLnR6V2sOS6r/BlnlUMmKhxC81CTzejn4I+XSYk
-Y5dBb9PhA2dJuhkgZEj4vGDkXdnL0fSI9qccHAKkAjd4ECFMRtqjnkdLtUODi6EZiZYDJI
-zcVK0VdeqiSP2M+vx2WwLKdwVBdhHXyrxv5JGwKaYkmaYwFCJ6DRttHlaTID4HgjVWJCVR
-O9UaKreP6Uz9G/L0J54iEclbiKHkC38/IMhi9XhslLzD39f42oKLedWYTJiVgsr3klwtMk
-GvWZyLtg==
+OSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0vAAADwBoKo+7xugNDDC
+Xb+rcQGbPgkSpeDCY6NocfPJ99rrKPm2/Q230fzQ6LHbVTujGV3K+BamTb+CjXkZaXlvU/
+OrscZtORhABTRBd4/oY1nRjSDvQerQD8jjKAgJvqWE2KwPZJkenrdLPQeSjvfCTt28whuU
+FBEEsoQe3/L6FKL09xCmyjv4nozCDd6+/qHKhTXa3X9kuRHgjifu0GKAgVzVCbNCt4DHKD
+NzMLQEBvluihTyHefkeb0jY1InbckYU20NljTqEk0/F2koKrYi3YAg0mvZjM9tVx95zJNo
+TnsdlfdUZXMuWAV11rn6QrLfd8QrGwOUEWtYzZRhCcSFV1c32dCWMf7F6Zcn84g64HVMqB
+cd0ullOU9HmEtnbgZjtGXAWLFF+4SjmsHqI8TL0AZU85+aW6JB5XZ7WxunNSiP2DrF9Fss
+x8Qz5S/QJRb8d7lO5Laq4MGXyjaWpPQU+4Hl1lSBtuUp7lcMHMYy3jKXSroSzcDGocEN/A
+Ori4Mgc/nt7i7HHXOO2wEXHO5ibYfbSibPeUsbgdf6+777ND7kEXbcGJPvraeR4LmrO6T8
+cTLkXCakcXp6tLzwF0YEASKEEsr8gJcAPahsV2ITa1peppN/yA3+mW4bfAoNOE9HZYiYgO
+/1RGz1eIW5voQdPWbnw0kFGFBv4u4XT1dbXJUPpa/g+jfWjwyb4TDgVpMGMezfyYo7EBCz
+E3b0Rruyfo6AGgK0UmbrznOR6vApeRcjr+BrjNUPpqBcwfEbAPJMOlqaOVP3B37UBpbgDX
+pRoIAOTwEKtWwKN/wM8CmrRxqInWUBxf3FD4wc0O6eXUDQzKsQp/+X3l8sgtrNFa554LbW
+V5QF9BfO1IJig8yaki3xg+M8Hrf3kMlMeOWLXkCJ9aJf9GUFf4InyhXeyj4YwBPNb4FRCS
+ETU45sLhXhvRVPQGW9/PBj6y7i6qIE9oqlqiQ1SE0bUJTxey+4qD3WkPpHqSPQMeMkUmIv
+tpWKE15D5NTdKKtziX9e7D9mjfFh4Ab1CSZQALodWo9racYYIgl7Lfq/iLBt/lCRb75ZDx
++gPGjDrAuj+A4xbRmrRZbSHAVunAm2LEKgrILzfPG1GcWSdB0Yd3cc2HTrEuWQQsbNPiuN
+tRMPA5JODd1sqFRkUjZ2GWqL6YW2TlRXr8ZbLgzyWTlWY860QRUoEZKAKuZzFva1/MnHYc
+D9EWV32z3WAFXeOkdO53LirfXoyvz2JkQ1sDLFpLfpnvZPjy6fUd1t4uZ9oL4AUcG5A+sH
+Xt1vvScA==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhhQ5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GKhFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvCHA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8zOSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0v"
         set source built-in
     next
     edit "g-Fortinet_SSH_DSA1024"
-        set password ENC NK4DwI1OFefgJoUIpFajD03RBQ+GOvnIFlXcUxUWR0lO8vDAeBRRVFUWIXkSpXwu3So1Jg/mkoFpunftA8A61nZ6Ecc/mU7yxZ0HfZysGyo8dCFE/RKkbIOsTNieQVTsbpaqbHh16LH/Wm+yjrkViULoXE9kfTPK9MSgf2q7+vD4UduYUCkg1ZQKKD1hkAM/mpJYAA==
+        set password ENC 2yUTkpGGUCOEWR9xwQi8JnR/IRixbH+Xa5bmhXw6uopDmyKLAX20SR35NYhK8XgTidLEMC0JSc1raQVSb46TXaw4/f5zkktcB2id8Bp/zDyO/+dZfIpaHDeA/4iu8R/K7AnR7MtcxeU6VYXJ6yEZjcqzBHtfhuWSXae0ybw/A9vAQUs5yFx3oee5CTzNrikY3yz0GQ==
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDWMdT3yG
-/DLzIBU5O0UtJ/AAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDho
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCsTsvNYA
+0b26004l8z8i7xAAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDho
 KqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTq
 a7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq
 7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXk
@@ -29179,80 +29218,80 @@ jxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFR
 XsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEe
 P+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5
 lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11G
-wlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQAAAHgxMcP4nd5bs47/RHx
-ArZUDjNCJzDVajX1tIDHffLzzlLm2RRU/wKXccxXn1TC14JdA3gOmS/hFa1C/ctWGGFdz1
-RDMGJtXQ8+APtMlY7LoLq0soKjkNkY5KDgGBqbZ8dLcYCKYfl4RoCWGeKNYKjbdudRmuix
-GP/Iy8L+8qLZd7rSDA6q48zv82nNbPUCtSgRLiG9/CDTQx1ICwO61rdjQLqvwycJ7//885
-eXUyaiDA7DD8p/Q/y3L23iLI/t8VEe7sCeFcoFPmJxKURNoCg119GObjEYNDokpv9QOC2G
-/uGE672Yvr9YFLe1RPwWpMgQr05tVu05HiPvRlX+hORf+Q80PQaxyCnSGkGh9FHq2Cph3F
-nOlujutMPe0E9do0qGavzo7yw4g4L5fUUxgUoWLZPfE0dt7Dy1IP+kltIUqGu6a2StNq8U
-rYEYAjVHzaKoU+95oZLimCj0n61LyCNXVg+gcIb+FIq6B4WQhRNJ0ltK7k5TKvCcnClWzj
-DDVeZYF7XOPX9S38MGt9vfWZEF+ZnUrGdl4Py5khdfH99mlSDwt42flFQf2usHNR3ZaaHU
-meM/WUb803e5fUpdeWXtOx9b+YmRujD4g0N49/OISwkC0MIfhdG2FDsuvpLiZit7
+wlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQAAAHgzgAOtcSS6fPeDulJ
+39PdJTzYpcTKSuHcUZV/mNHTzVhJqQxB6B9HLzfNKCy3EryifKql5HG2hhH6sggu00PbIl
+iLwFSIZRomdxWdDEC/0iOm/SvFkMMDR4R1VjNiqNsZcalKL0MuUbD65eRQEMhNwU+NnfD3
+w9zUGnQIrY823ehOaomlgzFJyBj88c3wOp/QAnaJwkK0q+F6pPUrA8Elyxjx95e2ysstac
+xjp4WRnWaAh13goad2tKPYRZr7LBYRpJMDLrTuedPzSbe+qgKEeMG3LiOX5dSEzRYh0CdL
+YihrYMyiosE9Q42QWGVt1tostNWY+P84pl6Ums5yH2ePz0htMhv6Ykcw+zuDGgDPQPIep+
+YivEsMViSNYAftgwHjKZY9vSm9Z080nCD1Y7am2KxKiDxLZjMpGoCqUVj0bgMRatalRs9e
+ZeRwi8Snls61FjQiyIFMcfKsihvBrZaFKIz53IBgSFp3t3vmOB1PVHy9oW0DqP8vgCu6qy
+wgqiinAB9ITb6R899zqkf6OTL/gTmZvZJQdG6X/L6xM/GeqAlbNqq/XUI2W/3AGGFYurRb
+floJVo0ZGUcsZBwbJZf83CXohyF0ZxU+BA7z/THjasuxqgW+xil417cAAMx1kY0x
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDhoKqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTqa7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXkjxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFRXsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEeP+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11GwlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQ="
         set source built-in
     next
     edit "g-Fortinet_SSH_ECDSA256"
-        set password ENC o/Q36LFFIP5Ku07K3e1PvuOSApVkzq7hc1VWjl7Dda8YgNIXQumytCFCSYkqjLUwROLwKLOFa2bskVyrwJB2YKuJjG/f1FeRizPtl0iY5Dp5QXQgxNXmdxyNq3IRYpNrc+RUhHoY46N6uQlJsn5GPrxS/asgsJrP5K6Y6bYgUbu8KEyO2dxd7C+/zvJUM7XnvpRd3A==
+        set password ENC OWdddLpMNGCODqsD3vI4Q+5eR6ZgnuVm0YdynamrVEq9EF1x/yjvbPOyt279i6lClHRe75G5khHNCnpOEeENg6KRFaD81pSoL4F3/mnstR3+ycbbHrVc5mJCKdinYA0efc2S9d3ZyV2K2qzqT4uOIxBban6RPyXNRzjBypasxqz5/WKjjwPRGH3UTMxpoeJ+ZsN/vg==
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCYj0k4bh
-mxNdVne/WYI48/AAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABC6LqlkPY
+/Hdb6OrWPuEFY0AAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
 dHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvK
-y7MHqF8ARHi1glc6RSoarryTUQuCIAAACgQHrpN3sAxVooYsKXIb5xGNvvwxUtTIIAisaQ
-ftEDAx3nTj7+NLlPATgMRDy12pescKquy79fyCFgENFUP+K2pfPsb2IE/RdTcmBsL0646h
-hL2sHeuvZ/mhIMti3oLfj91bBs7TBB2MRvHRYvcZD6rdAkumBmyrSPUO4JwqSPkI68kBVo
-C9C5gBWgfhqKs6DGgceAFVxbb9+RWrpH9YCpIA==
+y7MHqF8ARHi1glc6RSoarryTUQuCIAAACgVxupR7dKdgRH81tvCGVVIDuY//Vx1Yi/Yk0h
+BPrtDwxQhyoplotmX9mTOqazAvefWgTaNjvM9ijdzDa4ZaqNRnnG3P2I6Q9MPhjJtAXU8d
+6sLeriRKwNwnKx2IOvUqw/Pwe6rsubJPij0vXYi/cYVz21DERJvAG+5+1ADdYBbCKG7eEH
+84sWnBQ98dSS7TCNT3vSK6o2Bd6JddGULj+UPw==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvKy7MHqF8ARHi1glc6RSoarryTUQuCI="
         set source built-in
     next
     edit "g-Fortinet_SSH_ECDSA384"
-        set password ENC wKEkADenFjzvEr9s2dS8dDVpS5CfNcu+EDICEBbVN5Rdg9cNq9YbB14/1yG7tHPri0trB64/E+FcAhJoUopA3K4xKQAnhi1N+p5fGqKaWyRwEr5qt7kzA/p4TUZIW1tD+7I+dPfjp/81VUNqOhlnOJkjEgLGTglh/Ztg3WXW/xfBERDxf8jAVKchfvEh7sOBfFSh3w==
+        set password ENC zl4COS3fAccd1GTmY/cr2Eu4GyFbxrkxzF1348NfZb9/a93fUlzAWaioyqgrBPU47ZgM3R8uS9b43oVV0u2/SdgCRrU7Z5gW+hWj+UEpnkgfz1ZaYJMBsNHqizW1ubut3ykHwE9/BoVfke3dEAhAqfZkpRWWJBqd/24Niwa0QPqZHPqOTI4CFkA/YCemYNsG1xarxA==
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBN9BRJMR
-77/5pUXIX3azbHAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB0uOieAX
+++ifn8DLavtjHxAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
 dHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMj
 U5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXx
-dgAAANChlajlzxrBilfuFt0NeQjCmvICKuDRnd+bDSBxAVZcAnFPKPN/ZOUsHIFry+62R4
-xmcknYeWtA09QFKdSbyeOUyqI4CmeqxufXPlPk8N2Mjg/Rub53WkREGx7nv335EUtKyIIE
-qc7vNaHvrM8CbUwCD53Tmrv126aSxuuDEBhth1CkIT8LZEcTEYRSHAZEojS8TB4UhHLRfm
-Rn+DmbJga0IDnPc/ZgNHGTqYx2toV2Fy/DCJ2en2FejJU89J9ZFrGUfz117vVweEVGLCBr
-4j10
+dgAAANBLValBjOP2r5C1kT+Yr9A5Ce28py9bbFBwKGsyJRRyVOmJJvq/CjlgWrdenCuNED
+QUokZvQZZhhbXnk4KZcl/XWrq1b2lCxwSBLiiGLpyNUg+AvIRs13UiMZtLJLbxRR43BNpZ
+9FDCpid1AfE6TwpGvdx1dn6Ah4nfcxO7emsKe15Gri6KKxZxLD2ITDErEPrfZ5S8FBNKYW
+HQFDVYdALCo70/aeJhlUqqW4Xq2SW4LLvSFw0aeRi1GGUS+ym6ffR9h8h9cVatLZs8h6st
+2F3+
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMjU5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXxdg=="
         set source built-in
     next
     edit "g-Fortinet_SSH_ECDSA521"
-        set password ENC glFsaDC4E9pTo6nAnPwhgrxLwbbw2YEi+b3CsYGeVoL6eBCl8wrKhmk9Y6WhdrSzDgODto+OduqcuKWoYkB4DVMF/6P4XQHStfgkdxR7UNcB/WFyXBCAM2Y4fOVOV5oWvevEBlYY96uOgXXPEZqL8B2/fCraI+q4qORFJ1n2J7beMNy/7SyFWJ9lxsvUVR8CVNrmtg==
+        set password ENC RFNCK9m2zY2+z8AmZ9I7EB9JRXi2h4sHpHi88C+jKstjFs5VRqW3cyl3g9ijS9HNsjN1yLUdj4UaKpVEOEEcHw9tQ5FVJWgBbOH0VZNnYE1cwOHyLTMjsPBNfg4rzoEfQqOYWTN0qQBnFYdfGm9ZtAYoCVZfcLe1pJ3zFg0szU7s2jHswVU7z7LsWnAh8PawY9c01Q==
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBTZME+kF
-3Bzq+XqVo08S4FAAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCBJpFvQr
++3HPGMTII33aC8AAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
 dHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdF
 t5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+K
-HPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RAAAAQC/5NwC8S8n04Bskl
-P/Wnde2xZxoWXlBYuV8iJ8OmT7RRVEi3NhVGbIJMqlXfTVi67DgfbtMpVNVhO3UMwPAoC4
-8zcMmJ/1aA58Y+5H8DuYRMfAnuky6vWJFBA4DXgx/vmrn8UK1E2xgW8dgaEEDlLQPittQc
-hlwRhgSZrJoRtQPn8OA5ZNePcblOq1WH6PanQP7Bj2SubMTTZ0Mo+gy7y11wDAMd0MYN6Q
-d2biFs9XCB9xGNGQIrgOEUQoFJ8AyrbQzZt3Tr7tthp0GDyWoCNICjY/vKS9Av/xMMHaq9
-cjEJOwfxqaJfVrEn2/6DS1t2SyTD9C8imQOI2xz/fdVCaO
+HPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RAAAAQAIIfxsaGk5HnTJGL
+gKLEvymOn6YH6QOWCl3sPREJV3f1eePm1s+1AYbP9In7PkE7QJAxsFua8lebxEp6Uif4xA
+NkmFr2DxyTQX109wM71cssRrSvjlYiMJqFd2l8xeqlZA+2YEYCKkVZnJBry/oKoDfcELyX
+1EJVj9DPHrjRA1Y0VqOyXqLbmf5iZaLZskZ3LzRE2mH08rL5h+eYbeJVD0UmKN7NdwJtU9
+We+TPo2xrB6elHZIMlV4ppGUPifwR5ni+ZRgS+o/+zoHu29PEvGztRWNBN957ZaTGd5eNY
+v/mW78+7F5tmt/KkV2SW7sJmZxcPoA0ONHwtHmaHqdhuua
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdFt5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+KHPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RA=="
         set source built-in
     next
     edit "g-Fortinet_SSH_ED25519"
-        set password ENC svmfQGYGtOVRGdzLbDk9CHKMP9+Sx8FQGpZHNu+lN+YiKUXY3FCgKRX7/FLPlBUZcDDKEWym+rd+2Gg6ZpQoeeZzakWKIY1ZqnZE1XRmPpA5VNKv7/VtirHPglULQAEoQOvSkSpuKDufs/wAPkcZ0wsGAzKVTDPQJuObkDJqYjFCYNl5LUYodiqxFdPqwcVUiaC0YA==
+        set password ENC RzMh87JTsQiILtbCPiZZ61P6TgBg+MsB0bRcif4B1sy4z6LsoQprVwEpOmY0JEJXeeEx73fQ0pVaupKW9ojLOZ8TjgAfo4rDUkJ9coqEk0Z+swehYwX7QdjypNV7rsUWYiBW/sVjhXWDFNk3ELPqh6f78dN4cLlDi5WUCf8mpo3IO9cFYPEvzPuX8sFyoZGMh2ZVWg==
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAedjCOkt
-+sFbLzTS4y12TbAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd
-3JUEAvHnugjOGiXz5Puxg/8YfanOAAAAkCa1NSX8hj+j3jVwv2A2AU/gLRKzX4h+Gwxyxz
-JeBT+OyHbzc8MDCIh8a3tf0fJiQ6VJdj3JjhBrp1OWfy2GHkfpMInRlGGz0Hu4XMU702a0
-MgwELDyqSpEdZupNMH44pIjkI0iY/ipgwuNDOTIenADwbqdkC2oX9XA3jIutAB++JU4rvR
-NwgjPHD1irGOM7Gg==
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDW2SdDDT
++IBJQ0+eayPutWAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd
+3JUEAvHnugjOGiXz5Puxg/8YfanOAAAAkMpcWN7RXKH/uB0iWRlrAKTPHK0f1xqBoz6yqO
+V89vDInRfhlwYhS9AuFfm2OElbDGek4zOMNpFrGa7tlJw1NC74SQlDkBe1wrLauUy9MLyk
+ZCBfC6Gw8g7S3xwMYKQ+AVUjfQ2x/800xJhBLKH/3X5gtyjIKuXhRTEjZQBbBQjWtDw++i
+9pkiQ2ltDNDw2Upw==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd3JUEAvHnugjOGiXz5Puxg/8YfanO"
@@ -29261,68 +29300,68 @@ NwgjPHD1irGOM7Gg==
 end
 config firewall ssh local-ca
     edit "g-Fortinet_SSH_CA"
-        set password ENC K4O4DC8R/GWDJAuDGMSMvrBmtLIujq/pnuQ/qu/PVD+HS4xpheuCBwH0MwJLzLcvOqI/YXkRRCqvchqTgXO/Iw3VOmV/dwu6w2RaLqjNI7NoSn00lxONY61odjuiCagWYqgSnocBkGzHqU1Rl1G8U4A7xPwvmLZTaYtyZSdWkrCeYzsQjJdz7CUDwwRCS/0j9DcKFQ==
+        set password ENC tvSxVFR6NarafOSGWVGWRdVu8KB06Xv3SCMZRH+XLWealW7C6bolGl/bUd5J49457IZ8dZfj3sG0lnCI2pcxMFpYAS7mi/IinycTVlu9+YPqFhcbIHrarSFKelIYXrZZdjvkbDzb7oX2Wwt27QBoLTFBlV8ybtEmwUO8AOPobtP8dwof78LjeCzz2DA6HZxB4pBG6Q==
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBf8C4hJd
-+M6AVhFqreO879AAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAAC
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBXtpsaPd
+cKixlCrpH1L+AaAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAAC
 NC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+U
 ZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGP
 E/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7A
 TB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIa
-Mk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9AAADwNT2HECamLA8UM
-fFNSAnPj7lq5k64lxdOyGKKbIDDF/wS2H8g2ZlCuJwGpgHoVeFPiqQhJMjBSfwWDS8oOZA
-po7PyvszP6XAbnIpBHUMDNdUr1Clso9ra9d2oP43fjhzRSHBD0j/x1nJRvse/cP5XuCa4Z
-pGFpgVsz7q+XNEXou8YpAndqUebw/wm3MNzS2AE5YYFQofhSKBxyNSYrsPdaoasmwbnGuv
-XW9vPFnDxNNJ0IkEUeXAWZaE2sBYP3qD4C97curFpYuAPYH5FnvvMLuUtyRFzYMv3WKi8z
-Mw+01rU4yVtCVoAMYCfqjnisIyxgyQHLpLFfWkvIz6IgAQWVtBypJHxiiG2wcLHscWI0gQ
-uCMN/n5QkbBcskRpy52lFypQ2eosTLMzrwfqQF5PDoDz/2Jnf5qXK9hQsNA3fHn2KoyODY
-VmXb1G044Qq3/3ZsW7zkgWfyWJ1fgcIYiJg+wy/KQBkPlew/m5oheT8bs0aivJ8FW8gS1u
-8zq/lBhWxsSsCfD8/nD9ROanz8yArOa8WfF/BFLs1UqkB4oAuVa5dA9xVhIeBbeA6E8eRm
-ucu/a6+tmjaELkiwwscurSqEgELD+K5esR23MAe/Aw5BuzGHRdEDwa79PuqtgpMP7QEFND
-yL/Xe6E4TGMTV5hQYpj7e5dunhr60rd4kg+ZAgfRwDzOaU2ry7n2bSxY/Cauc/dogM0rbG
-SHCohMdMp0We53Y2J7ffmZzDySRIfgxRpjGN/Zv1QH1s3fbqwEG5R2leAlG0+bdN9jXn5F
-dcZ4TGrm8wluUwfrU+mXcoAzelwuphNfbzwp0rIEnxIZxd6puFV7Svlsg4STr1YvA98E7N
-2gDQhd3vYyIFPZG6CtAjzjP3e4KzEXghjgHXLYI31dS8HCVOKCC91tTc5Ojll76jmakIWT
-r9dhSvjkACc688ixxo40qtX79Y33a8lEh1YZqPZ+qF/RgwQS4Wpa8hyZS6xFN2kMtQc9Up
-gCurTRhfA9R5c/Mbgn097CYBOwu3nCfcjgBQ03xwmUJpB2pVKngd/dc/n37J2Z97Nl4Wu3
-Zs4ftOGyqXgmM61ddTYhF6ZZbpjBkdKFFEfl6XkBZDUiVaMsq7hIiCYUCGE/cvljzYuntt
-XEnf4fO8Ifr8sviwPE4gRaHHePPo9EtFAlSewYzeI3M1EkYPAzSf28ztk74FydHUGfqPkF
-RjGiTkUG4NozwGmSG3LGYleBc0CySr+j4Q/qiCEgRQpkihrWkO/j+ILiog9Trh5x/+c2X9
-V9G26szw==
+Mk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9AAADwP015jrfUNd4Is
+nXeV2jaurZ4OE4N//EUdqSfty0cK61mhaqrWUdyzDhnsPacuNYO8Qf23oNsuBMgQk4VgKT
++RhSuipr6Q4i+7AFEdDz8JknAaIYmQQUgPli583uyXKk3tCeOu3lna6rCl0LQTUigS6oby
+5Ha/qPEZiTqGkydWdVm0J9q8VvBDBMIxYF2IEZTr+Ie9+N+fy53FwnK0Hfn9ZzC8eH2GWI
+pdDeCRNUlNbwFcNIbpOlo7HelDLxWvrLexIhdbEsZYfK98sCDkHAg8J1UtjiRXDnWOyamx
+MYL1FfzQG1dl/d5uR5OH8H0ULsu/PgJYGtNeumS7phEJOoqVjrWEoGCte3WEDdLl9kOxJz
+8B6JR1U0DifuSr64LrCuaLXjSd0RMQ/pqJdUfpyjVhBg+voS78b0J2CrMT6iFlVTgiJN/U
+wvCx4lh970xWzf/wwpRGN8aYM3oCZs/bDtDVwJxMttMFn/3dNTa6+E0/g3vPWM+o+/FUz+
+OKptMFTGqCLNwtLatTSRWFG3xu/5hIH8zlcSjycgu8GHeYjq3PRZdy2dFsAW9pUiaPIdHD
+PjoQgl13NZvl5NZYUDTKGqOnowLkI00NvoGlCqCtdMHtZ+ZMVZpFhgYBTnM+AprRbtiwWq
+JFRmwJlqDYZd+J1ugxuzS1UeN2lzs56GOPFnjqkhelrHxqq45H6KRNLEyCxyI6BhFFO69C
+Qest9C8MkpXOjU1+9MAXJ6JPbJJT5o2Fm1r6W7IlpMVifgDya2dSkvUBV/bUrRTB1jWAlN
++dwlacXiJrOEmllFNQr7ZG4aIN+tCGnRPO3LBIy5EQqORaM6XxmlN0Ok4KELiVQz+lYRx4
+KgREH9C7Bfh9GKZJQL7aWXb8+GgkD4WGN77iwKu6LIE6mOogapRn71Ci80/+NL6uMCrBKl
+uArsYelYs+3iZDAfRb67cqDSYWIm2uWJ9j6ZePWjqB7etXLfheIgPEXALsHfbzFqVxqeqZ
+8hIoe2BIrWxdAKSk0ZBeGhU+8pWqNNfr3FAbelg7en3/3hddLFKYJnImCsJnUESdySg0nL
+s/IjFJJoVg1KhtMsGH5nJyDBLRRSk2hIQ86OKbsWmtQV81kwLpssDBAtvI46Yi3aR1jqof
+S5QDHEI2fEhbvSFhdY26Vt9M+NGxYRASMoak6f6CYAC9xAG3BHjiBiEPzhkK6vmcfjjX+4
++y5RZ3i75Vodx9N1FYWlhGo/430Q8E1IlWSAYlW7elypTnrfpHhTBJ5KN/cH0jRECai4gr
+ABMNge5w==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAACNC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+UZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGPE/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7ATB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIaMk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9"
         set source built-in
     next
     edit "g-Fortinet_SSH_CA_Untrusted"
-        set password ENC lgVKqKzrnoQkcm0/OUXL0d91jupvWdzt8hsxuRe/MG3LQhKtJA/eenTIvob7qWGUr4kBxQoXTr1hkPpNNQZsGAJVUrW35Zkoj8CJ1A7PYRoMi1aTLIlCu/nYVDbCFlKobR9AzgCf/8TRzHg7YV1oEzt41qAvrmTlTQ/L/SSMXgq5u5wn0lIN8wvWvsPZzRWHnrDlIA==
+        set password ENC G1eNliBt/uP4MRBklkHOSWOV1xTKr6Uhx0Tgtxk92kVnfpvZwoFUO68hGYd3Aica+6WwMyet52xvUqZyA+yVp02mLYKytx6Zmo/y3nSqO0G15UMyAAeYtJDP2X9+t2Cqg8KmU+ykwiUSjrhut/hquSQK9W2YI8BjVTPYTALLCAx6h4tLZtbtYJkfaGz+1JYrYwV56Q==
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBU2aLPen
-uU59+GRRZCZgSJAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABD/KlvLSV
+ypHyY6ugUeE/hMAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9
 RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lE
 ZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eU
 iw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFG
 Xi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mv
-NVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZlAAADwEWDeIVUpNfN6N
-N9tfe7OnulqQ3OdP7T7M8A596uBvR4P1G7BAcPgC+xoTQP+W94crBOhoq49mlZJBJGnPwg
-+ufxwO8eg8NUAPyMAaS6M8yaTcFvopwbZnMo8Ioey1rX/1JD0W+RJwV7N8FM95waqsjDnB
-fLQy2F8KvzvycsQF4ATAVPbrkcaED3JxQEiHtlMZuIuCtB3Gq0xYJ6sz84NpW2aXlPFzuu
-80YhUVuD7oZESSRIzMZ35/Td1rXeP/JOgFkrL0NSb7RgaHDqFKE4LHC+o+NgskxRPumlhb
-H160LskSooMIVZCKGTii/c1Ipo2YVrAeaUrxgRSGQPeHJ4pivs8/bYP9fd1AHQ64UTX56x
-P60fOA9lhwQtnlox+7J6H1biMMrwboqpI/19y+Qmfd35jbIUTwzxbEeqw55Vxcn29FGU1S
-CtkHwyGB38OFFlawdb05PMT3X5KKXmss8ge4xAoRXooNbVAy6p9R0jrSyU1CKvnYoXPyjd
-nEa6FBZTJNo9ygt0TnlNYEpdaCmiknxMxxnHN3oVLpSLeEHjEqFIXwr+322OqN1Wt90pD0
-QV/5UxiT+bX55IYcz0F9Y05kw60Okc/Gy6NGPyOjuLpHGgVWI+WDueR5sBFP3nQmUjvCi6
-jzzTNgSQV9ED9klycj4NCqNZvbqHAE3PKp5hRkUZ4GB8aGb2NzuUs3cx+JDgLxIW5QC6v6
-kfgc1FAYaVH2cm+FHX+pt+uSqB38RE10lnfnR1oG3ldegelN4lJYkibIafYynDrzv1Xi8j
-Oqd4z/ds41KcGll9gsWclP7MmhL2s6w/cOOwRvZRDNknK1uA111B+yPdsuA78N0ACYulAX
-HT1aiEnwFjfaZauBSPtJex0TbjAQWZ5b6+0XAjkfru+ptV9GfMEsQpfHBIge4JmkcXCFoE
-czjAqskJ9YddKe2FfJGxc1jMCkmA+h/2oR8OyMUSGXxTwKLPabeUFwBuPKH56PqAjIPoKW
-4h+EPfOx3pPY92rDvZ/ETBNf+o/vvxkOPmh3TSRoo2knQvNuWiQ7OPGXrXa0PeZ1UvDRuU
-PMTkbpooKletk49Jw8WOzUqIRd8yF8g2i8tzZ2Xlr8RnOLRBsOzXagjBGyk56kAMhaOOrm
-n+MTbxpM61zYilvCOBeSIvzWp4DjjqXfuFcEpzEHDTZ9Yvz474s1qinmgEibtYSoY61d9d
-QxAI2xneFlb207A+/PTuFaDoCE9g/CD17Rc+WoCP0eU8p/yaLpWIq0JQyEXK48vKCJcVvM
-gs3wZo+Q==
+NVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZlAAADwDMtKa5JA56wxK
+0V/lnCF4yiSneXjb/G6Sdt6RMxopk4ZeIrHTzQYZejJcYWY4fq/1Ifu/bhWryo4fimHzQB
+Emd8yKx3JVno0jqb+DXgC0ggoOVyEoSxImfjeX9utZifTv7IDppx5JIUy9fV0uTa3K4OH+
+xhExXukD4qKjlkmOoa1+Pn8GuuayjIzWY/45Vvmgx6cRQJ2zK9YzMrf+1atXJzEmjsQ0t/
+UZd0hWfYfTebwR0JTt3tF9nUJPMx8vI564EuHz+xN1I7CQdj+Oif2bTyv3Fu/3yKQuAm6n
+NRDCNj+NgMHyAu5q6rxIqHTH4oZnJ0OQwu1Gsk8FhzMHZdW7ZHOIxihR71axts/g5NuBri
+aUyfDT6X6w847kQO/ijODuTD3N0lnsPQMWCijRUrF4F0l3D2hXM1fNVELAHkO1hO27LSrC
+iNWtrhbn1NmJSitwYSieTTczKa6+TkRg31w52JR8Cjpk0Q/9Xih8p5m48Ywo35ZBWE3jC4
+NGeXKX5t8hNilVuHb6amgNXtoREM178ursALABc4uPoqV5jdKjZ5HfDgxPayJP0a02iD3F
+zpXvq5+Povk0WbuRW0cOg6Xri3pL5zr0YrGysKKV02urJv7AMRr3e81kzIs6hGDAdFRZEB
+VaLk8e8GIm1KdutZ5VyunrhEEQuXjwRbgUMHWbLYGyl6NcR6VrTR3mAxietZJ+vpO/j1U+
+jL+RcZwQs2RF0l/sKJ4GYXEKG1Dg7HaduzQVX5MZMkf4YDs43SZMCP2gecIKrqZpn9MEGk
+1JewLIQq7bioSpXHzLgE6WyXVLsNNWrEv1/BxJIKtZ5BySsL8H14kzQYZxcobQ3jZX3GSL
+eaPyZwBs+M5VadHELZp61eUB1+OGMYQOHogihV5KRfudQAjmtak3e5xDtmXzrNaKF+webM
+vMvSL6na2ADlDjS5m6FB4SQhcO/e4DERGKHZVV0r00CSamcTDCtcBHXNkoIQJVH0+uZxfo
+/5Tzu5Nsy6QieR3zwT7Jqv3jgJt7hnhm3tjE+eomJ7i05qYihnvj0XAAtRllhq25UhJXh1
+Uaw0c0H18jz0NP63FbFNXcPJJrhQkiELsZvNDi/U+XvbLlwwZZjXYrzSB7Gi1ImFRx85/S
+pkYR0drWgEM1k17hqSpS6RxxnL4ReX4UuwC8pJnkHFkmlz6oFWGJC07qcS7WXaTTLnvKNn
+vf2tdICS8wHNDfNVNnLha8hJHEZ3s6CwPVAZ+/M3YB4/RsSiK0D6aTTfcJi0aluTZtYF02
+PWD7d7mw==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lEZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eUiw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFGXi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mvNVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZl"
@@ -29436,7 +29475,7 @@ config system fortiguard
     set proxy-server-ip 0.0.0.0
     set proxy-server-port 0
     set proxy-username ''
-    set proxy-password ENC dHM8aLWRNtrfiGh0SFPFtEfKGV7GR9nZoTgMHyv+cO7unkBeHl/iy50Dv/GCzASxjaUnbBquNn7TN7WTwL1n3vBGfGa7TghFpn/mhNpPGQSZxm7SM3u5uddqgjK2gQKnk3elL8RUfI+Qjx7QoTSA1CQARZaq01MSNsrohZevkZaLmjXWPzW9xeYVNrRDuimnx6mFKA==
+    set proxy-password ENC D+HIYUaXXr681EdmEpXbdzirbYlDOPtge3nHYMyn1RuoRf2dKccvRGGH+JW3vrnMW0D3Xnr25xB0Lw3yerhxuuKtK4obxHlJSaDxB5kylltUnujjVwsS2QfqxLfjUpsoSN1lH0pXma+HaYQCsAaiEVIjrCkFU8KuvXm+ZsrkUfbKRz/Ft285SdILkN7xYSD1WmPyMg==
     set ddns-server-ip 0.0.0.0
     set ddns-server-ip6 ::
     set ddns-server-port 443
@@ -30249,7 +30288,7 @@ config system modem
     set phone1 ''
     set dial-cmd1 ''
     set username1 ''
-    set passwd1 ENC 1MpQWKAE6bHbkcLE9I3evEhR8zaEWmlC48WmgOwWaAfLjs8Hz7O81+iJB3f2+Q331FSJm35v31z4oh57VyCAskmb9Wp/aV6pnK/l6onxL99jO68btrg3e5j9GKU4FXoSCeNtFPL8hQlHvT3jDfGcFrvt9DfQq5O/Rq3hhGXfB56iCkzxrJfaXaoED/G6CG5sqERhRw==
+    set passwd1 ENC x3RCaiBzLT+o2VsaeOAp5TQ+jNAa7ZdWfnwURbIdqqGSamcrSjWZnCltMWhQv9Yb69z7iXMZO77/c3IU7U8hcRYX0sMb0fT5f6QJBjN35n73Ztn20g+iaABI0qNAHDJxbumaNq7umc8ksPKUJT7mxVdVsIEqgTtXHQYOk8jMR/wo+wEj33LvJbsP8lWR/n7NLtDr4w==
     set extra-init1 ''
     set peer-modem1 generic
     set ppp-echo-request1 enable
@@ -30258,7 +30297,7 @@ config system modem
     set phone2 ''
     set dial-cmd2 ''
     set username2 ''
-    set passwd2 ENC 2uIOvSurCCEMPG1zJTzbHJl6YLS2U79eXMVkSnUEcvtLbfnaRqD/v0UM4VqO6WPa5O259KLBgurIA6EY2y+YWPxl7EuDTbGFgPWx6h/tGQKFQ/El0TpYl4PinF+rjKWegmI1eGj6A2pZY9yp9D9vwxsY8uI90AlnB9Dudht1iiiFjDaLzs7NJYEbSR4HZColE6SU0g==
+    set passwd2 ENC SCti73u7ykhuAzW4g1NOx8eDMxILvM2XsksdHrvcpH4dnoGTCXGptkuJPhtDEuGKjOg+5fPj+TkVcPMw8MsQ89YsBVQJSKQFl+mY382b28bOIg7typET3Y1cM1rjRO1z/Yc55ue0+TCJoKOKu4E72cpLWRgPSIORyD5NFS8T4gtAFbwiJwLKDuIjgI3//quexUFC9Q==
     set extra-init2 ''
     set peer-modem2 generic
     set ppp-echo-request2 enable
@@ -30267,7 +30306,7 @@ config system modem
     set phone3 ''
     set dial-cmd3 ''
     set username3 ''
-    set passwd3 ENC 7dQ79AlNNdM64hhKU6tMtEncP6y7y/LZDoF14u0nnyWMEzB7/QyJ06OE3qWJFvFRlrKdMTn2B4OmxUCeFE+UDVZ910dn5uqZRSA0rsrhJwYRZlk5Z91eU0dSbApoMg9iJztcrQwvi1MfS/Y80K+q6dZDGQxPazr/mzYYeUBlI5lUxkQfU3VtPE9+0DYXs1E2PkF+1w==
+    set passwd3 ENC Mb2ZEtCpsGt9F7RKUkI7yPvMFdAcCl6SQPeMjYqW7iCREhS1UUAh6eFwVOdkhK2kk6UT1tnpr/4Irpleh3san6t7CRFUiw6boRCkXQ63PuiQPXN3VSIRsZ0B/qTM4JuSPtlnYLZfSexFo0L9ug2Js++Mj74tG/Kwhyefa5FLj5aoB7we7MwS/Ow+zSAhyBHOEAFzVw==
     set extra-init3 ''
     set peer-modem3 generic
     set ppp-echo-request3 enable
@@ -33689,9 +33728,9 @@ config user local
         set passwd-time 0000-00-00 00:00:00
         set authtimeout 0
         set auth-concurrent-override disable
-        set ppk-secret ENC 1kMXc/0dlDNYbZwiQ0jBLgPMQxoEvFdFPrUbEQQH3KuPfn6QiHwXOXCr/4GUJQRprGsRwAYMr62i50BF8iAgJXPFQjoUWUk84mEOuFsXaxlD4Q4KRrm/O3gKtLYirZvNY+slKuT0bu3ZaP6fVNiUt+yo/GX6Ry3o3XmaXMLJ/H7NlPS32rcFC/pTVlnwssXdu+IK7A==
+        set ppk-secret ENC JwXM21JwD5BxVXy5ALf0sLFkDvv5AY6ONasW5IACppXt8g0IyZ/hnS12mDP3+zJtSVbU9oc887G53dNiPcTQ3MzYE3JYGBULA6CgXmHVt/+UJWjce1eaRcfVF6bqGat8VAQQ0vaGn18o4umN2U7HP1HiBCEbRZxw3BeVNofw9/7JWeVLPxif0Wc4zaWJ+VZYb/DvXg==
         set ppk-identity ''
-        set passwd ENC xPBvzRl0fSM2uN3J7UIN5ZgsnzDN6HlyERGlWMjnJwiOPjoavEAA7GBbieLcGi6kdM3yKTs+HoV/KJp/wFrDo5phGDorttSDcqGGcEYeOsH68xCT+1/OTAlp8NsLaa50tbQ5ujQQjWHBuFoWYqK3xqu820+DvKAP8UOceD719WobX5wwC/mKmGbCpMeJO1JZxdStzQ==
+        set passwd ENC paAPilLITgzpKaHiRAW5OMSob1O0ACCH1Tum2u+9kGkTftPKMYlFPooyK7IqAisUA9tWKL68GTjQCEfM5yZCrtkitXM527MFq/hXNm6so0QOMDoG/IuqiYQdLtKaJqCVu0x9dO5AjWyUgP8H4hkpzpq7dPrwYg2uU++xJtlYqDnZPHhDfXRujxAeSShJ/UWF1jr46Q==
     next
 end
 config user setting
@@ -37630,10 +37669,10 @@ config firewall vipgrp6
 end
 config firewall ssh local-key
     edit "g-Fortinet_SSH_DSA1024"
-        set password ENC SseMZJGuj7SPRqynahuAZirfFZ9TSN51fw9jI7Dm/MGvtOI+YeUsAGRVyvr8YeKCI90XJ31lhlAv/lWERUQNkEjaqwohGHYhNqGAOv4sR41dRZq4FaVMJt6Txdnd2bF0pnIAJ3ANXmhoj5zPvWJ/WatWuwkR0geZS3/Az1QPjWOhhGmjdnYK9Ot3f5ByNRcxKHAuqQ==
+        set password ENC 4ae0tccXdUdcUtpylEjp62gD+/fOoiDNNehq4/HIFly9EmCNHbt4ZTJ2IeYyoAMFP3RU3+xzn5GzdXMLqwWfD4DCEC0NaI92g4tsgLY6EDVZhaeNo4p0uTvr85qQAvfO8t7T7JYxDNc0yRK+cJqLo05Wxqrj6mWpBlKDqVXL9q0jaTkFOGfHUxC2hkA2uYTknnx5bg==
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDWMdT3yG
-/DLzIBU5O0UtJ/AAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDho
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCsTsvNYA
+0b26004l8z8i7xAAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDho
 KqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTq
 a7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq
 7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXk
@@ -37641,114 +37680,114 @@ jxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFR
 XsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEe
 P+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5
 lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11G
-wlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQAAAHgxMcP4nd5bs47/RHx
-ArZUDjNCJzDVajX1tIDHffLzzlLm2RRU/wKXccxXn1TC14JdA3gOmS/hFa1C/ctWGGFdz1
-RDMGJtXQ8+APtMlY7LoLq0soKjkNkY5KDgGBqbZ8dLcYCKYfl4RoCWGeKNYKjbdudRmuix
-GP/Iy8L+8qLZd7rSDA6q48zv82nNbPUCtSgRLiG9/CDTQx1ICwO61rdjQLqvwycJ7//885
-eXUyaiDA7DD8p/Q/y3L23iLI/t8VEe7sCeFcoFPmJxKURNoCg119GObjEYNDokpv9QOC2G
-/uGE672Yvr9YFLe1RPwWpMgQr05tVu05HiPvRlX+hORf+Q80PQaxyCnSGkGh9FHq2Cph3F
-nOlujutMPe0E9do0qGavzo7yw4g4L5fUUxgUoWLZPfE0dt7Dy1IP+kltIUqGu6a2StNq8U
-rYEYAjVHzaKoU+95oZLimCj0n61LyCNXVg+gcIb+FIq6B4WQhRNJ0ltK7k5TKvCcnClWzj
-DDVeZYF7XOPX9S38MGt9vfWZEF+ZnUrGdl4Py5khdfH99mlSDwt42flFQf2usHNR3ZaaHU
-meM/WUb803e5fUpdeWXtOx9b+YmRujD4g0N49/OISwkC0MIfhdG2FDsuvpLiZit7
+wlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQAAAHgzgAOtcSS6fPeDulJ
+39PdJTzYpcTKSuHcUZV/mNHTzVhJqQxB6B9HLzfNKCy3EryifKql5HG2hhH6sggu00PbIl
+iLwFSIZRomdxWdDEC/0iOm/SvFkMMDR4R1VjNiqNsZcalKL0MuUbD65eRQEMhNwU+NnfD3
+w9zUGnQIrY823ehOaomlgzFJyBj88c3wOp/QAnaJwkK0q+F6pPUrA8Elyxjx95e2ysstac
+xjp4WRnWaAh13goad2tKPYRZr7LBYRpJMDLrTuedPzSbe+qgKEeMG3LiOX5dSEzRYh0CdL
+YihrYMyiosE9Q42QWGVt1tostNWY+P84pl6Ums5yH2ePz0htMhv6Ykcw+zuDGgDPQPIep+
+YivEsMViSNYAftgwHjKZY9vSm9Z080nCD1Y7am2KxKiDxLZjMpGoCqUVj0bgMRatalRs9e
+ZeRwi8Snls61FjQiyIFMcfKsihvBrZaFKIz53IBgSFp3t3vmOB1PVHy9oW0DqP8vgCu6qy
+wgqiinAB9ITb6R899zqkf6OTL/gTmZvZJQdG6X/L6xM/GeqAlbNqq/XUI2W/3AGGFYurRb
+floJVo0ZGUcsZBwbJZf83CXohyF0ZxU+BA7z/THjasuxqgW+xil417cAAMx1kY0x
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDhoKqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTqa7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXkjxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFRXsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEeP+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11GwlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQ="
         set source built-in
     next
     edit "g-Fortinet_SSH_ECDSA256"
-        set password ENC dQStjdR43Cw6JmCjjLoAxrFU4d55OdnfT7b7/ogj8OsfAK4j3iBT5CiHoSjtkNrEDbJuRhleR2R16yCyHWJvlB+iFmliVFMCCSYdz1vdTZ2xfAjNkaE7u+R31hH6FOEm0LALVytLSk+EU6I6WKYYB8WDOSb3axUWNc2HaBP1LXwseEI42kfpd8cAv1VvhIlKPHzH4A==
+        set password ENC BUDppfDr8DwtxwlVMzXWdwC3bYfPWLSzIOUY2uaGYR6NTGEv7fa0DqC+vpV5hwAt0zap/zbqGbQFEki6G+naamitVq6m7Hzajj/QF06zeDrdkA5qptc+OQ53K8C5dKYRqxMXWjtd3gVVkuxULeAelRdypYRxyiSnjmANoQbQy1kMIzZaUGQWONh5IPppZFHGWpWDyA==
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCYj0k4bh
-mxNdVne/WYI48/AAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABC6LqlkPY
+/Hdb6OrWPuEFY0AAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
 dHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvK
-y7MHqF8ARHi1glc6RSoarryTUQuCIAAACgQHrpN3sAxVooYsKXIb5xGNvvwxUtTIIAisaQ
-ftEDAx3nTj7+NLlPATgMRDy12pescKquy79fyCFgENFUP+K2pfPsb2IE/RdTcmBsL0646h
-hL2sHeuvZ/mhIMti3oLfj91bBs7TBB2MRvHRYvcZD6rdAkumBmyrSPUO4JwqSPkI68kBVo
-C9C5gBWgfhqKs6DGgceAFVxbb9+RWrpH9YCpIA==
+y7MHqF8ARHi1glc6RSoarryTUQuCIAAACgVxupR7dKdgRH81tvCGVVIDuY//Vx1Yi/Yk0h
+BPrtDwxQhyoplotmX9mTOqazAvefWgTaNjvM9ijdzDa4ZaqNRnnG3P2I6Q9MPhjJtAXU8d
+6sLeriRKwNwnKx2IOvUqw/Pwe6rsubJPij0vXYi/cYVz21DERJvAG+5+1ADdYBbCKG7eEH
+84sWnBQ98dSS7TCNT3vSK6o2Bd6JddGULj+UPw==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvKy7MHqF8ARHi1glc6RSoarryTUQuCI="
         set source built-in
     next
     edit "g-Fortinet_SSH_ECDSA384"
-        set password ENC 6UlA+DVUlRtCW5xXGSOAFMO+u887JWHAr0MX4EFtjhQnEzH1MBvxa7eWqMoYaIktWB7jOtpOrMApyCiadIJnYdHnysyPSRyacTXpLdjqxtJjE5f+j96ASzWWrc8ecsCsw1X0N+6/ybzrQAYZ4sRSoUidTkOWUiPR20EDtDEkS8S0mtYVA7OTxilpmeRt29ERpWB+kw==
+        set password ENC oGDT0e08I4oYVag6s8p1X9mNVkMxeporo19FMoECWz6bY+svQtCRRdqliPXVRPogJ4uk+sAACGCfK9MMI+HI4K8CGGUGC5CY4nn6dPJ50uJ7WdyPnlTopNv+hq/1wDvCu5Ic6/wSeGN1zIAQQ6Xs/THlKPF9CVgjUbdhIdoxloxm8iHR17NXGRU/hnUYMsxqCXy9rA==
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBN9BRJMR
-77/5pUXIX3azbHAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB0uOieAX
+++ifn8DLavtjHxAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
 dHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMj
 U5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXx
-dgAAANChlajlzxrBilfuFt0NeQjCmvICKuDRnd+bDSBxAVZcAnFPKPN/ZOUsHIFry+62R4
-xmcknYeWtA09QFKdSbyeOUyqI4CmeqxufXPlPk8N2Mjg/Rub53WkREGx7nv335EUtKyIIE
-qc7vNaHvrM8CbUwCD53Tmrv126aSxuuDEBhth1CkIT8LZEcTEYRSHAZEojS8TB4UhHLRfm
-Rn+DmbJga0IDnPc/ZgNHGTqYx2toV2Fy/DCJ2en2FejJU89J9ZFrGUfz117vVweEVGLCBr
-4j10
+dgAAANBLValBjOP2r5C1kT+Yr9A5Ce28py9bbFBwKGsyJRRyVOmJJvq/CjlgWrdenCuNED
+QUokZvQZZhhbXnk4KZcl/XWrq1b2lCxwSBLiiGLpyNUg+AvIRs13UiMZtLJLbxRR43BNpZ
+9FDCpid1AfE6TwpGvdx1dn6Ah4nfcxO7emsKe15Gri6KKxZxLD2ITDErEPrfZ5S8FBNKYW
+HQFDVYdALCo70/aeJhlUqqW4Xq2SW4LLvSFw0aeRi1GGUS+ym6ffR9h8h9cVatLZs8h6st
+2F3+
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMjU5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXxdg=="
         set source built-in
     next
     edit "g-Fortinet_SSH_ECDSA521"
-        set password ENC rLIJ8oCZn6XJpCp59OlaXsW6JxwOXKQ8zxyif4OOeYspt/dlXtJ72yD3dhL47l6UmNTflkCcrz9GXqGlhAxiff2fgGneLwBqlK9ot7lma+TFRCVBUsWfxzYaLwLJf3EtV9m73UO6VnjsB/xMevJWBBsMj/w5djT9jdkPkZ861+/c0Q4gIIK6N7wNKvGz7WhQpHjXgQ==
+        set password ENC 2BEwGjdeICDRot8q8DvjgpjPPVFDOBNUnn4PlUVjFMPtY4EFRasQAELbS/xPIdEocNzbqjdxAR3Kh2ewCh1Di0J0g80I/ZKmwqnTQCJjMkXXxfjAkbSRT0pDHnIi/MiAFmTSahBAn/MeHAe0vWQh3e862kyr/DnBph0/PGBVUBHzIYoRXGA5UqaQ56nbuP23nPQFfQ==
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBTZME+kF
-3Bzq+XqVo08S4FAAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCBJpFvQr
++3HPGMTII33aC8AAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
 dHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdF
 t5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+K
-HPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RAAAAQC/5NwC8S8n04Bskl
-P/Wnde2xZxoWXlBYuV8iJ8OmT7RRVEi3NhVGbIJMqlXfTVi67DgfbtMpVNVhO3UMwPAoC4
-8zcMmJ/1aA58Y+5H8DuYRMfAnuky6vWJFBA4DXgx/vmrn8UK1E2xgW8dgaEEDlLQPittQc
-hlwRhgSZrJoRtQPn8OA5ZNePcblOq1WH6PanQP7Bj2SubMTTZ0Mo+gy7y11wDAMd0MYN6Q
-d2biFs9XCB9xGNGQIrgOEUQoFJ8AyrbQzZt3Tr7tthp0GDyWoCNICjY/vKS9Av/xMMHaq9
-cjEJOwfxqaJfVrEn2/6DS1t2SyTD9C8imQOI2xz/fdVCaO
+HPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RAAAAQAIIfxsaGk5HnTJGL
+gKLEvymOn6YH6QOWCl3sPREJV3f1eePm1s+1AYbP9In7PkE7QJAxsFua8lebxEp6Uif4xA
+NkmFr2DxyTQX109wM71cssRrSvjlYiMJqFd2l8xeqlZA+2YEYCKkVZnJBry/oKoDfcELyX
+1EJVj9DPHrjRA1Y0VqOyXqLbmf5iZaLZskZ3LzRE2mH08rL5h+eYbeJVD0UmKN7NdwJtU9
+We+TPo2xrB6elHZIMlV4ppGUPifwR5ni+ZRgS+o/+zoHu29PEvGztRWNBN957ZaTGd5eNY
+v/mW78+7F5tmt/KkV2SW7sJmZxcPoA0ONHwtHmaHqdhuua
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdFt5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+KHPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RA=="
         set source built-in
     next
     edit "g-Fortinet_SSH_ED25519"
-        set password ENC oJ/rM9SQCI+oG/Ko30qhMKJVYMGauHW8TaNL1k1+mbLG0tOsBrbgOinBZUmLUoYHvoXTy/79crN9QVV97wd2CwR45SclqfHIQTfLWH1RH6+eNih3jhI52Y6DAhrZzvy6XHKbBEThJB7MkRBPNUU3DGucDh2STByDsitJEQirVksegxIG0cDTXTlUz7MMdfjQ4FWTFQ==
+        set password ENC M/YolbWdcOE5WyJAFR+mgXQhaf2SnNLC250/FDoz/WGfsuvYuOGIvf/ZZeMrgWN2TSxL0aMlWgarsl2YE7Zs2DO281qgyWixI+tP+AW3Ak6tO+FSsNZFbUB8Fn9dRXJltHxnhZTj6rN5CfA3ZAzaB1mcgi1TkdON/CnQzw4GxSLAoPRL6ATRK2GZW4CG9XfZve03yg==
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAedjCOkt
-+sFbLzTS4y12TbAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd
-3JUEAvHnugjOGiXz5Puxg/8YfanOAAAAkCa1NSX8hj+j3jVwv2A2AU/gLRKzX4h+Gwxyxz
-JeBT+OyHbzc8MDCIh8a3tf0fJiQ6VJdj3JjhBrp1OWfy2GHkfpMInRlGGz0Hu4XMU702a0
-MgwELDyqSpEdZupNMH44pIjkI0iY/ipgwuNDOTIenADwbqdkC2oX9XA3jIutAB++JU4rvR
-NwgjPHD1irGOM7Gg==
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDW2SdDDT
++IBJQ0+eayPutWAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd
+3JUEAvHnugjOGiXz5Puxg/8YfanOAAAAkMpcWN7RXKH/uB0iWRlrAKTPHK0f1xqBoz6yqO
+V89vDInRfhlwYhS9AuFfm2OElbDGek4zOMNpFrGa7tlJw1NC74SQlDkBe1wrLauUy9MLyk
+ZCBfC6Gw8g7S3xwMYKQ+AVUjfQ2x/800xJhBLKH/3X5gtyjIKuXhRTEjZQBbBQjWtDw++i
+9pkiQ2ltDNDw2Upw==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd3JUEAvHnugjOGiXz5Puxg/8YfanO"
         set source built-in
     next
     edit "g-Fortinet_SSH_RSA2048"
-        set password ENC vI00TpP/pXEwFd6xvQkMrRZSWeVyYUmJjJrGGLrMixOXqyy6I0ulkOy9vREfMI2fu8SmHa8uyODMf4nqcewNOnLfgDO4e+QOtpZi1BrnemU3udvMkLXUEfdVKDF47l0+NDz99l4OckEXDty2oA4I3wuKW3h4Zq2z7ZP+OOmZOTEISE3vD1/iTl9dednfuUuWR7++6Q==
+        set password ENC LwVjPuupww+vuveEJtXEweSzeHdt+/b0QWAtjRBzbIgFVNetL4SurcFt5KE9kS0trwMr3KLco5ai+PeZPFSdKsjDMZHbLj2cLizLR49WVummL2TPq5J7W5lIH3UsxhbxSNiDsfdAnWunXu8iHRLBbQJ6z42ynUoKRXr7QdS89seq/PHe30GMz5tHCNMWLfKNXifbdQ==
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABA1mO561N
-c7CpF0rN+BdOBQAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhh
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAFQPGDpG
+Q8o+mktySPJqK5AAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhh
 Q5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7
 A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GK
 hFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvC
 HA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8z
-OSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0vAAADwMcyMNKCNYzFHF
-tA305t53D83ogXcTrwO8f3ScWdcLBap5o0aqwfOrswdChdOytbHMx3lmpnLZvFt2JbcqT0
-jDm+ZSb5NwFCW2h5MJlnLolIx85H0ab7XO+JhK1c/J3U0K/m0Y6q3uXObJsAInPNAJDjqL
-VUxgIU438n7dB/NkWQWNjVaddEO/tK9UzzUd5a5JuG2lsukXLGFRC0XIJ94Q9BFuiziNmX
-QUZ7LRqm59ZcsixGSQ1YApEvTZFf+Yd/umWIh9bbHeCAZOWZukDy47VLy2uVd3H+HLOSno
-ZBpX7xa3c6mjI/oHgz7lQAybNzbPoJiBKq5VlTBhR9kTdB3JnnzKegLNwRtsdtEim/O4xJ
-QPxfwGSzE57M9OgPGZMOuFu8Fh07tV06dUnfe9mGDLiQ3HWCZoRW5tuCE0fsieAseqqEiS
-Vy13DPGtkSSLUKmBpJQvR6yK79GtMyIxZEmC43xHmCghHTebSnK45ikagYh0BsK01Q1rx1
-syqY2Ul3bwCSCTuK2sjqnmgGEIIUI8Yikj0kDLSVJukfxdjU/c4eOcqj8yuRbQyfzFmHsv
-debbeU1+oI08M0c5kKVTNeTWQ0iXuETJX1G3gu44xtkQLbCmF4K3byAPGnR2FIBG8tnPaJ
-JCjhZQmN1nohNXt5F7nSALJ3UVSpzD6fnKBQSfxbKN4EAggu0NpX3QyhoDvWx378MRukGn
-OkLi2Z7c/iZrS5w6Jt+kTJ7n6T5ciiaIvzgi7YjtS7ogwNQfodpXC/pd9KE/H7hgrtwclt
-bP9bkpWQKIh/Z4hl2B8hqHDk1wDhNRHRyT2rvuoipJLroyYAZKxS1qerGuArwmxv1YNeNm
-oq5Ibisn/CTLT6zVaKmdHD+qBGd46IlEobgLRd3bmKsBIf5hUfd+LcThhOT4OgjgK2jqAS
-zOLrNH/Ns+Ut+tz7DhzoRhoTzfitjKdjHl8libziHU4rbulbEuqhnxlGrb9G6xKeFOG1Ha
-JUkWoRzX5/tljM2GZRQciN6BF/L9kDboLnR6V2sOS6r/BlnlUMmKhxC81CTzejn4I+XSYk
-Y5dBb9PhA2dJuhkgZEj4vGDkXdnL0fSI9qccHAKkAjd4ECFMRtqjnkdLtUODi6EZiZYDJI
-zcVK0VdeqiSP2M+vx2WwLKdwVBdhHXyrxv5JGwKaYkmaYwFCJ6DRttHlaTID4HgjVWJCVR
-O9UaKreP6Uz9G/L0J54iEclbiKHkC38/IMhi9XhslLzD39f42oKLedWYTJiVgsr3klwtMk
-GvWZyLtg==
+OSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0vAAADwBoKo+7xugNDDC
+Xb+rcQGbPgkSpeDCY6NocfPJ99rrKPm2/Q230fzQ6LHbVTujGV3K+BamTb+CjXkZaXlvU/
+OrscZtORhABTRBd4/oY1nRjSDvQerQD8jjKAgJvqWE2KwPZJkenrdLPQeSjvfCTt28whuU
+FBEEsoQe3/L6FKL09xCmyjv4nozCDd6+/qHKhTXa3X9kuRHgjifu0GKAgVzVCbNCt4DHKD
+NzMLQEBvluihTyHefkeb0jY1InbckYU20NljTqEk0/F2koKrYi3YAg0mvZjM9tVx95zJNo
+TnsdlfdUZXMuWAV11rn6QrLfd8QrGwOUEWtYzZRhCcSFV1c32dCWMf7F6Zcn84g64HVMqB
+cd0ullOU9HmEtnbgZjtGXAWLFF+4SjmsHqI8TL0AZU85+aW6JB5XZ7WxunNSiP2DrF9Fss
+x8Qz5S/QJRb8d7lO5Laq4MGXyjaWpPQU+4Hl1lSBtuUp7lcMHMYy3jKXSroSzcDGocEN/A
+Ori4Mgc/nt7i7HHXOO2wEXHO5ibYfbSibPeUsbgdf6+777ND7kEXbcGJPvraeR4LmrO6T8
+cTLkXCakcXp6tLzwF0YEASKEEsr8gJcAPahsV2ITa1peppN/yA3+mW4bfAoNOE9HZYiYgO
+/1RGz1eIW5voQdPWbnw0kFGFBv4u4XT1dbXJUPpa/g+jfWjwyb4TDgVpMGMezfyYo7EBCz
+E3b0Rruyfo6AGgK0UmbrznOR6vApeRcjr+BrjNUPpqBcwfEbAPJMOlqaOVP3B37UBpbgDX
+pRoIAOTwEKtWwKN/wM8CmrRxqInWUBxf3FD4wc0O6eXUDQzKsQp/+X3l8sgtrNFa554LbW
+V5QF9BfO1IJig8yaki3xg+M8Hrf3kMlMeOWLXkCJ9aJf9GUFf4InyhXeyj4YwBPNb4FRCS
+ETU45sLhXhvRVPQGW9/PBj6y7i6qIE9oqlqiQ1SE0bUJTxey+4qD3WkPpHqSPQMeMkUmIv
+tpWKE15D5NTdKKtziX9e7D9mjfFh4Ab1CSZQALodWo9racYYIgl7Lfq/iLBt/lCRb75ZDx
++gPGjDrAuj+A4xbRmrRZbSHAVunAm2LEKgrILzfPG1GcWSdB0Yd3cc2HTrEuWQQsbNPiuN
+tRMPA5JODd1sqFRkUjZ2GWqL6YW2TlRXr8ZbLgzyWTlWY860QRUoEZKAKuZzFva1/MnHYc
+D9EWV32z3WAFXeOkdO53LirfXoyvz2JkQ1sDLFpLfpnvZPjy6fUd1t4uZ9oL4AUcG5A+sH
+Xt1vvScA==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhhQ5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GKhFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvCHA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8zOSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0v"
@@ -37757,68 +37796,68 @@ GvWZyLtg==
 end
 config firewall ssh local-ca
     edit "g-Fortinet_SSH_CA"
-        set password ENC kNrgGaggJ8XNTOdfgYocbLLJOmvzVF1FFc8iRxZ4hvNSAo3b5PSUWieLwZfFkBn7XTnwzD0cQ8DESb4IePsMGRp3V8AgEIICj9Uw6qt9oZRrCEAPIHDkTaCewjziK26hi75yX1exZ2DHmHfiQQUZGMq6/UOP7OI31/mtkUpmvRAICr+fkegxz1pVGzMEF93kHu3LMA==
+        set password ENC I+SMSAZlFEqYlhL01pf7jlLp6RPM8i74TpMudmOgyOBiAuEIQoRQ1Ng54vkYoa4wDDsI3e4PmV7qUCJmNnR65rhXf4AKJ48Ud7h9jvgu2USTfLFzqkdyKaa8fHzaq5aUgPNHUTkwjIDtgXHKAkSyAKWcwTslWOkV1ZVf3sTtte3KQ78LomcbqkpVmcwn+fyOkXIZFA==
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBf8C4hJd
-+M6AVhFqreO879AAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAAC
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBXtpsaPd
+cKixlCrpH1L+AaAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAAC
 NC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+U
 ZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGP
 E/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7A
 TB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIa
-Mk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9AAADwNT2HECamLA8UM
-fFNSAnPj7lq5k64lxdOyGKKbIDDF/wS2H8g2ZlCuJwGpgHoVeFPiqQhJMjBSfwWDS8oOZA
-po7PyvszP6XAbnIpBHUMDNdUr1Clso9ra9d2oP43fjhzRSHBD0j/x1nJRvse/cP5XuCa4Z
-pGFpgVsz7q+XNEXou8YpAndqUebw/wm3MNzS2AE5YYFQofhSKBxyNSYrsPdaoasmwbnGuv
-XW9vPFnDxNNJ0IkEUeXAWZaE2sBYP3qD4C97curFpYuAPYH5FnvvMLuUtyRFzYMv3WKi8z
-Mw+01rU4yVtCVoAMYCfqjnisIyxgyQHLpLFfWkvIz6IgAQWVtBypJHxiiG2wcLHscWI0gQ
-uCMN/n5QkbBcskRpy52lFypQ2eosTLMzrwfqQF5PDoDz/2Jnf5qXK9hQsNA3fHn2KoyODY
-VmXb1G044Qq3/3ZsW7zkgWfyWJ1fgcIYiJg+wy/KQBkPlew/m5oheT8bs0aivJ8FW8gS1u
-8zq/lBhWxsSsCfD8/nD9ROanz8yArOa8WfF/BFLs1UqkB4oAuVa5dA9xVhIeBbeA6E8eRm
-ucu/a6+tmjaELkiwwscurSqEgELD+K5esR23MAe/Aw5BuzGHRdEDwa79PuqtgpMP7QEFND
-yL/Xe6E4TGMTV5hQYpj7e5dunhr60rd4kg+ZAgfRwDzOaU2ry7n2bSxY/Cauc/dogM0rbG
-SHCohMdMp0We53Y2J7ffmZzDySRIfgxRpjGN/Zv1QH1s3fbqwEG5R2leAlG0+bdN9jXn5F
-dcZ4TGrm8wluUwfrU+mXcoAzelwuphNfbzwp0rIEnxIZxd6puFV7Svlsg4STr1YvA98E7N
-2gDQhd3vYyIFPZG6CtAjzjP3e4KzEXghjgHXLYI31dS8HCVOKCC91tTc5Ojll76jmakIWT
-r9dhSvjkACc688ixxo40qtX79Y33a8lEh1YZqPZ+qF/RgwQS4Wpa8hyZS6xFN2kMtQc9Up
-gCurTRhfA9R5c/Mbgn097CYBOwu3nCfcjgBQ03xwmUJpB2pVKngd/dc/n37J2Z97Nl4Wu3
-Zs4ftOGyqXgmM61ddTYhF6ZZbpjBkdKFFEfl6XkBZDUiVaMsq7hIiCYUCGE/cvljzYuntt
-XEnf4fO8Ifr8sviwPE4gRaHHePPo9EtFAlSewYzeI3M1EkYPAzSf28ztk74FydHUGfqPkF
-RjGiTkUG4NozwGmSG3LGYleBc0CySr+j4Q/qiCEgRQpkihrWkO/j+ILiog9Trh5x/+c2X9
-V9G26szw==
+Mk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9AAADwP015jrfUNd4Is
+nXeV2jaurZ4OE4N//EUdqSfty0cK61mhaqrWUdyzDhnsPacuNYO8Qf23oNsuBMgQk4VgKT
++RhSuipr6Q4i+7AFEdDz8JknAaIYmQQUgPli583uyXKk3tCeOu3lna6rCl0LQTUigS6oby
+5Ha/qPEZiTqGkydWdVm0J9q8VvBDBMIxYF2IEZTr+Ie9+N+fy53FwnK0Hfn9ZzC8eH2GWI
+pdDeCRNUlNbwFcNIbpOlo7HelDLxWvrLexIhdbEsZYfK98sCDkHAg8J1UtjiRXDnWOyamx
+MYL1FfzQG1dl/d5uR5OH8H0ULsu/PgJYGtNeumS7phEJOoqVjrWEoGCte3WEDdLl9kOxJz
+8B6JR1U0DifuSr64LrCuaLXjSd0RMQ/pqJdUfpyjVhBg+voS78b0J2CrMT6iFlVTgiJN/U
+wvCx4lh970xWzf/wwpRGN8aYM3oCZs/bDtDVwJxMttMFn/3dNTa6+E0/g3vPWM+o+/FUz+
+OKptMFTGqCLNwtLatTSRWFG3xu/5hIH8zlcSjycgu8GHeYjq3PRZdy2dFsAW9pUiaPIdHD
+PjoQgl13NZvl5NZYUDTKGqOnowLkI00NvoGlCqCtdMHtZ+ZMVZpFhgYBTnM+AprRbtiwWq
+JFRmwJlqDYZd+J1ugxuzS1UeN2lzs56GOPFnjqkhelrHxqq45H6KRNLEyCxyI6BhFFO69C
+Qest9C8MkpXOjU1+9MAXJ6JPbJJT5o2Fm1r6W7IlpMVifgDya2dSkvUBV/bUrRTB1jWAlN
++dwlacXiJrOEmllFNQr7ZG4aIN+tCGnRPO3LBIy5EQqORaM6XxmlN0Ok4KELiVQz+lYRx4
+KgREH9C7Bfh9GKZJQL7aWXb8+GgkD4WGN77iwKu6LIE6mOogapRn71Ci80/+NL6uMCrBKl
+uArsYelYs+3iZDAfRb67cqDSYWIm2uWJ9j6ZePWjqB7etXLfheIgPEXALsHfbzFqVxqeqZ
+8hIoe2BIrWxdAKSk0ZBeGhU+8pWqNNfr3FAbelg7en3/3hddLFKYJnImCsJnUESdySg0nL
+s/IjFJJoVg1KhtMsGH5nJyDBLRRSk2hIQ86OKbsWmtQV81kwLpssDBAtvI46Yi3aR1jqof
+S5QDHEI2fEhbvSFhdY26Vt9M+NGxYRASMoak6f6CYAC9xAG3BHjiBiEPzhkK6vmcfjjX+4
++y5RZ3i75Vodx9N1FYWlhGo/430Q8E1IlWSAYlW7elypTnrfpHhTBJ5KN/cH0jRECai4gr
+ABMNge5w==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAACNC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+UZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGPE/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7ATB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIaMk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9"
         set source built-in
     next
     edit "g-Fortinet_SSH_CA_Untrusted"
-        set password ENC C75M3v+6eY+5hbN9M8q/qLpY+x1IqHQr6t6tRQ2MEEQGcXvNtJ8kzEhFg94C2IWzUch8ji1x85olAZuke2eArdZdGDnE01JuNzHhAAmjwwrJSoGFynxexCnaVDO4NOiGd8kaxQB7WQ/utKWlKxF6d/V/IbbbaXvPMwL27fVutjboORJAjH/S/BA70mspFDWElyemQA==
+        set password ENC t6eGGePNlk0Z4EvPfMNB8IcOO57g4yf1iFGa7Eiyq+4x2c78Ky1zd9tnmCkWJk/qBMbouDBcYF0A4wXHkoEVLRgXJp3f4IyGnS8tQedMZhTrcBPpH2Tm4twMIQAtAN1HddHxhvZEs2Fate3KAzhI8KmjXgzyALCGPRASC+KrN1bXxv+apdDO6MhvIs/UwTO/n9rFVg==
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBU2aLPen
-uU59+GRRZCZgSJAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABD/KlvLSV
+ypHyY6ugUeE/hMAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9
 RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lE
 ZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eU
 iw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFG
 Xi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mv
-NVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZlAAADwEWDeIVUpNfN6N
-N9tfe7OnulqQ3OdP7T7M8A596uBvR4P1G7BAcPgC+xoTQP+W94crBOhoq49mlZJBJGnPwg
-+ufxwO8eg8NUAPyMAaS6M8yaTcFvopwbZnMo8Ioey1rX/1JD0W+RJwV7N8FM95waqsjDnB
-fLQy2F8KvzvycsQF4ATAVPbrkcaED3JxQEiHtlMZuIuCtB3Gq0xYJ6sz84NpW2aXlPFzuu
-80YhUVuD7oZESSRIzMZ35/Td1rXeP/JOgFkrL0NSb7RgaHDqFKE4LHC+o+NgskxRPumlhb
-H160LskSooMIVZCKGTii/c1Ipo2YVrAeaUrxgRSGQPeHJ4pivs8/bYP9fd1AHQ64UTX56x
-P60fOA9lhwQtnlox+7J6H1biMMrwboqpI/19y+Qmfd35jbIUTwzxbEeqw55Vxcn29FGU1S
-CtkHwyGB38OFFlawdb05PMT3X5KKXmss8ge4xAoRXooNbVAy6p9R0jrSyU1CKvnYoXPyjd
-nEa6FBZTJNo9ygt0TnlNYEpdaCmiknxMxxnHN3oVLpSLeEHjEqFIXwr+322OqN1Wt90pD0
-QV/5UxiT+bX55IYcz0F9Y05kw60Okc/Gy6NGPyOjuLpHGgVWI+WDueR5sBFP3nQmUjvCi6
-jzzTNgSQV9ED9klycj4NCqNZvbqHAE3PKp5hRkUZ4GB8aGb2NzuUs3cx+JDgLxIW5QC6v6
-kfgc1FAYaVH2cm+FHX+pt+uSqB38RE10lnfnR1oG3ldegelN4lJYkibIafYynDrzv1Xi8j
-Oqd4z/ds41KcGll9gsWclP7MmhL2s6w/cOOwRvZRDNknK1uA111B+yPdsuA78N0ACYulAX
-HT1aiEnwFjfaZauBSPtJex0TbjAQWZ5b6+0XAjkfru+ptV9GfMEsQpfHBIge4JmkcXCFoE
-czjAqskJ9YddKe2FfJGxc1jMCkmA+h/2oR8OyMUSGXxTwKLPabeUFwBuPKH56PqAjIPoKW
-4h+EPfOx3pPY92rDvZ/ETBNf+o/vvxkOPmh3TSRoo2knQvNuWiQ7OPGXrXa0PeZ1UvDRuU
-PMTkbpooKletk49Jw8WOzUqIRd8yF8g2i8tzZ2Xlr8RnOLRBsOzXagjBGyk56kAMhaOOrm
-n+MTbxpM61zYilvCOBeSIvzWp4DjjqXfuFcEpzEHDTZ9Yvz474s1qinmgEibtYSoY61d9d
-QxAI2xneFlb207A+/PTuFaDoCE9g/CD17Rc+WoCP0eU8p/yaLpWIq0JQyEXK48vKCJcVvM
-gs3wZo+Q==
+NVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZlAAADwDMtKa5JA56wxK
+0V/lnCF4yiSneXjb/G6Sdt6RMxopk4ZeIrHTzQYZejJcYWY4fq/1Ifu/bhWryo4fimHzQB
+Emd8yKx3JVno0jqb+DXgC0ggoOVyEoSxImfjeX9utZifTv7IDppx5JIUy9fV0uTa3K4OH+
+xhExXukD4qKjlkmOoa1+Pn8GuuayjIzWY/45Vvmgx6cRQJ2zK9YzMrf+1atXJzEmjsQ0t/
+UZd0hWfYfTebwR0JTt3tF9nUJPMx8vI564EuHz+xN1I7CQdj+Oif2bTyv3Fu/3yKQuAm6n
+NRDCNj+NgMHyAu5q6rxIqHTH4oZnJ0OQwu1Gsk8FhzMHZdW7ZHOIxihR71axts/g5NuBri
+aUyfDT6X6w847kQO/ijODuTD3N0lnsPQMWCijRUrF4F0l3D2hXM1fNVELAHkO1hO27LSrC
+iNWtrhbn1NmJSitwYSieTTczKa6+TkRg31w52JR8Cjpk0Q/9Xih8p5m48Ywo35ZBWE3jC4
+NGeXKX5t8hNilVuHb6amgNXtoREM178ursALABc4uPoqV5jdKjZ5HfDgxPayJP0a02iD3F
+zpXvq5+Povk0WbuRW0cOg6Xri3pL5zr0YrGysKKV02urJv7AMRr3e81kzIs6hGDAdFRZEB
+VaLk8e8GIm1KdutZ5VyunrhEEQuXjwRbgUMHWbLYGyl6NcR6VrTR3mAxietZJ+vpO/j1U+
+jL+RcZwQs2RF0l/sKJ4GYXEKG1Dg7HaduzQVX5MZMkf4YDs43SZMCP2gecIKrqZpn9MEGk
+1JewLIQq7bioSpXHzLgE6WyXVLsNNWrEv1/BxJIKtZ5BySsL8H14kzQYZxcobQ3jZX3GSL
+eaPyZwBs+M5VadHELZp61eUB1+OGMYQOHogihV5KRfudQAjmtak3e5xDtmXzrNaKF+webM
+vMvSL6na2ADlDjS5m6FB4SQhcO/e4DERGKHZVV0r00CSamcTDCtcBHXNkoIQJVH0+uZxfo
+/5Tzu5Nsy6QieR3zwT7Jqv3jgJt7hnhm3tjE+eomJ7i05qYihnvj0XAAtRllhq25UhJXh1
+Uaw0c0H18jz0NP63FbFNXcPJJrhQkiELsZvNDi/U+XvbLlwwZZjXYrzSB7Gi1ImFRx85/S
+pkYR0drWgEM1k17hqSpS6RxxnL4ReX4UuwC8pJnkHFkmlz6oFWGJC07qcS7WXaTTLnvKNn
+vf2tdICS8wHNDfNVNnLha8hJHEZ3s6CwPVAZ+/M3YB4/RsSiK0D6aTTfcJi0aluTZtYF02
+PWD7d7mw==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lEZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eUiw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFGXi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mvNVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZl"
@@ -39934,16060 +39973,8 @@ config router isis
     set adv-passive-only6 disable
     set auth-mode-l1 password
     set auth-mode-l2 password
-    set auth-password-l1 ENC TCYx3/K51Fed0UjjXkzeMYeWQsXGkkpXiFOCeKYtbITCPz4mrL/JQG8nF8pzMihrELR4gNag+2iXW5+2m1Fy9oLrL3dARmrW/Af3kIuFyDQm+EjjG3ZGPjxD27F21AmsS0ctHd/TxCQ83zXUFmMHUe9S9FCMsj7Sg3WXq0Yp/qA211giD1/9PPcvigDQIm7C7NpHSg==
-    set auth-password-l2 ENC eDFkihXgqpx+VXFFpV/oYhJOpoZaDR9LQF7Rz09t9yNvPY4m56VjdQAbBeLT4WtY5eU6prjBw0A7joQQaK3PjIILVRqRIJUssO+A3Nf9+iVJQ++849OWS6HzgLfFXsUvua2KkwVNAgQbvaHwImhnWXzCiNHndTfMpXgfuiIt1Yh2J2U68coGm2n7dZhZSK0Ulsu/Aw==
-    set auth-sendonly-l1 disable
-    set auth-sendonly-l2 disable
-    set ignore-lsp-errors disable
-    set lsp-gen-interval-l1 30
-    set lsp-gen-interval-l2 30
-    set lsp-refresh-interval 900
-    set max-lsp-lifetime 1200
-    set spf-interval-exp-l1 500 50000
-    set spf-interval-exp-l2 500 50000
-    set dynamic-hostname disable
-    set adjacency-check disable
-    set adjacency-check6 disable
-    set overload-bit disable
-    unset overload-bit-suppress
-    set overload-bit-on-startup 0
-    set default-originate disable
-    set default-originate6 disable
-    set metric-style narrow
-    set redistribute-l1 disable
-    set redistribute-l2 disable
-    set redistribute6-l1 disable
-    set redistribute6-l2 disable
-    config redistribute "connected"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute "rip"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute "ospf"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute "bgp"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute "static"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute6 "connected"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute6 "rip"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute6 "ospf"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute6 "bgp"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute6 "static"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-end
-config router multicast-flow
-end
-config router multicast
-    set route-limit 2147483647
-    set multicast-routing disable
-    config pim-sm-global
-        set message-interval 60
-        set join-prune-holdtime 210
-        set accept-register-list ''
-        set accept-source-list ''
-        set bsr-candidate disable
-        set bsr-allow-quick-refresh disable
-        set cisco-register-checksum disable
-        set cisco-crp-prefix disable
-        set cisco-ignore-rp-set-priority disable
-        set register-rp-reachability enable
-        set register-source disable
-        set register-supression 60
-        set null-register-retries 1
-        set rp-register-keepalive 185
-        set spt-threshold enable
-        set ssm disable
-        set register-rate-limit 0
-        set spt-threshold-group ''
-    end
-end
-config router multicast6
-    set multicast-routing disable
-    config pim-sm-global
-    end
-end
-config router auth-path
-end
-config router setting
-    set show-filter ''
-    set hostname ''
-end
-config router bfd
-end
-config router bfd6
-end
-config system proxy-arp
-end
-config system link-monitor
-end
-config system wccp
-end
-config system dns64
-    set status disable
-    set dns64-prefix 64:ff9b::/96
-    set always-synthesize-aaaa-record enable
-end
-config system nd-proxy
-    set status disable
-end
-config system vne-tunnel
-    set status disable
-end
-end
-
-config vdom
-edit Policy
-config wireless-controller hotspot20 anqp-venue-name
-end
-config wireless-controller hotspot20 anqp-venue-url
-end
-config wireless-controller hotspot20 anqp-network-auth-type
-end
-config wireless-controller hotspot20 anqp-roaming-consortium
-end
-config wireless-controller hotspot20 anqp-nai-realm
-end
-config wireless-controller hotspot20 anqp-3gpp-cellular
-end
-config wireless-controller hotspot20 anqp-ip-address-type
-end
-config wireless-controller hotspot20 h2qp-operator-name
-end
-config wireless-controller hotspot20 h2qp-wan-metric
-end
-config wireless-controller hotspot20 h2qp-conn-capability
-end
-config wireless-controller hotspot20 icon
-end
-config wireless-controller hotspot20 h2qp-osu-provider
-end
-config wireless-controller hotspot20 qos-map
-end
-config wireless-controller hotspot20 h2qp-advice-of-charge
-end
-config wireless-controller hotspot20 h2qp-osu-provider-nai
-end
-config wireless-controller hotspot20 h2qp-terms-and-conditions
-end
-config wireless-controller hotspot20 hs-profile
-end
-config wireless-controller vap
-end
-config system object-tagging
-    edit "default"
-        set address optional
-        set device optional
-        set interface optional
-        set multiple enable
-        set color 0
-    next
-end
-config switch-controller traffic-policy
-    edit "quarantine"
-        set description "Rate control for quarantined traffic"
-        set policer-status enable
-        set guaranteed-bandwidth 163840
-        set guaranteed-burst 8192
-        set maximum-burst 163840
-        set cos-queue 0
-    next
-    edit "sniffer"
-        set description "Rate control for sniffer mirrored traffic"
-        set policer-status enable
-        set guaranteed-bandwidth 50000
-        set guaranteed-burst 8192
-        set maximum-burst 163840
-        set cos-queue 0
-    next
-end
-config switch-controller fortilink-settings
-end
-config system stp
-    set switch-priority 32768
-    set hello-time 2
-    set forward-delay 15
-    set max-age 20
-    set max-hops 20
-end
-config system settings
-    set comments "Test VDOM for Policy-based"
-    set opmode nat
-    set policy-offload-level disable
-    set ngfw-mode policy-based
-    set http-external-dest fortiweb
-    set firewall-session-dirty check-all
-    set bfd disable
-    set utf8-spam-tagging enable
-    set wccp-cache-engine disable
-    set vpn-stats-log ipsec pptp l2tp ssl
-    set vpn-stats-period 600
-    set v4-ecmp-mode source-ip-based
-    set fw-session-hairpin disable
-    set prp-trailer-action disable
-    set snat-hairpin-traffic enable
-    set dhcp-proxy disable
-    set lldp-reception global
-    set lldp-transmission global
-    set link-down-access enable
-    set nat46-generate-ipv6-fragment-header disable
-    set nat46-force-ipv4-packet-forwarding disable
-    set nat64-force-ipv6-packet-forwarding enable
-    set auxiliary-session disable
-    set asymroute disable
-    set asymroute-icmp disable
-    set ses-denied-traffic disable
-    set strict-src-check disable
-    set allow-linkdown-path disable
-    set asymroute6 disable
-    set asymroute6-icmp disable
-    set sctp-session-without-init disable
-    set sip-expectation disable
-    set sip-nat-trace enable
-    set h323-direct-model enable
-    set status enable
-    set sip-tcp-port 5060
-    set sip-udp-port 5060
-    set sip-ssl-port 5061
-    set sccp-port 2000
-    set multicast-forward enable
-    set multicast-ttl-notchange disable
-    set allow-subnet-overlap disable
-    set deny-tcp-with-icmp disable
-    set ecmp-max-paths 255
-    set discovered-device-timeout 28
-    set email-portal-check-dns enable
-    set default-voip-alg-mode proxy-based
-    set gui-implicit-policy enable
-    set gui-dns-database disable
-    set gui-load-balance disable
-    set gui-multicast-policy disable
-    set gui-dos-policy enable
-    set gui-object-colors enable
-    set gui-ap-profile enable
-    set gui-security-profile-group disable
-    set gui-local-in-policy disable
-    set gui-dynamic-routing enable
-    set gui-sslvpn-personal-bookmarks disable
-    set gui-sslvpn-realms disable
-    set gui-threat-weight enable
-    set gui-spamfilter disable
-    set gui-file-filter disable
-    set gui-ips enable
-    set gui-endpoint-control enable
-    set gui-endpoint-control-advanced disable
-    set gui-dhcp-advanced enable
-    set gui-vpn enable
-    set gui-wireless-controller enable
-    set gui-switch-controller enable
-    set gui-fortiap-split-tunneling disable
-    set gui-webfilter-advanced disable
-    set gui-traffic-shaping enable
-    set gui-wan-load-balancing enable
-    set gui-antivirus enable
-    set gui-webfilter enable
-    set gui-videofilter enable
-    set gui-advanced-policy disable
-    set gui-allow-unnamed-policy disable
-    set gui-email-collection disable
-    set gui-multiple-interface-policy disable
-    set gui-ztna enable
-    set location-id 0.0.0.0
-    set ike-session-resume disable
-    set ike-quick-crash-detect disable
-    set ike-dn-format with-space
-    set ike-port 500
-    set ike-policy-route disable
-    set block-land-attack disable
-    set application-bandwidth-tracking disable
-end
-config system sit-tunnel
-end
-config system arp-table
-end
-config system ipv6-neighbor-cache
-end
-config system vdom-sflow
-    set vdom-sflow disable
-    set interface-select-method auto
-end
-config system vdom-netflow
-    set vdom-netflow disable
-    set interface-select-method auto
-end
-config system vdom-dns
-    set vdom-dns disable
-    set alt-primary 0.0.0.0
-    set alt-secondary 0.0.0.0
-end
-config system replacemsg-group
-    edit "default"
-        set comment "Default replacement message group."
-        set group-type default
-    next
-end
-config system session-ttl
-    set default 3600
-end
-config system dhcp server
-end
-config system dhcp6 server
-end
-config system zone
-end
-config firewall address
-    edit "none"
-        set uuid bde11ce6-3520-51ed-9974-a5b4264be0b3
-        set type ipmask
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set subnet 0.0.0.0 255.255.255.255
-    next
-    edit "login.microsoftonline.com"
-        set uuid bde12b0a-3520-51ed-d2a0-e807d4a14a3f
-        set type fqdn
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set fqdn "login.microsoftonline.com"
-        set cache-ttl 0
-    next
-    edit "login.microsoft.com"
-        set uuid bde139e2-3520-51ed-d55f-33931d299d78
-        set type fqdn
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set fqdn "login.microsoft.com"
-        set cache-ttl 0
-    next
-    edit "login.windows.net"
-        set uuid bde14b94-3520-51ed-a1e7-319da9a479ea
-        set type fqdn
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set fqdn "login.windows.net"
-        set cache-ttl 0
-    next
-    edit "gmail.com"
-        set uuid bde158b4-3520-51ed-b71e-57f937fa40cb
-        set type fqdn
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set fqdn "gmail.com"
-        set cache-ttl 0
-    next
-    edit "wildcard.google.com"
-        set uuid bde165c0-3520-51ed-0783-860a2a214ffd
-        set type fqdn
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set fqdn "*.google.com"
-        set cache-ttl 0
-    next
-    edit "wildcard.dropbox.com"
-        set uuid bde17240-3520-51ed-a328-5346f2fa7447
-        set type fqdn
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set fqdn "*.dropbox.com"
-        set cache-ttl 0
-    next
-    edit "SSLVPN_TUNNEL_ADDR1"
-        set uuid bde88710-3520-51ed-728e-76461d6221fe
-        set type iprange
-        set comment ''
-        set color 0
-        set fabric-object disable
-        set start-ip 10.212.134.200
-        set end-ip 10.212.134.210
-    next
-    edit "all"
-        set uuid bde8d012-3520-51ed-6285-eddc784a24b1
-        set type ipmask
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set subnet 0.0.0.0 0.0.0.0
-    next
-    edit "FIREWALL_AUTH_PORTAL_ADDRESS"
-        set uuid bde8d1f2-3520-51ed-0936-132ed3b829c9
-        set type ipmask
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set subnet 0.0.0.0 0.0.0.0
-    next
-    edit "FABRIC_DEVICE"
-        set uuid bde8d3c8-3520-51ed-3305-2f204031c35c
-        set type ipmask
-        set comment "IPv4 addresses of Fabric Devices."
-        set associated-interface ''
-        set color 0
-        set fabric-object disable
-        set subnet 0.0.0.0 0.0.0.0
-    next
-    edit "FCTEMS_ALL_FORTICLOUD_SERVERS"
-        set uuid 516aa2ce-3522-51ed-0c4a-0d18239acea9
-        set type dynamic
-        set sub-type ems-tag
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set fabric-object disable
-        set obj-tag ''
-        set obj-type ip
-        set tag-detection-level ''
-        set tag-type ''
-    next
-end
-config firewall multicast-address
-    edit "all_hosts"
-        set type multicastrange
-        set start-ip 224.0.0.1
-        set end-ip 224.0.0.1
-        set comment ''
-        set associated-interface ''
-        set color 0
-    next
-    edit "all_routers"
-        set type multicastrange
-        set start-ip 224.0.0.2
-        set end-ip 224.0.0.2
-        set comment ''
-        set associated-interface ''
-        set color 0
-    next
-    edit "Bonjour"
-        set type multicastrange
-        set start-ip 224.0.0.251
-        set end-ip 224.0.0.251
-        set comment ''
-        set associated-interface ''
-        set color 0
-    next
-    edit "EIGRP"
-        set type multicastrange
-        set start-ip 224.0.0.10
-        set end-ip 224.0.0.10
-        set comment ''
-        set associated-interface ''
-        set color 0
-    next
-    edit "OSPF"
-        set type multicastrange
-        set start-ip 224.0.0.5
-        set end-ip 224.0.0.6
-        set comment ''
-        set associated-interface ''
-        set color 0
-    next
-    edit "all"
-        set type multicastrange
-        set start-ip 224.0.0.0
-        set end-ip 239.255.255.255
-        set comment ''
-        set associated-interface ''
-        set color 0
-    next
-end
-config firewall address6-template
-end
-config firewall address6
-    edit "all"
-        set uuid bde1bfa2-3520-51ed-7b6a-7bad8cadabaa
-        set type ipprefix
-        set ip6 ::/0
-        set color 0
-        set comment ''
-        set fabric-object disable
-    next
-    edit "none"
-        set uuid bde1c8d0-3520-51ed-d759-9123906c2212
-        set type ipprefix
-        set ip6 ::/128
-        set color 0
-        set comment ''
-        set fabric-object disable
-    next
-    edit "SSLVPN_TUNNEL_IPv6_ADDR1"
-        set uuid bde88a26-3520-51ed-47a2-8ac186cdb86d
-        set type ipprefix
-        set ip6 fdff:ffff::/120
-        set color 0
-        set comment ''
-        set fabric-object disable
-    next
-end
-config firewall multicast-address6
-    edit "all"
-        set ip6 ff00::/8
-        set comment ''
-        set color 0
-    next
-end
-config system ipv6-tunnel
-end
-config firewall addrgrp
-    edit "G Suite"
-        set type default
-        set category default
-        set uuid bde18140-3520-51ed-b156-8feccd84c03c
-        set member "gmail.com" "wildcard.google.com"
-        set comment ''
-        set exclude disable
-        set color 0
-        set fabric-object disable
-    next
-    edit "Microsoft Office 365"
-        set type default
-        set category default
-        set uuid bde19b44-3520-51ed-cc72-40627cfd767c
-        set member "login.microsoftonline.com" "login.microsoft.com" "login.windows.net"
-        set comment ''
-        set exclude disable
-        set color 0
-        set fabric-object disable
-    next
-end
-config firewall addrgrp6
-end
-config firewall wildcard-fqdn custom
-    edit "g-Adobe Login"
-        set uuid b5c2c426-7e12-51ec-c8c7-42a0753234df
-        set wildcard-fqdn "*.adobelogin.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-Gotomeeting"
-        set uuid b5c2d1dc-7e12-51ec-0033-c7d538e5fdef
-        set wildcard-fqdn "*.gotomeeting.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-Windows update 2"
-        set uuid b5c2d93e-7e12-51ec-1050-7b6ae64065ac
-        set wildcard-fqdn "*.windowsupdate.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-adobe"
-        set uuid b5c2c30e-7e12-51ec-1da6-1db9bca6406e
-        set wildcard-fqdn "*.adobe.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-android"
-        set uuid b5c2c520-7e12-51ec-66f1-404afb0dad1a
-        set wildcard-fqdn "*.android.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-apple"
-        set uuid b5c2c61a-7e12-51ec-b2cc-2b03b1ad8ac0
-        set wildcard-fqdn "*.apple.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-appstore"
-        set uuid b5c2c714-7e12-51ec-072f-a8d60b6da6c9
-        set wildcard-fqdn "*.appstore.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-auth.gfx.ms"
-        set uuid b5c2c80e-7e12-51ec-3653-8016dcbc28a4
-        set wildcard-fqdn "*.auth.gfx.ms"
-        set color 0
-        set comment ''
-    next
-    edit "g-autoupdate.opera.com"
-        set uuid b5c2de52-7e12-51ec-9c10-927947a6ab3a
-        set wildcard-fqdn "*autoupdate.opera.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-cdn-apple"
-        set uuid 4fcf159e-7cda-51ed-d7ef-7d1c0f82091c
-        set wildcard-fqdn "*.cdn-apple.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-citrix"
-        set uuid b5c2c908-7e12-51ec-01b1-b38ce4989cbb
-        set wildcard-fqdn "*.citrixonline.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-dropbox.com"
-        set uuid b5c2ca02-7e12-51ec-43dc-489077effa44
-        set wildcard-fqdn "*.dropbox.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-eease"
-        set uuid b5c2cafc-7e12-51ec-0777-7e7243cc25fe
-        set wildcard-fqdn "*.eease.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-firefox update server"
-        set uuid b5c2cbf6-7e12-51ec-d213-27b68033a384
-        set wildcard-fqdn "aus*.mozilla.org"
-        set color 0
-        set comment ''
-    next
-    edit "g-fortinet"
-        set uuid b5c2ccf0-7e12-51ec-0b36-46ab64c1ba89
-        set wildcard-fqdn "*.fortinet.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-google-drive"
-        set uuid b5c2cee4-7e12-51ec-9ea0-220ca0ebde0f
-        set wildcard-fqdn "*drive.google.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-google-play"
-        set uuid b5c2db46-7e12-51ec-efc3-be1c278ba621
-        set wildcard-fqdn "*play.google.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-google-play2"
-        set uuid b5c2cfde-7e12-51ec-3f42-4089eb70f096
-        set wildcard-fqdn "*.ggpht.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-google-play3"
-        set uuid b5c2d0d8-7e12-51ec-b5df-6cd900ac767d
-        set wildcard-fqdn "*.books.google.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-googleapis.com"
-        set uuid b5c2cdea-7e12-51ec-c49f-497c9a8f0cc4
-        set wildcard-fqdn "*.googleapis.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-icloud"
-        set uuid b5c2d344-7e12-51ec-c8c1-97b23449d39e
-        set wildcard-fqdn "*.icloud.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-itunes"
-        set uuid b5c2d452-7e12-51ec-d0f4-1605cffaa5b0
-        set wildcard-fqdn "*itunes.apple.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-live.com"
-        set uuid b5c2da42-7e12-51ec-980b-fefb8446bc74
-        set wildcard-fqdn "*.live.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-microsoft"
-        set uuid b5c2d54c-7e12-51ec-66f6-895f67d8072d
-        set wildcard-fqdn "*.microsoft.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-mzstatic-apple"
-        set uuid 4fcf1652-7cda-51ed-df9f-4d198b596ae5
-        set wildcard-fqdn "*.mzstatic.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-skype"
-        set uuid b5c2d646-7e12-51ec-2218-dc4a982afb68
-        set wildcard-fqdn "*.messenger.live.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-softwareupdate.vmware.com"
-        set uuid b5c2d740-7e12-51ec-15f8-f8ef25f4ea30
-        set wildcard-fqdn "*.softwareupdate.vmware.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-swscan.apple.com"
-        set uuid b5c2dd44-7e12-51ec-5fa2-8d51ab678ea9
-        set wildcard-fqdn "*swscan.apple.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-update.microsoft.com"
-        set uuid b5c2dc40-7e12-51ec-7df9-3371c69c0ffb
-        set wildcard-fqdn "*update.microsoft.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-verisign"
-        set uuid b5c2d83a-7e12-51ec-e82e-ffa878b96855
-        set wildcard-fqdn "*.verisign.com"
-        set color 0
-        set comment ''
-    next
-end
-config firewall wildcard-fqdn group
-end
-config firewall service category
-    edit "General"
-        set comment "General services."
