95406 lines
3.1 MiB
95406 lines
3.1 MiB
|
|
#config-version=F2K61F-7.4.9-FW-build2829-250924:opmode=0:vdom=1:user=jpoland
|
|
#conf_file_ver=27368656897915609
|
|
#buildno=2829
|
|
#global_vdom=1
|
|
|
|
config vdom
|
|
edit root
|
|
next
|
|
edit Policy
|
|
next
|
|
edit TEST
|
|
next
|
|
edit scsd
|
|
next
|
|
end
|
|
|
|
config global
|
|
config system global
|
|
set admin-concurrent enable
|
|
set admin-console-timeout 0
|
|
set admin-forticloud-sso-login disable
|
|
set admin-host ''
|
|
set admin-hsts-max-age 63072000
|
|
set admin-https-pki-required disable
|
|
set admin-https-redirect enable
|
|
unset admin-https-ssl-banned-ciphers
|
|
set admin-https-ssl-ciphersuites TLS-AES-128-GCM-SHA256 TLS-AES-256-GCM-SHA384 TLS-CHACHA20-POLY1305-SHA256
|
|
set admin-https-ssl-versions tlsv1-2 tlsv1-3
|
|
set admin-lockout-duration 60
|
|
set admin-lockout-threshold 3
|
|
set admin-login-max 100
|
|
set admin-port 80
|
|
set admin-restrict-local disable
|
|
set admin-scp disable
|
|
set admin-server-cert "Fortinet_Factory"
|
|
set admin-sport 443
|
|
set admin-ssh-grace-time 120
|
|
set admin-ssh-password enable
|
|
set admin-ssh-port 22
|
|
set admin-ssh-v1 disable
|
|
set admin-telnet enable
|
|
set admin-telnet-port 23
|
|
set admintimeout 59
|
|
set alias "FortiGate-2601F"
|
|
set allow-traffic-redirect enable
|
|
set anti-replay strict
|
|
set arp-max-entry 131072
|
|
set auth-cert "Fortinet_Factory"
|
|
set auth-http-port 1000
|
|
set auth-https-port 1003
|
|
set auth-ike-saml-port 1001
|
|
set auth-keepalive disable
|
|
set auth-session-limit block-new
|
|
set auto-auth-extension-device enable
|
|
set autorun-log-fsck disable
|
|
set av-affinity "0"
|
|
set av-failopen pass
|
|
set av-failopen-session disable
|
|
set batch-cmdb enable
|
|
set bfd-affinity "1"
|
|
set block-session-timer 30
|
|
set br-fdb-max-entry 8192
|
|
set cert-chain-max 8
|
|
set cfg-save automatic
|
|
set check-protocol-header loose
|
|
set check-reset-range disable
|
|
set cli-audit-log disable
|
|
set cloud-communication enable
|
|
set clt-cert-req disable
|
|
set cmdbsvr-affinity "1"
|
|
set cpu-use-threshold 90
|
|
set csr-ca-attribute enable
|
|
set daily-restart disable
|
|
set default-service-source-port 1-65535
|
|
set delay-tcp-npu-session disable
|
|
set device-idle-timeout 300
|
|
set dh-params 2048
|
|
set dhcp-lease-backup-interval 60
|
|
set dnsproxy-worker-count 1
|
|
set early-tcp-npu-session disable
|
|
set extender-controller-reserved-network 10.252.0.1 255.255.0.0
|
|
set faz-disk-buffer-size 0
|
|
set fds-statistics enable
|
|
unset fgd-alert-subscription
|
|
set forticonverter-config-upload disable
|
|
set forticonverter-integration disable
|
|
set fortiextender disable
|
|
set fortiextender-data-port 25246
|
|
set fortiextender-discovery-lockdown disable
|
|
set fortiextender-provision-on-authorization disable
|
|
set fortiextender-vlan-mode disable
|
|
set fortigslb-integration disable
|
|
set fortiservice-port 8013
|
|
set fortitoken-cloud enable
|
|
set fortitoken-cloud-push-status enable
|
|
set fortitoken-cloud-region ''
|
|
set fortitoken-cloud-sync-interval 24
|
|
set geoip-full-db disable
|
|
set gtpu-dynamic-source-port disable
|
|
set gui-app-detection-sdwan disable
|
|
set gui-auto-upgrade-setup-warning disable
|
|
set gui-cdn-usage disable
|
|
set gui-certificates enable
|
|
set gui-custom-language disable
|
|
set gui-date-format yyyy/MM/dd
|
|
set gui-date-time-source system
|
|
set gui-device-latitude "43.02974913459805"
|
|
set gui-device-longitude "-76.14486694335938"
|
|
set gui-display-hostname disable
|
|
set gui-firmware-upgrade-warning enable
|
|
set gui-forticare-registration-setup-warning enable
|
|
set gui-fortigate-cloud-sandbox disable
|
|
set gui-ipv6 disable
|
|
set gui-local-out disable
|
|
set gui-replacement-message-groups disable
|
|
set gui-rest-api-cache enable
|
|
set gui-theme jade
|
|
set gui-wireless-opensecurity disable
|
|
set gui-workflow-management disable
|
|
set ha-affinity "1"
|
|
set honor-df enable
|
|
set hostname "noc-fortigate-a"
|
|
set hyper-scale-vdom-num 250
|
|
set igmp-state-limit 3200
|
|
set interface-subnet-usage enable
|
|
set internet-service-database full
|
|
set ip-conflict-detection disable
|
|
set ip-fragment-mem-thresholds 32
|
|
set ip-src-port-range 1024-25000
|
|
set ipsec-asic-offload enable
|
|
set ipsec-ha-seqjump-rate 10
|
|
set ipsec-hmac-offload enable
|
|
set ipv6-accept-dad 1
|
|
set ipv6-allow-anycast-probe disable
|
|
set ipv6-allow-local-in-silent-drop enable
|
|
set ipv6-allow-multicast-probe disable
|
|
set ipv6-allow-traffic-redirect enable
|
|
set language english
|
|
set ldapconntimeout 500
|
|
set lldp-reception disable
|
|
set lldp-transmission disable
|
|
set log-single-cpu-high disable
|
|
set log-ssl-connection disable
|
|
set log-uuid-address disable
|
|
set login-timestamp disable
|
|
set management-ip ''
|
|
set management-port 443
|
|
set management-port-use-admin-sport disable
|
|
set management-vdom "root"
|
|
set max-route-cache-size 0
|
|
set memory-use-threshold-extreme 95
|
|
set memory-use-threshold-green 82
|
|
set memory-use-threshold-red 88
|
|
set miglog-affinity "0"
|
|
set miglogd-children 0
|
|
set multi-factor-authentication optional
|
|
set ndp-max-entry 0
|
|
set npu-neighbor-update disable
|
|
set per-user-bal disable
|
|
set pmtu-discovery disable
|
|
set policy-auth-concurrent 0
|
|
set post-login-banner disable
|
|
set pre-login-banner disable
|
|
set private-data-encryption disable
|
|
set proxy-auth-lifetime disable
|
|
set proxy-auth-timeout 10
|
|
set proxy-cert-use-mgmt-vdom disable
|
|
set proxy-hardware-acceleration enable
|
|
set proxy-keep-alive-mode session
|
|
set proxy-resource-mode disable
|
|
set proxy-worker-count 0
|
|
set purdue-level 3
|
|
set quic-ack-thresold 3
|
|
set quic-congestion-control-algo cubic
|
|
set quic-max-datagram-size 1500
|
|
set quic-pmtud enable
|
|
set quic-tls-handshake-timeout 5
|
|
set quic-udp-payload-size-shaping-per-cid enable
|
|
set radius-port 1812
|
|
set reboot-upon-config-restore enable
|
|
set refresh 0
|
|
set remoteauthtimeout 120
|
|
set reset-sessionless-tcp disable
|
|
set rest-api-key-url-query disable
|
|
set revision-backup-on-logout enable
|
|
set revision-image-auto-backup disable
|
|
set scanunit-count 0
|
|
set security-rating-run-on-schedule enable
|
|
set send-pmtu-icmp enable
|
|
set sflowd-max-children-num 6
|
|
set snat-route-change disable
|
|
set special-file-23-support disable
|
|
set speedtest-server disable
|
|
set speedtestd-ctrl-port 5200
|
|
set speedtestd-server-port 5201
|
|
set split-port ''
|
|
set ssd-trim-freq weekly
|
|
set ssd-trim-hour 1
|
|
set ssd-trim-min 60
|
|
set ssd-trim-weekday sunday
|
|
set ssl-min-proto-version TLSv1-2
|
|
set ssl-static-key-ciphers enable
|
|
set sslvpn-max-worker-count 0
|
|
set sslvpn-web-mode enable
|
|
set strict-dirty-session-check enable
|
|
set strong-crypto enable
|
|
set switch-controller enable
|
|
set switch-controller-reserved-network 10.255.0.1 255.255.0.0
|
|
set sys-perf-log-interval 5
|
|
set syslog-affinity "0"
|
|
set tcp-halfclose-timer 120
|
|
set tcp-halfopen-timer 10
|
|
set tcp-option enable
|
|
set tcp-rst-timer 5
|
|
set tcp-timewait-timer 1
|
|
set timezone "US/Eastern"
|
|
set traffic-priority tos
|
|
set traffic-priority-level medium
|
|
set two-factor-email-expiry 60
|
|
set two-factor-fac-expiry 60
|
|
set two-factor-ftk-expiry 60
|
|
set two-factor-ftm-expiry 72
|
|
set two-factor-sms-expiry 60
|
|
set udp-idle-timer 180
|
|
set url-filter-affinity "0"
|
|
set url-filter-count 1
|
|
set user-device-store-max-device-mem 2
|
|
set user-device-store-max-devices 507278
|
|
set user-device-store-max-unified-mem 2536393318
|
|
set user-device-store-max-users 507278
|
|
set vdom-mode multi-vdom
|
|
set vip-arp-range restricted
|
|
set virtual-switch-vlan disable
|
|
set vpn-ems-sn-check disable
|
|
set wad-affinity "0"
|
|
set wad-csvc-cs-count 1
|
|
set wad-csvc-db-count 0
|
|
set wad-memory-change-granularity 10
|
|
set wad-restart-mode none
|
|
set wad-source-affinity enable
|
|
set wad-worker-count 0
|
|
set wifi-ca-certificate "Fortinet_Wifi_CA"
|
|
set wifi-certificate "Fortinet_Wifi"
|
|
set wimax-4g-usb disable
|
|
set wireless-controller enable
|
|
set wireless-controller-port 5246
|
|
set edit-vdom-prompt disable
|
|
set fds-statistics-period 60
|
|
set long-vdom-name disable
|
|
end
|
|
config system accprofile
|
|
edit "prof_admin"
|
|
set scope vdom
|
|
set comments ''
|
|
set secfabgrp read-write
|
|
set ftviewgrp read-write
|
|
set authgrp read-write
|
|
set sysgrp read-write
|
|
set netgrp read-write
|
|
set loggrp read-write
|
|
set fwgrp read-write
|
|
set vpngrp read-write
|
|
set utmgrp read-write
|
|
set wanoptgrp read-write
|
|
set wifi read-write
|
|
set admintimeout-override disable
|
|
set cli-diagnose disable
|
|
set cli-get enable
|
|
set cli-show enable
|
|
set cli-exec enable
|
|
set cli-config enable
|
|
set system-execute-ssh enable
|
|
set system-execute-telnet enable
|
|
next
|
|
edit "NOC_Dashboard"
|
|
set scope vdom
|
|
set comments "For displaying info in Operations area"
|
|
set secfabgrp read
|
|
set ftviewgrp read
|
|
set authgrp read
|
|