-        set fabric-object disable
-    next
-    edit "Web Access"
-        set comment "Web access."
-        set fabric-object disable
-    next
-    edit "File Access"
-        set comment "File access."
-        set fabric-object disable
-    next
-    edit "Email"
-        set comment "Email services."
-        set fabric-object disable
-    next
-    edit "Network Services"
-        set comment "Network services."
-        set fabric-object disable
-    next
-    edit "Authentication"
-        set comment "Authentication service."
-        set fabric-object disable
-    next
-    edit "Remote Access"
-        set comment "Remote access."
-        set fabric-object disable
-    next
-    edit "Tunneling"
-        set comment "Tunneling service."
-        set fabric-object disable
-    next
-    edit "VoIP, Messaging & Other Applications"
-        set comment "VoIP, messaging, and other applications."
-        set fabric-object disable
-    next
-    edit "Web Proxy"
-        set comment "Explicit web proxy."
-        set fabric-object disable
-    next
-end
-config firewall service custom
-    edit "DNS"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 53
-        set udp-portrange 53
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "HTTP"
-        set proxy disable
-        set category "Web Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 80
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "HTTPS"
-        set proxy disable
-        set category "Web Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 443
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "IMAP"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 143
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "IMAPS"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 993
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "LDAP"
-        set proxy disable
-        set category "Authentication"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 389
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "DCE-RPC"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 135
-        set udp-portrange 135
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "POP3"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 110
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "POP3S"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 995
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SAMBA"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 139
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SMTP"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 25
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SMTPS"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 465
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "KERBEROS"
-        set proxy disable
-        set category "Authentication"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 88 464
-        set udp-portrange 88 464
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "LDAP_UDP"
-        set proxy disable
-        set category "Authentication"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 389
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SMB"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 445
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "FTP"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 21
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "FTP_GET"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 21
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "FTP_PUT"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 21
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "ALL"
-        set proxy disable
-        set category "General"
-        set protocol IP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set protocol-number 0
-    next
-    edit "ALL_TCP"
-        set proxy disable
-        set category "General"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1-65535
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "ALL_UDP"
-        set proxy disable
-        set category "General"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 1-65535
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "ALL_ICMP"
-        set proxy disable
-        set category "General"
-        set protocol ICMP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        unset icmptype
-    next
-    edit "ALL_ICMP6"
-        set proxy disable
-        set category "General"
-        set protocol ICMP6
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        unset icmptype
-    next
-    edit "GRE"
-        set proxy disable
-        set category "Tunneling"
-        set protocol IP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set protocol-number 47
-    next
-    edit "AH"
-        set proxy disable
-        set category "Tunneling"
-        set protocol IP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set protocol-number 51
-    next
-    edit "ESP"
-        set proxy disable
-        set category "Tunneling"
-        set protocol IP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set protocol-number 50
-    next
-    edit "AOL"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 5190-5194
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "BGP"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 179
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "DHCP"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 67-68
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "FINGER"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 79
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "GOPHER"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 70
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "H323"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1720 1503
-        set udp-portrange 1719
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "IKE"
-        set proxy disable
-        set category "Tunneling"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 500 4500
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "Internet-Locator-Service"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 389
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "IRC"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 6660-6669
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "L2TP"
-        set proxy disable
-        set category "Tunneling"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1701
-        set udp-portrange 1701
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "NetMeeting"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1720
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "NFS"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 111 2049
-        set udp-portrange 111 2049
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "NNTP"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 119
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "NTP"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 123
-        set udp-portrange 123
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "OSPF"
-        set proxy disable
-        set category "Network Services"
-        set protocol IP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set protocol-number 89
-    next
-    edit "PC-Anywhere"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 5631
-        set udp-portrange 5632
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "PING"
-        set proxy disable
-        set category "Network Services"
-        set protocol ICMP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set icmptype 8
-        unset icmpcode
-    next
-    edit "TIMESTAMP"
-        set proxy disable
-        set category ''
-        set protocol ICMP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set icmptype 13
-        unset icmpcode
-    next
-    edit "INFO_REQUEST"
-        set proxy disable
-        set category ''
-        set protocol ICMP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set icmptype 15
-        unset icmpcode
-    next
-    edit "INFO_ADDRESS"
-        set proxy disable
-        set category ''
-        set protocol ICMP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set icmptype 17
-        unset icmpcode
-    next
-    edit "ONC-RPC"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 111
-        set udp-portrange 111
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "PPTP"
-        set proxy disable
-        set category "Tunneling"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1723
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "QUAKE"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 26000 27000 27910 27960
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RAUDIO"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 7070
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "REXEC"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 512
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RIP"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 520
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RLOGIN"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 513:512-1023
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RSH"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 514:512-1023
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SCCP"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 2000
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SIP"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 5060
-        set udp-portrange 5060
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SIP-MSNmessenger"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1863
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SNMP"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 161-162
-        set udp-portrange 161-162
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SSH"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 22
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SYSLOG"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 514
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "TALK"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 517-518
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "TELNET"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 23
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "TFTP"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 69
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "MGCP"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 2427 2727
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "UUCP"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 540
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "VDOLIVE"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 7000-7010
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "WAIS"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 210
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "WINFRAME"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1494 2598
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "X-WINDOWS"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 6000-6063
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "PING6"
-        set proxy disable
-        set category ''
-        set protocol ICMP6
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set icmptype 128
-        unset icmpcode
-    next
-    edit "MS-SQL"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1433 1434
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "MYSQL"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 3306
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RDP"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 3389
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "VNC"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 5900
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "DHCP6"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 546 547
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SQUID"
-        set proxy disable
-        set category "Tunneling"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 3128
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SOCKS"
-        set proxy disable
-        set category "Tunneling"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1080
-        set udp-portrange 1080
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "WINS"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1512
-        set udp-portrange 1512
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RADIUS"
-        set proxy disable
-        set category "Authentication"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 1812 1813
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RADIUS-OLD"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 1645 1646
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "CVSPSERVER"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 2401
-        set udp-portrange 2401
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "AFS3"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 7000-7009
-        set udp-portrange 7000-7009
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "TRACEROUTE"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 33434-33535
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RTSP"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 554 7070 8554
-        set udp-portrange 554
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "MMS"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1755
-        set udp-portrange 1024-5000
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "NONE"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 0
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "webproxy"
-        set proxy enable
-        set category "Web Proxy"
-        set protocol ALL
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set app-service-type disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 0-65535:0-65535
-    next
-end
-config firewall service group
-    edit "Email Access"
-        set proxy disable
-        set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
-        set comment ''
-        set color 0
-        set fabric-object disable
-    next
-    edit "Web Access"
-        set proxy disable
-        set member "DNS" "HTTP" "HTTPS"
-        set comment ''
-        set color 0
-        set fabric-object disable
-    next
-    edit "Windows AD"
-        set proxy disable
-        set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
-        set comment ''
-        set color 0
-        set fabric-object disable
-    next
-    edit "Exchange Server"
-        set proxy disable
-        set member "DCE-RPC" "DNS" "HTTPS"
-        set comment ''
-        set color 0
-        set fabric-object disable
-    next
-end
-config firewall internet-service-group
-end
-config firewall internet-service-extension
-end
-config firewall internet-service-custom
-end
-config firewall internet-service-custom-group
-end
-config system external-resource
-end
-config vpn certificate ca
-end
-config vpn certificate remote
-end
-config vpn certificate local
-    edit "Fortinet_CA_SSL"
-        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_CA_Untrusted"
-        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_RSA1024"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_RSA2048"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_RSA4096"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_DSA1024"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_DSA2048"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_ECDSA256"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_ECDSA384"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_ECDSA521"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_ED25519"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_ED448"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-end
-config vpn certificate crl
-end
-config vpn certificate ocsp-server
-end
-config vpn certificate setting
-    set ocsp-status disable
-    set ocsp-option server
-    set ocsp-default-server ''
-    set interface-select-method auto
-    set check-ca-cert enable
-    set check-ca-chain disable
-    set subject-match substring
-    set subject-set subset
-    set cn-match substring
-    set cn-allow-multi enable
-    config crl-verification
-        set expiry ignore
-        set leaf-crl-absence ignore
-        set chain-crl-absence ignore
-    end
-    set strict-ocsp-check disable
-    set ssl-min-proto-version default
-    set cmp-save-extra-certs disable
-    set cmp-key-usage-checking enable
-    set certname-rsa1024 "Fortinet_SSL_RSA1024"
-    set certname-rsa2048 "Fortinet_SSL_RSA2048"
-    set certname-rsa4096 "Fortinet_SSL_RSA4096"
-    set certname-dsa1024 "Fortinet_SSL_DSA1024"
-    set certname-dsa2048 "Fortinet_SSL_DSA2048"
-    set certname-ecdsa256 "Fortinet_SSL_ECDSA256"
-    set certname-ecdsa384 "Fortinet_SSL_ECDSA384"
-    set certname-ecdsa521 "Fortinet_SSL_ECDSA521"
-    set certname-ed25519 "Fortinet_SSL_ED25519"
-    set certname-ed448 "Fortinet_SSL_ED448"
-end
-config webfilter ftgd-local-cat
-    edit "custom1"
-        set status enable
-        set id 140
-    next
-    edit "custom2"
-        set status enable
-        set id 141
-    next
-end
-config ips sensor
-    edit "g-default"
-        set comment "Prevent critical attacks."
-        set replacemsg-group ''
-        set block-malicious-url disable
-        set scan-botnet-connections disable
-        set extended-log disable
-        config entries
-            edit 1
-                set location all
-                set severity medium high critical 
-                set protocol all
-                set os all
-                set application all
-                set status default
-                set log enable
-                set log-packet disable
-                set log-attack-context disable
-                set action default
-                set quarantine none
-            next
-        end
-    next
-    edit "g-sniffer-profile"
-        set comment "Monitor IPS attacks."
-        set replacemsg-group ''
-        set block-malicious-url disable
-        set scan-botnet-connections disable
-        set extended-log disable
-        config entries
-            edit 1
-                set location all
-                set severity medium high critical 
-                set protocol all
-                set os all
-                set application all
-                set status default
-                set log enable
-                set log-packet disable
-                set log-attack-context disable
-                set action default
-                set quarantine none
-            next
-        end
-    next
-    edit "g-wifi-default"
-        set comment "Default configuration for offloading WiFi traffic."
-        set replacemsg-group ''
-        set block-malicious-url disable
-        set scan-botnet-connections disable
-        set extended-log disable
-        config entries
-            edit 1
-                set location all
-                set severity medium high critical 
-                set protocol all
-                set os all
-                set application all
-                set status default
-                set log enable
-                set log-packet disable
-                set log-attack-context disable
-                set action default
-                set quarantine none
-            next
-        end
-    next
-end
-config sctp-filter profile
-end
-config firewall shaper traffic-shaper
-    edit "high-priority"
-        set guaranteed-bandwidth 0
-        set maximum-bandwidth 1048576
-        set bandwidth-unit kbps
-        set priority high
-        set per-policy enable
-        set diffserv disable
-        set overhead 0
-    next
-    edit "medium-priority"
-        set guaranteed-bandwidth 0
-        set maximum-bandwidth 1048576
-        set bandwidth-unit kbps
-        set priority medium
-        set per-policy enable
-        set diffserv disable
-        set overhead 0
-    next
-    edit "low-priority"
-        set guaranteed-bandwidth 0
-        set maximum-bandwidth 1048576
-        set bandwidth-unit kbps
-        set priority low
-        set per-policy enable
-        set diffserv disable
-        set overhead 0
-    next
-    edit "guarantee-100kbps"
-        set guaranteed-bandwidth 100
-        set maximum-bandwidth 1048576
-        set bandwidth-unit kbps
-        set priority high
-        set per-policy enable
-        set diffserv disable
-        set overhead 0
-    next
-    edit "shared-1M-pipe"
-        set guaranteed-bandwidth 0
-        set maximum-bandwidth 1024
-        set bandwidth-unit kbps
-        set priority high
-        set per-policy disable
-        set diffserv disable
-        set overhead 0
-    next
-end
-config firewall shaper per-ip-shaper
-end
-config firewall proxy-address
-end
-config firewall proxy-addrgrp
-end
-config web-proxy profile
-end
-config web-proxy global
-    set ssl-cert "Fortinet_Factory"
-    set ssl-ca-cert "Fortinet_CA_SSL"
-    set fast-policy-match enable
-    set ldap-user-cache disable
-    set proxy-fqdn "default.fqdn"
-    set max-request-length 8
-    set max-message-length 32
-    set strict-web-check disable
-    set forward-proxy-auth disable
-    set forward-server-affinity-timeout 30
-    set max-waf-body-cache-length 32
-    set webproxy-profile ''
-    set learn-client-ip disable
-end
-config web-proxy forward-server
-end
-config web-proxy forward-server-group
-end
-config web-proxy debug-url
-end
-config web-proxy wisp
-end
-config wanopt webcache
-    set max-object-size 512000
-    set neg-resp-time 0
-    set fresh-factor 100
-    set max-ttl 7200
-    set min-ttl 5
-    set default-ttl 1440
-    set ignore-ims disable
-    set ignore-conditional disable
-    set ignore-pnc disable
-    set ignore-ie-reload enable
-    set cache-expired disable
-    set cache-cookie disable
-    set reval-pnc disable
-    set always-revalidate disable
-    set cache-by-default disable
-    set host-validate disable
-    set external disable
-end
-config web-proxy url-match
-end
-config application custom
-end
-config application group
-end
-config dlp filepattern
-    edit 1
-        set name "builtin-patterns"
-        set comment ''
-        config entries
-            edit "*.bat"
-                set filter-type pattern
-            next
-            edit "*.com"
-                set filter-type pattern
-            next
-            edit "*.dll"
-                set filter-type pattern
-            next
-            edit "*.doc"
-                set filter-type pattern
-            next
-            edit "*.exe"
-                set filter-type pattern
-            next
-            edit "*.gz"
-                set filter-type pattern
-            next
-            edit "*.hta"
-                set filter-type pattern
-            next
-            edit "*.ppt"
-                set filter-type pattern
-            next
-            edit "*.rar"
-                set filter-type pattern
-            next
-            edit "*.scr"
-                set filter-type pattern
-            next
-            edit "*.tar"
-                set filter-type pattern
-            next
-            edit "*.tgz"
-                set filter-type pattern
-            next
-            edit "*.vb?"
-                set filter-type pattern
-            next
-            edit "*.wps"
-                set filter-type pattern
-            next
-            edit "*.xl?"
-                set filter-type pattern
-            next
-            edit "*.zip"
-                set filter-type pattern
-            next
-            edit "*.pif"
-                set filter-type pattern
-            next
-            edit "*.cpl"
-                set filter-type pattern
-            next
-        end
-    next
-    edit 2
-        set name "all_executables"
-        set comment ''
-        config entries
-            edit "bat"
-                set filter-type type
-                set file-type bat
-            next
-            edit "exe"
-                set filter-type type
-                set file-type exe
-            next
-            edit "elf"
-                set filter-type type
-                set file-type elf
-            next
-            edit "hta"
-                set filter-type type
-                set file-type hta
-            next
-        end
-    next
-end
-config dlp sensitivity
-    edit "Private"
-    next
-    edit "Critical"
-    next
-    edit "Warning"
-    next
-end
-config dlp fp-doc-source
-end
-config dlp sensor
-    edit "g-default"
-        set comment "Default sensor."
-        set replacemsg-group ''
-        set dlp-log enable
-        set extended-log disable
-        set nac-quar-log disable
-        unset full-archive-proto
-        unset summary-proto
-    next
-    edit "g-sniffer-profile"
-        set comment "Log a summary of email and web traffic."
-        set replacemsg-group ''
-        set dlp-log enable
-        set extended-log disable
-        set nac-quar-log disable
-        unset full-archive-proto
-        set summary-proto smtp pop3 imap http-get http-post
-    next
-end
-config webfilter content
-end
-config webfilter content-header
-end
-config webfilter urlfilter
-end
-config videofilter youtube-key
-end
-config videofilter youtube-channel-filter
-end
-config videofilter profile
-end
-config webfilter ips-urlfilter-setting
-    set device ''
-    set distance 1
-    set gateway 0.0.0.0
-    set geo-filter ''
-end
-config webfilter ips-urlfilter-setting6
-    set device ''
-    set distance 1
-    set gateway6 ::
-    set geo-filter ''
-end
-config emailfilter bword
-end
-config emailfilter block-allow-list
-end
-config emailfilter mheader
-end
-config emailfilter dnsbl
-end
-config emailfilter iptrust
-end
-config log threat-weight
-    set status enable
-    config level
-        set low 5
-        set medium 10
-        set high 30
-        set critical 50
-    end
-    set blocked-connection high
-    set failed-connection low
-    set url-block-detected high
-    set botnet-connection-detected critical
-    config malware
-        set virus-infected critical
-        set fortindr critical
-        set file-blocked low
-        set command-blocked disable
-        set oversized disable
-        set virus-scan-error high
-        set switch-proto disable
-        set mimefragmented disable
-        set virus-file-type-executable medium
-        set virus-outbreak-prevention critical
-        set content-disarm medium
-        set malware-list medium
-        set ems-threat-feed medium
-        set fsa-malicious critical
-        set fsa-high-risk high
-        set fsa-medium-risk medium
-    end
-    config ips
-        set info-severity disable
-        set low-severity low
-        set medium-severity medium
-        set high-severity high
-        set critical-severity critical
-    end
-    config web
-        edit 1
-            set category 26
-            set level high
-        next
-        edit 2
-            set category 61
-            set level high
-        next
-        edit 3
-            set category 86
-            set level high
-        next
-        edit 4
-            set category 1
-            set level medium
-        next
-        edit 5
-            set category 3
-            set level medium
-        next
-        edit 6
-            set category 4
-            set level medium
-        next
-        edit 7
-            set category 5
-            set level medium
-        next
-        edit 8
-            set category 6
-            set level medium
-        next
-        edit 9
-            set category 12
-            set level medium
-        next
-        edit 10
-            set category 59
-            set level medium
-        next
-        edit 11
-            set category 62
-            set level medium
-        next
-        edit 12
-            set category 83
-            set level medium
-        next
-        edit 13
-            set category 72
-            set level low
-        next
-        edit 14
-            set category 14
-            set level low
-        next
-        edit 15
-            set category 96
-            set level medium
-        next
-    end
-    config application
-        edit 1
-            set category 2
-            set level low
-        next
-        edit 2
-            set category 6
-            set level medium
-        next
-    end
-end
-config icap server
-end
-config icap profile
-    edit "default"
-        set replacemsg-group ''
-        set request disable
-        set response disable
-        set streaming-content-bypass disable
-        set preview disable
-        set methods delete get head options post put trace other
-        set icap-block-log disable
-        set chunk-encap disable
-        unset extension-feature
-        config icap-headers
-            edit 1
-                set name "X-Authenticated-User"
-                set content "$user"
-                set base64-encoding disable
-            next
-            edit 2
-                set name "X-Authenticated-Groups"
-                set content "$local_grp"
-                set base64-encoding disable
-            next
-        end
-    next
-end
-config system network-visibility
-    set destination-visibility enable
-    set source-location enable
-    set destination-hostname-visibility enable
-    set hostname-ttl 86400
-    set hostname-limit 5000
-    set destination-location enable
-end
-config user certificate
-end
-config user radius
-end
-config user tacacs+
-end
-config user exchange
-end
-config user ldap
-end
-config user krb-keytab
-end
-config user domain-controller
-end
-config user pop3
-end
-config user saml
-end
-config user fsso
-end
-config user adgrp
-end
-config user fsso-polling
-end
-config user fortitoken
-end
-config user password-policy
-end
-config user local
-end
-config user setting
-    set auth-type http https ftp telnet
-    set auth-cert "Fortinet_Factory"
-    set auth-ca-cert ''
-    set auth-secure-http disable
-    set auth-http-basic disable
-    set auth-ssl-allow-renegotiation disable
-    set auth-src-mac enable
-    set auth-on-demand implicitly
-    set auth-timeout 5
-    set auth-timeout-type idle-timeout
-    set auth-portal-timeout 3
-    set radius-ses-timeout-act hard-timeout
-    set auth-blackout-time 0
-    set auth-invalid-max 5
-    set auth-lockout-threshold 3
-    set auth-lockout-duration 0
-    set per-policy-disclaimer disable
-    set auth-ssl-min-proto-version default
-    unset auth-ssl-max-proto-version
-    set auth-ssl-sigalgs all
-end
-config user peer
-end
-config user peergrp
-end
-config user quarantine
-    set quarantine enable
-    set traffic-policy ''
-    set firewall-groups ''
-end
-config user group
-    edit "SSO_Guest_Users"
-        set authtimeout 0
-        set http-digest-realm ''
-    next
-end
-config user security-exempt-list
-end
-config vpn ssl web realm
-end
-config vpn ssl web host-check-software
-    edit "FortiClient-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "1A0271D5-3D4F-46DB-0C2C-AB37BA90D9F7"
-    next
-    edit "FortiClient-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
-    next
-    edit "FortiClient-AV-Vista"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
-    next
-    edit "FortiClient-FW-Vista"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
-    next
-    edit "FortiClient5-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "5EEDDB8C-C27A-6714-3657-DBD811D1F1B7"
-    next
-    edit "AVG-Internet-Security-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
-    next
-    edit "AVG-Internet-Security-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "8DECF618-9569-4340-B34A-D78D28969B66"
-    next
-    edit "AVG-Internet-Security-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
-    next
-    edit "AVG-Internet-Security-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
-    next
-    edit "CA-Anti-Virus"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
-    next
-    edit "CA-Internet-Security-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
-    next
-    edit "CA-Internet-Security-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
-    next
-    edit "CA-Internet-Security-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
-    next
-    edit "CA-Internet-Security-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
-    next
-    edit "CA-Personal-Firewall"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
-    next
-    edit "F-Secure-Internet-Security-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
-    next
-    edit "F-Secure-Internet-Security-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "D4747503-0346-49EB-9262-997542F79BF4"
-    next
-    edit "F-Secure-Internet-Security-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "15414183-282E-D62C-CA37-EF24860A2F17"
-    next
-    edit "F-Secure-Internet-Security-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
-    next
-    edit "Kaspersky-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
-    next
-    edit "Kaspersky-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
-    next
-    edit "Kaspersky-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
-    next
-    edit "Kaspersky-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
-    next
-    edit "McAfee-Internet-Security-Suite-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
-    next
-    edit "McAfee-Internet-Security-Suite-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
-    next
-    edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
-    next
-    edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
-    next
-    edit "McAfee-Virus-Scan-Enterprise"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
-    next
-    edit "Norton-360-2.0-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
-    next
-    edit "Norton-360-2.0-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
-    next
-    edit "Norton-360-3.0-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "E10A9785-9598-4754-B552-92431C1C35F8"
-    next
-    edit "Norton-360-3.0-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
-    next
-    edit "Norton-Internet-Security-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "E10A9785-9598-4754-B552-92431C1C35F8"
-    next
-    edit "Norton-Internet-Security-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
-    next
-    edit "Norton-Internet-Security-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
-    next
-    edit "Norton-Internet-Security-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
-    next
-    edit "Symantec-Endpoint-Protection-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
-    next
-    edit "Symantec-Endpoint-Protection-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
-    next
-    edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
-    next
-    edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
-    next
-    edit "Panda-Antivirus+Firewall-2008-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
-    next
-    edit "Panda-Antivirus+Firewall-2008-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
-    next
-    edit "Panda-Internet-Security-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
-    next
-    edit "Panda-Internet-Security-2006~2007-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
-    next
-    edit "Panda-Internet-Security-2008~2009-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
-    next
-    edit "Sophos-Anti-Virus"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
-    next
-    edit "Sophos-Enpoint-Secuirty-and-Control-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
-    next
-    edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
-    next
-    edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
-    next
-    edit "Trend-Micro-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
-    next
-    edit "Trend-Micro-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
-    next
-    edit "Trend-Micro-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
-    next
-    edit "Trend-Micro-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
-    next
-    edit "ZoneAlarm-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
-    next
-    edit "ZoneAlarm-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
-    next
-    edit "ZoneAlarm-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
-    next
-    edit "ZoneAlarm-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
-    next
-    edit "ESET-Smart-Security-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
-    next
-    edit "ESET-Smart-Security-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
-    next
-end
-config vpn ssl web portal
-    edit "full-access"
-        set tunnel-mode enable
-        set ipv6-tunnel-mode enable
-        set web-mode enable
-        set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
-        set limit-user-logins disable
-        set forticlient-download enable
-        set ip-mode range
-        set auto-connect disable
-        set keep-alive disable
-        set save-password disable
-        set ip-pools "SSLVPN_TUNNEL_ADDR1"
-        set split-tunneling enable
-        set split-tunneling-routing-negate disable
-        set dns-server1 0.0.0.0
-        set dns-server2 0.0.0.0
-        set dns-suffix ''
-        set wins-server1 0.0.0.0
-        set wins-server2 0.0.0.0
-        set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
-        set ipv6-split-tunneling enable
-        set ipv6-split-tunneling-routing-negate disable
-        set ipv6-dns-server1 ::
-        set ipv6-dns-server2 ::
-        set ipv6-wins-server1 ::
-        set ipv6-wins-server2 ::
-        set display-bookmark enable
-        set user-bookmark enable
-        set user-group-bookmark enable
-        set display-connection-tools enable
-        set display-history enable
-        set display-status enable
-        set rewrite-ip-uri-ui disable
-        set heading "SSL-VPN Portal"
-        set redir-url ''
-        set theme neutrino
-        set custom-lang ''
-        set smb-ntlmv1-auth disable
-        set smb-min-version smbv2
-        set smb-max-version smbv3
-        set use-sdwan disable
-        set clipboard enable
-        set default-window-width 1024
-        set default-window-height 768
-        set host-check none
-        set mac-addr-check disable
-        set os-check disable
-        set forticlient-download-method direct
-        set customize-forticlient-download-url disable
-        set hide-sso-credential enable
-    next
-    edit "web-access"
-        set tunnel-mode disable
-        set ipv6-tunnel-mode disable
-        set web-mode enable
-        set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
-        set limit-user-logins disable
-        set forticlient-download enable
-        set dns-suffix ''
-        set display-bookmark enable
-        set user-bookmark enable
-        set user-group-bookmark enable
-        set display-connection-tools enable
-        set display-history enable
-        set display-status enable
-        set rewrite-ip-uri-ui disable
-        set heading "SSL-VPN Portal"
-        set redir-url ''
-        set theme neutrino
-        set custom-lang ''
-        set smb-ntlmv1-auth disable
-        set smb-min-version smbv2
-        set smb-max-version smbv3
-        set use-sdwan disable
-        set clipboard enable
-        set default-window-width 1024
-        set default-window-height 768
-        set forticlient-download-method direct
-        set customize-forticlient-download-url disable
-        set hide-sso-credential enable
-    next
-    edit "tunnel-access"
-        set tunnel-mode enable
-        set ipv6-tunnel-mode enable
-        set web-mode disable
-        set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
-        set limit-user-logins disable
-        set forticlient-download enable
-        set ip-mode range
-        set auto-connect disable
-        set keep-alive disable
-        set save-password disable
-        set ip-pools "SSLVPN_TUNNEL_ADDR1"
-        set split-tunneling enable
-        set split-tunneling-routing-negate disable
-        set dns-server1 0.0.0.0
-        set dns-server2 0.0.0.0
-        set dns-suffix ''
-        set wins-server1 0.0.0.0
-        set wins-server2 0.0.0.0
-        set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
-        set ipv6-split-tunneling enable
-        set ipv6-split-tunneling-routing-negate disable
-        set ipv6-dns-server1 ::
-        set ipv6-dns-server2 ::
-        set ipv6-wins-server1 ::
-        set ipv6-wins-server2 ::
-        set host-check none
-        set mac-addr-check disable
-        set os-check disable
-        set forticlient-download-method direct
-        set customize-forticlient-download-url disable
-    next
-end
-config vpn ssl settings
-    set status enable
-    set reqclientcert disable
-    set ssl-max-proto-ver tls1-3
-    set ssl-min-proto-ver tls1-2
-    unset banned-cipher
-    set ciphersuite TLS-AES-128-GCM-SHA256 TLS-AES-256-GCM-SHA384 TLS-CHACHA20-POLY1305-SHA256
-    set ssl-insert-empty-fragment enable
-    set https-redirect disable
-    set x-content-type-options enable
-    set ssl-client-renegotiation disable
-    set force-two-factor-auth disable
-    set servercert "Fortinet_Factory"
-    set algorithm high
-    set idle-timeout 300
-    set auth-timeout 28800
-    set login-attempt-limit 2
-    set login-block-time 60
-    set login-timeout 30
-    set dtls-hello-timeout 10
-    set dns-suffix ''
-    set dns-server1 0.0.0.0
-    set dns-server2 0.0.0.0
-    set wins-server1 0.0.0.0
-    set wins-server2 0.0.0.0
-    set ipv6-dns-server1 ::
-    set ipv6-dns-server2 ::
-    set ipv6-wins-server1 ::
-    set ipv6-wins-server2 ::
-    set url-obscuration disable
-    set http-compression disable
-    set http-only-cookie enable
-    set port 443
-    set port-precedence enable
-    set auto-tunnel-static-route enable
-    set header-x-forwarded-for add
-    set dtls-tunnel enable
-    set check-referer disable
-    set http-request-header-timeout 20
-    set http-request-body-timeout 30
-    set auth-session-check-source-ip enable
-    set tunnel-connect-without-reauth disable
-    set hsts-include-subdomains disable
-    set transform-backward-slashes disable
-    set encode-2f-sequence disable
-    set encrypt-and-store-password disable
-    set client-sigalgs all
-    set dual-stack-mode disable
-    set tunnel-addr-assigned-method first-available
-    set saml-redirect-port 8020
-    set dtls-max-proto-ver dtls1-2
-    set dtls-min-proto-ver dtls1-0
-end
-config vpn ssl web user-group-bookmark
-end
-config vpn ssl web user-bookmark
-end
-config vpn ssl client
-end
-config system sdwan
-    set status disable
-    set load-balance-mode source-ip-based
-    set speedtest-bypass-routing disable
-    set duplication-max-num 2
-    set neighbor-hold-down disable
-    set neighbor-hold-down-time 0
-    set neighbor-hold-boot-time 0
-    set fail-detect disable
-    config zone
-        edit "virtual-wan-link"
-            set service-sla-tie-break cfg-order
-        next
-    end
-    config health-check
-        edit "Default_DNS"
-            set probe-packets enable
-            set addr-mode ipv4
-            set system-dns enable
-            set detect-mode active
-            set ha-priority 1
-            set dns-request-domain "www.example.com"
-            set dns-match-ip 0.0.0.0
-            set interval 1000
-            set probe-timeout 1000
-            set failtime 5
-            set recoverytime 10
-            set probe-count 30
-            set diffservcode 000000
-            set update-cascade-interface enable
-            set update-static-route enable
-            set sla-fail-log-period 0
-            set sla-pass-log-period 0
-            set threshold-warning-packetloss 0
-            set threshold-alert-packetloss 0
-            set threshold-warning-latency 0
-            set threshold-alert-latency 0
-            set threshold-warning-jitter 0
-            set threshold-alert-jitter 0
-            config sla
-                edit 1
-                    set link-cost-factor latency jitter packet-loss
-                    set latency-threshold 250
-                    set jitter-threshold 50
-                    set packetloss-threshold 5
-                next
-            end
-        next
-        edit "Default_Office_365"
-            set probe-packets enable
-            set addr-mode ipv4
-            set server "www.office.com"
-            set detect-mode active
-            set protocol http
-            set port 0
-            set ha-priority 1
-            set http-get "/"
-            set http-agent "Chrome/ Safari/"
-            set http-match ''
-            set interval 1000
-            set probe-timeout 1000
-            set failtime 5
-            set recoverytime 10
-            set probe-count 30
-            set diffservcode 000000
-            set update-cascade-interface enable
-            set update-static-route enable
-            set sla-fail-log-period 0
-            set sla-pass-log-period 0
-            set threshold-warning-packetloss 0
-            set threshold-alert-packetloss 0
-            set threshold-warning-latency 0
-            set threshold-alert-latency 0
-            set threshold-warning-jitter 0
-            set threshold-alert-jitter 0
-            config sla
-                edit 1
-                    set link-cost-factor latency jitter packet-loss
-                    set latency-threshold 250
-                    set jitter-threshold 50
-                    set packetloss-threshold 5
-                next
-            end
-        next
-        edit "Default_Gmail"
-            set probe-packets enable
-            set addr-mode ipv4
-            set server "gmail.com"
-            set detect-mode active
-            set protocol ping
-            set ha-priority 1
-            set interval 1000
-            set probe-timeout 1000
-            set failtime 5
-            set recoverytime 10
-            set probe-count 30
-            set diffservcode 000000
-            set update-cascade-interface enable
-            set update-static-route enable
-            set sla-fail-log-period 0
-            set sla-pass-log-period 0
-            set threshold-warning-packetloss 0
-            set threshold-alert-packetloss 0
-            set threshold-warning-latency 0
-            set threshold-alert-latency 0
-            set threshold-warning-jitter 0
-            set threshold-alert-jitter 0
-            config sla
-                edit 1
-                    set link-cost-factor latency jitter packet-loss
-                    set latency-threshold 250
-                    set jitter-threshold 50
-                    set packetloss-threshold 2
-                next
-            end
-        next
-        edit "Default_Google Search"
-            set probe-packets enable
-            set addr-mode ipv4
-            set server "www.google.com"
-            set detect-mode active
-            set protocol http
-            set port 0
-            set ha-priority 1
-            set http-get "/"
-            set http-agent "Chrome/ Safari/"
-            set http-match ''
-            set interval 1000
-            set probe-timeout 1000
-            set failtime 5
-            set recoverytime 10
-            set probe-count 30
-            set diffservcode 000000
-            set update-cascade-interface enable
-            set update-static-route enable
-            set sla-fail-log-period 0
-            set sla-pass-log-period 0
-            set threshold-warning-packetloss 0
-            set threshold-alert-packetloss 0
-            set threshold-warning-latency 0
-            set threshold-alert-latency 0
-            set threshold-warning-jitter 0
-            set threshold-alert-jitter 0
-            config sla
-                edit 1
-                    set link-cost-factor latency jitter packet-loss
-                    set latency-threshold 250
-                    set jitter-threshold 50
-                    set packetloss-threshold 5
-                next
-            end
-        next
-        edit "Default_FortiGuard"
-            set probe-packets enable
-            set addr-mode ipv4
-            set server "fortiguard.com"
-            set detect-mode active
-            set protocol http
-            set port 0
-            set ha-priority 1
-            set http-get "/"
-            set http-agent "Chrome/ Safari/"
-            set http-match ''
-            set interval 1000
-            set probe-timeout 1000
-            set failtime 5
-            set recoverytime 10
-            set probe-count 30
-            set diffservcode 000000
-            set update-cascade-interface enable
-            set update-static-route enable
-            set sla-fail-log-period 0
-            set sla-pass-log-period 0
-            set threshold-warning-packetloss 0
-            set threshold-alert-packetloss 0
-            set threshold-warning-latency 0
-            set threshold-alert-latency 0
-            set threshold-warning-jitter 0
-            set threshold-alert-jitter 0
-            config sla
-                edit 1
-                    set link-cost-factor latency jitter packet-loss
-                    set latency-threshold 250
-                    set jitter-threshold 50
-                    set packetloss-threshold 5
-                next
-            end
-        next
-    end
-end
-config vpn ipsec phase1
-end
-config vpn ipsec phase2
-end
-config vpn ipsec manualkey
-end
-config vpn ipsec concentrator
-end
-config vpn ipsec fec
-end
-config vpn ipsec phase1-interface
-end
-config vpn ipsec phase2-interface
-end
-config vpn ipsec manualkey-interface
-end
-config vpn pptp
-    set status disable
-end
-config vpn l2tp
-    set status disable
-    set lcp-max-echo-fails 3
-    set hello-interval 60
-end
-config vpn ipsec forticlient
-end
-config dnsfilter domain-filter
-end
-config dnsfilter profile
-    edit "default"
-        set comment "Default dns filtering."
-        config domain-filter
-            unset domain-filter-table
-        end
-        config ftgd-dns
-            unset options
-            config filters
-                edit 1
-                    set category 2
-                    set action monitor
-                next
-                edit 2
-                    set category 7
-                    set action monitor
-                next
-                edit 3
-                    set category 8
-                    set action monitor
-                next
-                edit 4
-                    set category 9
-                    set action monitor
-                next
-                edit 5
-                    set category 11
-                    set action monitor
-                next
-                edit 6
-                    set category 12
-                    set action monitor
-                next
-                edit 7
-                    set category 13
-                    set action monitor
-                next
-                edit 8
-                    set category 14
-                    set action monitor
-                next
-                edit 9
-                    set category 15
-                    set action monitor
-                next
-                edit 10
-                    set category 16
-                    set action monitor
-                next
-                edit 11
-                    set category 0
-                    set action monitor
-                next
-                edit 12
-                    set category 57
-                    set action monitor
-                next
-                edit 13
-                    set category 63
-                    set action monitor
-                next
-                edit 14
-                    set category 64
-                    set action monitor
-                next
-                edit 15
-                    set category 65
-                    set action monitor
-                next
-                edit 16
-                    set category 66
-                    set action monitor
-                next
-                edit 17
-                    set category 67
-                    set action monitor
-                next
-                edit 18
-                    set category 26
-                    set action block
-                    set log enable
-                next
-                edit 19
-                    set category 61
-                    set action block
-                    set log enable
-                next
-                edit 20
-                    set category 86
-                    set action block
-                    set log enable
-                next
-                edit 21
-                    set category 88
-                    set action block
-                    set log enable
-                next
-                edit 22
-                    set category 90
-                    set action block
-                    set log enable
-                next
-                edit 23
-                    set category 91
-                    set action block
-                    set log enable
-                next
-            end
-        end
-        set log-all-domain disable
-        set sdns-ftgd-err-log enable
-        set sdns-domain-log enable
-        set block-action redirect
-        set block-botnet enable
-        set safe-search disable
-        set redirect-portal 0.0.0.0
-        set redirect-portal6 ::
-    next
-end
-config system gre-tunnel
-end
-config system ipsec-aggregate
-end
-config system ipip-tunnel
-end
-config system mobile-tunnel
-end
-config system pppoe-interface
-end
-config system vxlan
-end
-config system geneve
-end
-config system virtual-wire-pair
-end
-config system dns-database
-end
-config system dns-server
-end
-config log custom-field
-end
-config antivirus settings
-    set machine-learning-detection enable
-    set use-extreme-db disable
-    set grayware enable
-    set override-timeout 0
-    set cache-infected-result enable
-end
-config antivirus quarantine
-    set agelimit 0
-    set maxfilesize 0
-    set quarantine-quota 0
-    unset drop-infected
-    set store-infected imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
-    unset drop-blocked
-    set store-blocked imap smtp pop3 http ftp nntp imaps smtps pop3s ftps mapi cifs ssh
-    unset drop-machine-learning
-    set store-machine-learning imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
-    set lowspace ovrw-old
-    set destination disk
-end
-config ssh-filter profile
-end
-config antivirus profile
-    edit "g-default"
-        set comment "Scan files and block viruses."
-        set replacemsg-group ''
-        set mobile-malware-db enable
-        config http
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config ftp
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config imap
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config pop3
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config smtp
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config nntp
-            set av-scan disable
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config cifs
-            set av-scan disable
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config nac-quar
-            set infected none
-            set log disable
-        end
-        set outbreak-prevention-archive-scan disable
-        set external-blocklist-enable-all enable
-        set ems-threat-feed disable
-        set av-virus-log enable
-        set av-block-log enable
-        set extended-log disable
-    next
-    edit "g-sniffer-profile"
-        set comment "Scan files and monitor viruses."
-        set replacemsg-group ''
-        set mobile-malware-db enable
-        config http
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config ftp
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config imap
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config pop3
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config smtp
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config nntp
-            set av-scan disable
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config cifs
-            set av-scan disable
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config nac-quar
-            set infected none
-            set log disable
-        end
-        set outbreak-prevention-archive-scan disable
-        set external-blocklist-enable-all enable
-        set ems-threat-feed disable
-        set av-virus-log enable
-        set av-block-log enable
-        set extended-log disable
-    next
-    edit "g-wifi-default"
-        set comment "Default configuration for offloading WiFi traffic."
-        set replacemsg-group ''
-        set mobile-malware-db enable
-        config http
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config ftp
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config imap
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config pop3
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config smtp
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config nntp
-            set av-scan disable
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config cifs
-            set av-scan disable
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config nac-quar
-            set infected none
-            set log disable
-        end
-        set outbreak-prevention-archive-scan disable
-        set external-blocklist-enable-all enable
-        set ems-threat-feed disable
-        set av-virus-log enable
-        set av-block-log enable
-        set extended-log disable
-    next
-end
-config file-filter profile
-    edit "g-default"
-        set comment "File type inspection."
-        set replacemsg-group ''
-        set log enable
-        set extended-log disable
-        set scan-archive-contents enable
-    next
-    edit "g-sniffer-profile"
-        set comment "File type inspection."
-        set replacemsg-group ''
-        set log enable
-        set extended-log disable
-        set scan-archive-contents enable
-    next
-end
-config webfilter profile
-    edit "g-default"
-        set comment "Default web filtering."
-        set replacemsg-group ''
-        unset options
-        set https-replacemsg enable
-        set post-action normal
-        config web
-            set bword-threshold 10
-            unset bword-table
-            unset urlfilter-table
-            unset content-header-list
-            set blocklist disable
-            unset allowlist
-        end
-        set log-all-url disable
-        set web-content-log enable
-        set web-filter-command-block-log enable
-        set web-filter-cookie-log enable
-        set web-url-log enable
-        set web-invalid-domain-log enable
-        set extended-log disable
-    next
-    edit "g-sniffer-profile"
-        set comment "Monitor web traffic."
-        set replacemsg-group ''
-        unset options
-        set https-replacemsg enable
-        set post-action normal
-        config web
-            set bword-threshold 10
-            unset bword-table
-            unset urlfilter-table
-            unset content-header-list
-            set blocklist disable
-            unset allowlist
-        end
-        set log-all-url disable
-        set web-content-log enable
-        set web-filter-command-block-log enable
-        set web-filter-cookie-log enable
-        set web-url-log enable
-        set web-invalid-domain-log enable
-        set extended-log disable
-    next
-    edit "g-wifi-default"
-        set comment "Default configuration for offloading WiFi traffic."
-        set replacemsg-group ''
-        set options block-invalid-url
-        set https-replacemsg enable
-        set post-action normal
-        config web
-            set bword-threshold 10
-            unset bword-table
-            unset urlfilter-table
-            unset content-header-list
-            set blocklist disable
-            unset allowlist
-        end
-        set log-all-url disable
-        set web-content-log enable
-        set web-filter-command-block-log enable
-        set web-filter-cookie-log enable
-        set web-url-log enable
-        set web-invalid-domain-log enable
-        set extended-log disable
-    next
-end
-config webfilter ftgd-local-rating
-end
-config webfilter search-engine
-    edit "g-baidu"
-        set hostname ".*\\.baidu\\.com"
-        set url "^\\/s?\\?"
-        set query "wd="
-        set safesearch disable
-    next
-    edit "g-baidu2"
-        set hostname ".*\\.baidu\\.com"
-        set url "^\\/(ns|q|m|i|v)\\?"
-        set query "word="
-        set safesearch disable
-    next
-    edit "g-baidu3"
-        set hostname "tieba\\.baidu\\.com"
-        set url "^\\/f\\?"
-        set query "kw="
-        set safesearch disable
-    next
-    edit "g-bing"
-        set hostname ".*\\.bing\\..*"
-        set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
-        set query "q="
-        set safesearch header
-    next
-    edit "g-google"
-        set hostname ".*\\.google\\..*"
-        set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
-        set query "q="
-        set safesearch url
-        set safesearch-str "&safe=active"
-    next
-    edit "g-google-translate-1"
-        set hostname "translate\\.google\\..*"
-        set url "^\\/translate"
-        set query "u="
-        set safesearch translate
-    next
-    edit "g-google-translate-2"
-        set hostname ".*\\.translate\\.goog"
-        set url "^\\/"
-        set query ''
-        set safesearch translate
-    next
-    edit "g-twitter"
-        set hostname "twitter\\.com"
-        set url "^\\/i\\/api\\/graphql\\/.*\\/UserByScreenName"
-        set query "variables="
-        set safesearch translate
-    next
-    edit "g-vimeo"
-        set hostname ".*vimeo.*"
-        set url "^\\/search\\?"
-        set query "q="
-        set safesearch header
-    next
-    edit "g-yahoo"
-        set hostname ".*\\.yahoo\\..*"
-        set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
-        set query "p="
-        set safesearch url
-        set safesearch-str "&vm=r"
-    next
-    edit "g-yandex"
-        set hostname "yandex\\..*"
-        set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"
-        set query "text="
-        set safesearch url
-        set safesearch-str "&family=yes"
-    next
-    edit "g-youtube"
-        set hostname ".*youtube.*"
-        set url ''
-        set query ''
-        set safesearch header
-    next
-    edit "g-yt-channel"
-        set hostname ''
-        set url "www.youtube.com/channel"
-        set query ''
-        set safesearch yt-channel
-    next
-    edit "g-yt-pattern"
-        set hostname ''
-        set url "youtube.com/channel/"
-        set query ''
-        set safesearch yt-pattern
-    next
-    edit "g-yt-scan-1"
-        set hostname ''
-        set url "www.youtube.com/user/"
-        set query ''
-        set safesearch yt-scan
-    next
-    edit "g-yt-scan-2"
-        set hostname ''
-        set url "www.youtube.com/youtubei/v1/browse"
-        set query ''
-        set safesearch yt-scan
-    next
-    edit "g-yt-scan-3"
-        set hostname ''
-        set url "www.youtube.com/youtubei/v1/player"
-        set query ''
-        set safesearch yt-scan
-    next
-    edit "g-yt-scan-4"
-        set hostname ''
-        set url "www.youtube.com/youtubei/v1/navigator"
-        set query ''
-        set safesearch yt-scan
-    next
-    edit "translate"
-        set hostname "translate\\.google\\..*"
-        set url "^\\/translate\\?"
-        set query "u="
-        set safesearch translate
-    next
-    edit "yt-video"
-        set hostname ''
-        set url "www.youtube.com/watch"
-        set query ''
-        set safesearch yt-video
-    next
-end
-config emailfilter profile
-    edit "default"
-        set comment "Malware and phishing URL filtering."
-        set replacemsg-group ''
-        set spam-log enable
-        set spam-filtering disable
-        set external disable
-        unset options
-        config imap
-            set log-all disable
-        end
-        config pop3
-            set log-all disable
-        end
-        config smtp
-            set log-all disable
-        end
-        config msn-hotmail
-            set log-all disable
-        end
-        config gmail
-            set log-all disable
-        end
-        set spam-bword-threshold 10
-        unset spam-bword-table
-        unset spam-bal-table
-        unset spam-mheader-table
-        unset spam-rbl-table
-        unset spam-iptrust-table
-        set spam-log-fortiguard-response disable
-    next
-    edit "sniffer-profile"
-        set comment "Malware and phishing URL monitoring."
-        set replacemsg-group ''
-        set spam-log enable
-        set spam-filtering disable
-        set external disable
-        unset options
-        config imap
-            set log-all disable
-        end
-        config pop3
-            set log-all disable
-        end
-        config smtp
-            set log-all disable
-        end
-        config msn-hotmail
-            set log-all disable
-        end
-        config gmail
-            set log-all disable
-        end
-        set spam-bword-threshold 10
-        unset spam-bword-table
-        unset spam-bal-table
-        unset spam-mheader-table
-        unset spam-rbl-table
-        unset spam-iptrust-table
-        set spam-log-fortiguard-response disable
-    next
-end
-config wanopt settings
-    set host-id "default-id"
-    set tunnel-ssl-algorithm high
-    set auto-detect-algorithm simple
-    set tunnel-optimization balanced
-end
-config wanopt peer
-end
-config wanopt auth-group
-end
-config wanopt profile
-    edit "default"
-        set transparent enable
-        set comments "Default WANopt profile."
-        set auth-group ''
-        config http
-            set status disable
-            set secure-tunnel disable
-            set byte-caching enable
-            set ssl disable
-            set prefer-chunking fix
-            set protocol-opt protocol
-            set tunnel-sharing private
-            set log-traffic enable
-        end
-        config cifs
-            set status disable
-            set secure-tunnel disable
-            set byte-caching enable
-            set prefer-chunking fix
-            set protocol-opt protocol
-            set tunnel-sharing private
-            set log-traffic enable
-        end
-        config mapi
-            set status disable
-            set secure-tunnel disable
-            set byte-caching enable
-            set tunnel-sharing private
-            set log-traffic enable
-        end
-        config ftp
-            set status disable
-            set secure-tunnel disable
-            set byte-caching enable
-            set ssl disable
-            set prefer-chunking fix
-            set protocol-opt protocol
-            set tunnel-sharing private
-            set log-traffic enable
-        end
-        config tcp
-            set status disable
-        end
-    next
-end
-config system speed-test-server
-end
-config log memory setting
-    set status enable
-end
-config log disk setting
-    set status disable
-end
-config log eventfilter
-    set event enable
-    set system enable
-    set vpn enable
-    set user enable
-    set router enable
-    set wireless-activity enable
-    set wan-opt enable
-    set endpoint enable
-    set ha enable
-    set security-rating enable
-    set fortiextender enable
-    set connector enable
-    set sdwan enable
-    set cifs enable
-    set switch-controller enable
-end
-config log memory filter
-    set severity information
-    set forward-traffic enable
-    set local-traffic enable
-    set multicast-traffic enable
-    set sniffer-traffic enable
-    set ztna-traffic enable
-    set anomaly enable
-    set voip enable
-    set gtp enable
-end
-config log disk filter
-    set severity information
-    set forward-traffic enable
-    set local-traffic enable
-    set multicast-traffic enable
-    set sniffer-traffic enable
-    set ztna-traffic enable
-    set anomaly enable
-    set voip enable
-    set dlp-archive enable
-    set gtp enable
-end
-config log fortiguard override-setting
-    set override disable
-    set access-config enable
-end
-config log tacacs+accounting setting
-    set status disable
-end
-config log tacacs+accounting2 setting
-    set status disable
-end
-config log tacacs+accounting3 setting
-    set status disable
-end
-config log tacacs+accounting filter
-    set login-audit enable
-    set config-change-audit enable
-    set cli-cmd-audit enable
-end
-config log tacacs+accounting2 filter
-    set login-audit enable
-    set config-change-audit enable
-    set cli-cmd-audit enable
-end
-config log tacacs+accounting3 filter
-    set login-audit enable
-    set config-change-audit enable
-    set cli-cmd-audit enable
-end
-config log null-device setting
-    set status disable
-end
-config log null-device filter
-    set severity information
-    set forward-traffic enable
-    set local-traffic enable
-    set multicast-traffic enable
-    set sniffer-traffic enable
-    set ztna-traffic enable
-    set anomaly enable
-    set voip enable
-    set gtp enable
-end
-config log setting
-    set resolve-ip disable
-    set resolve-port enable
-    set log-user-in-upper disable
-    set fwpolicy-implicit-log disable
-    set fwpolicy6-implicit-log disable
-    set log-invalid-packet disable
-    set local-in-allow disable
-    set local-in-deny-unicast disable
-    set local-in-deny-broadcast disable
-    set local-out disable
-    set neighbor-event disable
-    set brief-traffic-format disable
-    set user-anonymize disable
-    set fortiview-weekly-data disable
-    set expolicy-implicit-log disable
-    set log-policy-comment disable
-    set faz-override disable
-    set syslog-override disable
-    set rest-api-set disable
-    set rest-api-get disable
-end
-config log gui-display
-    set resolve-hosts enable
-    set resolve-apps enable
-    set fortiview-unscanned-apps disable
-end
-config system lldp network-policy
-end
-config firewall schedule onetime
-end
-config firewall schedule recurring
-    edit "always"
-        set start 00:00
-        set end 00:00
-        set day sunday monday tuesday wednesday thursday friday saturday
-        set color 0
-        set fabric-object disable
-    next
-    edit "none"
-        set start 00:00
-        set end 00:00
-        set day none
-        set color 0
-        set fabric-object disable
-    next
-    edit "default-darrp-optimize"
-        set start 01:00
-        set end 01:30
-        set day sunday monday tuesday wednesday thursday friday saturday
-        set color 0
-        set fabric-object disable
-    next
-end
-config firewall schedule group
-end
-config firewall ippool
-end
-config firewall ippool6
-end
-config firewall ldb-monitor
-end
-config firewall vip
-end
-config firewall vip6
-end
-config firewall vipgrp
-end
-config firewall vipgrp6
-end
-config firewall ssh local-key
-    edit "g-Fortinet_SSH_DSA1024"
-        set password ENC RFPxW/LIJAp/1lk8/Y47dhuqSL7/Tqerk1IdyQx0uj5c3j42/ufWZkWmWsojKMLqmdA7ZIXBzHm91p6hCE3lHcDpw48hj7VjVPxnGSdiUx20K2ioSpKrClrIqy9dfRetfgD52F/AZuEpIS7QhhwepbNoMucOe6KMft2gi4FYlZ6ACxrScwl4hJJk/j48JCFy9qeuVw==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDWMdT3yG
-/DLzIBU5O0UtJ/AAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDho
-KqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTq
-a7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq
-7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXk
-jxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFR
-XsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEe
-P+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5
-lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11G
-wlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQAAAHgxMcP4nd5bs47/RHx
-ArZUDjNCJzDVajX1tIDHffLzzlLm2RRU/wKXccxXn1TC14JdA3gOmS/hFa1C/ctWGGFdz1
-RDMGJtXQ8+APtMlY7LoLq0soKjkNkY5KDgGBqbZ8dLcYCKYfl4RoCWGeKNYKjbdudRmuix
-GP/Iy8L+8qLZd7rSDA6q48zv82nNbPUCtSgRLiG9/CDTQx1ICwO61rdjQLqvwycJ7//885
-eXUyaiDA7DD8p/Q/y3L23iLI/t8VEe7sCeFcoFPmJxKURNoCg119GObjEYNDokpv9QOC2G
-/uGE672Yvr9YFLe1RPwWpMgQr05tVu05HiPvRlX+hORf+Q80PQaxyCnSGkGh9FHq2Cph3F
-nOlujutMPe0E9do0qGavzo7yw4g4L5fUUxgUoWLZPfE0dt7Dy1IP+kltIUqGu6a2StNq8U
-rYEYAjVHzaKoU+95oZLimCj0n61LyCNXVg+gcIb+FIq6B4WQhRNJ0ltK7k5TKvCcnClWzj
-DDVeZYF7XOPX9S38MGt9vfWZEF+ZnUrGdl4Py5khdfH99mlSDwt42flFQf2usHNR3ZaaHU
-meM/WUb803e5fUpdeWXtOx9b+YmRujD4g0N49/OISwkC0MIfhdG2FDsuvpLiZit7
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDhoKqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTqa7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXkjxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFRXsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEeP+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11GwlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQ="
-        set source built-in
-    next
-    edit "g-Fortinet_SSH_ECDSA256"
-        set password ENC YzERzmTPhVGnGXIwqP4oPlTyadC+Svw2vKpPruJoYSISLs6lW4fcqTcTZ6ekDk2rgXSJhv9PnoJAijbTYFezcHp6V51OlsW4TJcOOSOmho+QLnsdns/33htiX219webXrlNXQjEU5WjSGIQLwzcTuKV+QHpDJG11jo5UUPJk+VcfNgzP4DvFsbp+7XhZAK0E7J12qg==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCYj0k4bh
-mxNdVne/WYI48/AAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
-dHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvK
-y7MHqF8ARHi1glc6RSoarryTUQuCIAAACgQHrpN3sAxVooYsKXIb5xGNvvwxUtTIIAisaQ
-ftEDAx3nTj7+NLlPATgMRDy12pescKquy79fyCFgENFUP+K2pfPsb2IE/RdTcmBsL0646h
-hL2sHeuvZ/mhIMti3oLfj91bBs7TBB2MRvHRYvcZD6rdAkumBmyrSPUO4JwqSPkI68kBVo
-C9C5gBWgfhqKs6DGgceAFVxbb9+RWrpH9YCpIA==
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvKy7MHqF8ARHi1glc6RSoarryTUQuCI="
-        set source built-in
-    next
-    edit "g-Fortinet_SSH_ECDSA384"
-        set password ENC G9u/ixIJ1bh5eCvTVsDaMmIaExENNiccFkDSflYNo7B7Ts6T4+BwOMiB6XLb+5l2xVeb9aAxflQLm1AyVi04SZFvPcHNJ+lcYES/3xmM8BIHqVwgGQVwIqYNUxU6DYIyOP+1BzqDZl4UXZBO4Jn8JAByLiV+s9zkbm6borLPUBwJMe0Cdqa3TvPGM0S6EOoQXMFK5Q==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBN9BRJMR
-77/5pUXIX3azbHAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
-dHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMj
-U5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXx
-dgAAANChlajlzxrBilfuFt0NeQjCmvICKuDRnd+bDSBxAVZcAnFPKPN/ZOUsHIFry+62R4
-xmcknYeWtA09QFKdSbyeOUyqI4CmeqxufXPlPk8N2Mjg/Rub53WkREGx7nv335EUtKyIIE
-qc7vNaHvrM8CbUwCD53Tmrv126aSxuuDEBhth1CkIT8LZEcTEYRSHAZEojS8TB4UhHLRfm
-Rn+DmbJga0IDnPc/ZgNHGTqYx2toV2Fy/DCJ2en2FejJU89J9ZFrGUfz117vVweEVGLCBr
-4j10
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMjU5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXxdg=="
-        set source built-in
-    next
-    edit "g-Fortinet_SSH_ECDSA521"
-        set password ENC c0DKTFReLRJ6t5bB4GNriU5Q9G90mxSlVRqZOXpU+KScsGKdpRnSrSE5Yed0f68o5Y38Bji+uwy/ERE1trLtK4GbDPAs1GkUcQDEKh9Sw/7jdUWklugQSUS3wCiVkdEDnzZTQvKWFsB9Y4MfQ5R6YAs5WFln/cfEcJqgxvBCa4OZfGQ2eOuDE2xqVvq3MNDnf5jfUw==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBTZME+kF
-3Bzq+XqVo08S4FAAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
-dHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdF
-t5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+K
-HPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RAAAAQC/5NwC8S8n04Bskl
-P/Wnde2xZxoWXlBYuV8iJ8OmT7RRVEi3NhVGbIJMqlXfTVi67DgfbtMpVNVhO3UMwPAoC4
-8zcMmJ/1aA58Y+5H8DuYRMfAnuky6vWJFBA4DXgx/vmrn8UK1E2xgW8dgaEEDlLQPittQc
-hlwRhgSZrJoRtQPn8OA5ZNePcblOq1WH6PanQP7Bj2SubMTTZ0Mo+gy7y11wDAMd0MYN6Q
-d2biFs9XCB9xGNGQIrgOEUQoFJ8AyrbQzZt3Tr7tthp0GDyWoCNICjY/vKS9Av/xMMHaq9
-cjEJOwfxqaJfVrEn2/6DS1t2SyTD9C8imQOI2xz/fdVCaO
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdFt5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+KHPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RA=="
-        set source built-in
-    next
-    edit "g-Fortinet_SSH_ED25519"
-        set password ENC kS9tQjwByq663/fVd484gYjssB9/HjtR/BC+DQph1pC96UxVcyCiP9naXyl/JicJS2gwpHaqqttDGvB75kpS2KtA1URj/TdiEsTMVMftZMlxr7Hz9oK5iZjbaNaMDyuRXht0vTg00st1Jsixe9/GOVkSMtv2O0OHpnhG/o7gTZPSAiRWrn/+eUH63aZW8jmiABK3FQ==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAedjCOkt
-+sFbLzTS4y12TbAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd
-3JUEAvHnugjOGiXz5Puxg/8YfanOAAAAkCa1NSX8hj+j3jVwv2A2AU/gLRKzX4h+Gwxyxz
-JeBT+OyHbzc8MDCIh8a3tf0fJiQ6VJdj3JjhBrp1OWfy2GHkfpMInRlGGz0Hu4XMU702a0
-MgwELDyqSpEdZupNMH44pIjkI0iY/ipgwuNDOTIenADwbqdkC2oX9XA3jIutAB++JU4rvR
-NwgjPHD1irGOM7Gg==
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd3JUEAvHnugjOGiXz5Puxg/8YfanO"
-        set source built-in
-    next
-    edit "g-Fortinet_SSH_RSA2048"
-        set password ENC ptFK8lZwuQ6om7lAr4C2BvEdI3ve3JrSNLXTF+ucsUVQlEwazxiGKLMNwiwcAl8+FNN8x67fqQA3GIpq6vpcj3G0QmKQccgxxGDYkP4JkZfN8vaw8+9FbTC0yksNGdSHfBqBpWL9uzEF2dz+Ec0G8PI6bamzGqrFt11NA/Q4mWQu4VftqKSQ09hX3K9CYJZAwYNsTw==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABA1mO561N
-c7CpF0rN+BdOBQAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhh
-Q5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7
-A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GK
-hFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvC
-HA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8z
-OSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0vAAADwMcyMNKCNYzFHF
-tA305t53D83ogXcTrwO8f3ScWdcLBap5o0aqwfOrswdChdOytbHMx3lmpnLZvFt2JbcqT0
-jDm+ZSb5NwFCW2h5MJlnLolIx85H0ab7XO+JhK1c/J3U0K/m0Y6q3uXObJsAInPNAJDjqL
-VUxgIU438n7dB/NkWQWNjVaddEO/tK9UzzUd5a5JuG2lsukXLGFRC0XIJ94Q9BFuiziNmX
-QUZ7LRqm59ZcsixGSQ1YApEvTZFf+Yd/umWIh9bbHeCAZOWZukDy47VLy2uVd3H+HLOSno
-ZBpX7xa3c6mjI/oHgz7lQAybNzbPoJiBKq5VlTBhR9kTdB3JnnzKegLNwRtsdtEim/O4xJ
-QPxfwGSzE57M9OgPGZMOuFu8Fh07tV06dUnfe9mGDLiQ3HWCZoRW5tuCE0fsieAseqqEiS
-Vy13DPGtkSSLUKmBpJQvR6yK79GtMyIxZEmC43xHmCghHTebSnK45ikagYh0BsK01Q1rx1
-syqY2Ul3bwCSCTuK2sjqnmgGEIIUI8Yikj0kDLSVJukfxdjU/c4eOcqj8yuRbQyfzFmHsv
-debbeU1+oI08M0c5kKVTNeTWQ0iXuETJX1G3gu44xtkQLbCmF4K3byAPGnR2FIBG8tnPaJ
-JCjhZQmN1nohNXt5F7nSALJ3UVSpzD6fnKBQSfxbKN4EAggu0NpX3QyhoDvWx378MRukGn
-OkLi2Z7c/iZrS5w6Jt+kTJ7n6T5ciiaIvzgi7YjtS7ogwNQfodpXC/pd9KE/H7hgrtwclt
-bP9bkpWQKIh/Z4hl2B8hqHDk1wDhNRHRyT2rvuoipJLroyYAZKxS1qerGuArwmxv1YNeNm
-oq5Ibisn/CTLT6zVaKmdHD+qBGd46IlEobgLRd3bmKsBIf5hUfd+LcThhOT4OgjgK2jqAS
-zOLrNH/Ns+Ut+tz7DhzoRhoTzfitjKdjHl8libziHU4rbulbEuqhnxlGrb9G6xKeFOG1Ha
-JUkWoRzX5/tljM2GZRQciN6BF/L9kDboLnR6V2sOS6r/BlnlUMmKhxC81CTzejn4I+XSYk
-Y5dBb9PhA2dJuhkgZEj4vGDkXdnL0fSI9qccHAKkAjd4ECFMRtqjnkdLtUODi6EZiZYDJI
-zcVK0VdeqiSP2M+vx2WwLKdwVBdhHXyrxv5JGwKaYkmaYwFCJ6DRttHlaTID4HgjVWJCVR
-O9UaKreP6Uz9G/L0J54iEclbiKHkC38/IMhi9XhslLzD39f42oKLedWYTJiVgsr3klwtMk
-GvWZyLtg==
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhhQ5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GKhFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvCHA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8zOSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0v"
-        set source built-in
-    next
-end
-config firewall ssh local-ca
-    edit "g-Fortinet_SSH_CA"
-        set password ENC PCfu0XXeYxicqFlAq1Cx0TXb3V7h+hg2P1q9EcW/npEG7Q5i44HqA4KDuJ/Q401ZjVUb2dR5pUX/XYETHq9Q5lk3jt7ootwRjFcNOw6C452LRJtJVhKi0wGUy+3I3Eby7+VN3rKNtfAX7iL3CfpOTEdTHHnnsAkOo615fGD5OrZ1TaJzVu79OpLQiOMVYHlKQWPz/w==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBf8C4hJd
-+M6AVhFqreO879AAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAAC
-NC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+U
-ZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGP
-E/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7A
-TB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIa
-Mk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9AAADwNT2HECamLA8UM
-fFNSAnPj7lq5k64lxdOyGKKbIDDF/wS2H8g2ZlCuJwGpgHoVeFPiqQhJMjBSfwWDS8oOZA
-po7PyvszP6XAbnIpBHUMDNdUr1Clso9ra9d2oP43fjhzRSHBD0j/x1nJRvse/cP5XuCa4Z
-pGFpgVsz7q+XNEXou8YpAndqUebw/wm3MNzS2AE5YYFQofhSKBxyNSYrsPdaoasmwbnGuv
-XW9vPFnDxNNJ0IkEUeXAWZaE2sBYP3qD4C97curFpYuAPYH5FnvvMLuUtyRFzYMv3WKi8z
-Mw+01rU4yVtCVoAMYCfqjnisIyxgyQHLpLFfWkvIz6IgAQWVtBypJHxiiG2wcLHscWI0gQ
-uCMN/n5QkbBcskRpy52lFypQ2eosTLMzrwfqQF5PDoDz/2Jnf5qXK9hQsNA3fHn2KoyODY
-VmXb1G044Qq3/3ZsW7zkgWfyWJ1fgcIYiJg+wy/KQBkPlew/m5oheT8bs0aivJ8FW8gS1u
-8zq/lBhWxsSsCfD8/nD9ROanz8yArOa8WfF/BFLs1UqkB4oAuVa5dA9xVhIeBbeA6E8eRm
-ucu/a6+tmjaELkiwwscurSqEgELD+K5esR23MAe/Aw5BuzGHRdEDwa79PuqtgpMP7QEFND
-yL/Xe6E4TGMTV5hQYpj7e5dunhr60rd4kg+ZAgfRwDzOaU2ry7n2bSxY/Cauc/dogM0rbG
-SHCohMdMp0We53Y2J7ffmZzDySRIfgxRpjGN/Zv1QH1s3fbqwEG5R2leAlG0+bdN9jXn5F
-dcZ4TGrm8wluUwfrU+mXcoAzelwuphNfbzwp0rIEnxIZxd6puFV7Svlsg4STr1YvA98E7N
-2gDQhd3vYyIFPZG6CtAjzjP3e4KzEXghjgHXLYI31dS8HCVOKCC91tTc5Ojll76jmakIWT
-r9dhSvjkACc688ixxo40qtX79Y33a8lEh1YZqPZ+qF/RgwQS4Wpa8hyZS6xFN2kMtQc9Up
-gCurTRhfA9R5c/Mbgn097CYBOwu3nCfcjgBQ03xwmUJpB2pVKngd/dc/n37J2Z97Nl4Wu3
-Zs4ftOGyqXgmM61ddTYhF6ZZbpjBkdKFFEfl6XkBZDUiVaMsq7hIiCYUCGE/cvljzYuntt
-XEnf4fO8Ifr8sviwPE4gRaHHePPo9EtFAlSewYzeI3M1EkYPAzSf28ztk74FydHUGfqPkF
-RjGiTkUG4NozwGmSG3LGYleBc0CySr+j4Q/qiCEgRQpkihrWkO/j+ILiog9Trh5x/+c2X9
-V9G26szw==
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAACNC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+UZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGPE/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7ATB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIaMk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9"
-        set source built-in
-    next
-    edit "g-Fortinet_SSH_CA_Untrusted"
-        set password ENC QEDHsHiur9lmwAthl1Q2c6P9AGDoLWEHR+qpB6QZo14Ym61rM6E9d9gwLx9nJqVUR1Dg16y832S6U0CZvRsn/sJmtUBWk+nUeoHLpwvJ16BssLf8Cuk6LwpeF0OqeCvdzDMthmSrHdWoEZ21KQ1tO+QVY1mfKsHgf3/mryrl9SZ5mTFLXlJBi9RbAYGAtDlTMKDL2g==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBU2aLPen
-uU59+GRRZCZgSJAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9
-RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lE
-ZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eU
-iw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFG
-Xi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mv
-NVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZlAAADwEWDeIVUpNfN6N
-N9tfe7OnulqQ3OdP7T7M8A596uBvR4P1G7BAcPgC+xoTQP+W94crBOhoq49mlZJBJGnPwg
-+ufxwO8eg8NUAPyMAaS6M8yaTcFvopwbZnMo8Ioey1rX/1JD0W+RJwV7N8FM95waqsjDnB
-fLQy2F8KvzvycsQF4ATAVPbrkcaED3JxQEiHtlMZuIuCtB3Gq0xYJ6sz84NpW2aXlPFzuu
-80YhUVuD7oZESSRIzMZ35/Td1rXeP/JOgFkrL0NSb7RgaHDqFKE4LHC+o+NgskxRPumlhb
-H160LskSooMIVZCKGTii/c1Ipo2YVrAeaUrxgRSGQPeHJ4pivs8/bYP9fd1AHQ64UTX56x
-P60fOA9lhwQtnlox+7J6H1biMMrwboqpI/19y+Qmfd35jbIUTwzxbEeqw55Vxcn29FGU1S
-CtkHwyGB38OFFlawdb05PMT3X5KKXmss8ge4xAoRXooNbVAy6p9R0jrSyU1CKvnYoXPyjd
-nEa6FBZTJNo9ygt0TnlNYEpdaCmiknxMxxnHN3oVLpSLeEHjEqFIXwr+322OqN1Wt90pD0
-QV/5UxiT+bX55IYcz0F9Y05kw60Okc/Gy6NGPyOjuLpHGgVWI+WDueR5sBFP3nQmUjvCi6
-jzzTNgSQV9ED9klycj4NCqNZvbqHAE3PKp5hRkUZ4GB8aGb2NzuUs3cx+JDgLxIW5QC6v6
-kfgc1FAYaVH2cm+FHX+pt+uSqB38RE10lnfnR1oG3ldegelN4lJYkibIafYynDrzv1Xi8j
-Oqd4z/ds41KcGll9gsWclP7MmhL2s6w/cOOwRvZRDNknK1uA111B+yPdsuA78N0ACYulAX
-HT1aiEnwFjfaZauBSPtJex0TbjAQWZ5b6+0XAjkfru+ptV9GfMEsQpfHBIge4JmkcXCFoE
-czjAqskJ9YddKe2FfJGxc1jMCkmA+h/2oR8OyMUSGXxTwKLPabeUFwBuPKH56PqAjIPoKW
-4h+EPfOx3pPY92rDvZ/ETBNf+o/vvxkOPmh3TSRoo2knQvNuWiQ7OPGXrXa0PeZ1UvDRuU
-PMTkbpooKletk49Jw8WOzUqIRd8yF8g2i8tzZ2Xlr8RnOLRBsOzXagjBGyk56kAMhaOOrm
-n+MTbxpM61zYilvCOBeSIvzWp4DjjqXfuFcEpzEHDTZ9Yvz474s1qinmgEibtYSoY61d9d
-QxAI2xneFlb207A+/PTuFaDoCE9g/CD17Rc+WoCP0eU8p/yaLpWIq0JQyEXK48vKCJcVvM
-gs3wZo+Q==
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lEZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eUiw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFGXi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mvNVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZl"
-        set source built-in
-    next
-end
-config firewall ssh setting
-    set caname "g-Fortinet_SSH_CA"
-    set untrusted-caname "g-Fortinet_SSH_CA_Untrusted"
-    set hostkey-rsa2048 "g-Fortinet_SSH_RSA2048"
-    set hostkey-dsa1024 "g-Fortinet_SSH_DSA1024"
-    set hostkey-ecdsa256 "g-Fortinet_SSH_ECDSA256"
-    set hostkey-ecdsa384 "g-Fortinet_SSH_ECDSA384"
-    set hostkey-ecdsa521 "g-Fortinet_SSH_ECDSA521"
-    set hostkey-ed25519 "g-Fortinet_SSH_ED25519"
-    set host-trusted-checking enable
-end
-config firewall ssh host-key
-end
-config firewall decrypted-traffic-mirror
-end
-config firewall access-proxy-virtual-host
-end
-config firewall access-proxy-ssh-client-cert
-end
-config firewall access-proxy
-end
-config firewall access-proxy6
-end
-config firewall ipmacbinding setting
-    set bindthroughfw disable
-    set bindtofw disable
-end
-config firewall ipmacbinding table
-end
-config firewall profile-protocol-options
-    edit "default"
-        set comment "All default services."
-        set replacemsg-group ''
-        set oversize-log disable
-        set switching-protocols-log disable
-        config http
-            set ports 80
-            set status enable
-            set inspect-all disable
-            set proxy-after-tcp-handshake disable
-            unset options
-            set comfort-interval 10
-            set comfort-amount 1
-            set range-block disable
-            set strip-x-forwarded-for disable
-            unset post-lang
-            set streaming-content-bypass enable
-            set switching-protocols bypass
-            set unknown-http-version reject
-            set tunnel-non-http enable
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set stream-based-uncompressed-limit 0
-            set scan-bzip2 enable
-            set block-page-status-code 403
-            set retry-count 0
-            set tcp-window-type auto-tuning
-            set ssl-offloaded no
-            set address-ip-rating enable
-        end
-        config ftp
-            set ports 21
-            set status enable
-            set inspect-all disable
-            set options splice
-            set comfort-interval 10
-            set comfort-amount 1
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set stream-based-uncompressed-limit 0
-            set scan-bzip2 enable
-            set tcp-window-type auto-tuning
-            set ssl-offloaded no
-            set explicit-ftp-tls disable
-        end
-        config imap
-            set ports 143
-            set status enable
-            set inspect-all disable
-            set proxy-after-tcp-handshake disable
-            set options fragmail
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set scan-bzip2 enable
-            set ssl-offloaded no
-        end
-        config mapi
-            set ports 135
-            set status enable
-            set options fragmail
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set scan-bzip2 enable
-        end
-        config pop3
-            set ports 110
-            set status enable
-            set inspect-all disable
-            set proxy-after-tcp-handshake disable
-            set options fragmail
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set scan-bzip2 enable
-            set ssl-offloaded no
-        end
-        config smtp
-            set ports 25
-            set status enable
-            set inspect-all disable
-            set proxy-after-tcp-handshake disable
-            set options fragmail splice
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set scan-bzip2 enable
-            set server-busy disable
-            set ssl-offloaded no
-        end
-        config nntp
-            set ports 119
-            set status enable
-            set inspect-all disable
-            set proxy-after-tcp-handshake disable
-            set options splice
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set scan-bzip2 enable
-        end
-        config ssh
-            unset options
-            set comfort-interval 10
-            set comfort-amount 1
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set stream-based-uncompressed-limit 0
-            set scan-bzip2 enable
-            set tcp-window-type auto-tuning
-            set ssl-offloaded no
-        end
-        config dns
-            set ports 53
-            set status enable
-        end
-        config cifs
-            set ports 445
-            set status enable
-            unset options
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set scan-bzip2 enable
-            set tcp-window-type auto-tuning
-            set server-credential-type none
-        end
-        config mail-signature
-            set status disable
-            set signature ''
-        end
-        set rpc-over-http disable
-    next
-end
-config firewall ssl-ssh-profile
-    edit "certificate-inspection"
-        set comment "Read-only SSL handshake inspection profile."
-        config ssl
-            set inspect-all disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set min-allowed-ssl-version tls-1.1
-        end
-        config https
-            set ports 443
-            set status certificate-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set sni-server-cert-check enable
-            set cert-probe-failure block
-            set min-allowed-ssl-version tls-1.1
-        end
-        config ftps
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set min-allowed-ssl-version tls-1.1
-        end
-        config imaps
-            set status disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config pop3s
-            set status disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config smtps
-            set status disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config ssh
-            set ports 22
-            set status disable
-            set inspect-all disable
-            set unsupported-version bypass
-            set ssh-tun-policy-check disable
-            set ssh-algorithm compatible
-        end
-        config dot
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        set block-blocklisted-certificates enable
-        set caname "Fortinet_CA_SSL"
-        set ssl-anomaly-log enable
-        set ssl-negotiation-log disable
-        set ssl-server-cert-log disable
-        set ssl-handshake-log disable
-    next
-    edit "deep-inspection"
-        set comment "Read-only deep inspection profile."
-        config ssl
-            set inspect-all disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set min-allowed-ssl-version tls-1.1
-        end
-        config https
-            set ports 443
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set sni-server-cert-check enable
-            set min-allowed-ssl-version tls-1.1
-        end
-        config ftps
-            set ports 990
-            set status deep-inspection
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set min-allowed-ssl-version tls-1.1
-        end
-        config imaps
-            set ports 993
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config pop3s
-            set ports 995
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config smtps
-            set ports 465
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config ssh
-            set ports 22
-            set status disable
-            set inspect-all disable
-            set unsupported-version bypass
-            set ssh-tun-policy-check disable
-            set ssh-algorithm compatible
-        end
-        config dot
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        set allowlist disable
-        set block-blocklisted-certificates enable
-        config ssl-exempt
-            edit 1
-                set type fortiguard-category
-                set fortiguard-category 31
-            next
-            edit 2
-                set type fortiguard-category
-                set fortiguard-category 33
-            next
-            edit 3
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-adobe"
-            next
-            edit 4
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Adobe Login"
-            next
-            edit 5
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-android"
-            next
-            edit 6
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-apple"
-            next
-            edit 7
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-appstore"
-            next
-            edit 8
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-auth.gfx.ms"
-            next
-            edit 9
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-citrix"
-            next
-            edit 10
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-dropbox.com"
-            next
-            edit 11
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-eease"
-            next
-            edit 12
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-firefox update server"
-            next
-            edit 13
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-fortinet"
-            next
-            edit 14
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-googleapis.com"
-            next
-            edit 15
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-drive"
-            next
-            edit 16
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play2"
-            next
-            edit 17
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play3"
-            next
-            edit 18
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Gotomeeting"
-            next
-            edit 19
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-icloud"
-            next
-            edit 20
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-itunes"
-            next
-            edit 21
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-microsoft"
-            next
-            edit 22
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-skype"
-            next
-            edit 23
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-softwareupdate.vmware.com"
-            next
-            edit 24
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-verisign"
-            next
-            edit 25
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Windows update 2"
-            next
-            edit 26
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-live.com"
-            next
-            edit 27
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play"
-            next
-            edit 28
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-update.microsoft.com"
-            next
-            edit 29
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-swscan.apple.com"
-            next
-            edit 30
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-autoupdate.opera.com"
-            next
-            edit 31
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-cdn-apple"
-            next
-            edit 32
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-mzstatic-apple"
-            next
-        end
-        set server-cert-mode re-sign
-        set caname "Fortinet_CA_SSL"
-        set untrusted-caname "Fortinet_CA_Untrusted"
-        set ssl-exemption-ip-rating enable
-        set ssl-exemption-log disable
-        set ssl-anomaly-log enable
-        set ssl-negotiation-log disable
-        set ssl-server-cert-log disable
-        set ssl-handshake-log disable
-        set rpc-over-https disable
-        set mapi-over-https disable
-        set supported-alpn all
-        set use-ssl-server disable
-    next
-    edit "custom-deep-inspection"
-        set comment "Customizable deep inspection profile."
-        config ssl
-            set inspect-all disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set min-allowed-ssl-version tls-1.1
-        end
-        config https
-            set ports 443
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set sni-server-cert-check enable
-            set min-allowed-ssl-version tls-1.1
-        end
-        config ftps
-            set ports 990
-            set status deep-inspection
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set min-allowed-ssl-version tls-1.1
-        end
-        config imaps
-            set ports 993
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config pop3s
-            set ports 995
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config smtps
-            set ports 465
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config ssh
-            set ports 22
-            set status disable
-            set inspect-all disable
-            set unsupported-version bypass
-            set ssh-tun-policy-check disable
-            set ssh-algorithm compatible
-        end
-        config dot
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        set allowlist disable
-        set block-blocklisted-certificates enable
-        config ssl-exempt
-            edit 1
-                set type fortiguard-category
-                set fortiguard-category 31
-            next
-            edit 2
-                set type fortiguard-category
-                set fortiguard-category 33
-            next
-            edit 3
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-adobe"
-            next
-            edit 4
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Adobe Login"
-            next
-            edit 5
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-android"
-            next
-            edit 6
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-apple"
-            next
-            edit 7
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-appstore"
-            next
-            edit 8
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-auth.gfx.ms"
-            next
-            edit 9
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-citrix"
-            next
-            edit 10
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-dropbox.com"
-            next
-            edit 11
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-eease"
-            next
-            edit 12
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-firefox update server"
-            next
-            edit 13
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-fortinet"
-            next
-            edit 14
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-googleapis.com"
-            next
-            edit 15
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-drive"
-            next
-            edit 16
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play2"
-            next
-            edit 17
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play3"
-            next
-            edit 18
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Gotomeeting"
-            next
-            edit 19
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-icloud"
-            next
-            edit 20
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-itunes"
-            next
-            edit 21
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-microsoft"
-            next
-            edit 22
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-skype"
-            next
-            edit 23
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-softwareupdate.vmware.com"
-            next
-            edit 24
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-verisign"
-            next
-            edit 25
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Windows update 2"
-            next
-            edit 26
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-live.com"
-            next
-            edit 27
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play"
-            next
-            edit 28
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-update.microsoft.com"
-            next
-            edit 29
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-swscan.apple.com"
-            next
-            edit 30
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-autoupdate.opera.com"
-            next
-            edit 31
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-cdn-apple"
-            next
-            edit 32
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-mzstatic-apple"
-            next
-        end
-        set server-cert-mode re-sign
-        set caname "Fortinet_CA_SSL"
-        set untrusted-caname "Fortinet_CA_Untrusted"
-        set ssl-exemption-ip-rating enable
-        set ssl-exemption-log disable
-        set ssl-anomaly-log enable
-        set ssl-negotiation-log disable
-        set ssl-server-cert-log disable
-        set ssl-handshake-log disable
-        set rpc-over-https disable
-        set mapi-over-https disable
-        set supported-alpn all
-        set use-ssl-server disable
-    next
-    edit "no-inspection"
-        set comment "Read-only profile that does no inspection."
-        config ssl
-            set inspect-all disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set min-allowed-ssl-version tls-1.1
-        end
-        config https
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set sni-server-cert-check enable
-            set min-allowed-ssl-version tls-1.1
-        end
-        config ftps
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set min-allowed-ssl-version tls-1.1
-        end
-        config imaps
-            set status disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config pop3s
-            set status disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config smtps
-            set status disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config ssh
-            set ports 22
-            set status disable
-            set inspect-all disable
-            set unsupported-version bypass
-            set ssh-tun-policy-check disable
-            set ssh-algorithm compatible
-        end
-        config dot
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        set block-blocklisted-certificates enable
-        set caname "Fortinet_CA_SSL"
-        set ssl-anomaly-log enable
-        set ssl-negotiation-log disable
-        set ssl-server-cert-log disable
-        set ssl-handshake-log disable
-    next
-end
-config waf profile
-    edit "default"
-        set external disable
-        set extended-log disable
-        config signature
-            config main-class 100000000
-                set status disable
-                set action block
-                set log enable
-                set severity high
-            end
-            config main-class 20000000
-                set status disable
-                set action allow
-                set log enable
-                set severity medium
-            end
-            config main-class 30000000
-                set status enable
-                set action block
-                set log enable
-                set severity high
-            end
-            config main-class 40000000
-                set status disable
-                set action allow
-                set log enable
-                set severity medium
-            end
-            config main-class 50000000
-                set status enable
-                set action block
-                set log enable
-                set severity high
-            end
-            config main-class 60000000
-                set status disable
-                set action allow
-                set log enable
-                set severity medium
-            end
-            config main-class 70000000
-                set status enable
-                set action block
-                set log enable
-                set severity high
-            end
-            config main-class 80000000
-                set status enable
-                set action allow
-                set log enable
-                set severity low
-            end
-            config main-class 110000000
-                set status enable
-                set action allow
-                set log enable
-                set severity high
-            end
-            config main-class 90000000
-                set status enable
-                set action block
-                set log enable
-                set severity high
-            end
-            set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002
-            set credit-card-detection-threshold 3
-        end
-        config constraint
-            config header-length
-                set status enable
-                set length 8192
-                set action allow
-                set log enable
-                set severity low
-            end
-            config content-length
-                set status enable
-                set length 67108864
-                set action allow
-                set log enable
-                set severity low
-            end
-            config param-length
-                set status enable
-                set length 8192
-                set action allow
-                set log enable
-                set severity low
-            end
-            config line-length
-                set status enable
-                set length 1024
-                set action allow
-                set log enable
-                set severity low
-            end
-            config url-param-length
-                set status enable
-                set length 8192
-                set action allow
-                set log enable
-                set severity low
-            end
-            config version
-                set status disable
-                set action allow
-                set log enable
-                set severity medium
-            end
-            config method
-                set status disable
-                set action block
-                set log enable
-                set severity medium
-            end
-            config hostname
-                set status disable
-                set action block
-                set log enable
-                set severity medium
-            end
-            config malformed
-                set status disable
-                set action allow
-                set log enable
-                set severity medium
-            end
-            config max-cookie
-                set status enable
-                set max-cookie 16
-                set action allow
-                set log enable
-                set severity low
-            end
-            config max-header-line
-                set status enable
-                set max-header-line 32
-                set action allow
-                set log enable
-                set severity low
-            end
-            config max-url-param
-                set status enable
-                set max-url-param 16
-                set action allow
-                set log enable
-                set severity low
-            end
-            config max-range-segment
-                set status enable
-                set max-range-segment 5
-                set action allow
-                set log enable
-                set severity high
-            end
-        end
-        config method
-            set status disable
-            set log disable
-            set severity medium
-            unset default-allowed-methods
-        end
-        config address-list
-            set status disable
-            set blocked-log disable
-            set severity medium
-        end
-        set comment ''
-    next
-end
-config firewall profile-group
-end
-config firewall ssl-server
-end
-config firewall identity-based-route
-end
-config firewall auth-portal
-    set portal-addr ''
-    set portal-addr6 ''
-    set identity-based-route ''
-end
-config firewall security-policy
-end
-config firewall policy
-    edit 1
-        set status enable
-        set name "Default"
-        set uuid bdf03fc8-3520-51ed-3963-cb429fce01ab
-        set srcintf "any"
-        set dstintf "any"
-        set nat64 disable
-        set nat46 disable
-        set ztna-status disable
-        set srcaddr "all"
-        set dstaddr "all"
-        set srcaddr6 "all"
-        set dstaddr6 "all"
-        set internet-service disable
-        set internet-service-src disable
-        set service "ALL"
-        set dynamic-shaping disable
-        set passive-wan-health-measurement disable
-        set ssl-ssh-profile "certificate-inspection"
-        set auto-asic-offload enable
-        set session-ttl 0
-        set fec disable
-        set diffserv-forward disable
-        set diffserv-reverse disable
-        set tcp-mss-sender 0
-        set tcp-mss-receiver 0
-        set comments ''
-        set srcaddr-negate disable
-        set dstaddr-negate disable
-        set service-negate disable
-    next
-end
-config firewall traffic-class
-end
-config firewall shaping-policy
-end
-config firewall shaping-profile
-end
-config firewall local-in-policy
-end
-config firewall local-in-policy6
-end
-config firewall ttl-policy
-end
-config firewall dnstranslation
-end
-config firewall multicast-policy
-end
-config firewall multicast-policy6
-end
-config firewall interface-policy
-end
-config firewall interface-policy6
-end
-config firewall DoS-policy
-end
-config firewall DoS-policy6
-end
-config firewall sniffer
-end
-config firewall acl
-end
-config firewall acl6
-end
-config firewall central-snat-map
-end
-config firewall ip-translation
-end
-config authentication scheme
-end
-config authentication rule
-end
-config authentication setting
-    set active-auth-scheme ''
-    set sso-auth-scheme ''
-    set captive-portal-type fqdn
-    set captive-portal ''
-    set captive-portal6 ''
-    set cert-auth disable
-    set captive-portal-port 7830
-    set auth-https enable
-    set captive-portal-ssl-port 7831
-end
-config system speed-test-schedule
-end
-config switch-controller switch-interface-tag
-end
-config switch-controller 802-1X-settings
-    set link-down-auth set-unauth
-    set reauth-period 60
-    set max-reauth-attempt 3
-    set tx-period 30
-end
-config switch-controller security-policy 802-1X
-    edit "802-1X-policy-default"
-        set security-mode 802.1X
-        set user-group "SSO_Guest_Users"
-        set mac-auth-bypass disable
-        set open-auth disable
-        set eap-passthru enable
-        set eap-auto-untagged-vlans enable
-        set guest-vlan disable
-        set guest-auth-delay 30
-        set auth-fail-vlan disable
-        set framevid-apply enable
-        set radius-timeout-overwrite disable
-        set policy-type 802.1X
-        set authserver-timeout-vlan disable
-    next
-end
-config switch-controller security-policy local-access
-    edit "default"
-        set mgmt-allowaccess https ping ssh
-        set internal-allowaccess https ping ssh
-    next
-end
-config switch-controller location
-end
-config switch-controller lldp-settings
-    set tx-hold 4
-    set tx-interval 30
-    set fast-start-interval 2
-    set management-interface internal
-    set device-detection enable
-end
-config switch-controller lldp-profile
-    edit "default"
-        set med-tlvs inventory-management network-policy location-identification
-        unset 802.1-tlvs
-        unset 802.3-tlvs
-        set auto-isl disable
-        config med-network-policy
-            edit "voice"
-                set status disable
-            next
-            edit "voice-signaling"
-                set status disable
-            next
-            edit "guest-voice"
-                set status disable
-            next
-            edit "guest-voice-signaling"
-                set status disable
-            next
-            edit "softphone-voice"
-                set status disable
-            next
-            edit "video-conferencing"
-                set status disable
-            next
-            edit "streaming-video"
-                set status disable
-            next
-            edit "video-signaling"
-                set status disable
-            next
-        end
-        config med-location-service
-            edit "coordinates"
-                set status disable
-            next
-            edit "address-civic"
-                set status disable
-            next
-            edit "elin-number"
-                set status disable
-            next
-        end
-    next
-    edit "default-auto-isl"
-        unset med-tlvs
-        unset 802.1-tlvs
-        unset 802.3-tlvs
-        set auto-isl enable
-        set auto-isl-hello-timer 3
-        set auto-isl-receive-timeout 60
-        set auto-isl-port-group 0
-        set auto-mclag-icl disable
-    next
-    edit "default-auto-mclag-icl"
-        unset med-tlvs
-        unset 802.1-tlvs
-        unset 802.3-tlvs
-        set auto-isl enable
-        set auto-isl-hello-timer 3
-        set auto-isl-receive-timeout 60
-        set auto-isl-port-group 0
-        set auto-mclag-icl enable
-    next
-end
-config switch-controller qos dot1p-map
-    edit "voice-dot1p"
-        set description ''
-        set egress-pri-tagging disable
-        set priority-0 queue-4
-        set priority-1 queue-4
-        set priority-2 queue-3
-        set priority-3 queue-2
-        set priority-4 queue-3
-        set priority-5 queue-1
-        set priority-6 queue-2
-        set priority-7 queue-2
-    next
-end
-config switch-controller qos ip-dscp-map
-    edit "voice-dscp"
-        set description ''
-        config map
-            edit "1"
-                set cos-queue 1
-                set value 46
-            next
-            edit "2"
-                set cos-queue 2
-                set value 24,26,48,56
-            next
-            edit "5"
-                set cos-queue 3
-                set value 34
-            next
-        end
-    next
-end
-config switch-controller qos queue-policy
-    edit "default"
-        set schedule round-robin
-        set rate-by kbps
-        config cos-queue
-            edit "queue-0"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-1"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-2"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-3"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-4"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-5"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-6"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-7"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-        end
-    next
-    edit "voice-egress"
-        set schedule weighted
-        set rate-by kbps
-        config cos-queue
-            edit "queue-0"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-1"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 0
-            next
-            edit "queue-2"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 6
-            next
-            edit "queue-3"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 37
-            next
-            edit "queue-4"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 12
-            next
-            edit "queue-5"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-6"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-7"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-        end
-    next
-end
-config switch-controller qos qos-policy
-    edit "default"
-        set default-cos 0
-        set trust-dot1p-map ''
-        set trust-ip-dscp-map ''
-        set queue-policy "default"
-    next
-    edit "voice-qos"
-        set default-cos 0
-        set trust-dot1p-map "voice-dot1p"
-        set trust-ip-dscp-map "voice-dscp"
-        set queue-policy "voice-egress"
-    next
-end
-config switch-controller storm-control-policy
-    edit "default"
-        set description "default storm control on all port"
-        set storm-control-mode global
-    next
-    edit "auto-config"
-        set description "storm control policy for fortilink-isl-icl port"
-        set storm-control-mode disabled
-    next
-end
-config switch-controller auto-config policy
-    edit "default"
-        set qos-policy "default"
-        set storm-control-policy "auto-config"
-        set poe-status enable
-        set igmp-flood-report disable
-        set igmp-flood-traffic disable
-    next
-    edit "default-icl"
-        set qos-policy "default"
-        set storm-control-policy "auto-config"
-        set poe-status disable
-        set igmp-flood-report enable
-        set igmp-flood-traffic enable
-    next
-end
-config switch-controller auto-config default
-    set fgt-policy "default"
-    set isl-policy "default"
-    set icl-policy "default-icl"
-end
-config switch-controller auto-config custom
-end
-config switch-controller initial-config template
-    edit "_default"
-        set vlanid 1
-        unset allowaccess
-        set dhcp-server disable
-    next
-    edit "quarantine"
-        set vlanid 4093
-        unset allowaccess
-        set auto-ip enable
-        set dhcp-server enable
-    next
-    edit "rspan"
-        set vlanid 4092
-        unset allowaccess
-        set auto-ip enable
-        set dhcp-server enable
-    next
-    edit "voice"
-        set vlanid 4091
-        unset allowaccess
-        set dhcp-server disable
-    next
-    edit "video"
-        set vlanid 4090
-        unset allowaccess
-        set dhcp-server disable
-    next
-    edit "onboarding"
-        set vlanid 4089
-        unset allowaccess
-        set dhcp-server disable
-    next
-    edit "nac_segment"
-        set vlanid 4088
-        unset allowaccess
-        set auto-ip enable
-        set dhcp-server enable
-    next
-end
-config switch-controller initial-config vlans
-    set default-vlan "_default"
-    set quarantine "quarantine"
-    set rspan "rspan"
-    set voice "voice"
-    set video "video"
-    set nac "onboarding"
-    set nac-segment "nac_segment"
-end
-config switch-controller switch-profile
-    edit "default"
-        set login-passwd-override disable
-    next
-end
-config switch-controller custom-command
-end
-config switch-controller virtual-port-pool
-end
-config switch-controller ptp settings
-    set mode disable
-end
-config switch-controller ptp policy
-    edit "default"
-        set status enable
-    next
-end
-config switch-controller vlan-policy
-end
-config switch-controller dynamic-port-policy
-end
-config switch-controller managed-switch
-end
-config switch-controller switch-group
-end
-config switch-controller stp-settings
-    set name ''
-    set revision 0
-    set hello-time 2
-    set forward-time 15
-    set max-age 20
-    set max-hops 20
-end
-config switch-controller stp-instance
-end
-config switch-controller storm-control
-    set rate 500
-    set unknown-unicast disable
-    set unknown-multicast disable
-    set broadcast disable
-end
-config switch-controller global
-    set mac-aging-interval 300
-    set https-image-push enable
-    set vlan-optimization enable
-    set mac-retention-period 24
-    set default-virtual-switch-vlan ''
-    set dhcp-server-access-list disable
-    set log-mac-limit-violations disable
-    set sn-dns-resolution enable
-    set mac-event-logging disable
-    set bounce-quarantined-link disable
-    set quarantine-mode by-vlan
-    set update-user-device mac-cache lldp dhcp-snooping l2-db l3-db
-    set fips-enforce enable
-    set firmware-provision-on-authorization disable
-end
-config switch-controller switch-log
-    set status enable
-    set severity notification
-end
-config switch-controller igmp-snooping
-    set aging-time 300
-    set flood-unknown-multicast disable
-    set query-interval 125
-end
-config switch-controller sflow
-    set collector-ip 0.0.0.0
-    set collector-port 6343
-end
-config switch-controller network-monitor-settings
-    set network-monitoring disable
-end
-config switch-controller flow-tracking
-    set sample-mode perimeter
-    set sample-rate 512
-    set format netflow9
-    set collector-ip 0.0.0.0
-    set collector-port 0
-    set transport udp
-    set level ip
-    set max-export-pkt-size 512
-    set timeout-general 3600
-    set timeout-icmp 300
-    set timeout-max 604800
-    set timeout-tcp 3600
-    set timeout-tcp-fin 300
-    set timeout-tcp-rst 120
-    set timeout-udp 300
-end
-config switch-controller snmp-sysinfo
-    set status disable
-    set engine-id ''
-    set description ''
-    set contact-info ''
-    set location ''
-end
-config switch-controller snmp-trap-threshold
-    set trap-high-cpu-threshold 80
-    set trap-low-memory-threshold 80
-    set trap-log-full-threshold 90
-end
-config switch-controller snmp-community
-end
-config switch-controller snmp-user
-end
-config switch-controller traffic-sniffer
-    set mode erspan-auto
-    set erspan-ip 0.0.0.0
-end
-config switch-controller remote-log
-    edit "syslogd"
-        set status disable
-    next
-    edit "syslogd2"
-        set status disable
-    next
-end
-config switch-controller mac-policy
-end
-config wireless-controller setting
-    set account-id ''
-    set country US
-    set duplicate-ssid disable
-    set fapc-compatibility disable
-    set wfa-compatibility disable
-    set phishing-ssid-detect enable
-    set fake-ssid-action log
-    set device-weight 1
-    set device-holdoff 5
-    set device-idle 1440
-    set firmware-provision-on-authorization disable
-    set darrp-optimize 86400
-    set darrp-optimize-schedules "default-darrp-optimize"
-end
-config wireless-controller log
-    set status enable
-    set addrgrp-log notification
-    set ble-log notification
-    set clb-log notification
-    set dhcp-starv-log notification
-    set led-sched-log notification
-    set radio-event-log notification
-    set rogue-event-log notification
-    set sta-event-log notification
-    set sta-locate-log notification
-    set wids-log notification
-    set wtp-event-log notification
-end
-config wireless-controller apcfg-profile
-end
-config wireless-controller bonjour-profile
-end
-config wireless-controller arrp-profile
-    edit "arrp-default"
-        set comment ''
-        set selection-period 3600
-        set monitor-period 300
-        set weight-managed-ap 50
-        set weight-rogue-ap 10
-        set weight-noise-floor 40
-        set weight-channel-load 20
-        set weight-spectral-rssi 40
-        set weight-weather-channel 1000
-        set weight-dfs-channel 500
-        set threshold-ap 250
-        set threshold-noise-floor "-85"
-        set threshold-channel-load 60
-        set threshold-spectral-rssi "-65"
-        set threshold-tx-retries 300
-        set threshold-rx-errors 50
-        set include-weather-channel disable
-        set include-dfs-channel disable
-        set override-darrp-optimize disable
-    next
-end
-config wireless-controller region
-end
-config wireless-controller vap-group
-end
-config wireless-controller wids-profile
-    edit "default"
-        set comment "Default WIDS profile."
-        set sensor-mode disable
-        set ap-scan enable
-        set ap-bgscan-period 600
-        set ap-bgscan-intv 1
-        set ap-bgscan-duration 20
-        set ap-bgscan-idle 0
-        set ap-bgscan-report-intv 30
-        set ap-fgscan-report-intv 15
-        set ap-scan-passive disable
-        set ap-scan-threshold "-90"
-        set wireless-bridge enable
-        set deauth-broadcast enable
-        set null-ssid-probe-resp enable
-        set long-duration-attack enable
-        set long-duration-thresh 8200
-        set invalid-mac-oui enable
-        set weak-wep-iv enable
-        set auth-frame-flood enable
-        set auth-flood-time 10
-        set auth-flood-thresh 30
-        set assoc-frame-flood enable
-        set assoc-flood-time 10
-        set assoc-flood-thresh 30
-        set spoofed-deauth enable
-        set asleap-attack enable
-        set eapol-start-flood enable
-        set eapol-start-thresh 10
-        set eapol-start-intv 1
-        set eapol-logoff-flood enable
-        set eapol-logoff-thresh 10
-        set eapol-logoff-intv 1
-        set eapol-succ-flood enable
-        set eapol-succ-thresh 10
-        set eapol-succ-intv 1
-        set eapol-fail-flood enable
-        set eapol-fail-thresh 10
-        set eapol-fail-intv 1
-        set eapol-pre-succ-flood enable
-        set eapol-pre-succ-thresh 10
-        set eapol-pre-succ-intv 1
-        set eapol-pre-fail-flood enable
-        set eapol-pre-fail-thresh 10
-        set eapol-pre-fail-intv 1
-        set deauth-unknown-src-thresh 10
-    next
-    edit "default-wids-apscan-enabled"
-        set comment ''
-        set sensor-mode disable
-        set ap-scan enable
-        set ap-bgscan-period 600
-        set ap-bgscan-intv 1
-        set ap-bgscan-duration 20
-        set ap-bgscan-idle 0
-        set ap-bgscan-report-intv 30
-        set ap-fgscan-report-intv 15
-        set ap-scan-passive disable
-        set ap-scan-threshold "-90"
-        set wireless-bridge disable
-        set deauth-broadcast disable
-        set null-ssid-probe-resp disable
-        set long-duration-attack disable
-        set long-duration-thresh 8200
-        set invalid-mac-oui disable
-        set weak-wep-iv disable
-        set auth-frame-flood disable
-        set assoc-frame-flood disable
-        set spoofed-deauth disable
-        set asleap-attack disable
-        set eapol-start-flood disable
-        set eapol-logoff-flood disable
-        set eapol-succ-flood disable
-        set eapol-fail-flood disable
-        set eapol-pre-succ-flood disable
-        set eapol-pre-fail-flood disable
-        set deauth-unknown-src-thresh 10
-    next
-end
-config wireless-controller ble-profile
-    edit "fortiap-discovery"
-        set comment ''
-        set advertising ibeacon eddystone-uid eddystone-url
-        set ibeacon-uuid "wtp-uuid"
-        set major-id 1000
-        set minor-id 2000
-        set eddystone-namespace "0102030405"
-        set eddystone-instance "abcdef"
-        set eddystone-url "http://www.fortinet.com"
-        set txpower 0
-        set beacon-interval 100
-        set ble-scanning disable
-    next
-end
-config wireless-controller syslog-profile
-end
-config wireless-controller wtp-profile
-end
-config wireless-controller wtp
-end
-config wireless-controller wtp-group
-end
-config wireless-controller qos-profile
-end
-config wireless-controller wag-profile
-end
-config wireless-controller address
-end
-config wireless-controller addrgrp
-end
-config wireless-controller snmp
-    set engine-id ''
-    set contact-info ''
-    set trap-high-cpu-threshold 80
-    set trap-high-mem-threshold 80
-end
-config wireless-controller mpsk-profile
-end
-config wireless-controller nac-profile
-end
-config wireless-controller ssid-policy
-end
-config wireless-controller access-control-list
-end
-config wireless-controller ap-status
-end
-config user nac-policy
-end
-config extender-controller dataplan
-end
-config extender-controller extender-profile
-end
-config extender-controller extender
-end
-config system ips
-    set signature-hold-time 0h
-end
-config ips custom
-end
-config ips settings
-    set packet-log-history 1
-    set packet-log-post-attack 0
-    set ips-packet-quota 0
-end
-config alertemail setting
-    set username ''
-    set mailto1 ''
-    set mailto2 ''
-    set mailto3 ''
-    set filter-mode category
-    set email-interval 5
-    set IPS-logs disable
-    set firewall-authentication-failure-logs disable
-    set IPsec-errors-logs disable
-    set PPP-errors-logs disable
-    set sslvpn-authentication-errors-logs disable
-    set antivirus-logs disable
-    set webfilter-logs disable
-    set configuration-changes-logs disable
-    set violation-traffic-logs disable
-    set admin-login-logs disable
-    set log-disk-usage-warning disable
-    set FSSO-disconnect-logs disable
-    set ssh-logs disable
-    set local-disk-usage 75
-end
-config router access-list
-end
-config router access-list6
-end
-config router aspath-list
-end
-config router prefix-list
-end
-config router prefix-list6
-end
-config router key-chain
-end
-config router community-list
-end
-config router route-map
-end
-config router rip
-    set default-information-originate disable
-    set default-metric 1
-    set max-out-metric 0
-    config redistribute "connected"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "static"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "ospf"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "bgp"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "isis"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    set update-timer 30
-    set timeout-timer 180
-    set garbage-timer 120
-    set version 2
-end
-config router ripng
-    set default-information-originate disable
-    set default-metric 1
-    set max-out-metric 0
-    config redistribute "connected"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "static"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "ospf"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "bgp"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "isis"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    set update-timer 30
-    set timeout-timer 180
-    set garbage-timer 120
-end
-config router static
-end
-config router policy
-end
-config router policy6
-end
-config router static6
-end
-config router ospf
-    set abr-type standard
-    set auto-cost-ref-bandwidth 1000
-    set distance-external 110
-    set distance-inter-area 110
-    set distance-intra-area 110
-    set database-overflow disable
-    set database-overflow-max-lsas 10000
-    set database-overflow-time-to-recover 300
-    set default-information-originate disable
-    set default-information-metric 10
-    set default-information-metric-type 2
-    set default-information-route-map ''
-    set default-metric 10
-    set distance 110
-    set rfc1583-compatible disable
-    set router-id 0.0.0.0
-    set spf-timers 5 10
-    set bfd disable
-    set log-neighbour-changes enable
-    set distribute-list-in ''
-    set distribute-route-map-in ''
-    set restart-mode none
-    set restart-period 120
-    config redistribute "connected"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-        set tag 0
-    end
-    config redistribute "static"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-        set tag 0
-    end
-    config redistribute "rip"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-        set tag 0
-    end
-    config redistribute "bgp"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-        set tag 0
-    end
-    config redistribute "isis"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-        set tag 0
-    end
-end
-config router ospf6
-    set abr-type standard
-    set auto-cost-ref-bandwidth 1000
-    set default-information-originate disable
-    set log-neighbour-changes enable
-    set default-information-metric 10
-    set default-information-metric-type 2
-    set default-information-route-map ''
-    set default-metric 10
-    set router-id 0.0.0.0
-    set spf-timers 5 10
-    set bfd disable
-    config redistribute "connected"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-    end
-    config redistribute "static"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-    end
-    config redistribute "rip"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-    end
-    config redistribute "bgp"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-    end
-    config redistribute "isis"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-    end
-end
-config router bgp
-    set as 0
-    set keepalive-timer 60
-    set holdtime-timer 180
-    set always-compare-med disable
-    set bestpath-as-path-ignore disable
-    set bestpath-cmp-confed-aspath disable
-    set bestpath-cmp-routerid disable
-    set bestpath-med-confed disable
-    set bestpath-med-missing-as-worst disable
-    set client-to-client-reflection enable
-    set dampening disable
-    set deterministic-med disable
-    set ebgp-multipath disable
-    set ibgp-multipath disable
-    set enforce-first-as enable
-    set fast-external-failover enable
-    set log-neighbour-changes enable
-    set network-import-check enable
-    set ignore-optional-capability enable
-    set multipath-recursive-distance disable
-    set recursive-next-hop disable
-    set tag-resolve-mode disable
-    set cluster-id 0.0.0.0
-    set confederation-identifier 0
-    set default-local-preference 100
-    set scan-time 60
-    set distance-external 20
-    set distance-internal 200
-    set distance-local 200
-    set synchronization disable
-    set graceful-restart disable
-    config redistribute "connected"
-        set status disable
-        set route-map ''
-    end
-    config redistribute "rip"
-        set status disable
-        set route-map ''
-    end
-    config redistribute "ospf"
-        set status disable
-        set route-map ''
-    end
-    config redistribute "static"
-        set status disable
-        set route-map ''
-    end
-    config redistribute "isis"
-        set status disable
-        set route-map ''
-    end
-    config redistribute6 "connected"
-        set status disable
-        set route-map ''
-    end
-    config redistribute6 "rip"
-        set status disable
-        set route-map ''
-    end
-    config redistribute6 "ospf"
-        set status disable
-        set route-map ''
-    end
-    config redistribute6 "static"
-        set status disable
-        set route-map ''
-    end
-    config redistribute6 "isis"
-        set status disable
-        set route-map ''
-    end
-end
-config router isis
-    set is-type level-1-2
-    set adv-passive-only disable
-    set adv-passive-only6 disable
-    set auth-mode-l1 password
-    set auth-mode-l2 password
-    set auth-password-l1 ENC BKa9QHVB49FiaxuCmlj03wbzo1gzQFZ6OLnSHP3Lax1rSWS0+2C2Rw0VEnZB+bQJsoNimpavAcESxldMjCv+BmKmnC6z10pPDW+pWDaPCkyN4PbmvgOWKUt2h8fQvqIWZjcwtyz6v7kMuOaYB7MqOWV/s6m/l2EROoy0LKmB6EDMVRIKps0RSRtJl9c7bJvm8nQAEA==
-    set auth-password-l2 ENC OOg+RSnqSIHBhT+ARcwwonWGqbsV/W7S/OuVumQKm/ppR8BVeGgca5YdyyfUu0TR0DvcsDp0lhxXFEcFoEx88i6DYAq/T+F3fvLnZLmBD3nHU3Biwe5gt21NaoOMZhiQUzbhy+FJNQX4XHdgvD2EyCGFmWRVOXnt5YwXYfeZFpzCJ5W4htsIORFFIPry2ICGzx6SUw==
-    set auth-sendonly-l1 disable
-    set auth-sendonly-l2 disable
-    set ignore-lsp-errors disable
-    set lsp-gen-interval-l1 30
-    set lsp-gen-interval-l2 30
-    set lsp-refresh-interval 900
-    set max-lsp-lifetime 1200
-    set spf-interval-exp-l1 500 50000
-    set spf-interval-exp-l2 500 50000
-    set dynamic-hostname disable
-    set adjacency-check disable
-    set adjacency-check6 disable
-    set overload-bit disable
-    unset overload-bit-suppress
-    set overload-bit-on-startup 0
-    set default-originate disable
-    set default-originate6 disable
-    set metric-style narrow
-    set redistribute-l1 disable
-    set redistribute-l2 disable
-    set redistribute6-l1 disable
-    set redistribute6-l2 disable
-    config redistribute "connected"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute "rip"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute "ospf"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute "bgp"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute "static"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute6 "connected"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute6 "rip"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute6 "ospf"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute6 "bgp"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-    config redistribute6 "static"
-        set status disable
-        set metric 0
-        set metric-type internal
-        set level level-2
-        set routemap ''
-    end
-end
-config router multicast-flow
-end
-config router multicast
-    set route-limit 2147483647
-    set multicast-routing disable
-    config pim-sm-global
-        set message-interval 60
-        set join-prune-holdtime 210
-        set accept-register-list ''
-        set accept-source-list ''
-        set bsr-candidate disable
-        set bsr-allow-quick-refresh disable
-        set cisco-register-checksum disable
-        set cisco-crp-prefix disable
-        set cisco-ignore-rp-set-priority disable
-        set register-rp-reachability enable
-        set register-source disable
-        set register-supression 60
-        set null-register-retries 1
-        set rp-register-keepalive 185
-        set spt-threshold enable
-        set ssm disable
-        set register-rate-limit 0
-        set spt-threshold-group ''
-    end
-end
-config router multicast6
-    set multicast-routing disable
-    config pim-sm-global
-    end
-end
-config router auth-path
-end
-config router setting
-    set show-filter ''
-    set hostname ''
-end
-config router bfd
-end
-config router bfd6
-end
-config system proxy-arp
-end
-config system link-monitor
-end
-config system wccp
-end
-config system dns64
-    set status disable
-    set dns64-prefix 64:ff9b::/96
-    set always-synthesize-aaaa-record enable
-end
-config system nd-proxy
-    set status disable
-end
-config system vne-tunnel
-    set status disable
-end
-end
-
-config vdom
-edit TEST
-config wireless-controller hotspot20 anqp-venue-name
-end
-config wireless-controller hotspot20 anqp-venue-url
-end
-config wireless-controller hotspot20 anqp-network-auth-type
-end
-config wireless-controller hotspot20 anqp-roaming-consortium
-end
-config wireless-controller hotspot20 anqp-nai-realm
-end
-config wireless-controller hotspot20 anqp-3gpp-cellular
-end
-config wireless-controller hotspot20 anqp-ip-address-type
-end
-config wireless-controller hotspot20 h2qp-operator-name
-end
-config wireless-controller hotspot20 h2qp-wan-metric
-end
-config wireless-controller hotspot20 h2qp-conn-capability
-end
-config wireless-controller hotspot20 icon
-end
-config wireless-controller hotspot20 h2qp-osu-provider
-end
-config wireless-controller hotspot20 qos-map
-end
-config wireless-controller hotspot20 h2qp-advice-of-charge
-end
-config wireless-controller hotspot20 h2qp-osu-provider-nai
-end
-config wireless-controller hotspot20 h2qp-terms-and-conditions
-end
-config wireless-controller hotspot20 hs-profile
-end
-config wireless-controller vap
-end
-config system object-tagging
-    edit "default"
-        set address optional
-        set device optional
-        set interface optional
-        set multiple enable
-        set color 0
-    next
-end
-config switch-controller traffic-policy
-    edit "quarantine"
-        set description "Rate control for quarantined traffic"
-        set policer-status enable
-        set guaranteed-bandwidth 163840
-        set guaranteed-burst 8192
-        set maximum-burst 163840
-        set cos-queue 0
-    next
-    edit "sniffer"
-        set description "Rate control for sniffer mirrored traffic"
-        set policer-status enable
-        set guaranteed-bandwidth 50000
-        set guaranteed-burst 8192
-        set maximum-burst 163840
-        set cos-queue 0
-    next
-end
-config switch-controller fortilink-settings
-end
-config system stp
-    set switch-priority 32768
-    set hello-time 2
-    set forward-delay 15
-    set max-age 20
-    set max-hops 20
-end
-config system settings
-    set comments ''
-    set opmode nat
-    set policy-offload-level disable
-    set ngfw-mode profile-based
-    set http-external-dest fortiweb
-    set firewall-session-dirty check-all
-    set bfd disable
-    set utf8-spam-tagging enable
-    set wccp-cache-engine disable
-    set vpn-stats-log ipsec pptp l2tp ssl
-    set vpn-stats-period 600
-    set v4-ecmp-mode source-ip-based
-    set fw-session-hairpin disable
-    set prp-trailer-action disable
-    set snat-hairpin-traffic enable
-    set dhcp-proxy disable
-    set central-nat disable
-    set lldp-reception global
-    set lldp-transmission global
-    set link-down-access enable
-    set nat46-generate-ipv6-fragment-header disable
-    set nat46-force-ipv4-packet-forwarding disable
-    set nat64-force-ipv6-packet-forwarding enable
-    set auxiliary-session disable
-    set asymroute disable
-    set asymroute-icmp disable
-    set tcp-session-without-syn disable
-    set ses-denied-traffic disable
-    set strict-src-check disable
-    set allow-linkdown-path disable
-    set asymroute6 disable
-    set asymroute6-icmp disable
-    set sctp-session-without-init disable
-    set sip-expectation disable
-    set sip-nat-trace enable
-    set h323-direct-model enable
-    set status enable
-    set sip-tcp-port 5060
-    set sip-udp-port 5060
-    set sip-ssl-port 5061
-    set sccp-port 2000
-    set multicast-forward enable
-    set multicast-ttl-notchange disable
-    set allow-subnet-overlap disable
-    set deny-tcp-with-icmp disable
-    set ecmp-max-paths 255
-    set discovered-device-timeout 28
-    set email-portal-check-dns enable
-    set default-voip-alg-mode proxy-based
-    set gui-icap disable
-    set gui-implicit-policy enable
-    set gui-dns-database disable
-    set gui-load-balance disable
-    set gui-multicast-policy disable
-    set gui-dos-policy enable
-    set gui-object-colors enable
-    set gui-voip-profile disable
-    set gui-ap-profile enable
-    set gui-security-profile-group disable
-    set gui-local-in-policy disable
-    set gui-wanopt-cache disable
-    set gui-explicit-proxy disable
-    set gui-dynamic-routing enable
-    set gui-sslvpn-personal-bookmarks disable
-    set gui-sslvpn-realms disable
-    set gui-policy-based-ipsec disable
-    set gui-threat-weight enable
-    set gui-spamfilter disable
-    set gui-file-filter disable
-    set gui-application-control enable
-    set gui-ips enable
-    set gui-endpoint-control enable
-    set gui-endpoint-control-advanced disable
-    set gui-dhcp-advanced enable
-    set gui-vpn enable
-    set gui-wireless-controller enable
-    set gui-switch-controller enable
-    set gui-fortiap-split-tunneling disable
-    set gui-webfilter-advanced disable
-    set gui-traffic-shaping enable
-    set gui-wan-load-balancing enable
-    set gui-antivirus enable
-    set gui-webfilter enable
-    set gui-videofilter enable
-    set gui-dnsfilter enable
-    set gui-waf-profile disable
-    set gui-advanced-policy enable
-    set gui-allow-unnamed-policy disable
-    set gui-email-collection disable
-    set gui-multiple-interface-policy disable
-    set gui-policy-disclaimer disable
-    set gui-ztna enable
-    set location-id 0.0.0.0
-    set ike-session-resume disable
-    set ike-quick-crash-detect disable
-    set ike-dn-format with-space
-    set ike-port 500
-    set ike-policy-route disable
-    set block-land-attack disable
-    set application-bandwidth-tracking disable
-end
-config system sit-tunnel
-end
-config system arp-table
-end
-config system ipv6-neighbor-cache
-end
-config system vdom-sflow
-    set vdom-sflow disable
-    set interface-select-method auto
-end
-config system vdom-netflow
-    set vdom-netflow disable
-    set interface-select-method auto
-end
-config system vdom-dns
-    set vdom-dns disable
-    set alt-primary 0.0.0.0
-    set alt-secondary 0.0.0.0
-end
-config system replacemsg-group
-    edit "default"
-        set comment "Default replacement message group."
-        set group-type default
-    next
-end
-config system session-ttl
-    set default 3600
-end
-config system dhcp server
-end
-config system dhcp6 server
-end
-config system zone
-    edit "Outside_Zone"
-        set description ''
-        set intrazone deny
-        set interface "port10"
-    next
-    edit "Inside_Zone"
-        set description ''
-        set intrazone deny
-        set interface "port9"
-    next
-end
-config firewall address
-    edit "none"
-        set uuid 80cf53a0-9fba-51ec-9be6-b74007eabe43
-        set type ipmask
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set subnet 0.0.0.0 255.255.255.255
-    next
-    edit "login.microsoftonline.com"
-        set uuid 80cf6016-9fba-51ec-be0c-028d48d0faf8
-        set type fqdn
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set fqdn "login.microsoftonline.com"
-        set cache-ttl 0
-    next
-    edit "login.microsoft.com"
-        set uuid 80cf6c32-9fba-51ec-c480-ffee0ab26f94
-        set type fqdn
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set fqdn "login.microsoft.com"
-        set cache-ttl 0
-    next
-    edit "login.windows.net"
-        set uuid 80cf7880-9fba-51ec-1117-fb27513a173a
-        set type fqdn
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set fqdn "login.windows.net"
-        set cache-ttl 0
-    next
-    edit "gmail.com"
-        set uuid 80cf8424-9fba-51ec-5659-65d02fd5bf5c
-        set type fqdn
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set fqdn "gmail.com"
-        set cache-ttl 0
-    next
-    edit "wildcard.google.com"
-        set uuid 80cf8fd2-9fba-51ec-7b0c-cc55cf764b96
-        set type fqdn
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set fqdn "*.google.com"
-        set cache-ttl 0
-    next
-    edit "wildcard.dropbox.com"
-        set uuid 80cf9b8a-9fba-51ec-0acd-a8852f2c1f4a
-        set type fqdn
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set fqdn "*.dropbox.com"
-        set cache-ttl 0
-    next
-    edit "SSLVPN_TUNNEL_ADDR1"
-        set uuid 80d94054-9fba-51ec-e630-3567fd1becb8
-        set type iprange
-        set comment ''
-        set color 0
-        set fabric-object disable
-        set start-ip 10.212.134.200
-        set end-ip 10.212.134.210
-    next
-    edit "all"
-        set uuid 80d998e2-9fba-51ec-6ae4-b09445ed7230
-        set type ipmask
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set subnet 0.0.0.0 0.0.0.0
-    next
-    edit "FIREWALL_AUTH_PORTAL_ADDRESS"
-        set uuid 80d99aea-9fba-51ec-6fe2-a17b98274b3e
-        set type ipmask
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set subnet 0.0.0.0 0.0.0.0
-    next
-    edit "FABRIC_DEVICE"
-        set uuid 80d99cb6-9fba-51ec-e62e-b841424fa8c0
-        set type ipmask
-        set comment "IPv4 addresses of Fabric Devices."
-        set associated-interface ''
-        set color 0
-        set fabric-object disable
-        set subnet 0.0.0.0 0.0.0.0
-    next
-    edit "FCTEMS_ALL_FORTICLOUD_SERVERS"
-        set uuid c0ae3c9c-9fbb-51ec-1447-18c5c1fef0f3
-        set type dynamic
-        set sub-type ems-tag
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set fabric-object disable
-        set obj-tag ''
-        set obj-type ip
-        set tag-detection-level ''
-        set tag-type ''
-    next
-    edit "10.0.0.0_8"
-        set uuid 2e3d8790-9fbc-51ec-8bca-5e95c580ea36
-        set type ipmask
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set subnet 10.0.0.0 255.0.0.0
-    next
-    edit "192.168.0.0_16"
-        set uuid 491395a0-9fbc-51ec-1275-3414c9a13da4
-        set type ipmask
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set subnet 192.168.0.0 255.255.0.0
-    next
-    edit "172.16.0.0_12"
-        set uuid 58888298-9fbc-51ec-cca9-312f8a493e61
-        set type ipmask
-        set comment ''
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set subnet 172.16.0.0 255.240.0.0
-    next
-    edit "Russia"
-        set uuid 96cea918-9fbe-51ec-e0d6-53c4a1fba7cc
-        set type geography
-        set comment ''
-        set associated-interface ''
-        set color 6
-        set fabric-object disable
-        set country "RU"
-    next
-    edit "China"
-        set uuid 7c30cee6-9fbf-51ec-5d85-a2ce4f48568b
-        set type geography
-        set comment ''
-        set associated-interface ''
-        set color 6
-        set fabric-object disable
-        set country "CN"
-    next
-    edit "Belarus"
-        set uuid 8fbf28b8-9fbf-51ec-69ef-572fc83693f8
-        set type geography
-        set comment ''
-        set associated-interface ''
-        set color 6
-        set fabric-object disable
-        set country "BY"
-    next
-end
-config firewall multicast-address
-    edit "all_hosts"
-        set type multicastrange
-        set start-ip 224.0.0.1
-        set end-ip 224.0.0.1
-        set comment ''
-        set associated-interface ''
-        set color 0
-    next
-    edit "all_routers"
-        set type multicastrange
-        set start-ip 224.0.0.2
-        set end-ip 224.0.0.2
-        set comment ''
-        set associated-interface ''
-        set color 0
-    next
-    edit "Bonjour"
-        set type multicastrange
-        set start-ip 224.0.0.251
-        set end-ip 224.0.0.251
-        set comment ''
-        set associated-interface ''
-        set color 0
-    next
-    edit "EIGRP"
-        set type multicastrange
-        set start-ip 224.0.0.10
-        set end-ip 224.0.0.10
-        set comment ''
-        set associated-interface ''
-        set color 0
-    next
-    edit "OSPF"
-        set type multicastrange
-        set start-ip 224.0.0.5
-        set end-ip 224.0.0.6
-        set comment ''
-        set associated-interface ''
-        set color 0
-    next
-    edit "all"
-        set type multicastrange
-        set start-ip 224.0.0.0
-        set end-ip 239.255.255.255
-        set comment ''
-        set associated-interface ''
-        set color 0
-    next
-end
-config firewall address6-template
-end
-config firewall address6
-    edit "all"
-        set uuid 80cfe3c4-9fba-51ec-b885-7ad5ae0f228a
-        set type ipprefix
-        set ip6 ::/0
-        set color 0
-        set comment ''
-        set fabric-object disable
-    next
-    edit "none"
-        set uuid 80cfec3e-9fba-51ec-3afe-9da1db0408ee
-        set type ipprefix
-        set ip6 ::/128
-        set color 0
-        set comment ''
-        set fabric-object disable
-    next
-    edit "SSLVPN_TUNNEL_IPv6_ADDR1"
-        set uuid 80d9441e-9fba-51ec-fb53-0cb27c846ccb
-        set type ipprefix
-        set ip6 fdff:ffff::/120
-        set color 0
-        set comment ''
-        set fabric-object disable
-    next
-end
-config firewall multicast-address6
-    edit "all"
-        set ip6 ff00::/8
-        set comment ''
-        set color 0
-    next
-end
-config system ipv6-tunnel
-end
-config firewall addrgrp
-    edit "G Suite"
-        set type default
-        set category default
-        set uuid 80cfa97c-9fba-51ec-cb88-5fc589094707
-        set member "gmail.com" "wildcard.google.com"
-        set comment ''
-        set exclude disable
-        set color 0
-        set fabric-object disable
-    next
-    edit "Microsoft Office 365"
-        set type default
-        set category default
-        set uuid 80cfc24a-9fba-51ec-53bc-6a6c3d6964c6
-        set member "login.microsoftonline.com" "login.microsoft.com" "login.windows.net"
-        set comment ''
-        set exclude disable
-        set color 0
-        set fabric-object disable
-    next
-    edit "IPv4-Private-All-RFC1918"
-        set type default
-        set category default
-        set uuid 87bcd064-9fbc-51ec-c912-c07ba5dfb345
-        set member "10.0.0.0_8" "172.16.0.0_12" "192.168.0.0_16"
-        set comment ''
-        set exclude disable
-        set color 0
-        set fabric-object disable
-    next
-    edit "Geo_Block_Group"
-        set type default
-        set category default
-        set uuid a62837de-9fbf-51ec-3ddf-ee9c6f1e1784
-        set member "Belarus" "China" "Russia"
-        set comment ''
-        set exclude disable
-        set color 6
-        set fabric-object disable
-    next
-end
-config firewall addrgrp6
-end
-config firewall wildcard-fqdn custom
-    edit "g-Adobe Login"
-        set uuid b5c2c426-7e12-51ec-c8c7-42a0753234df
-        set wildcard-fqdn "*.adobelogin.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-Gotomeeting"
-        set uuid b5c2d1dc-7e12-51ec-0033-c7d538e5fdef
-        set wildcard-fqdn "*.gotomeeting.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-Windows update 2"
-        set uuid b5c2d93e-7e12-51ec-1050-7b6ae64065ac
-        set wildcard-fqdn "*.windowsupdate.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-adobe"
-        set uuid b5c2c30e-7e12-51ec-1da6-1db9bca6406e
-        set wildcard-fqdn "*.adobe.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-android"
-        set uuid b5c2c520-7e12-51ec-66f1-404afb0dad1a
-        set wildcard-fqdn "*.android.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-apple"
-        set uuid b5c2c61a-7e12-51ec-b2cc-2b03b1ad8ac0
-        set wildcard-fqdn "*.apple.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-appstore"
-        set uuid b5c2c714-7e12-51ec-072f-a8d60b6da6c9
-        set wildcard-fqdn "*.appstore.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-auth.gfx.ms"
-        set uuid b5c2c80e-7e12-51ec-3653-8016dcbc28a4
-        set wildcard-fqdn "*.auth.gfx.ms"
-        set color 0
-        set comment ''
-    next
-    edit "g-autoupdate.opera.com"
-        set uuid b5c2de52-7e12-51ec-9c10-927947a6ab3a
-        set wildcard-fqdn "*autoupdate.opera.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-cdn-apple"
-        set uuid 4fcf159e-7cda-51ed-d7ef-7d1c0f82091c
-        set wildcard-fqdn "*.cdn-apple.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-citrix"
-        set uuid b5c2c908-7e12-51ec-01b1-b38ce4989cbb
-        set wildcard-fqdn "*.citrixonline.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-dropbox.com"
-        set uuid b5c2ca02-7e12-51ec-43dc-489077effa44
-        set wildcard-fqdn "*.dropbox.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-eease"
-        set uuid b5c2cafc-7e12-51ec-0777-7e7243cc25fe
-        set wildcard-fqdn "*.eease.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-firefox update server"
-        set uuid b5c2cbf6-7e12-51ec-d213-27b68033a384
-        set wildcard-fqdn "aus*.mozilla.org"
-        set color 0
-        set comment ''
-    next
-    edit "g-fortinet"
-        set uuid b5c2ccf0-7e12-51ec-0b36-46ab64c1ba89
-        set wildcard-fqdn "*.fortinet.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-google-drive"
-        set uuid b5c2cee4-7e12-51ec-9ea0-220ca0ebde0f
-        set wildcard-fqdn "*drive.google.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-google-play"
-        set uuid b5c2db46-7e12-51ec-efc3-be1c278ba621
-        set wildcard-fqdn "*play.google.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-google-play2"
-        set uuid b5c2cfde-7e12-51ec-3f42-4089eb70f096
-        set wildcard-fqdn "*.ggpht.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-google-play3"
-        set uuid b5c2d0d8-7e12-51ec-b5df-6cd900ac767d
-        set wildcard-fqdn "*.books.google.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-googleapis.com"
-        set uuid b5c2cdea-7e12-51ec-c49f-497c9a8f0cc4
-        set wildcard-fqdn "*.googleapis.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-icloud"
-        set uuid b5c2d344-7e12-51ec-c8c1-97b23449d39e
-        set wildcard-fqdn "*.icloud.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-itunes"
-        set uuid b5c2d452-7e12-51ec-d0f4-1605cffaa5b0
-        set wildcard-fqdn "*itunes.apple.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-live.com"
-        set uuid b5c2da42-7e12-51ec-980b-fefb8446bc74
-        set wildcard-fqdn "*.live.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-microsoft"
-        set uuid b5c2d54c-7e12-51ec-66f6-895f67d8072d
-        set wildcard-fqdn "*.microsoft.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-mzstatic-apple"
-        set uuid 4fcf1652-7cda-51ed-df9f-4d198b596ae5
-        set wildcard-fqdn "*.mzstatic.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-skype"
-        set uuid b5c2d646-7e12-51ec-2218-dc4a982afb68
-        set wildcard-fqdn "*.messenger.live.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-softwareupdate.vmware.com"
-        set uuid b5c2d740-7e12-51ec-15f8-f8ef25f4ea30
-        set wildcard-fqdn "*.softwareupdate.vmware.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-swscan.apple.com"
-        set uuid b5c2dd44-7e12-51ec-5fa2-8d51ab678ea9
-        set wildcard-fqdn "*swscan.apple.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-update.microsoft.com"
-        set uuid b5c2dc40-7e12-51ec-7df9-3371c69c0ffb
-        set wildcard-fqdn "*update.microsoft.com"
-        set color 0
-        set comment ''
-    next
-    edit "g-verisign"
-        set uuid b5c2d83a-7e12-51ec-e82e-ffa878b96855
-        set wildcard-fqdn "*.verisign.com"
-        set color 0
-        set comment ''
-    next
-end
-config firewall wildcard-fqdn group
-end
-config firewall service category
-    edit "General"
-        set comment "General services."
-        set fabric-object disable
-    next
-    edit "Web Access"
-        set comment "Web access."
-        set fabric-object disable
-    next
-    edit "File Access"
-        set comment "File access."
-        set fabric-object disable
-    next
-    edit "Email"
-        set comment "Email services."
-        set fabric-object disable
-    next
-    edit "Network Services"
-        set comment "Network services."
-        set fabric-object disable
-    next
-    edit "Authentication"
-        set comment "Authentication service."
-        set fabric-object disable
-    next
-    edit "Remote Access"
-        set comment "Remote access."
-        set fabric-object disable
-    next
-    edit "Tunneling"
-        set comment "Tunneling service."
-        set fabric-object disable
-    next
-    edit "VoIP, Messaging & Other Applications"
-        set comment "VoIP, messaging, and other applications."
-        set fabric-object disable
-    next
-    edit "Web Proxy"
-        set comment "Explicit web proxy."
-        set fabric-object disable
-    next
-end
-config firewall service custom
-    edit "DNS"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 53
-        set udp-portrange 53
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "HTTP"
-        set proxy disable
-        set category "Web Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 80
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "HTTPS"
-        set proxy disable
-        set category "Web Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 443
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "IMAP"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 143
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "IMAPS"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 993
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "LDAP"
-        set proxy disable
-        set category "Authentication"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 389
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "DCE-RPC"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 135
-        set udp-portrange 135
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "POP3"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 110
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "POP3S"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 995
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SAMBA"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 139
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SMTP"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 25
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SMTPS"
-        set proxy disable
-        set category "Email"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 465
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "KERBEROS"
-        set proxy disable
-        set category "Authentication"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 88 464
-        set udp-portrange 88 464
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "LDAP_UDP"
-        set proxy disable
-        set category "Authentication"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 389
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SMB"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 445
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "FTP"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 21
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "FTP_GET"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 21
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "FTP_PUT"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 21
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "ALL"
-        set proxy disable
-        set category "General"
-        set protocol IP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set protocol-number 0
-    next
-    edit "ALL_TCP"
-        set proxy disable
-        set category "General"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1-65535
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "ALL_UDP"
-        set proxy disable
-        set category "General"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 1-65535
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "ALL_ICMP"
-        set proxy disable
-        set category "General"
-        set protocol ICMP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        unset icmptype
-    next
-    edit "ALL_ICMP6"
-        set proxy disable
-        set category "General"
-        set protocol ICMP6
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        unset icmptype
-    next
-    edit "GRE"
-        set proxy disable
-        set category "Tunneling"
-        set protocol IP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set protocol-number 47
-    next
-    edit "AH"
-        set proxy disable
-        set category "Tunneling"
-        set protocol IP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set protocol-number 51
-    next
-    edit "ESP"
-        set proxy disable
-        set category "Tunneling"
-        set protocol IP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set protocol-number 50
-    next
-    edit "AOL"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 5190-5194
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "BGP"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 179
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "DHCP"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 67-68
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "FINGER"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 79
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "GOPHER"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 70
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "H323"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1720 1503
-        set udp-portrange 1719
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "IKE"
-        set proxy disable
-        set category "Tunneling"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 500 4500
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "Internet-Locator-Service"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 389
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "IRC"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 6660-6669
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "L2TP"
-        set proxy disable
-        set category "Tunneling"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1701
-        set udp-portrange 1701
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "NetMeeting"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1720
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "NFS"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 111 2049
-        set udp-portrange 111 2049
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "NNTP"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 119
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "NTP"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 123
-        set udp-portrange 123
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "OSPF"
-        set proxy disable
-        set category "Network Services"
-        set protocol IP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set protocol-number 89
-    next
-    edit "PC-Anywhere"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 5631
-        set udp-portrange 5632
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "PING"
-        set proxy disable
-        set category "Network Services"
-        set protocol ICMP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set icmptype 8
-        unset icmpcode
-    next
-    edit "TIMESTAMP"
-        set proxy disable
-        set category ''
-        set protocol ICMP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set icmptype 13
-        unset icmpcode
-    next
-    edit "INFO_REQUEST"
-        set proxy disable
-        set category ''
-        set protocol ICMP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set icmptype 15
-        unset icmpcode
-    next
-    edit "INFO_ADDRESS"
-        set proxy disable
-        set category ''
-        set protocol ICMP
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set icmptype 17
-        unset icmpcode
-    next
-    edit "ONC-RPC"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 111
-        set udp-portrange 111
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "PPTP"
-        set proxy disable
-        set category "Tunneling"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1723
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "QUAKE"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 26000 27000 27910 27960
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RAUDIO"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 7070
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "REXEC"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 512
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RIP"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 520
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RLOGIN"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 513:512-1023
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RSH"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 514:512-1023
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SCCP"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 2000
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SIP"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 5060
-        set udp-portrange 5060
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SIP-MSNmessenger"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1863
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SNMP"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 161-162
-        set udp-portrange 161-162
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SSH"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 22
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SYSLOG"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 514
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "TALK"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 517-518
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "TELNET"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 23
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "TFTP"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 69
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "MGCP"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 2427 2727
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "UUCP"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 540
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "VDOLIVE"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 7000-7010
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "WAIS"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 210
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "WINFRAME"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1494 2598
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "X-WINDOWS"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 6000-6063
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "PING6"
-        set proxy disable
-        set category ''
-        set protocol ICMP6
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set icmptype 128
-        unset icmpcode
-    next
-    edit "MS-SQL"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1433 1434
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "MYSQL"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 3306
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RDP"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 3389
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "VNC"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 5900
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "DHCP6"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 546 547
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SQUID"
-        set proxy disable
-        set category "Tunneling"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 3128
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "SOCKS"
-        set proxy disable
-        set category "Tunneling"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1080
-        set udp-portrange 1080
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "WINS"
-        set proxy disable
-        set category "Remote Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1512
-        set udp-portrange 1512
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RADIUS"
-        set proxy disable
-        set category "Authentication"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 1812 1813
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RADIUS-OLD"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 1645 1646
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "CVSPSERVER"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 2401
-        set udp-portrange 2401
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "AFS3"
-        set proxy disable
-        set category "File Access"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 7000-7009
-        set udp-portrange 7000-7009
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "TRACEROUTE"
-        set proxy disable
-        set category "Network Services"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        unset tcp-portrange
-        set udp-portrange 33434-33535
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "RTSP"
-        set proxy disable
-        set category "VoIP, Messaging & Other Applications"
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility enable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 554 7070 8554
-        set udp-portrange 554
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "MMS"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 1755
-        set udp-portrange 1024-5000
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "NONE"
-        set proxy disable
-        set category ''
-        set protocol TCP/UDP/SCTP
-        set helper auto
-        set check-reset-range default
-        set comment ''
-        set color 0
-        set visibility disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 0
-        unset udp-portrange
-        unset sctp-portrange
-        set tcp-halfclose-timer 0
-        set tcp-halfopen-timer 0
-        set tcp-timewait-timer 0
-        set tcp-rst-timer 0
-        set udp-idle-timer 0
-        set session-ttl 0
-    next
-    edit "webproxy"
-        set proxy enable
-        set category "Web Proxy"
-        set protocol ALL
-        set helper auto
-        set comment ''
-        set color 0
-        set visibility enable
-        set app-service-type disable
-        set fabric-object disable
-        set iprange 0.0.0.0
-        set fqdn ''
-        set tcp-portrange 0-65535:0-65535
-    next
-end
-config firewall service group
-    edit "Email Access"
-        set proxy disable
-        set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
-        set comment ''
-        set color 0
-        set fabric-object disable
-    next
-    edit "Web Access"
-        set proxy disable
-        set member "DNS" "HTTP" "HTTPS"
-        set comment ''
-        set color 0
-        set fabric-object disable
-    next
-    edit "Windows AD"
-        set proxy disable
-        set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
-        set comment ''
-        set color 0
-        set fabric-object disable
-    next
-    edit "Exchange Server"
-        set proxy disable
-        set member "DCE-RPC" "DNS" "HTTPS"
-        set comment ''
-        set color 0
-        set fabric-object disable
-    next
-end
-config firewall internet-service-group
-end
-config firewall internet-service-extension
-end
-config firewall internet-service-custom
-end
-config firewall internet-service-custom-group
-end
-config system external-resource
-end
-config vpn certificate ca
-end
-config vpn certificate remote
-end
-config vpn certificate local
-    edit "Fortinet_CA_SSL"
-        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_CA_Untrusted"
-        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_RSA1024"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_RSA2048"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_RSA4096"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_DSA1024"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_DSA2048"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_ECDSA256"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_ECDSA384"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_ECDSA521"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_ED25519"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-    edit "Fortinet_SSL_ED448"
-        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
-        unset private-key
-        unset certificate
-        set range global
-        set source factory
-        set source-ip 0.0.0.0
-        set ike-localid-type asn1dn
-        set enroll-protocol none
-    next
-end
-config vpn certificate crl
-end
-config vpn certificate ocsp-server
-end
-config vpn certificate setting
-    set ocsp-status disable
-    set ocsp-option server
-    set ocsp-default-server ''
-    set interface-select-method auto
-    set check-ca-cert enable
-    set check-ca-chain disable
-    set subject-match substring
-    set subject-set subset
-    set cn-match substring
-    set cn-allow-multi enable
-    config crl-verification
-        set expiry ignore
-        set leaf-crl-absence ignore
-        set chain-crl-absence ignore
-    end
-    set strict-ocsp-check disable
-    set ssl-min-proto-version default
-    set cmp-save-extra-certs disable
-    set cmp-key-usage-checking enable
-    set certname-rsa1024 "Fortinet_SSL_RSA1024"
-    set certname-rsa2048 "Fortinet_SSL_RSA2048"
-    set certname-rsa4096 "Fortinet_SSL_RSA4096"
-    set certname-dsa1024 "Fortinet_SSL_DSA1024"
-    set certname-dsa2048 "Fortinet_SSL_DSA2048"
-    set certname-ecdsa256 "Fortinet_SSL_ECDSA256"
-    set certname-ecdsa384 "Fortinet_SSL_ECDSA384"
-    set certname-ecdsa521 "Fortinet_SSL_ECDSA521"
-    set certname-ed25519 "Fortinet_SSL_ED25519"
-    set certname-ed448 "Fortinet_SSL_ED448"
-end
-config webfilter ftgd-local-cat
-    edit "custom1"
-        set status enable
-        set id 140
-    next
-    edit "custom2"
-        set status enable
-        set id 141
-    next
-end
-config ips sensor
-    edit "g-default"
-        set comment "Prevent critical attacks."
-        set replacemsg-group ''
-        set block-malicious-url disable
-        set scan-botnet-connections disable
-        set extended-log disable
-        config entries
-            edit 1
-                set location all
-                set severity medium high critical 
-                set protocol all
-                set os all
-                set application all
-                set status default
-                set log enable
-                set log-packet disable
-                set log-attack-context disable
-                set action default
-                set quarantine none
-            next
-        end
-    next
-    edit "g-sniffer-profile"
-        set comment "Monitor IPS attacks."
-        set replacemsg-group ''
-        set block-malicious-url disable
-        set scan-botnet-connections disable
-        set extended-log disable
-        config entries
-            edit 1
-                set location all
-                set severity medium high critical 
-                set protocol all
-                set os all
-                set application all
-                set status default
-                set log enable
-                set log-packet disable
-                set log-attack-context disable
-                set action default
-                set quarantine none
-            next
-        end
-    next
-    edit "g-wifi-default"
-        set comment "Default configuration for offloading WiFi traffic."
-        set replacemsg-group ''
-        set block-malicious-url disable
-        set scan-botnet-connections disable
-        set extended-log disable
-        config entries
-            edit 1
-                set location all
-                set severity medium high critical 
-                set protocol all
-                set os all
-                set application all
-                set status default
-                set log enable
-                set log-packet disable
-                set log-attack-context disable
-                set action default
-                set quarantine none
-            next
-        end
-    next
-    edit "IPS_Test"
-        set comment ''
-        set replacemsg-group ''
-        set block-malicious-url enable
-        set scan-botnet-connections block
-        set extended-log disable
-        config entries
-            edit 1
-                set location all
-                set severity medium high critical 
-                set protocol all
-                set os all
-                set application all
-                set status default
-                set log enable
-                set log-packet disable
-                set log-attack-context disable
-                set action block
-                set quarantine none
-            next
-        end
-    next
-    edit "gdd-botnet C&C IP blocking"
-        set comment "This allows you to enable botnet blocking across all traffic that matches the policy by configuring one setting in the GUI"
-        set replacemsg-group ''
-        set block-malicious-url disable
-        set scan-botnet-connections disable
-        set extended-log disable
-    next
-end
-config sctp-filter profile
-end
-config firewall shaper traffic-shaper
-    edit "high-priority"
-        set guaranteed-bandwidth 0
-        set maximum-bandwidth 1048576
-        set bandwidth-unit kbps
-        set priority high
-        set per-policy enable
-        set diffserv disable
-        set overhead 0
-    next
-    edit "medium-priority"
-        set guaranteed-bandwidth 0
-        set maximum-bandwidth 1048576
-        set bandwidth-unit kbps
-        set priority medium
-        set per-policy enable
-        set diffserv disable
-        set overhead 0
-    next
-    edit "low-priority"
-        set guaranteed-bandwidth 0
-        set maximum-bandwidth 1048576
-        set bandwidth-unit kbps
-        set priority low
-        set per-policy enable
-        set diffserv disable
-        set overhead 0
-    next
-    edit "guarantee-100kbps"
-        set guaranteed-bandwidth 100
-        set maximum-bandwidth 1048576
-        set bandwidth-unit kbps
-        set priority high
-        set per-policy enable
-        set diffserv disable
-        set overhead 0
-    next
-    edit "shared-1M-pipe"
-        set guaranteed-bandwidth 0
-        set maximum-bandwidth 1024
-        set bandwidth-unit kbps
-        set priority high
-        set per-policy disable
-        set diffserv disable
-        set overhead 0
-    next
-end
-config firewall shaper per-ip-shaper
-end
-config firewall proxy-address
-end
-config firewall proxy-addrgrp
-end
-config web-proxy profile
-end
-config web-proxy global
-    set ssl-cert "Fortinet_Factory"
-    set ssl-ca-cert "Fortinet_CA_SSL"
-    set fast-policy-match enable
-    set ldap-user-cache disable
-    set proxy-fqdn "default.fqdn"
-    set max-request-length 8
-    set max-message-length 32
-    set strict-web-check disable
-    set forward-proxy-auth disable
-    set forward-server-affinity-timeout 30
-    set max-waf-body-cache-length 32
-    set webproxy-profile ''
-    set learn-client-ip disable
-end
-config web-proxy explicit
-    set status disable
-    set ipv6-status disable
-    set strict-guest disable
-    set https-replacement-message enable
-    set ssl-algorithm low
-end
-config web-proxy forward-server
-end
-config web-proxy forward-server-group
-end
-config web-proxy debug-url
-end
-config web-proxy wisp
-end
-config wanopt webcache
-    set max-object-size 512000
-    set neg-resp-time 0
-    set fresh-factor 100
-    set max-ttl 7200
-    set min-ttl 5
-    set default-ttl 1440
-    set ignore-ims disable
-    set ignore-conditional disable
-    set ignore-pnc disable
-    set ignore-ie-reload enable
-    set cache-expired disable
-    set cache-cookie disable
-    set reval-pnc disable
-    set always-revalidate disable
-    set cache-by-default disable
-    set host-validate disable
-    set external disable
-end
-config ftp-proxy explicit
-    set status disable
-    set ssl disable
-end
-config web-proxy url-match
-end
-config application custom
-end
-config application list
-    edit "g-default"
-        set comment "Monitor all applications."
-        set replacemsg-group ''
-        set extended-log disable
-        set other-application-action pass
-        set app-replacemsg enable
-        set other-application-log disable
-        set enforce-default-app-port disable
-        set force-inclusion-ssl-di-sigs disable
-        set unknown-application-action pass
-        set unknown-application-log disable
-        unset p2p-block-list
-        set deep-app-inspection enable
-        set options allow-dns
-        config entries
-            edit 1
-                set protocols all
-                set vendor all
-                set technology all
-                set behavior all
-                set popularity 1 2 3 4 5
-                set action pass
-                set log enable
-                set log-packet disable
-                set session-ttl 0
-                set shaper ''
-                set shaper-reverse ''
-                set per-ip-shaper ''
-                set quarantine none
-            next
-        end
-        set control-default-network-services disable
-    next
-    edit "g-sniffer-profile"
-        set comment "Monitor all applications."
-        set replacemsg-group ''
-        set extended-log disable
-        set other-application-action pass
-        set app-replacemsg enable
-        set other-application-log disable
-        set enforce-default-app-port disable
-        set force-inclusion-ssl-di-sigs disable
-        set unknown-application-action pass
-        set unknown-application-log disable
-        unset p2p-block-list
-        set deep-app-inspection enable
-        unset options
-        config entries
-            edit 1
-                set protocols all
-                set vendor all
-                set technology all
-                set behavior all
-                set popularity 1 2 3 4 5
-                set action pass
-                set log enable
-                set log-packet disable
-                set session-ttl 0
-                set shaper ''
-                set shaper-reverse ''
-                set per-ip-shaper ''
-                set quarantine none
-            next
-        end
-        set control-default-network-services disable
-    next
-    edit "g-wifi-default"
-        set comment "Default configuration for offloading WiFi traffic."
-        set replacemsg-group ''
-        set extended-log disable
-        set other-application-action pass
-        set app-replacemsg enable
-        set other-application-log disable
-        set enforce-default-app-port disable
-        set force-inclusion-ssl-di-sigs disable
-        set unknown-application-action pass
-        set unknown-application-log disable
-        unset p2p-block-list
-        set deep-app-inspection disable
-        set options allow-dns
-        config entries
-            edit 1
-                set protocols all
-                set vendor all
-                set technology all
-                set behavior all
-                set popularity 1 2 3 4 5
-                set action pass
-                set log disable
-                set log-packet disable
-                set session-ttl 0
-                set shaper ''
-                set shaper-reverse ''
-                set per-ip-shaper ''
-                set quarantine none
-            next
-        end
-        set control-default-network-services disable
-    next
-end
-config application group
-end
-config dlp filepattern
-    edit 1
-        set name "builtin-patterns"
-        set comment ''
-        config entries
-            edit "*.bat"
-                set filter-type pattern
-            next
-            edit "*.com"
-                set filter-type pattern
-            next
-            edit "*.dll"
-                set filter-type pattern
-            next
-            edit "*.doc"
-                set filter-type pattern
-            next
-            edit "*.exe"
-                set filter-type pattern
-            next
-            edit "*.gz"
-                set filter-type pattern
-            next
-            edit "*.hta"
-                set filter-type pattern
-            next
-            edit "*.ppt"
-                set filter-type pattern
-            next
-            edit "*.rar"
-                set filter-type pattern
-            next
-            edit "*.scr"
-                set filter-type pattern
-            next
-            edit "*.tar"
-                set filter-type pattern
-            next
-            edit "*.tgz"
-                set filter-type pattern
-            next
-            edit "*.vb?"
-                set filter-type pattern
-            next
-            edit "*.wps"
-                set filter-type pattern
-            next
-            edit "*.xl?"
-                set filter-type pattern
-            next
-            edit "*.zip"
-                set filter-type pattern
-            next
-            edit "*.pif"
-                set filter-type pattern
-            next
-            edit "*.cpl"
-                set filter-type pattern
-            next
-        end
-    next
-    edit 2
-        set name "all_executables"
-        set comment ''
-        config entries
-            edit "bat"
-                set filter-type type
-                set file-type bat
-            next
-            edit "exe"
-                set filter-type type
-                set file-type exe
-            next
-            edit "elf"
-                set filter-type type
-                set file-type elf
-            next
-            edit "hta"
-                set filter-type type
-                set file-type hta
-            next
-        end
-    next
-end
-config dlp sensitivity
-    edit "Private"
-    next
-    edit "Critical"
-    next
-    edit "Warning"
-    next
-end
-config dlp fp-doc-source
-end
-config dlp sensor
-    edit "g-default"
-        set comment "Default sensor."
-        set feature-set flow
-        set replacemsg-group ''
-        set dlp-log enable
-        set extended-log disable
-        set nac-quar-log disable
-        unset full-archive-proto
-        unset summary-proto
-    next
-    edit "g-sniffer-profile"
-        set comment "Log a summary of email and web traffic."
-        set feature-set flow
-        set replacemsg-group ''
-        set dlp-log enable
-        set extended-log disable
-        set nac-quar-log disable
-        unset full-archive-proto
-        set summary-proto smtp pop3 imap http-get http-post
-    next
-end
-config webfilter content
-end
-config webfilter content-header
-end
-config webfilter urlfilter
-end
-config videofilter youtube-key
-end
-config videofilter youtube-channel-filter
-end
-config videofilter profile
-end
-config webfilter ips-urlfilter-setting
-    set device ''
-    set distance 1
-    set gateway 0.0.0.0
-    set geo-filter ''
-end
-config webfilter ips-urlfilter-setting6
-    set device ''
-    set distance 1
-    set gateway6 ::
-    set geo-filter ''
-end
-config emailfilter bword
-end
-config emailfilter block-allow-list
-end
-config emailfilter mheader
-end
-config emailfilter dnsbl
-end
-config emailfilter iptrust
-end
-config log threat-weight
-    set status enable
-    config level
-        set low 5
-        set medium 10
-        set high 30
-        set critical 50
-    end
-    set blocked-connection high
-    set failed-connection low
-    set url-block-detected high
-    set botnet-connection-detected critical
-    config malware
-        set virus-infected critical
-        set fortindr critical
-        set file-blocked low
-        set command-blocked disable
-        set oversized disable
-        set virus-scan-error high
-        set switch-proto disable
-        set mimefragmented disable
-        set virus-file-type-executable medium
-        set virus-outbreak-prevention critical
-        set content-disarm medium
-        set malware-list medium
-        set ems-threat-feed medium
-        set fsa-malicious critical
-        set fsa-high-risk high
-        set fsa-medium-risk medium
-    end
-    config ips
-        set info-severity disable
-        set low-severity low
-        set medium-severity medium
-        set high-severity high
-        set critical-severity critical
-    end
-    config web
-        edit 1
-            set category 26
-            set level high
-        next
-        edit 2
-            set category 61
-            set level high
-        next
-        edit 3
-            set category 86
-            set level high
-        next
-        edit 4
-            set category 1
-            set level medium
-        next
-        edit 5
-            set category 3
-            set level medium
-        next
-        edit 6
-            set category 4
-            set level medium
-        next
-        edit 7
-            set category 5
-            set level medium
-        next
-        edit 8
-            set category 6
-            set level medium
-        next
-        edit 9
-            set category 12
-            set level medium
-        next
-        edit 10
-            set category 59
-            set level medium
-        next
-        edit 11
-            set category 62
-            set level medium
-        next
-        edit 12
-            set category 83
-            set level medium
-        next
-        edit 13
-            set category 72
-            set level low
-        next
-        edit 14
-            set category 14
-            set level low
-        next
-        edit 15
-            set category 96
-            set level medium
-        next
-    end
-    config application
-        edit 1
-            set category 2
-            set level low
-        next
-        edit 2
-            set category 6
-            set level medium
-        next
-    end
-end
-config icap server
-end
-config icap profile
-    edit "default"
-        set replacemsg-group ''
-        set request disable
-        set response disable
-        set streaming-content-bypass disable
-        set preview disable
-        set methods delete get head options post put trace other
-        set icap-block-log disable
-        set chunk-encap disable
-        unset extension-feature
-        config icap-headers
-            edit 1
-                set name "X-Authenticated-User"
-                set content "$user"
-                set base64-encoding disable
-            next
-            edit 2
-                set name "X-Authenticated-Groups"
-                set content "$local_grp"
-                set base64-encoding disable
-            next
-        end
-    next
-end
-config system network-visibility
-    set destination-visibility enable
-    set source-location enable
-    set destination-hostname-visibility enable
-    set hostname-ttl 86400
-    set hostname-limit 5000
-    set destination-location enable
-end
-config user certificate
-end
-config user radius
-end
-config user tacacs+
-end
-config user exchange
-end
-config user ldap
-end
-config user krb-keytab
-end
-config user domain-controller
-end
-config user pop3
-end
-config user saml
-end
-config user fsso
-end
-config user adgrp
-end
-config user fsso-polling
-end
-config user fortitoken
-end
-config user password-policy
-end
-config user local
-end
-config user setting
-    set auth-type http https ftp telnet
-    set auth-cert "Fortinet_Factory"
-    set auth-ca-cert ''
-    set auth-secure-http disable
-    set auth-http-basic disable
-    set auth-ssl-allow-renegotiation disable
-    set auth-src-mac enable
-    set auth-on-demand implicitly
-    set auth-timeout 5
-    set auth-timeout-type idle-timeout
-    set auth-portal-timeout 3
-    set radius-ses-timeout-act hard-timeout
-    set auth-blackout-time 0
-    set auth-invalid-max 5
-    set auth-lockout-threshold 3
-    set auth-lockout-duration 0
-    set per-policy-disclaimer disable
-    set auth-ssl-min-proto-version default
-    unset auth-ssl-max-proto-version
-    set auth-ssl-sigalgs all
-end
-config user peer
-end
-config user peergrp
-end
-config user quarantine
-    set quarantine enable
-    set traffic-policy ''
-    set firewall-groups ''
-end
-config user group
-    edit "SSO_Guest_Users"
-        set authtimeout 0
-        set http-digest-realm ''
-    next
-end
-config user security-exempt-list
-end
-config vpn ssl web realm
-end
-config vpn ssl web host-check-software
-    edit "FortiClient-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "1A0271D5-3D4F-46DB-0C2C-AB37BA90D9F7"
-    next
-    edit "FortiClient-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
-    next
-    edit "FortiClient-AV-Vista"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
-    next
-    edit "FortiClient-FW-Vista"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
-    next
-    edit "FortiClient5-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "5EEDDB8C-C27A-6714-3657-DBD811D1F1B7"
-    next
-    edit "AVG-Internet-Security-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
-    next
-    edit "AVG-Internet-Security-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "8DECF618-9569-4340-B34A-D78D28969B66"
-    next
-    edit "AVG-Internet-Security-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
-    next
-    edit "AVG-Internet-Security-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
-    next
-    edit "CA-Anti-Virus"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
-    next
-    edit "CA-Internet-Security-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
-    next
-    edit "CA-Internet-Security-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
-    next
-    edit "CA-Internet-Security-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
-    next
-    edit "CA-Internet-Security-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
-    next
-    edit "CA-Personal-Firewall"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
-    next
-    edit "F-Secure-Internet-Security-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
-    next
-    edit "F-Secure-Internet-Security-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "D4747503-0346-49EB-9262-997542F79BF4"
-    next
-    edit "F-Secure-Internet-Security-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "15414183-282E-D62C-CA37-EF24860A2F17"
-    next
-    edit "F-Secure-Internet-Security-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
-    next
-    edit "Kaspersky-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
-    next
-    edit "Kaspersky-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
-    next
-    edit "Kaspersky-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
-    next
-    edit "Kaspersky-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
-    next
-    edit "McAfee-Internet-Security-Suite-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
-    next
-    edit "McAfee-Internet-Security-Suite-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
-    next
-    edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
-    next
-    edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
-    next
-    edit "McAfee-Virus-Scan-Enterprise"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
-    next
-    edit "Norton-360-2.0-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
-    next
-    edit "Norton-360-2.0-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
-    next
-    edit "Norton-360-3.0-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "E10A9785-9598-4754-B552-92431C1C35F8"
-    next
-    edit "Norton-360-3.0-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
-    next
-    edit "Norton-Internet-Security-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "E10A9785-9598-4754-B552-92431C1C35F8"
-    next
-    edit "Norton-Internet-Security-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
-    next
-    edit "Norton-Internet-Security-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
-    next
-    edit "Norton-Internet-Security-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
-    next
-    edit "Symantec-Endpoint-Protection-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
-    next
-    edit "Symantec-Endpoint-Protection-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
-    next
-    edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
-    next
-    edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
-    next
-    edit "Panda-Antivirus+Firewall-2008-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
-    next
-    edit "Panda-Antivirus+Firewall-2008-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
-    next
-    edit "Panda-Internet-Security-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
-    next
-    edit "Panda-Internet-Security-2006~2007-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
-    next
-    edit "Panda-Internet-Security-2008~2009-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
-    next
-    edit "Sophos-Anti-Virus"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
-    next
-    edit "Sophos-Enpoint-Secuirty-and-Control-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
-    next
-    edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
-    next
-    edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
-    next
-    edit "Trend-Micro-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
-    next
-    edit "Trend-Micro-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
-    next
-    edit "Trend-Micro-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
-    next
-    edit "Trend-Micro-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
-    next
-    edit "ZoneAlarm-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
-    next
-    edit "ZoneAlarm-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
-    next
-    edit "ZoneAlarm-AV-Vista-Win7"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
-    next
-    edit "ZoneAlarm-FW-Vista-Win7"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
-    next
-    edit "ESET-Smart-Security-AV"
-        set os-type windows
-        set type av
-        set version ''
-        set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
-    next
-    edit "ESET-Smart-Security-FW"
-        set os-type windows
-        set type fw
-        set version ''
-        set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
-    next
-end
-config vpn ssl web portal
-    edit "full-access"
-        set tunnel-mode enable
-        set ipv6-tunnel-mode enable
-        set web-mode enable
-        set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
-        set limit-user-logins disable
-        set forticlient-download enable
-        set ip-mode range
-        set auto-connect disable
-        set keep-alive disable
-        set save-password disable
-        set ip-pools "SSLVPN_TUNNEL_ADDR1"
-        set split-tunneling enable
-        set split-tunneling-routing-negate disable
-        set dns-server1 0.0.0.0
-        set dns-server2 0.0.0.0
-        set dns-suffix ''
-        set wins-server1 0.0.0.0
-        set wins-server2 0.0.0.0
-        set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
-        set ipv6-split-tunneling enable
-        set ipv6-split-tunneling-routing-negate disable
-        set ipv6-dns-server1 ::
-        set ipv6-dns-server2 ::
-        set ipv6-wins-server1 ::
-        set ipv6-wins-server2 ::
-        set display-bookmark enable
-        set user-bookmark enable
-        set user-group-bookmark enable
-        set display-connection-tools enable
-        set display-history enable
-        set display-status enable
-        set rewrite-ip-uri-ui disable
-        set heading "SSL-VPN Portal"
-        set redir-url ''
-        set theme neutrino
-        set custom-lang ''
-        set smb-ntlmv1-auth disable
-        set smb-min-version smbv2
-        set smb-max-version smbv3
-        set use-sdwan disable
-        set clipboard enable
-        set default-window-width 1024
-        set default-window-height 768
-        set host-check none
-        set mac-addr-check disable
-        set os-check disable
-        set forticlient-download-method direct
-        set customize-forticlient-download-url disable
-        set hide-sso-credential enable
-    next
-    edit "web-access"
-        set tunnel-mode disable
-        set ipv6-tunnel-mode disable
-        set web-mode enable
-        set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
-        set limit-user-logins disable
-        set forticlient-download enable
-        set dns-suffix ''
-        set display-bookmark enable
-        set user-bookmark enable
-        set user-group-bookmark enable
-        set display-connection-tools enable
-        set display-history enable
-        set display-status enable
-        set rewrite-ip-uri-ui disable
-        set heading "SSL-VPN Portal"
-        set redir-url ''
-        set theme neutrino
-        set custom-lang ''
-        set smb-ntlmv1-auth disable
-        set smb-min-version smbv2
-        set smb-max-version smbv3
-        set use-sdwan disable
-        set clipboard enable
-        set default-window-width 1024
-        set default-window-height 768
-        set forticlient-download-method direct
-        set customize-forticlient-download-url disable
-        set hide-sso-credential enable
-    next
-    edit "tunnel-access"
-        set tunnel-mode enable
-        set ipv6-tunnel-mode enable
-        set web-mode disable
-        set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
-        set limit-user-logins disable
-        set forticlient-download enable
-        set ip-mode range
-        set auto-connect disable
-        set keep-alive disable
-        set save-password disable
-        set ip-pools "SSLVPN_TUNNEL_ADDR1"
-        set split-tunneling enable
-        set split-tunneling-routing-negate disable
-        set dns-server1 0.0.0.0
-        set dns-server2 0.0.0.0
-        set dns-suffix ''
-        set wins-server1 0.0.0.0
-        set wins-server2 0.0.0.0
-        set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
-        set ipv6-split-tunneling enable
-        set ipv6-split-tunneling-routing-negate disable
-        set ipv6-dns-server1 ::
-        set ipv6-dns-server2 ::
-        set ipv6-wins-server1 ::
-        set ipv6-wins-server2 ::
-        set host-check none
-        set mac-addr-check disable
-        set os-check disable
-        set forticlient-download-method direct
-        set customize-forticlient-download-url disable
-    next
-end
-config vpn ssl settings
-    set status enable
-    set reqclientcert disable
-    set ssl-max-proto-ver tls1-3
-    set ssl-min-proto-ver tls1-2
-    unset banned-cipher
-    set ciphersuite TLS-AES-128-GCM-SHA256 TLS-AES-256-GCM-SHA384 TLS-CHACHA20-POLY1305-SHA256
-    set ssl-insert-empty-fragment enable
-    set https-redirect disable
-    set x-content-type-options enable
-    set ssl-client-renegotiation disable
-    set force-two-factor-auth disable
-    set servercert "Fortinet_Factory"
-    set algorithm high
-    set idle-timeout 300
-    set auth-timeout 28800
-    set login-attempt-limit 2
-    set login-block-time 60
-    set login-timeout 30
-    set dtls-hello-timeout 10
-    set dns-suffix ''
-    set dns-server1 0.0.0.0
-    set dns-server2 0.0.0.0
-    set wins-server1 0.0.0.0
-    set wins-server2 0.0.0.0
-    set ipv6-dns-server1 ::
-    set ipv6-dns-server2 ::
-    set ipv6-wins-server1 ::
-    set ipv6-wins-server2 ::
-    set url-obscuration disable
-    set http-compression disable
-    set http-only-cookie enable
-    set port 443
-    set port-precedence enable
-    set auto-tunnel-static-route enable
-    set header-x-forwarded-for add
-    set dtls-tunnel enable
-    set check-referer disable
-    set http-request-header-timeout 20
-    set http-request-body-timeout 30
-    set auth-session-check-source-ip enable
-    set tunnel-connect-without-reauth disable
-    set hsts-include-subdomains disable
-    set transform-backward-slashes disable
-    set encode-2f-sequence disable
-    set encrypt-and-store-password disable
-    set client-sigalgs all
-    set dual-stack-mode disable
-    set tunnel-addr-assigned-method first-available
-    set saml-redirect-port 8020
-    set dtls-max-proto-ver dtls1-2
-    set dtls-min-proto-ver dtls1-0
-end
-config vpn ssl web user-group-bookmark
-end
-config vpn ssl web user-bookmark
-end
-config vpn ssl client
-end
-config voip profile
-    edit "default"
-        set feature-set proxy
-        set comment "Default VoIP profile."
-        config sip
-            set status enable
-            set rtp enable
-            set nat-port-range 5117-65533
-            set open-register-pinhole enable
-            set open-contact-pinhole enable
-            set strict-register enable
-            set register-rate 0
-            set invite-rate 0
-            set max-dialogs 0
-            set max-line-length 998
-            set block-long-lines enable
-            set block-unknown enable
-            set call-keepalive 0
-            set block-ack disable
-            set block-bye disable
-            set block-cancel disable
-            set block-info disable
-            set block-invite disable
-            set block-message disable
-            set block-notify disable
-            set block-options disable
-            set block-prack disable
-            set block-publish disable
-            set block-refer disable
-            set block-register disable
-            set block-subscribe disable
-            set block-update disable
-            set register-contact-trace disable
-            set open-via-pinhole disable
-            set open-record-route-pinhole enable
-            set rfc2543-branch disable
-            set log-violations disable
-            set log-call-summary enable
-            set nat-trace enable
-            set subscribe-rate 0
-            set message-rate 0
-            set notify-rate 0
-            set refer-rate 0
-            set update-rate 0
-            set options-rate 0
-            set ack-rate 0
-            set prack-rate 0
-            set info-rate 0
-            set publish-rate 0
-            set bye-rate 0
-            set cancel-rate 0
-            set preserve-override disable
-            set no-sdp-fixup disable
-            set contact-fixup enable
-            set max-idle-dialogs 0
-            set block-geo-red-options disable
-            set hosted-nat-traversal disable
-            set hnt-restrict-source-ip disable
-            set max-body-length 0
-            set unknown-header pass
-            set malformed-request-line pass
-            set malformed-header-via pass
-            set malformed-header-from pass
-            set malformed-header-to pass
-            set malformed-header-call-id pass
-            set malformed-header-cseq pass
-            set malformed-header-rack pass
-            set malformed-header-rseq pass
-            set malformed-header-contact pass
-            set malformed-header-record-route pass
-            set malformed-header-route pass
-            set malformed-header-expires pass
-            set malformed-header-content-type pass
-            set malformed-header-content-length pass
-            set malformed-header-max-forwards pass
-            set malformed-header-allow pass
-            set malformed-header-p-asserted-identity pass
-            set malformed-header-sdp-v pass
-            set malformed-header-sdp-o pass
-            set malformed-header-sdp-s pass
-            set malformed-header-sdp-i pass
-            set malformed-header-sdp-c pass
-            set malformed-header-sdp-b pass
-            set malformed-header-sdp-z pass
-            set malformed-header-sdp-k pass
-            set malformed-header-sdp-a pass
-            set malformed-header-sdp-t pass
-            set malformed-header-sdp-r pass
-            set malformed-header-sdp-m pass
-            set provisional-invite-expiry-time 210
-            set ips-rtp enable
-            set ssl-mode off
-        end
-        config sccp
-            set status enable
-            set block-mcast disable
-            set verify-header disable
-            set log-call-summary disable
-            set log-violations disable
-            set max-calls 0
-        end
-    next
-    edit "strict"
-        set feature-set proxy
-        set comment ''
-        config sip
-            set status enable
-            set rtp enable
-            set nat-port-range 5117-65533
-            set open-register-pinhole enable
-            set open-contact-pinhole enable
-            set strict-register enable
-            set register-rate 0
-            set invite-rate 0
-            set max-dialogs 0
-            set max-line-length 998
-            set block-long-lines enable
-            set block-unknown enable
-            set call-keepalive 0
-            set block-ack disable
-            set block-bye disable
-            set block-cancel disable
-            set block-info disable
-            set block-invite disable
-            set block-message disable
-            set block-notify disable
-            set block-options disable
-            set block-prack disable
-            set block-publish disable
-            set block-refer disable
-            set block-register disable
-            set block-subscribe disable
-            set block-update disable
-            set register-contact-trace disable
-            set open-via-pinhole disable
-            set open-record-route-pinhole enable
-            set rfc2543-branch disable
-            set log-violations disable
-            set log-call-summary enable
-            set nat-trace enable
-            set subscribe-rate 0
-            set message-rate 0
-            set notify-rate 0
-            set refer-rate 0
-            set update-rate 0
-            set options-rate 0
-            set ack-rate 0
-            set prack-rate 0
-            set info-rate 0
-            set publish-rate 0
-            set bye-rate 0
-            set cancel-rate 0
-            set preserve-override disable
-            set no-sdp-fixup disable
-            set contact-fixup enable
-            set max-idle-dialogs 0
-            set block-geo-red-options disable
-            set hosted-nat-traversal disable
-            set hnt-restrict-source-ip disable
-            set max-body-length 0
-            set unknown-header pass
-            set malformed-request-line discard
-            set malformed-header-via discard
-            set malformed-header-from discard
-            set malformed-header-to discard
-            set malformed-header-call-id discard
-            set malformed-header-cseq discard
-            set malformed-header-rack discard
-            set malformed-header-rseq discard
-            set malformed-header-contact discard
-            set malformed-header-record-route discard
-            set malformed-header-route discard
-            set malformed-header-expires discard
-            set malformed-header-content-type discard
-            set malformed-header-content-length discard
-            set malformed-header-max-forwards discard
-            set malformed-header-allow discard
-            set malformed-header-p-asserted-identity discard
-            set malformed-header-sdp-v discard
-            set malformed-header-sdp-o discard
-            set malformed-header-sdp-s discard
-            set malformed-header-sdp-i discard
-            set malformed-header-sdp-c discard
-            set malformed-header-sdp-b discard
-            set malformed-header-sdp-z discard
-            set malformed-header-sdp-k discard
-            set malformed-header-sdp-a discard
-            set malformed-header-sdp-t discard
-            set malformed-header-sdp-r discard
-            set malformed-header-sdp-m discard
-            set provisional-invite-expiry-time 210
-            set ips-rtp enable
-            set ssl-mode off
-        end
-        config sccp
-            set status enable
-            set block-mcast disable
-            set verify-header disable
-            set log-call-summary disable
-            set log-violations disable
-            set max-calls 0
-        end
-    next
-end
-config system sdwan
-    set status disable
-    set load-balance-mode source-ip-based
-    set speedtest-bypass-routing disable
-    set duplication-max-num 2
-    set neighbor-hold-down disable
-    set neighbor-hold-down-time 0
-    set neighbor-hold-boot-time 0
-    set fail-detect disable
-    config zone
-        edit "virtual-wan-link"
-            set service-sla-tie-break cfg-order
-        next
-    end
-    config health-check
-        edit "Default_DNS"
-            set probe-packets enable
-            set addr-mode ipv4
-            set system-dns enable
-            set detect-mode active
-            set ha-priority 1
-            set dns-request-domain "www.example.com"
-            set dns-match-ip 0.0.0.0
-            set interval 1000
-            set probe-timeout 1000
-            set failtime 5
-            set recoverytime 10
-            set probe-count 30
-            set diffservcode 000000
-            set update-cascade-interface enable
-            set update-static-route enable
-            set sla-fail-log-period 0
-            set sla-pass-log-period 0
-            set threshold-warning-packetloss 0
-            set threshold-alert-packetloss 0
-            set threshold-warning-latency 0
-            set threshold-alert-latency 0
-            set threshold-warning-jitter 0
-            set threshold-alert-jitter 0
-            config sla
-                edit 1
-                    set link-cost-factor latency jitter packet-loss
-                    set latency-threshold 250
-                    set jitter-threshold 50
-                    set packetloss-threshold 5
-                next
-            end
-        next
-        edit "Default_Office_365"
-            set probe-packets enable
-            set addr-mode ipv4
-            set server "www.office.com"
-            set detect-mode active
-            set protocol http
-            set port 0
-            set ha-priority 1
-            set http-get "/"
-            set http-agent "Chrome/ Safari/"
-            set http-match ''
-            set interval 1000
-            set probe-timeout 1000
-            set failtime 5
-            set recoverytime 10
-            set probe-count 30
-            set diffservcode 000000
-            set update-cascade-interface enable
-            set update-static-route enable
-            set sla-fail-log-period 0
-            set sla-pass-log-period 0
-            set threshold-warning-packetloss 0
-            set threshold-alert-packetloss 0
-            set threshold-warning-latency 0
-            set threshold-alert-latency 0
-            set threshold-warning-jitter 0
-            set threshold-alert-jitter 0
-            config sla
-                edit 1
-                    set link-cost-factor latency jitter packet-loss
-                    set latency-threshold 250
-                    set jitter-threshold 50
-                    set packetloss-threshold 5
-                next
-            end
-        next
-        edit "Default_Gmail"
-            set probe-packets enable
-            set addr-mode ipv4
-            set server "gmail.com"
-            set detect-mode active
-            set protocol ping
-            set ha-priority 1
-            set interval 1000
-            set probe-timeout 1000
-            set failtime 5
-            set recoverytime 10
-            set probe-count 30
-            set diffservcode 000000
-            set update-cascade-interface enable
-            set update-static-route enable
-            set sla-fail-log-period 0
-            set sla-pass-log-period 0
-            set threshold-warning-packetloss 0
-            set threshold-alert-packetloss 0
-            set threshold-warning-latency 0
-            set threshold-alert-latency 0
-            set threshold-warning-jitter 0
-            set threshold-alert-jitter 0
-            config sla
-                edit 1
-                    set link-cost-factor latency jitter packet-loss
-                    set latency-threshold 250
-                    set jitter-threshold 50
-                    set packetloss-threshold 2
-                next
-            end
-        next
-        edit "Default_Google Search"
-            set probe-packets enable
-            set addr-mode ipv4
-            set server "www.google.com"
-            set detect-mode active
-            set protocol http
-            set port 0
-            set ha-priority 1
-            set http-get "/"
-            set http-agent "Chrome/ Safari/"
-            set http-match ''
-            set interval 1000
-            set probe-timeout 1000
-            set failtime 5
-            set recoverytime 10
-            set probe-count 30
-            set diffservcode 000000
-            set update-cascade-interface enable
-            set update-static-route enable
-            set sla-fail-log-period 0
-            set sla-pass-log-period 0
-            set threshold-warning-packetloss 0
-            set threshold-alert-packetloss 0
-            set threshold-warning-latency 0
-            set threshold-alert-latency 0
-            set threshold-warning-jitter 0
-            set threshold-alert-jitter 0
-            config sla
-                edit 1
-                    set link-cost-factor latency jitter packet-loss
-                    set latency-threshold 250
-                    set jitter-threshold 50
-                    set packetloss-threshold 5
-                next
-            end
-        next
-        edit "Default_FortiGuard"
-            set probe-packets enable
-            set addr-mode ipv4
-            set server "fortiguard.com"
-            set detect-mode active
-            set protocol http
-            set port 0
-            set ha-priority 1
-            set http-get "/"
-            set http-agent "Chrome/ Safari/"
-            set http-match ''
-            set interval 1000
-            set probe-timeout 1000
-            set failtime 5
-            set recoverytime 10
-            set probe-count 30
-            set diffservcode 000000
-            set update-cascade-interface enable
-            set update-static-route enable
-            set sla-fail-log-period 0
-            set sla-pass-log-period 0
-            set threshold-warning-packetloss 0
-            set threshold-alert-packetloss 0
-            set threshold-warning-latency 0
-            set threshold-alert-latency 0
-            set threshold-warning-jitter 0
-            set threshold-alert-jitter 0
-            config sla
-                edit 1
-                    set link-cost-factor latency jitter packet-loss
-                    set latency-threshold 250
-                    set jitter-threshold 50
-                    set packetloss-threshold 5
-                next
-            end
-        next
-    end
-end
-config vpn ipsec phase1
-end
-config vpn ipsec phase2
-end
-config vpn ipsec manualkey
-end
-config vpn ipsec concentrator
-end
-config vpn ipsec fec
-end
-config vpn ipsec phase1-interface
-end
-config vpn ipsec phase2-interface
-end
-config vpn ipsec manualkey-interface
-end
-config vpn pptp
-    set status disable
-end
-config vpn l2tp
-    set status disable
-    set lcp-max-echo-fails 3
-    set hello-interval 60
-end
-config vpn ipsec forticlient
-end
-config dnsfilter domain-filter
-end
-config dnsfilter profile
-    edit "default"
-        set comment "Default dns filtering."
-        config domain-filter
-            unset domain-filter-table
-        end
-        config ftgd-dns
-            unset options
-            config filters
-                edit 1
-                    set category 2
-                    set action monitor
-                next
-                edit 2
-                    set category 7
-                    set action monitor
-                next
-                edit 3
-                    set category 8
-                    set action monitor
-                next
-                edit 4
-                    set category 9
-                    set action monitor
-                next
-                edit 5
-                    set category 11
-                    set action monitor
-                next
-                edit 6
-                    set category 12
-                    set action monitor
-                next
-                edit 7
-                    set category 13
-                    set action monitor
-                next
-                edit 8
-                    set category 14
-                    set action monitor
-                next
-                edit 9
-                    set category 15
-                    set action monitor
-                next
-                edit 10
-                    set category 16
-                    set action monitor
-                next
-                edit 11
-                    set category 0
-                    set action monitor
-                next
-                edit 12
-                    set category 57
-                    set action monitor
-                next
-                edit 13
-                    set category 63
-                    set action monitor
-                next
-                edit 14
-                    set category 64
-                    set action monitor
-                next
-                edit 15
-                    set category 65
-                    set action monitor
-                next
-                edit 16
-                    set category 66
-                    set action monitor
-                next
-                edit 17
-                    set category 67
-                    set action monitor
-                next
-                edit 18
-                    set category 26
-                    set action block
-                    set log enable
-                next
-                edit 19
-                    set category 61
-                    set action block
-                    set log enable
-                next
-                edit 20
-                    set category 86
-                    set action block
-                    set log enable
-                next
-                edit 21
-                    set category 88
-                    set action block
-                    set log enable
-                next
-                edit 22
-                    set category 90
-                    set action block
-                    set log enable
-                next
-                edit 23
-                    set category 91
-                    set action block
-                    set log enable
-                next
-            end
-        end
-        set log-all-domain disable
-        set sdns-ftgd-err-log enable
-        set sdns-domain-log enable
-        set block-action redirect
-        set block-botnet enable
-        set safe-search disable
-        set redirect-portal 0.0.0.0
-        set redirect-portal6 ::
-    next
-end
-config system gre-tunnel
-end
-config system ipsec-aggregate
-end
-config system ipip-tunnel
-end
-config system mobile-tunnel
-end
-config system pppoe-interface
-end
-config system vxlan
-end
-config system geneve
-end
-config system virtual-wire-pair
-end
-config system dns-database
-end
-config system dns-server
-end
-config log custom-field
-end
-config antivirus settings
-    set machine-learning-detection enable
-    set use-extreme-db disable
-    set grayware enable
-    set override-timeout 0
-    set cache-infected-result enable
-end
-config antivirus quarantine
-    set agelimit 0
-    set maxfilesize 0
-    set quarantine-quota 0
-    unset drop-infected
-    set store-infected imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
-    unset drop-blocked
-    set store-blocked imap smtp pop3 http ftp nntp imaps smtps pop3s ftps mapi cifs ssh
-    unset drop-machine-learning
-    set store-machine-learning imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
-    set lowspace ovrw-old
-    set destination disk
-end
-config ssh-filter profile
-end
-config antivirus profile
-    edit "g-default"
-        set comment "Scan files and block viruses."
-        set replacemsg-group ''
-        set feature-set flow
-        set mobile-malware-db enable
-        config http
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config ftp
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config imap
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config pop3
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config smtp
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config nntp
-            set av-scan disable
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config cifs
-            set av-scan disable
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config nac-quar
-            set infected none
-            set log disable
-        end
-        set outbreak-prevention-archive-scan disable
-        set external-blocklist-enable-all enable
-        set ems-threat-feed disable
-        set av-virus-log enable
-        set av-block-log enable
-        set extended-log disable
-    next
-    edit "g-sniffer-profile"
-        set comment "Scan files and monitor viruses."
-        set replacemsg-group ''
-        set feature-set flow
-        set mobile-malware-db enable
-        config http
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config ftp
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config imap
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config pop3
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config smtp
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config nntp
-            set av-scan disable
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config cifs
-            set av-scan disable
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config nac-quar
-            set infected none
-            set log disable
-        end
-        set outbreak-prevention-archive-scan disable
-        set external-blocklist-enable-all enable
-        set ems-threat-feed disable
-        set av-virus-log enable
-        set av-block-log enable
-        set extended-log disable
-    next
-    edit "g-wifi-default"
-        set comment "Default configuration for offloading WiFi traffic."
-        set replacemsg-group ''
-        set feature-set flow
-        set mobile-malware-db enable
-        config http
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config ftp
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config imap
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config pop3
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config smtp
-            set av-scan block
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-            set executables virus
-        end
-        config nntp
-            set av-scan disable
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config cifs
-            set av-scan disable
-            set outbreak-prevention disable
-            set external-blocklist disable
-            set quarantine disable
-            unset archive-block
-            unset archive-log
-            set emulator enable
-        end
-        config nac-quar
-            set infected none
-            set log disable
-        end
-        set outbreak-prevention-archive-scan disable
-        set external-blocklist-enable-all enable
-        set ems-threat-feed disable
-        set av-virus-log enable
-        set av-block-log enable
-        set extended-log disable
-    next
-end
-config file-filter profile
-    edit "g-default"
-        set comment "File type inspection."
-        set feature-set flow
-        set replacemsg-group ''
-        set log enable
-        set extended-log disable
-        set scan-archive-contents enable
-    next
-    edit "g-sniffer-profile"
-        set comment "File type inspection."
-        set feature-set flow
-        set replacemsg-group ''
-        set log enable
-        set extended-log disable
-        set scan-archive-contents enable
-    next
-end
-config webfilter profile
-    edit "g-default"
-        set comment "Default web filtering."
-        set feature-set flow
-        set replacemsg-group ''
-        unset options
-        set https-replacemsg enable
-        unset ovrd-perm
-        set post-action normal
-        config override
-            set ovrd-cookie deny
-            set ovrd-scope user
-            set profile-type list
-            set ovrd-dur-mode constant
-            set ovrd-dur 15m
-        end
-        config web
-            set bword-threshold 10
-            unset bword-table
-            unset urlfilter-table
-            unset content-header-list
-            set blocklist disable
-            unset allowlist
-        end
-        config ftgd-wf
-            unset options
-            unset ovrd
-            config filters
-                edit 1
-                    set category 0
-                    set action block
-                    set log enable
-                next
-                edit 2
-                    set category 2
-                    set action block
-                    set log enable
-                next
-                edit 3
-                    set category 7
-                    set action block
-                    set log enable
-                next
-                edit 4
-                    set category 8
-                    set action block
-                    set log enable
-                next
-                edit 5
-                    set category 9
-                    set action block
-                    set log enable
-                next
-                edit 6
-                    set category 11
-                    set action block
-                    set log enable
-                next
-                edit 7
-                    set category 12
-                    set action block
-                    set log enable
-                next
-                edit 8
-                    set category 13
-                    set action block
-                    set log enable
-                next
-                edit 9
-                    set category 14
-                    set action block
-                    set log enable
-                next
-                edit 10
-                    set category 15
-                    set action block
-                    set log enable
-                next
-                edit 11
-                    set category 16
-                    set action block
-                    set log enable
-                next
-                edit 12
-                    set category 26
-                    set action block
-                    set log enable
-                next
-                edit 13
-                    set category 57
-                    set action block
-                    set log enable
-                next
-                edit 14
-                    set category 61
-                    set action block
-                    set log enable
-                next
-                edit 15
-                    set category 63
-                    set action block
-                    set log enable
-                next
-                edit 16
-                    set category 64
-                    set action block
-                    set log enable
-                next
-                edit 17
-                    set category 65
-                    set action block
-                    set log enable
-                next
-                edit 18
-                    set category 66
-                    set action block
-                    set log enable
-                next
-                edit 19
-                    set category 67
-                    set action block
-                    set log enable
-                next
-                edit 20
-                    set category 86
-                    set action block
-                    set log enable
-                next
-                edit 21
-                    set category 88
-                    set action block
-                    set log enable
-                next
-                edit 22
-                    set category 90
-                    set action block
-                    set log enable
-                next
-                edit 23
-                    set category 91
-                    set action block
-                    set log enable
-                next
-            end
-            set rate-javascript-urls enable
-            set rate-css-urls enable
-            set rate-crl-urls enable
-        end
-        set log-all-url disable
-        set web-content-log enable
-        set web-filter-command-block-log enable
-        set web-filter-cookie-log enable
-        set web-url-log enable
-        set web-invalid-domain-log enable
-        set web-ftgd-err-log enable
-        set extended-log disable
-    next
-    edit "g-sniffer-profile"
-        set comment "Monitor web traffic."