set sysgrp read
|
|
set netgrp read
|
|
set loggrp read
|
|
set fwgrp read
|
|
set vpngrp read
|
|
set utmgrp read
|
|
set wanoptgrp read
|
|
set wifi read
|
|
set admintimeout-override enable
|
|
set cli-diagnose disable
|
|
set cli-get enable
|
|
set cli-show enable
|
|
set cli-exec enable
|
|
set cli-config enable
|
|
set system-execute-ssh enable
|
|
set system-execute-telnet enable
|
|
set admintimeout 0
|
|
next
|
|
edit "Read_Only"
|
|
set scope vdom
|
|
set comments ''
|
|
set secfabgrp read
|
|
set ftviewgrp read
|
|
set authgrp read
|
|
set sysgrp read
|
|
set netgrp read
|
|
set loggrp read
|
|
set fwgrp read
|
|
set vpngrp read
|
|
set utmgrp read
|
|
set wanoptgrp read
|
|
set wifi read
|
|
set admintimeout-override disable
|
|
set cli-diagnose disable
|
|
set cli-get enable
|
|
set cli-show enable
|
|
set cli-exec enable
|
|
set cli-config enable
|
|
set system-execute-ssh enable
|
|
set system-execute-telnet enable
|
|
next
|
|
end
|
|
config system isf-queue-profile
|
|
end
|
|
config system npu
|
|
set dedicated-management-cpu disable
|
|
set dedicated-lacp-queue disable
|
|
config dos-options
|
|
set npu-dos-meter-mode global
|
|
set npu-dos-tpe-mode enable
|
|
end
|
|
set napi-break-interval 0
|
|
config hpe
|
|
set all-protocol 400000
|
|
set tcpsyn-max 40000
|
|
set tcpsyn-ack-max 40000
|
|
set tcpfin-rst-max 40000
|
|
set tcp-max 40000
|
|
set udp-max 40000
|
|
set icmp-max 5000
|
|
set sctp-max 5000
|
|
set esp-max 5000
|
|
set ip-frag-max 5000
|
|
set ip-others-max 5000
|
|
set arp-max 5000
|
|
set l2-others-max 5000
|
|
set high-priority 400000
|
|
set enable-shaper disable
|
|
end
|
|
set capwap-offload enable
|
|
set vxlan-offload enable
|
|
set default-qos-type policing
|
|
set shaping-stats disable
|
|
set gtp-support disable
|
|
set per-session-accounting traffic-log-only
|
|
set session-acct-interval 5
|
|
set per-policy-accounting disable
|
|
set max-session-timeout 40
|
|
config fp-anomaly
|
|
set tcp-syn-fin allow
|
|
set tcp-fin-noack trap-to-host
|
|
set tcp-fin-only trap-to-host
|
|
set tcp-no-flag allow
|
|
set tcp-syn-data allow
|
|
set tcp-winnuke trap-to-host
|
|
set tcp-land trap-to-host
|
|
set udp-land trap-to-host
|
|
set icmp-land trap-to-host
|
|
set icmp-frag allow
|
|
set ipv4-land trap-to-host
|
|
set ipv4-proto-err trap-to-host
|
|
set ipv4-unknopt trap-to-host
|
|
set ipv4-optrr trap-to-host
|
|
set ipv4-optssrr trap-to-host
|
|
set ipv4-optlsrr trap-to-host
|
|
set ipv4-optstream trap-to-host
|
|
set ipv4-optsecurity trap-to-host
|
|
set ipv4-opttimestamp trap-to-host
|
|
set ipv4-csum-err drop
|
|
set tcp-csum-err drop
|
|
set udp-csum-err drop
|
|
set icmp-csum-err drop
|
|
set gre-csum-err drop
|
|
set sctp-csum-err drop
|
|
set ipv6-land trap-to-host
|
|
set ipv6-proto-err trap-to-host
|
|
set ipv6-unknopt trap-to-host
|
|
set ipv6-saddr-err trap-to-host
|
|
set ipv6-daddr-err trap-to-host
|
|
set ipv6-optralert trap-to-host
|
|
set ipv6-optjumbo trap-to-host
|
|
set ipv6-opttunnel trap-to-host
|
|
set ipv6-opthomeaddr trap-to-host
|
|
set ipv6-optnsap trap-to-host
|
|
set ipv6-optendpid trap-to-host
|
|
set ipv6-optinvld trap-to-host
|
|
end
|
|
config ip-reassembly
|
|
set min-timeout 64
|
|
set max-timeout 200000
|
|
set status disable
|
|
end
|
|
set hash-tbl-spread enable
|
|
set vlan-lookup-cache enable
|
|
set ip-fragment-offload enable
|
|
set htx-icmp-csum-chk drop
|
|
set htab-msg-queue data
|
|
set htab-dedi-queue-nr 2
|
|
config np-queues
|
|
config ethernet-type
|
|
edit "ARP"
|
|
set type 806
|
|
set queue 9
|
|
set weight 15
|
|
next
|
|
edit "HA-SESSYNC"
|
|
set type 8892
|
|
set queue 11
|
|
set weight 15
|
|
next
|
|
edit "HA-DEF"
|
|
set type 8890
|
|
set queue 11
|
|
set weight 15
|
|
next
|
|
edit "HC-DEF"
|
|
set type 8891
|
|
set queue 11
|
|
set weight 15
|
|
next
|
|
edit "L2EP-DEF"
|
|
set type 8893
|
|
set queue 11
|
|
set weight 15
|
|
next
|
|
edit "LACP"
|
|
set type 8809
|
|
set queue 9
|
|
set weight 15
|
|
next
|
|
end
|
|
config ip-protocol
|
|
edit "OSPF"
|
|
set protocol 89
|
|
set queue 11
|
|
set weight 14
|
|
next
|
|
edit "IGMP"
|
|
set protocol 2
|
|
set queue 11
|
|
set weight 14
|
|
next
|
|
edit "ICMP"
|
|
set protocol 1
|
|
set queue 3
|
|
set weight 14
|
|
next
|
|
end
|
|
config ip-service
|
|
edit "IKE"
|
|
set protocol 17
|
|
set sport 500
|
|
set dport 500
|
|
set queue 11
|
|
set weight 13
|
|
next
|
|
edit "BGP"
|
|
set protocol 6
|
|
set sport 179
|
|
set dport 179
|
|
set queue 9
|
|
set weight 13
|
|
next
|
|
edit "BFD-single-hop"
|
|
set protocol 17
|
|
set sport 3784
|
|
set dport 3784
|
|
set queue 11
|
|
set weight 13
|
|
next
|
|
edit "BFD-multiple-hop"
|
|
set protocol 17
|
|
set sport 4784
|
|
set dport 4784
|
|
set queue 11
|
|
set weight 13
|
|
next
|
|
edit "SLBC-management"
|
|
set protocol 17
|
|
set sport 0
|
|
set dport 720
|
|
set queue 11
|
|
set weight 13
|
|
next
|
|
edit "SLBC-1"
|
|
set protocol 17
|
|
set sport 11133
|
|
set dport 11133
|
|
set queue 11
|
|
set weight 13
|
|
next
|
|
edit "SLBC-2"
|
|
set protocol 17
|
|
set sport 65435
|
|
set dport 65435
|
|
set queue 11
|
|
set weight 13
|
|
next
|
|
end
|
|
set custom-etype-lookup disable
|
|
end
|
|
set qos-mode disable
|
|
set double-level-mcast-offload disable
|
|
set qtm-buf-mode 6ch
|
|
set ipsec-ob-np-sel rr
|
|
set max-receive-unit 10000
|
|
config sw-eh-hash
|
|
set computation xor16
|
|
set ip-protocol include
|
|
set source-ip-upper-16 include
|
|
set source-ip-lower-16 include
|
|
set destination-ip-upper-16 include
|
|
set destination-ip-lower-16 include
|
|
set source-port include
|
|
set destination-port include
|
|
set netmask-length 32
|
|
end
|
|
config sw-tr-hash
|
|
set draco15 enable
|
|
end
|
|
end
|
|
config system npu-vlink
|
|
end
|
|
config system vdom-link
|
|
end
|
|
config wireless-controller inter-controller
|
|
set inter-controller-mode disable
|
|
set l3-roaming disable
|
|
set inter-controller-key ENC ZmlsZZn2w3be/mZLqfwOHw5UwBLtk9b92nHMkmAPjff0gGTc6T2ZAx9Gd9/+/op/MDAvixueGH6caXt2KS1RTyiLbp9GNitEQA9v1AQ4vlOjFSm96zLRti3u7yqpOlWoUmIHUOMDYg3ykU7CZQOplihrTha45OpKE9+hpFYkXhrxYMilhOCRJNwdu1qQ3bj/ARVp1FlmMjY3dkVA
|
|
set inter-controller-pri primary
|
|
set fast-failover-max 10
|
|
set fast-failover-wait 10
|
|
end
|
|
config wireless-controller global
|
|
set name ''
|
|
set location ''
|
|
set acd-process-count 0
|
|
set wpad-process-count 0
|
|
set image-download enable
|
|
set rolling-wtp-upgrade disable
|
|
set rolling-wtp-upgrade-threshold "-80"
|
|
set max-retransmit 3
|
|
set control-message-offload ebp-frame aeroscout-tag ap-list sta-list sta-cap-list stats aeroscout-mu sta-health spectral-analysis
|
|
set data-ethernet-II enable
|
|
set link-aggregation disable
|
|
set mesh-eth-type 8755
|
|
set fiapp-eth-type 5252
|
|
set discovery-mc-addr 224.0.1.140
|
|
set max-clients 0
|
|
set rogue-scan-mac-adjacency 7
|
|
set ipsec-base-ip 169.254.0.1
|
|
set wtp-share disable
|
|
set tunnel-mode compatible
|
|
set nac-interval 120
|
|
set ap-log-server disable
|
|
set max-sta-cap 0
|
|
set max-sta-cap-wtp 8
|
|
set max-rogue-ap 0
|
|
set max-rogue-ap-wtp 16
|
|
set max-rogue-sta 0
|
|
set max-ble-device 0
|
|
end
|
|
config system switch-interface
|
|
end
|
|
config system interface
|
|
edit "port1"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias "HA Port 1"
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 1
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed auto
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port2"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias "HA Port 2"
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 2
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed auto
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port3"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 3
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed auto
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port4"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 4
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed auto
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port5"
|
|
set vdom "scsd"
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-classless-route-addition disable
|
|
set status up
|
|
set type physical
|
|
set src-check enable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set ike-saml-server ''
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set role undefined
|
|
set snmp-index 5
|
|
set preserve-session-route disable
|
|
set ap-discover enable
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed 10000auto
|
|
next
|
|
edit "port6"
|
|
set vdom "scsd"
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-classless-route-addition disable
|
|
set status up
|
|
set type physical
|
|
set src-check enable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set ike-saml-server ''
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set role undefined
|
|
set snmp-index 6
|
|
set preserve-session-route disable
|
|
set ap-discover enable
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed 10000auto
|
|
next
|
|
edit "port7"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 7
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed auto
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port8"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 8
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed auto
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port9"
|
|
set vdom "TEST"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status down
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias "LAN_Test"
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 9
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed auto
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port10"
|
|
set vdom "TEST"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status down
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias "WAN_Test"
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 10
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed auto
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port11"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 11
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed auto
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port12"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 12
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed auto
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port13"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 13
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed auto
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port14"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 14
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed auto
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port15"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 15
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed auto
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port16"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 16
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed auto
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port17"
|
|
set vdom "scsd"
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-classless-route-addition disable
|
|
set status up
|
|
set type physical
|
|
set src-check enable
|
|
set mediatype sr
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set ike-saml-server ''
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set role undefined
|
|
set snmp-index 17
|
|
set preserve-session-route disable
|
|
set ap-discover enable
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed 10000full
|
|
next
|
|
edit "port18"
|
|
set vdom "scsd"
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-classless-route-addition disable
|
|
set status up
|
|
set type physical
|
|
set src-check enable
|
|
set mediatype sr
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set ike-saml-server ''
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set role undefined
|
|
set snmp-index 18
|
|
set preserve-session-route disable
|
|
set ap-discover enable
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed 10000full
|
|
next
|
|
edit "port19"
|
|
set vdom "scsd"
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-classless-route-addition disable
|
|
set status up
|
|
set type physical
|
|
set src-check enable
|
|
set mediatype sr
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set ike-saml-server ''
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set role undefined
|
|
set snmp-index 19
|
|
set preserve-session-route disable
|
|
set ap-discover enable
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed 10000full
|
|
next
|
|
edit "port20"
|
|
set vdom "scsd"
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-classless-route-addition disable
|
|
set status up
|
|
set type physical
|
|
set src-check enable
|
|
set mediatype sr
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set ike-saml-server ''
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set role undefined
|
|
set snmp-index 20
|
|
set preserve-session-route disable
|
|
set ap-discover enable
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed 10000full
|
|
next
|
|
edit "port21"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set mediatype sr
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 21
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set forward-error-correction disable
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed 25000full
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port22"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set mediatype sr
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 22
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set forward-error-correction disable
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed 25000full
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port23"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set mediatype sr
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 23
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set forward-error-correction disable
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed 25000full
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port24"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set mediatype sr
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 24
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set forward-error-correction disable
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed 25000full
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port25"
|
|
set vdom "scsd"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
set allowaccess ping
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status down
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set mediatype sr
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth enable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 25
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed 10000full
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port26"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set mediatype sr
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 26
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed 10000full
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port27"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set mediatype sr
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 27
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed 10000full
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port28"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set mediatype sr
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 28
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed 10000full
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port29"
|
|
set vdom "scsd"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
set allowaccess ping
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status down
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set mediatype sr
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth enable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 29
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed 10000full
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port30"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set mediatype sr
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 30
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed 10000full
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port31"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set mediatype sr
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 31
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed 10000full
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port32"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set mediatype sr
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 32
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed 10000full
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port33"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set mediatype sr4
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 33
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set forward-error-correction disable
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed 100Gfull
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port34"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set mediatype sr4
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 34
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set forward-error-correction disable
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed 100Gfull
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port35"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set mediatype sr4
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 35
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set forward-error-correction disable
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed 100Gfull
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "port36"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set mediatype sr4
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 36
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set forward-error-correction disable
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
set port-mirroring disable