-        set feature-set flow
-        set replacemsg-group ''
-        unset options
-        set https-replacemsg enable
-        unset ovrd-perm
-        set post-action normal
-        config override
-            set ovrd-cookie deny
-            set ovrd-scope user
-            set profile-type list
-            set ovrd-dur-mode constant
-            set ovrd-dur 15m
-        end
-        config web
-            set bword-threshold 10
-            unset bword-table
-            unset urlfilter-table
-            unset content-header-list
-            set blocklist disable
-            unset allowlist
-        end
-        config ftgd-wf
-            set options ftgd-disable
-            unset ovrd
-            config filters
-                edit 1
-                    set category 0
-                    set action monitor
-                    set log enable
-                next
-                edit 2
-                    set category 1
-                    set action monitor
-                    set log enable
-                next
-                edit 3
-                    set category 2
-                    set action monitor
-                    set log enable
-                next
-                edit 4
-                    set category 3
-                    set action monitor
-                    set log enable
-                next
-                edit 5
-                    set category 4
-                    set action monitor
-                    set log enable
-                next
-                edit 6
-                    set category 5
-                    set action monitor
-                    set log enable
-                next
-                edit 7
-                    set category 6
-                    set action monitor
-                    set log enable
-                next
-                edit 8
-                    set category 7
-                    set action monitor
-                    set log enable
-                next
-                edit 9
-                    set category 8
-                    set action monitor
-                    set log enable
-                next
-                edit 10
-                    set category 9
-                    set action monitor
-                    set log enable
-                next
-                edit 11
-                    set category 11
-                    set action monitor
-                    set log enable
-                next
-                edit 12
-                    set category 12
-                    set action monitor
-                    set log enable
-                next
-                edit 13
-                    set category 13
-                    set action monitor
-                    set log enable
-                next
-                edit 14
-                    set category 14
-                    set action monitor
-                    set log enable
-                next
-                edit 15
-                    set category 15
-                    set action monitor
-                    set log enable
-                next
-                edit 16
-                    set category 16
-                    set action monitor
-                    set log enable
-                next
-                edit 17
-                    set category 17
-                    set action monitor
-                    set log enable
-                next
-                edit 18
-                    set category 18
-                    set action monitor
-                    set log enable
-                next
-                edit 19
-                    set category 19
-                    set action monitor
-                    set log enable
-                next
-                edit 20
-                    set category 20
-                    set action monitor
-                    set log enable
-                next
-                edit 21
-                    set category 23
-                    set action monitor
-                    set log enable
-                next
-                edit 22
-                    set category 24
-                    set action monitor
-                    set log enable
-                next
-                edit 23
-                    set category 25
-                    set action monitor
-                    set log enable
-                next
-                edit 24
-                    set category 26
-                    set action monitor
-                    set log enable
-                next
-                edit 25
-                    set category 28
-                    set action monitor
-                    set log enable
-                next
-                edit 26
-                    set category 29
-                    set action monitor
-                    set log enable
-                next
-                edit 27
-                    set category 30
-                    set action monitor
-                    set log enable
-                next
-                edit 28
-                    set category 31
-                    set action monitor
-                    set log enable
-                next
-                edit 29
-                    set category 33
-                    set action monitor
-                    set log enable
-                next
-                edit 30
-                    set category 34
-                    set action monitor
-                    set log enable
-                next
-                edit 31
-                    set category 35
-                    set action monitor
-                    set log enable
-                next
-                edit 32
-                    set category 36
-                    set action monitor
-                    set log enable
-                next
-                edit 33
-                    set category 37
-                    set action monitor
-                    set log enable
-                next
-                edit 34
-                    set category 38
-                    set action monitor
-                    set log enable
-                next
-                edit 35
-                    set category 39
-                    set action monitor
-                    set log enable
-                next
-                edit 36
-                    set category 40
-                    set action monitor
-                    set log enable
-                next
-                edit 37
-                    set category 41
-                    set action monitor
-                    set log enable
-                next
-                edit 38
-                    set category 42
-                    set action monitor
-                    set log enable
-                next
-                edit 39
-                    set category 43
-                    set action monitor
-                    set log enable
-                next
-                edit 40
-                    set category 44
-                    set action monitor
-                    set log enable
-                next
-                edit 41
-                    set category 46
-                    set action monitor
-                    set log enable
-                next
-                edit 42
-                    set category 47
-                    set action monitor
-                    set log enable
-                next
-                edit 43
-                    set category 48
-                    set action monitor
-                    set log enable
-                next
-                edit 44
-                    set category 49
-                    set action monitor
-                    set log enable
-                next
-                edit 45
-                    set category 50
-                    set action monitor
-                    set log enable
-                next
-                edit 46
-                    set category 51
-                    set action monitor
-                    set log enable
-                next
-                edit 47
-                    set category 52
-                    set action monitor
-                    set log enable
-                next
-                edit 48
-                    set category 53
-                    set action monitor
-                    set log enable
-                next
-                edit 49
-                    set category 54
-                    set action monitor
-                    set log enable
-                next
-                edit 50
-                    set category 55
-                    set action monitor
-                    set log enable
-                next
-                edit 51
-                    set category 56
-                    set action monitor
-                    set log enable
-                next
-                edit 52
-                    set category 57
-                    set action monitor
-                    set log enable
-                next
-                edit 53
-                    set category 58
-                    set action monitor
-                    set log enable
-                next
-                edit 54
-                    set category 59
-                    set action monitor
-                    set log enable
-                next
-                edit 55
-                    set category 61
-                    set action monitor
-                    set log enable
-                next
-                edit 56
-                    set category 62
-                    set action monitor
-                    set log enable
-                next
-                edit 57
-                    set category 63
-                    set action monitor
-                    set log enable
-                next
-                edit 58
-                    set category 64
-                    set action monitor
-                    set log enable
-                next
-                edit 59
-                    set category 65
-                    set action monitor
-                    set log enable
-                next
-                edit 60
-                    set category 66
-                    set action monitor
-                    set log enable
-                next
-                edit 61
-                    set category 67
-                    set action monitor
-                    set log enable
-                next
-                edit 62
-                    set category 68
-                    set action monitor
-                    set log enable
-                next
-                edit 63
-                    set category 69
-                    set action monitor
-                    set log enable
-                next
-                edit 64
-                    set category 70
-                    set action monitor
-                    set log enable
-                next
-                edit 65
-                    set category 71
-                    set action monitor
-                    set log enable
-                next
-                edit 66
-                    set category 72
-                    set action monitor
-                    set log enable
-                next
-                edit 67
-                    set category 75
-                    set action monitor
-                    set log enable
-                next
-                edit 68
-                    set category 76
-                    set action monitor
-                    set log enable
-                next
-                edit 69
-                    set category 77
-                    set action monitor
-                    set log enable
-                next
-                edit 70
-                    set category 78
-                    set action monitor
-                    set log enable
-                next
-                edit 71
-                    set category 79
-                    set action monitor
-                    set log enable
-                next
-                edit 72
-                    set category 80
-                    set action monitor
-                    set log enable
-                next
-                edit 73
-                    set category 81
-                    set action monitor
-                    set log enable
-                next
-                edit 74
-                    set category 82
-                    set action monitor
-                    set log enable
-                next
-                edit 75
-                    set category 83
-                    set action monitor
-                    set log enable
-                next
-                edit 76
-                    set category 84
-                    set action monitor
-                    set log enable
-                next
-                edit 77
-                    set category 85
-                    set action monitor
-                    set log enable
-                next
-                edit 78
-                    set category 86
-                    set action monitor
-                    set log enable
-                next
-                edit 79
-                    set category 87
-                    set action monitor
-                    set log enable
-                next
-                edit 80
-                    set category 88
-                    set action monitor
-                    set log enable
-                next
-                edit 81
-                    set category 89
-                    set action monitor
-                    set log enable
-                next
-                edit 82
-                    set category 90
-                    set action monitor
-                    set log enable
-                next
-                edit 83
-                    set category 91
-                    set action monitor
-                    set log enable
-                next
-                edit 84
-                    set category 92
-                    set action monitor
-                    set log enable
-                next
-                edit 85
-                    set category 93
-                    set action monitor
-                    set log enable
-                next
-                edit 86
-                    set category 94
-                    set action monitor
-                    set log enable
-                next
-                edit 87
-                    set category 95
-                    set action monitor
-                    set log enable
-                next
-            end
-            set rate-javascript-urls enable
-            set rate-css-urls enable
-            set rate-crl-urls enable
-        end
-        set log-all-url disable
-        set web-content-log enable
-        set web-filter-command-block-log enable
-        set web-filter-cookie-log enable
-        set web-url-log enable
-        set web-invalid-domain-log enable
-        set web-ftgd-err-log enable
-        set extended-log disable
-    next
-    edit "g-wifi-default"
-        set comment "Default configuration for offloading WiFi traffic."
-        set feature-set flow
-        set replacemsg-group ''
-        set options block-invalid-url
-        set https-replacemsg enable
-        unset ovrd-perm
-        set post-action normal
-        config override
-            set ovrd-cookie deny
-            set ovrd-scope user
-            set profile-type list
-            set ovrd-dur-mode constant
-            set ovrd-dur 15m
-        end
-        config web
-            set bword-threshold 10
-            unset bword-table
-            unset urlfilter-table
-            unset content-header-list
-            set blocklist disable
-            unset allowlist
-        end
-        config ftgd-wf
-            unset options
-            unset ovrd
-            config filters
-                edit 1
-                    set category 0
-                    set action monitor
-                    set log enable
-                next
-                edit 2
-                    set category 2
-                    set action block
-                    set log enable
-                next
-                edit 3
-                    set category 7
-                    set action block
-                    set log enable
-                next
-                edit 4
-                    set category 8
-                    set action block
-                    set log enable
-                next
-                edit 5
-                    set category 9
-                    set action block
-                    set log enable
-                next
-                edit 6
-                    set category 11
-                    set action block
-                    set log enable
-                next
-                edit 7
-                    set category 12
-                    set action block
-                    set log enable
-                next
-                edit 8
-                    set category 13
-                    set action block
-                    set log enable
-                next
-                edit 9
-                    set category 14
-                    set action block
-                    set log enable
-                next
-                edit 10
-                    set category 15
-                    set action block
-                    set log enable
-                next
-                edit 11
-                    set category 16
-                    set action block
-                    set log enable
-                next
-                edit 12
-                    set category 26
-                    set action block
-                    set log enable
-                next
-                edit 13
-                    set category 57
-                    set action block
-                    set log enable
-                next
-                edit 14
-                    set category 61
-                    set action block
-                    set log enable
-                next
-                edit 15
-                    set category 63
-                    set action block
-                    set log enable
-                next
-                edit 16
-                    set category 64
-                    set action block
-                    set log enable
-                next
-                edit 17
-                    set category 65
-                    set action block
-                    set log enable
-                next
-                edit 18
-                    set category 66
-                    set action block
-                    set log enable
-                next
-                edit 19
-                    set category 67
-                    set action block
-                    set log enable
-                next
-                edit 20
-                    set category 86
-                    set action block
-                    set log enable
-                next
-                edit 21
-                    set category 88
-                    set action block
-                    set log enable
-                next
-                edit 22
-                    set category 90
-                    set action block
-                    set log enable
-                next
-                edit 23
-                    set category 91
-                    set action block
-                    set log enable
-                next
-            end
-            set rate-javascript-urls enable
-            set rate-css-urls enable
-            set rate-crl-urls enable
-        end
-        set log-all-url disable
-        set web-content-log enable
-        set web-filter-command-block-log enable
-        set web-filter-cookie-log enable
-        set web-url-log enable
-        set web-invalid-domain-log enable
-        set web-ftgd-err-log enable
-        set extended-log disable
-    next
-end
-config webfilter override
-end
-config webfilter ftgd-local-rating
-end
-config webfilter search-engine
-    edit "g-baidu"
-        set hostname ".*\\.baidu\\.com"
-        set url "^\\/s?\\?"
-        set query "wd="
-        set safesearch disable
-    next
-    edit "g-baidu2"
-        set hostname ".*\\.baidu\\.com"
-        set url "^\\/(ns|q|m|i|v)\\?"
-        set query "word="
-        set safesearch disable
-    next
-    edit "g-baidu3"
-        set hostname "tieba\\.baidu\\.com"
-        set url "^\\/f\\?"
-        set query "kw="
-        set safesearch disable
-    next
-    edit "g-bing"
-        set hostname ".*\\.bing\\..*"
-        set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
-        set query "q="
-        set safesearch header
-    next
-    edit "g-google"
-        set hostname ".*\\.google\\..*"
-        set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
-        set query "q="
-        set safesearch url
-        set safesearch-str "&safe=active"
-    next
-    edit "g-google-translate-1"
-        set hostname "translate\\.google\\..*"
-        set url "^\\/translate"
-        set query "u="
-        set safesearch translate
-    next
-    edit "g-google-translate-2"
-        set hostname ".*\\.translate\\.goog"
-        set url "^\\/"
-        set query ''
-        set safesearch translate
-    next
-    edit "g-twitter"
-        set hostname "twitter\\.com"
-        set url "^\\/i\\/api\\/graphql\\/.*\\/UserByScreenName"
-        set query "variables="
-        set safesearch translate
-    next
-    edit "g-vimeo"
-        set hostname ".*vimeo.*"
-        set url "^\\/search\\?"
-        set query "q="
-        set safesearch header
-    next
-    edit "g-yahoo"
-        set hostname ".*\\.yahoo\\..*"
-        set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
-        set query "p="
-        set safesearch url
-        set safesearch-str "&vm=r"
-    next
-    edit "g-yandex"
-        set hostname "yandex\\..*"
-        set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"
-        set query "text="
-        set safesearch url
-        set safesearch-str "&family=yes"
-    next
-    edit "g-youtube"
-        set hostname ".*youtube.*"
-        set url ''
-        set query ''
-        set safesearch header
-    next
-    edit "g-yt-channel"
-        set hostname ''
-        set url "www.youtube.com/channel"
-        set query ''
-        set safesearch yt-channel
-    next
-    edit "g-yt-pattern"
-        set hostname ''
-        set url "youtube.com/channel/"
-        set query ''
-        set safesearch yt-pattern
-    next
-    edit "g-yt-scan-1"
-        set hostname ''
-        set url "www.youtube.com/user/"
-        set query ''
-        set safesearch yt-scan
-    next
-    edit "g-yt-scan-2"
-        set hostname ''
-        set url "www.youtube.com/youtubei/v1/browse"
-        set query ''
-        set safesearch yt-scan
-    next
-    edit "g-yt-scan-3"
-        set hostname ''
-        set url "www.youtube.com/youtubei/v1/player"
-        set query ''
-        set safesearch yt-scan
-    next
-    edit "g-yt-scan-4"
-        set hostname ''
-        set url "www.youtube.com/youtubei/v1/navigator"
-        set query ''
-        set safesearch yt-scan
-    next
-    edit "translate"
-        set hostname "translate\\.google\\..*"
-        set url "^\\/translate\\?"
-        set query "u="
-        set safesearch translate
-    next
-    edit "yt-video"
-        set hostname ''
-        set url "www.youtube.com/watch"
-        set query ''
-        set safesearch yt-video
-    next
-end
-config emailfilter profile
-    edit "default"
-        set comment "Malware and phishing URL filtering."
-        set feature-set flow
-        set replacemsg-group ''
-        set spam-log enable
-        set spam-filtering disable
-        set external disable
-        unset options
-        config imap
-            set log-all disable
-        end
-        config pop3
-            set log-all disable
-        end
-        config smtp
-            set log-all disable
-        end
-        config msn-hotmail
-            set log-all disable
-        end
-        config gmail
-            set log-all disable
-        end
-        set spam-bword-threshold 10
-        unset spam-bword-table
-        unset spam-bal-table
-        unset spam-mheader-table
-        unset spam-rbl-table
-        unset spam-iptrust-table
-        set spam-log-fortiguard-response disable
-    next
-    edit "sniffer-profile"
-        set comment "Malware and phishing URL monitoring."
-        set feature-set flow
-        set replacemsg-group ''
-        set spam-log enable
-        set spam-filtering disable
-        set external disable
-        unset options
-        config imap
-            set log-all disable
-        end
-        config pop3
-            set log-all disable
-        end
-        config smtp
-            set log-all disable
-        end
-        config msn-hotmail
-            set log-all disable
-        end
-        config gmail
-            set log-all disable
-        end
-        set spam-bword-threshold 10
-        unset spam-bword-table
-        unset spam-bal-table
-        unset spam-mheader-table
-        unset spam-rbl-table
-        unset spam-iptrust-table
-        set spam-log-fortiguard-response disable
-    next
-end
-config wanopt settings
-    set host-id "default-id"
-    set tunnel-ssl-algorithm high
-    set auto-detect-algorithm simple
-    set tunnel-optimization balanced
-end
-config wanopt peer
-end
-config wanopt auth-group
-end
-config wanopt profile
-    edit "default"
-        set transparent enable
-        set comments "Default WANopt profile."
-        set auth-group ''
-        config http
-            set status disable
-            set secure-tunnel disable
-            set byte-caching enable
-            set ssl disable
-            set prefer-chunking fix
-            set protocol-opt protocol
-            set tunnel-sharing private
-            set log-traffic enable
-        end
-        config cifs
-            set status disable
-            set secure-tunnel disable
-            set byte-caching enable
-            set prefer-chunking fix
-            set protocol-opt protocol
-            set tunnel-sharing private
-            set log-traffic enable
-        end
-        config mapi
-            set status disable
-            set secure-tunnel disable
-            set byte-caching enable
-            set tunnel-sharing private
-            set log-traffic enable
-        end
-        config ftp
-            set status disable
-            set secure-tunnel disable
-            set byte-caching enable
-            set ssl disable
-            set prefer-chunking fix
-            set protocol-opt protocol
-            set tunnel-sharing private
-            set log-traffic enable
-        end
-        config tcp
-            set status disable
-        end
-    next
-end
-config system speed-test-server
-end
-config log memory setting
-    set status enable
-end
-config log disk setting
-    set status disable
-end
-config log eventfilter
-    set event enable
-    set system enable
-    set vpn enable
-    set user enable
-    set router enable
-    set wireless-activity enable
-    set wan-opt enable
-    set endpoint enable
-    set ha enable
-    set security-rating enable
-    set fortiextender enable
-    set connector enable
-    set sdwan enable
-    set cifs enable
-    set switch-controller enable
-end
-config log memory filter
-    set severity information
-    set forward-traffic enable
-    set local-traffic enable
-    set multicast-traffic enable
-    set sniffer-traffic enable
-    set ztna-traffic enable
-    set anomaly enable
-    set voip enable
-    set gtp enable
-end
-config log disk filter
-    set severity information
-    set forward-traffic enable
-    set local-traffic enable
-    set multicast-traffic enable
-    set sniffer-traffic enable
-    set ztna-traffic enable
-    set anomaly enable
-    set voip enable
-    set dlp-archive enable
-    set gtp enable
-end
-config log fortiguard override-setting
-    set override disable
-    set access-config enable
-end
-config log tacacs+accounting setting
-    set status disable
-end
-config log tacacs+accounting2 setting
-    set status disable
-end
-config log tacacs+accounting3 setting
-    set status disable
-end
-config log tacacs+accounting filter
-    set login-audit enable
-    set config-change-audit enable
-    set cli-cmd-audit enable
-end
-config log tacacs+accounting2 filter
-    set login-audit enable
-    set config-change-audit enable
-    set cli-cmd-audit enable
-end
-config log tacacs+accounting3 filter
-    set login-audit enable
-    set config-change-audit enable
-    set cli-cmd-audit enable
-end
-config log null-device setting
-    set status disable
-end
-config log null-device filter
-    set severity information
-    set forward-traffic enable
-    set local-traffic enable
-    set multicast-traffic enable
-    set sniffer-traffic enable
-    set ztna-traffic enable
-    set anomaly enable
-    set voip enable
-    set gtp enable
-end
-config log setting
-    set resolve-ip disable
-    set resolve-port enable
-    set log-user-in-upper disable
-    set fwpolicy-implicit-log disable
-    set fwpolicy6-implicit-log disable
-    set log-invalid-packet disable
-    set local-in-allow disable
-    set local-in-deny-unicast disable
-    set local-in-deny-broadcast disable
-    set local-out disable
-    set neighbor-event disable
-    set brief-traffic-format disable
-    set user-anonymize disable
-    set fortiview-weekly-data disable
-    set expolicy-implicit-log disable
-    set log-policy-comment disable
-    set faz-override disable
-    set syslog-override disable
-    set rest-api-set disable
-    set rest-api-get disable
-end
-config log gui-display
-    set resolve-hosts enable
-    set resolve-apps enable
-    set fortiview-unscanned-apps disable
-end
-config system lldp network-policy
-end
-config firewall schedule onetime
-end
-config firewall schedule recurring
-    edit "always"
-        set start 00:00
-        set end 00:00
-        set day sunday monday tuesday wednesday thursday friday saturday
-        set color 0
-        set fabric-object disable
-    next
-    edit "none"
-        set start 00:00
-        set end 00:00
-        set day none
-        set color 0
-        set fabric-object disable
-    next
-    edit "default-darrp-optimize"
-        set start 01:00
-        set end 01:30
-        set day sunday monday tuesday wednesday thursday friday saturday
-        set color 0
-        set fabric-object disable
-    next
-end
-config firewall schedule group
-end
-config firewall ippool
-    edit "Outside_Pool"
-        set type overload
-        set startip 198.36.24.240
-        set endip 198.36.24.241
-        set arp-reply enable
-        set arp-intf ''
-        set associated-interface ''
-        set cgn-client-ipv6shift 0
-        set comments ''
-        set nat64 disable
-    next
-end
-config firewall ippool6
-end
-config firewall ldb-monitor
-end
-config firewall vip
-    edit "VIP_Webosphere"
-        set id 0
-        set uuid cee90f74-9fbd-51ec-8812-57713fdf5603
-        set comment ''
-        set type static-nat
-        set extip 198.36.24.16
-        set nat44 enable
-        set nat46 disable
-        set mappedip "10.1.48.117"
-        set extintf "port10"
-        set arp-reply enable
-        set nat-source-vip disable
-        set portforward disable
-        set gratuitous-arp-interval 0
-        set ssl-client-rekey-count 0
-        set color 0
-    next
-end
-config firewall vip6
-end
-config firewall vipgrp
-end
-config firewall vipgrp6
-end
-config firewall ssh local-key
-    edit "g-Fortinet_SSH_DSA1024"
-        set password ENC BPJqYaU3IBul6Eu+yWo7I4MCEJYH02tWDlF8NVSjYdnwcK5Z+BkrwnlAflqjuK3+c+b4IxoGMq5YCk2h0t2c67r4zBAwfs+ZBgXVD1KIOAGgCt2eKZKG5SebPfjqeS/C+uNPclAhBjvm6DAVnTq0KxNQ2x/R8m3lN8l5lMKKl1O672ADqNFbJGGFsfXLz2X27QgY0w==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDWMdT3yG
-/DLzIBU5O0UtJ/AAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDho
-KqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTq
-a7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq
-7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXk
-jxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFR
-XsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEe
-P+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5
-lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11G
-wlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQAAAHgxMcP4nd5bs47/RHx
-ArZUDjNCJzDVajX1tIDHffLzzlLm2RRU/wKXccxXn1TC14JdA3gOmS/hFa1C/ctWGGFdz1
-RDMGJtXQ8+APtMlY7LoLq0soKjkNkY5KDgGBqbZ8dLcYCKYfl4RoCWGeKNYKjbdudRmuix
-GP/Iy8L+8qLZd7rSDA6q48zv82nNbPUCtSgRLiG9/CDTQx1ICwO61rdjQLqvwycJ7//885
-eXUyaiDA7DD8p/Q/y3L23iLI/t8VEe7sCeFcoFPmJxKURNoCg119GObjEYNDokpv9QOC2G
-/uGE672Yvr9YFLe1RPwWpMgQr05tVu05HiPvRlX+hORf+Q80PQaxyCnSGkGh9FHq2Cph3F
-nOlujutMPe0E9do0qGavzo7yw4g4L5fUUxgUoWLZPfE0dt7Dy1IP+kltIUqGu6a2StNq8U
-rYEYAjVHzaKoU+95oZLimCj0n61LyCNXVg+gcIb+FIq6B4WQhRNJ0ltK7k5TKvCcnClWzj
-DDVeZYF7XOPX9S38MGt9vfWZEF+ZnUrGdl4Py5khdfH99mlSDwt42flFQf2usHNR3ZaaHU
-meM/WUb803e5fUpdeWXtOx9b+YmRujD4g0N49/OISwkC0MIfhdG2FDsuvpLiZit7
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDhoKqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTqa7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXkjxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFRXsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEeP+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11GwlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQ="
-        set source built-in
-    next
-    edit "g-Fortinet_SSH_ECDSA256"
-        set password ENC hvMEIsRL/yFwQXpeYJuBtx5+FFd2V1gtbK1MQ2NckqXMWtjMmgDF7KZA6BFNetSOLZoVFVRA9ub9W+eVy9RbCFt2DCDVjlRdJa5bDQHZ66gSOpZOIHJa3dfQhKAjo27QrthE74I3pywR9zdvcC7Rf8DKESGV66GWx7RwbyCYdzh8lbrEXDiAHKF3FBGq6A7EcQqrfw==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCYj0k4bh
-mxNdVne/WYI48/AAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
-dHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvK
-y7MHqF8ARHi1glc6RSoarryTUQuCIAAACgQHrpN3sAxVooYsKXIb5xGNvvwxUtTIIAisaQ
-ftEDAx3nTj7+NLlPATgMRDy12pescKquy79fyCFgENFUP+K2pfPsb2IE/RdTcmBsL0646h
-hL2sHeuvZ/mhIMti3oLfj91bBs7TBB2MRvHRYvcZD6rdAkumBmyrSPUO4JwqSPkI68kBVo
-C9C5gBWgfhqKs6DGgceAFVxbb9+RWrpH9YCpIA==
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvKy7MHqF8ARHi1glc6RSoarryTUQuCI="
-        set source built-in
-    next
-    edit "g-Fortinet_SSH_ECDSA384"
-        set password ENC HwsQAyG3QQvdxnQP2uMyV6o+zE6cZPLvVEb04n+ZLiP9gBu632dEz0bsEONpod2Amhxr9Awij0Y3njfoiCSa2N3LTfUHf7Ewjrp9yWR4a1Jc1+NrD2exogpzljfVotd9Rewi7ffxSPYA5ZuU+pf+TrcjW3tk+vIKMI+XAICkoW5MnHsxa36Nh47WuWbDlckTJKASMA==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBN9BRJMR
-77/5pUXIX3azbHAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
-dHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMj
-U5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXx
-dgAAANChlajlzxrBilfuFt0NeQjCmvICKuDRnd+bDSBxAVZcAnFPKPN/ZOUsHIFry+62R4
-xmcknYeWtA09QFKdSbyeOUyqI4CmeqxufXPlPk8N2Mjg/Rub53WkREGx7nv335EUtKyIIE
-qc7vNaHvrM8CbUwCD53Tmrv126aSxuuDEBhth1CkIT8LZEcTEYRSHAZEojS8TB4UhHLRfm
-Rn+DmbJga0IDnPc/ZgNHGTqYx2toV2Fy/DCJ2en2FejJU89J9ZFrGUfz117vVweEVGLCBr
-4j10
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMjU5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXxdg=="
-        set source built-in
-    next
-    edit "g-Fortinet_SSH_ECDSA521"
-        set password ENC V075QQRx499zyfx6G73smnU+TiVFjwnwfuBfI2b6xLrOp6TAd9qt4GPIKkNdtiAslTeZ3Xc4627XjzNzw1dAwx0j7Nk/hVoSPCboe7CewxHCw4gV8MufWuWsoocDfOjVs7Pk5RiAl9RscPNg33bK4ST3ngT5yznSDldq6ulcEeZMQGKoZBzulaufkyMVEIe6o38y3Q==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBTZME+kF
-3Bzq+XqVo08S4FAAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
-dHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdF
-t5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+K
-HPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RAAAAQC/5NwC8S8n04Bskl
-P/Wnde2xZxoWXlBYuV8iJ8OmT7RRVEi3NhVGbIJMqlXfTVi67DgfbtMpVNVhO3UMwPAoC4
-8zcMmJ/1aA58Y+5H8DuYRMfAnuky6vWJFBA4DXgx/vmrn8UK1E2xgW8dgaEEDlLQPittQc
-hlwRhgSZrJoRtQPn8OA5ZNePcblOq1WH6PanQP7Bj2SubMTTZ0Mo+gy7y11wDAMd0MYN6Q
-d2biFs9XCB9xGNGQIrgOEUQoFJ8AyrbQzZt3Tr7tthp0GDyWoCNICjY/vKS9Av/xMMHaq9
-cjEJOwfxqaJfVrEn2/6DS1t2SyTD9C8imQOI2xz/fdVCaO
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdFt5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+KHPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RA=="
-        set source built-in
-    next
-    edit "g-Fortinet_SSH_ED25519"
-        set password ENC W28Up61fyN5pyvC3j4A0Pyc1KGOBRyZtZhEoopvJikTd1496wj6jAPs012beQOlooE40aqD+LZp+JXqNzO2HV3iczAAcix70fUL8qunwmlVXY26cLA2CGXFkzdrBn/EMhsokgQy1+ouLRFDQsn761p9m69QCuEpdYhnb7zmoNWG4LIVw7fgcxDdZhovWy66j1rGnvQ==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAedjCOkt
-+sFbLzTS4y12TbAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd
-3JUEAvHnugjOGiXz5Puxg/8YfanOAAAAkCa1NSX8hj+j3jVwv2A2AU/gLRKzX4h+Gwxyxz
-JeBT+OyHbzc8MDCIh8a3tf0fJiQ6VJdj3JjhBrp1OWfy2GHkfpMInRlGGz0Hu4XMU702a0
-MgwELDyqSpEdZupNMH44pIjkI0iY/ipgwuNDOTIenADwbqdkC2oX9XA3jIutAB++JU4rvR
-NwgjPHD1irGOM7Gg==
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd3JUEAvHnugjOGiXz5Puxg/8YfanO"
-        set source built-in
-    next
-    edit "g-Fortinet_SSH_RSA2048"
-        set password ENC eDnJxT8KcoDDJfhg8tXLQAIuo4chMo+HvyDVopCPKCAiEu+mkYbaV77Va+tekSA5HY40DyQ3glohiRXl5h9Ifz1EtXNdhx+0DFPUtcwfr1voh6cRqmPWu+yGkxVJXAK3biVV53bsu4R2hZpctLzZeG6Lo04aiGGWiUz2nUi383BY6bIOE+BKVhelPadYwbaywg74oA==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABA1mO561N
-c7CpF0rN+BdOBQAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhh
-Q5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7
-A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GK
-hFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvC
-HA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8z
-OSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0vAAADwMcyMNKCNYzFHF
-tA305t53D83ogXcTrwO8f3ScWdcLBap5o0aqwfOrswdChdOytbHMx3lmpnLZvFt2JbcqT0
-jDm+ZSb5NwFCW2h5MJlnLolIx85H0ab7XO+JhK1c/J3U0K/m0Y6q3uXObJsAInPNAJDjqL
-VUxgIU438n7dB/NkWQWNjVaddEO/tK9UzzUd5a5JuG2lsukXLGFRC0XIJ94Q9BFuiziNmX
-QUZ7LRqm59ZcsixGSQ1YApEvTZFf+Yd/umWIh9bbHeCAZOWZukDy47VLy2uVd3H+HLOSno
-ZBpX7xa3c6mjI/oHgz7lQAybNzbPoJiBKq5VlTBhR9kTdB3JnnzKegLNwRtsdtEim/O4xJ
-QPxfwGSzE57M9OgPGZMOuFu8Fh07tV06dUnfe9mGDLiQ3HWCZoRW5tuCE0fsieAseqqEiS
-Vy13DPGtkSSLUKmBpJQvR6yK79GtMyIxZEmC43xHmCghHTebSnK45ikagYh0BsK01Q1rx1
-syqY2Ul3bwCSCTuK2sjqnmgGEIIUI8Yikj0kDLSVJukfxdjU/c4eOcqj8yuRbQyfzFmHsv
-debbeU1+oI08M0c5kKVTNeTWQ0iXuETJX1G3gu44xtkQLbCmF4K3byAPGnR2FIBG8tnPaJ
-JCjhZQmN1nohNXt5F7nSALJ3UVSpzD6fnKBQSfxbKN4EAggu0NpX3QyhoDvWx378MRukGn
-OkLi2Z7c/iZrS5w6Jt+kTJ7n6T5ciiaIvzgi7YjtS7ogwNQfodpXC/pd9KE/H7hgrtwclt
-bP9bkpWQKIh/Z4hl2B8hqHDk1wDhNRHRyT2rvuoipJLroyYAZKxS1qerGuArwmxv1YNeNm
-oq5Ibisn/CTLT6zVaKmdHD+qBGd46IlEobgLRd3bmKsBIf5hUfd+LcThhOT4OgjgK2jqAS
-zOLrNH/Ns+Ut+tz7DhzoRhoTzfitjKdjHl8libziHU4rbulbEuqhnxlGrb9G6xKeFOG1Ha
-JUkWoRzX5/tljM2GZRQciN6BF/L9kDboLnR6V2sOS6r/BlnlUMmKhxC81CTzejn4I+XSYk
-Y5dBb9PhA2dJuhkgZEj4vGDkXdnL0fSI9qccHAKkAjd4ECFMRtqjnkdLtUODi6EZiZYDJI
-zcVK0VdeqiSP2M+vx2WwLKdwVBdhHXyrxv5JGwKaYkmaYwFCJ6DRttHlaTID4HgjVWJCVR
-O9UaKreP6Uz9G/L0J54iEclbiKHkC38/IMhi9XhslLzD39f42oKLedWYTJiVgsr3klwtMk
-GvWZyLtg==
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhhQ5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GKhFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvCHA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8zOSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0v"
-        set source built-in
-    next
-end
-config firewall ssh local-ca
-    edit "g-Fortinet_SSH_CA"
-        set password ENC EN/V+AHqmcZwiNqyI95FupIMjIEX7qGcnxnxKzZQAtmywN99HAjFnEZfV9W6jErqIB55tMRdT6T0G3A0BBfxCrBRoFf2ytV4xavecTMU65vjBgRLNHDFBXtM9fh25LZ1EPfEKvKgrfjKk9dXYT7YMArPETzqa6IAZww9/07aVG0BVGPiBqwUsMdSEcvWjJsoa81lYg==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBf8C4hJd
-+M6AVhFqreO879AAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAAC
-NC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+U
-ZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGP
-E/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7A
-TB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIa
-Mk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9AAADwNT2HECamLA8UM
-fFNSAnPj7lq5k64lxdOyGKKbIDDF/wS2H8g2ZlCuJwGpgHoVeFPiqQhJMjBSfwWDS8oOZA
-po7PyvszP6XAbnIpBHUMDNdUr1Clso9ra9d2oP43fjhzRSHBD0j/x1nJRvse/cP5XuCa4Z
-pGFpgVsz7q+XNEXou8YpAndqUebw/wm3MNzS2AE5YYFQofhSKBxyNSYrsPdaoasmwbnGuv
-XW9vPFnDxNNJ0IkEUeXAWZaE2sBYP3qD4C97curFpYuAPYH5FnvvMLuUtyRFzYMv3WKi8z
-Mw+01rU4yVtCVoAMYCfqjnisIyxgyQHLpLFfWkvIz6IgAQWVtBypJHxiiG2wcLHscWI0gQ
-uCMN/n5QkbBcskRpy52lFypQ2eosTLMzrwfqQF5PDoDz/2Jnf5qXK9hQsNA3fHn2KoyODY
-VmXb1G044Qq3/3ZsW7zkgWfyWJ1fgcIYiJg+wy/KQBkPlew/m5oheT8bs0aivJ8FW8gS1u
-8zq/lBhWxsSsCfD8/nD9ROanz8yArOa8WfF/BFLs1UqkB4oAuVa5dA9xVhIeBbeA6E8eRm
-ucu/a6+tmjaELkiwwscurSqEgELD+K5esR23MAe/Aw5BuzGHRdEDwa79PuqtgpMP7QEFND
-yL/Xe6E4TGMTV5hQYpj7e5dunhr60rd4kg+ZAgfRwDzOaU2ry7n2bSxY/Cauc/dogM0rbG
-SHCohMdMp0We53Y2J7ffmZzDySRIfgxRpjGN/Zv1QH1s3fbqwEG5R2leAlG0+bdN9jXn5F
-dcZ4TGrm8wluUwfrU+mXcoAzelwuphNfbzwp0rIEnxIZxd6puFV7Svlsg4STr1YvA98E7N
-2gDQhd3vYyIFPZG6CtAjzjP3e4KzEXghjgHXLYI31dS8HCVOKCC91tTc5Ojll76jmakIWT
-r9dhSvjkACc688ixxo40qtX79Y33a8lEh1YZqPZ+qF/RgwQS4Wpa8hyZS6xFN2kMtQc9Up
-gCurTRhfA9R5c/Mbgn097CYBOwu3nCfcjgBQ03xwmUJpB2pVKngd/dc/n37J2Z97Nl4Wu3
-Zs4ftOGyqXgmM61ddTYhF6ZZbpjBkdKFFEfl6XkBZDUiVaMsq7hIiCYUCGE/cvljzYuntt
-XEnf4fO8Ifr8sviwPE4gRaHHePPo9EtFAlSewYzeI3M1EkYPAzSf28ztk74FydHUGfqPkF
-RjGiTkUG4NozwGmSG3LGYleBc0CySr+j4Q/qiCEgRQpkihrWkO/j+ILiog9Trh5x/+c2X9
-V9G26szw==
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAACNC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+UZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGPE/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7ATB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIaMk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9"
-        set source built-in
-    next
-    edit "g-Fortinet_SSH_CA_Untrusted"
-        set password ENC fTnMJMWShzuXnAg0CJY52yjGehQI52Sdv2/OxnqY6bkLdfwybESjysakTk50T8uXaYPGSkLGcNH8QtkR7jxOIQRjmwXyDYgh6XBtm9egZrkjvRP/c6l3RSX4h27pe0nBvHzJtNPRMK5ZCSMyB81JBDH0KHXV8kugaTGlSdwYH5YYZdpVCIGbzFl8gPvx0UYEzis85w==
-        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBU2aLPen
-uU59+GRRZCZgSJAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9
-RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lE
-ZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eU
-iw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFG
-Xi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mv
-NVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZlAAADwEWDeIVUpNfN6N
-N9tfe7OnulqQ3OdP7T7M8A596uBvR4P1G7BAcPgC+xoTQP+W94crBOhoq49mlZJBJGnPwg
-+ufxwO8eg8NUAPyMAaS6M8yaTcFvopwbZnMo8Ioey1rX/1JD0W+RJwV7N8FM95waqsjDnB
-fLQy2F8KvzvycsQF4ATAVPbrkcaED3JxQEiHtlMZuIuCtB3Gq0xYJ6sz84NpW2aXlPFzuu
-80YhUVuD7oZESSRIzMZ35/Td1rXeP/JOgFkrL0NSb7RgaHDqFKE4LHC+o+NgskxRPumlhb
-H160LskSooMIVZCKGTii/c1Ipo2YVrAeaUrxgRSGQPeHJ4pivs8/bYP9fd1AHQ64UTX56x
-P60fOA9lhwQtnlox+7J6H1biMMrwboqpI/19y+Qmfd35jbIUTwzxbEeqw55Vxcn29FGU1S
-CtkHwyGB38OFFlawdb05PMT3X5KKXmss8ge4xAoRXooNbVAy6p9R0jrSyU1CKvnYoXPyjd
-nEa6FBZTJNo9ygt0TnlNYEpdaCmiknxMxxnHN3oVLpSLeEHjEqFIXwr+322OqN1Wt90pD0
-QV/5UxiT+bX55IYcz0F9Y05kw60Okc/Gy6NGPyOjuLpHGgVWI+WDueR5sBFP3nQmUjvCi6
-jzzTNgSQV9ED9klycj4NCqNZvbqHAE3PKp5hRkUZ4GB8aGb2NzuUs3cx+JDgLxIW5QC6v6
-kfgc1FAYaVH2cm+FHX+pt+uSqB38RE10lnfnR1oG3ldegelN4lJYkibIafYynDrzv1Xi8j
-Oqd4z/ds41KcGll9gsWclP7MmhL2s6w/cOOwRvZRDNknK1uA111B+yPdsuA78N0ACYulAX
-HT1aiEnwFjfaZauBSPtJex0TbjAQWZ5b6+0XAjkfru+ptV9GfMEsQpfHBIge4JmkcXCFoE
-czjAqskJ9YddKe2FfJGxc1jMCkmA+h/2oR8OyMUSGXxTwKLPabeUFwBuPKH56PqAjIPoKW
-4h+EPfOx3pPY92rDvZ/ETBNf+o/vvxkOPmh3TSRoo2knQvNuWiQ7OPGXrXa0PeZ1UvDRuU
-PMTkbpooKletk49Jw8WOzUqIRd8yF8g2i8tzZ2Xlr8RnOLRBsOzXagjBGyk56kAMhaOOrm
-n+MTbxpM61zYilvCOBeSIvzWp4DjjqXfuFcEpzEHDTZ9Yvz474s1qinmgEibtYSoY61d9d
-QxAI2xneFlb207A+/PTuFaDoCE9g/CD17Rc+WoCP0eU8p/yaLpWIq0JQyEXK48vKCJcVvM
-gs3wZo+Q==
------END OPENSSH PRIVATE KEY-----
-"
-        set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lEZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eUiw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFGXi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mvNVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZl"
-        set source built-in
-    next
-end
-config firewall ssh setting
-    set caname "g-Fortinet_SSH_CA"
-    set untrusted-caname "g-Fortinet_SSH_CA_Untrusted"
-    set hostkey-rsa2048 "g-Fortinet_SSH_RSA2048"
-    set hostkey-dsa1024 "g-Fortinet_SSH_DSA1024"
-    set hostkey-ecdsa256 "g-Fortinet_SSH_ECDSA256"
-    set hostkey-ecdsa384 "g-Fortinet_SSH_ECDSA384"
-    set hostkey-ecdsa521 "g-Fortinet_SSH_ECDSA521"
-    set hostkey-ed25519 "g-Fortinet_SSH_ED25519"
-    set host-trusted-checking enable
-end
-config firewall ssh host-key
-end
-config firewall decrypted-traffic-mirror
-end
-config firewall access-proxy-virtual-host
-end
-config firewall access-proxy-ssh-client-cert
-end
-config firewall access-proxy
-end
-config firewall access-proxy6
-end
-config firewall ipmacbinding setting
-    set bindthroughfw disable
-    set bindtofw disable
-end
-config firewall ipmacbinding table
-end
-config firewall profile-protocol-options
-    edit "default"
-        set comment "All default services."
-        set replacemsg-group ''
-        set oversize-log disable
-        set switching-protocols-log disable
-        config http
-            set ports 80
-            set status enable
-            set inspect-all disable
-            set proxy-after-tcp-handshake disable
-            unset options
-            set comfort-interval 10
-            set comfort-amount 1
-            set range-block disable
-            set strip-x-forwarded-for disable
-            unset post-lang
-            set streaming-content-bypass enable
-            set switching-protocols bypass
-            set unknown-http-version reject
-            set tunnel-non-http enable
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set stream-based-uncompressed-limit 0
-            set scan-bzip2 enable
-            set block-page-status-code 403
-            set retry-count 0
-            set tcp-window-type auto-tuning
-            set ssl-offloaded no
-            set address-ip-rating enable
-        end
-        config ftp
-            set ports 21
-            set status enable
-            set inspect-all disable
-            set options splice
-            set comfort-interval 10
-            set comfort-amount 1
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set stream-based-uncompressed-limit 0
-            set scan-bzip2 enable
-            set tcp-window-type auto-tuning
-            set ssl-offloaded no
-            set explicit-ftp-tls disable
-        end
-        config imap
-            set ports 143
-            set status enable
-            set inspect-all disable
-            set proxy-after-tcp-handshake disable
-            set options fragmail
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set scan-bzip2 enable
-            set ssl-offloaded no
-        end
-        config mapi
-            set ports 135
-            set status enable
-            set options fragmail
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set scan-bzip2 enable
-        end
-        config pop3
-            set ports 110
-            set status enable
-            set inspect-all disable
-            set proxy-after-tcp-handshake disable
-            set options fragmail
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set scan-bzip2 enable
-            set ssl-offloaded no
-        end
-        config smtp
-            set ports 25
-            set status enable
-            set inspect-all disable
-            set proxy-after-tcp-handshake disable
-            set options fragmail splice
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set scan-bzip2 enable
-            set server-busy disable
-            set ssl-offloaded no
-        end
-        config nntp
-            set ports 119
-            set status enable
-            set inspect-all disable
-            set proxy-after-tcp-handshake disable
-            set options splice
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set scan-bzip2 enable
-        end
-        config ssh
-            unset options
-            set comfort-interval 10
-            set comfort-amount 1
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set stream-based-uncompressed-limit 0
-            set scan-bzip2 enable
-            set tcp-window-type auto-tuning
-            set ssl-offloaded no
-        end
-        config dns
-            set ports 53
-            set status enable
-        end
-        config cifs
-            set ports 445
-            set status enable
-            unset options
-            set oversize-limit 10
-            set uncompressed-oversize-limit 10
-            set uncompressed-nest-limit 12
-            set scan-bzip2 enable
-            set tcp-window-type auto-tuning
-            set server-credential-type none
-        end
-        config mail-signature
-            set status disable
-            set signature ''
-        end
-        set rpc-over-http disable
-    next
-end
-config firewall ssl-ssh-profile
-    edit "certificate-inspection"
-        set comment "Read-only SSL handshake inspection profile."
-        config ssl
-            set inspect-all disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set min-allowed-ssl-version tls-1.1
-        end
-        config https
-            set ports 443
-            set status certificate-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set sni-server-cert-check enable
-            set cert-probe-failure block
-            set min-allowed-ssl-version tls-1.1
-        end
-        config ftps
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set min-allowed-ssl-version tls-1.1
-        end
-        config imaps
-            set status disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config pop3s
-            set status disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config smtps
-            set status disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config ssh
-            set ports 22
-            set status disable
-            set inspect-all disable
-            set unsupported-version bypass
-            set ssh-tun-policy-check disable
-            set ssh-algorithm compatible
-        end
-        config dot
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        set block-blocklisted-certificates enable
-        set caname "Fortinet_CA_SSL"
-        set ssl-anomaly-log enable
-        set ssl-negotiation-log disable
-        set ssl-server-cert-log disable
-        set ssl-handshake-log disable
-    next
-    edit "deep-inspection"
-        set comment "Read-only deep inspection profile."
-        config ssl
-            set inspect-all disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set min-allowed-ssl-version tls-1.1
-        end
-        config https
-            set ports 443
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set sni-server-cert-check enable
-            set min-allowed-ssl-version tls-1.1
-        end
-        config ftps
-            set ports 990
-            set status deep-inspection
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set min-allowed-ssl-version tls-1.1
-        end
-        config imaps
-            set ports 993
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config pop3s
-            set ports 995
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config smtps
-            set ports 465
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config ssh
-            set ports 22
-            set status disable
-            set inspect-all disable
-            set unsupported-version bypass
-            set ssh-tun-policy-check disable
-            set ssh-algorithm compatible
-        end
-        config dot
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        set allowlist disable
-        set block-blocklisted-certificates enable
-        config ssl-exempt
-            edit 1
-                set type fortiguard-category
-                set fortiguard-category 31
-            next
-            edit 2
-                set type fortiguard-category
-                set fortiguard-category 33
-            next
-            edit 3
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-adobe"
-            next
-            edit 4
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Adobe Login"
-            next
-            edit 5
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-android"
-            next
-            edit 6
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-apple"
-            next
-            edit 7
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-appstore"
-            next
-            edit 8
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-auth.gfx.ms"
-            next
-            edit 9
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-citrix"
-            next
-            edit 10
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-dropbox.com"
-            next
-            edit 11
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-eease"
-            next
-            edit 12
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-firefox update server"
-            next
-            edit 13
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-fortinet"
-            next
-            edit 14
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-googleapis.com"
-            next
-            edit 15
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-drive"
-            next
-            edit 16
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play2"
-            next
-            edit 17
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play3"
-            next
-            edit 18
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Gotomeeting"
-            next
-            edit 19
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-icloud"
-            next
-            edit 20
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-itunes"
-            next
-            edit 21
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-microsoft"
-            next
-            edit 22
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-skype"
-            next
-            edit 23
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-softwareupdate.vmware.com"
-            next
-            edit 24
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-verisign"
-            next
-            edit 25
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Windows update 2"
-            next
-            edit 26
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-live.com"
-            next
-            edit 27
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play"
-            next
-            edit 28
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-update.microsoft.com"
-            next
-            edit 29
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-swscan.apple.com"
-            next
-            edit 30
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-autoupdate.opera.com"
-            next
-            edit 31
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-cdn-apple"
-            next
-            edit 32
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-mzstatic-apple"
-            next
-        end
-        set server-cert-mode re-sign
-        set caname "Fortinet_CA_SSL"
-        set untrusted-caname "Fortinet_CA_Untrusted"
-        set ssl-exemption-ip-rating enable
-        set ssl-exemption-log disable
-        set ssl-anomaly-log enable
-        set ssl-negotiation-log disable
-        set ssl-server-cert-log disable
-        set ssl-handshake-log disable
-        set rpc-over-https disable
-        set mapi-over-https disable
-        set supported-alpn all
-        set use-ssl-server disable
-    next
-    edit "custom-deep-inspection"
-        set comment "Customizable deep inspection profile."
-        config ssl
-            set inspect-all disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set min-allowed-ssl-version tls-1.1
-        end
-        config https
-            set ports 443
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set sni-server-cert-check enable
-            set min-allowed-ssl-version tls-1.1
-        end
-        config ftps
-            set ports 990
-            set status deep-inspection
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set min-allowed-ssl-version tls-1.1
-        end
-        config imaps
-            set ports 993
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config pop3s
-            set ports 995
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config smtps
-            set ports 465
-            set status deep-inspection
-            set proxy-after-tcp-handshake disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config ssh
-            set ports 22
-            set status disable
-            set inspect-all disable
-            set unsupported-version bypass
-            set ssh-tun-policy-check disable
-            set ssh-algorithm compatible
-        end
-        config dot
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        set allowlist disable
-        set block-blocklisted-certificates enable
-        config ssl-exempt
-            edit 1
-                set type fortiguard-category
-                set fortiguard-category 31
-            next
-            edit 2
-                set type fortiguard-category
-                set fortiguard-category 33
-            next
-            edit 3
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-adobe"
-            next
-            edit 4
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Adobe Login"
-            next
-            edit 5
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-android"
-            next
-            edit 6
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-apple"
-            next
-            edit 7
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-appstore"
-            next
-            edit 8
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-auth.gfx.ms"
-            next
-            edit 9
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-citrix"
-            next
-            edit 10
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-dropbox.com"
-            next
-            edit 11
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-eease"
-            next
-            edit 12
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-firefox update server"
-            next
-            edit 13
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-fortinet"
-            next
-            edit 14
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-googleapis.com"
-            next
-            edit 15
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-drive"
-            next
-            edit 16
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play2"
-            next
-            edit 17
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play3"
-            next
-            edit 18
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Gotomeeting"
-            next
-            edit 19
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-icloud"
-            next
-            edit 20
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-itunes"
-            next
-            edit 21
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-microsoft"
-            next
-            edit 22
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-skype"
-            next
-            edit 23
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-softwareupdate.vmware.com"
-            next
-            edit 24
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-verisign"
-            next
-            edit 25
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-Windows update 2"
-            next
-            edit 26
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-live.com"
-            next
-            edit 27
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-google-play"
-            next
-            edit 28
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-update.microsoft.com"
-            next
-            edit 29
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-swscan.apple.com"
-            next
-            edit 30
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-autoupdate.opera.com"
-            next
-            edit 31
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-cdn-apple"
-            next
-            edit 32
-                set type wildcard-fqdn
-                set wildcard-fqdn "g-mzstatic-apple"
-            next
-        end
-        set server-cert-mode re-sign
-        set caname "Fortinet_CA_SSL"
-        set untrusted-caname "Fortinet_CA_Untrusted"
-        set ssl-exemption-ip-rating enable
-        set ssl-exemption-log disable
-        set ssl-anomaly-log enable
-        set ssl-negotiation-log disable
-        set ssl-server-cert-log disable
-        set ssl-handshake-log disable
-        set rpc-over-https disable
-        set mapi-over-https disable
-        set supported-alpn all
-        set use-ssl-server disable
-    next
-    edit "no-inspection"
-        set comment "Read-only profile that does no inspection."
-        config ssl
-            set inspect-all disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set min-allowed-ssl-version tls-1.1
-        end
-        config https
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set sni-server-cert-check enable
-            set min-allowed-ssl-version tls-1.1
-        end
-        config ftps
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-            set min-allowed-ssl-version tls-1.1
-        end
-        config imaps
-            set status disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config pop3s
-            set status disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config smtps
-            set status disable
-            set client-certificate inspect
-            set unsupported-ssl-version allow
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        config ssh
-            set ports 22
-            set status disable
-            set inspect-all disable
-            set unsupported-version bypass
-            set ssh-tun-policy-check disable
-            set ssh-algorithm compatible
-        end
-        config dot
-            set status disable
-            set client-certificate bypass
-            set unsupported-ssl-version block
-            set unsupported-ssl-cipher allow
-            set unsupported-ssl-negotiation allow
-            set expired-server-cert block
-            set revoked-server-cert block
-            set untrusted-server-cert allow
-            set cert-validation-timeout allow
-            set cert-validation-failure block
-        end
-        set block-blocklisted-certificates enable
-        set caname "Fortinet_CA_SSL"
-        set ssl-anomaly-log enable
-        set ssl-negotiation-log disable
-        set ssl-server-cert-log disable
-        set ssl-handshake-log disable
-    next
-end
-config waf profile
-    edit "default"
-        set external disable
-        set extended-log disable
-        config signature
-            config main-class 100000000
-                set status disable
-                set action block
-                set log enable
-                set severity high
-            end
-            config main-class 20000000
-                set status disable
-                set action allow
-                set log enable
-                set severity medium
-            end
-            config main-class 30000000
-                set status enable
-                set action block
-                set log enable
-                set severity high
-            end
-            config main-class 40000000
-                set status disable
-                set action allow
-                set log enable
-                set severity medium
-            end
-            config main-class 50000000
-                set status enable
-                set action block
-                set log enable
-                set severity high
-            end
-            config main-class 60000000
-                set status disable
-                set action allow
-                set log enable
-                set severity medium
-            end
-            config main-class 70000000
-                set status enable
-                set action block
-                set log enable
-                set severity high
-            end
-            config main-class 80000000
-                set status enable
-                set action allow
-                set log enable
-                set severity low
-            end
-            config main-class 110000000
-                set status enable
-                set action allow
-                set log enable
-                set severity high
-            end
-            config main-class 90000000
-                set status enable
-                set action block
-                set log enable
-                set severity high
-            end
-            set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002
-            set credit-card-detection-threshold 3
-        end
-        config constraint
-            config header-length
-                set status enable
-                set length 8192
-                set action allow
-                set log enable
-                set severity low
-            end
-            config content-length
-                set status enable
-                set length 67108864
-                set action allow
-                set log enable
-                set severity low
-            end
-            config param-length
-                set status enable
-                set length 8192
-                set action allow
-                set log enable
-                set severity low
-            end
-            config line-length
-                set status enable
-                set length 1024
-                set action allow
-                set log enable
-                set severity low
-            end
-            config url-param-length
-                set status enable
-                set length 8192
-                set action allow
-                set log enable
-                set severity low
-            end
-            config version
-                set status disable
-                set action allow
-                set log enable
-                set severity medium
-            end
-            config method
-                set status disable
-                set action block
-                set log enable
-                set severity medium
-            end
-            config hostname
-                set status disable
-                set action block
-                set log enable
-                set severity medium
-            end
-            config malformed
-                set status disable
-                set action allow
-                set log enable
-                set severity medium
-            end
-            config max-cookie
-                set status enable
-                set max-cookie 16
-                set action allow
-                set log enable
-                set severity low
-            end
-            config max-header-line
-                set status enable
-                set max-header-line 32
-                set action allow
-                set log enable
-                set severity low
-            end
-            config max-url-param
-                set status enable
-                set max-url-param 16
-                set action allow
-                set log enable
-                set severity low
-            end
-            config max-range-segment
-                set status enable
-                set max-range-segment 5
-                set action allow
-                set log enable
-                set severity high
-            end
-        end
-        config method
-            set status disable
-            set log disable
-            set severity medium
-            unset default-allowed-methods
-        end
-        config address-list
-            set status disable
-            set blocked-log disable
-            set severity medium
-        end
-        set comment ''
-    next
-end
-config firewall profile-group
-end
-config firewall ssl-server
-end
-config firewall identity-based-route
-end
-config firewall auth-portal
-    set portal-addr ''
-    set portal-addr6 ''
-    set identity-based-route ''
-end
-config firewall policy
-    edit 3
-        set status enable
-        set name "Block_Countries_In"
-        set uuid d7dbce76-9fbf-51ec-ab77-fee1db8aeb26
-        set srcintf "Outside_Zone"
-        set dstintf "Inside_Zone"
-        set action deny
-        set ztna-status disable
-        set srcaddr "Geo_Block_Group"
-        set dstaddr "all"
-        set internet-service disable
-        set internet-service-src disable
-        unset reputation-minimum
-        set rtp-nat disable
-        set schedule "always"
-        set schedule-timeout disable
-        set service "ALL"
-        set tos-mask 0x00
-        set anti-replay enable
-        set geoip-anycast disable
-        set geoip-match physical-location
-        set logtraffic disable
-        set logtraffic-start disable
-        set np-acceleration enable
-        set session-ttl 0
-        set vlan-cos-fwd 255
-        set vlan-cos-rev 255
-        set fec disable
-        set wccp disable
-        set natip 0.0.0.0 0.0.0.0
-        set match-vip enable
-        set tcp-mss-sender 0
-        set tcp-mss-receiver 0
-        set comments ''
-        set block-notification disable
-        set replacemsg-override-group ''
-        set srcaddr-negate disable
-        set dstaddr-negate disable
-        set service-negate disable
-        set captive-portal-exempt disable
-        set dsri disable
-        set radius-mac-auth-bypass disable
-        set delay-tcp-npu-session disable
-        unset vlan-filter
-        set send-deny-packet disable
-    next
-    edit 4
-        set status enable
-        set name "Block_Countries_Out"
-        set uuid f8b4eb14-9fbf-51ec-ed6e-96e27dc1b1c9
-        set srcintf "Inside_Zone"
-        set dstintf "Outside_Zone"
-        set action deny
-        set ztna-status disable
-        set srcaddr "all"
-        set dstaddr "Geo_Block_Group"
-        set internet-service disable
-        set internet-service-src disable
-        unset reputation-minimum
-        set rtp-nat disable
-        set schedule "always"
-        set schedule-timeout disable
-        set service "ALL"
-        set tos-mask 0x00
-        set anti-replay enable
-        set geoip-anycast disable
-        set geoip-match physical-location
-        set logtraffic disable
-        set logtraffic-start disable
-        set np-acceleration enable
-        set session-ttl 0
-        set vlan-cos-fwd 255
-        set vlan-cos-rev 255
-        set fec disable
-        set wccp disable
-        set natip 0.0.0.0 0.0.0.0
-        set match-vip enable
-        set tcp-mss-sender 0
-        set tcp-mss-receiver 0
-        set comments ''
-        set block-notification disable
-        set replacemsg-override-group ''
-        set srcaddr-negate disable
-        set dstaddr-negate disable
-        set service-negate disable
-        set captive-portal-exempt disable
-        set dsri disable
-        set radius-mac-auth-bypass disable
-        set delay-tcp-npu-session disable
-        unset vlan-filter
-        set send-deny-packet disable
-    next
-    edit 2
-        set status enable
-        set name "Webosphere"
-        set uuid 0d8e5202-9fbe-51ec-0286-714f8e196589
-        set srcintf "Outside_Zone"
-        set dstintf "Inside_Zone"
-        set action accept
-        set nat64 disable
-        set nat46 disable
-        set ztna-status disable
-        set srcaddr "all"
-        set dstaddr "VIP_Webosphere"
-        set internet-service disable
-        set internet-service-src disable
-        unset reputation-minimum
-        set rtp-nat disable
-        set schedule "always"
-        set schedule-timeout disable
-        set service "HTTP" "HTTPS"
-        set tos-mask 0x00
-        set anti-replay enable
-        set dynamic-shaping disable
-        set passive-wan-health-measurement disable
-        set utm-status enable
-        set inspection-mode flow
-        set profile-type single
-        set profile-protocol-options "default"
-        set ssl-ssh-profile "certificate-inspection"
-        set av-profile ''
-        set webfilter-profile ''
-        set dnsfilter-profile ''
-        set emailfilter-profile ''
-        set dlp-sensor ''
-        set file-filter-profile ''
-        set ips-sensor "IPS_Test"
-        set application-list ''
-        set voip-profile ''
-        set sctp-filter-profile ''
-        set logtraffic utm
-        set logtraffic-start disable
-        set capture-packet disable
-        set auto-asic-offload enable
-        set np-acceleration enable
-        set nat disable
-        set session-ttl 0
-        set vlan-cos-fwd 255
-        set vlan-cos-rev 255
-        set fec disable
-        set wccp disable
-        set disclaimer disable
-        set email-collect disable
-        set natip 0.0.0.0 0.0.0.0
-        set diffserv-forward disable
-        set diffserv-reverse disable
-        set tcp-mss-sender 0
-        set tcp-mss-receiver 0
-        set comments ''
-        set block-notification disable
-        set replacemsg-override-group ''
-        set srcaddr-negate disable
-        set dstaddr-negate disable
-        set service-negate disable
-        set timeout-send-rst disable
-        set captive-portal-exempt disable
-        set dsri disable
-        set radius-mac-auth-bypass disable
-        set delay-tcp-npu-session disable
-        unset vlan-filter
-        set traffic-shaper ''
-        set traffic-shaper-reverse ''
-        set per-ip-shaper ''
-    next
-    edit 1
-        set status enable
-        set name "Internet_Access"
-        set uuid bfdac172-9fbc-51ec-a83b-8104f6e36fd1
-        set srcintf "Inside_Zone"
-        set dstintf "Outside_Zone"
-        set action accept
-        set ztna-status disable
-        set srcaddr "IPv4-Private-All-RFC1918"
-        set dstaddr "all"
-        set internet-service disable
-        set internet-service-src disable
-        unset reputation-minimum
-        set rtp-nat disable
-        set schedule "always"
-        set schedule-timeout disable
-        set service "ALL"
-        set tos-mask 0x00
-        set anti-replay enable
-        set dynamic-shaping disable
-        set passive-wan-health-measurement disable
-        set utm-status enable
-        set inspection-mode flow
-        set profile-type single
-        set profile-protocol-options "default"
-        set ssl-ssh-profile "certificate-inspection"
-        set av-profile ''
-        set webfilter-profile ''
-        set dnsfilter-profile ''
-        set emailfilter-profile ''
-        set dlp-sensor ''
-        set file-filter-profile ''
-        set ips-sensor "g-default"
-        set application-list ''
-        set voip-profile ''
-        set sctp-filter-profile ''
-        set logtraffic utm
-        set logtraffic-start disable
-        set capture-packet disable
-        set auto-asic-offload enable
-        set np-acceleration enable
-        set nat enable
-        set permit-any-host disable
-        set permit-stun-host disable
-        set fixedport disable
-        set ippool enable
-        set poolname "Outside_Pool"
-        set session-ttl 0
-        set vlan-cos-fwd 255
-        set vlan-cos-rev 255
-        set fec disable
-        set wccp disable
-        set disclaimer disable
-        set email-collect disable
-        set natip 0.0.0.0 0.0.0.0
-        set diffserv-forward disable
-        set diffserv-reverse disable
-        set tcp-mss-sender 0
-        set tcp-mss-receiver 0
-        set comments ''
-        set block-notification disable
-        set replacemsg-override-group ''
-        set srcaddr-negate disable
-        set dstaddr-negate disable
-        set service-negate disable
-        set timeout-send-rst disable
-        set captive-portal-exempt disable
-        set dsri disable
-        set radius-mac-auth-bypass disable
-        set delay-tcp-npu-session disable
-        unset vlan-filter
-        set traffic-shaper ''
-        set traffic-shaper-reverse ''
-        set per-ip-shaper ''
-    next
-end
-config firewall traffic-class
-end
-config firewall shaping-policy
-end
-config firewall shaping-profile
-end
-config firewall local-in-policy
-end
-config firewall local-in-policy6
-end
-config firewall ttl-policy
-end
-config firewall proxy-policy
-end
-config firewall dnstranslation
-end
-config firewall multicast-policy
-end
-config firewall multicast-policy6
-end
-config firewall interface-policy
-end
-config firewall interface-policy6
-end
-config firewall DoS-policy
-end
-config firewall DoS-policy6
-end
-config firewall sniffer
-end
-config firewall acl
-end
-config firewall acl6
-end
-config firewall central-snat-map
-end
-config firewall ip-translation
-end
-config authentication scheme
-end
-config authentication rule
-end
-config authentication setting
-    set active-auth-scheme ''
-    set sso-auth-scheme ''
-    set captive-portal-type fqdn
-    set captive-portal ''
-    set captive-portal6 ''
-    set cert-auth disable
-    set captive-portal-port 7830
-    set auth-https enable
-    set captive-portal-ssl-port 7831
-end
-config system speed-test-schedule
-end
-config switch-controller switch-interface-tag
-end
-config switch-controller 802-1X-settings
-    set link-down-auth set-unauth
-    set reauth-period 60
-    set max-reauth-attempt 3
-    set tx-period 30
-end
-config switch-controller security-policy 802-1X
-    edit "802-1X-policy-default"
-        set security-mode 802.1X
-        set user-group "SSO_Guest_Users"
-        set mac-auth-bypass disable
-        set open-auth disable
-        set eap-passthru enable
-        set eap-auto-untagged-vlans enable
-        set guest-vlan disable
-        set guest-auth-delay 30
-        set auth-fail-vlan disable
-        set framevid-apply enable
-        set radius-timeout-overwrite disable
-        set policy-type 802.1X
-        set authserver-timeout-vlan disable
-    next
-end
-config switch-controller security-policy local-access
-    edit "default"
-        set mgmt-allowaccess https ping ssh
-        set internal-allowaccess https ping ssh
-    next
-end
-config switch-controller location
-end
-config switch-controller lldp-settings
-    set tx-hold 4
-    set tx-interval 30
-    set fast-start-interval 2
-    set management-interface internal
-    set device-detection enable
-end
-config switch-controller lldp-profile
-    edit "default"
-        set med-tlvs inventory-management network-policy location-identification
-        unset 802.1-tlvs
-        unset 802.3-tlvs
-        set auto-isl disable
-        config med-network-policy
-            edit "voice"
-                set status disable
-            next
-            edit "voice-signaling"
-                set status disable
-            next
-            edit "guest-voice"
-                set status disable
-            next
-            edit "guest-voice-signaling"
-                set status disable
-            next
-            edit "softphone-voice"
-                set status disable
-            next
-            edit "video-conferencing"
-                set status disable
-            next
-            edit "streaming-video"
-                set status disable
-            next
-            edit "video-signaling"
-                set status disable
-            next
-        end
-        config med-location-service
-            edit "coordinates"
-                set status disable
-            next
-            edit "address-civic"
-                set status disable
-            next
-            edit "elin-number"
-                set status disable
-            next
-        end
-    next
-    edit "default-auto-isl"
-        unset med-tlvs
-        unset 802.1-tlvs
-        unset 802.3-tlvs
-        set auto-isl enable
-        set auto-isl-hello-timer 3
-        set auto-isl-receive-timeout 60
-        set auto-isl-port-group 0
-        set auto-mclag-icl disable
-    next
-    edit "default-auto-mclag-icl"
-        unset med-tlvs
-        unset 802.1-tlvs
-        unset 802.3-tlvs
-        set auto-isl enable
-        set auto-isl-hello-timer 3
-        set auto-isl-receive-timeout 60
-        set auto-isl-port-group 0
-        set auto-mclag-icl enable
-    next
-end
-config switch-controller qos dot1p-map
-    edit "voice-dot1p"
-        set description ''
-        set egress-pri-tagging disable
-        set priority-0 queue-4
-        set priority-1 queue-4
-        set priority-2 queue-3
-        set priority-3 queue-2
-        set priority-4 queue-3
-        set priority-5 queue-1
-        set priority-6 queue-2
-        set priority-7 queue-2
-    next
-end
-config switch-controller qos ip-dscp-map
-    edit "voice-dscp"
-        set description ''
-        config map
-            edit "1"
-                set cos-queue 1
-                set value 46
-            next
-            edit "2"
-                set cos-queue 2
-                set value 24,26,48,56
-            next
-            edit "5"
-                set cos-queue 3
-                set value 34
-            next
-        end
-    next
-end
-config switch-controller qos queue-policy
-    edit "default"
-        set schedule round-robin
-        set rate-by kbps
-        config cos-queue
-            edit "queue-0"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-1"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-2"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-3"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-4"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-5"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-6"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-7"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-        end
-    next
-    edit "voice-egress"
-        set schedule weighted
-        set rate-by kbps
-        config cos-queue
-            edit "queue-0"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-1"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 0
-            next
-            edit "queue-2"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 6
-            next
-            edit "queue-3"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 37
-            next
-            edit "queue-4"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 12
-            next
-            edit "queue-5"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-6"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-            edit "queue-7"
-                set description ''
-                set min-rate 0
-                set max-rate 0
-                set drop-policy taildrop
-                set weight 1
-            next
-        end
-    next
-end
-config switch-controller qos qos-policy
-    edit "default"
-        set default-cos 0
-        set trust-dot1p-map ''
-        set trust-ip-dscp-map ''
-        set queue-policy "default"
-    next
-    edit "voice-qos"
-        set default-cos 0
-        set trust-dot1p-map "voice-dot1p"
-        set trust-ip-dscp-map "voice-dscp"
-        set queue-policy "voice-egress"
-    next
-end
-config switch-controller storm-control-policy
-    edit "default"
-        set description "default storm control on all port"
-        set storm-control-mode global
-    next
-    edit "auto-config"
-        set description "storm control policy for fortilink-isl-icl port"
-        set storm-control-mode disabled
-    next
-end
-config switch-controller auto-config policy
-    edit "default"
-        set qos-policy "default"
-        set storm-control-policy "auto-config"
-        set poe-status enable
-        set igmp-flood-report disable
-        set igmp-flood-traffic disable
-    next
-    edit "default-icl"
-        set qos-policy "default"
-        set storm-control-policy "auto-config"
-        set poe-status disable
-        set igmp-flood-report enable
-        set igmp-flood-traffic enable
-    next
-end
-config switch-controller auto-config default
-    set fgt-policy "default"
-    set isl-policy "default"
-    set icl-policy "default-icl"
-end
-config switch-controller auto-config custom
-end
-config switch-controller initial-config template
-    edit "_default"
-        set vlanid 1
-        unset allowaccess
-        set dhcp-server disable
-    next
-    edit "quarantine"
-        set vlanid 4093
-        unset allowaccess
-        set auto-ip enable
-        set dhcp-server enable
-    next
-    edit "rspan"
-        set vlanid 4092
-        unset allowaccess
-        set auto-ip enable
-        set dhcp-server enable
-    next
-    edit "voice"
-        set vlanid 4091
-        unset allowaccess
-        set dhcp-server disable
-    next
-    edit "video"
-        set vlanid 4090
-        unset allowaccess
-        set dhcp-server disable
-    next
-    edit "onboarding"
-        set vlanid 4089
-        unset allowaccess
-        set dhcp-server disable
-    next
-    edit "nac_segment"
-        set vlanid 4088
-        unset allowaccess
-        set auto-ip enable
-        set dhcp-server enable
-    next
-end
-config switch-controller initial-config vlans
-    set default-vlan "_default"
-    set quarantine "quarantine"
-    set rspan "rspan"
-    set voice "voice"
-    set video "video"
-    set nac "onboarding"
-    set nac-segment "nac_segment"
-end
-config switch-controller switch-profile
-    edit "default"
-        set login-passwd-override disable
-    next
-end
-config switch-controller custom-command
-end
-config switch-controller virtual-port-pool
-end
-config switch-controller ptp settings
-    set mode disable
-end
-config switch-controller ptp policy
-    edit "default"
-        set status enable
-    next
-end
-config switch-controller vlan-policy
-end
-config switch-controller dynamic-port-policy
-end
-config switch-controller managed-switch
-end
-config switch-controller switch-group
-end
-config switch-controller stp-settings
-    set name ''
-    set revision 0
-    set hello-time 2
-    set forward-time 15
-    set max-age 20
-    set max-hops 20
-end
-config switch-controller stp-instance
-end
-config switch-controller storm-control
-    set rate 500
-    set unknown-unicast disable
-    set unknown-multicast disable
-    set broadcast disable
-end
-config switch-controller global
-    set mac-aging-interval 300
-    set https-image-push enable
-    set vlan-optimization enable
-    set mac-retention-period 24
-    set default-virtual-switch-vlan ''
-    set dhcp-server-access-list disable
-    set log-mac-limit-violations disable
-    set sn-dns-resolution enable
-    set mac-event-logging disable
-    set bounce-quarantined-link disable
-    set quarantine-mode by-vlan
-    set update-user-device mac-cache lldp dhcp-snooping l2-db l3-db
-    set fips-enforce enable
-    set firmware-provision-on-authorization disable
-end
-config switch-controller switch-log
-    set status enable
-    set severity notification
-end
-config switch-controller igmp-snooping
-    set aging-time 300
-    set flood-unknown-multicast disable
-    set query-interval 125
-end
-config switch-controller sflow
-    set collector-ip 0.0.0.0
-    set collector-port 6343
-end
-config switch-controller network-monitor-settings
-    set network-monitoring disable
-end
-config switch-controller flow-tracking
-    set sample-mode perimeter
-    set sample-rate 512
-    set format netflow9
-    set collector-ip 0.0.0.0
-    set collector-port 0
-    set transport udp
-    set level ip
-    set max-export-pkt-size 512
-    set timeout-general 3600
-    set timeout-icmp 300
-    set timeout-max 604800
-    set timeout-tcp 3600
-    set timeout-tcp-fin 300
-    set timeout-tcp-rst 120
-    set timeout-udp 300
-end
-config switch-controller snmp-sysinfo
-    set status disable
-    set engine-id ''
-    set description ''
-    set contact-info ''
-    set location ''
-end
-config switch-controller snmp-trap-threshold
-    set trap-high-cpu-threshold 80
-    set trap-low-memory-threshold 80
-    set trap-log-full-threshold 90
-end
-config switch-controller snmp-community
-end
-config switch-controller snmp-user
-end
-config switch-controller traffic-sniffer
-    set mode erspan-auto
-    set erspan-ip 0.0.0.0
-end
-config switch-controller remote-log
-    edit "syslogd"
-        set status disable
-    next
-    edit "syslogd2"
-        set status disable
-    next
-end
-config switch-controller mac-policy
-end
-config wireless-controller setting
-    set account-id ''
-    set country US
-    set duplicate-ssid disable
-    set fapc-compatibility disable
-    set wfa-compatibility disable
-    set phishing-ssid-detect enable
-    set fake-ssid-action log
-    set device-weight 1
-    set device-holdoff 5
-    set device-idle 1440
-    set firmware-provision-on-authorization disable
-    set darrp-optimize 86400
-    set darrp-optimize-schedules "default-darrp-optimize"
-end
-config wireless-controller log
-    set status enable
-    set addrgrp-log notification
-    set ble-log notification
-    set clb-log notification
-    set dhcp-starv-log notification
-    set led-sched-log notification
-    set radio-event-log notification
-    set rogue-event-log notification
-    set sta-event-log notification
-    set sta-locate-log notification
-    set wids-log notification
-    set wtp-event-log notification
-end
-config wireless-controller apcfg-profile
-end
-config wireless-controller bonjour-profile
-end
-config wireless-controller arrp-profile
-    edit "arrp-default"
-        set comment ''
-        set selection-period 3600
-        set monitor-period 300
-        set weight-managed-ap 50
-        set weight-rogue-ap 10
-        set weight-noise-floor 40
-        set weight-channel-load 20
-        set weight-spectral-rssi 40
-        set weight-weather-channel 1000
-        set weight-dfs-channel 500
-        set threshold-ap 250
-        set threshold-noise-floor "-85"
-        set threshold-channel-load 60
-        set threshold-spectral-rssi "-65"
-        set threshold-tx-retries 300
-        set threshold-rx-errors 50
-        set include-weather-channel disable
-        set include-dfs-channel disable
-        set override-darrp-optimize disable
-    next
-end
-config wireless-controller region
-end
-config wireless-controller vap-group
-end
-config wireless-controller wids-profile
-    edit "default"
-        set comment "Default WIDS profile."
-        set sensor-mode disable
-        set ap-scan enable
-        set ap-bgscan-period 600
-        set ap-bgscan-intv 1
-        set ap-bgscan-duration 20
-        set ap-bgscan-idle 0
-        set ap-bgscan-report-intv 30
-        set ap-fgscan-report-intv 15
-        set ap-scan-passive disable
-        set ap-scan-threshold "-90"
-        set wireless-bridge enable
-        set deauth-broadcast enable
-        set null-ssid-probe-resp enable
-        set long-duration-attack enable
-        set long-duration-thresh 8200
-        set invalid-mac-oui enable
-        set weak-wep-iv enable
-        set auth-frame-flood enable
-        set auth-flood-time 10
-        set auth-flood-thresh 30
-        set assoc-frame-flood enable
-        set assoc-flood-time 10
-        set assoc-flood-thresh 30
-        set spoofed-deauth enable
-        set asleap-attack enable
-        set eapol-start-flood enable
-        set eapol-start-thresh 10
-        set eapol-start-intv 1
-        set eapol-logoff-flood enable
-        set eapol-logoff-thresh 10
-        set eapol-logoff-intv 1
-        set eapol-succ-flood enable
-        set eapol-succ-thresh 10
-        set eapol-succ-intv 1
-        set eapol-fail-flood enable
-        set eapol-fail-thresh 10
-        set eapol-fail-intv 1
-        set eapol-pre-succ-flood enable
-        set eapol-pre-succ-thresh 10
-        set eapol-pre-succ-intv 1
-        set eapol-pre-fail-flood enable
-        set eapol-pre-fail-thresh 10
-        set eapol-pre-fail-intv 1
-        set deauth-unknown-src-thresh 10
-    next
-    edit "default-wids-apscan-enabled"
-        set comment ''
-        set sensor-mode disable
-        set ap-scan enable
-        set ap-bgscan-period 600
-        set ap-bgscan-intv 1
-        set ap-bgscan-duration 20
-        set ap-bgscan-idle 0
-        set ap-bgscan-report-intv 30
-        set ap-fgscan-report-intv 15
-        set ap-scan-passive disable
-        set ap-scan-threshold "-90"
-        set wireless-bridge disable
-        set deauth-broadcast disable
-        set null-ssid-probe-resp disable
-        set long-duration-attack disable
-        set long-duration-thresh 8200
-        set invalid-mac-oui disable
-        set weak-wep-iv disable
-        set auth-frame-flood disable
-        set assoc-frame-flood disable
-        set spoofed-deauth disable
-        set asleap-attack disable
-        set eapol-start-flood disable
-        set eapol-logoff-flood disable
-        set eapol-succ-flood disable
-        set eapol-fail-flood disable
-        set eapol-pre-succ-flood disable
-        set eapol-pre-fail-flood disable
-        set deauth-unknown-src-thresh 10
-    next
-end
-config wireless-controller ble-profile
-    edit "fortiap-discovery"
-        set comment ''
-        set advertising ibeacon eddystone-uid eddystone-url
-        set ibeacon-uuid "wtp-uuid"
-        set major-id 1000
-        set minor-id 2000
-        set eddystone-namespace "0102030405"
-        set eddystone-instance "abcdef"
-        set eddystone-url "http://www.fortinet.com"
-        set txpower 0
-        set beacon-interval 100
-        set ble-scanning disable
-    next
-end
-config wireless-controller syslog-profile
-end
-config wireless-controller wtp-profile
-end
-config wireless-controller wtp
-end
-config wireless-controller wtp-group
-end
-config wireless-controller qos-profile
-end
-config wireless-controller wag-profile
-end
-config wireless-controller address
-end
-config wireless-controller addrgrp
-end
-config wireless-controller snmp
-    set engine-id ''
-    set contact-info ''
-    set trap-high-cpu-threshold 80
-    set trap-high-mem-threshold 80
-end
-config wireless-controller mpsk-profile
-end
-config wireless-controller nac-profile
-end
-config wireless-controller ssid-policy
-end
-config wireless-controller access-control-list
-end
-config wireless-controller ap-status
-end
-config user nac-policy
-end
-config extender-controller dataplan
-end
-config extender-controller extender-profile
-end
-config extender-controller extender
-end
-config system ips
-    set signature-hold-time 0h
-end
-config ips custom
-end
-config ips settings
-    set packet-log-history 1
-    set packet-log-post-attack 0
-    set ips-packet-quota 0
-end
-config alertemail setting
-    set username ''
-    set mailto1 ''
-    set mailto2 ''
-    set mailto3 ''
-    set filter-mode category
-    set email-interval 5
-    set IPS-logs disable
-    set firewall-authentication-failure-logs disable
-    set IPsec-errors-logs disable
-    set PPP-errors-logs disable
-    set sslvpn-authentication-errors-logs disable
-    set antivirus-logs disable
-    set webfilter-logs disable
-    set configuration-changes-logs disable
-    set violation-traffic-logs disable
-    set admin-login-logs disable
-    set log-disk-usage-warning disable
-    set FSSO-disconnect-logs disable
-    set ssh-logs disable
-    set local-disk-usage 75
-end
-config router access-list
-end
-config router access-list6
-end
-config router aspath-list
-end
-config router prefix-list
-end
-config router prefix-list6
-end
-config router key-chain
-end
-config router community-list
-end
-config router route-map
-end
-config router rip
-    set default-information-originate disable
-    set default-metric 1
-    set max-out-metric 0
-    config redistribute "connected"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "static"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "ospf"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "bgp"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "isis"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    set update-timer 30
-    set timeout-timer 180
-    set garbage-timer 120
-    set version 2
-end
-config router ripng
-    set default-information-originate disable
-    set default-metric 1
-    set max-out-metric 0
-    config redistribute "connected"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "static"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "ospf"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "bgp"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    config redistribute "isis"
-        set status disable
-        set metric 0
-        set routemap ''
-    end
-    set update-timer 30
-    set timeout-timer 180
-    set garbage-timer 120
-end
-config router static
-end
-config router policy
-end
-config router policy6
-end
-config router static6
-end
-config router ospf
-    set abr-type standard
-    set auto-cost-ref-bandwidth 1000
-    set distance-external 110
-    set distance-inter-area 110
-    set distance-intra-area 110
-    set database-overflow disable
-    set database-overflow-max-lsas 10000
-    set database-overflow-time-to-recover 300
-    set default-information-originate disable
-    set default-information-metric 10
-    set default-information-metric-type 2
-    set default-information-route-map ''
-    set default-metric 10
-    set distance 110
-    set rfc1583-compatible disable
-    set router-id 0.0.0.0
-    set spf-timers 5 10
-    set bfd disable
-    set log-neighbour-changes enable
-    set distribute-list-in ''
-    set distribute-route-map-in ''
-    set restart-mode none
-    set restart-period 120
-    config redistribute "connected"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-        set tag 0
-    end
-    config redistribute "static"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-        set tag 0
-    end
-    config redistribute "rip"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-        set tag 0
-    end
-    config redistribute "bgp"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-        set tag 0
-    end
-    config redistribute "isis"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-        set tag 0
-    end
-end
-config router ospf6
-    set abr-type standard
-    set auto-cost-ref-bandwidth 1000
-    set default-information-originate disable
-    set log-neighbour-changes enable
-    set default-information-metric 10
-    set default-information-metric-type 2
-    set default-information-route-map ''
-    set default-metric 10
-    set router-id 0.0.0.0
-    set spf-timers 5 10
-    set bfd disable
-    config redistribute "connected"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-    end
-    config redistribute "static"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-    end
-    config redistribute "rip"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-    end
-    config redistribute "bgp"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-    end
-    config redistribute "isis"
-        set status disable
-        set metric 0
-        set routemap ''
-        set metric-type 2
-    end
-end
-config router bgp
-    set as 0
-    set keepalive-timer 60
-    set holdtime-timer 180
-    set always-compare-med disable
-    set bestpath-as-path-ignore disable
-    set bestpath-cmp-confed-aspath disable
-    set bestpath-cmp-routerid disable
-    set bestpath-med-confed disable
-    set bestpath-med-missing-as-worst disable
-    set client-to-client-reflection enable
-    set dampening disable
-    set deterministic-med disable
-    set ebgp-multipath disable
-    set ibgp-multipath disable
-    set enforce-first-as enable
-    set fast-external-failover enable
-    set log-neighbour-changes enable
-    set network-import-check enable
-    set ignore-optional-capability enable
-    set multipath-recursive-distance disable
-    set recursive-next-hop disable
-    set tag-resolve-mode disable
-    set cluster-id 0.0.0.0
-    set confederation-identifier 0
-    set default-local-preference 100
-    set scan-time 60
-    set distance-external 20
-    set distance-internal 200
-    set distance-local 200
-    set synchronization disable
-    set graceful-restart disable
-    config redistribute "connected"
-        set status disable
-        set route-map ''
-    end
-    config redistribute "rip"
-        set status disable
-        set route-map ''
-    end
-    config redistribute "ospf"
-        set status disable
-        set route-map ''
-    end
-    config redistribute "static"
-        set status disable
-        set route-map ''
-    end
-    config redistribute "isis"
-        set status disable
-        set route-map ''
-    end
-    config redistribute6 "connected"
-        set status disable
-        set route-map ''
-    end
-    config redistribute6 "rip"
-        set status disable
-        set route-map ''
-    end
-    config redistribute6 "ospf"
-        set status disable
-        set route-map ''
-    end
-    config redistribute6 "static"
-        set status disable
-        set route-map ''
-    end
-    config redistribute6 "isis"
-        set status disable
-        set route-map ''
-    end
-end
-config router isis
-    set is-type level-1-2
-    set adv-passive-only disable
-    set adv-passive-only6 disable
-    set auth-mode-l1 password
-    set auth-mode-l2 password
-    set auth-password-l1 ENC tYTPglvrVMcFDaqg6wZw5SxGvllCHIIj+KCVD8Es6At5TSdSLZdYSE2Hkc58H2K3xuHgHypCKTb4LqxJGd8O9YRpfrRo79itvFHtQUA60CSa9pz5cw8mgBYbQ5aN3zjsEzKSjDCH3c+X1lyVWq/RC3bHyFG5mdK5yOZKl5soAVT5LLHAJNTy/aK/J7zwdlGoPKF/4Q==
-    set auth-password-l2 ENC B6KDjowZVjyzOFMj9gbV5txoyXI5YRKlTfbtSkF4nlk1HUl1MVUoNpIR5O1mBC70YdQr4j/ngaN0M0wrxZf3nuiPGqtBzbQXCqZmlhXx0WmwnGwWb+IJksDhkH4P2q1CyQy24wESr2DzZLB3nEOBnbwYCRTwbFTPmWeh04cDJgu1rbTNKEqpvHY8iS+Kh75LVZiRbA==
+    set auth-password-l1 ENC IFYr2Nc552MTyz0eSUjA5bgV/JALbH1qiT3Fp1dShCvS3HgEzxIWUGGD6KYIOU3N8uzGFHRzdzAZqt1Gb3XgDLtC7Sh6uJBISYw2BRD1psJcfhYnjZkFFYIvCbX+MY5FcX7Gxy3maXSg8+sXVrw/sCwjj8vqqlTyq9AwV7anUGTABRIWuqII6cIsdCl6u0HW/unrbQ==
+    set auth-password-l2 ENC dCRlmJn7Of+aMr55TgqCUFdEbTLm6c8KXPFHSncmYLPT59pvy4g/YMe04LmS8JxNZzJeoXs4wvAvtXw6m+Exf4gSSJaz5BohflOCyWX72eEJAfDigDEwPcOUmZSpUqHaOrCq0gEUdvzuf2SV3YX8j5Olx4mtwl2/MG8zl60n8jwDOH4KRQbpWPhqXZsDQrjwRCA8JQ==
     set auth-sendonly-l1 disable
     set auth-sendonly-l2 disable
     set ignore-lsp-errors disable
@@ -57865,16 +41852,6 @@ config firewall address
         set fabric-object disable
         set subnet 5.4.5.4 255.255.255.255
     next
-    edit "Safeschools_02"
-        set uuid 777359ae-8faa-51ef-2f8f-4f76e1654996
-        set type ipmask
-        set comment "IP address for Safe Schools video training.  Used to access LDAP authentication."
-        set associated-interface ''
-        set color 0
-        set allow-routing disable
-        set fabric-object disable
-        set subnet 18.219.244.165 255.255.255.255
-    next
     edit "z_BlockIP_081"
         set uuid 0a997bc0-7e13-51ec-eb4a-00ddc2a55df3
         set type ipmask
@@ -60973,6 +44950,16 @@ config firewall address
         set fabric-object disable
         set subnet 10.1.40.102 255.255.255.255
     next
+    edit "Safeschools_02"
+        set uuid 777359ae-8faa-51ef-2f8f-4f76e1654996
+        set type ipmask
+        set comment "IP address for Safe Schools video training.  Used to access LDAP authentication."