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed 100Gfull
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set sw-algorithm default
|
|
next
|
|
edit "mgmt1"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set dhcp-classless-route-addition disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 192.168.1.241 255.255.255.0
|
|
set allowaccess ping https ssh http
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set dedicated-to management
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role lan
|
|
set snmp-index 37
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set eap-supplicant disable
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
end
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set defaultgw enable
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed auto
|
|
set trust-ip-1 0.0.0.0 0.0.0.0
|
|
set trust-ip-2 0.0.0.0 0.0.0.0
|
|
set trust-ip-3 0.0.0.0 0.0.0.0
|
|
set trust-ip6-1 ::/0
|
|
set trust-ip6-2 ::/0
|
|
set trust-ip6-3 ::/0
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
next
|
|
edit "mgmt2"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set dhcp-classless-route-addition disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 192.168.200.1 255.255.255.0
|
|
set allowaccess ping https ssh http
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set dedicated-to management
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role lan
|
|
set snmp-index 38
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set eap-supplicant disable
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
end
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set defaultgw enable
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed auto
|
|
set trust-ip-1 0.0.0.0 0.0.0.0
|
|
set trust-ip-2 0.0.0.0 0.0.0.0
|
|
set trust-ip-3 0.0.0.0 0.0.0.0
|
|
set trust-ip6-1 ::/0
|
|
set trust-ip6-2 ::/0
|
|
set trust-ip6-3 ::/0
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
next
|
|
edit "ha1"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set mediatype sr
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 39
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed 10000full
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
next
|
|
edit "ha2"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set mediatype sr
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 40
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed 10000full
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
next
|
|
edit "modem"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode pppoe
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status down
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 41
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set ipunnumbered 0.0.0.0
|
|
set username ''
|
|
set pppoe-egress-cos cos0
|
|
set password ENC SLFEGDbUjw4MM24NZ/YCH3iaiyu03OuyAiHQBYqu04yYESwkzqs+C3ftPL2Em8374IQgeUxDi2FhBmg0tO05eu3syL5eLxMdtRN/v2YSmBIKudibUesy51NNexJUIeTktl5lzgSDX1Yka8PDxY4K/FcW1UKNMZVLmcuQ4Y7rcfyWGFulqNLPu7Sg9fCFxZBzfOc5gFlmMjY3dkVA
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set service-name ''
|
|
set ac-name ''
|
|
set lcp-echo-interval 5
|
|
set lcp-max-echo-fails 3
|
|
set defaultgw enable
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set auth-type auto
|
|
set speed auto
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
next
|
|
edit "naf.root"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set ip 0.0.0.0 0.0.0.0
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type tunnel
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check disable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set role undefined
|
|
set snmp-index 51
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set eap-supplicant disable
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set ip6-prefix-mode dhcp6
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
end
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set wccp disable
|
|
next
|
|
edit "l2t.root"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type tunnel
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set remote-ip 0.0.0.0 0.0.0.0
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set role undefined
|
|
set snmp-index 52
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set eap-supplicant disable
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set wccp disable
|
|
next
|
|
edit "ssl.root"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set reachable-time 30000
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type tunnel
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias "SSL VPN interface"
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set role undefined
|
|
set snmp-index 42
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set eap-supplicant disable
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set wccp disable
|
|
next
|
|
edit "naf.Policy"
|
|
set vdom "Policy"
|
|
set vrf 0
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set ip 0.0.0.0 0.0.0.0
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type tunnel
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check disable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set role undefined
|
|
set snmp-index 53
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set eap-supplicant disable
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set ip6-prefix-mode dhcp6
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
end
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set wccp disable
|
|
next
|
|
edit "l2t.Policy"
|
|
set vdom "Policy"
|
|
set vrf 0
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type tunnel
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set remote-ip 0.0.0.0 0.0.0.0
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set role undefined
|
|
set snmp-index 54
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set eap-supplicant disable
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set wccp disable
|
|
next
|
|
edit "ssl.Policy"
|
|
set vdom "Policy"
|
|
set vrf 0
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set reachable-time 30000
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type tunnel
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias "SSL VPN interface"
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set role undefined
|
|
set snmp-index 50
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set eap-supplicant disable
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set wccp disable
|
|
next
|
|
edit "naf.TEST"
|
|
set vdom "TEST"
|
|
set vrf 0
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set ip 0.0.0.0 0.0.0.0
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type tunnel
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check disable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set role undefined
|
|
set snmp-index 55
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set eap-supplicant disable
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set ip6-prefix-mode dhcp6
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
end
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set wccp disable
|
|
next
|
|
edit "l2t.TEST"
|
|
set vdom "TEST"
|
|
set vrf 0
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type tunnel
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set remote-ip 0.0.0.0 0.0.0.0
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set role undefined
|
|
set snmp-index 56
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set eap-supplicant disable
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set wccp disable
|
|
next
|
|
edit "ssl.TEST"
|
|
set vdom "TEST"
|
|
set vrf 0
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set reachable-time 30000
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type tunnel
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias "SSL VPN interface"
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set role undefined
|
|
set snmp-index 47
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set eap-supplicant disable
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set wccp disable
|
|
next
|
|
edit "naf.scsd"
|
|
set vdom "scsd"
|
|
set vrf 0
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set ip 0.0.0.0 0.0.0.0
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type tunnel
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check disable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set role undefined
|
|
set snmp-index 57
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set eap-supplicant disable
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set ip6-prefix-mode dhcp6
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
end
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set wccp disable
|
|
next
|
|
edit "l2t.scsd"
|
|
set vdom "scsd"
|
|
set vrf 0
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type tunnel
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set remote-ip 0.0.0.0 0.0.0.0
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set role undefined
|
|
set snmp-index 58
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set eap-supplicant disable
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set wccp disable
|
|
next
|
|
edit "ssl.scsd"
|
|
set vdom "scsd"
|
|
set vrf 0
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set reachable-time 30000
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type tunnel
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias "SSL VPN interface"
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set role undefined
|
|
set snmp-index 45
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set eap-supplicant disable
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set wccp disable
|
|
next
|
|
edit "npu0_vlink0"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 43
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed auto
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
next
|
|
edit "npu0_vlink1"
|
|
set vdom "root"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set subst disable
|
|
set substitute-dst-mac 00:00:00:00:00:00
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type physical
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission vdom
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 44
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set speed auto
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
next
|
|
edit "SRIC_BOCES"
|
|
set vdom "scsd"
|
|
set vrf 0
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type tunnel
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set remote-ip 0.0.0.0 0.0.0.0
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set role undefined
|
|
set snmp-index 46
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set eap-supplicant disable
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set wccp disable
|
|
set interface "outside lag"
|
|
set mtu-override disable
|
|
next
|
|
edit "vpn-042e9903"
|
|
set vdom "scsd"
|
|
set vrf 0
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set ip 169.254.69.218 255.255.255.255
|
|
set allowaccess ping
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type tunnel
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 1379
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set remote-ip 169.254.69.217 255.255.255.252
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set role undefined
|
|
set snmp-index 48
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set eap-supplicant disable
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set wccp disable
|
|
set interface "outside lag"
|
|
set mtu-override enable
|
|
set mtu 1427
|
|
next
|
|
edit "SCHC"
|
|
set vdom "scsd"
|
|
set vrf 0
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type tunnel
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set remote-ip 0.0.0.0 0.0.0.0
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set role undefined
|
|
set snmp-index 49
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set eap-supplicant disable
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set wccp disable
|
|
set interface "outside lag"
|
|
set mtu-override disable
|
|
next
|
|
edit "vpn-0fc50345"
|
|
set vdom "scsd"
|
|
set vrf 0
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set ip 169.254.54.78 255.255.255.255
|
|
set allowaccess ping
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type tunnel
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 1379
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set remote-ip 169.254.54.77 255.255.255.252
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set role undefined
|
|
set snmp-index 59
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set eap-supplicant disable
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set wccp disable
|
|
set interface "outside lag"
|
|
set mtu-override enable
|
|
set mtu 1427
|
|
next
|
|
edit "inside lag"
|
|
set vdom "scsd"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 10.251.1.5 255.255.255.0
|
|
set allowaccess ping
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type aggregate
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set member "port17" "port19"
|
|
set description ''
|
|
set alias "Inside"
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission enable
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth enable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 60
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set lacp-mode active
|
|
set lacp-ha-secondary enable
|
|
set system-id-type auto
|
|
set lacp-speed slow
|
|
set min-links 1
|
|
set min-links-down operational
|
|
set algorithm L4
|
|
set link-up-delay 50
|
|
set aggregate-type physical
|
|
set sw-algorithm default
|
|
next
|
|
edit "outside lag"
|
|
set vdom "scsd"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 198.36.24.5 255.255.255.0
|
|
set allowaccess ping
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type aggregate
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set member "port18" "port20"
|
|
set description ''
|
|
set alias "Outside"
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception enable
|
|
set lldp-transmission enable
|
|
set lldp-network-policy ''
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth enable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 61
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set lacp-mode active
|
|
set lacp-ha-secondary enable
|
|
set system-id-type auto
|
|
set lacp-speed slow
|
|
set min-links 1
|
|
set min-links-down operational
|
|
set algorithm L4
|
|
set link-up-delay 50
|
|
set aggregate-type physical
|
|
set sw-algorithm default
|
|
next
|
|
edit "city_phones lag"
|
|
set vdom "scsd"
|
|
set vrf 0
|
|
set fortilink disable
|
|
set mode static
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set management-ip 0.0.0.0 0.0.0.0
|
|
set ip 10.250.100.94 255.255.255.0
|
|
set allowaccess ping
|
|
set fail-detect disable
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set l2forward disable
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set vlanforward disable
|
|
set stpforward disable
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type aggregate
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set member "port6" "port5"
|
|
set description "City Phones"
|
|
set alias "City_Phones"
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set device-identification disable
|
|
set lldp-reception vdom
|
|
set lldp-transmission enable
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth enable
|
|
set vrrp-virtual-mac disable
|
|
set role undefined
|
|
set snmp-index 62
|
|
set secondary-IP disable
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set ip-managed-by-fortiipam inherit-global
|
|
set switch-controller-mgmt-vlan 4094
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set swc-first-create 0
|
|
set eap-supplicant disable
|
|
set np-qos-profile 0
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set vrrp-virtual-mac6 disable
|
|
set vrip6_link_local ::
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set priority 1
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dhcp-client-identifier ''
|
|
set dhcp-renew-time 0
|
|
set idle-timeout 0
|
|
set disc-retry-timeout 1
|
|
set padt-retry-timeout 1
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set wccp disable
|
|
set drop-overlapped-fragment disable
|
|
set drop-fragment disable
|
|
set mtu-override disable
|
|
set lacp-mode active
|
|
set lacp-ha-secondary enable
|
|
set system-id-type auto
|
|
set lacp-speed slow
|
|
set min-links 1
|
|
set min-links-down operational
|
|
set algorithm L4
|
|
set link-up-delay 50
|
|
set aggregate-type physical
|
|
set sw-algorithm default
|
|
next
|
|
edit "vpn-0403e61"
|
|
set vdom "scsd"
|
|
set vrf 0
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set ip 169.254.242.194 255.255.255.255
|
|
set allowaccess ping
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type tunnel
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 1379
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set remote-ip 169.254.242.193 255.255.255.252
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set role undefined
|
|
set snmp-index 63
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set eap-supplicant disable
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set wccp disable
|
|
set interface "outside lag"
|
|
set mtu-override enable
|
|
set mtu 1427
|
|
next
|
|
edit "Highstreet"
|
|
set vdom "scsd"
|
|
set vrf 0
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set ip 169.254.117.222 255.255.255.255
|
|
set allowaccess ping
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type tunnel
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 1379
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set remote-ip 169.254.117.221 255.255.255.252
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set role undefined
|
|
set snmp-index 65
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set eap-supplicant disable
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set wccp disable
|
|
set interface "outside lag"
|
|
set mtu-override enable
|
|
set mtu 1427
|
|
next
|
|
edit "Highstreet_2"
|
|
set vdom "scsd"
|
|
set vrf 0
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set ip 169.254.13.86 255.255.255.255