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set subnet 18.219.244.165 255.255.255.255
+    next
     edit "Server_40"
         set uuid dd2d842c-9202-51ef-e573-d3a5b9382b0a
         set type ipmask
@@ -65756,37 +49743,37 @@ config vpn certificate local
         set enroll-protocol none
     next
     edit "Star Cert Expire 4-24"
-        set password ENC YJs/oQKVMcGBPY+6f6Er9JB6O/Y3StNpN+7RNyG9SLzwCIREuw2n9gUyWYMCL3TMNHPVsz6ra7XCZWZzTJNKQly8qnh6/2NXjswt0ADdXhhuiPP2fvDG6+b6eLjGGv/0NatcfVeBBGzcCDpB6ELxQqgfMLvxlpkUum4vGVSpZIX3LebQOuGNOwVDaT08n7LO4ow6jQ==
+        set password ENC ogXmxIoF6EiAej+LMull0en/+m7ySCjceydbjOX+jJD6DI7YK+BtRz2eJjbQKEJFKABaXoOqGGYkDldeSWQXOoBMRburZcwvm6dYRWVjGXj05rzPrMBJ7ZNP9QvSQz+4JMUDwJSrQGrPRSSqvF4E4Etf8zcIcTdhTwOp9s7yvF/8bR54CRfHmRopxWk+xAoLEp5nlw==
         set comments ''
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI1ADRyf0mn6MCAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHep5aYeGg2qBIIEyJss+VGI9fab
-GXfYkRhYis5+Bb6qDjU2sylCENby2UbwoNX9ACIkZPXShnBae96I0aYnWAVZz6zg
-eC8xTh2HBX20vTg4smsqG7Trifuok6BcNa52BHR0QCHmm3gf8JMqZgVT3cYZFiAX
-mFdwkt3ISRqtKBkqFd1bauz/J1ADRL+NptllvI/TKjo0fEp0M3PcYLp6G4j5rG+3
-oJd48xoq8bcEAUv73WRcKDo5L5GRJK46Tqjk8O9RE78Z9790bRrI9jwRE88BsBrz
-LwPF/o49l+jXWCUZhm73nypzDZV//kzXBnY5ji0cL+PSPqW3CWhDb9aXDM+hdPUM
-WIp44ESgDfa0avKrp94cT7gqek14WLQxr+IOQRDU4WNUjkRvxStJPSnGvw/BMGR7
-kxFjkP8rqxDbFCpszidJywr9j+yH4od/BYPgJRsjfNJmckE71uIg83LB+2uEnqKw
-ckoaT9qJnOH9R+OEMqXPfnZwJct9jmlXuuSRVWjHCILnkAN6BuKCT44PLrO4VOc/
-u9gHB0449nxJFFXMLOLfjDHElxgyWankhMOFVXE3l+V+ig3Izl1pamhwNfguhz00
-yw7ds3w15BazrCemdCcIvEEqmDSnMvSXTuKoq/qSYgjvcYOAtS2zf1YmRBATBPR2
-Z4yDiSshHgIQ/nN9BwvGRQSFafEPWC4z/89hyjVZ5xbgU7NeY3V5EjXY/srW/iut
-dDkikmvuNbjDeG/D/kLuSbbkzUHFJ9qLe+Auag58EmguicoFIfaeCAY82qWpHVxH
-cqnvXHFdmKVWWY2PA/ToN/r7Xw5/NgVxgD+u6Qk+w2hpnyweeL1sym8Qasd/U6ql
-42HctiqzVZ3BEOMw4sJbkkdiGYzrop6oU741dq38c2riibHBwN39MjyrErIUvidt
-tCUZa2m+wgVA7i2hXZAdXAt38ISrrhi4q18+fIv5udx87P9J2zzALRGdIyByKrTV
-zvW2ll4WPxgVTkBaCmZgAAf0QAXW6IeuWIKsWhA6mYWVyJXvU9GcFqZtP+7Wq5J7
-9RzIXQ705LAbbwVIfiQyds7kPqbhanbJgSxxFUSY8t3nyoxRWKkZFq3KpsOGOlCX
-9K+GB+vVnqPvCPc8uaeXpm+batwklgdVqYv8Ak3IBLOz63ZS4IV/bKJPm5uH66TQ
-7RL5vUJkLTSQSngA9jHZRAC3+JpPrKEw8NfU/p7F1gstuUPRWF9sJkym6wVmqnPJ
-iFqT8A858hYNc15tgTEUDGD+DXsGRxxXo9tVNay/TSNC+hyPRCLFh958o3/0VOmc
-VqKJ4Qbhv8fxIx5ImlnD8H8asyb8UdfmOKDwZLv5xEzwvNmLBA60OMJ2VRPEPgGv
-5YRowHZw+ccdFBGBuBjk1j6qvGd1kUydp7B/og6ZUF/IdVCwleko0+BWndKpmoC3
-cMvfvp4QcPaAm6Hcm6kZzSgrVK2wS5EaF96RNHCwI8gKBTsDU1lDaMIuAvXcfBtJ
-/pGQHTvl+OIg02gcxia0vjgyWQ+590qCRM1FwYDWSuuU8mziz+Luqz9bBu5Kyf0/
-6+vXGpYGUzGS8dV4pVG1MQmVpCABz+mDiTCn+8m5RTyb76sffbKkN8u/RbOshzOm
-cVowKhN/KIoUbz4pdJbJ+g==
+MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIIxOUWFyN7EQCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECJozXzqtNLlmBIIEyP8u3QNEq0Er
+u+3tBmSr7dOO9N9TTyG53Gm4zFsfOry4/WR3YoV15XTUjbXVYrEkCiSCYTF2NL2b
+D+e9EpTc96NPMyFDS5ipaqCG6OQNKxasWSkWo3b7ohlLqTaoiJ8QlZTWiSP8Uun5
+0KkeHJbUhnhjZItk8AyW/PU1/mbXN7IHrZ33dP5kCt4+92siysz67BX8vlotTNru
+MQFLc7wPED8SyyPKh/7f45lAy4zFqeviK8Y0HoFs3CP2rumFc0ElFzqcevpE8ykO
+sF1eodYL9XeMiIsNOc3k2B3gm/ZSgqVHtFvmRawByrFE2EOjAa6aW9alXi80gG6T
+pHVy9EKiURF9NF7tmaHPvEKXh3QXW+GuAxNURD4nmkb0LysCLzqVkQR2se3030U9
+IB7+06UA4LSBBoDd+4O3VBC/m64K0xeeU4LPmglfdx8gGcsExTv1412t/kS2E0NH
+sAUXGmWKoKpLJ9o4KfGuByVNoRIr5Tl93D1OnZGzlonAqgzK2RWuU6ypEAet8ndF
+FwG3NKm4FM7CtoE4ZfnnDJNmSjkpbZuM2NF1GDdGYAvL1pCPBXoUR+5E8LSGo2Yn
+PoiF3zhbtqgIwCkfMNgkhYGUmr3lLGUYcXjs4TA/S+j5GOg98AkDJuYd95gfueYL
+auPa5m5AKvOONhNV+A8+xcGjH5+2H1l8vLXGjUYbU9DPNDPhdsiKgM/7M8451x49
+s+OVZ0IFlp+DYkO4/ExFU0DJep8f1A8kGZ1qm71K+v6pj6/LKWz3/q+hARNK8rUA
+zbSw7k1F0kESvzTLWMDN2vmEIAmr1G8Jj20TV2S/aRHQDjWxyY4sZKxN6J4JT2w4
+6K8SBwc/nGV22v6cccKBRY89puFuF0Ezo9gxlhi081SJ4gD5BNjqVjEmxMe2xafO
+sipLnud5MmdTlHovWM5tFhrUuQJXFR/1vWwo6HZWDps89etPhMhFZrE33R8HSwtv
+5a9iYZQVVvekpOQcszQw1dF0NSplZYiUAKrRXLPNooJswNOmEAlqpzM5gWSgfrwf
+mwQzhHH1EwDC+i23OQIkvQ1nKquMAa8jC28VyAyBidaWCzeU3HYq9eG13x0ldWam
+elVsTaJLGEwyYcLIl61knpQXYFs+2nhAoE0x5EPrJnffzXXgDHv6knz3fU/aTobp
+clsIEA87obcRQ9XPW0PDaiWl+qYWTMb961DYGLMl2Cgq+aBvCrhgMSVZXluMO+Na
+fvwbWu+nsIVPzKJkyWaygxMtRoz68Yo3sB+9hWOx69po3XMdCdxz/AYUg/x8Xf8R
+upX9mU51eyA12ZF7duq3k8AMw2MhwgbhVrp3J6NflUn//nKV7RsgpfWhM7XoT/g3
+kMTm+oKNUhC47xac9a56m3TuDrTQPj1+8GPOzOgOiYonyKJxH0ewuYslKn7FwLuw
+NuAAiisUr5uJ0eNx9j9UaPl4Sd4/5hVBQzDdPASfa2FrJi5oSNKz7/wXN7YkAUok
++dseonxi6YXZTbfsXx55f80mnhh3r2NA1qSitHhOKgBZ2ynNExN4vIM/HBpq6aU6
+3iBmnBaVm05XBd4mqWduEDzCqApbxxPZborMFz2BI4TTSQ6Fqr8bxaO6HO/NilCS
+KYAC2Q9l/HVFQ6mDPSLXlA==
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
 MIIG3jCCBcagAwIBAgIQBkygNqmaAydvr/1eZIzsFjANBgkqhkiG9w0BAQsFADBZ
@@ -65834,37 +49821,37 @@ UrU6RSClqgz4I6f0rJZ21YK2JWlVSRuJoCVOpezPzqqP3g==
         set enroll-protocol none
     next
     edit "StartCert-Expire042025"
-        set password ENC pvj0HM3i73tJ5wnxetLS0T9umAv1Ofl3Lf+amZeziPKKGWjOw15celuK8qaWnc0ToJw/qkUYJ6BMXy4ITUlsiAUdOZRnSSItsnbVRemyOko0w4EBXhwXX/9Un9d/GoTbv8UbvBSR3PiZ+e0Zkvd/eKZNB0IA8AhrHOb3PouCjnmDTuhvbs2k35bVfjOa2DmWqWVrwg==
+        set password ENC k6GQevJS1hAg10pkITXU02VohY3r9pSdghQmH4TCRiwqzMO5rjJQdi7W3xZXWcyF5IEgmz/JLhvKH7nocUZqnitkmrjf2P9SONwf9CsNbbKSeMkOIWqM+0JI5wS1HGtPiBPr4bquGVEOZG4OxVwjfuqX0K4kVT/23smdk4U9iqzEVYbxgxt2NegmV0cUOKm2tH0ZTg==
         set comments ''
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI0Cphpabjgl8CAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECNvUw+brcAxIBIIEyPpJlqMsUNp/
-cG1PvyzPAiqL/7SIIfQ5VPis/pejLoFAmBOZKq8feNRFCozr/uP+xRJdv3SDzzGu
-loLoRVuXpqHuAxL4snS7H4engkrfUaMgnI0VOQeZMpW9epWBgLy0HoCMW5UUmISL
-dIRAKOx8jl7yX30s0rcG3y1/KEOBFlHJwpokVNliA3KawSmECfi27jlYm2jDfyOm
-XJ5LGeoUE5FzI7vMRG73Z45yKjn0QHh9L+gPAvk99SNnzx9BZX1iuSGIQil9oAgZ
-AcK5UazBPcV92wZvaOiTLGmVef9a45X4N0tiEOV4JGLOuGrP1cH63YmjQ4GEGyUj
-1ETa4Rf1E0JoLP1woYMVq7mXY+f3Iv2nlsqXm0/Dde9JFZ3imvExOlmA8K9ifYCD
-YoivQzFCyFklGX0TkzAhuCnqvq6Fhv40uIGXKckRRv5dqD+xWqIXPNvzxewZC6Qa
-q4HH0FGwAmpBUYh8pKP5KqsA0EsnsOkbEEoiwtC9F1tSH08BzkUQvzj1bx8CMeas
-tiED16maGTh95ciYCNmoV4YxqmBZ2PPsE6LPE5wYNg9DkqdD5yOCL1rpiKCt19xB
-qcHe4cLt5CaZiXOqIvk+Jo3HaXX2p0cWaDzMrgonXOSeeu7No2y9uniAQeeLzCC3
-CYUVKyv7p8xp0dHiQmhZ/VwxqgOMEL4E87QDTpHFQ2b9oU7+Bj9wGkEgsOgTjDJQ
-P3QalCcu8UQOtLnSUYMwtis+xqXcmf8jd+U+dLxgfl0osv3TSEkVNsP5HGkllnFc
-GWPutpcTRKQ+dkRhaoc+HoD2FqjTvOnQEgsIWxGItIAFcH9numRtYklwTviNudWg
-DplRvHZDwkx/UrCmoJG+xme5yq+H/UUFtHN1kGenQKdc5B7PvdHnGAlPVPcZeQOT
-PkAYwvTxWBDIOIGrlAtyoolHEhwys2O3QFGYtkHnaWUFArdtFEC2NOfZVOP5JqrT
-HdCJLcQYJF7Mci3aqwP4WnnDzNrAVkgX/MwzpHEI8G7DN2c5P0COtbaFAClE4nXt
-1kQsCOkHj2/avcPnYhecAc9fgoZ1Q1Q1+CunV124rLmzXujAbSM9EFsOKOC1+Qkr
-x6MGrE1yI1uLoHFa8dHf1xOvjl43dSjW/8T5SRCF9uj4G1jDfsKVaHeBWpnNgANA
-a0cK+TV+yYEGlnWWgf3f8Iej76UVVUvsFcdtstNtLHdAZkODJdh5Sh9FvP3KRrJS
-UJ1tDtsGzUYSeGCjLQN7EzsM8vWSNhBeDZOWI5HPAQuhyUsCrXfT6oSaGu3tRQaL
-3DWizzc/ZClqd+UmoOQ1zFp2YhVLTKx7NO8aQ+FNAP5lQpFSLHiOnVeVzD6ZISI4
-i+6mzF6UdsXueY9WYRcxmmHmenTuWgGEIju8XB57JoCmuC9QeEuyrBQgmpexSAzN
-DDJjJbDfO051IS5BNRTVoh+WP+XCAzrb+F9CaocXGScVPD0GYQ/4J5mHCX/U1e08
-TCqfaHxJDaatQy1PoHzqfUVR+0Px9GywXtEUMOWy5nwZGO0qn5sKPwr+RPaTeBb5
-wFo4LXgz2Mc5CUj42QJoOqqrbv+zUSAcywLzVBro+RXeIQXNhJU/S3nGw0uM0kc+
-jKHiEWTRxiK/NMCnECCWEw==
+MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIyG6LMo8EpRACAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECAu32xkposDdBIIEyJAl9mNfX3Hu
+l+HyNGKayZpMXuhj2uPqA+NC+qrBdWDeRENODMzlpYKR3PPGXi8rMcIFTY2dMDoF
+JPEG2uQsaloryxXRj6vx9HOg4jc8FNgDUROJdS4gi6yOjDyY1El5lkeLov+GXRKm
++e4lcyECEwJapYL5jrGItIlaTsT+7hCwXdZ7g4pWKaheVf8f6aMUEIXPHdfPdKsp
+LTSJKuSb4f8zBon80fBafSI5LvhxefrE2FnV68/ZTR9UMdcYxiN7gr2EswzGPvkT
+2j025oePvf9jF8c1YpqEsdB7LKBce1lu6cPG3dasG8iWGIKaj5rBSRnU8oRo9Phc
+DWe43XsqplSuBnRf7efG4hVsrhub4aFRbmDFlPP7wdrY2P2RcHTid7cCAo6zyhML
+Bfi281I2Zay9ZGNlbIPqBHizVM84egns1077amvTrL3tBw9WJpmna5pA27sWYfl1
+qgI9xoUaM0LCqxIT78rMJpAl/tfZUyiLxaecErv+0HQ0v8osmScgER43w1xEuUlG
+2Nwz9W7KkVVcYMA+RcXGtjFnR6JW8KEk6xthCKxksM+IhimvX9LRMVisun+brvE1
+NXd/WUNke0FIesD+nmX7yWhiX/0o2zxqf0ZuccEGegNLsJCXzmlEs1x2ipuwO39X
+Wmq41wXvyScSf2UV5kQr9/M30x4dM1zc7Q3jW4YH9sbPzXAkwf+wP6ZkcNwvSjwQ
+TgQfYsPnSlB//FnxKuR0yjwJairqUxl0GMCIGEnFCzPZYIGUmKG1alo17Quyh12X
+TDmlp1JLC4DNhlPFlknCVyrUPuwRu6h5GkiUKp/orMDiUo/lSUIhu4jSPax9l2tt
+iWUT5hfQirbuV4AmTFuI810rZu+4O/B/o0jSnCJ4pdbqH2PNewSSFzKltNE+OZfH
+Z08RBKlTl9BY8Ji/iWg0L2jH4oo52GuqLIRtLKNW3Fal00Tj4otph87WXpLQ5pfJ
+QcFQCW0tglQPmdaIHckpaGK7aWX7MVoafIBuSO3wR6vOELW7a4oG6SXQoRGoM+2v
+Dr9EUj8KSIMYVSiNZIuqPD5wyoegW9fovuk5RcVPn0D+ffL50Y5bnaMOmOMRJmeS
+8YgQvK+TMk3bNgG/dJ4NJadgAA6z72lU4bNsaFDIQJLWHueO/oZnLd3daz+Fxwxr
+vfLJMBfHfvJXBz7IbiO4z7eEEvNDewA2oOiBfwHfxqR8LxPL7krDyc8qHib83+32
+fh4V8o2Irql/NLVMpeAqhK5ytsWn7w7OWZVRRU2SChfp2NT73AoYuJjqN1M2NjtO
+e23fLM+ZcOZx4EH3+XmrC/W4TQkyegjXIgfXu2ghQVLqzDc78GD8B61iin4aSsyb
+ifGlH5F7GM43ibaRomH0kIEb74ZfcvqPjsRy21DqcPGBbQszBmmt619NZ4y38Y/J
+Y61cRP7FSKtwF826v3I97FLhymML2Bdy4vWamgGokoofc33imXAPXjcqBPVV/X/m
+ILB+8jVzOE/9ajhg0BWLy5bxAbY8v3bo5lb8jL74rrexBHrJGPXKdYoyP36PhH/9
+f3ZKrJfTPKRnJcZ0VgeAKZNlLdHKde72WAwIeCrw+GHcgpzGOb6VoFzlQVdUPaLJ
+QMMAgyIgehGjKQYj9bAj/w==
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
 MIIG4jCCBcqgAwIBAgIQDzJ753SaEbPwC2TYhqhgzzANBgkqhkiG9w0BAQsFADBZ
@@ -65912,37 +49899,37 @@ YkZwsmfv+q3EI9HX4ULuOFo0GfXjdbUR4kRE2EoLk+0prTGuR4pVQI0psfBbaj3K
         set enroll-protocol none
     next
     edit "StarCert-Expire03202026"
-        set password ENC goF9gdO2sKzCztpb8F1xt6WKHVtUCl/s61QOPZW1/Qht7FFynU5X/0+/zEyHksGMwBl9AgF5PDrNXsBeDe/lsJDaq3icsZ/pIWD8+MWR3AG49HRmasN56rwvcXUMNyK0i4U6WWRE4ofB+W63G6KNvW/gSAsYJKSuWGbK57xyxIeZepb6bjUAkNUJgnfhHTt5Ye7IVQ==
+        set password ENC Y6/afX1xoSKquPzrHc121kPM5NUKTXay7Lu4m+5Hj+YC2Vj90jiJirfoFcI3XaRXYL0J5b4INqn5kvp3EhVh0Fql14gVXtMPPo4rW7xM/w5s+XWGu49VLOindgzLmAuw7v1epmbcIXHpr17HoTa5HF9sg9ePd1BPamDq/tgOmCe6EKqlP/6oYvoDIdZjb3TjCSFqEg==
         set comments ''
         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQInDBkEw6MI/QCAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECPSxL5hV/T4zBIIEyHTk6a3M1W+a
-uJiYl1Ln13cI+0Ug9q65pExS0kdxX+vD7uas6rvZsUZzW/w5FGM5yXhfrxgqX3oh
-gUaf4F/EEeAvbAJEbMipp+n1qXF7SQhmqg4zs3vzyfFeiAyxFdZeESFsZWSQxIN8
-N4L+F/CmFCr5+yyEC/wPQJq08s+KW/soC5PDP166kLSIxL8ALdVCRWaqPZ0WI/Al
-mVLiA8vYpYNDuP3u1BMML6qw83ir1HrhXcupuGTxF80Yg36+jlgyYyeCBgvqWqun
-BYiO6NpriIvDMNcXmr/Xz201u6coYRydUNFJJK+xyGcbtdfR50axHh/BFsTju5SN
-hApwEhL6b/K62wnoKovDUyeEvktkporETpqGddddT2k5NfTG+wjXZTpoO7yo3sMw
-rhI2QeoN9P4ezdSvVWsn8qpX2Vnx/Sj3lXKYOwfhFvwXn+ZOcorGWDi/k2sZ6T6j
-8NVe8+WPWkBkMm5kuKss73R3tXHC7JO5q2q2RxEP6UY+Lcio0IBMQTAiaESm/cai
-s7tHGzaskJnsb/Wxl0/tQgjzaweWVk25wYETXPuXozNKrU2s95hoCzjjcJYyfk4g
-RQ+eO04zg+IPZBIh1pgGlYdzM4MvRUOUOy2HLuVz7c4gdYAltd2rhtPnJ0pFrzso
-kirXUdIHQVeQaPR/B6IDg7o32xkl3v/VAUZzcFg144RXXPc1tlSHzVfrDDRnkaXg
-PVQ87s8QcFhwugtvza6B4JODKK8WLmpx0BrJr6EadAeFHPhf54n3DgxzyhM2b0v1
-1N3kDY81akp6igHv95EWMwANqrtAYWzjabra/kx2Q1luJsTU7UgyeaYlA3k0X/2S
-JOWZf/PLmJ4BQTN+pGAAsiqzz/6s8EyIjSOqdqILGCDsmScAUDeZQRb0jGMixQlf
-MGQ7H0I0PUvYqJ5fDcaEbqu4lkrsmqW/pWbJJXc48a0aev+nldHYWe+/Swap6TSD
-MEbjhKwUyhS9oRPaT5cyPxrTR1+5Z5LFn96Md8+tm2hYRBWjwItxRU5FNa3T9jVD
-8XD3/+lGQJQBewfMPSEb6icjEFPeKx/pwoUMuCdSgzzJdcqFBJ5dtQ7Pne5Zvmgg
-M3M9ObQ/+r7s30xzQhZZYMk0ka8hEqvpQD4TJruo+QMtybuMThZuJmaB+UZhzCs7
-ztchXu/sQzDgYIQtQJMOqD/9J9yvn65fgphKaoafM3hP8DgQ9awdL6YAB5Mmf1q4
-BJE6hir4/8dbSZEpdEodb3DJ5SU2yjRhr/TJmUYUhrv4iOd4NENCdoO4oBntOkS7
-hve8lprXDSBbZF/3c48/rNIERioH50d7fklPjTco4DbxwZYSShNJ9aZBi8aNc7Yl
-t7ECpwK8RcOHNqR75f1JmpEL3k1rNMBS4DwbuKyjUHxMcCSQY0LQHMd2gnGqGFcw
-k2I6PdGbRbG1Kx6CKhaJbfdnH6WojCbUjTrw+/dPjNp6SVyoZaA1/1InXIiGLtJF
-vwRyPirLJsVFvg3YapmMsKVaJi4Eh+U8C1T4Cxxp32D4hSnTEDsgHm/ThMeyLCzd
-1b57e1iy1r+6lCtlCqdOS8QZg72+SfUhiuLtNxBHxjEKgriS2ZXCzSlnSmNx6mfX
-5/3NfdyRBAt7pPDAqABVKw==
+MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIkkYYahWJmvMCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECN91fmgCgEWUBIIEyOTOHta5FOK+
+7RmNHPxoizskzmWLkgaZNPR4g58t0x2/6cXKmNoLAejhleb2rZK8r2X7vePDopGg
+QeldHPjEcdVWMhk84Zw9tPQka78bLS8SI6lXtwjT2zgzz/2k92RdEjOJFn/YwTyj
+fmaaIjQpvvWZ0sZoROcU1YCu8ilwBDZXeKEtQmrmY0IrOnMLMF4PC75aIJfGmbvJ
+ZgEDWrQ1zooo54nsr7gKRfH208FlHofQ/cpxCcujPEC3vlPNT8u3EIrHkZwNcNvJ
+wvAq93+eoASbmCsGrJmIdGuuapgGb3Vud6bs9Qu0Z6c4y4tae2V7bV6UBgc3QLCt
+I7KgpenYqsN7PiaFE362JoZpT6Ssg217rnbb9S1LyFFB5JDTqSTiR/IHJPKGo7AP
+FWNdQ1V1vitaOMLC9SaBWP+AuqgEt1tpJZByn5qkGI9zj1De9bmEkh+Qi0W/AImL
+k3KuVAFjN0LCS0pXTTQ0jhb2zbdG7LDhCFoiFBJGJOdyOW0L8+POaVHyNEFulLj6
+02TpEScllxtXSgw2tt8U43CcTENL+Qv5Tkb5Mqu1uRz3RL1mZlx4Cw3Y2aqF8dFD
+MKi4gNGSUvvGM4oWbvoL0GAtZJ0D7rw2ZAJRtiryGxyhx1LhoDyzLNu/+cILXYuc
+hneDiJ2e0FvjFlU3BzZJtUFoT52QqMWPgExyvUO4btG3Aabge44V2h4aBaFZ3FqQ
+XfjyTB8GAlOqNkY1GExIj44vY9Ziy1J6/nBd+Puw/bE1O+t545ZiacDx0MI2tNq5
+duQfH+j3uoMBekzCK/28geuSM5r9J/GdcVPoGGunlaNGpVlRUhGrI0ZsuV51wpjc
+EZhIIxfc7V/NJ/STUECQ3t+DhXUWy8mKLa7zLNtBOdz4x4551gG/WRvYpxo0HhZz
+c3xW9yRN4rsQhzBg93QvXY/9NhaZnKCFNMs2IbK0RVu76DeLnW5ntD4aT12ziGN9
+VcrXozl8SOjuk4YTrxQX4Pg6X8OkRB99qucSjkfSa7cPNMYUvnIKckSe+nA0iOTH
+Lu79SDmSgtDAmJvt1X3WScWSWx631hCoULzbBbuWfm5YpoxqH+caqo6ADHsTjcHY
+axkXRuLyOAsBvBFSQhCZ4u+BQE6QCGG4+t5gyKRCPmCidEELkHuMfSh4dpjUfXxH
+1qkV0MW9c3K7qhQovvfmwXHkcUCPp1dalKz6aqpogvJ6e9o3Hoh7FMQwmZ9G9S7p
+3gJ9BwPVYf4SY5XOpfMR/XJ1nkmpCcOWjwIQ907iPhxhNZetjAQ5vzhiSHUDuUS+
+l+stNdO4K5DWs0VH1dNKbBsuZQsgskBeBm7j6NRcOlu7mN8GYyenHJq8fbJUc0MN
+U0q3BT4M6fE3Q2F/Iq9Ca0TRII6Wpdi771ckcAr0DOizYK7dX6bhSguXzjJxV09d
+vgGW4RQmAllYEYJ2jxA2RLpGsYRK/Cp7isuUM1g0Iy7O6NeMJeMq+oFxfn112QBM
+Q04U1W/OzFlxYg/aQl7qDAU+cpBssN6vTQU/x0NxMIzmhYsLSnQ14uyQjunnjQ3W
+jufXVxN21NKv4hnqIsoVuLfqa7iX6bUfin1JYyKldKv3lzalA8at0fhPvANzZQ6w
+nFhkmh/U/eQwC/98gbBPdg==
 -----END ENCRYPTED PRIVATE KEY-----"
         set certificate "-----BEGIN CERTIFICATE-----
 MIIG2jCCBcKgAwIBAgIQBEdfHQ5i8A9R/h7gVSxl4zANBgkqhkiG9w0BAQsFADBZ
@@ -66897,19 +50884,19 @@ config user fsso
         set type default
         set server "10.1.48.37"
         set port 8000
-        set password ENC SolQ9+k0kiMmO5Gfiz+NRx/sVZWu90Gsu+EbLe6DVr7blcf+evWrsb2fEuUKu1dRs4P8y7GU1odIa9/B1uPg7OvR3MLs8mZWrLfZdE9u8p/j4xUzSjpYmat6cmQSkXCClOtjPlQw19CCjXipPOp/zxa8/Sr188Z9ClsNdKWyTECB0HHIUJr7wpybUMQBJPXT+p8Tqg==
+        set password ENC K9eo4AbjECOzQA7wjMrRURd4ylcKmglws9AlyzQ1f3uXDhw0RKA9o3XYaELx+xH5693IDEfvvpiF7lHv5dvYvXVMz5lcBmaOTI7uQAc/t3/I1O5XJ2uxXKePyNUNsNHvRbLyGxqSuw/Fc5/KhsY0ob/rODfVOv3i/qqzpfLJ5ErVGoN057DkGc9jjUOmRWAp//3H1A==
         set server2 ''
         set port2 8000
-        set password2 ENC ST7AwiGYBiwcFDJwDylT13xMEwtafXMw+TphX0vwWafX9ZZSWGifNZNPmelo3hNm1aWSV+etbYu9bF5hl3nNP+Kx9XAvzYbOfe4c4o2NiqDQzB6cqHf4v6X2oJDe9+87QWcxAlOCSRM4DXycI9Rc1W/gov2XhZQOL/dytRnq7ZmrLF7sM63w5jXa1OsirQ4mDWH3bA==
+        set password2 ENC xGIlhkZXHK9rY45DltzCxFhtQEk1Wos+GRpl12h/yJ4ntrMPLK1s/iJl138fASaBgOBRsCQ8u+niDB0Qbpr1GooiEoFXJHsDywzqJE+K5glrtuvNxEB/0kGJlD7ZI76mV+rVJZVwTZU1ULiFQuCiGmIaxv3G67j/lGKh+59uLUAsJ1ifmfx0IYbwpMPsM1mdY6BeLQ==
         set server3 ''
         set port3 8000
-        set password3 ENC 1CNSs1xfocCvZ8Y6NW7miSzFiLX+WI2NtGH6tiB4m4JBRRaIAfNND7e+jcWhk2lvhZc15X0MIsILQKdz8jqyvCLbkBZ3MBb5A/fhnGQLeutdXGc+m4vnApDKHtvclPiu0f6wc4XrTlvQQ+mFE3xkSrHF3w0j1OlWgrh8zF9r1ZIUTer5vPsssaaicSPXWIFg0ZJC5w==
+        set password3 ENC 9FUqNW6TLNkH7QaSHdXNHzwEsbBNg0JsVnKTr2h1OphCcevINBW6mEJrp8PhM7SqrVZR9nsFtzZihQEgnMoBGcvwIiFg+arIteyu1g5/te2oc9CQ8shQR4Rqj/WN4LhJPNoVp8lY8iOAp3NRIJCK0TEJ+2zWDxsMCmt1lX66vihdNXPIEl7FekTR7NHJtvpTybkSiA==
         set server4 ''
         set port4 8000
-        set password4 ENC 7yUfTjqMrKnrO9d5uusdgK2Pyqai/Oao1J/tPhYj3mRxqGWxAATBBOz1qhH1Yc4eLqwlQaHEVwdd1kI/lUq7ZlssG0kq9yMhdwsi9ud6fGUSMXq5GqIQ9eqQFeeGH2CaYpkG39+gM+SA97UyiHiin7qKGiQ3/PBNx6C5zqiaRBB1rUTzjSRx9pADMvq5DgrE0a6UGg==
+        set password4 ENC iKBL0+dKqDOourUQH/Ly96xBmRr12221g15ducNq8VU8h0P36c43CIY8ORFFrq3o1O2WthzeXo9jQFHMY+GMKh/8ClKKJyhZ6xIAfOAPQcChb8KJNAn4DmESnwkLwAus5AK9HXov6M+wdJMDsbeIKQDKSQccw6AkQYYNWStDbstcqKBkI+1yBclWTiJZd3Ye5qh8gA==
         set server5 ''
         set port5 8000
-        set password5 ENC /6yYlvDzDsnkuBBgzVJ07rMk6DwwJaqwkeDsNRhAiyVshgCZKD7AANAKppw9MrVrMGG9P5mlZEuNeSfn11iyPEll/mKo6InAlFE1f0bLgMQhxfZH3r49yRsEc7n+duWyPOBNKbBVHCETfE+PBui06JLvIndYqPHUmajAnjNhK5+EQGHwaJzhDqEvtb/57LYCiuz6hA==
+        set password5 ENC +Egki/q14KMn8ws5PwhVlF9OG2lkwIujElaweBt7VJra1ia6tI+vWW2rZQL/GH+5qWn5Fpn1gvMy4Edkbn0Z4kEMGH/uyE36c6s6w9cWkb4O3a/yJGxD8QYbbvLcQRNubvSIxYQvemTTQs57NAauB9gy25uCcar7bTMsIEGyWU6oulXVqNHESMLUYta15LOAcjUqDg==
         set logon-timeout 5
         set ldap-server ''
         set group-poll-interval 0
@@ -72373,9 +56360,9 @@ config user local
         set passwd-time 2025-10-03 12:14:17
         set authtimeout 0
         set auth-concurrent-override disable
-        set ppk-secret ENC Xdqqntr9shAwTNHyEDRdtcOd6/iMKlSL+tb7JZvEBkL9wXRka/leBcEZVwGZgjL95PpIARgKhSZfb0b1WN6kD0rnZESx/+Mh4xyhdnIyyp0c8nhP9dyn+mIuAHShaKKYxFOk65MIp4fNFmtRYGGF72IUvPeiL0a2k3+tG3gJzShq+pVkvJDoFqltImACITrtTlnIIw==
+        set ppk-secret ENC fOvQpGgKjWcSTc1LyNM1vVrFZ2jPhfj+bSPzm6jXhLCcOuEzbjaL3rB/903eIUbzaCcH2xeT+kQ844bhFxML7UpxBu4V9BBOLkR+4OMK9zkscEl8CXcXEGoPSOMmaW+2A3Ho8XmL9lwMuLMlzUhUjdy65292z6uX3AZMLLx6LUixsotjsbeDghnEmYmqtCf5c19puA==
         set ppk-identity ''
-        set passwd ENC 8bdnDDRnGdGuzhmLaKSUH1It4F61Lx1CxPNwKXFZQ5tIbxf9gEz6G3O1aAmvxjckfE2Ioao2VpBMVLyX8AS/IDfJuu5jjuyJU75t0yqi/4BkAWZlvyvdcuPbL1i7uIwuULYUEJpUwO9Ni7qEjxpe17n3nHr6dOl/onsGbRIMtrVj9eJNQCvZvN60nopG2Rn4trDOuw==
+        set passwd ENC jUGil6ZHP5GBE5kOU4Z1loX03zqGaIr2oh0MNn9ORyq8ySijxaDJcSes3Fn4FL5gj1ZozPCQcgbf40xtLs+HVy2VsYw87OZugJIUV+Rv+Xl3gJ7mXPZXMcGLvf954IBeXk83ATwSkOKDL4R3yyV29Yn0EkUVi2a8rnZhzOPJ4bTDolzwRtGMasbJStFRkONtjGpzNQ==
     next
 end
 config user setting
@@ -74371,7 +58358,7 @@ config vpn ssl web user-bookmark
                 set host "10.1.7.110"
                 set port 5900
                 set logon-user "tmarris"
-                set logon-password ENC uazzGWuiTLcKDBLOcrUVngpV82yxbKWQQEhAZAk3vtNcpM02O0IFo07YY79qUARi+hmwnA+KXOXrotuLXuLZaKaMTF88WUuroFtZzoSAup6tFVptZIettXR/U5sT2pw6cMP5keTk9nBvrEgi2dM8oNGCwr3k3UWeLV5OsrjlBd5heWkOTpRT5MA67nAMmxWfx09BDg==
+                set logon-password ENC fNgkwWkoB9buh6H+0RadCNCtsp+q/8H7IuRmUBuh5Au002PLRUbA4r7mJ0jlCdLY2sWK4Zcx3kSbI/ov3IC2SUHWrONQFjGdSvL5ylrAWXqDwSKRxB+IM/zYIJPcbWejeyNpCYov1F1jTxWDrNvmoakY0LkbrZ5L65Lj0bVQWkDw/SNjC8HZQDSx1eAKspTM/kQoxA==
                 set color-depth 16
             next
         end
@@ -75083,7 +59070,7 @@ config vpn ipsec phase1-interface
         set remote-gw 170.161.52.25
         set monitor ''
         set add-gw-route disable
-        set psksecret ENC VfwFjiI7LU47vf8pI5fkMwsyn+R6NwkJSA9lbM4TNUEDy/k5l93jMcy20CskKHZmZJvOc9WByZNHdRwGPi5k3PzDbIG049uoEDUUXv7RVS0jsDOrHBAOKl97X8GKhShDtJ7+ky0o1bISFhx+z0kpeB0V2vU4QFlY7rquVfNcMhs72OtwGrP7x6rBuWoTleuNu1rN1g==
+        set psksecret ENC Thv4qDQZDuOMksNSbmGyGfXbFwFUn65/uWe5Ua/ZglDWaevldXAE+g4GxE3K6j1Wkw5jfhn4gAUaaog9+RlBAAvPsPXxr30rq3X/0VGFRpFbc5O8LKNTuqJlYaGs1IGuE16dCTZ7nClVjXfflKhwx/4ReCCSZML0l6qwsmyr7dzKGNUomdiAMXpp3JvSMp5OT5ol2g==
         set dpd-retrycount 3
         set dpd-retryinterval 20
     next
@@ -75138,7 +59125,7 @@ config vpn ipsec phase1-interface
         set remote-gw 52.61.115.188
         set monitor ''
         set add-gw-route disable
-        set psksecret ENC pgnEiLI+KRc+PpaJbpMRzj5LYY2VqBK7fkJc0rK8DZthFdzrTiOemGkd/AAZfYDfQzjXE2ImkUPGDg7kE/bpX7zb1Q+YN2F/weXGZLFLFiC2YeJHAtw4S3S3Sxyu0oF0IX4qMRQxN3KMQoNDHw4SCZ28uySpMuSGdEB3VU3aMrixvI/aj7ZM5FI6RNyVptPig/gdUw==
+        set psksecret ENC P/xchn5pt3WZAagt3WbQRYvJ9qNFW65fzPL9S+MqrZxSjR6G+AhvoHnLF+1dRpj5+hZ/i6tTQp1nI3kL4XiACZGCwoq3BicKsMmQv5T718kpxRNNZ7q9cHyzQNFCxQrpZLl6p/dmMKK1J4L8DYJrpUNQR92iepTqKT1dUvaFAcZWWGVv5oBonpKFUpF5zNjWGSO0Sw==
         set keepalive 10
         set dpd-retrycount 3
         set dpd-retryinterval 30
@@ -75194,7 +59181,7 @@ config vpn ipsec phase1-interface
         set remote-gw 209.217.202.173
         set monitor ''
         set add-gw-route disable
-        set psksecret ENC 3F3hUIePVaRfY+I8wb/5TSpoxIg1qHmE83OjoC12VxjhTgVMpbe+q+OFQVKPz43vDsp26IG1wHhwnwvcUWUcFMVsyhaC6vWBagpJ7bl5T5yQmahbN2O9xEE3PFLdEYBnw7cVHfYgqKI+OnK1AIHSXgczu4TF7OS0mW8O68ss8I1MJOp6tUK5I133uvZuqy0SXjvZvg==
+        set psksecret ENC h8V2yVeqHHEe14GTuyduqIj7T/DsuFMTA/cDA2PSzwlDnKOuOQg7zXc7c81sD4uB13evTAXx+GHMSGmiCbl+peXU5ltYL/MolMzOmpDMuqw+EoD3gZR9+KTrEK6PzPH5zSY091xUhDBMOIcWYmikfzMDeeY4jTEESHfOOYYGmkvhX9k5XVMPX4gZy3Dd8pZ6TQADBg==
         set keepalive 10
         set dpd-retrycount 3
         set dpd-retryinterval 20
@@ -75246,7 +59233,7 @@ config vpn ipsec phase1-interface
         set remote-gw 34.194.174.170
         set monitor ''
         set add-gw-route disable
-        set psksecret ENC hc9/IG0PLZc8nqoYi1AAzwJIUQjxZIH3/Rg3UC/t8SaPTSWlkg7+MqkQLSrfEC3jm1DxUyDRUr0tcq6QOdi4Hyf6PotXxoFyOC8CFqyTOExapKsx9TXEuHMnFDT5n1kOxyGymGnmMFy7k77gcSAnZr0TG+O0EGMG/AB70wqWhdiYonlDuXbTQKsQjB3srbUpO4R7ng==
+        set psksecret ENC br2H+NgJWMWmSAu7lnp16BvAIhUbu3cxWcO3j6OQgLFqEFbH/k6eF5+2UFxCtL38ER62N7PSZBGVUvt4HsTR2gKro7jEfKSQ7htPD9l/xzrsA1toI16uxYaUJoUp/MdHUhjxgbrlXh4eLO/sLIe3kbvlKs1xYQdQ0HQ3xyVMJ2dafhZG1rJ2scvxpACtOPYjZGJMRw==
         set keepalive 10
         set dpd-retrycount 3
         set dpd-retryinterval 20
@@ -75302,7 +59289,7 @@ config vpn ipsec phase1-interface
         set remote-gw 44.216.12.227
         set monitor ''
         set add-gw-route disable
-        set psksecret ENC EATGPi9D0scvkZvkpkFaOzrdUUZXZ4uOYcdZx2rM61DfX2MhXPfEhRGsOpgn4Gj5PlYXtIME7DvK0YuoHZHzR2sLfnSPHe15YMWsqA6L0kaUdMIAM3OTP7vT0F9QDdYF6IagN0NMPhAWvCAfRCb0ZHOnt3hO/jEc0DEeNPWakjY4P5yrzzzEBzjVYEVQ11g2nVwQPQ==
+        set psksecret ENC 66aP1+o+Z4MuSP0zKROQ5RnP1mPuBkX+Hd6BzGsjELW7sfTKb+s8ZSxz9qf+z3dKtvfzYHYn1yTNyRozj0BeZOibv25CUudFUBpuRAMWN/eEb2zrXqnB3adwEfjEhBfW4lcvViDp0+PY/hTWPvhHze3IL29+KY3CdGZJh/QSqtAyMD8o9Cn2TJnWqS69sSJqiFptCw==
         set keepalive 10
         set dpd-retrycount 3
         set dpd-retryinterval 30
@@ -75358,7 +59345,7 @@ config vpn ipsec phase1-interface
         set remote-gw 3.20.191.182
         set monitor ''
         set add-gw-route disable
-        set psksecret ENC JPr8gHWNJOHu51rYeimLjd4gIenOITSQkJuwQmpov1tp2X+/mi1yOMu/ArMbVGVHCpkkGaJd5TlV8+iQernJ0zbmIFVphMzp31ipxtYKwCcU16QbNutuRQHTCkacgfJITMzelqbTn1yX8gQmOfc+Nm5Ff21IusnWMuCX2e1JnSlsWXk93jGFKPZJ49jNodtEkyu0hA==
+        set psksecret ENC tP4eeigWlrSo0C2/pVI6rI5rGKCIYDDEFD8ZJCnhfEu0Qq6/JL95YogjkQ1Awq/kVBZBKGVFKi/oiqE6a3+RsLL1x6caltjj11eTOprw357H7dCxbe+Xisk6mbuVTTecNWtM5Dgd/D28Knc5NDm37OIErTMcyv9uMx3PrjIe7I9EON0fbNIPZvYb6lmU7Zr/A03gaw==
         set dpd-retrycount 3
         set dpd-retryinterval 20
     next
@@ -75413,7 +59400,7 @@ config vpn ipsec phase1-interface
         set remote-gw 3.146.135.243
         set monitor ''
         set add-gw-route disable
-        set psksecret ENC F42JFLCV4o51MG3dJgMhxed+wKbyPNe3o/gzPVt+S1v2nPkRxaRrDHd35UTK1e2aVDhnYx3jOStK78bFmN+EyABmiaM+7D75bTUZNH9RNPXbV3QfAupRCCkJYqVzw8IcD1XEaRepKx4kJJ0sYas+vLv0zC0XVpl6mdynwdhVQ44it345OAc8hEF79t+M1ReMlLe+IA==
+        set psksecret ENC msrPc3qo5xWDlD+qQGtjUbph6vCwWjbo2yYTv1hkjUuI2QrtRN7fQZ45bB7KPl6qaaHC/b6iMVaehdKCvpntvj6WWouquJ/K6hKkaqR/IdCCGTuTokyzxl0d2O/2Yv1TSISqQej0uG5fK0oJDkBMtqevZqXIqo1bs+HI4E5+H2NAu+SpYiKmq1j20yc4m9rTC02JQg==
         set dpd-retrycount 3
         set dpd-retryinterval 20
     next
@@ -75468,7 +59455,7 @@ config vpn ipsec phase1-interface
         set remote-gw 24.39.213.214
         set monitor ''
         set add-gw-route disable
-        set psksecret ENC /mqtKX5AoPJ4lKLOsjT8SiIxw9IfSbyAqR+BYCF3BcuxyfkSPZuWZaoDN4qSAQNSuJWVNlk5cMWNVTqS39vYpMxrPYEUgFSdBCqG74v8pulNq3wdcvr0NacmGlbjjXTK9txdlxiJCqsF1DII5lVQxG4/gIvxd7gq2gCzs5hqm54K7uu6GfJqavCu7OXOk0Er2v6ODw==
+        set psksecret ENC AO3lyWWG9K0c4Y2VOizFQErraPOp1KHXVSKn5Mj2MNst8v7n5XfUYiGl5FxHPXr4fm4L3GoPzBJsYfAJZtGsbOIbKam7046l3EJ9YAGk46VJwhk1/HxIPSoJpAkOuR+JI+Ag1QZ0CbXIFg47RlI5cBp9L220tB8f1eUE70SQEF3ZbVhIETfNNoUeIFZt72FO/72nTA==
         set keepalive 10
         set dpd-retrycount 3
         set dpd-retryinterval 20
@@ -75524,7 +59511,7 @@ config vpn ipsec phase1-interface
         set remote-gw 24.105.188.54
         set monitor ''
         set add-gw-route disable
-        set psksecret ENC Z7BghtxJ2bqbW81y491GQQbgm1fjmiQANIsczpkGL3stZKLQ/8cwEZjrwuOz3EQWG01Wr+5BgqsAMAXN1iSNAf3o0mHay3lhCPF5VU+FZa11576VRaTNR2QozweDDXgS7stmj3pIic3SArdqsIhSeQinRu+85AEzfvlkn4KgBm14I9tdZiueScCjz+2grJ1iAbDYNg==
+        set psksecret ENC mMswMzGWsJmz2wDPVHbTFnnLqRLXhmCHnas3HoAH/yxhBT9O516Z4LVzPHPQVTl3bxmV228aC9pjukggbm6vwU7l7pV7NOHBCdSgRVwPl7SRToHeIz0CFT+rSH+FYvrKhBFrqJ1BGFns5T5MdmVOntT3H1NQ0C7KALeCozNGMga7gFyYVqOn6SifMA6FyzO6bHxqdA==
         set dpd-retrycount 3
         set dpd-retryinterval 20
     next
@@ -78251,10 +62238,10 @@ config firewall vipgrp6
 end
 config firewall ssh local-key
     edit "g-Fortinet_SSH_DSA1024"
-        set password ENC Y9xX3mdkzIHV2YcNU8hUQXJ3MMURIZTO910yZ+TgBxRyTnaYOmRd613Cci1FR6SPADgjQFnsolMG1r731m53K5U9NQDSame1zg9OJ4N5InakFb5JjonmVe+sc82tBH9w7tY0DNOeUb9QY+8dgQFWF+TPXE3ftXScvdI2bezecQXI5kliJvOqhyQrXCEJSh39VHaXSA==
+        set password ENC dhvyuqbbrlFBbXanxSk1S07pWv/4e2obNGYWWbQrMdOoHTXZrguXzo3OhoCmxPHCDxWfHTjDx1kXs1P7yXORi3k3bPnxhSQ+2EF42yl96WC4LD4iFyPEE4Dwpraml6OfVUBhvu9JsIBdfzFp1G9CTKMZrCTPrTLo60dpFa9cTnW8WvwsxEAWNSoJdPThYFSaQYvjEQ==
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDWMdT3yG
-/DLzIBU5O0UtJ/AAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDho
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCsTsvNYA
+0b26004l8z8i7xAAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDho
 KqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTq
 a7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq
 7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXk
@@ -78262,114 +62249,114 @@ jxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFR
 XsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEe
 P+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5
 lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11G
-wlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQAAAHgxMcP4nd5bs47/RHx
-ArZUDjNCJzDVajX1tIDHffLzzlLm2RRU/wKXccxXn1TC14JdA3gOmS/hFa1C/ctWGGFdz1
-RDMGJtXQ8+APtMlY7LoLq0soKjkNkY5KDgGBqbZ8dLcYCKYfl4RoCWGeKNYKjbdudRmuix
-GP/Iy8L+8qLZd7rSDA6q48zv82nNbPUCtSgRLiG9/CDTQx1ICwO61rdjQLqvwycJ7//885
-eXUyaiDA7DD8p/Q/y3L23iLI/t8VEe7sCeFcoFPmJxKURNoCg119GObjEYNDokpv9QOC2G
-/uGE672Yvr9YFLe1RPwWpMgQr05tVu05HiPvRlX+hORf+Q80PQaxyCnSGkGh9FHq2Cph3F
-nOlujutMPe0E9do0qGavzo7yw4g4L5fUUxgUoWLZPfE0dt7Dy1IP+kltIUqGu6a2StNq8U
-rYEYAjVHzaKoU+95oZLimCj0n61LyCNXVg+gcIb+FIq6B4WQhRNJ0ltK7k5TKvCcnClWzj
-DDVeZYF7XOPX9S38MGt9vfWZEF+ZnUrGdl4Py5khdfH99mlSDwt42flFQf2usHNR3ZaaHU
-meM/WUb803e5fUpdeWXtOx9b+YmRujD4g0N49/OISwkC0MIfhdG2FDsuvpLiZit7
+wlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQAAAHgzgAOtcSS6fPeDulJ
+39PdJTzYpcTKSuHcUZV/mNHTzVhJqQxB6B9HLzfNKCy3EryifKql5HG2hhH6sggu00PbIl
+iLwFSIZRomdxWdDEC/0iOm/SvFkMMDR4R1VjNiqNsZcalKL0MuUbD65eRQEMhNwU+NnfD3
+w9zUGnQIrY823ehOaomlgzFJyBj88c3wOp/QAnaJwkK0q+F6pPUrA8Elyxjx95e2ysstac
+xjp4WRnWaAh13goad2tKPYRZr7LBYRpJMDLrTuedPzSbe+qgKEeMG3LiOX5dSEzRYh0CdL
+YihrYMyiosE9Q42QWGVt1tostNWY+P84pl6Ums5yH2ePz0htMhv6Ykcw+zuDGgDPQPIep+
+YivEsMViSNYAftgwHjKZY9vSm9Z080nCD1Y7am2KxKiDxLZjMpGoCqUVj0bgMRatalRs9e
+ZeRwi8Snls61FjQiyIFMcfKsihvBrZaFKIz53IBgSFp3t3vmOB1PVHy9oW0DqP8vgCu6qy
+wgqiinAB9ITb6R899zqkf6OTL/gTmZvZJQdG6X/L6xM/GeqAlbNqq/XUI2W/3AGGFYurRb
+floJVo0ZGUcsZBwbJZf83CXohyF0ZxU+BA7z/THjasuxqgW+xil417cAAMx1kY0x
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDhoKqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTqa7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXkjxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFRXsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEeP+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11GwlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQ="
         set source built-in
     next
     edit "g-Fortinet_SSH_ECDSA256"
-        set password ENC 49oRIInvPlx7npGFnRgcR6cSUK/OAz6Ka2Wmm6yZDPmKzel0+9zuRJWy9rtYWsO146Ena4xMZHs79QtLWebYNwJ0vcsWCbclbD0ke9agm52d5lbtUkKcAt+PxupCeakxAhlYzBHZuhr3xReFgAnYmlWuEDjakyFB5Zyl3KHqf9VcrHPz6Z8eNA22iRysubh2ebZ2/w==
+        set password ENC 1X/laD8ay+yw+vhtBl9ZCoXvPwK4K37Y22n7DiVUIVGAxnpRVr3EJLFaDk9ldwzREZiEkL/Nwx4qgZcBcw3+aDFAOdm16vKd7ZEX+1zi2Yl0IOktstt8Sh32+hYPuNXxBdvi3o5RSBZT6l9i2mk8x+BzYJjeDQaPe1oCMeC1/BQ6CZh75lIhKo21hd3q9ehTN0FI7w==
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCYj0k4bh
-mxNdVne/WYI48/AAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABC6LqlkPY
+/Hdb6OrWPuEFY0AAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
 dHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvK
-y7MHqF8ARHi1glc6RSoarryTUQuCIAAACgQHrpN3sAxVooYsKXIb5xGNvvwxUtTIIAisaQ
-ftEDAx3nTj7+NLlPATgMRDy12pescKquy79fyCFgENFUP+K2pfPsb2IE/RdTcmBsL0646h
-hL2sHeuvZ/mhIMti3oLfj91bBs7TBB2MRvHRYvcZD6rdAkumBmyrSPUO4JwqSPkI68kBVo
-C9C5gBWgfhqKs6DGgceAFVxbb9+RWrpH9YCpIA==
+y7MHqF8ARHi1glc6RSoarryTUQuCIAAACgVxupR7dKdgRH81tvCGVVIDuY//Vx1Yi/Yk0h
+BPrtDwxQhyoplotmX9mTOqazAvefWgTaNjvM9ijdzDa4ZaqNRnnG3P2I6Q9MPhjJtAXU8d
+6sLeriRKwNwnKx2IOvUqw/Pwe6rsubJPij0vXYi/cYVz21DERJvAG+5+1ADdYBbCKG7eEH
+84sWnBQ98dSS7TCNT3vSK6o2Bd6JddGULj+UPw==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvKy7MHqF8ARHi1glc6RSoarryTUQuCI="
         set source built-in
     next
     edit "g-Fortinet_SSH_ECDSA384"
-        set password ENC /kAIGz1wkRtokWhycIbhmeDyK1BlRDlzePeSVSP0+CY2EJaNEhb9oR/orohu9DkB6+/dSlNB0q4hiknRg2jZ1ey8M9/sLGjYBmLZrEMzNJvTWhKM7VovITXKP3yj4VVnvYDEzVAQHZEVSSe6ss1NOZmoIbmT5AtPb3VpmFy7qGb8lDLiCiqtcRvuHa+dFeX0uj0ZgA==
+        set password ENC qG2EnF9GYeRSpsxlTspXxLXHh53Ve5dArJGWk0fBhBuHtF6TXWfThrdC3M51Vw5egHy+dlGO7oapPuZQ2Z9iM1qjrLSCqX1uQMj4V7keUuyQ15YIuPPoNkIlC/j1K4SVwyYrjIYHjkQEZ2hLdzQ4nUqOjaY3LPE4TkZzAGSp5l7SZvcu5/9PSETtIHovmJPqh+XnyQ==
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBN9BRJMR
-77/5pUXIX3azbHAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB0uOieAX
+++ifn8DLavtjHxAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
 dHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMj
 U5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXx
-dgAAANChlajlzxrBilfuFt0NeQjCmvICKuDRnd+bDSBxAVZcAnFPKPN/ZOUsHIFry+62R4
-xmcknYeWtA09QFKdSbyeOUyqI4CmeqxufXPlPk8N2Mjg/Rub53WkREGx7nv335EUtKyIIE
-qc7vNaHvrM8CbUwCD53Tmrv126aSxuuDEBhth1CkIT8LZEcTEYRSHAZEojS8TB4UhHLRfm
-Rn+DmbJga0IDnPc/ZgNHGTqYx2toV2Fy/DCJ2en2FejJU89J9ZFrGUfz117vVweEVGLCBr
-4j10
+dgAAANBLValBjOP2r5C1kT+Yr9A5Ce28py9bbFBwKGsyJRRyVOmJJvq/CjlgWrdenCuNED
+QUokZvQZZhhbXnk4KZcl/XWrq1b2lCxwSBLiiGLpyNUg+AvIRs13UiMZtLJLbxRR43BNpZ
+9FDCpid1AfE6TwpGvdx1dn6Ah4nfcxO7emsKe15Gri6KKxZxLD2ITDErEPrfZ5S8FBNKYW
+HQFDVYdALCo70/aeJhlUqqW4Xq2SW4LLvSFw0aeRi1GGUS+ym6ffR9h8h9cVatLZs8h6st
+2F3+
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMjU5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXxdg=="
         set source built-in
     next
     edit "g-Fortinet_SSH_ECDSA521"
-        set password ENC uQFvSNKh9omV29kUxynenwJzerBTotbeH95wBgTomLSHyG3JfmWFoHc+x/r2TOC5fABiXGf3BEZAIiqpVX1FOzi0L2z1C1tv4wfM1pABtB29PxxO0a4Zo75C2TcCwirzIBe26GthQyR6Y43KE1DbYz2btZfIpjDSfB5I7asBIbzRg1xTJPY/nquRqiT+5JRV8usfPQ==
+        set password ENC I9C6x4flnzTrW+QM9crCCIuQB2u4aUnF+J4FGPcnnKYhV29u1lqVQUBZWhGroQGXVhu+Hr5iQEwQkdog9aKJpBrunJ1wW+n0y5t1V34OyNZ2iWkdtLJEBZWMaFGMz0oUXskGG8bDrxkoevbmc5d7+eR9oEN8XlkIkvJm13QxNX4VXSDmO5ADX9YOLAiFz8XC1JEp4w==
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBTZME+kF
-3Bzq+XqVo08S4FAAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCBJpFvQr
++3HPGMTII33aC8AAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
 dHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdF
 t5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+K
-HPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RAAAAQC/5NwC8S8n04Bskl
-P/Wnde2xZxoWXlBYuV8iJ8OmT7RRVEi3NhVGbIJMqlXfTVi67DgfbtMpVNVhO3UMwPAoC4
-8zcMmJ/1aA58Y+5H8DuYRMfAnuky6vWJFBA4DXgx/vmrn8UK1E2xgW8dgaEEDlLQPittQc
-hlwRhgSZrJoRtQPn8OA5ZNePcblOq1WH6PanQP7Bj2SubMTTZ0Mo+gy7y11wDAMd0MYN6Q
-d2biFs9XCB9xGNGQIrgOEUQoFJ8AyrbQzZt3Tr7tthp0GDyWoCNICjY/vKS9Av/xMMHaq9
-cjEJOwfxqaJfVrEn2/6DS1t2SyTD9C8imQOI2xz/fdVCaO
+HPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RAAAAQAIIfxsaGk5HnTJGL
+gKLEvymOn6YH6QOWCl3sPREJV3f1eePm1s+1AYbP9In7PkE7QJAxsFua8lebxEp6Uif4xA
+NkmFr2DxyTQX109wM71cssRrSvjlYiMJqFd2l8xeqlZA+2YEYCKkVZnJBry/oKoDfcELyX
+1EJVj9DPHrjRA1Y0VqOyXqLbmf5iZaLZskZ3LzRE2mH08rL5h+eYbeJVD0UmKN7NdwJtU9
+We+TPo2xrB6elHZIMlV4ppGUPifwR5ni+ZRgS+o/+zoHu29PEvGztRWNBN957ZaTGd5eNY
+v/mW78+7F5tmt/KkV2SW7sJmZxcPoA0ONHwtHmaHqdhuua
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdFt5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+KHPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RA=="
         set source built-in
     next
     edit "g-Fortinet_SSH_ED25519"
-        set password ENC zpC0P5ByFkIBjVgnkTaq0H2Hi/mhIP92Qb3PUeoTqN+8FrsJIdsRgJ7T9HhhlBxlJBis4De9NKkrQ8NSER0PSTUZsuBYOmjaZEbQXNZykTc/+lXuh/I6hpbYKF358tRVHZlySm0lSX9gsWLhRkdqPXPKy/7I3nreMqMmLvwuuBQzCOn6E7IXeAPO1ZNz+/5H1g5OwQ==
+        set password ENC EXEYgXaQI2AYA8EsfrkT1asyUN8Sn6PVuFZ6i8TSIAlWMDcPMqbpjKphbV/Or7ywQq7cSIUWCUirVwMUx1kY8WeeOnZbIJ7Xx8h8zFEj4J0+2UbWZFXX3gsWZx4GQ55Eqd23LU4KA/Eac+dTLqdjr51l3GA6p/EwZWyoIUI+ahYZzN7wQsj0S7VeWOMtelSa1NnjBA==
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAedjCOkt
-+sFbLzTS4y12TbAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd
-3JUEAvHnugjOGiXz5Puxg/8YfanOAAAAkCa1NSX8hj+j3jVwv2A2AU/gLRKzX4h+Gwxyxz
-JeBT+OyHbzc8MDCIh8a3tf0fJiQ6VJdj3JjhBrp1OWfy2GHkfpMInRlGGz0Hu4XMU702a0
-MgwELDyqSpEdZupNMH44pIjkI0iY/ipgwuNDOTIenADwbqdkC2oX9XA3jIutAB++JU4rvR
-NwgjPHD1irGOM7Gg==
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDW2SdDDT
++IBJQ0+eayPutWAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd
+3JUEAvHnugjOGiXz5Puxg/8YfanOAAAAkMpcWN7RXKH/uB0iWRlrAKTPHK0f1xqBoz6yqO
+V89vDInRfhlwYhS9AuFfm2OElbDGek4zOMNpFrGa7tlJw1NC74SQlDkBe1wrLauUy9MLyk
+ZCBfC6Gw8g7S3xwMYKQ+AVUjfQ2x/800xJhBLKH/3X5gtyjIKuXhRTEjZQBbBQjWtDw++i
+9pkiQ2ltDNDw2Upw==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd3JUEAvHnugjOGiXz5Puxg/8YfanO"
         set source built-in
     next
     edit "g-Fortinet_SSH_RSA2048"
-        set password ENC EL0ghl3BVi5+4/Gf6lnqdj0LM1XIWHI57vPSiFyA2di+LitpfRojbgUBptDuRMP3za/wU0VDcHOOHpH29g9DiGa11MTt52j6MEk3gDUpJN90uYIY+mlHrc5mPLgmxQeJhus2Nc90a7y+0oVtwj/83dwtXH5rKKNJ5vqSm5U/skO8QNyLwvtrz3Spcte7BKrgzQddwg==
+        set password ENC jhAhY0ybCXm8CYS5+qoM6uRfTgpyq7Abkp7di/qLfxjBzXd302WUwSCzJlCYmNBzzAwl2RfJJ6v6rpGSwmSCGUaX8wlu9/IyzN5l8xkg1wLjVlIkrP/M+NS9GnLqWJHWjCvJz+C3kwtSVeo7nbtSO9ruE4N9e1rwQ/nhhnvT5P8uVpo3b2aE7LB/tgrIXUXTTr8YMg==
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABA1mO561N
-c7CpF0rN+BdOBQAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhh
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAFQPGDpG
+Q8o+mktySPJqK5AAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhh
 Q5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7
 A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GK
 hFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvC
 HA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8z
-OSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0vAAADwMcyMNKCNYzFHF
-tA305t53D83ogXcTrwO8f3ScWdcLBap5o0aqwfOrswdChdOytbHMx3lmpnLZvFt2JbcqT0
-jDm+ZSb5NwFCW2h5MJlnLolIx85H0ab7XO+JhK1c/J3U0K/m0Y6q3uXObJsAInPNAJDjqL
-VUxgIU438n7dB/NkWQWNjVaddEO/tK9UzzUd5a5JuG2lsukXLGFRC0XIJ94Q9BFuiziNmX
-QUZ7LRqm59ZcsixGSQ1YApEvTZFf+Yd/umWIh9bbHeCAZOWZukDy47VLy2uVd3H+HLOSno
-ZBpX7xa3c6mjI/oHgz7lQAybNzbPoJiBKq5VlTBhR9kTdB3JnnzKegLNwRtsdtEim/O4xJ
-QPxfwGSzE57M9OgPGZMOuFu8Fh07tV06dUnfe9mGDLiQ3HWCZoRW5tuCE0fsieAseqqEiS
-Vy13DPGtkSSLUKmBpJQvR6yK79GtMyIxZEmC43xHmCghHTebSnK45ikagYh0BsK01Q1rx1
-syqY2Ul3bwCSCTuK2sjqnmgGEIIUI8Yikj0kDLSVJukfxdjU/c4eOcqj8yuRbQyfzFmHsv
-debbeU1+oI08M0c5kKVTNeTWQ0iXuETJX1G3gu44xtkQLbCmF4K3byAPGnR2FIBG8tnPaJ
-JCjhZQmN1nohNXt5F7nSALJ3UVSpzD6fnKBQSfxbKN4EAggu0NpX3QyhoDvWx378MRukGn
-OkLi2Z7c/iZrS5w6Jt+kTJ7n6T5ciiaIvzgi7YjtS7ogwNQfodpXC/pd9KE/H7hgrtwclt
-bP9bkpWQKIh/Z4hl2B8hqHDk1wDhNRHRyT2rvuoipJLroyYAZKxS1qerGuArwmxv1YNeNm
-oq5Ibisn/CTLT6zVaKmdHD+qBGd46IlEobgLRd3bmKsBIf5hUfd+LcThhOT4OgjgK2jqAS
-zOLrNH/Ns+Ut+tz7DhzoRhoTzfitjKdjHl8libziHU4rbulbEuqhnxlGrb9G6xKeFOG1Ha
-JUkWoRzX5/tljM2GZRQciN6BF/L9kDboLnR6V2sOS6r/BlnlUMmKhxC81CTzejn4I+XSYk
-Y5dBb9PhA2dJuhkgZEj4vGDkXdnL0fSI9qccHAKkAjd4ECFMRtqjnkdLtUODi6EZiZYDJI
-zcVK0VdeqiSP2M+vx2WwLKdwVBdhHXyrxv5JGwKaYkmaYwFCJ6DRttHlaTID4HgjVWJCVR
-O9UaKreP6Uz9G/L0J54iEclbiKHkC38/IMhi9XhslLzD39f42oKLedWYTJiVgsr3klwtMk
-GvWZyLtg==
+OSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0vAAADwBoKo+7xugNDDC
+Xb+rcQGbPgkSpeDCY6NocfPJ99rrKPm2/Q230fzQ6LHbVTujGV3K+BamTb+CjXkZaXlvU/
+OrscZtORhABTRBd4/oY1nRjSDvQerQD8jjKAgJvqWE2KwPZJkenrdLPQeSjvfCTt28whuU
+FBEEsoQe3/L6FKL09xCmyjv4nozCDd6+/qHKhTXa3X9kuRHgjifu0GKAgVzVCbNCt4DHKD
+NzMLQEBvluihTyHefkeb0jY1InbckYU20NljTqEk0/F2koKrYi3YAg0mvZjM9tVx95zJNo
+TnsdlfdUZXMuWAV11rn6QrLfd8QrGwOUEWtYzZRhCcSFV1c32dCWMf7F6Zcn84g64HVMqB
+cd0ullOU9HmEtnbgZjtGXAWLFF+4SjmsHqI8TL0AZU85+aW6JB5XZ7WxunNSiP2DrF9Fss
+x8Qz5S/QJRb8d7lO5Laq4MGXyjaWpPQU+4Hl1lSBtuUp7lcMHMYy3jKXSroSzcDGocEN/A
+Ori4Mgc/nt7i7HHXOO2wEXHO5ibYfbSibPeUsbgdf6+777ND7kEXbcGJPvraeR4LmrO6T8
+cTLkXCakcXp6tLzwF0YEASKEEsr8gJcAPahsV2ITa1peppN/yA3+mW4bfAoNOE9HZYiYgO
+/1RGz1eIW5voQdPWbnw0kFGFBv4u4XT1dbXJUPpa/g+jfWjwyb4TDgVpMGMezfyYo7EBCz
+E3b0Rruyfo6AGgK0UmbrznOR6vApeRcjr+BrjNUPpqBcwfEbAPJMOlqaOVP3B37UBpbgDX
+pRoIAOTwEKtWwKN/wM8CmrRxqInWUBxf3FD4wc0O6eXUDQzKsQp/+X3l8sgtrNFa554LbW
+V5QF9BfO1IJig8yaki3xg+M8Hrf3kMlMeOWLXkCJ9aJf9GUFf4InyhXeyj4YwBPNb4FRCS
+ETU45sLhXhvRVPQGW9/PBj6y7i6qIE9oqlqiQ1SE0bUJTxey+4qD3WkPpHqSPQMeMkUmIv
+tpWKE15D5NTdKKtziX9e7D9mjfFh4Ab1CSZQALodWo9racYYIgl7Lfq/iLBt/lCRb75ZDx
++gPGjDrAuj+A4xbRmrRZbSHAVunAm2LEKgrILzfPG1GcWSdB0Yd3cc2HTrEuWQQsbNPiuN
+tRMPA5JODd1sqFRkUjZ2GWqL6YW2TlRXr8ZbLgzyWTlWY860QRUoEZKAKuZzFva1/MnHYc
+D9EWV32z3WAFXeOkdO53LirfXoyvz2JkQ1sDLFpLfpnvZPjy6fUd1t4uZ9oL4AUcG5A+sH
+Xt1vvScA==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhhQ5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GKhFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvCHA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8zOSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0v"
@@ -78378,68 +62365,68 @@ GvWZyLtg==
 end
 config firewall ssh local-ca
     edit "g-Fortinet_SSH_CA"
-        set password ENC P4wjZtqu8uzHlVWquUnrT3mlsbBKmg8sRUuOiTH+G1rayO3mQx8EI5F9aizdA6GPxFZIvUP6AqrLIvyHC89MBYaq3MK6JtypEB6jPOgnNEeff29Jh0LZ1chILz/nrxEl0rFkgadwvXcqfFpkF5MkOhqn9jOREbMrbcVeIIMaWlgHOKmVaHj2fPvtQeczOpR4Y+nvag==
+        set password ENC QsDYrVDl8CQ74fkwBOOhfbyJbbpey8V4g6qi1pffVLSwdRmB12G7mFwLfj9BfQyrCXbLX7MCJUmFhnoEROLT4RoD/agBFIFn7mfFlKrpc9TtGqxKDpHr5SJT5twex06fecICOGQh4yz2InXrAUEEnezPrZx2yZXXzU6jJZ/X6qS7sFOsGHqV1WFhagwtV80nitRgIA==
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBf8C4hJd
-+M6AVhFqreO879AAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAAC
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBXtpsaPd
+cKixlCrpH1L+AaAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAAC
 NC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+U
 ZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGP
 E/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7A
 TB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIa
-Mk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9AAADwNT2HECamLA8UM
-fFNSAnPj7lq5k64lxdOyGKKbIDDF/wS2H8g2ZlCuJwGpgHoVeFPiqQhJMjBSfwWDS8oOZA
-po7PyvszP6XAbnIpBHUMDNdUr1Clso9ra9d2oP43fjhzRSHBD0j/x1nJRvse/cP5XuCa4Z
-pGFpgVsz7q+XNEXou8YpAndqUebw/wm3MNzS2AE5YYFQofhSKBxyNSYrsPdaoasmwbnGuv
-XW9vPFnDxNNJ0IkEUeXAWZaE2sBYP3qD4C97curFpYuAPYH5FnvvMLuUtyRFzYMv3WKi8z
-Mw+01rU4yVtCVoAMYCfqjnisIyxgyQHLpLFfWkvIz6IgAQWVtBypJHxiiG2wcLHscWI0gQ
-uCMN/n5QkbBcskRpy52lFypQ2eosTLMzrwfqQF5PDoDz/2Jnf5qXK9hQsNA3fHn2KoyODY
-VmXb1G044Qq3/3ZsW7zkgWfyWJ1fgcIYiJg+wy/KQBkPlew/m5oheT8bs0aivJ8FW8gS1u
-8zq/lBhWxsSsCfD8/nD9ROanz8yArOa8WfF/BFLs1UqkB4oAuVa5dA9xVhIeBbeA6E8eRm
-ucu/a6+tmjaELkiwwscurSqEgELD+K5esR23MAe/Aw5BuzGHRdEDwa79PuqtgpMP7QEFND
-yL/Xe6E4TGMTV5hQYpj7e5dunhr60rd4kg+ZAgfRwDzOaU2ry7n2bSxY/Cauc/dogM0rbG
-SHCohMdMp0We53Y2J7ffmZzDySRIfgxRpjGN/Zv1QH1s3fbqwEG5R2leAlG0+bdN9jXn5F
-dcZ4TGrm8wluUwfrU+mXcoAzelwuphNfbzwp0rIEnxIZxd6puFV7Svlsg4STr1YvA98E7N
-2gDQhd3vYyIFPZG6CtAjzjP3e4KzEXghjgHXLYI31dS8HCVOKCC91tTc5Ojll76jmakIWT
-r9dhSvjkACc688ixxo40qtX79Y33a8lEh1YZqPZ+qF/RgwQS4Wpa8hyZS6xFN2kMtQc9Up
-gCurTRhfA9R5c/Mbgn097CYBOwu3nCfcjgBQ03xwmUJpB2pVKngd/dc/n37J2Z97Nl4Wu3
-Zs4ftOGyqXgmM61ddTYhF6ZZbpjBkdKFFEfl6XkBZDUiVaMsq7hIiCYUCGE/cvljzYuntt
-XEnf4fO8Ifr8sviwPE4gRaHHePPo9EtFAlSewYzeI3M1EkYPAzSf28ztk74FydHUGfqPkF
-RjGiTkUG4NozwGmSG3LGYleBc0CySr+j4Q/qiCEgRQpkihrWkO/j+ILiog9Trh5x/+c2X9
-V9G26szw==
+Mk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9AAADwP015jrfUNd4Is
+nXeV2jaurZ4OE4N//EUdqSfty0cK61mhaqrWUdyzDhnsPacuNYO8Qf23oNsuBMgQk4VgKT
++RhSuipr6Q4i+7AFEdDz8JknAaIYmQQUgPli583uyXKk3tCeOu3lna6rCl0LQTUigS6oby
+5Ha/qPEZiTqGkydWdVm0J9q8VvBDBMIxYF2IEZTr+Ie9+N+fy53FwnK0Hfn9ZzC8eH2GWI
+pdDeCRNUlNbwFcNIbpOlo7HelDLxWvrLexIhdbEsZYfK98sCDkHAg8J1UtjiRXDnWOyamx
+MYL1FfzQG1dl/d5uR5OH8H0ULsu/PgJYGtNeumS7phEJOoqVjrWEoGCte3WEDdLl9kOxJz
+8B6JR1U0DifuSr64LrCuaLXjSd0RMQ/pqJdUfpyjVhBg+voS78b0J2CrMT6iFlVTgiJN/U
+wvCx4lh970xWzf/wwpRGN8aYM3oCZs/bDtDVwJxMttMFn/3dNTa6+E0/g3vPWM+o+/FUz+
+OKptMFTGqCLNwtLatTSRWFG3xu/5hIH8zlcSjycgu8GHeYjq3PRZdy2dFsAW9pUiaPIdHD
+PjoQgl13NZvl5NZYUDTKGqOnowLkI00NvoGlCqCtdMHtZ+ZMVZpFhgYBTnM+AprRbtiwWq
+JFRmwJlqDYZd+J1ugxuzS1UeN2lzs56GOPFnjqkhelrHxqq45H6KRNLEyCxyI6BhFFO69C
+Qest9C8MkpXOjU1+9MAXJ6JPbJJT5o2Fm1r6W7IlpMVifgDya2dSkvUBV/bUrRTB1jWAlN
++dwlacXiJrOEmllFNQr7ZG4aIN+tCGnRPO3LBIy5EQqORaM6XxmlN0Ok4KELiVQz+lYRx4
+KgREH9C7Bfh9GKZJQL7aWXb8+GgkD4WGN77iwKu6LIE6mOogapRn71Ci80/+NL6uMCrBKl
+uArsYelYs+3iZDAfRb67cqDSYWIm2uWJ9j6ZePWjqB7etXLfheIgPEXALsHfbzFqVxqeqZ
+8hIoe2BIrWxdAKSk0ZBeGhU+8pWqNNfr3FAbelg7en3/3hddLFKYJnImCsJnUESdySg0nL
+s/IjFJJoVg1KhtMsGH5nJyDBLRRSk2hIQ86OKbsWmtQV81kwLpssDBAtvI46Yi3aR1jqof
+S5QDHEI2fEhbvSFhdY26Vt9M+NGxYRASMoak6f6CYAC9xAG3BHjiBiEPzhkK6vmcfjjX+4
++y5RZ3i75Vodx9N1FYWlhGo/430Q8E1IlWSAYlW7elypTnrfpHhTBJ5KN/cH0jRECai4gr
+ABMNge5w==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAACNC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+UZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGPE/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7ATB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIaMk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9"
         set source built-in
     next
     edit "g-Fortinet_SSH_CA_Untrusted"
-        set password ENC sl2ju+B/R4aqafx+irXNsRMmQwzhMrZe+huL2+ZG2u1KbOvH3Ym1FkEcJUWbHtGpMt2qfE2nIqH2ZNiMLEJ//iGRE7HGf+olk6oRvuUlvgqxAN0ExM3pZJqYWpcLIzGGpH75v95hI5Yi9FlDNt3oeBuLyZztq/nSE9mN5F3J1YHz7W464cyx7U/PBUVQvhAtwBNwjQ==
+        set password ENC yjKjBoK49KYhUhhGnsGmKan/i5ZHMrJ47YUaW8w7NEMXTyA/sHzukVQoT7k/PMp8FatMB3AJ1JSdJ8tJnanj/IYGEtSy4KVXaMVKTp5bXzCrLFBhm3X+Xhj9xFNpulA6IaRkniF/EAtDYdITMDAuTqadV2Ca/EIpBr/Oa708PchbMf2vjx4RMV5e0r30KvCA8XPQNA==
         set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBU2aLPen
-uU59+GRRZCZgSJAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABD/KlvLSV
+ypHyY6ugUeE/hMAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9
 RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lE
 ZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eU
 iw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFG
 Xi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mv
-NVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZlAAADwEWDeIVUpNfN6N
-N9tfe7OnulqQ3OdP7T7M8A596uBvR4P1G7BAcPgC+xoTQP+W94crBOhoq49mlZJBJGnPwg
-+ufxwO8eg8NUAPyMAaS6M8yaTcFvopwbZnMo8Ioey1rX/1JD0W+RJwV7N8FM95waqsjDnB
-fLQy2F8KvzvycsQF4ATAVPbrkcaED3JxQEiHtlMZuIuCtB3Gq0xYJ6sz84NpW2aXlPFzuu
-80YhUVuD7oZESSRIzMZ35/Td1rXeP/JOgFkrL0NSb7RgaHDqFKE4LHC+o+NgskxRPumlhb
-H160LskSooMIVZCKGTii/c1Ipo2YVrAeaUrxgRSGQPeHJ4pivs8/bYP9fd1AHQ64UTX56x
-P60fOA9lhwQtnlox+7J6H1biMMrwboqpI/19y+Qmfd35jbIUTwzxbEeqw55Vxcn29FGU1S
-CtkHwyGB38OFFlawdb05PMT3X5KKXmss8ge4xAoRXooNbVAy6p9R0jrSyU1CKvnYoXPyjd
-nEa6FBZTJNo9ygt0TnlNYEpdaCmiknxMxxnHN3oVLpSLeEHjEqFIXwr+322OqN1Wt90pD0
-QV/5UxiT+bX55IYcz0F9Y05kw60Okc/Gy6NGPyOjuLpHGgVWI+WDueR5sBFP3nQmUjvCi6
-jzzTNgSQV9ED9klycj4NCqNZvbqHAE3PKp5hRkUZ4GB8aGb2NzuUs3cx+JDgLxIW5QC6v6
-kfgc1FAYaVH2cm+FHX+pt+uSqB38RE10lnfnR1oG3ldegelN4lJYkibIafYynDrzv1Xi8j
-Oqd4z/ds41KcGll9gsWclP7MmhL2s6w/cOOwRvZRDNknK1uA111B+yPdsuA78N0ACYulAX
-HT1aiEnwFjfaZauBSPtJex0TbjAQWZ5b6+0XAjkfru+ptV9GfMEsQpfHBIge4JmkcXCFoE
-czjAqskJ9YddKe2FfJGxc1jMCkmA+h/2oR8OyMUSGXxTwKLPabeUFwBuPKH56PqAjIPoKW
-4h+EPfOx3pPY92rDvZ/ETBNf+o/vvxkOPmh3TSRoo2knQvNuWiQ7OPGXrXa0PeZ1UvDRuU
-PMTkbpooKletk49Jw8WOzUqIRd8yF8g2i8tzZ2Xlr8RnOLRBsOzXagjBGyk56kAMhaOOrm
-n+MTbxpM61zYilvCOBeSIvzWp4DjjqXfuFcEpzEHDTZ9Yvz474s1qinmgEibtYSoY61d9d
-QxAI2xneFlb207A+/PTuFaDoCE9g/CD17Rc+WoCP0eU8p/yaLpWIq0JQyEXK48vKCJcVvM
-gs3wZo+Q==
+NVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZlAAADwDMtKa5JA56wxK
+0V/lnCF4yiSneXjb/G6Sdt6RMxopk4ZeIrHTzQYZejJcYWY4fq/1Ifu/bhWryo4fimHzQB
+Emd8yKx3JVno0jqb+DXgC0ggoOVyEoSxImfjeX9utZifTv7IDppx5JIUy9fV0uTa3K4OH+
+xhExXukD4qKjlkmOoa1+Pn8GuuayjIzWY/45Vvmgx6cRQJ2zK9YzMrf+1atXJzEmjsQ0t/
+UZd0hWfYfTebwR0JTt3tF9nUJPMx8vI564EuHz+xN1I7CQdj+Oif2bTyv3Fu/3yKQuAm6n
+NRDCNj+NgMHyAu5q6rxIqHTH4oZnJ0OQwu1Gsk8FhzMHZdW7ZHOIxihR71axts/g5NuBri
+aUyfDT6X6w847kQO/ijODuTD3N0lnsPQMWCijRUrF4F0l3D2hXM1fNVELAHkO1hO27LSrC
+iNWtrhbn1NmJSitwYSieTTczKa6+TkRg31w52JR8Cjpk0Q/9Xih8p5m48Ywo35ZBWE3jC4
+NGeXKX5t8hNilVuHb6amgNXtoREM178ursALABc4uPoqV5jdKjZ5HfDgxPayJP0a02iD3F
+zpXvq5+Povk0WbuRW0cOg6Xri3pL5zr0YrGysKKV02urJv7AMRr3e81kzIs6hGDAdFRZEB
+VaLk8e8GIm1KdutZ5VyunrhEEQuXjwRbgUMHWbLYGyl6NcR6VrTR3mAxietZJ+vpO/j1U+
+jL+RcZwQs2RF0l/sKJ4GYXEKG1Dg7HaduzQVX5MZMkf4YDs43SZMCP2gecIKrqZpn9MEGk
+1JewLIQq7bioSpXHzLgE6WyXVLsNNWrEv1/BxJIKtZ5BySsL8H14kzQYZxcobQ3jZX3GSL
+eaPyZwBs+M5VadHELZp61eUB1+OGMYQOHogihV5KRfudQAjmtak3e5xDtmXzrNaKF+webM
+vMvSL6na2ADlDjS5m6FB4SQhcO/e4DERGKHZVV0r00CSamcTDCtcBHXNkoIQJVH0+uZxfo
+/5Tzu5Nsy6QieR3zwT7Jqv3jgJt7hnhm3tjE+eomJ7i05qYihnvj0XAAtRllhq25UhJXh1
+Uaw0c0H18jz0NP63FbFNXcPJJrhQkiELsZvNDi/U+XvbLlwwZZjXYrzSB7Gi1ImFRx85/S
+pkYR0drWgEM1k17hqSpS6RxxnL4ReX4UuwC8pJnkHFkmlz6oFWGJC07qcS7WXaTTLnvKNn
+vf2tdICS8wHNDfNVNnLha8hJHEZ3s6CwPVAZ+/M3YB4/RsSiK0D6aTTfcJi0aluTZtYF02
+PWD7d7mw==
 -----END OPENSSH PRIVATE KEY-----
 "
         set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lEZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eUiw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFGXi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mvNVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZl"
@@ -87792,8 +71779,8 @@ config router isis
     set adv-passive-only6 disable
     set auth-mode-l1 password
     set auth-mode-l2 password
-    set auth-password-l1 ENC qlwj+Ot2IXdudgyU7UP2ZXvShJH8eJCN2R/DAsXlVPFyRcpJp3XcY0zb0Rsv0f9DteAX0zLHBEUKf0AKR2ztALUEIHXtYeCwnlDegjojGM6FCRrSluRxJYDSYTLvClVvXWc6abkSllJ9+VOKgpCIIgiF0AlT4rfvWmLmWb3kX85KOv9L29EEu61lf8Oi/pU9YTPmdg==
-    set auth-password-l2 ENC qctW91VkenjEEf96iaejuJ2fhCKWLtCCtcAztxmoUMIzgOoSttYUzZzaMXecFALwZzg7Ve6mSoYl7byFd0fZ3NFQvq85Equ/g8hNAH93dbYFnpuDYz1zS1WOeNIJ5j1a/eaFtsmDfXrcqP/PelqFB967SrWlLM8BzvseeiQsiwL9Pp7QU3vKhi3jgU9YcpeFQJx7oA==
+    set auth-password-l1 ENC DfXgG5fQ0IJwKdTmEQGjTJDxr6UyAHd4p4TtziVTMyZIcEg4/cQ86Sga3ivOzdYIFFHp75ipez2mcu/p/eF/7qyflPZimBG9w6/XgFm8vYQpao56HY4IQp1ff/xKO4Tj0kT11+QFpG1oxHZik+hWfGg8sKSDMPRjBvvDdgGoHwPT6YxowFZDQ/yKMRedOOsgJkT3Tg==
+    set auth-password-l2 ENC lHfclhZGeB3IaLaWwvBYcZFctpu1qqA2dnF2ctqYf9punYqCoXL1AtaALV0qY1aeaRXwr7/W1Illzr+3RTKU6tOIr5RF8ptATAU1k9HUheQy3tdJsIBFcR5eALrcZWu76KmvsRF4guXMbfgllOwZHihhEjre0QgBm9AKPVmXc6zRDstZTRHTrVakRfGeSuAxexMRHw==
     set auth-sendonly-l1 disable
     set auth-sendonly-l2 disable
     set ignore-lsp-errors disable
@@ -87969,3 +71956,16055 @@ config system vne-tunnel
 end
 end
 
+config vdom
+edit Policy
+config wireless-controller hotspot20 anqp-venue-name
+end
+config wireless-controller hotspot20 anqp-venue-url
+end
+config wireless-controller hotspot20 anqp-network-auth-type
+end
+config wireless-controller hotspot20 anqp-roaming-consortium
+end
+config wireless-controller hotspot20 anqp-nai-realm
+end
+config wireless-controller hotspot20 anqp-3gpp-cellular
+end
+config wireless-controller hotspot20 anqp-ip-address-type
+end
+config wireless-controller hotspot20 h2qp-operator-name
+end
+config wireless-controller hotspot20 h2qp-wan-metric
+end
+config wireless-controller hotspot20 h2qp-conn-capability
+end
+config wireless-controller hotspot20 icon
+end
+config wireless-controller hotspot20 h2qp-osu-provider
+end
+config wireless-controller hotspot20 qos-map
+end
+config wireless-controller hotspot20 h2qp-advice-of-charge
+end
+config wireless-controller hotspot20 h2qp-osu-provider-nai
+end
+config wireless-controller hotspot20 h2qp-terms-and-conditions
+end
+config wireless-controller hotspot20 hs-profile
+end
+config wireless-controller vap
+end
+config system object-tagging
+    edit "default"
+        set address optional
+        set device optional
+        set interface optional
+        set multiple enable
+        set color 0
+    next
+end
+config switch-controller traffic-policy
+    edit "quarantine"
+        set description "Rate control for quarantined traffic"
+        set policer-status enable
+        set guaranteed-bandwidth 163840
+        set guaranteed-burst 8192
+        set maximum-burst 163840
+        set cos-queue 0
+    next
+    edit "sniffer"
+        set description "Rate control for sniffer mirrored traffic"
+        set policer-status enable
+        set guaranteed-bandwidth 50000
+        set guaranteed-burst 8192
+        set maximum-burst 163840
+        set cos-queue 0
+    next
+end
+config switch-controller fortilink-settings
+end
+config system stp
+    set switch-priority 32768
+    set hello-time 2
+    set forward-delay 15
+    set max-age 20
+    set max-hops 20
+end
+config system settings
+    set comments "Test VDOM for Policy-based"
+    set opmode nat
+    set policy-offload-level disable
+    set ngfw-mode policy-based
+    set http-external-dest fortiweb
+    set firewall-session-dirty check-all
+    set bfd disable
+    set utf8-spam-tagging enable
+    set wccp-cache-engine disable
+    set vpn-stats-log ipsec pptp l2tp ssl
+    set vpn-stats-period 600
+    set v4-ecmp-mode source-ip-based
+    set fw-session-hairpin disable
+    set prp-trailer-action disable
+    set snat-hairpin-traffic enable
+    set dhcp-proxy disable
+    set lldp-reception global
+    set lldp-transmission global
+    set link-down-access enable
+    set nat46-generate-ipv6-fragment-header disable
+    set nat46-force-ipv4-packet-forwarding disable
+    set nat64-force-ipv6-packet-forwarding enable
+    set auxiliary-session disable
+    set asymroute disable
+    set asymroute-icmp disable
+    set ses-denied-traffic disable
+    set strict-src-check disable
+    set allow-linkdown-path disable
+    set asymroute6 disable
+    set asymroute6-icmp disable
+    set sctp-session-without-init disable
+    set sip-expectation disable
+    set sip-nat-trace enable
+    set h323-direct-model enable
+    set status enable
+    set sip-tcp-port 5060
+    set sip-udp-port 5060
+    set sip-ssl-port 5061
+    set sccp-port 2000
+    set multicast-forward enable
+    set multicast-ttl-notchange disable
+    set allow-subnet-overlap disable
+    set deny-tcp-with-icmp disable
+    set ecmp-max-paths 255
+    set discovered-device-timeout 28
+    set email-portal-check-dns enable
+    set default-voip-alg-mode proxy-based
+    set gui-implicit-policy enable
+    set gui-dns-database disable
+    set gui-load-balance disable
+    set gui-multicast-policy disable
+    set gui-dos-policy enable
+    set gui-object-colors enable
+    set gui-ap-profile enable
+    set gui-security-profile-group disable
+    set gui-local-in-policy disable
+    set gui-dynamic-routing enable
+    set gui-sslvpn-personal-bookmarks disable
+    set gui-sslvpn-realms disable
+    set gui-threat-weight enable
+    set gui-spamfilter disable
+    set gui-file-filter disable
+    set gui-ips enable
+    set gui-endpoint-control enable
+    set gui-endpoint-control-advanced disable
+    set gui-dhcp-advanced enable
+    set gui-vpn enable
+    set gui-wireless-controller enable
+    set gui-switch-controller enable
+    set gui-fortiap-split-tunneling disable
+    set gui-webfilter-advanced disable
+    set gui-traffic-shaping enable
+    set gui-wan-load-balancing enable
+    set gui-antivirus enable
+    set gui-webfilter enable
+    set gui-videofilter enable
+    set gui-advanced-policy disable
+    set gui-allow-unnamed-policy disable
+    set gui-email-collection disable
+    set gui-multiple-interface-policy disable
+    set gui-ztna enable
+    set location-id 0.0.0.0
+    set ike-session-resume disable
+    set ike-quick-crash-detect disable
+    set ike-dn-format with-space
+    set ike-port 500
+    set ike-policy-route disable
+    set block-land-attack disable
+    set application-bandwidth-tracking disable
+end
+config system sit-tunnel
+end
+config system arp-table
+end
+config system ipv6-neighbor-cache
+end
+config system vdom-sflow
+    set vdom-sflow disable
+    set interface-select-method auto
+end
+config system vdom-netflow
+    set vdom-netflow disable
+    set interface-select-method auto
+end
+config system vdom-dns
+    set vdom-dns disable
+    set alt-primary 0.0.0.0
+    set alt-secondary 0.0.0.0
+end
+config system replacemsg-group
+    edit "default"
+        set comment "Default replacement message group."
+        set group-type default
+    next
+end
+config system session-ttl
+    set default 3600
+end
+config system dhcp server
+end
+config system dhcp6 server
+end
+config system zone
+end
+config firewall address
+    edit "none"
+        set uuid bde11ce6-3520-51ed-9974-a5b4264be0b3
+        set type ipmask
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set subnet 0.0.0.0 255.255.255.255
+    next
+    edit "login.microsoftonline.com"
+        set uuid bde12b0a-3520-51ed-d2a0-e807d4a14a3f
+        set type fqdn
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set fqdn "login.microsoftonline.com"
+        set cache-ttl 0
+    next
+    edit "login.microsoft.com"
+        set uuid bde139e2-3520-51ed-d55f-33931d299d78
+        set type fqdn
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set fqdn "login.microsoft.com"
+        set cache-ttl 0
+    next
+    edit "login.windows.net"
+        set uuid bde14b94-3520-51ed-a1e7-319da9a479ea
+        set type fqdn
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set fqdn "login.windows.net"
+        set cache-ttl 0
+    next
+    edit "gmail.com"
+        set uuid bde158b4-3520-51ed-b71e-57f937fa40cb
+        set type fqdn
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set fqdn "gmail.com"
+        set cache-ttl 0
+    next
+    edit "wildcard.google.com"
+        set uuid bde165c0-3520-51ed-0783-860a2a214ffd
+        set type fqdn
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set fqdn "*.google.com"
+        set cache-ttl 0
+    next
+    edit "wildcard.dropbox.com"
+        set uuid bde17240-3520-51ed-a328-5346f2fa7447
+        set type fqdn
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set fqdn "*.dropbox.com"
+        set cache-ttl 0
+    next
+    edit "SSLVPN_TUNNEL_ADDR1"
+        set uuid bde88710-3520-51ed-728e-76461d6221fe
+        set type iprange
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set start-ip 10.212.134.200
+        set end-ip 10.212.134.210
+    next
+    edit "all"
+        set uuid bde8d012-3520-51ed-6285-eddc784a24b1
+        set type ipmask
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set subnet 0.0.0.0 0.0.0.0
+    next
+    edit "FIREWALL_AUTH_PORTAL_ADDRESS"
+        set uuid bde8d1f2-3520-51ed-0936-132ed3b829c9
+        set type ipmask
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set subnet 0.0.0.0 0.0.0.0
+    next
+    edit "FABRIC_DEVICE"
+        set uuid bde8d3c8-3520-51ed-3305-2f204031c35c
+        set type ipmask
+        set comment "IPv4 addresses of Fabric Devices."