|
|
set allowaccess ping
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set status down
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type tunnel
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 1379
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set remote-ip 169.254.13.85 255.255.255.252
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set role undefined
|
|
set snmp-index 66
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set eap-supplicant disable
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set wccp disable
|
|
set interface "outside lag"
|
|
set mtu-override enable
|
|
set mtu 1427
|
|
next
|
|
edit "DPS"
|
|
set vdom "scsd"
|
|
set vrf 0
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set ip 192.168.147.1 255.255.255.255
|
|
set allowaccess ping https ssh http
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type tunnel
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set remote-ip 192.168.147.2 255.255.255.255
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set role undefined
|
|
set snmp-index 67
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set eap-supplicant disable
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set wccp disable
|
|
set interface "outside lag"
|
|
set mtu-override disable
|
|
next
|
|
edit "RAP"
|
|
set vdom "scsd"
|
|
set vrf 0
|
|
set distance 5
|
|
set priority 1
|
|
set dhcp-relay-interface-select-method auto
|
|
set dhcp-relay-service disable
|
|
set ip 0.0.0.0 0.0.0.0
|
|
unset allowaccess
|
|
set arpforward enable
|
|
set broadcast-forward disable
|
|
set bfd global
|
|
set icmp-send-redirect enable
|
|
set icmp-accept-redirect enable
|
|
set reachable-time 30000
|
|
set ips-sniffer-mode disable
|
|
set ident-accept disable
|
|
set ipmac disable
|
|
set status up
|
|
set netbios-forward disable
|
|
set wins-ip 0.0.0.0
|
|
set type tunnel
|
|
set netflow-sampler disable
|
|
set sflow-sampler disable
|
|
set src-check enable
|
|
set sample-rate 2000
|
|
set polling-interval 20
|
|
set sample-direction both
|
|
set explicit-web-proxy disable
|
|
set explicit-ftp-proxy disable
|
|
set proxy-captive-portal disable
|
|
set tcp-mss 0
|
|
set inbandwidth 0
|
|
set outbandwidth 0
|
|
set egress-shaping-profile ''
|
|
set ingress-shaping-profile ''
|
|
set spillover-threshold 0
|
|
set ingress-spillover-threshold 0
|
|
set weight 0
|
|
set external disable
|
|
set trunk disable
|
|
set remote-ip 0.0.0.0 0.0.0.0
|
|
set description ''
|
|
set alias ''
|
|
set security-mode none
|
|
set ike-saml-server ''
|
|
set estimated-upstream-bandwidth 0
|
|
set estimated-downstream-bandwidth 0
|
|
set measured-upstream-bandwidth 0
|
|
set measured-downstream-bandwidth 0
|
|
set bandwidth-measure-time 0
|
|
set monitor-bandwidth disable
|
|
set role undefined
|
|
set snmp-index 68
|
|
set preserve-session-route disable
|
|
set auto-auth-extension-device disable
|
|
set ap-discover enable
|
|
set switch-controller-igmp-snooping-proxy disable
|
|
set switch-controller-igmp-snooping-fast-leave disable
|
|
set eap-supplicant disable
|
|
config mirroring-filter
|
|
set filter-srcip 0.0.0.0 0.0.0.0
|
|
set filter-dstip 0.0.0.0 0.0.0.0
|
|
set filter-sport 0
|
|
set filter-dport 0
|
|
set filter-protocol 0
|
|
end
|
|
config ipv6
|
|
set ip6-mode static
|
|
set nd-mode basic
|
|
set ip6-address ::/0
|
|
unset ip6-allowaccess
|
|
set icmp6-send-redirect enable
|
|
set ra-send-mtu enable
|
|
set ip6-reachable-time 0
|
|
set ip6-retrans-time 0
|
|
set ip6-hop-limit 0
|
|
set dhcp6-prefix-delegation disable
|
|
set dhcp6-information-request disable
|
|
set ip6-send-adv disable
|
|
set autoconf disable
|
|
set dhcp6-relay-service disable
|
|
end
|
|
set dhcp-relay-source-ip 0.0.0.0
|
|
set dhcp-relay-circuit-id ''
|
|
set dns-server-override enable
|
|
set dns-server-protocol cleartext
|
|
set wccp disable
|
|
set interface "outside lag"
|
|
set mtu-override disable
|
|
next
|
|
end
|
|
config system physical-switch
|
|
edit "sw0"
|
|
set age-enable disable
|
|
set age-val 0
|
|
next
|
|
end
|
|
config system virtual-switch
|
|
end
|
|
config system password-policy
|
|
set status disable
|
|
set login-lockout-upon-downgrade disable
|
|
end
|
|
config system password-policy-guest-admin
|
|
set status disable
|
|
end
|
|
config system sms-server
|
|
end
|
|
config system custom-language
|
|
edit "en"
|
|
set filename "en"
|
|
set comments ''
|
|
next
|
|
edit "fr"
|
|
set filename "fr"
|
|
set comments ''
|
|
next
|
|
edit "sp"
|
|
set filename "sp"
|
|
set comments ''
|
|
next
|
|
edit "pg"
|
|
set filename "pg"
|
|
set comments ''
|
|
next
|
|
edit "x-sjis"
|
|
set filename "x-sjis"
|
|
set comments ''
|
|
next
|
|
edit "big5"
|
|
set filename "big5"
|
|
set comments ''
|
|
next
|
|
edit "GB2312"
|
|
set filename "GB2312"
|
|
set comments ''
|
|
next
|
|
edit "euc-kr"
|
|
set filename "euc-kr"
|
|
set comments ''
|
|
next
|
|
end
|
|
config system admin
|
|
edit "admin"
|
|
set remote-auth disable
|
|
set peer-auth disable
|
|
set trusthost1 10.1.6.0 255.255.255.255
|
|
set trusthost2 10.1.40.0 255.255.255.0
|
|
set trusthost3 0.0.0.0 0.0.0.0
|
|
set trusthost4 0.0.0.0 0.0.0.0
|
|
set trusthost5 0.0.0.0 0.0.0.0
|
|
set trusthost6 0.0.0.0 0.0.0.0
|
|
set trusthost7 0.0.0.0 0.0.0.0
|
|
set trusthost8 0.0.0.0 0.0.0.0
|
|
set trusthost9 0.0.0.0 0.0.0.0
|
|
set trusthost10 0.0.0.0 0.0.0.0
|
|
set ip6-trusthost1 ::/0
|
|
set ip6-trusthost2 ::/0
|
|
set ip6-trusthost3 ::/0
|
|
set ip6-trusthost4 ::/0
|
|
set ip6-trusthost5 ::/0
|
|
set ip6-trusthost6 ::/0
|
|
set ip6-trusthost7 ::/0
|
|
set ip6-trusthost8 ::/0
|
|
set ip6-trusthost9 ::/0
|
|
set ip6-trusthost10 ::/0
|
|
set accprofile "super_admin"
|
|
set comments ''
|
|
set vdom "root"
|
|
unset ssh-public-key1
|
|
unset ssh-public-key2
|
|
unset ssh-public-key3
|
|
set ssh-certificate ''
|
|
set schedule ''
|
|
set two-factor disable
|
|
set email-to ''
|
|
set sms-server fortiguard
|
|
set sms-phone ''
|
|
set guest-auth disable
|
|
set password ENC PB2NIQtVbk0l0Lrm3dwONB7RrUhVPaHnfe3sdOwytKqFPIf+/gW/GDwvE0Nz5XF+nNego+aEJJschu6jiqOwyxw2/0ccvTunolg6FVOHDds0kE=
|
|
set allow-remove-admin-session enable
|
|
next
|
|
edit "tmarri81.admin"
|
|
set remote-auth disable
|
|
set peer-auth disable
|
|
set trusthost1 10.1.6.0 255.255.255.0
|
|
set trusthost2 0.0.0.0 0.0.0.0
|
|
set trusthost3 0.0.0.0 0.0.0.0
|
|
set trusthost4 0.0.0.0 0.0.0.0
|
|
set trusthost5 0.0.0.0 0.0.0.0
|
|
set trusthost6 0.0.0.0 0.0.0.0
|
|
set trusthost7 0.0.0.0 0.0.0.0
|
|
set trusthost8 0.0.0.0 0.0.0.0
|
|
set trusthost9 0.0.0.0 0.0.0.0
|
|
set trusthost10 0.0.0.0 0.0.0.0
|
|
set ip6-trusthost1 ::/0
|
|
set ip6-trusthost2 ::/0
|
|
set ip6-trusthost3 ::/0
|
|
set ip6-trusthost4 ::/0
|
|
set ip6-trusthost5 ::/0
|
|
set ip6-trusthost6 ::/0
|
|
set ip6-trusthost7 ::/0
|
|
set ip6-trusthost8 ::/0
|
|
set ip6-trusthost9 ::/0
|
|
set ip6-trusthost10 ::/0
|
|
set accprofile "super_admin"
|
|
set comments ''
|
|
set vdom "root" "scsd"
|
|
unset ssh-public-key1
|
|
unset ssh-public-key2
|
|
unset ssh-public-key3
|
|
set ssh-certificate ''
|
|
set schedule ''
|
|
set two-factor disable
|
|
set email-to ''
|
|
set sms-server fortiguard
|
|
set sms-phone ''
|
|
set guest-auth disable
|
|
set password ENC PB2Ggg4XUBk//gxWTzTGra0SrqdkaBK5AxH22W1iOvlLU3TzNEPZ3J33C8oYcHFhTbbZXrTXvajpPk2igXJU6YEkgMZe/tJPO2DD6gsi/J5haU=
|
|
set allow-remove-admin-session enable
|
|
next
|
|
edit "nocview"
|
|
set remote-auth disable
|
|
set peer-auth disable
|
|
set trusthost1 10.1.6.0 255.255.255.0
|
|
set trusthost2 0.0.0.0 0.0.0.0
|
|
set trusthost3 0.0.0.0 0.0.0.0
|
|
set trusthost4 0.0.0.0 0.0.0.0
|
|
set trusthost5 0.0.0.0 0.0.0.0
|
|
set trusthost6 0.0.0.0 0.0.0.0
|
|
set trusthost7 0.0.0.0 0.0.0.0
|
|
set trusthost8 0.0.0.0 0.0.0.0
|
|
set trusthost9 0.0.0.0 0.0.0.0
|
|
set trusthost10 0.0.0.0 0.0.0.0
|
|
set ip6-trusthost1 ::/0
|
|
set ip6-trusthost2 ::/0
|
|
set ip6-trusthost3 ::/0
|
|
set ip6-trusthost4 ::/0
|
|
set ip6-trusthost5 ::/0
|
|
set ip6-trusthost6 ::/0
|
|
set ip6-trusthost7 ::/0
|
|
set ip6-trusthost8 ::/0
|
|
set ip6-trusthost9 ::/0
|
|
set ip6-trusthost10 ::/0
|
|
set accprofile "NOC_Dashboard"
|
|
set comments ''
|
|
set vdom "root" "scsd"
|
|
unset ssh-public-key1
|
|
unset ssh-public-key2
|
|
unset ssh-public-key3
|
|
set ssh-certificate ''
|
|
set schedule ''
|
|
set two-factor disable
|
|
set email-to ''
|
|
set sms-server fortiguard
|
|
set sms-phone ''
|
|
set guest-auth disable
|
|
set password ENC SH2PgEvhec+ujfr1KsSHU0jmyvM7tEiL8xF7+dUC0Xf+Mkpa+59VE1MDmIgVWA=
|
|
next
|
|
edit "josoto.admin"
|
|
set remote-auth disable
|
|
set peer-auth disable
|
|
set trusthost1 10.1.6.126 255.255.255.255
|
|
set trusthost2 0.0.0.0 0.0.0.0
|
|
set trusthost3 0.0.0.0 0.0.0.0
|
|
set trusthost4 0.0.0.0 0.0.0.0
|
|
set trusthost5 0.0.0.0 0.0.0.0
|
|
set trusthost6 0.0.0.0 0.0.0.0
|
|
set trusthost7 0.0.0.0 0.0.0.0
|
|
set trusthost8 0.0.0.0 0.0.0.0
|
|
set trusthost9 0.0.0.0 0.0.0.0
|
|
set trusthost10 0.0.0.0 0.0.0.0
|
|
set ip6-trusthost1 ::/0
|
|
set ip6-trusthost2 ::/0
|
|
set ip6-trusthost3 ::/0
|
|
set ip6-trusthost4 ::/0
|
|
set ip6-trusthost5 ::/0
|
|
set ip6-trusthost6 ::/0
|
|
set ip6-trusthost7 ::/0
|
|
set ip6-trusthost8 ::/0
|
|
set ip6-trusthost9 ::/0
|
|
set ip6-trusthost10 ::/0
|
|
set accprofile "super_admin"
|
|
set comments ''
|
|
set vdom "root" "scsd"
|
|
unset ssh-public-key1
|
|
unset ssh-public-key2
|
|
unset ssh-public-key3
|
|
set ssh-certificate ''
|
|
set schedule ''
|
|
set two-factor disable
|
|
set email-to ''
|
|
set sms-server fortiguard
|
|
set sms-phone ''
|
|
set guest-auth disable
|
|
set password ENC PB2rRXWEUO/JSmqnhlm/MigMFHKo2Ik9G7iWxm/l6AKCwXQM5wOt1aUvo+dt0ydu+6ldD2hUN4Yio96oS5mAM4jrXlXrJyE2XahsREeyRnDVjQ=
|
|
set allow-remove-admin-session enable
|
|
next
|
|
edit "jpoland"
|
|
set remote-auth disable
|
|
set peer-auth disable
|
|
set trusthost1 0.0.0.0 0.0.0.0
|
|
set trusthost2 0.0.0.0 0.0.0.0
|
|
set trusthost3 0.0.0.0 0.0.0.0
|
|
set trusthost4 0.0.0.0 0.0.0.0
|
|
set trusthost5 0.0.0.0 0.0.0.0
|
|
set trusthost6 0.0.0.0 0.0.0.0
|
|
set trusthost7 0.0.0.0 0.0.0.0
|
|
set trusthost8 0.0.0.0 0.0.0.0
|
|
set trusthost9 0.0.0.0 0.0.0.0
|
|
set trusthost10 0.0.0.0 0.0.0.0
|
|
set ip6-trusthost1 ::/0
|
|
set ip6-trusthost2 ::/0
|
|
set ip6-trusthost3 ::/0
|
|
set ip6-trusthost4 ::/0
|
|
set ip6-trusthost5 ::/0
|
|
set ip6-trusthost6 ::/0
|
|
set ip6-trusthost7 ::/0
|
|
set ip6-trusthost8 ::/0
|
|
set ip6-trusthost9 ::/0
|
|
set ip6-trusthost10 ::/0
|
|
set accprofile "super_admin"
|
|
set comments ''
|
|
set vdom "root"
|
|
unset ssh-public-key1
|
|
unset ssh-public-key2
|
|
unset ssh-public-key3
|
|
set ssh-certificate ''
|
|
set schedule ''
|
|
set two-factor disable
|
|
set email-to ''
|
|
set sms-server fortiguard
|
|
set sms-phone ''
|
|
set guest-auth disable
|
|
set password ENC PB2P0kuXlxq+fAxE7YFWNe4J4LgUEAAMb9LL3y8zzVZh4qGe+Ui6oEvH1L318PasK3lkwtie2s3Ct9jDEE3vNMNga0KZkySK8Ant4oRjuJDDFU=
|
|
set allow-remove-admin-session enable
|
|
next
|
|
edit "jkafta72.admin"
|
|
set remote-auth disable
|
|
set peer-auth disable
|
|
set trusthost1 10.1.6.0 255.255.255.0
|
|
set trusthost2 10.1.40.0 255.255.255.0
|
|
set trusthost3 0.0.0.0 0.0.0.0
|
|
set trusthost4 0.0.0.0 0.0.0.0
|
|
set trusthost5 0.0.0.0 0.0.0.0
|
|
set trusthost6 0.0.0.0 0.0.0.0
|
|
set trusthost7 0.0.0.0 0.0.0.0
|
|
set trusthost8 0.0.0.0 0.0.0.0
|
|
set trusthost9 0.0.0.0 0.0.0.0
|
|
set trusthost10 0.0.0.0 0.0.0.0
|
|
set ip6-trusthost1 ::/0
|
|
set ip6-trusthost2 ::/0
|
|
set ip6-trusthost3 ::/0
|
|
set ip6-trusthost4 ::/0
|
|
set ip6-trusthost5 ::/0
|
|
set ip6-trusthost6 ::/0
|
|
set ip6-trusthost7 ::/0
|
|
set ip6-trusthost8 ::/0
|
|
set ip6-trusthost9 ::/0
|
|
set ip6-trusthost10 ::/0
|
|
set accprofile "super_admin"
|
|
set comments ''
|
|
set vdom "root"
|
|
unset ssh-public-key1
|
|
unset ssh-public-key2
|
|
unset ssh-public-key3
|
|
set ssh-certificate ''
|
|
set schedule ''
|
|
set two-factor disable
|
|
set email-to ''
|
|
set sms-server fortiguard
|
|
set sms-phone ''
|
|
set guest-auth disable
|
|
set password ENC PB2/w6nufSySeFZ0NlH3RdiLizG70o8bT63PX+WQQu4o78tMYQHMWWHsbr10CMGWAnsI7LInym+HV0ULcFDeA+zCCT7cnMxVIMIV17sWLvUzCQ=
|
|
set allow-remove-admin-session enable
|
|
next
|
|
edit "estein66.admin"
|
|
set remote-auth disable
|
|
set peer-auth disable
|
|
set trusthost1 10.1.6.0 255.255.255.0
|
|
set trusthost2 10.1.40.0 255.255.255.0
|
|
set trusthost3 0.0.0.0 0.0.0.0
|
|
set trusthost4 0.0.0.0 0.0.0.0
|
|
set trusthost5 0.0.0.0 0.0.0.0
|
|
set trusthost6 0.0.0.0 0.0.0.0
|
|
set trusthost7 0.0.0.0 0.0.0.0
|
|
set trusthost8 0.0.0.0 0.0.0.0
|
|
set trusthost9 0.0.0.0 0.0.0.0
|
|
set trusthost10 0.0.0.0 0.0.0.0
|
|
set ip6-trusthost1 ::/0
|
|
set ip6-trusthost2 ::/0
|
|
set ip6-trusthost3 ::/0
|
|
set ip6-trusthost4 ::/0
|
|
set ip6-trusthost5 ::/0
|
|
set ip6-trusthost6 ::/0
|
|
set ip6-trusthost7 ::/0
|
|
set ip6-trusthost8 ::/0
|
|
set ip6-trusthost9 ::/0
|
|
set ip6-trusthost10 ::/0
|
|
set accprofile "super_admin"
|
|
set comments ''
|
|
set vdom "Policy" "root" "scsd" "TEST"
|
|
unset ssh-public-key1
|
|
unset ssh-public-key2
|
|
unset ssh-public-key3
|
|
set ssh-certificate ''
|
|
set schedule ''
|
|
set two-factor disable
|
|
set email-to ''
|
|
set sms-server fortiguard
|
|
set sms-phone ''
|
|
set guest-auth disable
|
|
set password ENC PB23MAJ8d4xLCNVfyxHxmdAeOwvxDpCdPJ5/r4VeuMzBp608l6DiuCQw6223fNecFe9KFycWki5l23OZBWKhVR4i7bijHEZI9QFkWdbZR7BXB4=
|
|
set allow-remove-admin-session enable
|
|
next
|
|
edit "acrame22.admin"
|
|
set remote-auth disable
|
|
set peer-auth disable
|
|
set trusthost1 10.1.6.0 255.255.255.0
|
|
set trusthost2 10.1.40.0 255.255.255.0
|
|
set trusthost3 0.0.0.0 0.0.0.0
|
|
set trusthost4 0.0.0.0 0.0.0.0
|
|
set trusthost5 0.0.0.0 0.0.0.0
|
|
set trusthost6 0.0.0.0 0.0.0.0
|
|
set trusthost7 0.0.0.0 0.0.0.0
|
|
set trusthost8 0.0.0.0 0.0.0.0
|
|
set trusthost9 0.0.0.0 0.0.0.0
|
|
set trusthost10 0.0.0.0 0.0.0.0
|
|
set ip6-trusthost1 ::/0
|
|
set ip6-trusthost2 ::/0
|
|
set ip6-trusthost3 ::/0
|
|
set ip6-trusthost4 ::/0
|
|
set ip6-trusthost5 ::/0
|
|
set ip6-trusthost6 ::/0
|
|
set ip6-trusthost7 ::/0
|
|
set ip6-trusthost8 ::/0
|
|
set ip6-trusthost9 ::/0
|
|
set ip6-trusthost10 ::/0
|
|
set accprofile "super_admin"
|
|
set comments ''
|
|
set vdom "Policy" "root" "scsd" "TEST"
|
|
unset ssh-public-key1
|
|
unset ssh-public-key2
|
|
unset ssh-public-key3
|
|
set ssh-certificate ''
|
|
set schedule ''
|
|
set two-factor disable
|
|
set email-to ''
|
|
set sms-server fortiguard
|
|
set sms-phone ''
|
|
set guest-auth disable
|
|
set password ENC PB2pu4lCia+w3uwtczEvU3fo2BfI6RhZhw6YrIx/PDJ7EM5QDEcFATcCAkBmzMJz1Kmjw25DDyy0eTA2GMaBz5cKHEZv/7+uSYd50uW19LjGZk=
|
|
set allow-remove-admin-session enable
|
|
next
|
|
end
|
|
config system api-user
|
|
end
|
|
config system sso-admin
|
|
end
|
|
config system sso-forticloud-admin
|
|
edit "FortiGateCloud"
|
|
set accprofile ''
|
|
set vdom "root"
|
|
next
|
|
edit "4fc9e93dd975@fortigatecloud.com"
|
|
set accprofile ''
|
|
set vdom "root"
|
|
next
|
|
end
|
|
config system sso-fortigate-cloud-admin
|
|
end
|
|
config system npu-post
|
|
set npu-group-effective-scope 255
|
|
end
|
|
config system fsso-polling
|
|
set status enable
|
|
set listening-port 8000
|
|
set authentication disable
|
|
end
|
|
config system ha
|
|
set group-id 0
|
|
set group-name "SCSD_Fortigate"
|
|
set mode a-p
|
|
set sync-packet-balance disable
|
|
set password ENC bj0Sx9OrZ/N0xoVXWA0KpZFQdDsr4aFkO3k494bemYYceHnZy7Gc14F9XuM+q+rgkqiRJaWpt3xousitigYZNoJA3fEr6DI4lgirSkirFtVPGnt9S1j/RgSf9UWPp9WZti7notAKs25wrUDDVnDGm0L2V8n1pLPmMV530/0PHT/vjSH37PxcQ4pTHSHziCbEwHfX7FlmMjY3dkVA
|
|
set hbdev "port1" 50 "port2" 50
|
|
unset session-sync-dev
|
|
set route-ttl 10
|
|
set route-wait 0
|
|
set route-hold 10
|
|
set multicast-ttl 600
|
|
set evpn-ttl 60
|
|
set sync-config enable
|
|
set encryption disable
|
|
set authentication disable
|
|
set hb-interval 2
|
|
set hb-interval-in-milliseconds 100ms
|
|
set hb-lost-threshold 6
|
|
set hello-holddown 20
|
|
set gratuitous-arps enable
|
|
set arps 5
|
|
set arps-interval 8
|
|
set session-pickup disable
|
|
set link-failed-signal disable
|
|
set upgrade-mode uninterruptible
|
|
set uninterruptible-primary-wait 30
|
|
set standalone-mgmt-vdom disable
|
|
set ha-mgmt-status disable
|
|
set ha-eth-type "8890"
|
|
set hc-eth-type "8891"
|
|
set l2ep-eth-type "8893"
|
|
set ha-uptime-diff-margin 300
|
|
set override disable
|
|
set priority 200
|
|
unset monitor
|
|
unset pingserver-monitor-interface
|
|
set vcluster-status disable
|
|
set ssd-failover disable
|
|
set memory-compatible-mode disable
|
|
set memory-based-failover disable
|
|
set failover-hold-time 0
|
|
set override-wait-time 0
|
|
set pingserver-failover-threshold 0
|
|
set pingserver-secondary-force-reset enable
|
|
set pingserver-flip-timeout 60
|
|
end
|
|
config system ha-monitor
|
|
set monitor-vlan disable
|
|
end
|
|
config system storage
|
|
edit "SSD1"
|
|
set status enable
|
|
set media-status enable
|
|
set order 1
|
|
set partition "LOGUSEDX45501361"
|
|
set device "/dev/nvme0n1p1"
|
|
set size 937875
|
|
set usage log
|
|
next
|
|
edit "SSD2"
|
|
set status enable
|
|
set media-status enable
|
|
set order 2
|
|
set partition "WANOPTXX808E4B55"
|
|
set device "/dev/nvme1n1p1"
|
|
set size 266562
|
|
set usage wanopt
|
|
set wanopt-mode mix
|
|
next
|
|
end
|
|
config system dedicated-mgmt
|
|
set status disable
|
|
end
|
|
config system dns
|
|
set primary 10.1.40.10
|
|
set secondary 96.45.45.45
|
|
set protocol cleartext
|
|
set ssl-certificate "Fortinet_Factory"
|
|
set ip6-primary ::
|
|
set ip6-secondary ::
|
|
set timeout 5
|
|
set retry 2
|
|
set dns-cache-limit 5000
|
|
set dns-cache-ttl 1800
|
|
set cache-notfound-responses disable
|
|
set source-ip 0.0.0.0
|
|
set interface-select-method auto
|
|
set server-select-method least-rtt
|
|
set alt-primary 0.0.0.0
|
|
set alt-secondary 0.0.0.0
|
|
set log disable
|
|
set fqdn-cache-ttl 0
|
|
set fqdn-max-refresh 3600
|
|
set fqdn-min-refresh 60
|
|
end
|
|
config system ddns
|
|
end
|
|
config system sflow
|
|
end
|
|
config system netflow
|
|
set active-flow-timeout 1800
|
|
set inactive-flow-timeout 15
|
|
set template-tx-timeout 1800
|
|
set template-tx-counter 20
|
|
end
|
|
config system replacemsg-image
|
|
edit "logo_fnet"
|
|
set image-type png
|
|
set image-base64 ''
|
|
next
|
|
edit "logo_fguard_wf"
|
|
set image-type png