+        set associated-interface ''
+        set color 0
+        set fabric-object disable
+        set subnet 0.0.0.0 0.0.0.0
+    next
+    edit "FCTEMS_ALL_FORTICLOUD_SERVERS"
+        set uuid 516aa2ce-3522-51ed-0c4a-0d18239acea9
+        set type dynamic
+        set sub-type ems-tag
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set fabric-object disable
+        set obj-tag ''
+        set obj-type ip
+        set tag-detection-level ''
+        set tag-type ''
+    next
+end
+config firewall multicast-address
+    edit "all_hosts"
+        set type multicastrange
+        set start-ip 224.0.0.1
+        set end-ip 224.0.0.1
+        set comment ''
+        set associated-interface ''
+        set color 0
+    next
+    edit "all_routers"
+        set type multicastrange
+        set start-ip 224.0.0.2
+        set end-ip 224.0.0.2
+        set comment ''
+        set associated-interface ''
+        set color 0
+    next
+    edit "Bonjour"
+        set type multicastrange
+        set start-ip 224.0.0.251
+        set end-ip 224.0.0.251
+        set comment ''
+        set associated-interface ''
+        set color 0
+    next
+    edit "EIGRP"
+        set type multicastrange
+        set start-ip 224.0.0.10
+        set end-ip 224.0.0.10
+        set comment ''
+        set associated-interface ''
+        set color 0
+    next
+    edit "OSPF"
+        set type multicastrange
+        set start-ip 224.0.0.5
+        set end-ip 224.0.0.6
+        set comment ''
+        set associated-interface ''
+        set color 0
+    next
+    edit "all"
+        set type multicastrange
+        set start-ip 224.0.0.0
+        set end-ip 239.255.255.255
+        set comment ''
+        set associated-interface ''
+        set color 0
+    next
+end
+config firewall address6-template
+end
+config firewall address6
+    edit "all"
+        set uuid bde1bfa2-3520-51ed-7b6a-7bad8cadabaa
+        set type ipprefix
+        set ip6 ::/0
+        set color 0
+        set comment ''
+        set fabric-object disable
+    next
+    edit "none"
+        set uuid bde1c8d0-3520-51ed-d759-9123906c2212
+        set type ipprefix
+        set ip6 ::/128
+        set color 0
+        set comment ''
+        set fabric-object disable
+    next
+    edit "SSLVPN_TUNNEL_IPv6_ADDR1"
+        set uuid bde88a26-3520-51ed-47a2-8ac186cdb86d
+        set type ipprefix
+        set ip6 fdff:ffff::/120
+        set color 0
+        set comment ''
+        set fabric-object disable
+    next
+end
+config firewall multicast-address6
+    edit "all"
+        set ip6 ff00::/8
+        set comment ''
+        set color 0
+    next
+end
+config system ipv6-tunnel
+end
+config firewall addrgrp
+    edit "G Suite"
+        set type default
+        set category default
+        set uuid bde18140-3520-51ed-b156-8feccd84c03c
+        set member "gmail.com" "wildcard.google.com"
+        set comment ''
+        set exclude disable
+        set color 0
+        set fabric-object disable
+    next
+    edit "Microsoft Office 365"
+        set type default
+        set category default
+        set uuid bde19b44-3520-51ed-cc72-40627cfd767c
+        set member "login.microsoftonline.com" "login.microsoft.com" "login.windows.net"
+        set comment ''
+        set exclude disable
+        set color 0
+        set fabric-object disable
+    next
+end
+config firewall addrgrp6
+end
+config firewall wildcard-fqdn custom
+    edit "g-Adobe Login"
+        set uuid b5c2c426-7e12-51ec-c8c7-42a0753234df
+        set wildcard-fqdn "*.adobelogin.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-Gotomeeting"
+        set uuid b5c2d1dc-7e12-51ec-0033-c7d538e5fdef
+        set wildcard-fqdn "*.gotomeeting.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-Windows update 2"
+        set uuid b5c2d93e-7e12-51ec-1050-7b6ae64065ac
+        set wildcard-fqdn "*.windowsupdate.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-adobe"
+        set uuid b5c2c30e-7e12-51ec-1da6-1db9bca6406e
+        set wildcard-fqdn "*.adobe.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-android"
+        set uuid b5c2c520-7e12-51ec-66f1-404afb0dad1a
+        set wildcard-fqdn "*.android.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-apple"
+        set uuid b5c2c61a-7e12-51ec-b2cc-2b03b1ad8ac0
+        set wildcard-fqdn "*.apple.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-appstore"
+        set uuid b5c2c714-7e12-51ec-072f-a8d60b6da6c9
+        set wildcard-fqdn "*.appstore.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-auth.gfx.ms"
+        set uuid b5c2c80e-7e12-51ec-3653-8016dcbc28a4
+        set wildcard-fqdn "*.auth.gfx.ms"
+        set color 0
+        set comment ''
+    next
+    edit "g-autoupdate.opera.com"
+        set uuid b5c2de52-7e12-51ec-9c10-927947a6ab3a
+        set wildcard-fqdn "*autoupdate.opera.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-cdn-apple"
+        set uuid 4fcf159e-7cda-51ed-d7ef-7d1c0f82091c
+        set wildcard-fqdn "*.cdn-apple.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-citrix"
+        set uuid b5c2c908-7e12-51ec-01b1-b38ce4989cbb
+        set wildcard-fqdn "*.citrixonline.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-dropbox.com"
+        set uuid b5c2ca02-7e12-51ec-43dc-489077effa44
+        set wildcard-fqdn "*.dropbox.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-eease"
+        set uuid b5c2cafc-7e12-51ec-0777-7e7243cc25fe
+        set wildcard-fqdn "*.eease.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-firefox update server"
+        set uuid b5c2cbf6-7e12-51ec-d213-27b68033a384
+        set wildcard-fqdn "aus*.mozilla.org"
+        set color 0
+        set comment ''
+    next
+    edit "g-fortinet"
+        set uuid b5c2ccf0-7e12-51ec-0b36-46ab64c1ba89
+        set wildcard-fqdn "*.fortinet.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-google-drive"
+        set uuid b5c2cee4-7e12-51ec-9ea0-220ca0ebde0f
+        set wildcard-fqdn "*drive.google.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-google-play"
+        set uuid b5c2db46-7e12-51ec-efc3-be1c278ba621
+        set wildcard-fqdn "*play.google.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-google-play2"
+        set uuid b5c2cfde-7e12-51ec-3f42-4089eb70f096
+        set wildcard-fqdn "*.ggpht.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-google-play3"
+        set uuid b5c2d0d8-7e12-51ec-b5df-6cd900ac767d
+        set wildcard-fqdn "*.books.google.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-googleapis.com"
+        set uuid b5c2cdea-7e12-51ec-c49f-497c9a8f0cc4
+        set wildcard-fqdn "*.googleapis.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-icloud"
+        set uuid b5c2d344-7e12-51ec-c8c1-97b23449d39e
+        set wildcard-fqdn "*.icloud.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-itunes"
+        set uuid b5c2d452-7e12-51ec-d0f4-1605cffaa5b0
+        set wildcard-fqdn "*itunes.apple.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-live.com"
+        set uuid b5c2da42-7e12-51ec-980b-fefb8446bc74
+        set wildcard-fqdn "*.live.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-microsoft"
+        set uuid b5c2d54c-7e12-51ec-66f6-895f67d8072d
+        set wildcard-fqdn "*.microsoft.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-mzstatic-apple"
+        set uuid 4fcf1652-7cda-51ed-df9f-4d198b596ae5
+        set wildcard-fqdn "*.mzstatic.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-skype"
+        set uuid b5c2d646-7e12-51ec-2218-dc4a982afb68
+        set wildcard-fqdn "*.messenger.live.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-softwareupdate.vmware.com"
+        set uuid b5c2d740-7e12-51ec-15f8-f8ef25f4ea30
+        set wildcard-fqdn "*.softwareupdate.vmware.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-swscan.apple.com"
+        set uuid b5c2dd44-7e12-51ec-5fa2-8d51ab678ea9
+        set wildcard-fqdn "*swscan.apple.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-update.microsoft.com"
+        set uuid b5c2dc40-7e12-51ec-7df9-3371c69c0ffb
+        set wildcard-fqdn "*update.microsoft.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-verisign"
+        set uuid b5c2d83a-7e12-51ec-e82e-ffa878b96855
+        set wildcard-fqdn "*.verisign.com"
+        set color 0
+        set comment ''
+    next
+end
+config firewall wildcard-fqdn group
+end
+config firewall service category
+    edit "General"
+        set comment "General services."
+        set fabric-object disable
+    next
+    edit "Web Access"
+        set comment "Web access."
+        set fabric-object disable
+    next
+    edit "File Access"
+        set comment "File access."
+        set fabric-object disable
+    next
+    edit "Email"
+        set comment "Email services."
+        set fabric-object disable
+    next
+    edit "Network Services"
+        set comment "Network services."
+        set fabric-object disable
+    next
+    edit "Authentication"
+        set comment "Authentication service."
+        set fabric-object disable
+    next
+    edit "Remote Access"
+        set comment "Remote access."
+        set fabric-object disable
+    next
+    edit "Tunneling"
+        set comment "Tunneling service."
+        set fabric-object disable
+    next
+    edit "VoIP, Messaging & Other Applications"
+        set comment "VoIP, messaging, and other applications."
+        set fabric-object disable
+    next
+    edit "Web Proxy"
+        set comment "Explicit web proxy."
+        set fabric-object disable
+    next
+end
+config firewall service custom
+    edit "DNS"
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 53
+        set udp-portrange 53
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "HTTP"
+        set proxy disable
+        set category "Web Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 80
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "HTTPS"
+        set proxy disable
+        set category "Web Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 443
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "IMAP"
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 143
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "IMAPS"
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 993
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "LDAP"
+        set proxy disable
+        set category "Authentication"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 389
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "DCE-RPC"
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 135
+        set udp-portrange 135
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "POP3"
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 110
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "POP3S"
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 995
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SAMBA"
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 139
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SMTP"
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 25
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SMTPS"
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 465
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "KERBEROS"
+        set proxy disable
+        set category "Authentication"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 88 464
+        set udp-portrange 88 464
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "LDAP_UDP"
+        set proxy disable
+        set category "Authentication"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 389
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SMB"
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 445
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "FTP"
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 21
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "FTP_GET"
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 21
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "FTP_PUT"
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 21
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "ALL"
+        set proxy disable
+        set category "General"
+        set protocol IP
+        set helper auto
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set protocol-number 0
+    next
+    edit "ALL_TCP"
+        set proxy disable
+        set category "General"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1-65535
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "ALL_UDP"
+        set proxy disable
+        set category "General"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 1-65535
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "ALL_ICMP"
+        set proxy disable
+        set category "General"
+        set protocol ICMP
+        set helper auto
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        unset icmptype
+    next
+    edit "ALL_ICMP6"
+        set proxy disable
+        set category "General"
+        set protocol ICMP6
+        set helper auto
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        unset icmptype
+    next
+    edit "GRE"
+        set proxy disable
+        set category "Tunneling"
+        set protocol IP
+        set helper auto
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set protocol-number 47
+    next
+    edit "AH"
+        set proxy disable
+        set category "Tunneling"
+        set protocol IP
+        set helper auto
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set protocol-number 51
+    next
+    edit "ESP"
+        set proxy disable
+        set category "Tunneling"
+        set protocol IP
+        set helper auto
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set protocol-number 50
+    next
+    edit "AOL"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 5190-5194
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "BGP"
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 179
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "DHCP"
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 67-68
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "FINGER"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 79
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "GOPHER"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 70
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "H323"
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1720 1503
+        set udp-portrange 1719
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "IKE"
+        set proxy disable
+        set category "Tunneling"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 500 4500
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "Internet-Locator-Service"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 389
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "IRC"
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 6660-6669
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "L2TP"
+        set proxy disable
+        set category "Tunneling"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1701
+        set udp-portrange 1701
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "NetMeeting"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1720
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "NFS"
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 111 2049
+        set udp-portrange 111 2049
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "NNTP"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 119
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "NTP"
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 123
+        set udp-portrange 123
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "OSPF"
+        set proxy disable
+        set category "Network Services"
+        set protocol IP
+        set helper auto
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set protocol-number 89
+    next
+    edit "PC-Anywhere"
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 5631
+        set udp-portrange 5632
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "PING"
+        set proxy disable
+        set category "Network Services"
+        set protocol ICMP
+        set helper auto
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set icmptype 8
+        unset icmpcode
+    next
+    edit "TIMESTAMP"
+        set proxy disable
+        set category ''
+        set protocol ICMP
+        set helper auto
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set icmptype 13
+        unset icmpcode
+    next
+    edit "INFO_REQUEST"
+        set proxy disable
+        set category ''
+        set protocol ICMP
+        set helper auto
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set icmptype 15
+        unset icmpcode
+    next
+    edit "INFO_ADDRESS"
+        set proxy disable
+        set category ''
+        set protocol ICMP
+        set helper auto
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set icmptype 17
+        unset icmpcode
+    next
+    edit "ONC-RPC"
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 111
+        set udp-portrange 111
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "PPTP"
+        set proxy disable
+        set category "Tunneling"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1723
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "QUAKE"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 26000 27000 27910 27960
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RAUDIO"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 7070
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "REXEC"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 512
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RIP"
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 520
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RLOGIN"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 513:512-1023
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RSH"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 514:512-1023
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SCCP"
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 2000
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SIP"
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 5060
+        set udp-portrange 5060
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SIP-MSNmessenger"
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1863
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SNMP"
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 161-162
+        set udp-portrange 161-162
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SSH"
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 22
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SYSLOG"
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 514
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "TALK"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 517-518
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "TELNET"
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 23
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "TFTP"
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 69
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "MGCP"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 2427 2727
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "UUCP"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 540
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "VDOLIVE"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 7000-7010
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "WAIS"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 210
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "WINFRAME"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1494 2598
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "X-WINDOWS"
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 6000-6063
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "PING6"
+        set proxy disable
+        set category ''
+        set protocol ICMP6
+        set helper auto
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set icmptype 128
+        unset icmpcode
+    next
+    edit "MS-SQL"
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1433 1434
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "MYSQL"
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 3306
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RDP"
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 3389
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "VNC"
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 5900
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "DHCP6"
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 546 547
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SQUID"
+        set proxy disable
+        set category "Tunneling"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 3128
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SOCKS"
+        set proxy disable
+        set category "Tunneling"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1080
+        set udp-portrange 1080
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "WINS"
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1512
+        set udp-portrange 1512
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RADIUS"
+        set proxy disable
+        set category "Authentication"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 1812 1813
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RADIUS-OLD"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 1645 1646
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "CVSPSERVER"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 2401
+        set udp-portrange 2401
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "AFS3"
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 7000-7009
+        set udp-portrange 7000-7009
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "TRACEROUTE"
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 33434-33535
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RTSP"
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 554 7070 8554
+        set udp-portrange 554
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "MMS"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1755
+        set udp-portrange 1024-5000
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "NONE"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 0
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "webproxy"
+        set proxy enable
+        set category "Web Proxy"
+        set protocol ALL
+        set helper auto
+        set comment ''
+        set color 0
+        set visibility enable
+        set app-service-type disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 0-65535:0-65535
+    next
+end
+config firewall service group
+    edit "Email Access"
+        set proxy disable
+        set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
+        set comment ''
+        set color 0
+        set fabric-object disable
+    next
+    edit "Web Access"
+        set proxy disable
+        set member "DNS" "HTTP" "HTTPS"
+        set comment ''
+        set color 0
+        set fabric-object disable
+    next
+    edit "Windows AD"
+        set proxy disable
+        set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
+        set comment ''
+        set color 0
+        set fabric-object disable
+    next
+    edit "Exchange Server"
+        set proxy disable
+        set member "DCE-RPC" "DNS" "HTTPS"
+        set comment ''
+        set color 0
+        set fabric-object disable
+    next
+end
+config firewall internet-service-group
+end
+config firewall internet-service-extension
+end
+config firewall internet-service-custom
+end
+config firewall internet-service-custom-group
+end
+config system external-resource
+end
+config vpn certificate ca
+end
+config vpn certificate remote
+end
+config vpn certificate local
+    edit "Fortinet_CA_SSL"
+        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_CA_Untrusted"
+        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_RSA1024"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_RSA2048"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_RSA4096"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_DSA1024"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_DSA2048"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_ECDSA256"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_ECDSA384"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_ECDSA521"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_ED25519"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_ED448"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+end
+config vpn certificate crl
+end
+config vpn certificate ocsp-server
+end
+config vpn certificate setting
+    set ocsp-status disable
+    set ocsp-option server
+    set ocsp-default-server ''
+    set interface-select-method auto
+    set check-ca-cert enable
+    set check-ca-chain disable
+    set subject-match substring
+    set subject-set subset
+    set cn-match substring
+    set cn-allow-multi enable
+    config crl-verification
+        set expiry ignore
+        set leaf-crl-absence ignore
+        set chain-crl-absence ignore
+    end
+    set strict-ocsp-check disable
+    set ssl-min-proto-version default
+    set cmp-save-extra-certs disable
+    set cmp-key-usage-checking enable
+    set certname-rsa1024 "Fortinet_SSL_RSA1024"
+    set certname-rsa2048 "Fortinet_SSL_RSA2048"
+    set certname-rsa4096 "Fortinet_SSL_RSA4096"
+    set certname-dsa1024 "Fortinet_SSL_DSA1024"
+    set certname-dsa2048 "Fortinet_SSL_DSA2048"
+    set certname-ecdsa256 "Fortinet_SSL_ECDSA256"
+    set certname-ecdsa384 "Fortinet_SSL_ECDSA384"
+    set certname-ecdsa521 "Fortinet_SSL_ECDSA521"
+    set certname-ed25519 "Fortinet_SSL_ED25519"
+    set certname-ed448 "Fortinet_SSL_ED448"
+end
+config webfilter ftgd-local-cat
+    edit "custom1"
+        set status enable
+        set id 140
+    next
+    edit "custom2"
+        set status enable
+        set id 141
+    next
+end
+config ips sensor
+    edit "g-default"
+        set comment "Prevent critical attacks."
+        set replacemsg-group ''
+        set block-malicious-url disable
+        set scan-botnet-connections disable
+        set extended-log disable
+        config entries
+            edit 1
+                set location all
+                set severity medium high critical 
+                set protocol all
+                set os all
+                set application all
+                set status default
+                set log enable
+                set log-packet disable
+                set log-attack-context disable
+                set action default
+                set quarantine none
+            next
+        end
+    next
+    edit "g-sniffer-profile"
+        set comment "Monitor IPS attacks."
+        set replacemsg-group ''
+        set block-malicious-url disable
+        set scan-botnet-connections disable
+        set extended-log disable
+        config entries
+            edit 1
+                set location all
+                set severity medium high critical 
+                set protocol all
+                set os all
+                set application all
+                set status default
+                set log enable
+                set log-packet disable
+                set log-attack-context disable
+                set action default
+                set quarantine none
+            next
+        end
+    next
+    edit "g-wifi-default"
+        set comment "Default configuration for offloading WiFi traffic."
+        set replacemsg-group ''
+        set block-malicious-url disable
+        set scan-botnet-connections disable
+        set extended-log disable
+        config entries
+            edit 1
+                set location all
+                set severity medium high critical 
+                set protocol all
+                set os all
+                set application all
+                set status default
+                set log enable
+                set log-packet disable
+                set log-attack-context disable
+                set action default
+                set quarantine none
+            next
+        end
+    next
+end
+config sctp-filter profile
+end
+config firewall shaper traffic-shaper
+    edit "high-priority"
+        set guaranteed-bandwidth 0
+        set maximum-bandwidth 1048576
+        set bandwidth-unit kbps
+        set priority high
+        set per-policy enable
+        set diffserv disable
+        set overhead 0
+    next
+    edit "medium-priority"
+        set guaranteed-bandwidth 0
+        set maximum-bandwidth 1048576
+        set bandwidth-unit kbps
+        set priority medium
+        set per-policy enable
+        set diffserv disable
+        set overhead 0
+    next
+    edit "low-priority"
+        set guaranteed-bandwidth 0
+        set maximum-bandwidth 1048576
+        set bandwidth-unit kbps
+        set priority low
+        set per-policy enable
+        set diffserv disable
+        set overhead 0
+    next
+    edit "guarantee-100kbps"
+        set guaranteed-bandwidth 100
+        set maximum-bandwidth 1048576
+        set bandwidth-unit kbps
+        set priority high
+        set per-policy enable
+        set diffserv disable
+        set overhead 0
+    next
+    edit "shared-1M-pipe"
+        set guaranteed-bandwidth 0
+        set maximum-bandwidth 1024
+        set bandwidth-unit kbps
+        set priority high
+        set per-policy disable
+        set diffserv disable
+        set overhead 0
+    next
+end
+config firewall shaper per-ip-shaper
+end
+config firewall proxy-address
+end
+config firewall proxy-addrgrp
+end
+config web-proxy profile
+end
+config web-proxy global
+    set ssl-cert "Fortinet_Factory"
+    set ssl-ca-cert "Fortinet_CA_SSL"
+    set fast-policy-match enable
+    set ldap-user-cache disable
+    set proxy-fqdn "default.fqdn"
+    set max-request-length 8
+    set max-message-length 32
+    set strict-web-check disable
+    set forward-proxy-auth disable
+    set forward-server-affinity-timeout 30
+    set max-waf-body-cache-length 32
+    set webproxy-profile ''
+    set learn-client-ip disable
+end
+config web-proxy forward-server
+end
+config web-proxy forward-server-group
+end
+config web-proxy debug-url
+end
+config web-proxy wisp
+end
+config wanopt webcache
+    set max-object-size 512000
+    set neg-resp-time 0
+    set fresh-factor 100
+    set max-ttl 7200
+    set min-ttl 5
+    set default-ttl 1440
+    set ignore-ims disable
+    set ignore-conditional disable
+    set ignore-pnc disable
+    set ignore-ie-reload enable
+    set cache-expired disable
+    set cache-cookie disable
+    set reval-pnc disable
+    set always-revalidate disable
+    set cache-by-default disable
+    set host-validate disable
+    set external disable
+end
+config web-proxy url-match
+end
+config application custom
+end
+config application group
+end
+config dlp filepattern
+    edit 1
+        set name "builtin-patterns"
+        set comment ''
+        config entries
+            edit "*.bat"
+                set filter-type pattern
+            next
+            edit "*.com"
+                set filter-type pattern
+            next
+            edit "*.dll"
+                set filter-type pattern
+            next
+            edit "*.doc"
+                set filter-type pattern
+            next
+            edit "*.exe"
+                set filter-type pattern
+            next
+            edit "*.gz"
+                set filter-type pattern
+            next
+            edit "*.hta"
+                set filter-type pattern
+            next
+            edit "*.ppt"
+                set filter-type pattern
+            next
+            edit "*.rar"
+                set filter-type pattern
+            next
+            edit "*.scr"
+                set filter-type pattern
+            next
+            edit "*.tar"
+                set filter-type pattern
+            next
+            edit "*.tgz"
+                set filter-type pattern
+            next
+            edit "*.vb?"
+                set filter-type pattern
+            next
+            edit "*.wps"
+                set filter-type pattern
+            next
+            edit "*.xl?"
+                set filter-type pattern
+            next
+            edit "*.zip"
+                set filter-type pattern
+            next
+            edit "*.pif"
+                set filter-type pattern
+            next
+            edit "*.cpl"
+                set filter-type pattern
+            next
+        end
+    next
+    edit 2
+        set name "all_executables"
+        set comment ''
+        config entries
+            edit "bat"
+                set filter-type type
+                set file-type bat
+            next
+            edit "exe"
+                set filter-type type
+                set file-type exe
+            next
+            edit "elf"
+                set filter-type type
+                set file-type elf
+            next
+            edit "hta"
+                set filter-type type
+                set file-type hta
+            next
+        end
+    next
+end
+config dlp sensitivity
+    edit "Private"
+    next
+    edit "Critical"
+    next
+    edit "Warning"
+    next
+end
+config dlp fp-doc-source
+end
+config dlp sensor
+    edit "g-default"
+        set comment "Default sensor."
+        set replacemsg-group ''
+        set dlp-log enable
+        set extended-log disable
+        set nac-quar-log disable
+        unset full-archive-proto
+        unset summary-proto
+    next
+    edit "g-sniffer-profile"
+        set comment "Log a summary of email and web traffic."
+        set replacemsg-group ''
+        set dlp-log enable
+        set extended-log disable
+        set nac-quar-log disable
+        unset full-archive-proto
+        set summary-proto smtp pop3 imap http-get http-post
+    next
+end
+config webfilter content
+end
+config webfilter content-header
+end
+config webfilter urlfilter
+end
+config videofilter youtube-key
+end
+config videofilter youtube-channel-filter
+end
+config videofilter profile
+end
+config webfilter ips-urlfilter-setting
+    set device ''
+    set distance 1
+    set gateway 0.0.0.0
+    set geo-filter ''
+end
+config webfilter ips-urlfilter-setting6
+    set device ''
+    set distance 1
+    set gateway6 ::
+    set geo-filter ''
+end
+config emailfilter bword
+end
+config emailfilter block-allow-list
+end
+config emailfilter mheader
+end
+config emailfilter dnsbl
+end
+config emailfilter iptrust
+end
+config log threat-weight
+    set status enable
+    config level
+        set low 5
+        set medium 10
+        set high 30
+        set critical 50
+    end
+    set blocked-connection high
+    set failed-connection low
+    set url-block-detected high
+    set botnet-connection-detected critical
+    config malware
+        set virus-infected critical
+        set fortindr critical
+        set file-blocked low
+        set command-blocked disable
+        set oversized disable
+        set virus-scan-error high
+        set switch-proto disable
+        set mimefragmented disable
+        set virus-file-type-executable medium
+        set virus-outbreak-prevention critical
+        set content-disarm medium
+        set malware-list medium
+        set ems-threat-feed medium
+        set fsa-malicious critical
+        set fsa-high-risk high
+        set fsa-medium-risk medium
+    end
+    config ips
+        set info-severity disable
+        set low-severity low
+        set medium-severity medium
+        set high-severity high
+        set critical-severity critical
+    end
+    config web
+        edit 1
+            set category 26
+            set level high
+        next
+        edit 2
+            set category 61
+            set level high
+        next
+        edit 3
+            set category 86
+            set level high
+        next
+        edit 4
+            set category 1
+            set level medium
+        next
+        edit 5
+            set category 3
+            set level medium
+        next
+        edit 6
+            set category 4
+            set level medium
+        next
+        edit 7
+            set category 5
+            set level medium
+        next
+        edit 8
+            set category 6
+            set level medium
+        next
+        edit 9
+            set category 12
+            set level medium
+        next
+        edit 10
+            set category 59
+            set level medium
+        next
+        edit 11
+            set category 62
+            set level medium
+        next
+        edit 12
+            set category 83
+            set level medium
+        next
+        edit 13
+            set category 72
+            set level low
+        next
+        edit 14
+            set category 14
+            set level low
+        next
+        edit 15
+            set category 96
+            set level medium
+        next
+    end
+    config application
+        edit 1
+            set category 2
+            set level low
+        next
+        edit 2
+            set category 6
+            set level medium
+        next
+    end
+end
+config icap server
+end
+config icap profile
+    edit "default"
+        set replacemsg-group ''
+        set request disable
+        set response disable
+        set streaming-content-bypass disable
+        set preview disable
+        set methods delete get head options post put trace other
+        set icap-block-log disable
+        set chunk-encap disable
+        unset extension-feature
+        config icap-headers
+            edit 1
+                set name "X-Authenticated-User"
+                set content "$user"
+                set base64-encoding disable
+            next
+            edit 2
+                set name "X-Authenticated-Groups"
+                set content "$local_grp"
+                set base64-encoding disable
+            next
+        end
+    next
+end
+config system network-visibility
+    set destination-visibility enable
+    set source-location enable
+    set destination-hostname-visibility enable
+    set hostname-ttl 86400
+    set hostname-limit 5000
+    set destination-location enable
+end
+config user certificate
+end
+config user radius
+end
+config user tacacs+
+end
+config user exchange
+end
+config user ldap
+end
+config user krb-keytab
+end
+config user domain-controller
+end
+config user pop3
+end
+config user saml
+end
+config user fsso
+end
+config user adgrp
+end
+config user fsso-polling
+end
+config user fortitoken
+end
+config user password-policy
+end
+config user local
+end
+config user setting
+    set auth-type http https ftp telnet
+    set auth-cert "Fortinet_Factory"
+    set auth-ca-cert ''
+    set auth-secure-http disable
+    set auth-http-basic disable
+    set auth-ssl-allow-renegotiation disable
+    set auth-src-mac enable
+    set auth-on-demand implicitly
+    set auth-timeout 5
+    set auth-timeout-type idle-timeout
+    set auth-portal-timeout 3
+    set radius-ses-timeout-act hard-timeout
+    set auth-blackout-time 0
+    set auth-invalid-max 5
+    set auth-lockout-threshold 3
+    set auth-lockout-duration 0
+    set per-policy-disclaimer disable
+    set auth-ssl-min-proto-version default
+    unset auth-ssl-max-proto-version
+    set auth-ssl-sigalgs all
+end
+config user peer
+end
+config user peergrp
+end
+config user quarantine
+    set quarantine enable
+    set traffic-policy ''
+    set firewall-groups ''
+end
+config user group
+    edit "SSO_Guest_Users"
+        set authtimeout 0
+        set http-digest-realm ''
+    next
+end
+config user security-exempt-list
+end
+config vpn ssl web realm
+end
+config vpn ssl web host-check-software
+    edit "FortiClient-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "1A0271D5-3D4F-46DB-0C2C-AB37BA90D9F7"
+    next
+    edit "FortiClient-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
+    next
+    edit "FortiClient-AV-Vista"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
+    next
+    edit "FortiClient-FW-Vista"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
+    next
+    edit "FortiClient5-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "5EEDDB8C-C27A-6714-3657-DBD811D1F1B7"
+    next
+    edit "AVG-Internet-Security-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
+    next
+    edit "AVG-Internet-Security-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "8DECF618-9569-4340-B34A-D78D28969B66"
+    next
+    edit "AVG-Internet-Security-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
+    next
+    edit "AVG-Internet-Security-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
+    next
+    edit "CA-Anti-Virus"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
+    next
+    edit "CA-Internet-Security-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
+    next
+    edit "CA-Internet-Security-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
+    next
+    edit "CA-Internet-Security-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
+    next
+    edit "CA-Internet-Security-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
+    next
+    edit "CA-Personal-Firewall"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
+    next
+    edit "F-Secure-Internet-Security-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
+    next
+    edit "F-Secure-Internet-Security-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "D4747503-0346-49EB-9262-997542F79BF4"
+    next
+    edit "F-Secure-Internet-Security-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "15414183-282E-D62C-CA37-EF24860A2F17"
+    next
+    edit "F-Secure-Internet-Security-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
+    next
+    edit "Kaspersky-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
+    next
+    edit "Kaspersky-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
+    next
+    edit "Kaspersky-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
+    next
+    edit "Kaspersky-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
+    next
+    edit "McAfee-Internet-Security-Suite-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
+    next
+    edit "McAfee-Internet-Security-Suite-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
+    next
+    edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
+    next
+    edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
+    next
+    edit "McAfee-Virus-Scan-Enterprise"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
+    next
+    edit "Norton-360-2.0-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
+    next
+    edit "Norton-360-2.0-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
+    next
+    edit "Norton-360-3.0-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "E10A9785-9598-4754-B552-92431C1C35F8"
+    next
+    edit "Norton-360-3.0-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
+    next
+    edit "Norton-Internet-Security-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "E10A9785-9598-4754-B552-92431C1C35F8"
+    next
+    edit "Norton-Internet-Security-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
+    next
+    edit "Norton-Internet-Security-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
+    next
+    edit "Norton-Internet-Security-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
+    next
+    edit "Symantec-Endpoint-Protection-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
+    next
+    edit "Symantec-Endpoint-Protection-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
+    next
+    edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
+    next
+    edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
+    next
+    edit "Panda-Antivirus+Firewall-2008-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
+    next
+    edit "Panda-Antivirus+Firewall-2008-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
+    next
+    edit "Panda-Internet-Security-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
+    next
+    edit "Panda-Internet-Security-2006~2007-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
+    next
+    edit "Panda-Internet-Security-2008~2009-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
+    next
+    edit "Sophos-Anti-Virus"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
+    next
+    edit "Sophos-Enpoint-Secuirty-and-Control-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
+    next
+    edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
+    next
+    edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
+    next
+    edit "Trend-Micro-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
+    next
+    edit "Trend-Micro-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
+    next
+    edit "Trend-Micro-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
+    next
+    edit "Trend-Micro-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
+    next
+    edit "ZoneAlarm-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
+    next
+    edit "ZoneAlarm-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
+    next
+    edit "ZoneAlarm-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
+    next
+    edit "ZoneAlarm-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
+    next
+    edit "ESET-Smart-Security-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
+    next
+    edit "ESET-Smart-Security-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
+    next
+end
+config vpn ssl web portal
+    edit "full-access"
+        set tunnel-mode enable
+        set ipv6-tunnel-mode enable
+        set web-mode enable
+        set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
+        set limit-user-logins disable
+        set forticlient-download enable
+        set ip-mode range
+        set auto-connect disable
+        set keep-alive disable
+        set save-password disable
+        set ip-pools "SSLVPN_TUNNEL_ADDR1"
+        set split-tunneling enable
+        set split-tunneling-routing-negate disable
+        set dns-server1 0.0.0.0
+        set dns-server2 0.0.0.0
+        set dns-suffix ''
+        set wins-server1 0.0.0.0
+        set wins-server2 0.0.0.0
+        set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
+        set ipv6-split-tunneling enable
+        set ipv6-split-tunneling-routing-negate disable
+        set ipv6-dns-server1 ::
+        set ipv6-dns-server2 ::
+        set ipv6-wins-server1 ::
+        set ipv6-wins-server2 ::
+        set display-bookmark enable
+        set user-bookmark enable
+        set user-group-bookmark enable
+        set display-connection-tools enable
+        set display-history enable
+        set display-status enable
+        set rewrite-ip-uri-ui disable
+        set heading "SSL-VPN Portal"
+        set redir-url ''
+        set theme neutrino
+        set custom-lang ''
+        set smb-ntlmv1-auth disable
+        set smb-min-version smbv2
+        set smb-max-version smbv3
+        set use-sdwan disable
+        set clipboard enable
+        set default-window-width 1024
+        set default-window-height 768
+        set host-check none
+        set mac-addr-check disable
+        set os-check disable
+        set forticlient-download-method direct
+        set customize-forticlient-download-url disable
+        set hide-sso-credential enable
+    next
+    edit "web-access"
+        set tunnel-mode disable
+        set ipv6-tunnel-mode disable
+        set web-mode enable
+        set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
+        set limit-user-logins disable
+        set forticlient-download enable
+        set dns-suffix ''
+        set display-bookmark enable
+        set user-bookmark enable
+        set user-group-bookmark enable
+        set display-connection-tools enable
+        set display-history enable
+        set display-status enable
+        set rewrite-ip-uri-ui disable
+        set heading "SSL-VPN Portal"
+        set redir-url ''
+        set theme neutrino
+        set custom-lang ''
+        set smb-ntlmv1-auth disable
+        set smb-min-version smbv2
+        set smb-max-version smbv3
+        set use-sdwan disable
+        set clipboard enable
+        set default-window-width 1024
+        set default-window-height 768
+        set forticlient-download-method direct
+        set customize-forticlient-download-url disable
+        set hide-sso-credential enable
+    next
+    edit "tunnel-access"
+        set tunnel-mode enable
+        set ipv6-tunnel-mode enable
+        set web-mode disable
+        set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
+        set limit-user-logins disable
+        set forticlient-download enable
+        set ip-mode range
+        set auto-connect disable
+        set keep-alive disable
+        set save-password disable
+        set ip-pools "SSLVPN_TUNNEL_ADDR1"
+        set split-tunneling enable
+        set split-tunneling-routing-negate disable
+        set dns-server1 0.0.0.0
+        set dns-server2 0.0.0.0
+        set dns-suffix ''
+        set wins-server1 0.0.0.0
+        set wins-server2 0.0.0.0
+        set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
+        set ipv6-split-tunneling enable
+        set ipv6-split-tunneling-routing-negate disable
+        set ipv6-dns-server1 ::
+        set ipv6-dns-server2 ::
+        set ipv6-wins-server1 ::
+        set ipv6-wins-server2 ::
+        set host-check none
+        set mac-addr-check disable
+        set os-check disable
+        set forticlient-download-method direct
+        set customize-forticlient-download-url disable
+    next
+end
+config vpn ssl settings
+    set status enable
+    set reqclientcert disable
+    set ssl-max-proto-ver tls1-3
+    set ssl-min-proto-ver tls1-2
+    unset banned-cipher
+    set ciphersuite TLS-AES-128-GCM-SHA256 TLS-AES-256-GCM-SHA384 TLS-CHACHA20-POLY1305-SHA256
+    set ssl-insert-empty-fragment enable
+    set https-redirect disable
+    set x-content-type-options enable
+    set ssl-client-renegotiation disable
+    set force-two-factor-auth disable
+    set servercert "Fortinet_Factory"
+    set algorithm high
+    set idle-timeout 300
+    set auth-timeout 28800
+    set login-attempt-limit 2
+    set login-block-time 60
+    set login-timeout 30
+    set dtls-hello-timeout 10
+    set dns-suffix ''
+    set dns-server1 0.0.0.0
+    set dns-server2 0.0.0.0
+    set wins-server1 0.0.0.0
+    set wins-server2 0.0.0.0
+    set ipv6-dns-server1 ::
+    set ipv6-dns-server2 ::
+    set ipv6-wins-server1 ::
+    set ipv6-wins-server2 ::
+    set url-obscuration disable
+    set http-compression disable
+    set http-only-cookie enable
+    set port 443
+    set port-precedence enable
+    set auto-tunnel-static-route enable
+    set header-x-forwarded-for add
+    set dtls-tunnel enable
+    set check-referer disable
+    set http-request-header-timeout 20
+    set http-request-body-timeout 30
+    set auth-session-check-source-ip enable
+    set tunnel-connect-without-reauth disable
+    set hsts-include-subdomains disable
+    set transform-backward-slashes disable
+    set encode-2f-sequence disable
+    set encrypt-and-store-password disable
+    set client-sigalgs all
+    set dual-stack-mode disable
+    set tunnel-addr-assigned-method first-available
+    set saml-redirect-port 8020
+    set dtls-max-proto-ver dtls1-2
+    set dtls-min-proto-ver dtls1-0
+end
+config vpn ssl web user-group-bookmark
+end
+config vpn ssl web user-bookmark
+end
+config vpn ssl client
+end
+config system sdwan
+    set status disable
+    set load-balance-mode source-ip-based
+    set speedtest-bypass-routing disable
+    set duplication-max-num 2
+    set neighbor-hold-down disable
+    set neighbor-hold-down-time 0
+    set neighbor-hold-boot-time 0
+    set fail-detect disable
+    config zone
+        edit "virtual-wan-link"
+            set service-sla-tie-break cfg-order
+        next
+    end
+    config health-check
+        edit "Default_DNS"
+            set probe-packets enable
+            set addr-mode ipv4
+            set system-dns enable
+            set detect-mode active
+            set ha-priority 1
+            set dns-request-domain "www.example.com"
+            set dns-match-ip 0.0.0.0
+            set interval 1000
+            set probe-timeout 1000
+            set failtime 5
+            set recoverytime 10
+            set probe-count 30
+            set diffservcode 000000
+            set update-cascade-interface enable
+            set update-static-route enable
+            set sla-fail-log-period 0
+            set sla-pass-log-period 0
+            set threshold-warning-packetloss 0
+            set threshold-alert-packetloss 0
+            set threshold-warning-latency 0
+            set threshold-alert-latency 0
+            set threshold-warning-jitter 0
+            set threshold-alert-jitter 0
+            config sla
+                edit 1
+                    set link-cost-factor latency jitter packet-loss
+                    set latency-threshold 250
+                    set jitter-threshold 50
+                    set packetloss-threshold 5
+                next
+            end
+        next
+        edit "Default_Office_365"
+            set probe-packets enable
+            set addr-mode ipv4
+            set server "www.office.com"
+            set detect-mode active
+            set protocol http
+            set port 0
+            set ha-priority 1
+            set http-get "/"
+            set http-agent "Chrome/ Safari/"
+            set http-match ''
+            set interval 1000
+            set probe-timeout 1000
+            set failtime 5
+            set recoverytime 10
+            set probe-count 30
+            set diffservcode 000000
+            set update-cascade-interface enable
+            set update-static-route enable
+            set sla-fail-log-period 0
+            set sla-pass-log-period 0
+            set threshold-warning-packetloss 0
+            set threshold-alert-packetloss 0
+            set threshold-warning-latency 0
+            set threshold-alert-latency 0
+            set threshold-warning-jitter 0
+            set threshold-alert-jitter 0
+            config sla
+                edit 1
+                    set link-cost-factor latency jitter packet-loss
+                    set latency-threshold 250
+                    set jitter-threshold 50
+                    set packetloss-threshold 5
+                next
+            end
+        next
+        edit "Default_Gmail"
+            set probe-packets enable
+            set addr-mode ipv4
+            set server "gmail.com"
+            set detect-mode active
+            set protocol ping
+            set ha-priority 1
+            set interval 1000
+            set probe-timeout 1000
+            set failtime 5
+            set recoverytime 10
+            set probe-count 30
+            set diffservcode 000000
+            set update-cascade-interface enable
+            set update-static-route enable
+            set sla-fail-log-period 0
+            set sla-pass-log-period 0
+            set threshold-warning-packetloss 0
+            set threshold-alert-packetloss 0
+            set threshold-warning-latency 0
+            set threshold-alert-latency 0
+            set threshold-warning-jitter 0
+            set threshold-alert-jitter 0
+            config sla
+                edit 1
+                    set link-cost-factor latency jitter packet-loss
+                    set latency-threshold 250
+                    set jitter-threshold 50
+                    set packetloss-threshold 2
+                next
+            end
+        next
+        edit "Default_Google Search"
+            set probe-packets enable
+            set addr-mode ipv4
+            set server "www.google.com"
+            set detect-mode active
+            set protocol http
+            set port 0
+            set ha-priority 1
+            set http-get "/"
+            set http-agent "Chrome/ Safari/"
+            set http-match ''
+            set interval 1000
+            set probe-timeout 1000
+            set failtime 5
+            set recoverytime 10
+            set probe-count 30
+            set diffservcode 000000
+            set update-cascade-interface enable
+            set update-static-route enable
+            set sla-fail-log-period 0
+            set sla-pass-log-period 0
+            set threshold-warning-packetloss 0
+            set threshold-alert-packetloss 0
+            set threshold-warning-latency 0
+            set threshold-alert-latency 0
+            set threshold-warning-jitter 0
+            set threshold-alert-jitter 0
+            config sla
+                edit 1
+                    set link-cost-factor latency jitter packet-loss
+                    set latency-threshold 250
+                    set jitter-threshold 50
+                    set packetloss-threshold 5
+                next
+            end
+        next
+        edit "Default_FortiGuard"
+            set probe-packets enable
+            set addr-mode ipv4
+            set server "fortiguard.com"
+            set detect-mode active
+            set protocol http
+            set port 0
+            set ha-priority 1
+            set http-get "/"
+            set http-agent "Chrome/ Safari/"
+            set http-match ''
+            set interval 1000
+            set probe-timeout 1000
+            set failtime 5
+            set recoverytime 10
+            set probe-count 30
+            set diffservcode 000000
+            set update-cascade-interface enable
+            set update-static-route enable
+            set sla-fail-log-period 0
+            set sla-pass-log-period 0
+            set threshold-warning-packetloss 0
+            set threshold-alert-packetloss 0
+            set threshold-warning-latency 0
+            set threshold-alert-latency 0
+            set threshold-warning-jitter 0
+            set threshold-alert-jitter 0
+            config sla
+                edit 1
+                    set link-cost-factor latency jitter packet-loss
+                    set latency-threshold 250
+                    set jitter-threshold 50
+                    set packetloss-threshold 5
+                next
+            end
+        next
+    end
+end
+config vpn ipsec phase1
+end
+config vpn ipsec phase2
+end
+config vpn ipsec manualkey
+end
+config vpn ipsec concentrator
+end
+config vpn ipsec fec
+end
+config vpn ipsec phase1-interface
+end
+config vpn ipsec phase2-interface
+end
+config vpn ipsec manualkey-interface
+end
+config vpn pptp
+    set status disable
+end
+config vpn l2tp
+    set status disable
+    set lcp-max-echo-fails 3
+    set hello-interval 60
+end
+config vpn ipsec forticlient
+end
+config dnsfilter domain-filter
+end
+config dnsfilter profile
+    edit "default"
+        set comment "Default dns filtering."
+        config domain-filter
+            unset domain-filter-table
+        end
+        config ftgd-dns
+            unset options
+            config filters
+                edit 1
+                    set category 2
+                    set action monitor
+                next
+                edit 2
+                    set category 7
+                    set action monitor
+                next
+                edit 3
+                    set category 8
+                    set action monitor
+                next
+                edit 4
+                    set category 9
+                    set action monitor
+                next
+                edit 5
+                    set category 11
+                    set action monitor
+                next
+                edit 6
+                    set category 12
+                    set action monitor
+                next
+                edit 7
+                    set category 13
+                    set action monitor
+                next
+                edit 8
+                    set category 14
+                    set action monitor
+                next
+                edit 9
+                    set category 15
+                    set action monitor
+                next
+                edit 10
+                    set category 16
+                    set action monitor
+                next
+                edit 11
+                    set category 0
+                    set action monitor
+                next
+                edit 12
+                    set category 57
+                    set action monitor
+                next
+                edit 13
+                    set category 63
+                    set action monitor
+                next
+                edit 14
+                    set category 64
+                    set action monitor
+                next
+                edit 15
+                    set category 65
+                    set action monitor
+                next
+                edit 16
+                    set category 66
+                    set action monitor
+                next
+                edit 17
+                    set category 67
+                    set action monitor
+                next
+                edit 18
+                    set category 26
+                    set action block
+                    set log enable
+                next
+                edit 19
+                    set category 61
+                    set action block
+                    set log enable
+                next
+                edit 20
+                    set category 86
+                    set action block
+                    set log enable
+                next
+                edit 21
+                    set category 88
+                    set action block
+                    set log enable
+                next
+                edit 22
+                    set category 90
+                    set action block
+                    set log enable
+                next
+                edit 23
+                    set category 91
+                    set action block
+                    set log enable
+                next
+            end
+        end
+        set log-all-domain disable
+        set sdns-ftgd-err-log enable
+        set sdns-domain-log enable
+        set block-action redirect
+        set block-botnet enable
+        set safe-search disable
+        set redirect-portal 0.0.0.0
+        set redirect-portal6 ::
+    next
+end
+config system gre-tunnel
+end
+config system ipsec-aggregate
+end
+config system ipip-tunnel
+end
+config system mobile-tunnel
+end
+config system pppoe-interface
+end
+config system vxlan
+end
+config system geneve
+end
+config system virtual-wire-pair
+end
+config system dns-database
+end
+config system dns-server
+end
+config log custom-field
+end
+config antivirus settings
+    set machine-learning-detection enable
+    set use-extreme-db disable
+    set grayware enable
+    set override-timeout 0
+    set cache-infected-result enable
+end
+config antivirus quarantine
+    set agelimit 0
+    set maxfilesize 0
+    set quarantine-quota 0
+    unset drop-infected
+    set store-infected imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
+    unset drop-blocked
+    set store-blocked imap smtp pop3 http ftp nntp imaps smtps pop3s ftps mapi cifs ssh
+    unset drop-machine-learning
+    set store-machine-learning imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
+    set lowspace ovrw-old
+    set destination disk
+end
+config ssh-filter profile
+end
+config antivirus profile
+    edit "g-default"
+        set comment "Scan files and block viruses."
+        set replacemsg-group ''
+        set mobile-malware-db enable
+        config http
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config ftp
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config imap
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config pop3
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config smtp
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config nntp
+            set av-scan disable
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config cifs
+            set av-scan disable
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config nac-quar
+            set infected none
+            set log disable
+        end
+        set outbreak-prevention-archive-scan disable
+        set external-blocklist-enable-all enable
+        set ems-threat-feed disable
+        set av-virus-log enable
+        set av-block-log enable
+        set extended-log disable
+    next
+    edit "g-sniffer-profile"
+        set comment "Scan files and monitor viruses."
+        set replacemsg-group ''
+        set mobile-malware-db enable
+        config http
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config ftp
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config imap
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config pop3
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config smtp
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config nntp
+            set av-scan disable
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config cifs
+            set av-scan disable
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config nac-quar
+            set infected none
+            set log disable
+        end
+        set outbreak-prevention-archive-scan disable
+        set external-blocklist-enable-all enable
+        set ems-threat-feed disable
+        set av-virus-log enable
+        set av-block-log enable
+        set extended-log disable
+    next
+    edit "g-wifi-default"
+        set comment "Default configuration for offloading WiFi traffic."
+        set replacemsg-group ''
+        set mobile-malware-db enable
+        config http
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config ftp
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config imap
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config pop3
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config smtp
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config nntp
+            set av-scan disable
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config cifs
+            set av-scan disable
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config nac-quar
+            set infected none
+            set log disable
+        end
+        set outbreak-prevention-archive-scan disable
+        set external-blocklist-enable-all enable
+        set ems-threat-feed disable
+        set av-virus-log enable
+        set av-block-log enable
+        set extended-log disable
+    next
+end
+config file-filter profile
+    edit "g-default"
+        set comment "File type inspection."
+        set replacemsg-group ''
+        set log enable
+        set extended-log disable
+        set scan-archive-contents enable
+    next
+    edit "g-sniffer-profile"
+        set comment "File type inspection."
+        set replacemsg-group ''
+        set log enable
+        set extended-log disable
+        set scan-archive-contents enable
+    next
+end
+config webfilter profile
+    edit "g-default"
+        set comment "Default web filtering."
+        set replacemsg-group ''
+        unset options
+        set https-replacemsg enable
+        set post-action normal
+        config web
+            set bword-threshold 10
+            unset bword-table
+            unset urlfilter-table
+            unset content-header-list
+            set blocklist disable
+            unset allowlist
+        end
+        set log-all-url disable
+        set web-content-log enable
+        set web-filter-command-block-log enable
+        set web-filter-cookie-log enable
+        set web-url-log enable
+        set web-invalid-domain-log enable
+        set extended-log disable
+    next
+    edit "g-sniffer-profile"
+        set comment "Monitor web traffic."
+        set replacemsg-group ''
+        unset options
+        set https-replacemsg enable
+        set post-action normal
+        config web
+            set bword-threshold 10
+            unset bword-table
+            unset urlfilter-table
+            unset content-header-list
+            set blocklist disable
+            unset allowlist
+        end
+        set log-all-url disable
+        set web-content-log enable
+        set web-filter-command-block-log enable
+        set web-filter-cookie-log enable
+        set web-url-log enable
+        set web-invalid-domain-log enable
+        set extended-log disable
+    next
+    edit "g-wifi-default"
+        set comment "Default configuration for offloading WiFi traffic."
+        set replacemsg-group ''
+        set options block-invalid-url
+        set https-replacemsg enable
+        set post-action normal
+        config web
+            set bword-threshold 10
+            unset bword-table
+            unset urlfilter-table
+            unset content-header-list
+            set blocklist disable
+            unset allowlist
+        end
+        set log-all-url disable
+        set web-content-log enable
+        set web-filter-command-block-log enable
+        set web-filter-cookie-log enable
+        set web-url-log enable
+        set web-invalid-domain-log enable
+        set extended-log disable
+    next
+end
+config webfilter ftgd-local-rating
+end
+config webfilter search-engine
+    edit "g-baidu"
+        set hostname ".*\\.baidu\\.com"
+        set url "^\\/s?\\?"
+        set query "wd="
+        set safesearch disable
+    next
+    edit "g-baidu2"
+        set hostname ".*\\.baidu\\.com"
+        set url "^\\/(ns|q|m|i|v)\\?"
+        set query "word="
+        set safesearch disable
+    next
+    edit "g-baidu3"
+        set hostname "tieba\\.baidu\\.com"
+        set url "^\\/f\\?"
+        set query "kw="
+        set safesearch disable
+    next
+    edit "g-bing"
+        set hostname ".*\\.bing\\..*"
+        set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
+        set query "q="
+        set safesearch header
+    next
+    edit "g-google"
+        set hostname ".*\\.google\\..*"
+        set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
+        set query "q="
+        set safesearch url
+        set safesearch-str "&safe=active"
+    next
+    edit "g-google-translate-1"
+        set hostname "translate\\.google\\..*"
+        set url "^\\/translate"
+        set query "u="
+        set safesearch translate
+    next
+    edit "g-google-translate-2"
+        set hostname ".*\\.translate\\.goog"
+        set url "^\\/"
+        set query ''
+        set safesearch translate
+    next
+    edit "g-twitter"
+        set hostname "twitter\\.com"
+        set url "^\\/i\\/api\\/graphql\\/.*\\/UserByScreenName"
+        set query "variables="
+        set safesearch translate
+    next
+    edit "g-vimeo"
+        set hostname ".*vimeo.*"
+        set url "^\\/search\\?"
+        set query "q="
+        set safesearch header
+    next
+    edit "g-yahoo"
+        set hostname ".*\\.yahoo\\..*"
+        set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
+        set query "p="
+        set safesearch url
+        set safesearch-str "&vm=r"
+    next
+    edit "g-yandex"
+        set hostname "yandex\\..*"
+        set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"
+        set query "text="
+        set safesearch url
+        set safesearch-str "&family=yes"
+    next
+    edit "g-youtube"
+        set hostname ".*youtube.*"
+        set url ''
+        set query ''
+        set safesearch header
+    next
+    edit "g-yt-channel"
+        set hostname ''
+        set url "www.youtube.com/channel"
+        set query ''
+        set safesearch yt-channel
+    next
+    edit "g-yt-pattern"
+        set hostname ''
+        set url "youtube.com/channel/"
+        set query ''
+        set safesearch yt-pattern
+    next
+    edit "g-yt-scan-1"
+        set hostname ''
+        set url "www.youtube.com/user/"
+        set query ''
+        set safesearch yt-scan
+    next
+    edit "g-yt-scan-2"
+        set hostname ''
+        set url "www.youtube.com/youtubei/v1/browse"
+        set query ''
+        set safesearch yt-scan
+    next
+    edit "g-yt-scan-3"
+        set hostname ''
+        set url "www.youtube.com/youtubei/v1/player"
+        set query ''
+        set safesearch yt-scan
+    next
+    edit "g-yt-scan-4"
+        set hostname ''
+        set url "www.youtube.com/youtubei/v1/navigator"
+        set query ''
+        set safesearch yt-scan
+    next
+    edit "translate"
+        set hostname "translate\\.google\\..*"
+        set url "^\\/translate\\?"
+        set query "u="
+        set safesearch translate
+    next
+    edit "yt-video"
+        set hostname ''
+        set url "www.youtube.com/watch"
+        set query ''
+        set safesearch yt-video
+    next
+end
+config emailfilter profile
+    edit "default"
+        set comment "Malware and phishing URL filtering."
+        set replacemsg-group ''
+        set spam-log enable
+        set spam-filtering disable
+        set external disable
+        unset options
+        config imap
+            set log-all disable
+        end
+        config pop3
+            set log-all disable
+        end
+        config smtp
+            set log-all disable
+        end
+        config msn-hotmail
+            set log-all disable
+        end
+        config gmail
+            set log-all disable
+        end
+        set spam-bword-threshold 10
+        unset spam-bword-table
+        unset spam-bal-table
+        unset spam-mheader-table
+        unset spam-rbl-table
+        unset spam-iptrust-table
+        set spam-log-fortiguard-response disable
+    next
+    edit "sniffer-profile"
+        set comment "Malware and phishing URL monitoring."
+        set replacemsg-group ''
+        set spam-log enable
+        set spam-filtering disable
+        set external disable
+        unset options
+        config imap
+            set log-all disable
+        end
+        config pop3
+            set log-all disable
+        end
+        config smtp
+            set log-all disable
+        end
+        config msn-hotmail
+            set log-all disable
+        end
+        config gmail
+            set log-all disable
+        end
+        set spam-bword-threshold 10
+        unset spam-bword-table
+        unset spam-bal-table
+        unset spam-mheader-table
+        unset spam-rbl-table
+        unset spam-iptrust-table
+        set spam-log-fortiguard-response disable
+    next
+end
+config wanopt settings
+    set host-id "default-id"
+    set tunnel-ssl-algorithm high
+    set auto-detect-algorithm simple
+    set tunnel-optimization balanced
+end
+config wanopt peer
+end
+config wanopt auth-group
+end
+config wanopt profile
+    edit "default"
+        set transparent enable
+        set comments "Default WANopt profile."
+        set auth-group ''
+        config http
+            set status disable
+            set secure-tunnel disable
+            set byte-caching enable
+            set ssl disable
+            set prefer-chunking fix
+            set protocol-opt protocol
+            set tunnel-sharing private
+            set log-traffic enable
+        end
+        config cifs
+            set status disable
+            set secure-tunnel disable
+            set byte-caching enable
+            set prefer-chunking fix
+            set protocol-opt protocol
+            set tunnel-sharing private
+            set log-traffic enable
+        end
+        config mapi
+            set status disable
+            set secure-tunnel disable
+            set byte-caching enable
+            set tunnel-sharing private
+            set log-traffic enable
+        end
+        config ftp
+            set status disable
+            set secure-tunnel disable
+            set byte-caching enable
+            set ssl disable
+            set prefer-chunking fix
+            set protocol-opt protocol
+            set tunnel-sharing private
+            set log-traffic enable
+        end
+        config tcp
+            set status disable
+        end
+    next
+end
+config system speed-test-server
+end
+config log memory setting
+    set status enable
+end
+config log disk setting
+    set status disable
+end
+config log eventfilter
+    set event enable
+    set system enable
+    set vpn enable
+    set user enable
+    set router enable
+    set wireless-activity enable
+    set wan-opt enable
+    set endpoint enable
+    set ha enable
+    set security-rating enable
+    set fortiextender enable
+    set connector enable
+    set sdwan enable
+    set cifs enable
+    set switch-controller enable
+end
+config log memory filter
+    set severity information
+    set forward-traffic enable
+    set local-traffic enable
+    set multicast-traffic enable
+    set sniffer-traffic enable
+    set ztna-traffic enable
+    set anomaly enable
+    set voip enable
+    set gtp enable
+end
+config log disk filter
+    set severity information
+    set forward-traffic enable
+    set local-traffic enable
+    set multicast-traffic enable
+    set sniffer-traffic enable
+    set ztna-traffic enable
+    set anomaly enable
+    set voip enable
+    set dlp-archive enable
+    set gtp enable
+end
+config log fortiguard override-setting
+    set override disable
+    set access-config enable
+end
+config log tacacs+accounting setting
+    set status disable
+end
+config log tacacs+accounting2 setting
+    set status disable
+end
+config log tacacs+accounting3 setting
+    set status disable
+end
+config log tacacs+accounting filter
+    set login-audit enable
+    set config-change-audit enable
+    set cli-cmd-audit enable
+end
+config log tacacs+accounting2 filter
+    set login-audit enable
+    set config-change-audit enable
+    set cli-cmd-audit enable
+end
+config log tacacs+accounting3 filter
+    set login-audit enable
+    set config-change-audit enable
+    set cli-cmd-audit enable
+end
+config log null-device setting
+    set status disable
+end
+config log null-device filter
+    set severity information
+    set forward-traffic enable
+    set local-traffic enable
+    set multicast-traffic enable
+    set sniffer-traffic enable
+    set ztna-traffic enable
+    set anomaly enable
+    set voip enable
+    set gtp enable
+end
+config log setting
+    set resolve-ip disable
+    set resolve-port enable
+    set log-user-in-upper disable
+    set fwpolicy-implicit-log disable
+    set fwpolicy6-implicit-log disable
+    set log-invalid-packet disable
+    set local-in-allow disable
+    set local-in-deny-unicast disable
+    set local-in-deny-broadcast disable
+    set local-out disable
+    set neighbor-event disable
+    set brief-traffic-format disable
+    set user-anonymize disable
+    set fortiview-weekly-data disable
+    set expolicy-implicit-log disable
+    set log-policy-comment disable
+    set faz-override disable
+    set syslog-override disable
+    set rest-api-set disable
+    set rest-api-get disable
+end
+config log gui-display
+    set resolve-hosts enable
+    set resolve-apps enable
+    set fortiview-unscanned-apps disable
+end
+config system lldp network-policy
+end
+config firewall schedule onetime
+end
+config firewall schedule recurring
+    edit "always"
+        set start 00:00
+        set end 00:00
+        set day sunday monday tuesday wednesday thursday friday saturday
+        set color 0
+        set fabric-object disable
+    next
+    edit "none"
+        set start 00:00
+        set end 00:00
+        set day none
+        set color 0
+        set fabric-object disable
+    next
+    edit "default-darrp-optimize"
+        set start 01:00
+        set end 01:30
+        set day sunday monday tuesday wednesday thursday friday saturday
+        set color 0
+        set fabric-object disable
+    next
+end
+config firewall schedule group
+end
+config firewall ippool
+end
+config firewall ippool6
+end
+config firewall ldb-monitor
+end
+config firewall vip
+end
+config firewall vip6
+end
+config firewall vipgrp
+end
+config firewall vipgrp6
+end
+config firewall ssh local-key
+    edit "g-Fortinet_SSH_DSA1024"
+        set password ENC 9ut2AaBfjQ0NwI4M0S7vKGjTdAVxQLOObdcJVioPTgFCCMoRFhfCS/u30B2aQOOTJat/+RRzhEdLoX9eemLGbaMqvnVi133CUFJzgPtzy5jKULbtA0+19pQMOlMQHkaNQjIWFOVLK6C4TNq8wELV95dj+pCzoYV958hme7py/g23Z8qTNaRKsakPEOnzQIRMu7hZJA==
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCsTsvNYA
+0b26004l8z8i7xAAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDho
+KqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTq
+a7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq
+7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXk
+jxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFR
+XsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEe
+P+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5
+lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11G
+wlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQAAAHgzgAOtcSS6fPeDulJ
+39PdJTzYpcTKSuHcUZV/mNHTzVhJqQxB6B9HLzfNKCy3EryifKql5HG2hhH6sggu00PbIl
+iLwFSIZRomdxWdDEC/0iOm/SvFkMMDR4R1VjNiqNsZcalKL0MuUbD65eRQEMhNwU+NnfD3
+w9zUGnQIrY823ehOaomlgzFJyBj88c3wOp/QAnaJwkK0q+F6pPUrA8Elyxjx95e2ysstac
+xjp4WRnWaAh13goad2tKPYRZr7LBYRpJMDLrTuedPzSbe+qgKEeMG3LiOX5dSEzRYh0CdL
+YihrYMyiosE9Q42QWGVt1tostNWY+P84pl6Ums5yH2ePz0htMhv6Ykcw+zuDGgDPQPIep+
+YivEsMViSNYAftgwHjKZY9vSm9Z080nCD1Y7am2KxKiDxLZjMpGoCqUVj0bgMRatalRs9e
+ZeRwi8Snls61FjQiyIFMcfKsihvBrZaFKIz53IBgSFp3t3vmOB1PVHy9oW0DqP8vgCu6qy
+wgqiinAB9ITb6R899zqkf6OTL/gTmZvZJQdG6X/L6xM/GeqAlbNqq/XUI2W/3AGGFYurRb
+floJVo0ZGUcsZBwbJZf83CXohyF0ZxU+BA7z/THjasuxqgW+xil417cAAMx1kY0x
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDhoKqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTqa7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXkjxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFRXsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEeP+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11GwlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQ="
+        set source built-in
+    next
+    edit "g-Fortinet_SSH_ECDSA256"
+        set password ENC rvV/D7l8eRvb6SYYfiMj0/IYkgHAh9VBu6zD3Lw/1WpCBZtHJwG4ASmEb+fsOXeZ23dCHQRZfChA70Ezc5LQvOljSvG7i3kvrt+/trQIlDCo1FKN5q9V8qgXVT7O5iswJlSojSW4NtFG+8VnUSUXEyNK7/WfhBODOqoNo4SakjkDj+n2gTIxXoqCANZUX5x1A9038g==
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABC6LqlkPY
+/Hdb6OrWPuEFY0AAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
+dHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvK
+y7MHqF8ARHi1glc6RSoarryTUQuCIAAACgVxupR7dKdgRH81tvCGVVIDuY//Vx1Yi/Yk0h
+BPrtDwxQhyoplotmX9mTOqazAvefWgTaNjvM9ijdzDa4ZaqNRnnG3P2I6Q9MPhjJtAXU8d
+6sLeriRKwNwnKx2IOvUqw/Pwe6rsubJPij0vXYi/cYVz21DERJvAG+5+1ADdYBbCKG7eEH
+84sWnBQ98dSS7TCNT3vSK6o2Bd6JddGULj+UPw==
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvKy7MHqF8ARHi1glc6RSoarryTUQuCI="
+        set source built-in
+    next
+    edit "g-Fortinet_SSH_ECDSA384"
+        set password ENC ThurKVlIXHwlanucyho0akhDkP255V2NIm2Kzn24hK7AtjjeAjFCHYa23DVDTFdFZAa6UnNnWg/iTRdvWSjH7TYQKXAANZVgw0V3oy70GQPCxsCrSvMz6O42uAVCqRBlbFwhmxDbITtSAEWy24t7javNpCyZMkUj/N7s5XL0HLeYhrbgzhp8FfBNNLhXvRUhElUMEw==
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB0uOieAX
+++ifn8DLavtjHxAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
+dHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMj
+U5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXx
+dgAAANBLValBjOP2r5C1kT+Yr9A5Ce28py9bbFBwKGsyJRRyVOmJJvq/CjlgWrdenCuNED
+QUokZvQZZhhbXnk4KZcl/XWrq1b2lCxwSBLiiGLpyNUg+AvIRs13UiMZtLJLbxRR43BNpZ
+9FDCpid1AfE6TwpGvdx1dn6Ah4nfcxO7emsKe15Gri6KKxZxLD2ITDErEPrfZ5S8FBNKYW
+HQFDVYdALCo70/aeJhlUqqW4Xq2SW4LLvSFw0aeRi1GGUS+ym6ffR9h8h9cVatLZs8h6st
+2F3+
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMjU5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXxdg=="
+        set source built-in
+    next
+    edit "g-Fortinet_SSH_ECDSA521"
+        set password ENC Kmu4+1BektmeGOKyuMlnFsAPHXb+9A2uhVNGOZwdoxXTiD44HEEot8jIVlEcPFV+qBREtnEFKtctPpcmuLn7HJMnwOm2uOYsfadsz4G2oZwfw8DGhIeV/MBfkXXaUXId4xyU2nJ6nLOUhw/qtua9B8DB08DK3l8xS+/ybQ2BQ8HcU45Iota9j9WMLfYTqxopt8AtRw==
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCBJpFvQr
++3HPGMTII33aC8AAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
+dHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdF
+t5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+K
+HPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RAAAAQAIIfxsaGk5HnTJGL
+gKLEvymOn6YH6QOWCl3sPREJV3f1eePm1s+1AYbP9In7PkE7QJAxsFua8lebxEp6Uif4xA
+NkmFr2DxyTQX109wM71cssRrSvjlYiMJqFd2l8xeqlZA+2YEYCKkVZnJBry/oKoDfcELyX
+1EJVj9DPHrjRA1Y0VqOyXqLbmf5iZaLZskZ3LzRE2mH08rL5h+eYbeJVD0UmKN7NdwJtU9
+We+TPo2xrB6elHZIMlV4ppGUPifwR5ni+ZRgS+o/+zoHu29PEvGztRWNBN957ZaTGd5eNY
+v/mW78+7F5tmt/KkV2SW7sJmZxcPoA0ONHwtHmaHqdhuua
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdFt5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+KHPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RA=="
+        set source built-in
+    next
+    edit "g-Fortinet_SSH_ED25519"
+        set password ENC FzvZOpfzS3X8uPTBfeG8aXSVtFURgvWYP/8QFarl+UjA9RkuhexdClISVsEgeE3NcURDuqVQ73YvYlDB8HVjO3IA0YJT2PTKY7nXmHcbjwZNABDuh+His/zLiVDScv+dxwy+R1RJwaKxS/PnnmS5+BSM5eJ0wuMnpzHjLauT0vM9kkDuJCuP1jigBCe7BBuQywzv4g==
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDW2SdDDT
++IBJQ0+eayPutWAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd
+3JUEAvHnugjOGiXz5Puxg/8YfanOAAAAkMpcWN7RXKH/uB0iWRlrAKTPHK0f1xqBoz6yqO
+V89vDInRfhlwYhS9AuFfm2OElbDGek4zOMNpFrGa7tlJw1NC74SQlDkBe1wrLauUy9MLyk
+ZCBfC6Gw8g7S3xwMYKQ+AVUjfQ2x/800xJhBLKH/3X5gtyjIKuXhRTEjZQBbBQjWtDw++i
+9pkiQ2ltDNDw2Upw==
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd3JUEAvHnugjOGiXz5Puxg/8YfanO"
+        set source built-in
+    next
+    edit "g-Fortinet_SSH_RSA2048"
+        set password ENC QJmLy1wUzOv242pS2qq1/9p3mRAMNwfrYI/h5XHMz81oQGqi1OmLJqaFAGl3t6TAqgbyx9A8kKRLl1uNaZlrcZJ+nSwBjH3ZBvFkoGIWFx55E6YGQtiGODMBhhkjdo89hUqGyN/KNCbo+jQ+csTV3buIhlQDKlXmgvvKYmiI4j2i0ennTRQFglysz5WjETU+dSdKiQ==
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAFQPGDpG
+Q8o+mktySPJqK5AAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhh
+Q5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7
+A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GK
+hFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvC
+HA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8z
+OSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0vAAADwBoKo+7xugNDDC
+Xb+rcQGbPgkSpeDCY6NocfPJ99rrKPm2/Q230fzQ6LHbVTujGV3K+BamTb+CjXkZaXlvU/
+OrscZtORhABTRBd4/oY1nRjSDvQerQD8jjKAgJvqWE2KwPZJkenrdLPQeSjvfCTt28whuU
+FBEEsoQe3/L6FKL09xCmyjv4nozCDd6+/qHKhTXa3X9kuRHgjifu0GKAgVzVCbNCt4DHKD
+NzMLQEBvluihTyHefkeb0jY1InbckYU20NljTqEk0/F2koKrYi3YAg0mvZjM9tVx95zJNo
+TnsdlfdUZXMuWAV11rn6QrLfd8QrGwOUEWtYzZRhCcSFV1c32dCWMf7F6Zcn84g64HVMqB
+cd0ullOU9HmEtnbgZjtGXAWLFF+4SjmsHqI8TL0AZU85+aW6JB5XZ7WxunNSiP2DrF9Fss
+x8Qz5S/QJRb8d7lO5Laq4MGXyjaWpPQU+4Hl1lSBtuUp7lcMHMYy3jKXSroSzcDGocEN/A
+Ori4Mgc/nt7i7HHXOO2wEXHO5ibYfbSibPeUsbgdf6+777ND7kEXbcGJPvraeR4LmrO6T8
+cTLkXCakcXp6tLzwF0YEASKEEsr8gJcAPahsV2ITa1peppN/yA3+mW4bfAoNOE9HZYiYgO
+/1RGz1eIW5voQdPWbnw0kFGFBv4u4XT1dbXJUPpa/g+jfWjwyb4TDgVpMGMezfyYo7EBCz
+E3b0Rruyfo6AGgK0UmbrznOR6vApeRcjr+BrjNUPpqBcwfEbAPJMOlqaOVP3B37UBpbgDX
+pRoIAOTwEKtWwKN/wM8CmrRxqInWUBxf3FD4wc0O6eXUDQzKsQp/+X3l8sgtrNFa554LbW
+V5QF9BfO1IJig8yaki3xg+M8Hrf3kMlMeOWLXkCJ9aJf9GUFf4InyhXeyj4YwBPNb4FRCS
+ETU45sLhXhvRVPQGW9/PBj6y7i6qIE9oqlqiQ1SE0bUJTxey+4qD3WkPpHqSPQMeMkUmIv
+tpWKE15D5NTdKKtziX9e7D9mjfFh4Ab1CSZQALodWo9racYYIgl7Lfq/iLBt/lCRb75ZDx
++gPGjDrAuj+A4xbRmrRZbSHAVunAm2LEKgrILzfPG1GcWSdB0Yd3cc2HTrEuWQQsbNPiuN
+tRMPA5JODd1sqFRkUjZ2GWqL6YW2TlRXr8ZbLgzyWTlWY860QRUoEZKAKuZzFva1/MnHYc
+D9EWV32z3WAFXeOkdO53LirfXoyvz2JkQ1sDLFpLfpnvZPjy6fUd1t4uZ9oL4AUcG5A+sH
+Xt1vvScA==
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhhQ5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GKhFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvCHA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8zOSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0v"
+        set source built-in
+    next
+end
+config firewall ssh local-ca
+    edit "g-Fortinet_SSH_CA"
+        set password ENC bbQZp/wiWqkFcZwS5wnD3hBE934RPSLayPGYi/W1fRuzwpWZhA3LNmoab4E5BJmlh0IiaGncfDRaPyyWKP2Ze5D43sE4R4ECTTtli/p8YMvh+e5fUwuCpW0MS+rl+zWdWo1uepkxYzwmK41IvO4WvXFO+s2E0HEPVni1e7phN5p9lpom0A21r4nW1K7ljP3VJKySkA==
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBXtpsaPd
+cKixlCrpH1L+AaAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAAC
+NC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+U
+ZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGP
+E/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7A
+TB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIa
+Mk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9AAADwP015jrfUNd4Is
+nXeV2jaurZ4OE4N//EUdqSfty0cK61mhaqrWUdyzDhnsPacuNYO8Qf23oNsuBMgQk4VgKT
++RhSuipr6Q4i+7AFEdDz8JknAaIYmQQUgPli583uyXKk3tCeOu3lna6rCl0LQTUigS6oby
+5Ha/qPEZiTqGkydWdVm0J9q8VvBDBMIxYF2IEZTr+Ie9+N+fy53FwnK0Hfn9ZzC8eH2GWI
+pdDeCRNUlNbwFcNIbpOlo7HelDLxWvrLexIhdbEsZYfK98sCDkHAg8J1UtjiRXDnWOyamx
+MYL1FfzQG1dl/d5uR5OH8H0ULsu/PgJYGtNeumS7phEJOoqVjrWEoGCte3WEDdLl9kOxJz
+8B6JR1U0DifuSr64LrCuaLXjSd0RMQ/pqJdUfpyjVhBg+voS78b0J2CrMT6iFlVTgiJN/U
+wvCx4lh970xWzf/wwpRGN8aYM3oCZs/bDtDVwJxMttMFn/3dNTa6+E0/g3vPWM+o+/FUz+
+OKptMFTGqCLNwtLatTSRWFG3xu/5hIH8zlcSjycgu8GHeYjq3PRZdy2dFsAW9pUiaPIdHD
+PjoQgl13NZvl5NZYUDTKGqOnowLkI00NvoGlCqCtdMHtZ+ZMVZpFhgYBTnM+AprRbtiwWq
+JFRmwJlqDYZd+J1ugxuzS1UeN2lzs56GOPFnjqkhelrHxqq45H6KRNLEyCxyI6BhFFO69C
+Qest9C8MkpXOjU1+9MAXJ6JPbJJT5o2Fm1r6W7IlpMVifgDya2dSkvUBV/bUrRTB1jWAlN
++dwlacXiJrOEmllFNQr7ZG4aIN+tCGnRPO3LBIy5EQqORaM6XxmlN0Ok4KELiVQz+lYRx4
+KgREH9C7Bfh9GKZJQL7aWXb8+GgkD4WGN77iwKu6LIE6mOogapRn71Ci80/+NL6uMCrBKl
+uArsYelYs+3iZDAfRb67cqDSYWIm2uWJ9j6ZePWjqB7etXLfheIgPEXALsHfbzFqVxqeqZ
+8hIoe2BIrWxdAKSk0ZBeGhU+8pWqNNfr3FAbelg7en3/3hddLFKYJnImCsJnUESdySg0nL
+s/IjFJJoVg1KhtMsGH5nJyDBLRRSk2hIQ86OKbsWmtQV81kwLpssDBAtvI46Yi3aR1jqof
+S5QDHEI2fEhbvSFhdY26Vt9M+NGxYRASMoak6f6CYAC9xAG3BHjiBiEPzhkK6vmcfjjX+4
++y5RZ3i75Vodx9N1FYWlhGo/430Q8E1IlWSAYlW7elypTnrfpHhTBJ5KN/cH0jRECai4gr
+ABMNge5w==
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAACNC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+UZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGPE/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7ATB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIaMk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9"
+        set source built-in
+    next
+    edit "g-Fortinet_SSH_CA_Untrusted"
+        set password ENC jHwYvq8fe5VsB66Maqcjd8CzGUNvahD0YRpR0OVr6caDiGHExCgsdqOveDeAcd7Vwox+hWdbEmfQZQdjX6CT+bLFSOZe5UQXS0HU/66v2MoqoXgEL5sH7WPk6GGLekOwDS7echL+eaHRjOGUpXpmQr+WcRKT4hODL3ck/t6qMRQzXXM0+bwwRGsFA9yepAw4UQgHtw==
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABD/KlvLSV
+ypHyY6ugUeE/hMAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9
+RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lE
+ZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eU
+iw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFG
+Xi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mv
+NVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZlAAADwDMtKa5JA56wxK
+0V/lnCF4yiSneXjb/G6Sdt6RMxopk4ZeIrHTzQYZejJcYWY4fq/1Ifu/bhWryo4fimHzQB
+Emd8yKx3JVno0jqb+DXgC0ggoOVyEoSxImfjeX9utZifTv7IDppx5JIUy9fV0uTa3K4OH+
+xhExXukD4qKjlkmOoa1+Pn8GuuayjIzWY/45Vvmgx6cRQJ2zK9YzMrf+1atXJzEmjsQ0t/
+UZd0hWfYfTebwR0JTt3tF9nUJPMx8vI564EuHz+xN1I7CQdj+Oif2bTyv3Fu/3yKQuAm6n
+NRDCNj+NgMHyAu5q6rxIqHTH4oZnJ0OQwu1Gsk8FhzMHZdW7ZHOIxihR71axts/g5NuBri
+aUyfDT6X6w847kQO/ijODuTD3N0lnsPQMWCijRUrF4F0l3D2hXM1fNVELAHkO1hO27LSrC
+iNWtrhbn1NmJSitwYSieTTczKa6+TkRg31w52JR8Cjpk0Q/9Xih8p5m48Ywo35ZBWE3jC4
+NGeXKX5t8hNilVuHb6amgNXtoREM178ursALABc4uPoqV5jdKjZ5HfDgxPayJP0a02iD3F
+zpXvq5+Povk0WbuRW0cOg6Xri3pL5zr0YrGysKKV02urJv7AMRr3e81kzIs6hGDAdFRZEB
+VaLk8e8GIm1KdutZ5VyunrhEEQuXjwRbgUMHWbLYGyl6NcR6VrTR3mAxietZJ+vpO/j1U+
+jL+RcZwQs2RF0l/sKJ4GYXEKG1Dg7HaduzQVX5MZMkf4YDs43SZMCP2gecIKrqZpn9MEGk
+1JewLIQq7bioSpXHzLgE6WyXVLsNNWrEv1/BxJIKtZ5BySsL8H14kzQYZxcobQ3jZX3GSL
+eaPyZwBs+M5VadHELZp61eUB1+OGMYQOHogihV5KRfudQAjmtak3e5xDtmXzrNaKF+webM
+vMvSL6na2ADlDjS5m6FB4SQhcO/e4DERGKHZVV0r00CSamcTDCtcBHXNkoIQJVH0+uZxfo
+/5Tzu5Nsy6QieR3zwT7Jqv3jgJt7hnhm3tjE+eomJ7i05qYihnvj0XAAtRllhq25UhJXh1
+Uaw0c0H18jz0NP63FbFNXcPJJrhQkiELsZvNDi/U+XvbLlwwZZjXYrzSB7Gi1ImFRx85/S
+pkYR0drWgEM1k17hqSpS6RxxnL4ReX4UuwC8pJnkHFkmlz6oFWGJC07qcS7WXaTTLnvKNn
+vf2tdICS8wHNDfNVNnLha8hJHEZ3s6CwPVAZ+/M3YB4/RsSiK0D6aTTfcJi0aluTZtYF02
+PWD7d7mw==
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lEZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eUiw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFGXi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mvNVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZl"
+        set source built-in
+    next
+end
+config firewall ssh setting
+    set caname "g-Fortinet_SSH_CA"
+    set untrusted-caname "g-Fortinet_SSH_CA_Untrusted"
+    set hostkey-rsa2048 "g-Fortinet_SSH_RSA2048"
+    set hostkey-dsa1024 "g-Fortinet_SSH_DSA1024"
+    set hostkey-ecdsa256 "g-Fortinet_SSH_ECDSA256"
+    set hostkey-ecdsa384 "g-Fortinet_SSH_ECDSA384"
+    set hostkey-ecdsa521 "g-Fortinet_SSH_ECDSA521"
+    set hostkey-ed25519 "g-Fortinet_SSH_ED25519"
+    set host-trusted-checking enable
+end
+config firewall ssh host-key
+end
+config firewall decrypted-traffic-mirror
+end
+config firewall access-proxy-virtual-host
+end
+config firewall access-proxy-ssh-client-cert
+end
+config firewall access-proxy
+end
+config firewall access-proxy6
+end
+config firewall ipmacbinding setting
+    set bindthroughfw disable
+    set bindtofw disable
+end
+config firewall ipmacbinding table
+end
+config firewall profile-protocol-options
+    edit "default"
+        set comment "All default services."
+        set replacemsg-group ''
+        set oversize-log disable
+        set switching-protocols-log disable
+        config http
+            set ports 80
+            set status enable
+            set inspect-all disable
+            set proxy-after-tcp-handshake disable
+            unset options
+            set comfort-interval 10
+            set comfort-amount 1
+            set range-block disable
+            set strip-x-forwarded-for disable
+            unset post-lang
+            set streaming-content-bypass enable
+            set switching-protocols bypass
+            set unknown-http-version reject
+            set tunnel-non-http enable
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set stream-based-uncompressed-limit 0
+            set scan-bzip2 enable
+            set block-page-status-code 403
+            set retry-count 0
+            set tcp-window-type auto-tuning
+            set ssl-offloaded no
+            set address-ip-rating enable
+        end
+        config ftp
+            set ports 21
+            set status enable
+            set inspect-all disable
+            set options splice
+            set comfort-interval 10
+            set comfort-amount 1
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set stream-based-uncompressed-limit 0
+            set scan-bzip2 enable
+            set tcp-window-type auto-tuning
+            set ssl-offloaded no
+            set explicit-ftp-tls disable
+        end
+        config imap
+            set ports 143
+            set status enable
+            set inspect-all disable
+            set proxy-after-tcp-handshake disable
+            set options fragmail
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set scan-bzip2 enable
+            set ssl-offloaded no
+        end
+        config mapi
+            set ports 135
+            set status enable
+            set options fragmail
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set scan-bzip2 enable
+        end
+        config pop3
+            set ports 110
+            set status enable
+            set inspect-all disable
+            set proxy-after-tcp-handshake disable
+            set options fragmail
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set scan-bzip2 enable
+            set ssl-offloaded no
+        end
+        config smtp
+            set ports 25
+            set status enable
+            set inspect-all disable
+            set proxy-after-tcp-handshake disable
+            set options fragmail splice
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set scan-bzip2 enable
+            set server-busy disable
+            set ssl-offloaded no
+        end
+        config nntp
+            set ports 119
+            set status enable
+            set inspect-all disable
+            set proxy-after-tcp-handshake disable
+            set options splice
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set scan-bzip2 enable
+        end
+        config ssh
+            unset options
+            set comfort-interval 10
+            set comfort-amount 1
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set stream-based-uncompressed-limit 0
+            set scan-bzip2 enable
+            set tcp-window-type auto-tuning
+            set ssl-offloaded no
+        end
+        config dns
+            set ports 53
+            set status enable
+        end
+        config cifs
+            set ports 445
+            set status enable
+            unset options
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set scan-bzip2 enable
+            set tcp-window-type auto-tuning
+            set server-credential-type none
+        end
+        config mail-signature
+            set status disable
+            set signature ''
+        end
+        set rpc-over-http disable
+    next
+end
+config firewall ssl-ssh-profile
+    edit "certificate-inspection"
+        set comment "Read-only SSL handshake inspection profile."
+        config ssl
+            set inspect-all disable
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set min-allowed-ssl-version tls-1.1
+        end
+        config https
+            set ports 443
+            set status certificate-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set sni-server-cert-check enable
+            set cert-probe-failure block
+            set min-allowed-ssl-version tls-1.1
+        end
+        config ftps
+            set status disable
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set min-allowed-ssl-version tls-1.1
+        end
+        config imaps
+            set status disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config pop3s
+            set status disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config smtps
+            set status disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config ssh
+            set ports 22
+            set status disable
+            set inspect-all disable
+            set unsupported-version bypass
+            set ssh-tun-policy-check disable
+            set ssh-algorithm compatible
+        end
+        config dot
+            set status disable
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        set block-blocklisted-certificates enable
+        set caname "Fortinet_CA_SSL"
+        set ssl-anomaly-log enable
+        set ssl-negotiation-log disable
+        set ssl-server-cert-log disable
+        set ssl-handshake-log disable
+    next
+    edit "deep-inspection"
+        set comment "Read-only deep inspection profile."
+        config ssl
+            set inspect-all disable
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set min-allowed-ssl-version tls-1.1
+        end
+        config https
+            set ports 443
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set sni-server-cert-check enable
+            set min-allowed-ssl-version tls-1.1
+        end
+        config ftps
+            set ports 990
+            set status deep-inspection
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set min-allowed-ssl-version tls-1.1
+        end
+        config imaps
+            set ports 993
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config pop3s
+            set ports 995
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config smtps
+            set ports 465
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config ssh
+            set ports 22
+            set status disable
+            set inspect-all disable
+            set unsupported-version bypass
+            set ssh-tun-policy-check disable
+            set ssh-algorithm compatible
+        end
+        config dot
+            set status disable
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        set allowlist disable
+        set block-blocklisted-certificates enable
+        config ssl-exempt
+            edit 1
+                set type fortiguard-category
+                set fortiguard-category 31
+            next
+            edit 2
+                set type fortiguard-category
+                set fortiguard-category 33
+            next
+            edit 3
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-adobe"
+            next
+            edit 4
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Adobe Login"
+            next
+            edit 5
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-android"
+            next
+            edit 6
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-apple"
+            next
+            edit 7
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-appstore"
+            next
+            edit 8
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-auth.gfx.ms"
+            next
+            edit 9
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-citrix"
+            next
+            edit 10
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-dropbox.com"
+            next
+            edit 11
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-eease"
+            next
+            edit 12
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-firefox update server"
+            next
+            edit 13
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-fortinet"
+            next
+            edit 14
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-googleapis.com"
+            next
+            edit 15
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-drive"
+            next
+            edit 16
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play2"
+            next
+            edit 17
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play3"
+            next
+            edit 18
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Gotomeeting"
+            next
+            edit 19
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-icloud"
+            next
+            edit 20
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-itunes"
+            next
+            edit 21
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-microsoft"
+            next
+            edit 22
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-skype"
+            next
+            edit 23
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-softwareupdate.vmware.com"
+            next
+            edit 24
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-verisign"
+            next
+            edit 25
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Windows update 2"
+            next
+            edit 26
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-live.com"
+            next
+            edit 27
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play"
+            next
+            edit 28
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-update.microsoft.com"
+            next
+            edit 29
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-swscan.apple.com"
+            next
+            edit 30
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-autoupdate.opera.com"
+            next
+            edit 31
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-cdn-apple"
+            next
+            edit 32
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-mzstatic-apple"
+            next
+        end
+        set server-cert-mode re-sign
+        set caname "Fortinet_CA_SSL"
+        set untrusted-caname "Fortinet_CA_Untrusted"
+        set ssl-exemption-ip-rating enable
+        set ssl-exemption-log disable
+        set ssl-anomaly-log enable
+        set ssl-negotiation-log disable
+        set ssl-server-cert-log disable
+        set ssl-handshake-log disable
+        set rpc-over-https disable
+        set mapi-over-https disable
+        set supported-alpn all
+        set use-ssl-server disable
+    next
+    edit "custom-deep-inspection"
+        set comment "Customizable deep inspection profile."
+        config ssl
+            set inspect-all disable
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set min-allowed-ssl-version tls-1.1
+        end
+        config https
+            set ports 443
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set sni-server-cert-check enable
+            set min-allowed-ssl-version tls-1.1
+        end
+        config ftps
+            set ports 990
+            set status deep-inspection
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set min-allowed-ssl-version tls-1.1
+        end
+        config imaps
+            set ports 993
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config pop3s
+            set ports 995
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config smtps
+            set ports 465
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config ssh
+            set ports 22
+            set status disable
+            set inspect-all disable
+            set unsupported-version bypass
+            set ssh-tun-policy-check disable
+            set ssh-algorithm compatible
+        end
+        config dot
+            set status disable
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        set allowlist disable
+        set block-blocklisted-certificates enable
+        config ssl-exempt
+            edit 1
+                set type fortiguard-category
+                set fortiguard-category 31
+            next
+            edit 2
+                set type fortiguard-category
+                set fortiguard-category 33
+            next
+            edit 3
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-adobe"
+            next
+            edit 4
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Adobe Login"
+            next
+            edit 5
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-android"
+            next
+            edit 6
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-apple"
+            next
+            edit 7
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-appstore"
+            next
+            edit 8
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-auth.gfx.ms"
+            next
+            edit 9
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-citrix"
+            next
+            edit 10
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-dropbox.com"
+            next
+            edit 11
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-eease"
+            next
+            edit 12
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-firefox update server"
+            next
+            edit 13
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-fortinet"
+            next
+            edit 14
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-googleapis.com"
+            next
+            edit 15
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-drive"
+            next
+            edit 16
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play2"
+            next
+            edit 17
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play3"
+            next
+            edit 18
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Gotomeeting"
+            next
+            edit 19
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-icloud"
+            next
+            edit 20
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-itunes"
+            next
+            edit 21
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-microsoft"
+            next
+            edit 22
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-skype"
+            next
+            edit 23
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-softwareupdate.vmware.com"
+            next
+            edit 24
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-verisign"
+            next
+            edit 25
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Windows update 2"
+            next
+            edit 26
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-live.com"
+            next
+            edit 27
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play"
+            next
+            edit 28
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-update.microsoft.com"
+            next
+            edit 29
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-swscan.apple.com"
+            next
+            edit 30
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-autoupdate.opera.com"
+            next
+            edit 31
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-cdn-apple"
+            next
+            edit 32
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-mzstatic-apple"
+            next
+        end
+        set server-cert-mode re-sign
+        set caname "Fortinet_CA_SSL"
+        set untrusted-caname "Fortinet_CA_Untrusted"
+        set ssl-exemption-ip-rating enable
+        set ssl-exemption-log disable
+        set ssl-anomaly-log enable
+        set ssl-negotiation-log disable
+        set ssl-server-cert-log disable
+        set ssl-handshake-log disable
+        set rpc-over-https disable
+        set mapi-over-https disable
+        set supported-alpn all
+        set use-ssl-server disable
+    next
+    edit "no-inspection"
+        set comment "Read-only profile that does no inspection."
+        config ssl
+            set inspect-all disable
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set min-allowed-ssl-version tls-1.1
+        end
+        config https
+            set status disable
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set sni-server-cert-check enable
+            set min-allowed-ssl-version tls-1.1
+        end
+        config ftps
+            set status disable
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set min-allowed-ssl-version tls-1.1
+        end
+        config imaps
+            set status disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config pop3s
+            set status disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config smtps
+            set status disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config ssh
+            set ports 22
+            set status disable
+            set inspect-all disable
+            set unsupported-version bypass
+            set ssh-tun-policy-check disable
+            set ssh-algorithm compatible
+        end
+        config dot
+            set status disable
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        set block-blocklisted-certificates enable
+        set caname "Fortinet_CA_SSL"
+        set ssl-anomaly-log enable
+        set ssl-negotiation-log disable
+        set ssl-server-cert-log disable
+        set ssl-handshake-log disable
+    next
+end
+config waf profile
+    edit "default"
+        set external disable
+        set extended-log disable
+        config signature
+            config main-class 100000000
+                set status disable
+                set action block
+                set log enable
+                set severity high
+            end
+            config main-class 20000000
+                set status disable
+                set action allow
+                set log enable
+                set severity medium
+            end
+            config main-class 30000000
+                set status enable
+                set action block
+                set log enable
+                set severity high
+            end
+            config main-class 40000000
+                set status disable
+                set action allow
+                set log enable
+                set severity medium
+            end
+            config main-class 50000000
+                set status enable
+                set action block
+                set log enable
+                set severity high
+            end
+            config main-class 60000000
+                set status disable
+                set action allow
+                set log enable
+                set severity medium
+            end
+            config main-class 70000000
+                set status enable
+                set action block
+                set log enable
+                set severity high
+            end
+            config main-class 80000000
+                set status enable
+                set action allow
+                set log enable
+                set severity low
+            end
+            config main-class 110000000
+                set status enable
+                set action allow
+                set log enable
+                set severity high
+            end
+            config main-class 90000000
+                set status enable
+                set action block
+                set log enable
+                set severity high
+            end
+            set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002
+            set credit-card-detection-threshold 3
+        end
+        config constraint
+            config header-length
+                set status enable
+                set length 8192
+                set action allow
+                set log enable
+                set severity low
+            end
+            config content-length
+                set status enable
+                set length 67108864
+                set action allow
+                set log enable
+                set severity low
+            end
+            config param-length
+                set status enable
+                set length 8192
+                set action allow
+                set log enable
+                set severity low
+            end
+            config line-length
+                set status enable
+                set length 1024
+                set action allow
+                set log enable
+                set severity low
+            end
+            config url-param-length
+                set status enable
+                set length 8192
+                set action allow
+                set log enable
+                set severity low
+            end
+            config version
+                set status disable
+                set action allow
+                set log enable
+                set severity medium
+            end
+            config method
+                set status disable
+                set action block
+                set log enable
+                set severity medium
+            end
+            config hostname
+                set status disable
+                set action block
+                set log enable
+                set severity medium
+            end
+            config malformed
+                set status disable
+                set action allow
+                set log enable
+                set severity medium
+            end
+            config max-cookie
+                set status enable
+                set max-cookie 16
+                set action allow
+                set log enable
+                set severity low
+            end
+            config max-header-line
+                set status enable
+                set max-header-line 32
+                set action allow
+                set log enable
+                set severity low
+            end
+            config max-url-param
+                set status enable
+                set max-url-param 16
+                set action allow
+                set log enable
+                set severity low
+            end
+            config max-range-segment
+                set status enable
+                set max-range-segment 5
+                set action allow
+                set log enable
+                set severity high
+            end
+        end
+        config method
+            set status disable
+            set log disable
+            set severity medium
+            unset default-allowed-methods
+        end
+        config address-list
+            set status disable
+            set blocked-log disable
+            set severity medium
+        end
+        set comment ''
+    next
+end
+config firewall profile-group
+end
+config firewall ssl-server
+end
+config firewall identity-based-route
+end
+config firewall auth-portal
+    set portal-addr ''
+    set portal-addr6 ''
+    set identity-based-route ''
+end
+config firewall security-policy
+end
+config firewall policy
+    edit 1
+        set status enable
+        set name "Default"
+        set uuid bdf03fc8-3520-51ed-3963-cb429fce01ab
+        set srcintf "any"
+        set dstintf "any"
+        set nat64 disable
+        set nat46 disable
+        set ztna-status disable
+        set srcaddr "all"
+        set dstaddr "all"
+        set srcaddr6 "all"
+        set dstaddr6 "all"
+        set internet-service disable
+        set internet-service-src disable
+        set service "ALL"
+        set dynamic-shaping disable
+        set passive-wan-health-measurement disable
+        set ssl-ssh-profile "certificate-inspection"
+        set auto-asic-offload enable
+        set session-ttl 0
+        set fec disable
+        set diffserv-forward disable
+        set diffserv-reverse disable
+        set tcp-mss-sender 0
+        set tcp-mss-receiver 0
+        set comments ''
+        set srcaddr-negate disable
+        set dstaddr-negate disable
+        set service-negate disable
+    next
+end
+config firewall traffic-class
+end
+config firewall shaping-policy
+end
+config firewall shaping-profile
+end
+config firewall local-in-policy
+end
+config firewall local-in-policy6
+end
+config firewall ttl-policy
+end
+config firewall dnstranslation
+end
+config firewall multicast-policy
+end
+config firewall multicast-policy6
+end
+config firewall interface-policy
+end
+config firewall interface-policy6
+end
+config firewall DoS-policy
+end
+config firewall DoS-policy6
+end
+config firewall sniffer
+end
+config firewall acl
+end
+config firewall acl6
+end
+config firewall central-snat-map
+end
+config firewall ip-translation
+end
+config authentication scheme
+end
+config authentication rule
+end
+config authentication setting
+    set active-auth-scheme ''
+    set sso-auth-scheme ''
+    set captive-portal-type fqdn
+    set captive-portal ''
+    set captive-portal6 ''
+    set cert-auth disable
+    set captive-portal-port 7830
+    set auth-https enable
+    set captive-portal-ssl-port 7831
+end
+config system speed-test-schedule
+end
+config switch-controller switch-interface-tag
+end
+config switch-controller 802-1X-settings
+    set link-down-auth set-unauth
+    set reauth-period 60
+    set max-reauth-attempt 3
+    set tx-period 30
+end
+config switch-controller security-policy 802-1X
+    edit "802-1X-policy-default"
+        set security-mode 802.1X
+        set user-group "SSO_Guest_Users"
+        set mac-auth-bypass disable
+        set open-auth disable
+        set eap-passthru enable
+        set eap-auto-untagged-vlans enable
+        set guest-vlan disable
+        set guest-auth-delay 30
+        set auth-fail-vlan disable
+        set framevid-apply enable
+        set radius-timeout-overwrite disable
+        set policy-type 802.1X
+        set authserver-timeout-vlan disable
+    next
+end
+config switch-controller security-policy local-access
+    edit "default"
+        set mgmt-allowaccess https ping ssh
+        set internal-allowaccess https ping ssh
+    next
+end
+config switch-controller location
+end
+config switch-controller lldp-settings
+    set tx-hold 4
+    set tx-interval 30
+    set fast-start-interval 2
+    set management-interface internal
+    set device-detection enable
+end
+config switch-controller lldp-profile
+    edit "default"
+        set med-tlvs inventory-management network-policy location-identification
+        unset 802.1-tlvs
+        unset 802.3-tlvs
+        set auto-isl disable
+        config med-network-policy
+            edit "voice"
+                set status disable
+            next
+            edit "voice-signaling"
+                set status disable
+            next
+            edit "guest-voice"
+                set status disable
+            next
+            edit "guest-voice-signaling"
+                set status disable
+            next
+            edit "softphone-voice"
+                set status disable
+            next
+            edit "video-conferencing"
+                set status disable
+            next
+            edit "streaming-video"
+                set status disable
+            next
+            edit "video-signaling"
+                set status disable
+            next
+        end
+        config med-location-service
+            edit "coordinates"
+                set status disable
+            next
+            edit "address-civic"
+                set status disable
+            next
+            edit "elin-number"
+                set status disable
+            next
+        end
+    next
+    edit "default-auto-isl"
+        unset med-tlvs
+        unset 802.1-tlvs
+        unset 802.3-tlvs
+        set auto-isl enable
+        set auto-isl-hello-timer 3
+        set auto-isl-receive-timeout 60
+        set auto-isl-port-group 0
+        set auto-mclag-icl disable
+    next
+    edit "default-auto-mclag-icl"
+        unset med-tlvs
+        unset 802.1-tlvs
+        unset 802.3-tlvs
+        set auto-isl enable
+        set auto-isl-hello-timer 3
+        set auto-isl-receive-timeout 60
+        set auto-isl-port-group 0
+        set auto-mclag-icl enable
+    next
+end
+config switch-controller qos dot1p-map
+    edit "voice-dot1p"
+        set description ''
+        set egress-pri-tagging disable
+        set priority-0 queue-4
+        set priority-1 queue-4
+        set priority-2 queue-3
+        set priority-3 queue-2
+        set priority-4 queue-3
+        set priority-5 queue-1
+        set priority-6 queue-2
+        set priority-7 queue-2
+    next
+end
+config switch-controller qos ip-dscp-map
+    edit "voice-dscp"
+        set description ''
+        config map
+            edit "1"
+                set cos-queue 1
+                set value 46
+            next
+            edit "2"
+                set cos-queue 2
+                set value 24,26,48,56
+            next
+            edit "5"
+                set cos-queue 3
+                set value 34
+            next
+        end
+    next
+end
+config switch-controller qos queue-policy
+    edit "default"
+        set schedule round-robin
+        set rate-by kbps
+        config cos-queue
+            edit "queue-0"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-1"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-2"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-3"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-4"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-5"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-6"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-7"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+        end
+    next
+    edit "voice-egress"
+        set schedule weighted
+        set rate-by kbps
+        config cos-queue
+            edit "queue-0"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-1"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 0
+            next
+            edit "queue-2"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 6
+            next
+            edit "queue-3"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 37
+            next
+            edit "queue-4"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 12
+            next
+            edit "queue-5"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-6"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-7"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+        end
+    next
+end
+config switch-controller qos qos-policy
+    edit "default"
+        set default-cos 0
+        set trust-dot1p-map ''
+        set trust-ip-dscp-map ''
+        set queue-policy "default"
+    next
+    edit "voice-qos"
+        set default-cos 0
+        set trust-dot1p-map "voice-dot1p"
+        set trust-ip-dscp-map "voice-dscp"
+        set queue-policy "voice-egress"
+    next
+end
+config switch-controller storm-control-policy
+    edit "default"
+        set description "default storm control on all port"
+        set storm-control-mode global
+    next
+    edit "auto-config"
+        set description "storm control policy for fortilink-isl-icl port"
+        set storm-control-mode disabled
+    next
+end
+config switch-controller auto-config policy
+    edit "default"
+        set qos-policy "default"
+        set storm-control-policy "auto-config"
+        set poe-status enable
+        set igmp-flood-report disable
+        set igmp-flood-traffic disable
+    next
+    edit "default-icl"
+        set qos-policy "default"
+        set storm-control-policy "auto-config"
+        set poe-status disable
+        set igmp-flood-report enable
+        set igmp-flood-traffic enable
+    next
+end
+config switch-controller auto-config default
+    set fgt-policy "default"
+    set isl-policy "default"
+    set icl-policy "default-icl"
+end
+config switch-controller auto-config custom
+end
+config switch-controller initial-config template
+    edit "_default"
+        set vlanid 1
+        unset allowaccess
+        set dhcp-server disable
+    next
+    edit "quarantine"
+        set vlanid 4093
+        unset allowaccess
+        set auto-ip enable
+        set dhcp-server enable
+    next
+    edit "rspan"
+        set vlanid 4092
+        unset allowaccess
+        set auto-ip enable
+        set dhcp-server enable
+    next
+    edit "voice"
+        set vlanid 4091
+        unset allowaccess
+        set dhcp-server disable
+    next
+    edit "video"
+        set vlanid 4090
+        unset allowaccess
+        set dhcp-server disable
+    next
+    edit "onboarding"
+        set vlanid 4089
+        unset allowaccess
+        set dhcp-server disable
+    next
+    edit "nac_segment"
+        set vlanid 4088
+        unset allowaccess
+        set auto-ip enable
+        set dhcp-server enable
+    next
+end
+config switch-controller initial-config vlans
+    set default-vlan "_default"
+    set quarantine "quarantine"
+    set rspan "rspan"
+    set voice "voice"
+    set video "video"
+    set nac "onboarding"
+    set nac-segment "nac_segment"
+end
+config switch-controller switch-profile
+    edit "default"
+        set login-passwd-override disable
+    next
+end
+config switch-controller custom-command
+end
+config switch-controller virtual-port-pool
+end
+config switch-controller ptp settings
+    set mode disable
+end
+config switch-controller ptp policy
+    edit "default"
+        set status enable
+    next
+end
+config switch-controller vlan-policy
+end
+config switch-controller dynamic-port-policy
+end
+config switch-controller managed-switch
+end
+config switch-controller switch-group
+end
+config switch-controller stp-settings
+    set name ''
+    set revision 0
+    set hello-time 2
+    set forward-time 15
+    set max-age 20
+    set max-hops 20
+end
+config switch-controller stp-instance
+end
+config switch-controller storm-control
+    set rate 500
+    set unknown-unicast disable
+    set unknown-multicast disable
+    set broadcast disable
+end
+config switch-controller global
+    set mac-aging-interval 300
+    set https-image-push enable
+    set vlan-optimization enable
+    set mac-retention-period 24
+    set default-virtual-switch-vlan ''
+    set dhcp-server-access-list disable
+    set log-mac-limit-violations disable
+    set sn-dns-resolution enable
+    set mac-event-logging disable
+    set bounce-quarantined-link disable
+    set quarantine-mode by-vlan
+    set update-user-device mac-cache lldp dhcp-snooping l2-db l3-db
+    set fips-enforce enable
+    set firmware-provision-on-authorization disable
+end
+config switch-controller switch-log
+    set status enable
+    set severity notification
+end
+config switch-controller igmp-snooping
+    set aging-time 300
+    set flood-unknown-multicast disable
+    set query-interval 125
+end
+config switch-controller sflow
+    set collector-ip 0.0.0.0
+    set collector-port 6343
+end
+config switch-controller network-monitor-settings
+    set network-monitoring disable
+end
+config switch-controller flow-tracking
+    set sample-mode perimeter
+    set sample-rate 512
+    set format netflow9
+    set collector-ip 0.0.0.0
+    set collector-port 0
+    set transport udp
+    set level ip
+    set max-export-pkt-size 512
+    set timeout-general 3600
+    set timeout-icmp 300
+    set timeout-max 604800
+    set timeout-tcp 3600
+    set timeout-tcp-fin 300
+    set timeout-tcp-rst 120
+    set timeout-udp 300
+end
+config switch-controller snmp-sysinfo
+    set status disable
+    set engine-id ''
+    set description ''
+    set contact-info ''
+    set location ''
+end
+config switch-controller snmp-trap-threshold
+    set trap-high-cpu-threshold 80
+    set trap-low-memory-threshold 80
+    set trap-log-full-threshold 90
+end
+config switch-controller snmp-community
+end
+config switch-controller snmp-user
+end
+config switch-controller traffic-sniffer
+    set mode erspan-auto
+    set erspan-ip 0.0.0.0
+end
+config switch-controller remote-log
+    edit "syslogd"
+        set status disable
+    next
+    edit "syslogd2"
+        set status disable
+    next
+end
+config switch-controller mac-policy
+end
+config wireless-controller setting
+    set account-id ''
+    set country US
+    set duplicate-ssid disable
+    set fapc-compatibility disable
+    set wfa-compatibility disable
+    set phishing-ssid-detect enable
+    set fake-ssid-action log
+    set device-weight 1
+    set device-holdoff 5
+    set device-idle 1440
+    set firmware-provision-on-authorization disable
+    set darrp-optimize 86400
+    set darrp-optimize-schedules "default-darrp-optimize"
+end
+config wireless-controller log
+    set status enable
+    set addrgrp-log notification
+    set ble-log notification
+    set clb-log notification
+    set dhcp-starv-log notification
+    set led-sched-log notification
+    set radio-event-log notification
+    set rogue-event-log notification
+    set sta-event-log notification
+    set sta-locate-log notification
+    set wids-log notification
+    set wtp-event-log notification
+end
+config wireless-controller apcfg-profile
+end
+config wireless-controller bonjour-profile
+end
+config wireless-controller arrp-profile
+    edit "arrp-default"
+        set comment ''
+        set selection-period 3600
+        set monitor-period 300
+        set weight-managed-ap 50
+        set weight-rogue-ap 10
+        set weight-noise-floor 40
+        set weight-channel-load 20
+        set weight-spectral-rssi 40
+        set weight-weather-channel 1000
+        set weight-dfs-channel 500
+        set threshold-ap 250
+        set threshold-noise-floor "-85"
+        set threshold-channel-load 60
+        set threshold-spectral-rssi "-65"
+        set threshold-tx-retries 300
+        set threshold-rx-errors 50
+        set include-weather-channel disable
+        set include-dfs-channel disable
+        set override-darrp-optimize disable
+    next
+end
+config wireless-controller region
+end
+config wireless-controller vap-group
+end
+config wireless-controller wids-profile
+    edit "default"
+        set comment "Default WIDS profile."
+        set sensor-mode disable
+        set ap-scan enable
+        set ap-bgscan-period 600
+        set ap-bgscan-intv 1
+        set ap-bgscan-duration 20
+        set ap-bgscan-idle 0
+        set ap-bgscan-report-intv 30
+        set ap-fgscan-report-intv 15
+        set ap-scan-passive disable
+        set ap-scan-threshold "-90"
+        set wireless-bridge enable
+        set deauth-broadcast enable
+        set null-ssid-probe-resp enable
+        set long-duration-attack enable
+        set long-duration-thresh 8200
+        set invalid-mac-oui enable
+        set weak-wep-iv enable
+        set auth-frame-flood enable
+        set auth-flood-time 10
+        set auth-flood-thresh 30
+        set assoc-frame-flood enable
+        set assoc-flood-time 10
+        set assoc-flood-thresh 30
+        set spoofed-deauth enable
+        set asleap-attack enable
+        set eapol-start-flood enable
+        set eapol-start-thresh 10
+        set eapol-start-intv 1
+        set eapol-logoff-flood enable
+        set eapol-logoff-thresh 10
+        set eapol-logoff-intv 1
+        set eapol-succ-flood enable
+        set eapol-succ-thresh 10
+        set eapol-succ-intv 1
+        set eapol-fail-flood enable
+        set eapol-fail-thresh 10
+        set eapol-fail-intv 1
+        set eapol-pre-succ-flood enable
+        set eapol-pre-succ-thresh 10
+        set eapol-pre-succ-intv 1
+        set eapol-pre-fail-flood enable
+        set eapol-pre-fail-thresh 10
+        set eapol-pre-fail-intv 1
+        set deauth-unknown-src-thresh 10
+    next
+    edit "default-wids-apscan-enabled"
+        set comment ''
+        set sensor-mode disable
+        set ap-scan enable
+        set ap-bgscan-period 600
+        set ap-bgscan-intv 1
+        set ap-bgscan-duration 20
+        set ap-bgscan-idle 0
+        set ap-bgscan-report-intv 30
+        set ap-fgscan-report-intv 15
+        set ap-scan-passive disable
+        set ap-scan-threshold "-90"
+        set wireless-bridge disable
+        set deauth-broadcast disable
+        set null-ssid-probe-resp disable
+        set long-duration-attack disable
+        set long-duration-thresh 8200
+        set invalid-mac-oui disable
+        set weak-wep-iv disable
+        set auth-frame-flood disable
+        set assoc-frame-flood disable
+        set spoofed-deauth disable
+        set asleap-attack disable
+        set eapol-start-flood disable
+        set eapol-logoff-flood disable
+        set eapol-succ-flood disable
+        set eapol-fail-flood disable
+        set eapol-pre-succ-flood disable
+        set eapol-pre-fail-flood disable
+        set deauth-unknown-src-thresh 10
+    next
+end
+config wireless-controller ble-profile
+    edit "fortiap-discovery"
+        set comment ''
+        set advertising ibeacon eddystone-uid eddystone-url
+        set ibeacon-uuid "wtp-uuid"
+        set major-id 1000
+        set minor-id 2000
+        set eddystone-namespace "0102030405"
+        set eddystone-instance "abcdef"
+        set eddystone-url "http://www.fortinet.com"
+        set txpower 0
+        set beacon-interval 100
+        set ble-scanning disable
+    next
+end
+config wireless-controller syslog-profile
+end
+config wireless-controller wtp-profile
+end
+config wireless-controller wtp
+end
+config wireless-controller wtp-group
+end
+config wireless-controller qos-profile
+end
+config wireless-controller wag-profile
+end
+config wireless-controller address
+end
+config wireless-controller addrgrp
+end
+config wireless-controller snmp
+    set engine-id ''
+    set contact-info ''
+    set trap-high-cpu-threshold 80
+    set trap-high-mem-threshold 80
+end
+config wireless-controller mpsk-profile
+end
+config wireless-controller nac-profile
+end
+config wireless-controller ssid-policy
+end
+config wireless-controller access-control-list
+end
+config wireless-controller ap-status
+end
+config user nac-policy
+end
+config extender-controller dataplan
+end
+config extender-controller extender-profile
+end
+config extender-controller extender
+end
+config system ips
+    set signature-hold-time 0h
+end
+config ips custom
+end
+config ips settings
+    set packet-log-history 1
+    set packet-log-post-attack 0
+    set ips-packet-quota 0
+end
+config alertemail setting
+    set username ''
+    set mailto1 ''
+    set mailto2 ''
+    set mailto3 ''
+    set filter-mode category
+    set email-interval 5
+    set IPS-logs disable
+    set firewall-authentication-failure-logs disable
+    set IPsec-errors-logs disable
+    set PPP-errors-logs disable
+    set sslvpn-authentication-errors-logs disable
+    set antivirus-logs disable
+    set webfilter-logs disable
+    set configuration-changes-logs disable
+    set violation-traffic-logs disable
+    set admin-login-logs disable
+    set log-disk-usage-warning disable
+    set FSSO-disconnect-logs disable
+    set ssh-logs disable
+    set local-disk-usage 75
+end
+config router access-list
+end
+config router access-list6
+end
+config router aspath-list
+end
+config router prefix-list
+end
+config router prefix-list6
+end
+config router key-chain
+end
+config router community-list
+end
+config router route-map
+end
+config router rip
+    set default-information-originate disable
+    set default-metric 1
+    set max-out-metric 0
+    config redistribute "connected"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "static"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "ospf"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "bgp"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "isis"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    set update-timer 30
+    set timeout-timer 180
+    set garbage-timer 120
+    set version 2
+end
+config router ripng
+    set default-information-originate disable
+    set default-metric 1
+    set max-out-metric 0
+    config redistribute "connected"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "static"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "ospf"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "bgp"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "isis"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    set update-timer 30
+    set timeout-timer 180
+    set garbage-timer 120
+end
+config router static
+end
+config router policy
+end
+config router policy6
+end
+config router static6
+end
+config router ospf
+    set abr-type standard
+    set auto-cost-ref-bandwidth 1000
+    set distance-external 110
+    set distance-inter-area 110
+    set distance-intra-area 110
+    set database-overflow disable
+    set database-overflow-max-lsas 10000
+    set database-overflow-time-to-recover 300
+    set default-information-originate disable
+    set default-information-metric 10
+    set default-information-metric-type 2
+    set default-information-route-map ''
+    set default-metric 10
+    set distance 110
+    set rfc1583-compatible disable
+    set router-id 0.0.0.0
+    set spf-timers 5 10
+    set bfd disable
+    set log-neighbour-changes enable
+    set distribute-list-in ''
+    set distribute-route-map-in ''
+    set restart-mode none
+    set restart-period 120
+    config redistribute "connected"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+        set tag 0
+    end
+    config redistribute "static"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+        set tag 0
+    end
+    config redistribute "rip"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+        set tag 0
+    end
+    config redistribute "bgp"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+        set tag 0
+    end
+    config redistribute "isis"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+        set tag 0
+    end
+end
+config router ospf6
+    set abr-type standard
+    set auto-cost-ref-bandwidth 1000
+    set default-information-originate disable
+    set log-neighbour-changes enable
+    set default-information-metric 10
+    set default-information-metric-type 2
+    set default-information-route-map ''
+    set default-metric 10
+    set router-id 0.0.0.0
+    set spf-timers 5 10
+    set bfd disable
+    config redistribute "connected"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+    end
+    config redistribute "static"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+    end
+    config redistribute "rip"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+    end
+    config redistribute "bgp"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+    end
+    config redistribute "isis"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+    end
+end
+config router bgp
+    set as 0
+    set keepalive-timer 60
+    set holdtime-timer 180
+    set always-compare-med disable
+    set bestpath-as-path-ignore disable
+    set bestpath-cmp-confed-aspath disable
+    set bestpath-cmp-routerid disable
+    set bestpath-med-confed disable
+    set bestpath-med-missing-as-worst disable
+    set client-to-client-reflection enable
+    set dampening disable
+    set deterministic-med disable
+    set ebgp-multipath disable
+    set ibgp-multipath disable
+    set enforce-first-as enable
+    set fast-external-failover enable
+    set log-neighbour-changes enable
+    set network-import-check enable
+    set ignore-optional-capability enable
+    set multipath-recursive-distance disable
+    set recursive-next-hop disable
+    set tag-resolve-mode disable
+    set cluster-id 0.0.0.0
+    set confederation-identifier 0
+    set default-local-preference 100
+    set scan-time 60
+    set distance-external 20
+    set distance-internal 200
+    set distance-local 200
+    set synchronization disable
+    set graceful-restart disable
+    config redistribute "connected"
+        set status disable
+        set route-map ''
+    end
+    config redistribute "rip"
+        set status disable
+        set route-map ''
+    end
+    config redistribute "ospf"
+        set status disable
+        set route-map ''
+    end
+    config redistribute "static"
+        set status disable
+        set route-map ''
+    end
+    config redistribute "isis"
+        set status disable
+        set route-map ''
+    end
+    config redistribute6 "connected"
+        set status disable
+        set route-map ''
+    end
+    config redistribute6 "rip"
+        set status disable
+        set route-map ''
+    end
+    config redistribute6 "ospf"
+        set status disable
+        set route-map ''
+    end
+    config redistribute6 "static"
+        set status disable
+        set route-map ''
+    end
+    config redistribute6 "isis"
+        set status disable
+        set route-map ''
+    end
+end
+config router isis
+    set is-type level-1-2
+    set adv-passive-only disable
+    set adv-passive-only6 disable
+    set auth-mode-l1 password
+    set auth-mode-l2 password
+    set auth-password-l1 ENC eqHMYwqckwj/BQGlO5zp4pY0jwxzZMKQX/rHXGTTHqGLJCF3hoMXt4R6ucN5KozQXiy2EojpRMPdgwx/XnZlDdEhdRJkNuifLJ7tU0JADzCxu4qksiyfJ388OcaEjzpizQRazb96pzduI2l5ZUFfk5DXuByOotF6JSDyxC/7QBI07c3wGyx+Ra6Iqfr91hrlWh9EHg==
+    set auth-password-l2 ENC 1nVyEAqB1aOuXnSVamA2Xw746XzB7I8eqXfPnxfcNhQkFOOkV8I1iuSZv1lLdXb0sE/3GUhfIDkm6TbzSh2d8BD+Cnt9mzBeB/HMOuKeBO5Ygizko+EZu2fTt9xlHEDt8otKPwWhtw46BuSllXbu6kWt226x/qzg9apjC8/HQbYhW2Cyzo7VDhUVB7eUYivQkIleBQ==
+    set auth-sendonly-l1 disable
+    set auth-sendonly-l2 disable
+    set ignore-lsp-errors disable
+    set lsp-gen-interval-l1 30
+    set lsp-gen-interval-l2 30
+    set lsp-refresh-interval 900
+    set max-lsp-lifetime 1200
+    set spf-interval-exp-l1 500 50000
+    set spf-interval-exp-l2 500 50000
+    set dynamic-hostname disable
+    set adjacency-check disable
+    set adjacency-check6 disable
+    set overload-bit disable
+    unset overload-bit-suppress
+    set overload-bit-on-startup 0
+    set default-originate disable
+    set default-originate6 disable
+    set metric-style narrow
+    set redistribute-l1 disable
+    set redistribute-l2 disable
+    set redistribute6-l1 disable
+    set redistribute6-l2 disable
+    config redistribute "connected"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute "rip"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute "ospf"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute "bgp"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute "static"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute6 "connected"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute6 "rip"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute6 "ospf"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute6 "bgp"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute6 "static"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+end
+config router multicast-flow
+end
+config router multicast
+    set route-limit 2147483647
+    set multicast-routing disable
+    config pim-sm-global
+        set message-interval 60
+        set join-prune-holdtime 210
+        set accept-register-list ''
+        set accept-source-list ''
+        set bsr-candidate disable
+        set bsr-allow-quick-refresh disable
+        set cisco-register-checksum disable
+        set cisco-crp-prefix disable
+        set cisco-ignore-rp-set-priority disable
+        set register-rp-reachability enable
+        set register-source disable
+        set register-supression 60
+        set null-register-retries 1
+        set rp-register-keepalive 185
+        set spt-threshold enable
+        set ssm disable
+        set register-rate-limit 0
+        set spt-threshold-group ''
+    end
+end
+config router multicast6
+    set multicast-routing disable
+    config pim-sm-global
+    end
+end
+config router auth-path
+end
+config router setting
+    set show-filter ''
+    set hostname ''
+end
+config router bfd
+end
+config router bfd6
+end
+config system proxy-arp
+end
+config system link-monitor
+end
+config system wccp
+end
+config system dns64
+    set status disable
+    set dns64-prefix 64:ff9b::/96
+    set always-synthesize-aaaa-record enable
+end
+config system nd-proxy
+    set status disable
+end
+config system vne-tunnel
+    set status disable
+end
+end
+
+config vdom
+edit TEST
+config wireless-controller hotspot20 anqp-venue-name
+end
+config wireless-controller hotspot20 anqp-venue-url
+end
+config wireless-controller hotspot20 anqp-network-auth-type
+end
+config wireless-controller hotspot20 anqp-roaming-consortium
+end
+config wireless-controller hotspot20 anqp-nai-realm
+end
+config wireless-controller hotspot20 anqp-3gpp-cellular
+end
+config wireless-controller hotspot20 anqp-ip-address-type
+end
+config wireless-controller hotspot20 h2qp-operator-name
+end
+config wireless-controller hotspot20 h2qp-wan-metric
+end
+config wireless-controller hotspot20 h2qp-conn-capability
+end
+config wireless-controller hotspot20 icon
+end
+config wireless-controller hotspot20 h2qp-osu-provider
+end
+config wireless-controller hotspot20 qos-map
+end
+config wireless-controller hotspot20 h2qp-advice-of-charge
+end
+config wireless-controller hotspot20 h2qp-osu-provider-nai
+end
+config wireless-controller hotspot20 h2qp-terms-and-conditions
+end
+config wireless-controller hotspot20 hs-profile
+end
+config wireless-controller vap
+end
+config system object-tagging
+    edit "default"
+        set address optional
+        set device optional
+        set interface optional
+        set multiple enable
+        set color 0
+    next
+end
+config switch-controller traffic-policy
+    edit "quarantine"
+        set description "Rate control for quarantined traffic"
+        set policer-status enable
+        set guaranteed-bandwidth 163840
+        set guaranteed-burst 8192
+        set maximum-burst 163840
+        set cos-queue 0
+    next
+    edit "sniffer"
+        set description "Rate control for sniffer mirrored traffic"
+        set policer-status enable
+        set guaranteed-bandwidth 50000
+        set guaranteed-burst 8192
+        set maximum-burst 163840
+        set cos-queue 0
+    next
+end
+config switch-controller fortilink-settings
+end
+config system stp
+    set switch-priority 32768
+    set hello-time 2
+    set forward-delay 15
+    set max-age 20
+    set max-hops 20
+end
+config system settings
+    set comments ''
+    set opmode nat
+    set policy-offload-level disable
+    set ngfw-mode profile-based
+    set http-external-dest fortiweb
+    set firewall-session-dirty check-all
+    set bfd disable
+    set utf8-spam-tagging enable
+    set wccp-cache-engine disable
+    set vpn-stats-log ipsec pptp l2tp ssl
+    set vpn-stats-period 600
+    set v4-ecmp-mode source-ip-based
+    set fw-session-hairpin disable
+    set prp-trailer-action disable
+    set snat-hairpin-traffic enable
+    set dhcp-proxy disable
+    set central-nat disable
+    set lldp-reception global
+    set lldp-transmission global
+    set link-down-access enable
+    set nat46-generate-ipv6-fragment-header disable
+    set nat46-force-ipv4-packet-forwarding disable
+    set nat64-force-ipv6-packet-forwarding enable
+    set auxiliary-session disable
+    set asymroute disable
+    set asymroute-icmp disable
+    set tcp-session-without-syn disable
+    set ses-denied-traffic disable
+    set strict-src-check disable
+    set allow-linkdown-path disable
+    set asymroute6 disable
+    set asymroute6-icmp disable
+    set sctp-session-without-init disable
+    set sip-expectation disable
+    set sip-nat-trace enable
+    set h323-direct-model enable
+    set status enable
+    set sip-tcp-port 5060
+    set sip-udp-port 5060
+    set sip-ssl-port 5061
+    set sccp-port 2000
+    set multicast-forward enable
+    set multicast-ttl-notchange disable
+    set allow-subnet-overlap disable
+    set deny-tcp-with-icmp disable
+    set ecmp-max-paths 255
+    set discovered-device-timeout 28
+    set email-portal-check-dns enable
+    set default-voip-alg-mode proxy-based
+    set gui-icap disable
+    set gui-implicit-policy enable
+    set gui-dns-database disable
+    set gui-load-balance disable
+    set gui-multicast-policy disable
+    set gui-dos-policy enable
+    set gui-object-colors enable
+    set gui-voip-profile disable
+    set gui-ap-profile enable
+    set gui-security-profile-group disable
+    set gui-local-in-policy disable
+    set gui-wanopt-cache disable
+    set gui-explicit-proxy disable
+    set gui-dynamic-routing enable
+    set gui-sslvpn-personal-bookmarks disable
+    set gui-sslvpn-realms disable
+    set gui-policy-based-ipsec disable
+    set gui-threat-weight enable
+    set gui-spamfilter disable
+    set gui-file-filter disable
+    set gui-application-control enable
+    set gui-ips enable
+    set gui-endpoint-control enable
+    set gui-endpoint-control-advanced disable
+    set gui-dhcp-advanced enable
+    set gui-vpn enable
+    set gui-wireless-controller enable
+    set gui-switch-controller enable
+    set gui-fortiap-split-tunneling disable
+    set gui-webfilter-advanced disable
+    set gui-traffic-shaping enable
+    set gui-wan-load-balancing enable
+    set gui-antivirus enable
+    set gui-webfilter enable
+    set gui-videofilter enable
+    set gui-dnsfilter enable
+    set gui-waf-profile disable
+    set gui-advanced-policy enable
+    set gui-allow-unnamed-policy disable
+    set gui-email-collection disable
+    set gui-multiple-interface-policy disable
+    set gui-policy-disclaimer disable
+    set gui-ztna enable
+    set location-id 0.0.0.0
+    set ike-session-resume disable
+    set ike-quick-crash-detect disable
+    set ike-dn-format with-space
+    set ike-port 500
+    set ike-policy-route disable
+    set block-land-attack disable
+    set application-bandwidth-tracking disable
+end
+config system sit-tunnel
+end
+config system arp-table
+end
+config system ipv6-neighbor-cache
+end
+config system vdom-sflow
+    set vdom-sflow disable
+    set interface-select-method auto
+end
+config system vdom-netflow
+    set vdom-netflow disable
+    set interface-select-method auto
+end
+config system vdom-dns
+    set vdom-dns disable
+    set alt-primary 0.0.0.0
+    set alt-secondary 0.0.0.0
+end
+config system replacemsg-group
+    edit "default"
+        set comment "Default replacement message group."
+        set group-type default
+    next
+end
+config system session-ttl
+    set default 3600
+end
+config system dhcp server
+end
+config system dhcp6 server
+end
+config system zone
+    edit "Outside_Zone"
+        set description ''
+        set intrazone deny
+        set interface "port10"
+    next
+    edit "Inside_Zone"
+        set description ''
+        set intrazone deny
+        set interface "port9"
+    next
+end
+config firewall address
+    edit "none"
+        set uuid 80cf53a0-9fba-51ec-9be6-b74007eabe43
+        set type ipmask
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set subnet 0.0.0.0 255.255.255.255
+    next
+    edit "login.microsoftonline.com"
+        set uuid 80cf6016-9fba-51ec-be0c-028d48d0faf8
+        set type fqdn
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set fqdn "login.microsoftonline.com"
+        set cache-ttl 0
+    next
+    edit "login.microsoft.com"
+        set uuid 80cf6c32-9fba-51ec-c480-ffee0ab26f94
+        set type fqdn
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set fqdn "login.microsoft.com"
+        set cache-ttl 0
+    next
+    edit "login.windows.net"
+        set uuid 80cf7880-9fba-51ec-1117-fb27513a173a
+        set type fqdn
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set fqdn "login.windows.net"
+        set cache-ttl 0
+    next
+    edit "gmail.com"
+        set uuid 80cf8424-9fba-51ec-5659-65d02fd5bf5c
+        set type fqdn
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set fqdn "gmail.com"
+        set cache-ttl 0
+    next
+    edit "wildcard.google.com"
+        set uuid 80cf8fd2-9fba-51ec-7b0c-cc55cf764b96
+        set type fqdn
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set fqdn "*.google.com"
+        set cache-ttl 0
+    next
+    edit "wildcard.dropbox.com"
+        set uuid 80cf9b8a-9fba-51ec-0acd-a8852f2c1f4a
+        set type fqdn
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set fqdn "*.dropbox.com"
+        set cache-ttl 0
+    next
+    edit "SSLVPN_TUNNEL_ADDR1"
+        set uuid 80d94054-9fba-51ec-e630-3567fd1becb8
+        set type iprange
+        set comment ''
+        set color 0
+        set fabric-object disable
+        set start-ip 10.212.134.200
+        set end-ip 10.212.134.210
+    next
+    edit "all"
+        set uuid 80d998e2-9fba-51ec-6ae4-b09445ed7230
+        set type ipmask
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set subnet 0.0.0.0 0.0.0.0
+    next
+    edit "FIREWALL_AUTH_PORTAL_ADDRESS"
+        set uuid 80d99aea-9fba-51ec-6fe2-a17b98274b3e
+        set type ipmask
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set subnet 0.0.0.0 0.0.0.0
+    next
+    edit "FABRIC_DEVICE"
+        set uuid 80d99cb6-9fba-51ec-e62e-b841424fa8c0
+        set type ipmask
+        set comment "IPv4 addresses of Fabric Devices."
+        set associated-interface ''
+        set color 0
+        set fabric-object disable
+        set subnet 0.0.0.0 0.0.0.0
+    next
+    edit "FCTEMS_ALL_FORTICLOUD_SERVERS"
+        set uuid c0ae3c9c-9fbb-51ec-1447-18c5c1fef0f3
+        set type dynamic
+        set sub-type ems-tag
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set fabric-object disable
+        set obj-tag ''
+        set obj-type ip
+        set tag-detection-level ''
+        set tag-type ''
+    next
+    edit "10.0.0.0_8"
+        set uuid 2e3d8790-9fbc-51ec-8bca-5e95c580ea36
+        set type ipmask
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set subnet 10.0.0.0 255.0.0.0
+    next
+    edit "192.168.0.0_16"
+        set uuid 491395a0-9fbc-51ec-1275-3414c9a13da4
+        set type ipmask
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set subnet 192.168.0.0 255.255.0.0
+    next
+    edit "172.16.0.0_12"
+        set uuid 58888298-9fbc-51ec-cca9-312f8a493e61
+        set type ipmask
+        set comment ''
+        set associated-interface ''
+        set color 0
+        set allow-routing disable
+        set fabric-object disable
+        set subnet 172.16.0.0 255.240.0.0
+    next
+    edit "Russia"
+        set uuid 96cea918-9fbe-51ec-e0d6-53c4a1fba7cc
+        set type geography
+        set comment ''
+        set associated-interface ''
+        set color 6
+        set fabric-object disable
+        set country "RU"
+    next
+    edit "China"
+        set uuid 7c30cee6-9fbf-51ec-5d85-a2ce4f48568b
+        set type geography
+        set comment ''
+        set associated-interface ''
+        set color 6
+        set fabric-object disable
+        set country "CN"
+    next
+    edit "Belarus"
+        set uuid 8fbf28b8-9fbf-51ec-69ef-572fc83693f8
+        set type geography
+        set comment ''
+        set associated-interface ''
+        set color 6
+        set fabric-object disable
+        set country "BY"
+    next
+end
+config firewall multicast-address
+    edit "all_hosts"
+        set type multicastrange
+        set start-ip 224.0.0.1
+        set end-ip 224.0.0.1
+        set comment ''
+        set associated-interface ''
+        set color 0
+    next
+    edit "all_routers"
+        set type multicastrange
+        set start-ip 224.0.0.2
+        set end-ip 224.0.0.2
+        set comment ''
+        set associated-interface ''
+        set color 0
+    next
+    edit "Bonjour"
+        set type multicastrange
+        set start-ip 224.0.0.251
+        set end-ip 224.0.0.251
+        set comment ''
+        set associated-interface ''
+        set color 0
+    next
+    edit "EIGRP"
+        set type multicastrange
+        set start-ip 224.0.0.10
+        set end-ip 224.0.0.10
+        set comment ''
+        set associated-interface ''
+        set color 0
+    next
+    edit "OSPF"
+        set type multicastrange
+        set start-ip 224.0.0.5
+        set end-ip 224.0.0.6
+        set comment ''
+        set associated-interface ''
+        set color 0
+    next
+    edit "all"
+        set type multicastrange
+        set start-ip 224.0.0.0
+        set end-ip 239.255.255.255
+        set comment ''
+        set associated-interface ''
+        set color 0
+    next
+end
+config firewall address6-template
+end
+config firewall address6
+    edit "all"
+        set uuid 80cfe3c4-9fba-51ec-b885-7ad5ae0f228a
+        set type ipprefix
+        set ip6 ::/0
+        set color 0
+        set comment ''
+        set fabric-object disable
+    next
+    edit "none"
+        set uuid 80cfec3e-9fba-51ec-3afe-9da1db0408ee
+        set type ipprefix
+        set ip6 ::/128
+        set color 0
+        set comment ''
+        set fabric-object disable
+    next
+    edit "SSLVPN_TUNNEL_IPv6_ADDR1"
+        set uuid 80d9441e-9fba-51ec-fb53-0cb27c846ccb
+        set type ipprefix
+        set ip6 fdff:ffff::/120
+        set color 0
+        set comment ''
+        set fabric-object disable
+    next
+end
+config firewall multicast-address6
+    edit "all"
+        set ip6 ff00::/8
+        set comment ''
+        set color 0
+    next
+end
+config system ipv6-tunnel
+end
+config firewall addrgrp
+    edit "G Suite"
+        set type default
+        set category default
+        set uuid 80cfa97c-9fba-51ec-cb88-5fc589094707
+        set member "gmail.com" "wildcard.google.com"
+        set comment ''
+        set exclude disable
+        set color 0
+        set fabric-object disable
+    next
+    edit "Microsoft Office 365"
+        set type default
+        set category default
+        set uuid 80cfc24a-9fba-51ec-53bc-6a6c3d6964c6
+        set member "login.microsoftonline.com" "login.microsoft.com" "login.windows.net"
+        set comment ''
+        set exclude disable
+        set color 0
+        set fabric-object disable
+    next
+    edit "IPv4-Private-All-RFC1918"
+        set type default
+        set category default
+        set uuid 87bcd064-9fbc-51ec-c912-c07ba5dfb345
+        set member "10.0.0.0_8" "172.16.0.0_12" "192.168.0.0_16"
+        set comment ''
+        set exclude disable
+        set color 0
+        set fabric-object disable
+    next
+    edit "Geo_Block_Group"
+        set type default
+        set category default
+        set uuid a62837de-9fbf-51ec-3ddf-ee9c6f1e1784
+        set member "Belarus" "China" "Russia"
+        set comment ''
+        set exclude disable
+        set color 6
+        set fabric-object disable
+    next
+end
+config firewall addrgrp6
+end
+config firewall wildcard-fqdn custom
+    edit "g-Adobe Login"
+        set uuid b5c2c426-7e12-51ec-c8c7-42a0753234df
+        set wildcard-fqdn "*.adobelogin.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-Gotomeeting"
+        set uuid b5c2d1dc-7e12-51ec-0033-c7d538e5fdef
+        set wildcard-fqdn "*.gotomeeting.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-Windows update 2"
+        set uuid b5c2d93e-7e12-51ec-1050-7b6ae64065ac
+        set wildcard-fqdn "*.windowsupdate.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-adobe"
+        set uuid b5c2c30e-7e12-51ec-1da6-1db9bca6406e
+        set wildcard-fqdn "*.adobe.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-android"
+        set uuid b5c2c520-7e12-51ec-66f1-404afb0dad1a
+        set wildcard-fqdn "*.android.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-apple"
+        set uuid b5c2c61a-7e12-51ec-b2cc-2b03b1ad8ac0
+        set wildcard-fqdn "*.apple.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-appstore"
+        set uuid b5c2c714-7e12-51ec-072f-a8d60b6da6c9
+        set wildcard-fqdn "*.appstore.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-auth.gfx.ms"
+        set uuid b5c2c80e-7e12-51ec-3653-8016dcbc28a4
+        set wildcard-fqdn "*.auth.gfx.ms"
+        set color 0
+        set comment ''
+    next
+    edit "g-autoupdate.opera.com"
+        set uuid b5c2de52-7e12-51ec-9c10-927947a6ab3a
+        set wildcard-fqdn "*autoupdate.opera.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-cdn-apple"
+        set uuid 4fcf159e-7cda-51ed-d7ef-7d1c0f82091c
+        set wildcard-fqdn "*.cdn-apple.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-citrix"
+        set uuid b5c2c908-7e12-51ec-01b1-b38ce4989cbb
+        set wildcard-fqdn "*.citrixonline.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-dropbox.com"
+        set uuid b5c2ca02-7e12-51ec-43dc-489077effa44
+        set wildcard-fqdn "*.dropbox.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-eease"
+        set uuid b5c2cafc-7e12-51ec-0777-7e7243cc25fe
+        set wildcard-fqdn "*.eease.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-firefox update server"
+        set uuid b5c2cbf6-7e12-51ec-d213-27b68033a384
+        set wildcard-fqdn "aus*.mozilla.org"
+        set color 0
+        set comment ''
+    next
+    edit "g-fortinet"
+        set uuid b5c2ccf0-7e12-51ec-0b36-46ab64c1ba89
+        set wildcard-fqdn "*.fortinet.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-google-drive"
+        set uuid b5c2cee4-7e12-51ec-9ea0-220ca0ebde0f
+        set wildcard-fqdn "*drive.google.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-google-play"
+        set uuid b5c2db46-7e12-51ec-efc3-be1c278ba621
+        set wildcard-fqdn "*play.google.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-google-play2"
+        set uuid b5c2cfde-7e12-51ec-3f42-4089eb70f096
+        set wildcard-fqdn "*.ggpht.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-google-play3"
+        set uuid b5c2d0d8-7e12-51ec-b5df-6cd900ac767d
+        set wildcard-fqdn "*.books.google.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-googleapis.com"
+        set uuid b5c2cdea-7e12-51ec-c49f-497c9a8f0cc4
+        set wildcard-fqdn "*.googleapis.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-icloud"
+        set uuid b5c2d344-7e12-51ec-c8c1-97b23449d39e
+        set wildcard-fqdn "*.icloud.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-itunes"
+        set uuid b5c2d452-7e12-51ec-d0f4-1605cffaa5b0
+        set wildcard-fqdn "*itunes.apple.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-live.com"
+        set uuid b5c2da42-7e12-51ec-980b-fefb8446bc74
+        set wildcard-fqdn "*.live.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-microsoft"
+        set uuid b5c2d54c-7e12-51ec-66f6-895f67d8072d
+        set wildcard-fqdn "*.microsoft.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-mzstatic-apple"
+        set uuid 4fcf1652-7cda-51ed-df9f-4d198b596ae5
+        set wildcard-fqdn "*.mzstatic.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-skype"
+        set uuid b5c2d646-7e12-51ec-2218-dc4a982afb68
+        set wildcard-fqdn "*.messenger.live.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-softwareupdate.vmware.com"
+        set uuid b5c2d740-7e12-51ec-15f8-f8ef25f4ea30
+        set wildcard-fqdn "*.softwareupdate.vmware.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-swscan.apple.com"
+        set uuid b5c2dd44-7e12-51ec-5fa2-8d51ab678ea9
+        set wildcard-fqdn "*swscan.apple.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-update.microsoft.com"
+        set uuid b5c2dc40-7e12-51ec-7df9-3371c69c0ffb
+        set wildcard-fqdn "*update.microsoft.com"
+        set color 0
+        set comment ''
+    next
+    edit "g-verisign"
+        set uuid b5c2d83a-7e12-51ec-e82e-ffa878b96855
+        set wildcard-fqdn "*.verisign.com"
+        set color 0
+        set comment ''
+    next
+end
+config firewall wildcard-fqdn group
+end
+config firewall service category
+    edit "General"
+        set comment "General services."
+        set fabric-object disable
+    next
+    edit "Web Access"
+        set comment "Web access."
+        set fabric-object disable
+    next
+    edit "File Access"
+        set comment "File access."
+        set fabric-object disable
+    next
+    edit "Email"
+        set comment "Email services."
+        set fabric-object disable
+    next
+    edit "Network Services"
+        set comment "Network services."
+        set fabric-object disable
+    next
+    edit "Authentication"
+        set comment "Authentication service."
+        set fabric-object disable
+    next
+    edit "Remote Access"
+        set comment "Remote access."
+        set fabric-object disable
+    next
+    edit "Tunneling"
+        set comment "Tunneling service."
+        set fabric-object disable
+    next
+    edit "VoIP, Messaging & Other Applications"
+        set comment "VoIP, messaging, and other applications."
+        set fabric-object disable
+    next
+    edit "Web Proxy"
+        set comment "Explicit web proxy."
+        set fabric-object disable
+    next
+end
+config firewall service custom
+    edit "DNS"
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 53
+        set udp-portrange 53
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "HTTP"
+        set proxy disable
+        set category "Web Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 80
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "HTTPS"
+        set proxy disable
+        set category "Web Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 443
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "IMAP"
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 143
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "IMAPS"
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 993
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "LDAP"
+        set proxy disable
+        set category "Authentication"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 389
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "DCE-RPC"
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 135
+        set udp-portrange 135
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "POP3"
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 110
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "POP3S"
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 995
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SAMBA"
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 139
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SMTP"
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 25
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SMTPS"
+        set proxy disable
+        set category "Email"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 465
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "KERBEROS"
+        set proxy disable
+        set category "Authentication"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 88 464
+        set udp-portrange 88 464
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "LDAP_UDP"
+        set proxy disable
+        set category "Authentication"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 389
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SMB"
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 445
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "FTP"
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 21
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "FTP_GET"
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 21
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "FTP_PUT"
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 21
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "ALL"
+        set proxy disable
+        set category "General"
+        set protocol IP
+        set helper auto
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set protocol-number 0
+    next
+    edit "ALL_TCP"
+        set proxy disable
+        set category "General"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1-65535
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "ALL_UDP"
+        set proxy disable
+        set category "General"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 1-65535
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "ALL_ICMP"
+        set proxy disable
+        set category "General"
+        set protocol ICMP
+        set helper auto
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        unset icmptype
+    next
+    edit "ALL_ICMP6"
+        set proxy disable
+        set category "General"
+        set protocol ICMP6
+        set helper auto
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        unset icmptype
+    next
+    edit "GRE"
+        set proxy disable
+        set category "Tunneling"
+        set protocol IP
+        set helper auto
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set protocol-number 47
+    next
+    edit "AH"
+        set proxy disable
+        set category "Tunneling"
+        set protocol IP
+        set helper auto
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set protocol-number 51
+    next
+    edit "ESP"
+        set proxy disable
+        set category "Tunneling"
+        set protocol IP
+        set helper auto
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set protocol-number 50
+    next
+    edit "AOL"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 5190-5194
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "BGP"
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 179
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "DHCP"
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 67-68
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "FINGER"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 79
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "GOPHER"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 70
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "H323"
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1720 1503
+        set udp-portrange 1719
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "IKE"
+        set proxy disable
+        set category "Tunneling"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 500 4500
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "Internet-Locator-Service"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 389
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "IRC"
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 6660-6669
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "L2TP"
+        set proxy disable
+        set category "Tunneling"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1701
+        set udp-portrange 1701
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "NetMeeting"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1720
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "NFS"
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 111 2049
+        set udp-portrange 111 2049
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "NNTP"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 119
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "NTP"
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 123
+        set udp-portrange 123
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "OSPF"
+        set proxy disable
+        set category "Network Services"
+        set protocol IP
+        set helper auto
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set protocol-number 89
+    next
+    edit "PC-Anywhere"
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 5631
+        set udp-portrange 5632
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "PING"
+        set proxy disable
+        set category "Network Services"
+        set protocol ICMP
+        set helper auto
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set icmptype 8
+        unset icmpcode
+    next
+    edit "TIMESTAMP"
+        set proxy disable
+        set category ''
+        set protocol ICMP
+        set helper auto
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set icmptype 13
+        unset icmpcode
+    next
+    edit "INFO_REQUEST"
+        set proxy disable
+        set category ''
+        set protocol ICMP
+        set helper auto
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set icmptype 15
+        unset icmpcode
+    next
+    edit "INFO_ADDRESS"
+        set proxy disable
+        set category ''
+        set protocol ICMP
+        set helper auto
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set icmptype 17
+        unset icmpcode
+    next
+    edit "ONC-RPC"
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 111
+        set udp-portrange 111
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "PPTP"
+        set proxy disable
+        set category "Tunneling"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1723
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "QUAKE"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 26000 27000 27910 27960
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RAUDIO"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 7070
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "REXEC"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 512
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RIP"
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 520
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RLOGIN"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 513:512-1023
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RSH"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 514:512-1023
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SCCP"
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 2000
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SIP"
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 5060
+        set udp-portrange 5060
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SIP-MSNmessenger"
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1863
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SNMP"
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 161-162
+        set udp-portrange 161-162
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SSH"
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 22
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SYSLOG"
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 514
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "TALK"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 517-518
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "TELNET"
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 23
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "TFTP"
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 69
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "MGCP"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 2427 2727
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "UUCP"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 540
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "VDOLIVE"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 7000-7010
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "WAIS"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 210
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "WINFRAME"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1494 2598
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "X-WINDOWS"
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 6000-6063
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "PING6"
+        set proxy disable
+        set category ''
+        set protocol ICMP6
+        set helper auto
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set icmptype 128
+        unset icmpcode
+    next
+    edit "MS-SQL"
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1433 1434
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "MYSQL"
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 3306
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RDP"
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 3389
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "VNC"
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 5900
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "DHCP6"
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 546 547
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SQUID"
+        set proxy disable
+        set category "Tunneling"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 3128
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "SOCKS"
+        set proxy disable
+        set category "Tunneling"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1080
+        set udp-portrange 1080
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "WINS"
+        set proxy disable
+        set category "Remote Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1512
+        set udp-portrange 1512
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RADIUS"
+        set proxy disable
+        set category "Authentication"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 1812 1813
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RADIUS-OLD"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 1645 1646
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "CVSPSERVER"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 2401
+        set udp-portrange 2401
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "AFS3"
+        set proxy disable
+        set category "File Access"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 7000-7009
+        set udp-portrange 7000-7009
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "TRACEROUTE"
+        set proxy disable
+        set category "Network Services"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        unset tcp-portrange
+        set udp-portrange 33434-33535
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "RTSP"
+        set proxy disable
+        set category "VoIP, Messaging & Other Applications"
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility enable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 554 7070 8554
+        set udp-portrange 554
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "MMS"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 1755
+        set udp-portrange 1024-5000
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "NONE"
+        set proxy disable
+        set category ''
+        set protocol TCP/UDP/SCTP
+        set helper auto
+        set check-reset-range default
+        set comment ''
+        set color 0
+        set visibility disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 0
+        unset udp-portrange
+        unset sctp-portrange
+        set tcp-halfclose-timer 0
+        set tcp-halfopen-timer 0
+        set tcp-timewait-timer 0
+        set tcp-rst-timer 0
+        set udp-idle-timer 0
+        set session-ttl 0
+    next
+    edit "webproxy"
+        set proxy enable
+        set category "Web Proxy"
+        set protocol ALL
+        set helper auto
+        set comment ''
+        set color 0
+        set visibility enable
+        set app-service-type disable
+        set fabric-object disable
+        set iprange 0.0.0.0
+        set fqdn ''
+        set tcp-portrange 0-65535:0-65535
+    next
+end
+config firewall service group
+    edit "Email Access"
+        set proxy disable
+        set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
+        set comment ''
+        set color 0
+        set fabric-object disable
+    next
+    edit "Web Access"
+        set proxy disable
+        set member "DNS" "HTTP" "HTTPS"
+        set comment ''
+        set color 0
+        set fabric-object disable
+    next
+    edit "Windows AD"
+        set proxy disable
+        set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
+        set comment ''
+        set color 0
+        set fabric-object disable
+    next
+    edit "Exchange Server"
+        set proxy disable
+        set member "DCE-RPC" "DNS" "HTTPS"
+        set comment ''
+        set color 0
+        set fabric-object disable
+    next
+end
+config firewall internet-service-group
+end
+config firewall internet-service-extension
+end
+config firewall internet-service-custom
+end
+config firewall internet-service-custom-group
+end
+config system external-resource
+end
+config vpn certificate ca
+end
+config vpn certificate remote
+end
+config vpn certificate local
+    edit "Fortinet_CA_SSL"
+        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_CA_Untrusted"
+        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_RSA1024"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_RSA2048"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_RSA4096"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_DSA1024"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_DSA2048"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_ECDSA256"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_ECDSA384"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_ECDSA521"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_ED25519"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+    edit "Fortinet_SSL_ED448"
+        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
+        unset private-key
+        unset certificate
+        set range global
+        set source factory
+        set source-ip 0.0.0.0
+        set ike-localid-type asn1dn
+        set enroll-protocol none
+    next
+end
+config vpn certificate crl
+end
+config vpn certificate ocsp-server
+end
+config vpn certificate setting
+    set ocsp-status disable
+    set ocsp-option server
+    set ocsp-default-server ''
+    set interface-select-method auto
+    set check-ca-cert enable
+    set check-ca-chain disable
+    set subject-match substring
+    set subject-set subset
+    set cn-match substring
+    set cn-allow-multi enable
+    config crl-verification
+        set expiry ignore
+        set leaf-crl-absence ignore
+        set chain-crl-absence ignore
+    end
+    set strict-ocsp-check disable
+    set ssl-min-proto-version default
+    set cmp-save-extra-certs disable
+    set cmp-key-usage-checking enable
+    set certname-rsa1024 "Fortinet_SSL_RSA1024"
+    set certname-rsa2048 "Fortinet_SSL_RSA2048"
+    set certname-rsa4096 "Fortinet_SSL_RSA4096"
+    set certname-dsa1024 "Fortinet_SSL_DSA1024"
+    set certname-dsa2048 "Fortinet_SSL_DSA2048"
+    set certname-ecdsa256 "Fortinet_SSL_ECDSA256"
+    set certname-ecdsa384 "Fortinet_SSL_ECDSA384"
+    set certname-ecdsa521 "Fortinet_SSL_ECDSA521"
+    set certname-ed25519 "Fortinet_SSL_ED25519"
+    set certname-ed448 "Fortinet_SSL_ED448"
+end
+config webfilter ftgd-local-cat
+    edit "custom1"
+        set status enable
+        set id 140
+    next
+    edit "custom2"
+        set status enable
+        set id 141
+    next
+end
+config ips sensor
+    edit "g-default"
+        set comment "Prevent critical attacks."
+        set replacemsg-group ''
+        set block-malicious-url disable
+        set scan-botnet-connections disable
+        set extended-log disable
+        config entries
+            edit 1
+                set location all
+                set severity medium high critical 
+                set protocol all
+                set os all
+                set application all
+                set status default
+                set log enable
+                set log-packet disable
+                set log-attack-context disable
+                set action default
+                set quarantine none
+            next
+        end
+    next
+    edit "g-sniffer-profile"
+        set comment "Monitor IPS attacks."
+        set replacemsg-group ''
+        set block-malicious-url disable
+        set scan-botnet-connections disable
+        set extended-log disable
+        config entries
+            edit 1
+                set location all
+                set severity medium high critical 
+                set protocol all
+                set os all
+                set application all
+                set status default
+                set log enable
+                set log-packet disable
+                set log-attack-context disable
+                set action default
+                set quarantine none
+            next
+        end
+    next
+    edit "g-wifi-default"
+        set comment "Default configuration for offloading WiFi traffic."
+        set replacemsg-group ''
+        set block-malicious-url disable
+        set scan-botnet-connections disable
+        set extended-log disable
+        config entries
+            edit 1
+                set location all
+                set severity medium high critical 
+                set protocol all
+                set os all
+                set application all
+                set status default
+                set log enable
+                set log-packet disable
+                set log-attack-context disable
+                set action default
+                set quarantine none
+            next
+        end
+    next
+    edit "IPS_Test"
+        set comment ''
+        set replacemsg-group ''
+        set block-malicious-url enable
+        set scan-botnet-connections block
+        set extended-log disable
+        config entries
+            edit 1
+                set location all
+                set severity medium high critical 
+                set protocol all
+                set os all
+                set application all
+                set status default
+                set log enable
+                set log-packet disable
+                set log-attack-context disable
+                set action block
+                set quarantine none
+            next
+        end
+    next
+    edit "gdd-botnet C&C IP blocking"
+        set comment "This allows you to enable botnet blocking across all traffic that matches the policy by configuring one setting in the GUI"
+        set replacemsg-group ''
+        set block-malicious-url disable
+        set scan-botnet-connections disable
+        set extended-log disable
+    next
+end
+config sctp-filter profile
+end
+config firewall shaper traffic-shaper
+    edit "high-priority"
+        set guaranteed-bandwidth 0
+        set maximum-bandwidth 1048576
+        set bandwidth-unit kbps
+        set priority high
+        set per-policy enable
+        set diffserv disable
+        set overhead 0
+    next
+    edit "medium-priority"
+        set guaranteed-bandwidth 0
+        set maximum-bandwidth 1048576
+        set bandwidth-unit kbps
+        set priority medium
+        set per-policy enable
+        set diffserv disable
+        set overhead 0
+    next
+    edit "low-priority"
+        set guaranteed-bandwidth 0
+        set maximum-bandwidth 1048576
+        set bandwidth-unit kbps
+        set priority low
+        set per-policy enable
+        set diffserv disable
+        set overhead 0
+    next
+    edit "guarantee-100kbps"
+        set guaranteed-bandwidth 100
+        set maximum-bandwidth 1048576
+        set bandwidth-unit kbps
+        set priority high
+        set per-policy enable
+        set diffserv disable
+        set overhead 0
+    next
+    edit "shared-1M-pipe"
+        set guaranteed-bandwidth 0
+        set maximum-bandwidth 1024
+        set bandwidth-unit kbps
+        set priority high
+        set per-policy disable
+        set diffserv disable
+        set overhead 0
+    next
+end
+config firewall shaper per-ip-shaper
+end
+config firewall proxy-address
+end
+config firewall proxy-addrgrp
+end
+config web-proxy profile
+end
+config web-proxy global
+    set ssl-cert "Fortinet_Factory"
+    set ssl-ca-cert "Fortinet_CA_SSL"
+    set fast-policy-match enable
+    set ldap-user-cache disable
+    set proxy-fqdn "default.fqdn"
+    set max-request-length 8
+    set max-message-length 32
+    set strict-web-check disable
+    set forward-proxy-auth disable
+    set forward-server-affinity-timeout 30
+    set max-waf-body-cache-length 32
+    set webproxy-profile ''
+    set learn-client-ip disable
+end
+config web-proxy explicit
+    set status disable
+    set ipv6-status disable
+    set strict-guest disable
+    set https-replacement-message enable
+    set ssl-algorithm low
+end
+config web-proxy forward-server
+end
+config web-proxy forward-server-group
+end
+config web-proxy debug-url
+end
+config web-proxy wisp
+end
+config wanopt webcache
+    set max-object-size 512000
+    set neg-resp-time 0
+    set fresh-factor 100
+    set max-ttl 7200
+    set min-ttl 5
+    set default-ttl 1440
+    set ignore-ims disable
+    set ignore-conditional disable
+    set ignore-pnc disable
+    set ignore-ie-reload enable
+    set cache-expired disable
+    set cache-cookie disable
+    set reval-pnc disable
+    set always-revalidate disable
+    set cache-by-default disable
+    set host-validate disable
+    set external disable
+end
+config ftp-proxy explicit
+    set status disable
+    set ssl disable
+end
+config web-proxy url-match
+end
+config application custom
+end
+config application list
+    edit "g-default"
+        set comment "Monitor all applications."
+        set replacemsg-group ''
+        set extended-log disable
+        set other-application-action pass
+        set app-replacemsg enable
+        set other-application-log disable
+        set enforce-default-app-port disable
+        set force-inclusion-ssl-di-sigs disable
+        set unknown-application-action pass
+        set unknown-application-log disable
+        unset p2p-block-list
+        set deep-app-inspection enable
+        set options allow-dns
+        config entries
+            edit 1
+                set protocols all
+                set vendor all
+                set technology all
+                set behavior all
+                set popularity 1 2 3 4 5
+                set action pass
+                set log enable
+                set log-packet disable
+                set session-ttl 0
+                set shaper ''
+                set shaper-reverse ''
+                set per-ip-shaper ''
+                set quarantine none
+            next
+        end
+        set control-default-network-services disable
+    next
+    edit "g-sniffer-profile"
+        set comment "Monitor all applications."
+        set replacemsg-group ''
+        set extended-log disable
+        set other-application-action pass
+        set app-replacemsg enable
+        set other-application-log disable
+        set enforce-default-app-port disable
+        set force-inclusion-ssl-di-sigs disable
+        set unknown-application-action pass
+        set unknown-application-log disable
+        unset p2p-block-list
+        set deep-app-inspection enable
+        unset options
+        config entries
+            edit 1
+                set protocols all
+                set vendor all
+                set technology all
+                set behavior all
+                set popularity 1 2 3 4 5
+                set action pass
+                set log enable
+                set log-packet disable
+                set session-ttl 0
+                set shaper ''
+                set shaper-reverse ''
+                set per-ip-shaper ''
+                set quarantine none
+            next
+        end
+        set control-default-network-services disable
+    next
+    edit "g-wifi-default"
+        set comment "Default configuration for offloading WiFi traffic."
+        set replacemsg-group ''
+        set extended-log disable
+        set other-application-action pass
+        set app-replacemsg enable
+        set other-application-log disable
+        set enforce-default-app-port disable
+        set force-inclusion-ssl-di-sigs disable
+        set unknown-application-action pass
+        set unknown-application-log disable
+        unset p2p-block-list
+        set deep-app-inspection disable
+        set options allow-dns
+        config entries
+            edit 1
+                set protocols all
+                set vendor all
+                set technology all
+                set behavior all
+                set popularity 1 2 3 4 5
+                set action pass
+                set log disable
+                set log-packet disable
+                set session-ttl 0
+                set shaper ''
+                set shaper-reverse ''
+                set per-ip-shaper ''
+                set quarantine none
+            next
+        end
+        set control-default-network-services disable
+    next
+end
+config application group
+end
+config dlp filepattern
+    edit 1
+        set name "builtin-patterns"
+        set comment ''
+        config entries
+            edit "*.bat"
+                set filter-type pattern
+            next
+            edit "*.com"
+                set filter-type pattern
+            next
+            edit "*.dll"
+                set filter-type pattern
+            next
+            edit "*.doc"
+                set filter-type pattern
+            next
+            edit "*.exe"
+                set filter-type pattern
+            next
+            edit "*.gz"
+                set filter-type pattern
+            next
+            edit "*.hta"
+                set filter-type pattern
+            next
+            edit "*.ppt"
+                set filter-type pattern
+            next
+            edit "*.rar"
+                set filter-type pattern
+            next
+            edit "*.scr"
+                set filter-type pattern
+            next
+            edit "*.tar"
+                set filter-type pattern
+            next
+            edit "*.tgz"
+                set filter-type pattern
+            next
+            edit "*.vb?"
+                set filter-type pattern
+            next
+            edit "*.wps"
+                set filter-type pattern
+            next
+            edit "*.xl?"
+                set filter-type pattern
+            next
+            edit "*.zip"
+                set filter-type pattern
+            next
+            edit "*.pif"
+                set filter-type pattern
+            next
+            edit "*.cpl"
+                set filter-type pattern
+            next
+        end
+    next
+    edit 2
+        set name "all_executables"
+        set comment ''
+        config entries
+            edit "bat"
+                set filter-type type
+                set file-type bat
+            next
+            edit "exe"
+                set filter-type type
+                set file-type exe
+            next
+            edit "elf"
+                set filter-type type
+                set file-type elf
+            next
+            edit "hta"
+                set filter-type type
+                set file-type hta
+            next
+        end
+    next
+end
+config dlp sensitivity
+    edit "Private"
+    next
+    edit "Critical"
+    next
+    edit "Warning"
+    next
+end
+config dlp fp-doc-source
+end
+config dlp sensor
+    edit "g-default"
+        set comment "Default sensor."
+        set feature-set flow
+        set replacemsg-group ''
+        set dlp-log enable
+        set extended-log disable
+        set nac-quar-log disable
+        unset full-archive-proto
+        unset summary-proto
+    next
+    edit "g-sniffer-profile"
+        set comment "Log a summary of email and web traffic."
+        set feature-set flow
+        set replacemsg-group ''
+        set dlp-log enable
+        set extended-log disable
+        set nac-quar-log disable
+        unset full-archive-proto
+        set summary-proto smtp pop3 imap http-get http-post
+    next
+end
+config webfilter content
+end
+config webfilter content-header
+end
+config webfilter urlfilter
+end
+config videofilter youtube-key
+end
+config videofilter youtube-channel-filter
+end
+config videofilter profile
+end
+config webfilter ips-urlfilter-setting
+    set device ''
+    set distance 1
+    set gateway 0.0.0.0
+    set geo-filter ''
+end
+config webfilter ips-urlfilter-setting6
+    set device ''
+    set distance 1
+    set gateway6 ::
+    set geo-filter ''
+end
+config emailfilter bword
+end
+config emailfilter block-allow-list
+end
+config emailfilter mheader
+end
+config emailfilter dnsbl
+end
+config emailfilter iptrust
+end
+config log threat-weight
+    set status enable
+    config level
+        set low 5
+        set medium 10
+        set high 30
+        set critical 50
+    end
+    set blocked-connection high
+    set failed-connection low
+    set url-block-detected high
+    set botnet-connection-detected critical
+    config malware
+        set virus-infected critical
+        set fortindr critical
+        set file-blocked low
+        set command-blocked disable
+        set oversized disable
+        set virus-scan-error high
+        set switch-proto disable
+        set mimefragmented disable
+        set virus-file-type-executable medium
+        set virus-outbreak-prevention critical
+        set content-disarm medium
+        set malware-list medium
+        set ems-threat-feed medium
+        set fsa-malicious critical
+        set fsa-high-risk high
+        set fsa-medium-risk medium
+    end
+    config ips
+        set info-severity disable
+        set low-severity low
+        set medium-severity medium
+        set high-severity high
+        set critical-severity critical
+    end
+    config web
+        edit 1
+            set category 26
+            set level high
+        next
+        edit 2
+            set category 61
+            set level high
+        next
+        edit 3
+            set category 86
+            set level high
+        next
+        edit 4
+            set category 1
+            set level medium
+        next
+        edit 5
+            set category 3
+            set level medium
+        next
+        edit 6
+            set category 4
+            set level medium
+        next
+        edit 7
+            set category 5
+            set level medium
+        next
+        edit 8
+            set category 6
+            set level medium
+        next
+        edit 9
+            set category 12
+            set level medium
+        next
+        edit 10
+            set category 59
+            set level medium
+        next
+        edit 11
+            set category 62
+            set level medium
+        next
+        edit 12
+            set category 83
+            set level medium
+        next
+        edit 13
+            set category 72
+            set level low
+        next
+        edit 14
+            set category 14
+            set level low
+        next
+        edit 15
+            set category 96
+            set level medium
+        next
+    end
+    config application
+        edit 1
+            set category 2
+            set level low
+        next
+        edit 2
+            set category 6
+            set level medium
+        next
+    end
+end
+config icap server
+end
+config icap profile
+    edit "default"
+        set replacemsg-group ''
+        set request disable
+        set response disable
+        set streaming-content-bypass disable
+        set preview disable
+        set methods delete get head options post put trace other
+        set icap-block-log disable
+        set chunk-encap disable
+        unset extension-feature
+        config icap-headers
+            edit 1
+                set name "X-Authenticated-User"
+                set content "$user"
+                set base64-encoding disable
+            next
+            edit 2
+                set name "X-Authenticated-Groups"
+                set content "$local_grp"
+                set base64-encoding disable
+            next
+        end
+    next
+end
+config system network-visibility
+    set destination-visibility enable
+    set source-location enable
+    set destination-hostname-visibility enable
+    set hostname-ttl 86400
+    set hostname-limit 5000
+    set destination-location enable
+end
+config user certificate
+end
+config user radius
+end
+config user tacacs+
+end
+config user exchange
+end
+config user ldap
+end
+config user krb-keytab
+end
+config user domain-controller
+end
+config user pop3
+end
+config user saml
+end
+config user fsso
+end
+config user adgrp
+end
+config user fsso-polling
+end
+config user fortitoken
+end
+config user password-policy
+end
+config user local
+end
+config user setting
+    set auth-type http https ftp telnet
+    set auth-cert "Fortinet_Factory"
+    set auth-ca-cert ''
+    set auth-secure-http disable
+    set auth-http-basic disable
+    set auth-ssl-allow-renegotiation disable
+    set auth-src-mac enable
+    set auth-on-demand implicitly
+    set auth-timeout 5
+    set auth-timeout-type idle-timeout
+    set auth-portal-timeout 3
+    set radius-ses-timeout-act hard-timeout
+    set auth-blackout-time 0
+    set auth-invalid-max 5
+    set auth-lockout-threshold 3
+    set auth-lockout-duration 0
+    set per-policy-disclaimer disable
+    set auth-ssl-min-proto-version default
+    unset auth-ssl-max-proto-version
+    set auth-ssl-sigalgs all
+end
+config user peer
+end
+config user peergrp
+end
+config user quarantine
+    set quarantine enable
+    set traffic-policy ''
+    set firewall-groups ''
+end
+config user group
+    edit "SSO_Guest_Users"
+        set authtimeout 0
+        set http-digest-realm ''
+    next
+end
+config user security-exempt-list
+end
+config vpn ssl web realm
+end
+config vpn ssl web host-check-software
+    edit "FortiClient-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "1A0271D5-3D4F-46DB-0C2C-AB37BA90D9F7"
+    next
+    edit "FortiClient-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
+    next
+    edit "FortiClient-AV-Vista"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
+    next
+    edit "FortiClient-FW-Vista"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
+    next
+    edit "FortiClient5-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "5EEDDB8C-C27A-6714-3657-DBD811D1F1B7"
+    next
+    edit "AVG-Internet-Security-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
+    next
+    edit "AVG-Internet-Security-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "8DECF618-9569-4340-B34A-D78D28969B66"
+    next
+    edit "AVG-Internet-Security-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
+    next
+    edit "AVG-Internet-Security-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
+    next
+    edit "CA-Anti-Virus"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
+    next
+    edit "CA-Internet-Security-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
+    next
+    edit "CA-Internet-Security-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
+    next
+    edit "CA-Internet-Security-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
+    next
+    edit "CA-Internet-Security-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
+    next
+    edit "CA-Personal-Firewall"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
+    next
+    edit "F-Secure-Internet-Security-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
+    next
+    edit "F-Secure-Internet-Security-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "D4747503-0346-49EB-9262-997542F79BF4"
+    next
+    edit "F-Secure-Internet-Security-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "15414183-282E-D62C-CA37-EF24860A2F17"
+    next
+    edit "F-Secure-Internet-Security-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
+    next
+    edit "Kaspersky-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
+    next
+    edit "Kaspersky-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
+    next
+    edit "Kaspersky-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
+    next
+    edit "Kaspersky-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
+    next
+    edit "McAfee-Internet-Security-Suite-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
+    next
+    edit "McAfee-Internet-Security-Suite-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
+    next
+    edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
+    next
+    edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
+    next
+    edit "McAfee-Virus-Scan-Enterprise"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
+    next
+    edit "Norton-360-2.0-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
+    next
+    edit "Norton-360-2.0-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
+    next
+    edit "Norton-360-3.0-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "E10A9785-9598-4754-B552-92431C1C35F8"
+    next
+    edit "Norton-360-3.0-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
+    next
+    edit "Norton-Internet-Security-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "E10A9785-9598-4754-B552-92431C1C35F8"
+    next
+    edit "Norton-Internet-Security-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
+    next
+    edit "Norton-Internet-Security-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
+    next
+    edit "Norton-Internet-Security-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
+    next
+    edit "Symantec-Endpoint-Protection-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
+    next
+    edit "Symantec-Endpoint-Protection-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
+    next
+    edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
+    next
+    edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
+    next
+    edit "Panda-Antivirus+Firewall-2008-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
+    next
+    edit "Panda-Antivirus+Firewall-2008-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
+    next
+    edit "Panda-Internet-Security-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
+    next
+    edit "Panda-Internet-Security-2006~2007-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
+    next
+    edit "Panda-Internet-Security-2008~2009-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
+    next
+    edit "Sophos-Anti-Virus"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
+    next
+    edit "Sophos-Enpoint-Secuirty-and-Control-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
+    next
+    edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
+    next
+    edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
+    next
+    edit "Trend-Micro-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
+    next
+    edit "Trend-Micro-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
+    next
+    edit "Trend-Micro-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
+    next
+    edit "Trend-Micro-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
+    next
+    edit "ZoneAlarm-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
+    next
+    edit "ZoneAlarm-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
+    next
+    edit "ZoneAlarm-AV-Vista-Win7"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
+    next
+    edit "ZoneAlarm-FW-Vista-Win7"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
+    next
+    edit "ESET-Smart-Security-AV"
+        set os-type windows
+        set type av
+        set version ''
+        set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
+    next
+    edit "ESET-Smart-Security-FW"
+        set os-type windows
+        set type fw
+        set version ''
+        set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
+    next
+end
+config vpn ssl web portal
+    edit "full-access"
+        set tunnel-mode enable
+        set ipv6-tunnel-mode enable
+        set web-mode enable
+        set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
+        set limit-user-logins disable
+        set forticlient-download enable
+        set ip-mode range
+        set auto-connect disable
+        set keep-alive disable
+        set save-password disable
+        set ip-pools "SSLVPN_TUNNEL_ADDR1"
+        set split-tunneling enable
+        set split-tunneling-routing-negate disable
+        set dns-server1 0.0.0.0
+        set dns-server2 0.0.0.0
+        set dns-suffix ''
+        set wins-server1 0.0.0.0
+        set wins-server2 0.0.0.0
+        set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
+        set ipv6-split-tunneling enable
+        set ipv6-split-tunneling-routing-negate disable
+        set ipv6-dns-server1 ::
+        set ipv6-dns-server2 ::
+        set ipv6-wins-server1 ::
+        set ipv6-wins-server2 ::
+        set display-bookmark enable
+        set user-bookmark enable
+        set user-group-bookmark enable
+        set display-connection-tools enable
+        set display-history enable
+        set display-status enable
+        set rewrite-ip-uri-ui disable
+        set heading "SSL-VPN Portal"
+        set redir-url ''
+        set theme neutrino
+        set custom-lang ''
+        set smb-ntlmv1-auth disable
+        set smb-min-version smbv2
+        set smb-max-version smbv3
+        set use-sdwan disable
+        set clipboard enable
+        set default-window-width 1024
+        set default-window-height 768
+        set host-check none
+        set mac-addr-check disable
+        set os-check disable
+        set forticlient-download-method direct
+        set customize-forticlient-download-url disable
+        set hide-sso-credential enable
+    next
+    edit "web-access"
+        set tunnel-mode disable
+        set ipv6-tunnel-mode disable
+        set web-mode enable
+        set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
+        set limit-user-logins disable
+        set forticlient-download enable
+        set dns-suffix ''
+        set display-bookmark enable
+        set user-bookmark enable
+        set user-group-bookmark enable
+        set display-connection-tools enable
+        set display-history enable
+        set display-status enable
+        set rewrite-ip-uri-ui disable
+        set heading "SSL-VPN Portal"
+        set redir-url ''
+        set theme neutrino
+        set custom-lang ''
+        set smb-ntlmv1-auth disable
+        set smb-min-version smbv2
+        set smb-max-version smbv3
+        set use-sdwan disable
+        set clipboard enable
+        set default-window-width 1024
+        set default-window-height 768
+        set forticlient-download-method direct
+        set customize-forticlient-download-url disable
+        set hide-sso-credential enable
+    next
+    edit "tunnel-access"
+        set tunnel-mode enable
+        set ipv6-tunnel-mode enable
+        set web-mode disable
+        set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
+        set limit-user-logins disable
+        set forticlient-download enable
+        set ip-mode range
+        set auto-connect disable
+        set keep-alive disable
+        set save-password disable
+        set ip-pools "SSLVPN_TUNNEL_ADDR1"
+        set split-tunneling enable
+        set split-tunneling-routing-negate disable
+        set dns-server1 0.0.0.0
+        set dns-server2 0.0.0.0
+        set dns-suffix ''
+        set wins-server1 0.0.0.0
+        set wins-server2 0.0.0.0
+        set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
+        set ipv6-split-tunneling enable
+        set ipv6-split-tunneling-routing-negate disable
+        set ipv6-dns-server1 ::
+        set ipv6-dns-server2 ::
+        set ipv6-wins-server1 ::
+        set ipv6-wins-server2 ::
+        set host-check none
+        set mac-addr-check disable
+        set os-check disable
+        set forticlient-download-method direct
+        set customize-forticlient-download-url disable
+    next
+end
+config vpn ssl settings
+    set status enable
+    set reqclientcert disable
+    set ssl-max-proto-ver tls1-3
+    set ssl-min-proto-ver tls1-2
+    unset banned-cipher
+    set ciphersuite TLS-AES-128-GCM-SHA256 TLS-AES-256-GCM-SHA384 TLS-CHACHA20-POLY1305-SHA256
+    set ssl-insert-empty-fragment enable
+    set https-redirect disable
+    set x-content-type-options enable
+    set ssl-client-renegotiation disable
+    set force-two-factor-auth disable
+    set servercert "Fortinet_Factory"
+    set algorithm high
+    set idle-timeout 300
+    set auth-timeout 28800
+    set login-attempt-limit 2
+    set login-block-time 60
+    set login-timeout 30
+    set dtls-hello-timeout 10
+    set dns-suffix ''
+    set dns-server1 0.0.0.0
+    set dns-server2 0.0.0.0
+    set wins-server1 0.0.0.0
+    set wins-server2 0.0.0.0
+    set ipv6-dns-server1 ::
+    set ipv6-dns-server2 ::
+    set ipv6-wins-server1 ::
+    set ipv6-wins-server2 ::
+    set url-obscuration disable
+    set http-compression disable
+    set http-only-cookie enable
+    set port 443
+    set port-precedence enable
+    set auto-tunnel-static-route enable
+    set header-x-forwarded-for add
+    set dtls-tunnel enable
+    set check-referer disable
+    set http-request-header-timeout 20
+    set http-request-body-timeout 30
+    set auth-session-check-source-ip enable
+    set tunnel-connect-without-reauth disable
+    set hsts-include-subdomains disable
+    set transform-backward-slashes disable
+    set encode-2f-sequence disable
+    set encrypt-and-store-password disable
+    set client-sigalgs all
+    set dual-stack-mode disable
+    set tunnel-addr-assigned-method first-available
+    set saml-redirect-port 8020
+    set dtls-max-proto-ver dtls1-2
+    set dtls-min-proto-ver dtls1-0
+end
+config vpn ssl web user-group-bookmark
+end
+config vpn ssl web user-bookmark
+end
+config vpn ssl client
+end
+config voip profile
+    edit "default"
+        set feature-set proxy
+        set comment "Default VoIP profile."
+        config sip
+            set status enable
+            set rtp enable
+            set nat-port-range 5117-65533
+            set open-register-pinhole enable
+            set open-contact-pinhole enable
+            set strict-register enable
+            set register-rate 0
+            set invite-rate 0
+            set max-dialogs 0
+            set max-line-length 998
+            set block-long-lines enable
+            set block-unknown enable
+            set call-keepalive 0
+            set block-ack disable
+            set block-bye disable
+            set block-cancel disable
+            set block-info disable
+            set block-invite disable
+            set block-message disable
+            set block-notify disable
+            set block-options disable
+            set block-prack disable
+            set block-publish disable
+            set block-refer disable
+            set block-register disable
+            set block-subscribe disable
+            set block-update disable
+            set register-contact-trace disable
+            set open-via-pinhole disable
+            set open-record-route-pinhole enable
+            set rfc2543-branch disable
+            set log-violations disable
+            set log-call-summary enable
+            set nat-trace enable
+            set subscribe-rate 0
+            set message-rate 0
+            set notify-rate 0
+            set refer-rate 0
+            set update-rate 0
+            set options-rate 0
+            set ack-rate 0
+            set prack-rate 0
+            set info-rate 0
+            set publish-rate 0
+            set bye-rate 0
+            set cancel-rate 0
+            set preserve-override disable
+            set no-sdp-fixup disable
+            set contact-fixup enable
+            set max-idle-dialogs 0
+            set block-geo-red-options disable
+            set hosted-nat-traversal disable
+            set hnt-restrict-source-ip disable
+            set max-body-length 0
+            set unknown-header pass
+            set malformed-request-line pass
+            set malformed-header-via pass
+            set malformed-header-from pass
+            set malformed-header-to pass
+            set malformed-header-call-id pass
+            set malformed-header-cseq pass
+            set malformed-header-rack pass
+            set malformed-header-rseq pass
+            set malformed-header-contact pass
+            set malformed-header-record-route pass
+            set malformed-header-route pass
+            set malformed-header-expires pass
+            set malformed-header-content-type pass
+            set malformed-header-content-length pass
+            set malformed-header-max-forwards pass
+            set malformed-header-allow pass
+            set malformed-header-p-asserted-identity pass
+            set malformed-header-sdp-v pass
+            set malformed-header-sdp-o pass
+            set malformed-header-sdp-s pass
+            set malformed-header-sdp-i pass
+            set malformed-header-sdp-c pass
+            set malformed-header-sdp-b pass
+            set malformed-header-sdp-z pass
+            set malformed-header-sdp-k pass
+            set malformed-header-sdp-a pass
+            set malformed-header-sdp-t pass
+            set malformed-header-sdp-r pass
+            set malformed-header-sdp-m pass
+            set provisional-invite-expiry-time 210
+            set ips-rtp enable
+            set ssl-mode off
+        end
+        config sccp
+            set status enable
+            set block-mcast disable
+            set verify-header disable
+            set log-call-summary disable
+            set log-violations disable
+            set max-calls 0
+        end
+    next
+    edit "strict"
+        set feature-set proxy
+        set comment ''
+        config sip
+            set status enable
+            set rtp enable
+            set nat-port-range 5117-65533
+            set open-register-pinhole enable
+            set open-contact-pinhole enable
+            set strict-register enable
+            set register-rate 0
+            set invite-rate 0
+            set max-dialogs 0
+            set max-line-length 998
+            set block-long-lines enable
+            set block-unknown enable
+            set call-keepalive 0
+            set block-ack disable
+            set block-bye disable
+            set block-cancel disable
+            set block-info disable
+            set block-invite disable
+            set block-message disable
+            set block-notify disable
+            set block-options disable
+            set block-prack disable
+            set block-publish disable
+            set block-refer disable
+            set block-register disable
+            set block-subscribe disable
+            set block-update disable
+            set register-contact-trace disable
+            set open-via-pinhole disable
+            set open-record-route-pinhole enable
+            set rfc2543-branch disable
+            set log-violations disable
+            set log-call-summary enable
+            set nat-trace enable
+            set subscribe-rate 0
+            set message-rate 0
+            set notify-rate 0
+            set refer-rate 0
+            set update-rate 0
+            set options-rate 0
+            set ack-rate 0
+            set prack-rate 0
+            set info-rate 0
+            set publish-rate 0
+            set bye-rate 0
+            set cancel-rate 0
+            set preserve-override disable
+            set no-sdp-fixup disable
+            set contact-fixup enable
+            set max-idle-dialogs 0
+            set block-geo-red-options disable
+            set hosted-nat-traversal disable
+            set hnt-restrict-source-ip disable
+            set max-body-length 0
+            set unknown-header pass
+            set malformed-request-line discard
+            set malformed-header-via discard
+            set malformed-header-from discard
+            set malformed-header-to discard
+            set malformed-header-call-id discard
+            set malformed-header-cseq discard
+            set malformed-header-rack discard
+            set malformed-header-rseq discard
+            set malformed-header-contact discard
+            set malformed-header-record-route discard
+            set malformed-header-route discard
+            set malformed-header-expires discard
+            set malformed-header-content-type discard
+            set malformed-header-content-length discard
+            set malformed-header-max-forwards discard
+            set malformed-header-allow discard
+            set malformed-header-p-asserted-identity discard
+            set malformed-header-sdp-v discard
+            set malformed-header-sdp-o discard
+            set malformed-header-sdp-s discard
+            set malformed-header-sdp-i discard
+            set malformed-header-sdp-c discard
+            set malformed-header-sdp-b discard
+            set malformed-header-sdp-z discard
+            set malformed-header-sdp-k discard
+            set malformed-header-sdp-a discard
+            set malformed-header-sdp-t discard
+            set malformed-header-sdp-r discard
+            set malformed-header-sdp-m discard
+            set provisional-invite-expiry-time 210
+            set ips-rtp enable
+            set ssl-mode off
+        end
+        config sccp
+            set status enable
+            set block-mcast disable
+            set verify-header disable
+            set log-call-summary disable
+            set log-violations disable
+            set max-calls 0
+        end
+    next
+end
+config system sdwan
+    set status disable
+    set load-balance-mode source-ip-based
+    set speedtest-bypass-routing disable
+    set duplication-max-num 2
+    set neighbor-hold-down disable
+    set neighbor-hold-down-time 0
+    set neighbor-hold-boot-time 0
+    set fail-detect disable
+    config zone
+        edit "virtual-wan-link"
+            set service-sla-tie-break cfg-order
+        next
+    end
+    config health-check
+        edit "Default_DNS"
+            set probe-packets enable
+            set addr-mode ipv4
+            set system-dns enable
+            set detect-mode active
+            set ha-priority 1
+            set dns-request-domain "www.example.com"
+            set dns-match-ip 0.0.0.0
+            set interval 1000
+            set probe-timeout 1000
+            set failtime 5
+            set recoverytime 10
+            set probe-count 30
+            set diffservcode 000000
+            set update-cascade-interface enable
+            set update-static-route enable
+            set sla-fail-log-period 0
+            set sla-pass-log-period 0
+            set threshold-warning-packetloss 0
+            set threshold-alert-packetloss 0
+            set threshold-warning-latency 0
+            set threshold-alert-latency 0
+            set threshold-warning-jitter 0
+            set threshold-alert-jitter 0
+            config sla
+                edit 1
+                    set link-cost-factor latency jitter packet-loss
+                    set latency-threshold 250
+                    set jitter-threshold 50
+                    set packetloss-threshold 5
+                next
+            end
+        next
+        edit "Default_Office_365"
+            set probe-packets enable
+            set addr-mode ipv4
+            set server "www.office.com"
+            set detect-mode active
+            set protocol http
+            set port 0
+            set ha-priority 1
+            set http-get "/"
+            set http-agent "Chrome/ Safari/"
+            set http-match ''
+            set interval 1000
+            set probe-timeout 1000
+            set failtime 5
+            set recoverytime 10
+            set probe-count 30
+            set diffservcode 000000
+            set update-cascade-interface enable
+            set update-static-route enable
+            set sla-fail-log-period 0
+            set sla-pass-log-period 0
+            set threshold-warning-packetloss 0
+            set threshold-alert-packetloss 0
+            set threshold-warning-latency 0
+            set threshold-alert-latency 0
+            set threshold-warning-jitter 0
+            set threshold-alert-jitter 0
+            config sla
+                edit 1
+                    set link-cost-factor latency jitter packet-loss
+                    set latency-threshold 250
+                    set jitter-threshold 50
+                    set packetloss-threshold 5
+                next
+            end
+        next
+        edit "Default_Gmail"
+            set probe-packets enable
+            set addr-mode ipv4
+            set server "gmail.com"
+            set detect-mode active
+            set protocol ping
+            set ha-priority 1
+            set interval 1000
+            set probe-timeout 1000
+            set failtime 5
+            set recoverytime 10
+            set probe-count 30
+            set diffservcode 000000
+            set update-cascade-interface enable
+            set update-static-route enable
+            set sla-fail-log-period 0
+            set sla-pass-log-period 0
+            set threshold-warning-packetloss 0
+            set threshold-alert-packetloss 0
+            set threshold-warning-latency 0
+            set threshold-alert-latency 0
+            set threshold-warning-jitter 0
+            set threshold-alert-jitter 0
+            config sla
+                edit 1
+                    set link-cost-factor latency jitter packet-loss
+                    set latency-threshold 250
+                    set jitter-threshold 50
+                    set packetloss-threshold 2
+                next
+            end
+        next
+        edit "Default_Google Search"
+            set probe-packets enable
+            set addr-mode ipv4
+            set server "www.google.com"
+            set detect-mode active
+            set protocol http
+            set port 0
+            set ha-priority 1
+            set http-get "/"
+            set http-agent "Chrome/ Safari/"
+            set http-match ''
+            set interval 1000
+            set probe-timeout 1000
+            set failtime 5
+            set recoverytime 10
+            set probe-count 30
+            set diffservcode 000000
+            set update-cascade-interface enable
+            set update-static-route enable
+            set sla-fail-log-period 0
+            set sla-pass-log-period 0
+            set threshold-warning-packetloss 0
+            set threshold-alert-packetloss 0
+            set threshold-warning-latency 0
+            set threshold-alert-latency 0
+            set threshold-warning-jitter 0
+            set threshold-alert-jitter 0
+            config sla
+                edit 1
+                    set link-cost-factor latency jitter packet-loss
+                    set latency-threshold 250
+                    set jitter-threshold 50
+                    set packetloss-threshold 5
+                next
+            end
+        next
+        edit "Default_FortiGuard"
+            set probe-packets enable
+            set addr-mode ipv4
+            set server "fortiguard.com"
+            set detect-mode active
+            set protocol http
+            set port 0
+            set ha-priority 1
+            set http-get "/"
+            set http-agent "Chrome/ Safari/"
+            set http-match ''
+            set interval 1000
+            set probe-timeout 1000
+            set failtime 5
+            set recoverytime 10
+            set probe-count 30
+            set diffservcode 000000
+            set update-cascade-interface enable
+            set update-static-route enable
+            set sla-fail-log-period 0
+            set sla-pass-log-period 0
+            set threshold-warning-packetloss 0
+            set threshold-alert-packetloss 0
+            set threshold-warning-latency 0
+            set threshold-alert-latency 0
+            set threshold-warning-jitter 0
+            set threshold-alert-jitter 0
+            config sla
+                edit 1
+                    set link-cost-factor latency jitter packet-loss
+                    set latency-threshold 250
+                    set jitter-threshold 50
+                    set packetloss-threshold 5
+                next
+            end
+        next
+    end
+end
+config vpn ipsec phase1
+end
+config vpn ipsec phase2
+end
+config vpn ipsec manualkey
+end
+config vpn ipsec concentrator
+end
+config vpn ipsec fec
+end
+config vpn ipsec phase1-interface
+end
+config vpn ipsec phase2-interface
+end
+config vpn ipsec manualkey-interface
+end
+config vpn pptp
+    set status disable
+end
+config vpn l2tp
+    set status disable
+    set lcp-max-echo-fails 3
+    set hello-interval 60
+end
+config vpn ipsec forticlient
+end
+config dnsfilter domain-filter
+end
+config dnsfilter profile
+    edit "default"
+        set comment "Default dns filtering."
+        config domain-filter
+            unset domain-filter-table
+        end
+        config ftgd-dns
+            unset options
+            config filters
+                edit 1
+                    set category 2
+                    set action monitor
+                next
+                edit 2
+                    set category 7
+                    set action monitor
+                next
+                edit 3
+                    set category 8
+                    set action monitor
+                next
+                edit 4
+                    set category 9
+                    set action monitor
+                next
+                edit 5
+                    set category 11
+                    set action monitor
+                next
+                edit 6
+                    set category 12
+                    set action monitor
+                next
+                edit 7
+                    set category 13
+                    set action monitor
+                next
+                edit 8
+                    set category 14
+                    set action monitor
+                next
+                edit 9
+                    set category 15
+                    set action monitor
+                next
+                edit 10
+                    set category 16
+                    set action monitor
+                next
+                edit 11
+                    set category 0
+                    set action monitor
+                next
+                edit 12
+                    set category 57
+                    set action monitor
+                next
+                edit 13
+                    set category 63
+                    set action monitor
+                next
+                edit 14
+                    set category 64
+                    set action monitor
+                next
+                edit 15
+                    set category 65
+                    set action monitor
+                next
+                edit 16
+                    set category 66
+                    set action monitor
+                next
+                edit 17
+                    set category 67
+                    set action monitor
+                next
+                edit 18
+                    set category 26
+                    set action block
+                    set log enable
+                next
+                edit 19
+                    set category 61
+                    set action block
+                    set log enable
+                next
+                edit 20
+                    set category 86
+                    set action block
+                    set log enable
+                next
+                edit 21
+                    set category 88
+                    set action block
+                    set log enable
+                next
+                edit 22
+                    set category 90
+                    set action block
+                    set log enable
+                next
+                edit 23
+                    set category 91
+                    set action block
+                    set log enable
+                next
+            end
+        end
+        set log-all-domain disable
+        set sdns-ftgd-err-log enable
+        set sdns-domain-log enable
+        set block-action redirect
+        set block-botnet enable
+        set safe-search disable
+        set redirect-portal 0.0.0.0
+        set redirect-portal6 ::
+    next
+end
+config system gre-tunnel
+end
+config system ipsec-aggregate
+end
+config system ipip-tunnel
+end
+config system mobile-tunnel
+end
+config system pppoe-interface
+end
+config system vxlan
+end
+config system geneve
+end
+config system virtual-wire-pair
+end
+config system dns-database
+end
+config system dns-server
+end
+config log custom-field
+end
+config antivirus settings
+    set machine-learning-detection enable
+    set use-extreme-db disable
+    set grayware enable
+    set override-timeout 0
+    set cache-infected-result enable
+end
+config antivirus quarantine
+    set agelimit 0
+    set maxfilesize 0
+    set quarantine-quota 0
+    unset drop-infected
+    set store-infected imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
+    unset drop-blocked
+    set store-blocked imap smtp pop3 http ftp nntp imaps smtps pop3s ftps mapi cifs ssh
+    unset drop-machine-learning
+    set store-machine-learning imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
+    set lowspace ovrw-old
+    set destination disk
+end
+config ssh-filter profile
+end
+config antivirus profile
+    edit "g-default"
+        set comment "Scan files and block viruses."
+        set replacemsg-group ''
+        set feature-set flow
+        set mobile-malware-db enable
+        config http
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config ftp
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config imap
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config pop3
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config smtp
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config nntp
+            set av-scan disable
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config cifs
+            set av-scan disable
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config nac-quar
+            set infected none
+            set log disable
+        end
+        set outbreak-prevention-archive-scan disable
+        set external-blocklist-enable-all enable
+        set ems-threat-feed disable
+        set av-virus-log enable
+        set av-block-log enable
+        set extended-log disable
+    next
+    edit "g-sniffer-profile"
+        set comment "Scan files and monitor viruses."
+        set replacemsg-group ''
+        set feature-set flow
+        set mobile-malware-db enable
+        config http
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config ftp
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config imap
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config pop3
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config smtp
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config nntp
+            set av-scan disable
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config cifs
+            set av-scan disable
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config nac-quar
+            set infected none
+            set log disable
+        end
+        set outbreak-prevention-archive-scan disable
+        set external-blocklist-enable-all enable
+        set ems-threat-feed disable
+        set av-virus-log enable
+        set av-block-log enable
+        set extended-log disable
+    next
+    edit "g-wifi-default"
+        set comment "Default configuration for offloading WiFi traffic."
+        set replacemsg-group ''
+        set feature-set flow
+        set mobile-malware-db enable
+        config http
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config ftp
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config imap
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config pop3
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config smtp
+            set av-scan block
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+            set executables virus
+        end
+        config nntp
+            set av-scan disable
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config cifs
+            set av-scan disable
+            set outbreak-prevention disable
+            set external-blocklist disable
+            set quarantine disable
+            unset archive-block
+            unset archive-log
+            set emulator enable
+        end
+        config nac-quar
+            set infected none
+            set log disable
+        end
+        set outbreak-prevention-archive-scan disable
+        set external-blocklist-enable-all enable
+        set ems-threat-feed disable
+        set av-virus-log enable
+        set av-block-log enable
+        set extended-log disable
+    next
+end
+config file-filter profile
+    edit "g-default"
+        set comment "File type inspection."
+        set feature-set flow
+        set replacemsg-group ''
+        set log enable
+        set extended-log disable
+        set scan-archive-contents enable
+    next
+    edit "g-sniffer-profile"
+        set comment "File type inspection."
+        set feature-set flow
+        set replacemsg-group ''
+        set log enable
+        set extended-log disable
+        set scan-archive-contents enable
+    next
+end
+config webfilter profile
+    edit "g-default"
+        set comment "Default web filtering."
+        set feature-set flow
+        set replacemsg-group ''
+        unset options
+        set https-replacemsg enable
+        unset ovrd-perm
+        set post-action normal
+        config override
+            set ovrd-cookie deny
+            set ovrd-scope user
+            set profile-type list
+            set ovrd-dur-mode constant
+            set ovrd-dur 15m
+        end
+        config web
+            set bword-threshold 10
+            unset bword-table
+            unset urlfilter-table
+            unset content-header-list
+            set blocklist disable
+            unset allowlist
+        end
+        config ftgd-wf
+            unset options
+            unset ovrd
+            config filters
+                edit 1
+                    set category 0
+                    set action block
+                    set log enable
+                next
+                edit 2
+                    set category 2
+                    set action block
+                    set log enable
+                next
+                edit 3
+                    set category 7
+                    set action block
+                    set log enable
+                next
+                edit 4
+                    set category 8
+                    set action block
+                    set log enable
+                next
+                edit 5
+                    set category 9
+                    set action block
+                    set log enable
+                next
+                edit 6
+                    set category 11
+                    set action block
+                    set log enable
+                next
+                edit 7
+                    set category 12
+                    set action block
+                    set log enable
+                next
+                edit 8
+                    set category 13
+                    set action block
+                    set log enable
+                next
+                edit 9
+                    set category 14
+                    set action block
+                    set log enable
+                next
+                edit 10
+                    set category 15
+                    set action block
+                    set log enable
+                next
+                edit 11
+                    set category 16
+                    set action block
+                    set log enable
+                next
+                edit 12
+                    set category 26
+                    set action block
+                    set log enable
+                next
+                edit 13
+                    set category 57
+                    set action block
+                    set log enable
+                next
+                edit 14
+                    set category 61
+                    set action block
+                    set log enable
+                next
+                edit 15
+                    set category 63
+                    set action block
+                    set log enable
+                next
+                edit 16
+                    set category 64
+                    set action block
+                    set log enable
+                next
+                edit 17
+                    set category 65
+                    set action block
+                    set log enable
+                next
+                edit 18
+                    set category 66
+                    set action block
+                    set log enable
+                next
+                edit 19
+                    set category 67
+                    set action block
+                    set log enable
+                next
+                edit 20
+                    set category 86
+                    set action block
+                    set log enable
+                next
+                edit 21
+                    set category 88
+                    set action block
+                    set log enable
+                next
+                edit 22
+                    set category 90
+                    set action block
+                    set log enable
+                next
+                edit 23
+                    set category 91
+                    set action block
+                    set log enable
+                next
+            end
+            set rate-javascript-urls enable
+            set rate-css-urls enable
+            set rate-crl-urls enable
+        end
+        set log-all-url disable
+        set web-content-log enable
+        set web-filter-command-block-log enable
+        set web-filter-cookie-log enable
+        set web-url-log enable
+        set web-invalid-domain-log enable
+        set web-ftgd-err-log enable
+        set extended-log disable
+    next
+    edit "g-sniffer-profile"
+        set comment "Monitor web traffic."
+        set feature-set flow
+        set replacemsg-group ''
+        unset options
+        set https-replacemsg enable
+        unset ovrd-perm
+        set post-action normal
+        config override
+            set ovrd-cookie deny
+            set ovrd-scope user
+            set profile-type list
+            set ovrd-dur-mode constant
+            set ovrd-dur 15m
+        end
+        config web
+            set bword-threshold 10
+            unset bword-table
+            unset urlfilter-table
+            unset content-header-list
+            set blocklist disable
+            unset allowlist
+        end
+        config ftgd-wf
+            set options ftgd-disable
+            unset ovrd
+            config filters
+                edit 1
+                    set category 0
+                    set action monitor
+                    set log enable
+                next
+                edit 2
+                    set category 1
+                    set action monitor
+                    set log enable
+                next
+                edit 3
+                    set category 2
+                    set action monitor
+                    set log enable
+                next
+                edit 4
+                    set category 3
+                    set action monitor
+                    set log enable
+                next
+                edit 5
+                    set category 4
+                    set action monitor
+                    set log enable
+                next
+                edit 6
+                    set category 5
+                    set action monitor
+                    set log enable
+                next
+                edit 7
+                    set category 6
+                    set action monitor
+                    set log enable
+                next
+                edit 8
+                    set category 7
+                    set action monitor
+                    set log enable
+                next
+                edit 9
+                    set category 8
+                    set action monitor
+                    set log enable
+                next
+                edit 10
+                    set category 9
+                    set action monitor
+                    set log enable
+                next
+                edit 11
+                    set category 11
+                    set action monitor
+                    set log enable
+                next
+                edit 12
+                    set category 12
+                    set action monitor
+                    set log enable
+                next
+                edit 13
+                    set category 13
+                    set action monitor
+                    set log enable
+                next
+                edit 14
+                    set category 14
+                    set action monitor
+                    set log enable
+                next
+                edit 15
+                    set category 15
+                    set action monitor
+                    set log enable
+                next
+                edit 16
+                    set category 16
+                    set action monitor
+                    set log enable
+                next
+                edit 17
+                    set category 17
+                    set action monitor
+                    set log enable
+                next
+                edit 18
+                    set category 18
+                    set action monitor
+                    set log enable
+                next
+                edit 19
+                    set category 19
+                    set action monitor
+                    set log enable
+                next
+                edit 20
+                    set category 20
+                    set action monitor
+                    set log enable
+                next
+                edit 21
+                    set category 23
+                    set action monitor
+                    set log enable
+                next
+                edit 22
+                    set category 24
+                    set action monitor
+                    set log enable
+                next
+                edit 23
+                    set category 25
+                    set action monitor
+                    set log enable
+                next
+                edit 24
+                    set category 26
+                    set action monitor
+                    set log enable
+                next
+                edit 25
+                    set category 28
+                    set action monitor
+                    set log enable
+                next
+                edit 26
+                    set category 29
+                    set action monitor
+                    set log enable
+                next
+                edit 27
+                    set category 30
+                    set action monitor
+                    set log enable
+                next
+                edit 28
+                    set category 31
+                    set action monitor
+                    set log enable
+                next
+                edit 29
+                    set category 33
+                    set action monitor
+                    set log enable
+                next
+                edit 30
+                    set category 34
+                    set action monitor
+                    set log enable
+                next
+                edit 31
+                    set category 35
+                    set action monitor
+                    set log enable
+                next
+                edit 32
+                    set category 36
+                    set action monitor
+                    set log enable
+                next
+                edit 33
+                    set category 37
+                    set action monitor
+                    set log enable
+                next
+                edit 34
+                    set category 38
+                    set action monitor
+                    set log enable
+                next
+                edit 35
+                    set category 39
+                    set action monitor
+                    set log enable
+                next
+                edit 36
+                    set category 40
+                    set action monitor
+                    set log enable
+                next
+                edit 37
+                    set category 41
+                    set action monitor
+                    set log enable
+                next
+                edit 38
+                    set category 42
+                    set action monitor
+                    set log enable
+                next
+                edit 39
+                    set category 43
+                    set action monitor
+                    set log enable
+                next
+                edit 40
+                    set category 44
+                    set action monitor
+                    set log enable
+                next
+                edit 41
+                    set category 46
+                    set action monitor
+                    set log enable
+                next
+                edit 42
+                    set category 47
+                    set action monitor
+                    set log enable
+                next
+                edit 43
+                    set category 48
+                    set action monitor
+                    set log enable
+                next
+                edit 44
+                    set category 49
+                    set action monitor
+                    set log enable
+                next
+                edit 45
+                    set category 50
+                    set action monitor
+                    set log enable
+                next
+                edit 46
+                    set category 51
+                    set action monitor
+                    set log enable
+                next
+                edit 47
+                    set category 52
+                    set action monitor
+                    set log enable
+                next
+                edit 48
+                    set category 53
+                    set action monitor
+                    set log enable
+                next
+                edit 49
+                    set category 54
+                    set action monitor
+                    set log enable
+                next
+                edit 50
+                    set category 55
+                    set action monitor
+                    set log enable
+                next
+                edit 51
+                    set category 56
+                    set action monitor
+                    set log enable
+                next
+                edit 52
+                    set category 57
+                    set action monitor
+                    set log enable
+                next
+                edit 53
+                    set category 58
+                    set action monitor
+                    set log enable
+                next
+                edit 54
+                    set category 59
+                    set action monitor
+                    set log enable
+                next
+                edit 55
+                    set category 61
+                    set action monitor
+                    set log enable
+                next
+                edit 56
+                    set category 62
+                    set action monitor
+                    set log enable
+                next
+                edit 57
+                    set category 63
+                    set action monitor
+                    set log enable
+                next
+                edit 58
+                    set category 64
+                    set action monitor
+                    set log enable
+                next
+                edit 59
+                    set category 65
+                    set action monitor
+                    set log enable
+                next
+                edit 60
+                    set category 66
+                    set action monitor
+                    set log enable
+                next
+                edit 61
+                    set category 67
+                    set action monitor
+                    set log enable
+                next
+                edit 62
+                    set category 68
+                    set action monitor
+                    set log enable
+                next
+                edit 63
+                    set category 69
+                    set action monitor
+                    set log enable
+                next
+                edit 64
+                    set category 70
+                    set action monitor
+                    set log enable
+                next
+                edit 65
+                    set category 71
+                    set action monitor
+                    set log enable
+                next
+                edit 66
+                    set category 72
+                    set action monitor
+                    set log enable
+                next
+                edit 67
+                    set category 75
+                    set action monitor
+                    set log enable
+                next
+                edit 68
+                    set category 76
+                    set action monitor
+                    set log enable
+                next
+                edit 69
+                    set category 77
+                    set action monitor
+                    set log enable
+                next
+                edit 70
+                    set category 78
+                    set action monitor
+                    set log enable
+                next
+                edit 71
+                    set category 79
+                    set action monitor
+                    set log enable
+                next
+                edit 72
+                    set category 80
+                    set action monitor
+                    set log enable
+                next
+                edit 73
+                    set category 81
+                    set action monitor
+                    set log enable
+                next
+                edit 74
+                    set category 82
+                    set action monitor
+                    set log enable
+                next
+                edit 75
+                    set category 83
+                    set action monitor
+                    set log enable
+                next
+                edit 76
+                    set category 84
+                    set action monitor
+                    set log enable
+                next
+                edit 77
+                    set category 85
+                    set action monitor
+                    set log enable
+                next
+                edit 78
+                    set category 86
+                    set action monitor
+                    set log enable
+                next
+                edit 79
+                    set category 87
+                    set action monitor
+                    set log enable
+                next
+                edit 80
+                    set category 88
+                    set action monitor
+                    set log enable
+                next
+                edit 81
+                    set category 89
+                    set action monitor
+                    set log enable
+                next
+                edit 82
+                    set category 90
+                    set action monitor
+                    set log enable
+                next
+                edit 83
+                    set category 91
+                    set action monitor
+                    set log enable
+                next
+                edit 84
+                    set category 92
+                    set action monitor
+                    set log enable
+                next
+                edit 85
+                    set category 93
+                    set action monitor
+                    set log enable
+                next
+                edit 86
+                    set category 94
+                    set action monitor
+                    set log enable
+                next
+                edit 87
+                    set category 95
+                    set action monitor
+                    set log enable
+                next
+            end
+            set rate-javascript-urls enable
+            set rate-css-urls enable
+            set rate-crl-urls enable
+        end
+        set log-all-url disable
+        set web-content-log enable
+        set web-filter-command-block-log enable
+        set web-filter-cookie-log enable
+        set web-url-log enable
+        set web-invalid-domain-log enable
+        set web-ftgd-err-log enable
+        set extended-log disable
+    next
+    edit "g-wifi-default"
+        set comment "Default configuration for offloading WiFi traffic."
+        set feature-set flow
+        set replacemsg-group ''
+        set options block-invalid-url
+        set https-replacemsg enable
+        unset ovrd-perm
+        set post-action normal
+        config override
+            set ovrd-cookie deny
+            set ovrd-scope user
+            set profile-type list
+            set ovrd-dur-mode constant
+            set ovrd-dur 15m
+        end
+        config web
+            set bword-threshold 10
+            unset bword-table
+            unset urlfilter-table
+            unset content-header-list
+            set blocklist disable
+            unset allowlist
+        end
+        config ftgd-wf
+            unset options
+            unset ovrd
+            config filters
+                edit 1
+                    set category 0
+                    set action monitor
+                    set log enable
+                next
+                edit 2
+                    set category 2
+                    set action block
+                    set log enable
+                next
+                edit 3
+                    set category 7
+                    set action block
+                    set log enable
+                next
+                edit 4
+                    set category 8
+                    set action block
+                    set log enable
+                next
+                edit 5
+                    set category 9
+                    set action block
+                    set log enable
+                next
+                edit 6
+                    set category 11
+                    set action block
+                    set log enable
+                next
+                edit 7
+                    set category 12
+                    set action block
+                    set log enable
+                next
+                edit 8
+                    set category 13
+                    set action block
+                    set log enable
+                next
+                edit 9
+                    set category 14
+                    set action block
+                    set log enable
+                next
+                edit 10
+                    set category 15
+                    set action block
+                    set log enable
+                next
+                edit 11
+                    set category 16
+                    set action block
+                    set log enable
+                next
+                edit 12
+                    set category 26
+                    set action block
+                    set log enable
+                next
+                edit 13
+                    set category 57
+                    set action block
+                    set log enable
+                next
+                edit 14
+                    set category 61
+                    set action block
+                    set log enable
+                next
+                edit 15
+                    set category 63
+                    set action block
+                    set log enable
+                next
+                edit 16
+                    set category 64
+                    set action block
+                    set log enable
+                next
+                edit 17
+                    set category 65
+                    set action block
+                    set log enable
+                next
+                edit 18
+                    set category 66
+                    set action block
+                    set log enable
+                next
+                edit 19
+                    set category 67
+                    set action block
+                    set log enable
+                next
+                edit 20
+                    set category 86
+                    set action block
+                    set log enable
+                next
+                edit 21
+                    set category 88
+                    set action block
+                    set log enable
+                next
+                edit 22
+                    set category 90
+                    set action block
+                    set log enable
+                next
+                edit 23
+                    set category 91
+                    set action block
+                    set log enable
+                next
+            end
+            set rate-javascript-urls enable
+            set rate-css-urls enable
+            set rate-crl-urls enable
+        end
+        set log-all-url disable
+        set web-content-log enable
+        set web-filter-command-block-log enable
+        set web-filter-cookie-log enable
+        set web-url-log enable
+        set web-invalid-domain-log enable
+        set web-ftgd-err-log enable
+        set extended-log disable
+    next
+end
+config webfilter override
+end
+config webfilter ftgd-local-rating
+end
+config webfilter search-engine
+    edit "g-baidu"
+        set hostname ".*\\.baidu\\.com"
+        set url "^\\/s?\\?"
+        set query "wd="
+        set safesearch disable
+    next
+    edit "g-baidu2"
+        set hostname ".*\\.baidu\\.com"
+        set url "^\\/(ns|q|m|i|v)\\?"
+        set query "word="
+        set safesearch disable
+    next
+    edit "g-baidu3"
+        set hostname "tieba\\.baidu\\.com"
+        set url "^\\/f\\?"
+        set query "kw="
+        set safesearch disable
+    next
+    edit "g-bing"
+        set hostname ".*\\.bing\\..*"
+        set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
+        set query "q="
+        set safesearch header
+    next
+    edit "g-google"
+        set hostname ".*\\.google\\..*"
+        set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
+        set query "q="
+        set safesearch url
+        set safesearch-str "&safe=active"
+    next
+    edit "g-google-translate-1"
+        set hostname "translate\\.google\\..*"
+        set url "^\\/translate"
+        set query "u="
+        set safesearch translate
+    next
+    edit "g-google-translate-2"
+        set hostname ".*\\.translate\\.goog"
+        set url "^\\/"
+        set query ''
+        set safesearch translate
+    next
+    edit "g-twitter"
+        set hostname "twitter\\.com"
+        set url "^\\/i\\/api\\/graphql\\/.*\\/UserByScreenName"
+        set query "variables="
+        set safesearch translate
+    next
+    edit "g-vimeo"
+        set hostname ".*vimeo.*"
+        set url "^\\/search\\?"
+        set query "q="
+        set safesearch header
+    next
+    edit "g-yahoo"
+        set hostname ".*\\.yahoo\\..*"
+        set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
+        set query "p="
+        set safesearch url
+        set safesearch-str "&vm=r"
+    next
+    edit "g-yandex"
+        set hostname "yandex\\..*"
+        set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"
+        set query "text="
+        set safesearch url
+        set safesearch-str "&family=yes"
+    next
+    edit "g-youtube"
+        set hostname ".*youtube.*"
+        set url ''
+        set query ''
+        set safesearch header
+    next
+    edit "g-yt-channel"
+        set hostname ''
+        set url "www.youtube.com/channel"
+        set query ''
+        set safesearch yt-channel
+    next
+    edit "g-yt-pattern"
+        set hostname ''
+        set url "youtube.com/channel/"
+        set query ''
+        set safesearch yt-pattern
+    next
+    edit "g-yt-scan-1"
+        set hostname ''
+        set url "www.youtube.com/user/"
+        set query ''
+        set safesearch yt-scan
+    next
+    edit "g-yt-scan-2"
+        set hostname ''
+        set url "www.youtube.com/youtubei/v1/browse"
+        set query ''
+        set safesearch yt-scan
+    next
+    edit "g-yt-scan-3"
+        set hostname ''
+        set url "www.youtube.com/youtubei/v1/player"
+        set query ''
+        set safesearch yt-scan
+    next
+    edit "g-yt-scan-4"
+        set hostname ''
+        set url "www.youtube.com/youtubei/v1/navigator"
+        set query ''
+        set safesearch yt-scan
+    next
+    edit "translate"
+        set hostname "translate\\.google\\..*"
+        set url "^\\/translate\\?"
+        set query "u="
+        set safesearch translate
+    next
+    edit "yt-video"
+        set hostname ''
+        set url "www.youtube.com/watch"
+        set query ''
+        set safesearch yt-video
+    next
+end
+config emailfilter profile
+    edit "default"
+        set comment "Malware and phishing URL filtering."
+        set feature-set flow
+        set replacemsg-group ''
+        set spam-log enable
+        set spam-filtering disable
+        set external disable
+        unset options
+        config imap
+            set log-all disable
+        end
+        config pop3
+            set log-all disable
+        end
+        config smtp
+            set log-all disable
+        end
+        config msn-hotmail
+            set log-all disable
+        end
+        config gmail
+            set log-all disable
+        end
+        set spam-bword-threshold 10
+        unset spam-bword-table
+        unset spam-bal-table
+        unset spam-mheader-table
+        unset spam-rbl-table
+        unset spam-iptrust-table
+        set spam-log-fortiguard-response disable
+    next
+    edit "sniffer-profile"
+        set comment "Malware and phishing URL monitoring."
+        set feature-set flow
+        set replacemsg-group ''
+        set spam-log enable
+        set spam-filtering disable
+        set external disable
+        unset options
+        config imap
+            set log-all disable
+        end
+        config pop3
+            set log-all disable
+        end
+        config smtp
+            set log-all disable
+        end
+        config msn-hotmail
+            set log-all disable
+        end
+        config gmail
+            set log-all disable
+        end
+        set spam-bword-threshold 10
+        unset spam-bword-table
+        unset spam-bal-table
+        unset spam-mheader-table
+        unset spam-rbl-table
+        unset spam-iptrust-table
+        set spam-log-fortiguard-response disable
+    next
+end
+config wanopt settings
+    set host-id "default-id"
+    set tunnel-ssl-algorithm high
+    set auto-detect-algorithm simple
+    set tunnel-optimization balanced
+end
+config wanopt peer
+end
+config wanopt auth-group
+end
+config wanopt profile
+    edit "default"
+        set transparent enable
+        set comments "Default WANopt profile."
+        set auth-group ''
+        config http
+            set status disable
+            set secure-tunnel disable
+            set byte-caching enable
+            set ssl disable
+            set prefer-chunking fix
+            set protocol-opt protocol
+            set tunnel-sharing private
+            set log-traffic enable
+        end
+        config cifs
+            set status disable
+            set secure-tunnel disable
+            set byte-caching enable
+            set prefer-chunking fix
+            set protocol-opt protocol
+            set tunnel-sharing private
+            set log-traffic enable
+        end
+        config mapi
+            set status disable
+            set secure-tunnel disable
+            set byte-caching enable
+            set tunnel-sharing private
+            set log-traffic enable
+        end
+        config ftp
+            set status disable
+            set secure-tunnel disable
+            set byte-caching enable
+            set ssl disable
+            set prefer-chunking fix
+            set protocol-opt protocol
+            set tunnel-sharing private
+            set log-traffic enable
+        end
+        config tcp
+            set status disable
+        end
+    next
+end
+config system speed-test-server
+end
+config log memory setting
+    set status enable
+end
+config log disk setting
+    set status disable
+end
+config log eventfilter
+    set event enable
+    set system enable
+    set vpn enable
+    set user enable
+    set router enable
+    set wireless-activity enable
+    set wan-opt enable
+    set endpoint enable
+    set ha enable
+    set security-rating enable
+    set fortiextender enable
+    set connector enable
+    set sdwan enable
+    set cifs enable
+    set switch-controller enable
+end
+config log memory filter
+    set severity information
+    set forward-traffic enable
+    set local-traffic enable
+    set multicast-traffic enable
+    set sniffer-traffic enable
+    set ztna-traffic enable
+    set anomaly enable
+    set voip enable
+    set gtp enable
+end
+config log disk filter
+    set severity information
+    set forward-traffic enable
+    set local-traffic enable
+    set multicast-traffic enable
+    set sniffer-traffic enable
+    set ztna-traffic enable
+    set anomaly enable
+    set voip enable
+    set dlp-archive enable
+    set gtp enable
+end
+config log fortiguard override-setting
+    set override disable
+    set access-config enable
+end
+config log tacacs+accounting setting
+    set status disable
+end
+config log tacacs+accounting2 setting
+    set status disable
+end
+config log tacacs+accounting3 setting
+    set status disable
+end
+config log tacacs+accounting filter
+    set login-audit enable
+    set config-change-audit enable
+    set cli-cmd-audit enable
+end
+config log tacacs+accounting2 filter
+    set login-audit enable
+    set config-change-audit enable
+    set cli-cmd-audit enable
+end
+config log tacacs+accounting3 filter
+    set login-audit enable
+    set config-change-audit enable
+    set cli-cmd-audit enable
+end
+config log null-device setting
+    set status disable
+end
+config log null-device filter
+    set severity information
+    set forward-traffic enable
+    set local-traffic enable
+    set multicast-traffic enable
+    set sniffer-traffic enable
+    set ztna-traffic enable
+    set anomaly enable
+    set voip enable
+    set gtp enable
+end
+config log setting
+    set resolve-ip disable
+    set resolve-port enable
+    set log-user-in-upper disable
+    set fwpolicy-implicit-log disable
+    set fwpolicy6-implicit-log disable
+    set log-invalid-packet disable
+    set local-in-allow disable
+    set local-in-deny-unicast disable
+    set local-in-deny-broadcast disable
+    set local-out disable
+    set neighbor-event disable
+    set brief-traffic-format disable
+    set user-anonymize disable
+    set fortiview-weekly-data disable
+    set expolicy-implicit-log disable
+    set log-policy-comment disable
+    set faz-override disable
+    set syslog-override disable
+    set rest-api-set disable
+    set rest-api-get disable
+end
+config log gui-display
+    set resolve-hosts enable
+    set resolve-apps enable
+    set fortiview-unscanned-apps disable
+end
+config system lldp network-policy
+end
+config firewall schedule onetime
+end
+config firewall schedule recurring
+    edit "always"
+        set start 00:00
+        set end 00:00
+        set day sunday monday tuesday wednesday thursday friday saturday
+        set color 0
+        set fabric-object disable
+    next
+    edit "none"
+        set start 00:00
+        set end 00:00
+        set day none
+        set color 0
+        set fabric-object disable
+    next
+    edit "default-darrp-optimize"
+        set start 01:00
+        set end 01:30
+        set day sunday monday tuesday wednesday thursday friday saturday
+        set color 0
+        set fabric-object disable
+    next
+end
+config firewall schedule group
+end
+config firewall ippool
+    edit "Outside_Pool"
+        set type overload
+        set startip 198.36.24.240
+        set endip 198.36.24.241
+        set arp-reply enable
+        set arp-intf ''
+        set associated-interface ''
+        set cgn-client-ipv6shift 0
+        set comments ''
+        set nat64 disable
+    next
+end
+config firewall ippool6
+end
+config firewall ldb-monitor
+end
+config firewall vip
+    edit "VIP_Webosphere"
+        set id 0
+        set uuid cee90f74-9fbd-51ec-8812-57713fdf5603
+        set comment ''
+        set type static-nat
+        set extip 198.36.24.16
+        set nat44 enable
+        set nat46 disable
+        set mappedip "10.1.48.117"
+        set extintf "port10"
+        set arp-reply enable
+        set nat-source-vip disable
+        set portforward disable
+        set gratuitous-arp-interval 0
+        set ssl-client-rekey-count 0
+        set color 0
+    next
+end
+config firewall vip6
+end
+config firewall vipgrp
+end
+config firewall vipgrp6
+end
+config firewall ssh local-key
+    edit "g-Fortinet_SSH_DSA1024"
+        set password ENC LZL4qWQXrrDuyLOiIu4FHLZys/spYYCkzgg/JHkks8MfGacFSBXm2ec2TZuL9BJBr3iCDMGLYGoEMggP7AjJN8tJ0/8TMdHBcj44c8AwOSBEREb1kckzslMkDLE7V1PFSR9g5m6BMRDLbLnu1JuDMz3SXDYa0h2LIe0uzYxuQ9F3dlRmavz9EaBFHp0oHmta1lLO9A==
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCsTsvNYA
+0b26004l8z8i7xAAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDho
+KqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTq
+a7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq
+7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXk
+jxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFR
+XsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEe
+P+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5
+lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11G
+wlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQAAAHgzgAOtcSS6fPeDulJ
+39PdJTzYpcTKSuHcUZV/mNHTzVhJqQxB6B9HLzfNKCy3EryifKql5HG2hhH6sggu00PbIl
+iLwFSIZRomdxWdDEC/0iOm/SvFkMMDR4R1VjNiqNsZcalKL0MuUbD65eRQEMhNwU+NnfD3
+w9zUGnQIrY823ehOaomlgzFJyBj88c3wOp/QAnaJwkK0q+F6pPUrA8Elyxjx95e2ysstac
+xjp4WRnWaAh13goad2tKPYRZr7LBYRpJMDLrTuedPzSbe+qgKEeMG3LiOX5dSEzRYh0CdL
+YihrYMyiosE9Q42QWGVt1tostNWY+P84pl6Ums5yH2ePz0htMhv6Ykcw+zuDGgDPQPIep+
+YivEsMViSNYAftgwHjKZY9vSm9Z080nCD1Y7am2KxKiDxLZjMpGoCqUVj0bgMRatalRs9e
+ZeRwi8Snls61FjQiyIFMcfKsihvBrZaFKIz53IBgSFp3t3vmOB1PVHy9oW0DqP8vgCu6qy
+wgqiinAB9ITb6R899zqkf6OTL/gTmZvZJQdG6X/L6xM/GeqAlbNqq/XUI2W/3AGGFYurRb
+floJVo0ZGUcsZBwbJZf83CXohyF0ZxU+BA7z/THjasuxqgW+xil417cAAMx1kY0x
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDhoKqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTqa7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXkjxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFRXsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEeP+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11GwlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQ="
+        set source built-in
+    next
+    edit "g-Fortinet_SSH_ECDSA256"
+        set password ENC 6CKo6NfDQtUBJup56/Bc5l9hO6iGWqe9rnRLIRxw6iihhu/HXQ9q1NlMn/qmp+o08aV0/OBrzfo/p65Oan1CPdap4dOyUTkllLABX1UhoksPW0g01FNsMMO7ANAXfckD4ShvOgZn5bI+gDGwyWQY/sawottBfY/s5ncUBv8QW5X9rJCRBpyeNGA783nmbWVcTuxoqw==
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABC6LqlkPY
+/Hdb6OrWPuEFY0AAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
+dHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvK
+y7MHqF8ARHi1glc6RSoarryTUQuCIAAACgVxupR7dKdgRH81tvCGVVIDuY//Vx1Yi/Yk0h
+BPrtDwxQhyoplotmX9mTOqazAvefWgTaNjvM9ijdzDa4ZaqNRnnG3P2I6Q9MPhjJtAXU8d
+6sLeriRKwNwnKx2IOvUqw/Pwe6rsubJPij0vXYi/cYVz21DERJvAG+5+1ADdYBbCKG7eEH
+84sWnBQ98dSS7TCNT3vSK6o2Bd6JddGULj+UPw==
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvKy7MHqF8ARHi1glc6RSoarryTUQuCI="
+        set source built-in
+    next
+    edit "g-Fortinet_SSH_ECDSA384"
+        set password ENC Fy/THGKleYAz36tiTGWPAB73QAK3bD9S5EZdWt0exrW9yPgnvimIfJdpHIO4lR2NZfz2strhdr+i/LMuZEItFeECc60YldjRitjnEeMY+5CmK/KH/vF1XBpd1hQOmHlSF+N3TJbAu17ZAlzotqSdZSmuZvQrW/Zdst9ZNf+DnzARPrv69h0MzDk08PWNdUTUOeeJLQ==
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB0uOieAX
+++ifn8DLavtjHxAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
+dHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMj
+U5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXx
+dgAAANBLValBjOP2r5C1kT+Yr9A5Ce28py9bbFBwKGsyJRRyVOmJJvq/CjlgWrdenCuNED
+QUokZvQZZhhbXnk4KZcl/XWrq1b2lCxwSBLiiGLpyNUg+AvIRs13UiMZtLJLbxRR43BNpZ
+9FDCpid1AfE6TwpGvdx1dn6Ah4nfcxO7emsKe15Gri6KKxZxLD2ITDErEPrfZ5S8FBNKYW
+HQFDVYdALCo70/aeJhlUqqW4Xq2SW4LLvSFw0aeRi1GGUS+ym6ffR9h8h9cVatLZs8h6st
+2F3+
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMjU5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXxdg=="
+        set source built-in
+    next
+    edit "g-Fortinet_SSH_ECDSA521"
+        set password ENC HnL3pNzPpPlb/pzsjEDDV3QFIh/Wo5rptgi8PrmKU/5vZQBqMPZ4yHao1Z0LVkTtSCBCA7RmnJbDGy1DT9pTVb1m9+ijcUApoRzKMgRoTQvh9YiftIygYJ3ike592sePNgeIE3gL9YqVrbqjp4QH2NNQvdHk6w8a1LPvxOolMSbP5RwuGDNDe1zTwp0psCoqvSjWHA==
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCBJpFvQr
++3HPGMTII33aC8AAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
+dHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdF
+t5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+K
+HPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RAAAAQAIIfxsaGk5HnTJGL
+gKLEvymOn6YH6QOWCl3sPREJV3f1eePm1s+1AYbP9In7PkE7QJAxsFua8lebxEp6Uif4xA
+NkmFr2DxyTQX109wM71cssRrSvjlYiMJqFd2l8xeqlZA+2YEYCKkVZnJBry/oKoDfcELyX
+1EJVj9DPHrjRA1Y0VqOyXqLbmf5iZaLZskZ3LzRE2mH08rL5h+eYbeJVD0UmKN7NdwJtU9
+We+TPo2xrB6elHZIMlV4ppGUPifwR5ni+ZRgS+o/+zoHu29PEvGztRWNBN957ZaTGd5eNY
+v/mW78+7F5tmt/KkV2SW7sJmZxcPoA0ONHwtHmaHqdhuua
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdFt5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+KHPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RA=="
+        set source built-in
+    next
+    edit "g-Fortinet_SSH_ED25519"
+        set password ENC bqVdDR8uF2raHFPHR1Sy9AU2YISH9LQqBdrznaKny7pDPg9ipERwENT4O2Lgr4SLp/Q9PJSQYBDLhpbthhZovmT2tuS8EZGSKf04lGx2DA51DQfbDdN2SPVjd4ycNDCf7LJnRNXhHu4qfzFvay1SnvtJcnZcmj3q+lV6P1eTOcZrJT9GKS8Gf3gO1roJhyxVpYIBVA==
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDW2SdDDT
++IBJQ0+eayPutWAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd
+3JUEAvHnugjOGiXz5Puxg/8YfanOAAAAkMpcWN7RXKH/uB0iWRlrAKTPHK0f1xqBoz6yqO
+V89vDInRfhlwYhS9AuFfm2OElbDGek4zOMNpFrGa7tlJw1NC74SQlDkBe1wrLauUy9MLyk
+ZCBfC6Gw8g7S3xwMYKQ+AVUjfQ2x/800xJhBLKH/3X5gtyjIKuXhRTEjZQBbBQjWtDw++i
+9pkiQ2ltDNDw2Upw==
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd3JUEAvHnugjOGiXz5Puxg/8YfanO"
+        set source built-in
+    next
+    edit "g-Fortinet_SSH_RSA2048"
+        set password ENC YpRC1sEFVz/VkIHtQ9t+RFhLR4/6rddgoaK3WhLsHxtIauksQ+EpdMA//W/EHnSZ0SNXpyY5GpBSuVE9dKvcD8cVcQg4HTZowLVd4V0DF9nftEhY9cDjWLqVw65J23wSyJJFfR6/n42L9gi0Z+DY2cSxAZg1q5bwrH1aOHysJMvUr8h3jwPuy6o5kLlJQsG4FL3rBg==
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAFQPGDpG
+Q8o+mktySPJqK5AAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhh
+Q5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7
+A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GK
+hFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvC
+HA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8z
+OSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0vAAADwBoKo+7xugNDDC
+Xb+rcQGbPgkSpeDCY6NocfPJ99rrKPm2/Q230fzQ6LHbVTujGV3K+BamTb+CjXkZaXlvU/
+OrscZtORhABTRBd4/oY1nRjSDvQerQD8jjKAgJvqWE2KwPZJkenrdLPQeSjvfCTt28whuU
+FBEEsoQe3/L6FKL09xCmyjv4nozCDd6+/qHKhTXa3X9kuRHgjifu0GKAgVzVCbNCt4DHKD
+NzMLQEBvluihTyHefkeb0jY1InbckYU20NljTqEk0/F2koKrYi3YAg0mvZjM9tVx95zJNo
+TnsdlfdUZXMuWAV11rn6QrLfd8QrGwOUEWtYzZRhCcSFV1c32dCWMf7F6Zcn84g64HVMqB
+cd0ullOU9HmEtnbgZjtGXAWLFF+4SjmsHqI8TL0AZU85+aW6JB5XZ7WxunNSiP2DrF9Fss
+x8Qz5S/QJRb8d7lO5Laq4MGXyjaWpPQU+4Hl1lSBtuUp7lcMHMYy3jKXSroSzcDGocEN/A
+Ori4Mgc/nt7i7HHXOO2wEXHO5ibYfbSibPeUsbgdf6+777ND7kEXbcGJPvraeR4LmrO6T8
+cTLkXCakcXp6tLzwF0YEASKEEsr8gJcAPahsV2ITa1peppN/yA3+mW4bfAoNOE9HZYiYgO
+/1RGz1eIW5voQdPWbnw0kFGFBv4u4XT1dbXJUPpa/g+jfWjwyb4TDgVpMGMezfyYo7EBCz
+E3b0Rruyfo6AGgK0UmbrznOR6vApeRcjr+BrjNUPpqBcwfEbAPJMOlqaOVP3B37UBpbgDX
+pRoIAOTwEKtWwKN/wM8CmrRxqInWUBxf3FD4wc0O6eXUDQzKsQp/+X3l8sgtrNFa554LbW
+V5QF9BfO1IJig8yaki3xg+M8Hrf3kMlMeOWLXkCJ9aJf9GUFf4InyhXeyj4YwBPNb4FRCS
+ETU45sLhXhvRVPQGW9/PBj6y7i6qIE9oqlqiQ1SE0bUJTxey+4qD3WkPpHqSPQMeMkUmIv
+tpWKE15D5NTdKKtziX9e7D9mjfFh4Ab1CSZQALodWo9racYYIgl7Lfq/iLBt/lCRb75ZDx
++gPGjDrAuj+A4xbRmrRZbSHAVunAm2LEKgrILzfPG1GcWSdB0Yd3cc2HTrEuWQQsbNPiuN
+tRMPA5JODd1sqFRkUjZ2GWqL6YW2TlRXr8ZbLgzyWTlWY860QRUoEZKAKuZzFva1/MnHYc
+D9EWV32z3WAFXeOkdO53LirfXoyvz2JkQ1sDLFpLfpnvZPjy6fUd1t4uZ9oL4AUcG5A+sH
+Xt1vvScA==
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhhQ5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GKhFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvCHA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8zOSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0v"
+        set source built-in
+    next
+end
+config firewall ssh local-ca
+    edit "g-Fortinet_SSH_CA"
+        set password ENC SzEXQ+cm5YjqLli0Y31jPEyw3/YEH826/EXiUpp7tIzTuqvBnj5fexoP524w4Kcwtr5bZQjMzhCk/oiAJRsGBKABD9nYKcCr8AT79H4Q22fj4ubO8fobQWwzkH1cgAB9W06/ykgejgj1C0B80RcwtiPxBR/fqFNTTWSkuYu2N7X+NSHPMC1qUBdU6++/JlCjIZlGGQ==
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBXtpsaPd
+cKixlCrpH1L+AaAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAAC
+NC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+U
+ZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGP
+E/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7A
+TB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIa
+Mk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9AAADwP015jrfUNd4Is
+nXeV2jaurZ4OE4N//EUdqSfty0cK61mhaqrWUdyzDhnsPacuNYO8Qf23oNsuBMgQk4VgKT
++RhSuipr6Q4i+7AFEdDz8JknAaIYmQQUgPli583uyXKk3tCeOu3lna6rCl0LQTUigS6oby
+5Ha/qPEZiTqGkydWdVm0J9q8VvBDBMIxYF2IEZTr+Ie9+N+fy53FwnK0Hfn9ZzC8eH2GWI
+pdDeCRNUlNbwFcNIbpOlo7HelDLxWvrLexIhdbEsZYfK98sCDkHAg8J1UtjiRXDnWOyamx
+MYL1FfzQG1dl/d5uR5OH8H0ULsu/PgJYGtNeumS7phEJOoqVjrWEoGCte3WEDdLl9kOxJz
+8B6JR1U0DifuSr64LrCuaLXjSd0RMQ/pqJdUfpyjVhBg+voS78b0J2CrMT6iFlVTgiJN/U
+wvCx4lh970xWzf/wwpRGN8aYM3oCZs/bDtDVwJxMttMFn/3dNTa6+E0/g3vPWM+o+/FUz+
+OKptMFTGqCLNwtLatTSRWFG3xu/5hIH8zlcSjycgu8GHeYjq3PRZdy2dFsAW9pUiaPIdHD
+PjoQgl13NZvl5NZYUDTKGqOnowLkI00NvoGlCqCtdMHtZ+ZMVZpFhgYBTnM+AprRbtiwWq
+JFRmwJlqDYZd+J1ugxuzS1UeN2lzs56GOPFnjqkhelrHxqq45H6KRNLEyCxyI6BhFFO69C
+Qest9C8MkpXOjU1+9MAXJ6JPbJJT5o2Fm1r6W7IlpMVifgDya2dSkvUBV/bUrRTB1jWAlN
++dwlacXiJrOEmllFNQr7ZG4aIN+tCGnRPO3LBIy5EQqORaM6XxmlN0Ok4KELiVQz+lYRx4
+KgREH9C7Bfh9GKZJQL7aWXb8+GgkD4WGN77iwKu6LIE6mOogapRn71Ci80/+NL6uMCrBKl
+uArsYelYs+3iZDAfRb67cqDSYWIm2uWJ9j6ZePWjqB7etXLfheIgPEXALsHfbzFqVxqeqZ
+8hIoe2BIrWxdAKSk0ZBeGhU+8pWqNNfr3FAbelg7en3/3hddLFKYJnImCsJnUESdySg0nL
+s/IjFJJoVg1KhtMsGH5nJyDBLRRSk2hIQ86OKbsWmtQV81kwLpssDBAtvI46Yi3aR1jqof
+S5QDHEI2fEhbvSFhdY26Vt9M+NGxYRASMoak6f6CYAC9xAG3BHjiBiEPzhkK6vmcfjjX+4
++y5RZ3i75Vodx9N1FYWlhGo/430Q8E1IlWSAYlW7elypTnrfpHhTBJ5KN/cH0jRECai4gr
+ABMNge5w==
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAACNC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+UZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGPE/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7ATB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIaMk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9"
+        set source built-in
+    next
+    edit "g-Fortinet_SSH_CA_Untrusted"
+        set password ENC GAf6K+fy02RAjG5bOoDhax72pjKnPmGO/BUt+P5CAt3mcExaVk1kdDBG8VR3uvA0u0f9tsh6dZkrL5wlDWvEumTlr2K3Y5qShTV/rKlmsUIDiOuY+w85KJT6P6Z/+1mLHx2NKQgXpNAR77AibEXJggnqAAY/7KSQ1Huq+hRPitYG9QkdDS5yHLqiWt/IBezUZbqutA==
+        set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABD/KlvLSV
+ypHyY6ugUeE/hMAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9
+RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lE
+ZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eU
+iw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFG
+Xi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mv
+NVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZlAAADwDMtKa5JA56wxK
+0V/lnCF4yiSneXjb/G6Sdt6RMxopk4ZeIrHTzQYZejJcYWY4fq/1Ifu/bhWryo4fimHzQB
+Emd8yKx3JVno0jqb+DXgC0ggoOVyEoSxImfjeX9utZifTv7IDppx5JIUy9fV0uTa3K4OH+
+xhExXukD4qKjlkmOoa1+Pn8GuuayjIzWY/45Vvmgx6cRQJ2zK9YzMrf+1atXJzEmjsQ0t/
+UZd0hWfYfTebwR0JTt3tF9nUJPMx8vI564EuHz+xN1I7CQdj+Oif2bTyv3Fu/3yKQuAm6n
+NRDCNj+NgMHyAu5q6rxIqHTH4oZnJ0OQwu1Gsk8FhzMHZdW7ZHOIxihR71axts/g5NuBri
+aUyfDT6X6w847kQO/ijODuTD3N0lnsPQMWCijRUrF4F0l3D2hXM1fNVELAHkO1hO27LSrC
+iNWtrhbn1NmJSitwYSieTTczKa6+TkRg31w52JR8Cjpk0Q/9Xih8p5m48Ywo35ZBWE3jC4
+NGeXKX5t8hNilVuHb6amgNXtoREM178ursALABc4uPoqV5jdKjZ5HfDgxPayJP0a02iD3F
+zpXvq5+Povk0WbuRW0cOg6Xri3pL5zr0YrGysKKV02urJv7AMRr3e81kzIs6hGDAdFRZEB
+VaLk8e8GIm1KdutZ5VyunrhEEQuXjwRbgUMHWbLYGyl6NcR6VrTR3mAxietZJ+vpO/j1U+
+jL+RcZwQs2RF0l/sKJ4GYXEKG1Dg7HaduzQVX5MZMkf4YDs43SZMCP2gecIKrqZpn9MEGk
+1JewLIQq7bioSpXHzLgE6WyXVLsNNWrEv1/BxJIKtZ5BySsL8H14kzQYZxcobQ3jZX3GSL
+eaPyZwBs+M5VadHELZp61eUB1+OGMYQOHogihV5KRfudQAjmtak3e5xDtmXzrNaKF+webM
+vMvSL6na2ADlDjS5m6FB4SQhcO/e4DERGKHZVV0r00CSamcTDCtcBHXNkoIQJVH0+uZxfo
+/5Tzu5Nsy6QieR3zwT7Jqv3jgJt7hnhm3tjE+eomJ7i05qYihnvj0XAAtRllhq25UhJXh1
+Uaw0c0H18jz0NP63FbFNXcPJJrhQkiELsZvNDi/U+XvbLlwwZZjXYrzSB7Gi1ImFRx85/S
+pkYR0drWgEM1k17hqSpS6RxxnL4ReX4UuwC8pJnkHFkmlz6oFWGJC07qcS7WXaTTLnvKNn
+vf2tdICS8wHNDfNVNnLha8hJHEZ3s6CwPVAZ+/M3YB4/RsSiK0D6aTTfcJi0aluTZtYF02
+PWD7d7mw==
+-----END OPENSSH PRIVATE KEY-----
+"
+        set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lEZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eUiw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFGXi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mvNVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZl"
+        set source built-in
+    next
+end
+config firewall ssh setting
+    set caname "g-Fortinet_SSH_CA"
+    set untrusted-caname "g-Fortinet_SSH_CA_Untrusted"
+    set hostkey-rsa2048 "g-Fortinet_SSH_RSA2048"
+    set hostkey-dsa1024 "g-Fortinet_SSH_DSA1024"
+    set hostkey-ecdsa256 "g-Fortinet_SSH_ECDSA256"
+    set hostkey-ecdsa384 "g-Fortinet_SSH_ECDSA384"
+    set hostkey-ecdsa521 "g-Fortinet_SSH_ECDSA521"
+    set hostkey-ed25519 "g-Fortinet_SSH_ED25519"
+    set host-trusted-checking enable
+end
+config firewall ssh host-key
+end
+config firewall decrypted-traffic-mirror
+end
+config firewall access-proxy-virtual-host
+end
+config firewall access-proxy-ssh-client-cert
+end
+config firewall access-proxy
+end
+config firewall access-proxy6
+end
+config firewall ipmacbinding setting
+    set bindthroughfw disable
+    set bindtofw disable
+end
+config firewall ipmacbinding table
+end
+config firewall profile-protocol-options
+    edit "default"
+        set comment "All default services."
+        set replacemsg-group ''
+        set oversize-log disable
+        set switching-protocols-log disable
+        config http
+            set ports 80
+            set status enable
+            set inspect-all disable
+            set proxy-after-tcp-handshake disable
+            unset options
+            set comfort-interval 10
+            set comfort-amount 1
+            set range-block disable
+            set strip-x-forwarded-for disable
+            unset post-lang
+            set streaming-content-bypass enable
+            set switching-protocols bypass
+            set unknown-http-version reject
+            set tunnel-non-http enable
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set stream-based-uncompressed-limit 0
+            set scan-bzip2 enable
+            set block-page-status-code 403
+            set retry-count 0
+            set tcp-window-type auto-tuning
+            set ssl-offloaded no
+            set address-ip-rating enable
+        end
+        config ftp
+            set ports 21
+            set status enable
+            set inspect-all disable
+            set options splice
+            set comfort-interval 10
+            set comfort-amount 1
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set stream-based-uncompressed-limit 0
+            set scan-bzip2 enable
+            set tcp-window-type auto-tuning
+            set ssl-offloaded no
+            set explicit-ftp-tls disable
+        end
+        config imap
+            set ports 143
+            set status enable
+            set inspect-all disable
+            set proxy-after-tcp-handshake disable
+            set options fragmail
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set scan-bzip2 enable
+            set ssl-offloaded no
+        end
+        config mapi
+            set ports 135
+            set status enable
+            set options fragmail
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set scan-bzip2 enable
+        end
+        config pop3
+            set ports 110
+            set status enable
+            set inspect-all disable
+            set proxy-after-tcp-handshake disable
+            set options fragmail
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set scan-bzip2 enable
+            set ssl-offloaded no
+        end
+        config smtp
+            set ports 25
+            set status enable
+            set inspect-all disable
+            set proxy-after-tcp-handshake disable
+            set options fragmail splice
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set scan-bzip2 enable
+            set server-busy disable
+            set ssl-offloaded no
+        end
+        config nntp
+            set ports 119
+            set status enable
+            set inspect-all disable
+            set proxy-after-tcp-handshake disable
+            set options splice
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set scan-bzip2 enable
+        end
+        config ssh
+            unset options
+            set comfort-interval 10
+            set comfort-amount 1
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set stream-based-uncompressed-limit 0
+            set scan-bzip2 enable
+            set tcp-window-type auto-tuning
+            set ssl-offloaded no
+        end
+        config dns
+            set ports 53
+            set status enable
+        end
+        config cifs
+            set ports 445
+            set status enable
+            unset options
+            set oversize-limit 10
+            set uncompressed-oversize-limit 10
+            set uncompressed-nest-limit 12
+            set scan-bzip2 enable
+            set tcp-window-type auto-tuning
+            set server-credential-type none
+        end
+        config mail-signature
+            set status disable
+            set signature ''
+        end
+        set rpc-over-http disable
+    next
+end
+config firewall ssl-ssh-profile
+    edit "certificate-inspection"
+        set comment "Read-only SSL handshake inspection profile."
+        config ssl
+            set inspect-all disable
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set min-allowed-ssl-version tls-1.1
+        end
+        config https
+            set ports 443
+            set status certificate-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set sni-server-cert-check enable
+            set cert-probe-failure block
+            set min-allowed-ssl-version tls-1.1
+        end
+        config ftps
+            set status disable
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set min-allowed-ssl-version tls-1.1
+        end
+        config imaps
+            set status disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config pop3s
+            set status disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config smtps
+            set status disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config ssh
+            set ports 22
+            set status disable
+            set inspect-all disable
+            set unsupported-version bypass
+            set ssh-tun-policy-check disable
+            set ssh-algorithm compatible
+        end
+        config dot
+            set status disable
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        set block-blocklisted-certificates enable
+        set caname "Fortinet_CA_SSL"
+        set ssl-anomaly-log enable
+        set ssl-negotiation-log disable
+        set ssl-server-cert-log disable
+        set ssl-handshake-log disable
+    next
+    edit "deep-inspection"
+        set comment "Read-only deep inspection profile."
+        config ssl
+            set inspect-all disable
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set min-allowed-ssl-version tls-1.1
+        end
+        config https
+            set ports 443
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set sni-server-cert-check enable
+            set min-allowed-ssl-version tls-1.1
+        end
+        config ftps
+            set ports 990
+            set status deep-inspection
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set min-allowed-ssl-version tls-1.1
+        end
+        config imaps
+            set ports 993
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config pop3s
+            set ports 995
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config smtps
+            set ports 465
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config ssh
+            set ports 22
+            set status disable
+            set inspect-all disable
+            set unsupported-version bypass
+            set ssh-tun-policy-check disable
+            set ssh-algorithm compatible
+        end
+        config dot
+            set status disable
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        set allowlist disable
+        set block-blocklisted-certificates enable
+        config ssl-exempt
+            edit 1
+                set type fortiguard-category
+                set fortiguard-category 31
+            next
+            edit 2
+                set type fortiguard-category
+                set fortiguard-category 33
+            next
+            edit 3
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-adobe"
+            next
+            edit 4
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Adobe Login"
+            next
+            edit 5
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-android"
+            next
+            edit 6
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-apple"
+            next
+            edit 7
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-appstore"
+            next
+            edit 8
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-auth.gfx.ms"
+            next
+            edit 9
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-citrix"
+            next
+            edit 10
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-dropbox.com"
+            next
+            edit 11
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-eease"
+            next
+            edit 12
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-firefox update server"
+            next
+            edit 13
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-fortinet"
+            next
+            edit 14
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-googleapis.com"
+            next
+            edit 15
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-drive"
+            next
+            edit 16
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play2"
+            next
+            edit 17
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play3"
+            next
+            edit 18
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Gotomeeting"
+            next
+            edit 19
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-icloud"
+            next
+            edit 20
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-itunes"
+            next
+            edit 21
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-microsoft"
+            next
+            edit 22
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-skype"
+            next
+            edit 23
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-softwareupdate.vmware.com"
+            next
+            edit 24
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-verisign"
+            next
+            edit 25
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Windows update 2"
+            next
+            edit 26
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-live.com"
+            next
+            edit 27
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play"
+            next
+            edit 28
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-update.microsoft.com"
+            next
+            edit 29
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-swscan.apple.com"
+            next
+            edit 30
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-autoupdate.opera.com"
+            next
+            edit 31
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-cdn-apple"
+            next
+            edit 32
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-mzstatic-apple"
+            next
+        end
+        set server-cert-mode re-sign
+        set caname "Fortinet_CA_SSL"
+        set untrusted-caname "Fortinet_CA_Untrusted"
+        set ssl-exemption-ip-rating enable
+        set ssl-exemption-log disable
+        set ssl-anomaly-log enable
+        set ssl-negotiation-log disable
+        set ssl-server-cert-log disable
+        set ssl-handshake-log disable
+        set rpc-over-https disable
+        set mapi-over-https disable
+        set supported-alpn all
+        set use-ssl-server disable
+    next
+    edit "custom-deep-inspection"
+        set comment "Customizable deep inspection profile."
+        config ssl
+            set inspect-all disable
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set min-allowed-ssl-version tls-1.1
+        end
+        config https
+            set ports 443
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set sni-server-cert-check enable
+            set min-allowed-ssl-version tls-1.1
+        end
+        config ftps
+            set ports 990
+            set status deep-inspection
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set min-allowed-ssl-version tls-1.1
+        end
+        config imaps
+            set ports 993
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config pop3s
+            set ports 995
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config smtps
+            set ports 465
+            set status deep-inspection
+            set proxy-after-tcp-handshake disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config ssh
+            set ports 22
+            set status disable
+            set inspect-all disable
+            set unsupported-version bypass
+            set ssh-tun-policy-check disable
+            set ssh-algorithm compatible
+        end
+        config dot
+            set status disable
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        set allowlist disable
+        set block-blocklisted-certificates enable
+        config ssl-exempt
+            edit 1
+                set type fortiguard-category
+                set fortiguard-category 31
+            next
+            edit 2
+                set type fortiguard-category
+                set fortiguard-category 33
+            next
+            edit 3
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-adobe"
+            next
+            edit 4
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Adobe Login"
+            next
+            edit 5
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-android"
+            next
+            edit 6
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-apple"
+            next
+            edit 7
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-appstore"
+            next
+            edit 8
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-auth.gfx.ms"
+            next
+            edit 9
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-citrix"
+            next
+            edit 10
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-dropbox.com"
+            next
+            edit 11
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-eease"
+            next
+            edit 12
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-firefox update server"
+            next
+            edit 13
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-fortinet"
+            next
+            edit 14
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-googleapis.com"
+            next
+            edit 15
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-drive"
+            next
+            edit 16
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play2"
+            next
+            edit 17
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play3"
+            next
+            edit 18
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Gotomeeting"
+            next
+            edit 19
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-icloud"
+            next
+            edit 20
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-itunes"
+            next
+            edit 21
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-microsoft"
+            next
+            edit 22
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-skype"
+            next
+            edit 23
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-softwareupdate.vmware.com"
+            next
+            edit 24
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-verisign"
+            next
+            edit 25
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-Windows update 2"
+            next
+            edit 26
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-live.com"
+            next
+            edit 27
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-google-play"
+            next
+            edit 28
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-update.microsoft.com"
+            next
+            edit 29
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-swscan.apple.com"
+            next
+            edit 30
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-autoupdate.opera.com"
+            next
+            edit 31
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-cdn-apple"
+            next
+            edit 32
+                set type wildcard-fqdn
+                set wildcard-fqdn "g-mzstatic-apple"
+            next
+        end
+        set server-cert-mode re-sign
+        set caname "Fortinet_CA_SSL"
+        set untrusted-caname "Fortinet_CA_Untrusted"
+        set ssl-exemption-ip-rating enable
+        set ssl-exemption-log disable
+        set ssl-anomaly-log enable
+        set ssl-negotiation-log disable
+        set ssl-server-cert-log disable
+        set ssl-handshake-log disable
+        set rpc-over-https disable
+        set mapi-over-https disable
+        set supported-alpn all
+        set use-ssl-server disable
+    next
+    edit "no-inspection"
+        set comment "Read-only profile that does no inspection."
+        config ssl
+            set inspect-all disable
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set min-allowed-ssl-version tls-1.1
+        end
+        config https
+            set status disable
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set sni-server-cert-check enable
+            set min-allowed-ssl-version tls-1.1
+        end
+        config ftps
+            set status disable
+            set client-certificate bypass
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+            set min-allowed-ssl-version tls-1.1
+        end
+        config imaps
+            set status disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config pop3s
+            set status disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config smtps
+            set status disable
+            set client-certificate inspect
+            set unsupported-ssl-version allow
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        config ssh
+            set ports 22
+            set status disable
+            set inspect-all disable
+            set unsupported-version bypass
+            set ssh-tun-policy-check disable
+            set ssh-algorithm compatible
+        end
+        config dot
+            set status disable
+            set client-certificate bypass
+            set unsupported-ssl-version block
+            set unsupported-ssl-cipher allow
+            set unsupported-ssl-negotiation allow
+            set expired-server-cert block
+            set revoked-server-cert block
+            set untrusted-server-cert allow
+            set cert-validation-timeout allow
+            set cert-validation-failure block
+        end
+        set block-blocklisted-certificates enable
+        set caname "Fortinet_CA_SSL"
+        set ssl-anomaly-log enable
+        set ssl-negotiation-log disable
+        set ssl-server-cert-log disable
+        set ssl-handshake-log disable
+    next
+end
+config waf profile
+    edit "default"
+        set external disable
+        set extended-log disable
+        config signature
+            config main-class 100000000
+                set status disable
+                set action block
+                set log enable
+                set severity high
+            end
+            config main-class 20000000
+                set status disable
+                set action allow
+                set log enable
+                set severity medium
+            end
+            config main-class 30000000
+                set status enable
+                set action block
+                set log enable
+                set severity high
+            end
+            config main-class 40000000
+                set status disable
+                set action allow
+                set log enable
+                set severity medium
+            end
+            config main-class 50000000
+                set status enable
+                set action block
+                set log enable
+                set severity high
+            end
+            config main-class 60000000
+                set status disable
+                set action allow
+                set log enable
+                set severity medium
+            end
+            config main-class 70000000
+                set status enable
+                set action block
+                set log enable
+                set severity high
+            end
+            config main-class 80000000
+                set status enable
+                set action allow
+                set log enable
+                set severity low
+            end
+            config main-class 110000000
+                set status enable
+                set action allow
+                set log enable
+                set severity high
+            end
+            config main-class 90000000
+                set status enable
+                set action block
+                set log enable
+                set severity high
+            end
+            set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002
+            set credit-card-detection-threshold 3
+        end
+        config constraint
+            config header-length
+                set status enable
+                set length 8192
+                set action allow
+                set log enable
+                set severity low
+            end
+            config content-length
+                set status enable
+                set length 67108864
+                set action allow
+                set log enable
+                set severity low
+            end
+            config param-length
+                set status enable
+                set length 8192
+                set action allow
+                set log enable
+                set severity low
+            end
+            config line-length
+                set status enable
+                set length 1024
+                set action allow
+                set log enable
+                set severity low
+            end
+            config url-param-length
+                set status enable
+                set length 8192
+                set action allow
+                set log enable
+                set severity low
+            end
+            config version
+                set status disable
+                set action allow
+                set log enable
+                set severity medium
+            end
+            config method
+                set status disable
+                set action block
+                set log enable
+                set severity medium
+            end
+            config hostname
+                set status disable
+                set action block
+                set log enable
+                set severity medium
+            end
+            config malformed
+                set status disable
+                set action allow
+                set log enable
+                set severity medium
+            end
+            config max-cookie
+                set status enable
+                set max-cookie 16
+                set action allow
+                set log enable
+                set severity low
+            end
+            config max-header-line
+                set status enable
+                set max-header-line 32
+                set action allow
+                set log enable
+                set severity low
+            end
+            config max-url-param
+                set status enable
+                set max-url-param 16
+                set action allow
+                set log enable
+                set severity low
+            end
+            config max-range-segment
+                set status enable
+                set max-range-segment 5
+                set action allow
+                set log enable
+                set severity high
+            end
+        end
+        config method
+            set status disable
+            set log disable
+            set severity medium
+            unset default-allowed-methods
+        end
+        config address-list
+            set status disable
+            set blocked-log disable
+            set severity medium
+        end
+        set comment ''
+    next
+end
+config firewall profile-group
+end
+config firewall ssl-server
+end
+config firewall identity-based-route
+end
+config firewall auth-portal
+    set portal-addr ''
+    set portal-addr6 ''
+    set identity-based-route ''
+end
+config firewall policy
+    edit 3
+        set status enable
+        set name "Block_Countries_In"
+        set uuid d7dbce76-9fbf-51ec-ab77-fee1db8aeb26
+        set srcintf "Outside_Zone"
+        set dstintf "Inside_Zone"
+        set action deny
+        set ztna-status disable
+        set srcaddr "Geo_Block_Group"
+        set dstaddr "all"
+        set internet-service disable
+        set internet-service-src disable
+        unset reputation-minimum
+        set rtp-nat disable
+        set schedule "always"
+        set schedule-timeout disable
+        set service "ALL"
+        set tos-mask 0x00
+        set anti-replay enable
+        set geoip-anycast disable
+        set geoip-match physical-location
+        set logtraffic disable
+        set logtraffic-start disable
+        set np-acceleration enable
+        set session-ttl 0
+        set vlan-cos-fwd 255
+        set vlan-cos-rev 255
+        set fec disable
+        set wccp disable
+        set natip 0.0.0.0 0.0.0.0
+        set match-vip enable
+        set tcp-mss-sender 0
+        set tcp-mss-receiver 0
+        set comments ''
+        set block-notification disable
+        set replacemsg-override-group ''
+        set srcaddr-negate disable
+        set dstaddr-negate disable
+        set service-negate disable
+        set captive-portal-exempt disable
+        set dsri disable
+        set radius-mac-auth-bypass disable
+        set delay-tcp-npu-session disable
+        unset vlan-filter
+        set send-deny-packet disable
+    next
+    edit 4
+        set status enable
+        set name "Block_Countries_Out"
+        set uuid f8b4eb14-9fbf-51ec-ed6e-96e27dc1b1c9
+        set srcintf "Inside_Zone"
+        set dstintf "Outside_Zone"
+        set action deny
+        set ztna-status disable
+        set srcaddr "all"
+        set dstaddr "Geo_Block_Group"
+        set internet-service disable
+        set internet-service-src disable
+        unset reputation-minimum
+        set rtp-nat disable
+        set schedule "always"
+        set schedule-timeout disable
+        set service "ALL"
+        set tos-mask 0x00
+        set anti-replay enable
+        set geoip-anycast disable
+        set geoip-match physical-location
+        set logtraffic disable
+        set logtraffic-start disable
+        set np-acceleration enable
+        set session-ttl 0
+        set vlan-cos-fwd 255
+        set vlan-cos-rev 255
+        set fec disable
+        set wccp disable
+        set natip 0.0.0.0 0.0.0.0
+        set match-vip enable
+        set tcp-mss-sender 0
+        set tcp-mss-receiver 0
+        set comments ''
+        set block-notification disable
+        set replacemsg-override-group ''
+        set srcaddr-negate disable
+        set dstaddr-negate disable
+        set service-negate disable
+        set captive-portal-exempt disable
+        set dsri disable
+        set radius-mac-auth-bypass disable
+        set delay-tcp-npu-session disable
+        unset vlan-filter
+        set send-deny-packet disable
+    next
+    edit 2
+        set status enable
+        set name "Webosphere"
+        set uuid 0d8e5202-9fbe-51ec-0286-714f8e196589
+        set srcintf "Outside_Zone"
+        set dstintf "Inside_Zone"
+        set action accept
+        set nat64 disable
+        set nat46 disable
+        set ztna-status disable
+        set srcaddr "all"
+        set dstaddr "VIP_Webosphere"
+        set internet-service disable
+        set internet-service-src disable
+        unset reputation-minimum
+        set rtp-nat disable
+        set schedule "always"
+        set schedule-timeout disable
+        set service "HTTP" "HTTPS"
+        set tos-mask 0x00
+        set anti-replay enable
+        set dynamic-shaping disable
+        set passive-wan-health-measurement disable
+        set utm-status enable
+        set inspection-mode flow
+        set profile-type single
+        set profile-protocol-options "default"
+        set ssl-ssh-profile "certificate-inspection"
+        set av-profile ''
+        set webfilter-profile ''
+        set dnsfilter-profile ''
+        set emailfilter-profile ''
+        set dlp-sensor ''
+        set file-filter-profile ''
+        set ips-sensor "IPS_Test"
+        set application-list ''
+        set voip-profile ''
+        set sctp-filter-profile ''
+        set logtraffic utm
+        set logtraffic-start disable
+        set capture-packet disable
+        set auto-asic-offload enable
+        set np-acceleration enable
+        set nat disable
+        set session-ttl 0
+        set vlan-cos-fwd 255
+        set vlan-cos-rev 255
+        set fec disable
+        set wccp disable
+        set disclaimer disable
+        set email-collect disable
+        set natip 0.0.0.0 0.0.0.0
+        set diffserv-forward disable
+        set diffserv-reverse disable
+        set tcp-mss-sender 0
+        set tcp-mss-receiver 0
+        set comments ''
+        set block-notification disable
+        set replacemsg-override-group ''
+        set srcaddr-negate disable
+        set dstaddr-negate disable
+        set service-negate disable
+        set timeout-send-rst disable
+        set captive-portal-exempt disable
+        set dsri disable
+        set radius-mac-auth-bypass disable
+        set delay-tcp-npu-session disable
+        unset vlan-filter
+        set traffic-shaper ''
+        set traffic-shaper-reverse ''
+        set per-ip-shaper ''
+    next
+    edit 1
+        set status enable
+        set name "Internet_Access"
+        set uuid bfdac172-9fbc-51ec-a83b-8104f6e36fd1
+        set srcintf "Inside_Zone"
+        set dstintf "Outside_Zone"
+        set action accept
+        set ztna-status disable
+        set srcaddr "IPv4-Private-All-RFC1918"
+        set dstaddr "all"
+        set internet-service disable
+        set internet-service-src disable
+        unset reputation-minimum
+        set rtp-nat disable
+        set schedule "always"
+        set schedule-timeout disable
+        set service "ALL"
+        set tos-mask 0x00
+        set anti-replay enable
+        set dynamic-shaping disable
+        set passive-wan-health-measurement disable
+        set utm-status enable
+        set inspection-mode flow
+        set profile-type single
+        set profile-protocol-options "default"
+        set ssl-ssh-profile "certificate-inspection"
+        set av-profile ''
+        set webfilter-profile ''
+        set dnsfilter-profile ''
+        set emailfilter-profile ''
+        set dlp-sensor ''
+        set file-filter-profile ''
+        set ips-sensor "g-default"
+        set application-list ''
+        set voip-profile ''
+        set sctp-filter-profile ''
+        set logtraffic utm
+        set logtraffic-start disable
+        set capture-packet disable
+        set auto-asic-offload enable
+        set np-acceleration enable
+        set nat enable
+        set permit-any-host disable
+        set permit-stun-host disable
+        set fixedport disable
+        set ippool enable
+        set poolname "Outside_Pool"
+        set session-ttl 0
+        set vlan-cos-fwd 255
+        set vlan-cos-rev 255
+        set fec disable
+        set wccp disable
+        set disclaimer disable
+        set email-collect disable
+        set natip 0.0.0.0 0.0.0.0
+        set diffserv-forward disable
+        set diffserv-reverse disable
+        set tcp-mss-sender 0
+        set tcp-mss-receiver 0
+        set comments ''
+        set block-notification disable
+        set replacemsg-override-group ''
+        set srcaddr-negate disable
+        set dstaddr-negate disable
+        set service-negate disable
+        set timeout-send-rst disable
+        set captive-portal-exempt disable
+        set dsri disable
+        set radius-mac-auth-bypass disable
+        set delay-tcp-npu-session disable
+        unset vlan-filter
+        set traffic-shaper ''
+        set traffic-shaper-reverse ''
+        set per-ip-shaper ''
+    next
+end
+config firewall traffic-class
+end
+config firewall shaping-policy
+end
+config firewall shaping-profile
+end
+config firewall local-in-policy
+end
+config firewall local-in-policy6
+end
+config firewall ttl-policy
+end
+config firewall proxy-policy
+end
+config firewall dnstranslation
+end
+config firewall multicast-policy
+end
+config firewall multicast-policy6
+end
+config firewall interface-policy
+end
+config firewall interface-policy6
+end
+config firewall DoS-policy
+end
+config firewall DoS-policy6
+end
+config firewall sniffer
+end
+config firewall acl
+end
+config firewall acl6
+end
+config firewall central-snat-map
+end
+config firewall ip-translation
+end
+config authentication scheme
+end
+config authentication rule
+end
+config authentication setting
+    set active-auth-scheme ''
+    set sso-auth-scheme ''
+    set captive-portal-type fqdn
+    set captive-portal ''
+    set captive-portal6 ''
+    set cert-auth disable
+    set captive-portal-port 7830
+    set auth-https enable
+    set captive-portal-ssl-port 7831
+end
+config system speed-test-schedule
+end
+config switch-controller switch-interface-tag
+end
+config switch-controller 802-1X-settings
+    set link-down-auth set-unauth
+    set reauth-period 60
+    set max-reauth-attempt 3
+    set tx-period 30
+end
+config switch-controller security-policy 802-1X
+    edit "802-1X-policy-default"
+        set security-mode 802.1X
+        set user-group "SSO_Guest_Users"
+        set mac-auth-bypass disable
+        set open-auth disable
+        set eap-passthru enable
+        set eap-auto-untagged-vlans enable
+        set guest-vlan disable
+        set guest-auth-delay 30
+        set auth-fail-vlan disable
+        set framevid-apply enable
+        set radius-timeout-overwrite disable
+        set policy-type 802.1X
+        set authserver-timeout-vlan disable
+    next
+end
+config switch-controller security-policy local-access
+    edit "default"
+        set mgmt-allowaccess https ping ssh
+        set internal-allowaccess https ping ssh
+    next
+end
+config switch-controller location
+end
+config switch-controller lldp-settings
+    set tx-hold 4
+    set tx-interval 30
+    set fast-start-interval 2
+    set management-interface internal
+    set device-detection enable
+end
+config switch-controller lldp-profile
+    edit "default"
+        set med-tlvs inventory-management network-policy location-identification
+        unset 802.1-tlvs
+        unset 802.3-tlvs
+        set auto-isl disable
+        config med-network-policy
+            edit "voice"
+                set status disable
+            next
+            edit "voice-signaling"
+                set status disable
+            next
+            edit "guest-voice"
+                set status disable
+            next
+            edit "guest-voice-signaling"
+                set status disable
+            next
+            edit "softphone-voice"
+                set status disable
+            next
+            edit "video-conferencing"
+                set status disable
+            next
+            edit "streaming-video"
+                set status disable
+            next
+            edit "video-signaling"
+                set status disable
+            next
+        end
+        config med-location-service
+            edit "coordinates"
+                set status disable
+            next
+            edit "address-civic"
+                set status disable
+            next
+            edit "elin-number"
+                set status disable
+            next
+        end
+    next
+    edit "default-auto-isl"
+        unset med-tlvs
+        unset 802.1-tlvs
+        unset 802.3-tlvs
+        set auto-isl enable
+        set auto-isl-hello-timer 3
+        set auto-isl-receive-timeout 60
+        set auto-isl-port-group 0
+        set auto-mclag-icl disable
+    next
+    edit "default-auto-mclag-icl"
+        unset med-tlvs
+        unset 802.1-tlvs
+        unset 802.3-tlvs
+        set auto-isl enable
+        set auto-isl-hello-timer 3
+        set auto-isl-receive-timeout 60
+        set auto-isl-port-group 0
+        set auto-mclag-icl enable
+    next
+end
+config switch-controller qos dot1p-map
+    edit "voice-dot1p"
+        set description ''
+        set egress-pri-tagging disable
+        set priority-0 queue-4
+        set priority-1 queue-4
+        set priority-2 queue-3
+        set priority-3 queue-2
+        set priority-4 queue-3
+        set priority-5 queue-1
+        set priority-6 queue-2
+        set priority-7 queue-2
+    next
+end
+config switch-controller qos ip-dscp-map
+    edit "voice-dscp"
+        set description ''
+        config map
+            edit "1"
+                set cos-queue 1
+                set value 46
+            next
+            edit "2"
+                set cos-queue 2
+                set value 24,26,48,56
+            next
+            edit "5"
+                set cos-queue 3
+                set value 34
+            next
+        end
+    next
+end
+config switch-controller qos queue-policy
+    edit "default"
+        set schedule round-robin
+        set rate-by kbps
+        config cos-queue
+            edit "queue-0"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-1"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-2"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-3"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-4"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-5"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-6"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-7"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+        end
+    next
+    edit "voice-egress"
+        set schedule weighted
+        set rate-by kbps
+        config cos-queue
+            edit "queue-0"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-1"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 0
+            next
+            edit "queue-2"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 6
+            next
+            edit "queue-3"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 37
+            next
+            edit "queue-4"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 12
+            next
+            edit "queue-5"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-6"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+            edit "queue-7"
+                set description ''
+                set min-rate 0
+                set max-rate 0
+                set drop-policy taildrop
+                set weight 1
+            next
+        end
+    next
+end
+config switch-controller qos qos-policy
+    edit "default"
+        set default-cos 0
+        set trust-dot1p-map ''
+        set trust-ip-dscp-map ''
+        set queue-policy "default"
+    next
+    edit "voice-qos"
+        set default-cos 0
+        set trust-dot1p-map "voice-dot1p"
+        set trust-ip-dscp-map "voice-dscp"
+        set queue-policy "voice-egress"
+    next
+end
+config switch-controller storm-control-policy
+    edit "default"
+        set description "default storm control on all port"
+        set storm-control-mode global
+    next
+    edit "auto-config"
+        set description "storm control policy for fortilink-isl-icl port"
+        set storm-control-mode disabled
+    next
+end
+config switch-controller auto-config policy
+    edit "default"
+        set qos-policy "default"
+        set storm-control-policy "auto-config"
+        set poe-status enable
+        set igmp-flood-report disable
+        set igmp-flood-traffic disable
+    next
+    edit "default-icl"
+        set qos-policy "default"
+        set storm-control-policy "auto-config"
+        set poe-status disable
+        set igmp-flood-report enable
+        set igmp-flood-traffic enable
+    next
+end
+config switch-controller auto-config default
+    set fgt-policy "default"
+    set isl-policy "default"
+    set icl-policy "default-icl"
+end
+config switch-controller auto-config custom
+end
+config switch-controller initial-config template
+    edit "_default"
+        set vlanid 1
+        unset allowaccess
+        set dhcp-server disable
+    next
+    edit "quarantine"
+        set vlanid 4093
+        unset allowaccess
+        set auto-ip enable
+        set dhcp-server enable
+    next
+    edit "rspan"
+        set vlanid 4092
+        unset allowaccess
+        set auto-ip enable
+        set dhcp-server enable
+    next
+    edit "voice"
+        set vlanid 4091
+        unset allowaccess
+        set dhcp-server disable
+    next
+    edit "video"
+        set vlanid 4090
+        unset allowaccess
+        set dhcp-server disable
+    next
+    edit "onboarding"
+        set vlanid 4089
+        unset allowaccess
+        set dhcp-server disable
+    next
+    edit "nac_segment"
+        set vlanid 4088
+        unset allowaccess
+        set auto-ip enable
+        set dhcp-server enable
+    next
+end
+config switch-controller initial-config vlans
+    set default-vlan "_default"
+    set quarantine "quarantine"
+    set rspan "rspan"
+    set voice "voice"
+    set video "video"
+    set nac "onboarding"
+    set nac-segment "nac_segment"
+end
+config switch-controller switch-profile
+    edit "default"
+        set login-passwd-override disable
+    next
+end
+config switch-controller custom-command
+end
+config switch-controller virtual-port-pool
+end
+config switch-controller ptp settings
+    set mode disable
+end
+config switch-controller ptp policy
+    edit "default"
+        set status enable
+    next
+end
+config switch-controller vlan-policy
+end
+config switch-controller dynamic-port-policy
+end
+config switch-controller managed-switch
+end
+config switch-controller switch-group
+end
+config switch-controller stp-settings
+    set name ''
+    set revision 0
+    set hello-time 2
+    set forward-time 15
+    set max-age 20
+    set max-hops 20
+end
+config switch-controller stp-instance
+end
+config switch-controller storm-control
+    set rate 500
+    set unknown-unicast disable
+    set unknown-multicast disable
+    set broadcast disable
+end
+config switch-controller global
+    set mac-aging-interval 300
+    set https-image-push enable
+    set vlan-optimization enable
+    set mac-retention-period 24
+    set default-virtual-switch-vlan ''
+    set dhcp-server-access-list disable
+    set log-mac-limit-violations disable
+    set sn-dns-resolution enable
+    set mac-event-logging disable
+    set bounce-quarantined-link disable
+    set quarantine-mode by-vlan
+    set update-user-device mac-cache lldp dhcp-snooping l2-db l3-db
+    set fips-enforce enable
+    set firmware-provision-on-authorization disable
+end
+config switch-controller switch-log
+    set status enable
+    set severity notification
+end
+config switch-controller igmp-snooping
+    set aging-time 300
+    set flood-unknown-multicast disable
+    set query-interval 125
+end
+config switch-controller sflow
+    set collector-ip 0.0.0.0
+    set collector-port 6343
+end
+config switch-controller network-monitor-settings
+    set network-monitoring disable
+end
+config switch-controller flow-tracking
+    set sample-mode perimeter
+    set sample-rate 512
+    set format netflow9
+    set collector-ip 0.0.0.0
+    set collector-port 0
+    set transport udp
+    set level ip
+    set max-export-pkt-size 512
+    set timeout-general 3600
+    set timeout-icmp 300
+    set timeout-max 604800
+    set timeout-tcp 3600
+    set timeout-tcp-fin 300
+    set timeout-tcp-rst 120
+    set timeout-udp 300
+end
+config switch-controller snmp-sysinfo
+    set status disable
+    set engine-id ''
+    set description ''
+    set contact-info ''
+    set location ''
+end
+config switch-controller snmp-trap-threshold
+    set trap-high-cpu-threshold 80
+    set trap-low-memory-threshold 80
+    set trap-log-full-threshold 90
+end
+config switch-controller snmp-community
+end
+config switch-controller snmp-user
+end
+config switch-controller traffic-sniffer
+    set mode erspan-auto
+    set erspan-ip 0.0.0.0
+end
+config switch-controller remote-log
+    edit "syslogd"
+        set status disable
+    next
+    edit "syslogd2"
+        set status disable
+    next
+end
+config switch-controller mac-policy
+end
+config wireless-controller setting
+    set account-id ''
+    set country US
+    set duplicate-ssid disable
+    set fapc-compatibility disable
+    set wfa-compatibility disable
+    set phishing-ssid-detect enable
+    set fake-ssid-action log
+    set device-weight 1
+    set device-holdoff 5
+    set device-idle 1440
+    set firmware-provision-on-authorization disable
+    set darrp-optimize 86400
+    set darrp-optimize-schedules "default-darrp-optimize"
+end
+config wireless-controller log
+    set status enable
+    set addrgrp-log notification
+    set ble-log notification
+    set clb-log notification
+    set dhcp-starv-log notification
+    set led-sched-log notification
+    set radio-event-log notification
+    set rogue-event-log notification
+    set sta-event-log notification
+    set sta-locate-log notification
+    set wids-log notification
+    set wtp-event-log notification
+end
+config wireless-controller apcfg-profile
+end
+config wireless-controller bonjour-profile
+end
+config wireless-controller arrp-profile
+    edit "arrp-default"
+        set comment ''
+        set selection-period 3600
+        set monitor-period 300
+        set weight-managed-ap 50
+        set weight-rogue-ap 10
+        set weight-noise-floor 40
+        set weight-channel-load 20
+        set weight-spectral-rssi 40
+        set weight-weather-channel 1000
+        set weight-dfs-channel 500
+        set threshold-ap 250
+        set threshold-noise-floor "-85"
+        set threshold-channel-load 60
+        set threshold-spectral-rssi "-65"
+        set threshold-tx-retries 300
+        set threshold-rx-errors 50
+        set include-weather-channel disable
+        set include-dfs-channel disable
+        set override-darrp-optimize disable
+    next
+end
+config wireless-controller region
+end
+config wireless-controller vap-group
+end
+config wireless-controller wids-profile
+    edit "default"
+        set comment "Default WIDS profile."
+        set sensor-mode disable
+        set ap-scan enable
+        set ap-bgscan-period 600
+        set ap-bgscan-intv 1
+        set ap-bgscan-duration 20
+        set ap-bgscan-idle 0
+        set ap-bgscan-report-intv 30
+        set ap-fgscan-report-intv 15
+        set ap-scan-passive disable
+        set ap-scan-threshold "-90"
+        set wireless-bridge enable
+        set deauth-broadcast enable
+        set null-ssid-probe-resp enable
+        set long-duration-attack enable
+        set long-duration-thresh 8200
+        set invalid-mac-oui enable
+        set weak-wep-iv enable
+        set auth-frame-flood enable
+        set auth-flood-time 10
+        set auth-flood-thresh 30
+        set assoc-frame-flood enable
+        set assoc-flood-time 10
+        set assoc-flood-thresh 30
+        set spoofed-deauth enable
+        set asleap-attack enable
+        set eapol-start-flood enable
+        set eapol-start-thresh 10
+        set eapol-start-intv 1
+        set eapol-logoff-flood enable
+        set eapol-logoff-thresh 10
+        set eapol-logoff-intv 1
+        set eapol-succ-flood enable
+        set eapol-succ-thresh 10
+        set eapol-succ-intv 1
+        set eapol-fail-flood enable
+        set eapol-fail-thresh 10
+        set eapol-fail-intv 1
+        set eapol-pre-succ-flood enable
+        set eapol-pre-succ-thresh 10
+        set eapol-pre-succ-intv 1
+        set eapol-pre-fail-flood enable
+        set eapol-pre-fail-thresh 10
+        set eapol-pre-fail-intv 1
+        set deauth-unknown-src-thresh 10
+    next
+    edit "default-wids-apscan-enabled"
+        set comment ''
+        set sensor-mode disable
+        set ap-scan enable
+        set ap-bgscan-period 600
+        set ap-bgscan-intv 1
+        set ap-bgscan-duration 20
+        set ap-bgscan-idle 0
+        set ap-bgscan-report-intv 30
+        set ap-fgscan-report-intv 15
+        set ap-scan-passive disable
+        set ap-scan-threshold "-90"
+        set wireless-bridge disable
+        set deauth-broadcast disable
+        set null-ssid-probe-resp disable
+        set long-duration-attack disable
+        set long-duration-thresh 8200
+        set invalid-mac-oui disable
+        set weak-wep-iv disable
+        set auth-frame-flood disable
+        set assoc-frame-flood disable
+        set spoofed-deauth disable
+        set asleap-attack disable
+        set eapol-start-flood disable
+        set eapol-logoff-flood disable
+        set eapol-succ-flood disable
+        set eapol-fail-flood disable
+        set eapol-pre-succ-flood disable
+        set eapol-pre-fail-flood disable
+        set deauth-unknown-src-thresh 10
+    next
+end
+config wireless-controller ble-profile
+    edit "fortiap-discovery"
+        set comment ''
+        set advertising ibeacon eddystone-uid eddystone-url
+        set ibeacon-uuid "wtp-uuid"
+        set major-id 1000
+        set minor-id 2000
+        set eddystone-namespace "0102030405"
+        set eddystone-instance "abcdef"
+        set eddystone-url "http://www.fortinet.com"
+        set txpower 0
+        set beacon-interval 100
+        set ble-scanning disable
+    next
+end
+config wireless-controller syslog-profile
+end
+config wireless-controller wtp-profile
+end
+config wireless-controller wtp
+end
+config wireless-controller wtp-group
+end
+config wireless-controller qos-profile
+end
+config wireless-controller wag-profile
+end
+config wireless-controller address
+end
+config wireless-controller addrgrp
+end
+config wireless-controller snmp
+    set engine-id ''
+    set contact-info ''
+    set trap-high-cpu-threshold 80
+    set trap-high-mem-threshold 80
+end
+config wireless-controller mpsk-profile
+end
+config wireless-controller nac-profile
+end
+config wireless-controller ssid-policy
+end
+config wireless-controller access-control-list
+end
+config wireless-controller ap-status
+end
+config user nac-policy
+end
+config extender-controller dataplan
+end
+config extender-controller extender-profile
+end
+config extender-controller extender
+end
+config system ips
+    set signature-hold-time 0h
+end
+config ips custom
+end
+config ips settings
+    set packet-log-history 1
+    set packet-log-post-attack 0
+    set ips-packet-quota 0
+end
+config alertemail setting
+    set username ''
+    set mailto1 ''
+    set mailto2 ''
+    set mailto3 ''
+    set filter-mode category
+    set email-interval 5
+    set IPS-logs disable
+    set firewall-authentication-failure-logs disable
+    set IPsec-errors-logs disable
+    set PPP-errors-logs disable
+    set sslvpn-authentication-errors-logs disable
+    set antivirus-logs disable
+    set webfilter-logs disable
+    set configuration-changes-logs disable
+    set violation-traffic-logs disable
+    set admin-login-logs disable
+    set log-disk-usage-warning disable
+    set FSSO-disconnect-logs disable
+    set ssh-logs disable
+    set local-disk-usage 75
+end
+config router access-list
+end
+config router access-list6
+end
+config router aspath-list
+end
+config router prefix-list
+end
+config router prefix-list6
+end
+config router key-chain
+end
+config router community-list
+end
+config router route-map
+end
+config router rip
+    set default-information-originate disable
+    set default-metric 1
+    set max-out-metric 0
+    config redistribute "connected"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "static"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "ospf"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "bgp"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "isis"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    set update-timer 30
+    set timeout-timer 180
+    set garbage-timer 120
+    set version 2
+end
+config router ripng
+    set default-information-originate disable
+    set default-metric 1
+    set max-out-metric 0
+    config redistribute "connected"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "static"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "ospf"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "bgp"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    config redistribute "isis"
+        set status disable
+        set metric 0
+        set routemap ''
+    end
+    set update-timer 30
+    set timeout-timer 180
+    set garbage-timer 120
+end
+config router static
+end
+config router policy
+end
+config router policy6
+end
+config router static6
+end
+config router ospf
+    set abr-type standard
+    set auto-cost-ref-bandwidth 1000
+    set distance-external 110
+    set distance-inter-area 110
+    set distance-intra-area 110
+    set database-overflow disable
+    set database-overflow-max-lsas 10000
+    set database-overflow-time-to-recover 300
+    set default-information-originate disable
+    set default-information-metric 10
+    set default-information-metric-type 2
+    set default-information-route-map ''
+    set default-metric 10
+    set distance 110
+    set rfc1583-compatible disable
+    set router-id 0.0.0.0
+    set spf-timers 5 10
+    set bfd disable
+    set log-neighbour-changes enable
+    set distribute-list-in ''
+    set distribute-route-map-in ''
+    set restart-mode none
+    set restart-period 120
+    config redistribute "connected"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+        set tag 0
+    end
+    config redistribute "static"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+        set tag 0
+    end
+    config redistribute "rip"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+        set tag 0
+    end
+    config redistribute "bgp"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+        set tag 0
+    end
+    config redistribute "isis"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+        set tag 0
+    end
+end
+config router ospf6
+    set abr-type standard
+    set auto-cost-ref-bandwidth 1000
+    set default-information-originate disable
+    set log-neighbour-changes enable
+    set default-information-metric 10
+    set default-information-metric-type 2
+    set default-information-route-map ''
+    set default-metric 10
+    set router-id 0.0.0.0
+    set spf-timers 5 10
+    set bfd disable
+    config redistribute "connected"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+    end
+    config redistribute "static"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+    end
+    config redistribute "rip"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+    end
+    config redistribute "bgp"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+    end
+    config redistribute "isis"
+        set status disable
+        set metric 0
+        set routemap ''
+        set metric-type 2
+    end
+end
+config router bgp
+    set as 0
+    set keepalive-timer 60
+    set holdtime-timer 180
+    set always-compare-med disable
+    set bestpath-as-path-ignore disable
+    set bestpath-cmp-confed-aspath disable
+    set bestpath-cmp-routerid disable
+    set bestpath-med-confed disable
+    set bestpath-med-missing-as-worst disable
+    set client-to-client-reflection enable
+    set dampening disable
+    set deterministic-med disable
+    set ebgp-multipath disable
+    set ibgp-multipath disable
+    set enforce-first-as enable
+    set fast-external-failover enable
+    set log-neighbour-changes enable
+    set network-import-check enable
+    set ignore-optional-capability enable
+    set multipath-recursive-distance disable
+    set recursive-next-hop disable
+    set tag-resolve-mode disable
+    set cluster-id 0.0.0.0
+    set confederation-identifier 0
+    set default-local-preference 100
+    set scan-time 60
+    set distance-external 20
+    set distance-internal 200
+    set distance-local 200
+    set synchronization disable
+    set graceful-restart disable
+    config redistribute "connected"
+        set status disable
+        set route-map ''
+    end
+    config redistribute "rip"
+        set status disable
+        set route-map ''
+    end
+    config redistribute "ospf"
+        set status disable
+        set route-map ''
+    end
+    config redistribute "static"
+        set status disable
+        set route-map ''
+    end
+    config redistribute "isis"
+        set status disable
+        set route-map ''
+    end
+    config redistribute6 "connected"
+        set status disable
+        set route-map ''
+    end
+    config redistribute6 "rip"
+        set status disable
+        set route-map ''
+    end
+    config redistribute6 "ospf"
+        set status disable
+        set route-map ''
+    end
+    config redistribute6 "static"
+        set status disable
+        set route-map ''
+    end
+    config redistribute6 "isis"
+        set status disable
+        set route-map ''
+    end
+end
+config router isis
+    set is-type level-1-2
+    set adv-passive-only disable
+    set adv-passive-only6 disable
+    set auth-mode-l1 password
+    set auth-mode-l2 password
+    set auth-password-l1 ENC EXZvBBzMxb2uTSJn98y5HiVyJjXNQTzZUGscqKN/7kPwOx7jqgR9P6O60IyHL9vadPi9Pqug06JYsZbqHvM4NhTHrXILAXGNFzi+Y0lK0b6jOOzxQ6jUVOw9dCidly/gLTTIwFvd2f/acjzV0Pux+EGT7+g6AleEj7GqjLZTvmI7wSYxjimBBoiSflFB1rnfR7HqRA==
+    set auth-password-l2 ENC TEPhxy1nL7A/u43J7Mp1661oHkjMp+1/S2pjvBrJu1e5BR+ioHjD+VUm/8yg3sMRiXLeGAdgjY5OoU8gI5cWzOiHdjYDsdFc4p+QV9unT/e7PJFBS1Z6gD5V/8np99qRXk1pb/BOhGKfa/S43ZE9BNPlFOggsZ0dk+FYqr/QleDta6PjqjQKx4j8P7RuEx3iF8L+Cg==
+    set auth-sendonly-l1 disable
+    set auth-sendonly-l2 disable
+    set ignore-lsp-errors disable
+    set lsp-gen-interval-l1 30
+    set lsp-gen-interval-l2 30
+    set lsp-refresh-interval 900
+    set max-lsp-lifetime 1200
+    set spf-interval-exp-l1 500 50000
+    set spf-interval-exp-l2 500 50000
+    set dynamic-hostname disable
+    set adjacency-check disable
+    set adjacency-check6 disable
+    set overload-bit disable
+    unset overload-bit-suppress
+    set overload-bit-on-startup 0
+    set default-originate disable
+    set default-originate6 disable
+    set metric-style narrow
+    set redistribute-l1 disable
+    set redistribute-l2 disable
+    set redistribute6-l1 disable
+    set redistribute6-l2 disable
+    config redistribute "connected"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute "rip"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute "ospf"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute "bgp"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute "static"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute6 "connected"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute6 "rip"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute6 "ospf"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute6 "bgp"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+    config redistribute6 "static"
+        set status disable
+        set metric 0
+        set metric-type internal
+        set level level-2
+        set routemap ''
+    end
+end
+config router multicast-flow
+end
+config router multicast
+    set route-limit 2147483647
+    set multicast-routing disable
+    config pim-sm-global
+        set message-interval 60
+        set join-prune-holdtime 210
+        set accept-register-list ''
+        set accept-source-list ''
+        set bsr-candidate disable
+        set bsr-allow-quick-refresh disable
+        set cisco-register-checksum disable
+        set cisco-crp-prefix disable
+        set cisco-ignore-rp-set-priority disable
+        set register-rp-reachability enable
+        set register-source disable
+        set register-supression 60
+        set null-register-retries 1
+        set rp-register-keepalive 185
+        set spt-threshold enable
+        set ssm disable
+        set register-rate-limit 0
+        set spt-threshold-group ''
+    end
+end
+config router multicast6
+    set multicast-routing disable
+    config pim-sm-global
+    end
+end
+config router auth-path
+end
+config router setting
+    set show-filter ''
+    set hostname ''
+end
+config router bfd
+end
+config router bfd6
+end
+config system proxy-arp
+end
+config system link-monitor
+end
+config system wccp
+end
+config system dns64
+    set status disable
+    set dns64-prefix 64:ff9b::/96
+    set always-synthesize-aaaa-record enable
+end
+config system nd-proxy
+    set status disable
+end
+config system vne-tunnel
+    set status disable
+end
+end
+