|
|
set image-base64 ''
|
|
next
|
|
edit "logo_v3_fguard_app"
|
|
set image-type png
|
|
set image-base64 ''
|
|
next
|
|
edit "logo_fw_auth"
|
|
set image-type png
|
|
set image-base64 "iVBORw0KGgoAAAANSUhEUgAAAPoAAAAeCAYAAAAFOQOpAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAAPYQAAD2EBqD+naQAAAAd0SU1FB9oJDw4aKksK+ckAAAYdSURBVHja7Z1tiBVVGMd/z91d3faORtEbmfhJi4rSLAnDCnonsQ+9R2AJkW1F+UGiIDIMCokw05DoQwuaZIUlQkWQSZQia9KLWqGVkBVEljRX21zn6cOZda93Z+bO3Dszd+7u+cOwew9nznnmnPN/nuec85wZAW6nNRBgE3B4KEEdEBc8hzkCD6jSHXSTCltKLqv8e+YB96kyWLdCoUdc5lbVt0GVowH5QNmssAb4p1QJLXIWMCXDNuoAtgOdwA918l4NnJ5xn3UBb1b9ng1MCpF7C/BbTfqtQClD+QaBXTHaaghTgUsAL4fxXgK+Bvb4vycAN+bAse/8etEWXiNIog7PqIOqg+f/HXF5ZfqG8nsOi8PyBV01dYXnLeN5Zb6t05B9GbePV/X/JuDiCFk+yanPqvFuRL65ATIO5Di27oihVB7Lebw/VVX3tJzqXEbG2jURtAzqsARlSZU2GpkvzTo1UheKCBdomX6vHCxLTl7PEG4GdgIrsKjbtcBbwG7bFMPuROt7xQGpgMITeVJKYtSlwkwRphWozx4F7rZDN5aCPBfYb5ujIEQX11hzYeScPMrE5ThiPi7QANaaebJFNCYDz1uiF8fXWpCyZ56mbJPVYWrBrNU8y+HY7XW/JXo48lqJRB26BSbGMdi5zdGrR4pZ1piaTDdkPgedU5M2IaE8RVKqmnE5Z5JshTurtjmp6v+OBrjXCCd7wGzbRJFQcupmVWGH+ELF6IJ9VSm/Av1Qf3sNKNfM0b8E/otpQ48ktCK3ABubbJmVwMMh5c+qSbsspIzbgLdDyng1pPxWWN0ngReaLGczZpsxaNQ8C3yYQJ7ngKczfOY9EfzStDnZWQjfqsIAcE2Se7yyWUwTl7XA2tg6xd+r99cGZmb4WD0plLEmgojHUpBjXIGsencKZTyEWWmXAOIOJixr/Ghy3TvbVfCIIJZopeLaNZRRjD999zbILZ4ylhumEETXMh0qzIsjj6+q94vL9qbrdbhLY1pGga3i8kvOTTPDctciD6LPr53XNondwKcBLBonJsChKxZBlXXAPSnIsy72hEe5E1ifoOzrgFMbkGnQf7ajwBV2iLYMM4AHiV40C0MfUGknor+Rcn2vBxLd4EhcovskyBvHEuZf4F+ZOEEkWxy0SI5r/asRvFc0ohcjMk7jb3W1YnutgBBfaVpYtM8cXWRs1ZsCDgIb7PC1aCuLntSUjXEcBa63zWCRFtHVNk9Tc+isyhHfolsUv//awnUXYDnpBg58HjFfHh/rNFmKUw7VBO67JPJ+BHMQZm8T4g0Aj4f02Y+AQ8EWfEYRBHMk+IsGvd5KOxEdYFEu6lP5F+HSuI0q8FdKVU+Pq701+XHH14B3mpSvC+gNmbHclEL5FuH4CBOWO+oten7zhwoKdd/mkkW9XxW8bfsID4E9y3IxU3SMpocpRmScU3e9oNbdVnGNJfbKCJLAA3eHTwCpk8gt81oQPttl+WYxeogO3QK7UZxYsydlPfCI/7tXYCka69DCBE48KngQjXF6zdSzAPPeNouxgUFL9JQhxpqfhkSeqT6uFfTEs9c9wCkN7rudHOs+cx79bzv2xxTmY468prWj2wGs8qdjY5ToLoe1zCHAQaIbViT/iDYVEHI/0GLRWpztX2liUg5yd2PO0U/HvOZ5I7C1OAEzwrJ6JB8yrqkRWGPzHHH52Y59i4KjB3D9KeYOTLxFB7C0SJFxKyHmfDkt3RLPKROF8+0YsmgDXAWcA1wEfANsA64EJhaG6OKiqiyOMZ/PG7tE+d6OIYs2wOXA75gw6XuBhZgv/WwuVKx7qcIK4OUCibRXXC5EQl/KJxnrpDTKz1LGpGXnoafD6igVwG5kXV+//3cc8CImsvIGYGIn8FKEv58rPAdQFiEsIST6TYcfZAgN7zWHhcD66b2qrPacyNdPfQD8EZDexfA3tprBAeAVgs/f74zrkWC+7hK0XbStSfneB34Kef59AenLCQ5EKWHCTZvFEX88B5H6UEDaDt+wHMtheJcStPdqqr5JmICTn2HCb2f791cwn81a2LaHwbzycS8g8X1x70mS18KiIDgPE015hq/ADgBL/wdzAzk3USNrQQAAAABJRU5ErkJggg=="
|
|
next
|
|
edit "logo_v2_fnet"
|
|
set image-type png
|
|
set image-base64 "iVBORw0KGgoAAAANSUhEUgAAAPMAAAHCCAMAAAANeQ+xAAADAFBMVEV/AAB6AACLAAOVAAIkIB8AKD6FCACiAAOsAgC5AADDAABJIT/OAATRAADbAAIAOVs0MC/nAAC+DA3pAA3wAACjFhpnLRB4KQyXHxxjLEIbQ10ASnWQLxflFhXaGR6ULi+ONgl5OxdnQBxMR0bOJSB8OzmLPAfGKSmgOA4JXJHkKCy3NjGMSgZVVlSCUg8WZox8UiezRQhwVyEAcH2/PkJuWi8AcZAQcHKuRkMObKp9WhaQUF3iPDp5WVqyURbcQESfWQelUk+XXglHan7wQDZuYHgQd7ypVzdlZ2SwXAIAfcfjTSV/ajUGgbrZTk2rZAN3bUQAh6STaiUahJbWWwcFjI/yTkauYkoHhtQqgKwRhcmRbUu1bQS4Y190dnPLX1+8bgGRcHCfcUDDbQHWXl5cf5MPkeMAl++tcmrfaEITluHTa13QdgLKeQTWa2+Bg4AAn/3qalmNhWERob/aegDldwAdoqYCpP/UdXTHhBosn92+fnxXmbXuei33exO4hW3jhADbhwGOkI9Loa5PncvtgwCxjFrQgH6Zko+blW8drf7viwDUiXF/na3RiYoAvuW8j42cm4Gam5gos/77jgHyjx7Rj47ylALJmk+6nWi5mpT7lQX1kjzsk1VLuMOgo6CjqJBGuf/PnJuoqqf9ogKlrZzupCXmpTjhnZxLwP+Gtb/PpJWtrpi2qqrLpaCItda/sIywsq7Tq41bxP2us7XKrKtpxvq1t7T+sRv7si61vKCWwNipvMilvsLLtbG5u7jRtqf8vAXBvLv+uiW8wcO/wb180P/uv3KbzObOw7zdwpvExsPUxKzFx8T+ygD+xELDyMvhwbrHyca9zdrLzcrdyb/+y1DazLbuzJT+zl3M0dTQ0s/U08rS1NHV19TH2+fk1tbY2tfW2t3a3Nnv2rXd39ze4N3h5ODX5+3w5NTl5+T74+Dk6ezn6ebw5+Dq7en/6OXx7d3q7/Ly7+bv8e788eTy9PH+8fH39ezw9vj2+PT2+/75+/j8/PP7/fr9//uXHhBNAAAAAXRSTlMAQObYZgAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB+AJGxYjIiP66ooAACAASURBVHja7Z0LYBNVvv9puxfabtsVlMdFC4ooCgZYEQSWtYguhmcFhAUtpUpFYVvKIgILrEJQeQl2C1IW1FgCCnXL3cgj9fKIxmZ3NTdrSYf9r8nt2CSbpNRmc7fmBpvObf6/85jJTJK2YANtaX7QNpk588v5zPd3zpyZnEcPQ/ezHpbuZz1iOsd0jukc0zmmc0znmM4xnWM6x3SO6RzTOaZzTOeYzjGdYzrHdI7pHNM5pnNM55jOMZ1jOsd07kidjd3PYjrHdI7pHNM5pnMX07m6+1lM55jOMZ1jOsd0jukc0zmmc0znmM4xnWM6x3Rup87a7mc9vN3Peni6n3VL5rruZz3c3c96uLqfxXTuJjp3xzrM2v2sh7P7WQ+WWLfS2dH9jNe5O1lM55jOMZ1vLp276/U5Vp5v8vKMn352M527Y2xrup91z36Apm5n3bI8G40xnbuDzrFxN7HxVTGdYzrHdI7pHNM5pnNM55jOMZ1jOsd0jukc0zmmc0znmM7dS2ej0cRIzGQim0wmE32P3xnRI9KQZNJj6XPFyOlMTEhKaZIbq3M166yrC/aGrKtz2VmrE7a4HOi32+V0uGCzk2VZu0tICcmcVhYlFG1x2J0uFyR0SNI5WLZavAm2Oe2SJODphupsNLGyu6VWZHFsWwDGHkO/Fxyrwb+rmert4lSyAqbaYpEcu90qv/tueUg6eRnLmFjJprvlbJnkvfZGCt0DZK77UYgVWI49DrbAiP88vr8G/znGOrdL092isbOSDXL2btiqZwuk6bJZ1pUtPdIkdaU03VidGdctIczZugWYWb0Hw278Av+ZrWcVIQnvNlmkzAbErGZCmH+0nbGHMKulzNu1hhursxuYb5GLbLsOx3SGmsT2RvJ2QRlmlvGp0JlSswXZ+AU90ISZsc58Mhk+N85s0Sa5PFtTli2X/0j4XKW+A3S+W6Xhhx9p1BojoysD0+jQn4NlevK2jEHM29UkmQFRFBlMej3iVKk1GrVaw+DXWOciNf6yV6snpyEb7dDwn6DWGIx6A/5cfKC6I3S+W8PwX+dAxVRzDBtjYVDVYmLJW5MDMxtwqhqHHL+xVDtkCMeArjkWV1DnIj2+DFkcsOlHKsJsoh+AtltYFn+ukVyuOqI83yJYNmO5iAvwAp3BiP4xl/Dbxy+Q8syno+WQcWJmPboIM86gztu1RmHTj5RMdvBIOWOEU2lkrIhZjQ+8we0worPIZAaWVNQLynBtWm2twVXa46erQ+swmcpgYeswsxGlZOtEOhsswqYfqapFddjdegbvcWKdTTe+HWYMq7fvVpuozmVa0tKiOh80hTIXgEpEZ5JUqrMhVGf+A2hQiHS+wfNK0Xq7QDCFhqnZth5sWxkpf9aaPeStBTHLSartBXdjxaqvSucyrHM2OXA71B2ogxbVGeqP6g7ROVhvQ1ULqKjI6fUMW1NTgzrx47dazKxQa4R6+5Zr0vkWFa2dIZxNYp1Ji/yG63y32mjhW/wWFjc2F/xa0vZcsOALXG8rcH0M1XUBromvSeftgqH4oTqjSMJXixuus7hcMaTSWmCgbc8vaDVOrs9EP5MVMSu1VGdVmM5F4fW2yLQGE6+zybR9e5npRutMKi7hTENJ24YhNcdo2xOfgm3qatRg3K6naRBzmbGaxddklbG6NZ2VltC2JwSIg+pcVpC9nbmBZRrpbL37FijP2uCJMFnYXHF7Gze/f7VdzWyHq/J2DdGZLYBLLehsYuXkBd4ou+WWu1UmSHdLEY0HtOmWImM2HBq8PuAAscDnylR6pgxinSS+YfMZsFZGoyqD+jNoULxOHzx4UPMF+n2wTHcR/qo0RpbVq5VqaHqRbrF6VZkaTg9r0apUcJnFGxn0mmF1qmA62KRUMxa9WiUypDMLn6vSMixTVrbdyNzYeStMJj2qh8WnwmQyQA0O1SyuovVGlEBvgK169JdPosdH4bRafiN2JU0X3CQyA92DvBr1er3hhs9bgYue1MgmWsItfAJJQuGNeCt5GZoukm/ph8TmJ4nNTxLTOaZzTOeYzjGdYzrHdI7pHNM5Nk9cbJ642DxxsXniYvPExeaJi80fFpsnrtPorJXhPzJte894trLD54nTy2Sy7Oq2KwG9DP+R6etCj5YVSFOhH1W2TCZXRnRUoOzweeI0MpM1u6DtCbg0MvxHprGGHh0hlUZWZLUWZUd0lF3U4fPEaWWMUyl3gi7ZrKIAbVFmO5WgksEpU8kVWrlMpnKi3zKcXAYJVYxMC8ex9Ggn2i1XwXFKpLpcK3MWKIhzudLJyBgVbFXg3UwBvFR2yDw0IUpZ5IoiucUiL1LJrYpsa0GRXq63KgqsMpBfrrTCVnmRoHORtQhSKdB/fDSYBnYr5ZYiuQangh+cXoaPM+FIUMrw7iK5qaN0Fk/QokXSsAqFw1GkYGXqbIVKrldhvRwyrYNBr2SgFaTDyWEbaKuVo034aPiDX8uYomwHTgU/BeDOoZI75EVopwpFCd6NPia7qMPnldLIUD+oIjnDyIvYArlSK5ezWrkW7ZJpWFauRK9gV5GMpdsUcpbNlheIjka75QCF3jPww6pkCuSTzVbAcQa5AjYY0G76MR0935CWCIbLswOy6ZAjyVEJRJo6UEmWO0B4OdUZFViHQ432CUfj8uxAQrJyVJ6RxpCuCAWRHBQmv+lueVEXnT8MidbN5pVi5OrYPHGdX+duPI9rbJ642LyPsXniYvPExeaJ6yLj6EyxeeK6RXmO6dw9dA60YZzfB+b3c7z5yQYu0F774Z57tNPazhaHMtGM84Ty14y2c+3Fbpfn68fc7Pd5fVxzM+fzevCYXmRoAK+HbobMNf8g4PZ6vl7MkB8435zP4474XNztAZVQ1q+duv2erw9zMxICslXXytcBdZC5a6eOhufrwuz3eP1+b53L2ep3IE6XGyXz+K8BOSqerwMzBx/m97ic4nw5HTZiDslWp8vj93m8V1ubRfDsdNbwJt3ciufoMyMpUL6IuVwOm9ms050+WIjs4GmdjjHbHK5gAu9VSx3q2VnDMpUV58+XIjt/vqKSYWucV+E56sxej89bJ3ysw2YsXDygb4LY+o5/8bTZ5hTyVucDQa4COcQzW1n63tZ5c8aNGnU/tlHjxs3bWnoeuNvyHGVmzuPxuYUnRzZT4Xjg7ZWYmJhEDV72SohPGLD4tNkupPP4PJ624lvq2cqUrp03btQEZFOJwSsEPm/reaamdc/RZebgEuniF4+w6Tb2RbxAmiw2BJ4QHz+4sNJKUzpccKFtHVriGSSeP2eUQDt9qmDAPWrcS6WmmtY8R5UZMuZx0ozVEGIMnJo2KGP2yvXwLzdjUHoa4kZqDyjktXY4Pa1Diz3bgRgkJrgvrFq3c28J2N51q15YiOgR9bxSXutInqPJ7Hd73OQxmdPBFGJiwEubtH7/BTScVQf/0J/D2zIwdq/4+PGnzZAWm7s1aInn0pfGYYmnL1xXcvJPYjtZsvOF6dMx9dbzrK0lz1Fk5uo8dfTRYI1uPCFOHbTtNLDqLohMB7YfYSdBhG802mvahBZ5tp5/bx7WePqqkjN/imAn1y0k1KWV1HGY5+gxc9D0pR/CgsiYOGM/4J4ONwA/kds7ORnK9XidjR4FDWauhcAWPFefXzsOE+9ECp8JN7R17zJEPW5rBRvZc/SYIWN2ZA4H8yIWOWX4ft2FEy3Zad2J2WkowAccrHbgA+1wmxCRmfdc4zCXzlsEyNPXnYwIzGOf2Qla3z9q3nk2oueoMXtcJGN2h24xFjlt/YXTJw6faMUu7B+UkpQYH19ottGsuTwRkAXPNSaIa1RvlbQMTLGPrwKpIb4t9gieo8XsoxmrsUNRRsjDD58+3JadODE7NRmgNwahfWHIvGe7rfK9eUTkMyfbsjNnduL4FkH7os3MuVx2K3ZuRMhJqbNPHN7fth0+vbI3QPfcaMbHWu0uV2iRDno2E+SdZ9pGRtQly6YjaDbcc5SY3dAWRP1L7AwK7KS03BP7r85ObEtD0HClRoezDmdokQ56fm/erKlTF+69KmIEffwFCh3qOTrMPqeTTMthexEjLzm852rt8LZ0gB5w2mxFUzGwTqc0ugXPllIe+ThYyzEtRMHxkwgaVWRW1ibxHBVmjs8YW4gDO3f/tqu3/dsgvHsO0NHFOZ1O8a0+77mGPT9/EQT2XkwcyU6e/NM3DY1gtX8h2McRNFRk8ypCPUeF2eOwE7+6vr2SklNnC8iHW4YP7tqzMi25V89HzcSF3SGuuwXPlWvn4KtyS8jHz3wjHNT0l9fOIObjJ0sWToXrNBPiORrMHJ8xBuqv5ORJeNoZNPPMiYB/4/qItq1QtGvP7NSkBCjSxInDEazGgp5R/TV93XHUsi6JpPKZRnGJ+Oa1DYi55PheuE5DkZZ6jgaz20p82lBkJ6dvW0lsfSHsu7JxycpwC9m1bRKObgptDQrNe2ZLUWS/0CJySRC5qamZQuO061CRrmQlnqPAzFEtcGRDlU04clcW4g+48uKSJSHY4bvWQ3THLeaZBaEFzyYU2Qvx/VMkbBHy7scee+ws/K16bcMGnPSF6RDdrMRzFJg91KN5I47slbnYlhTSXFxZnLtkSa7YRLuWkF0rIbrj4y5QaJZ/tsF7ri6dPwsiuyQILeYuOV4ilOXdAweOGjVqN7wCZgyNohvqbrHnKDA7xDLfSpFzC4UAvbL4ITHxbMkuunHloOTEOL4aY510t0Ms8wsle5FFwC4500QPqMTIo0bBOfhmFmKG9KumTxi31SL23H5mn0TmjNzZyERcGHp20EJ25ZIDZqeJhSZP7njPLJZ5515qJVI7fnzDX3h3zw8ctQgZCN28CUGjgyRC+6PC7ObFQDL3pmDbJA0LEXTG7ELJrv8ZT8/EcBCaL9EsaTLxnpm180DmvSKTUm+oFZhHjVoEQb1oE7w+C8x7ETMWmhV5bj8zrWeqTyCZh8/OwLbyihT60RGYNyNj9n5p0/LZ8eh0ZEyalJ6c1HOAib9I4318DXZ+7SIozXt3UguD3iDUYBUYecOsKlSLzZq1YgVKD7dYo+ZXVgc9t5vZT0eLmh9NgEo7g7cl/xMCPQxtnZQRgvzzwSMeyhiU3js1OSkpOSGu0EwnLEIhyHtm3wOZF+4UmVTtDRsaeHeNzy8CdTe8hk5C1ahZK5a9sAw/ILx/TCkb9NxuZjed9cbcF1qd6SAYsoxhwx6VQv8Pgp6UsTEUue+wZMSLjNRiZE4ddCHlPTOoBltFaNetE0MTcBFzoH7TolmzXmtoBjt3//0ThMehENwWwXO7mZ2kM435BGqPDJ9EbVg49Phhg8KQB4gffSeh4KZ9c1D9Sj1bSGgjXmIhcmPmJsFn7Te1Tc2Y+SciaGiXBD23l7mZzgJtXpyQlJxGiYcPHzpsWN9waCly8z3xPenzbyp0QtxpM3HHwm7i2Wx5D2rthetCTMS9YQN/eSawzc1NTU1c824x8/1jzrOC5/Yy++npY0agWns4b4MGDR3ad7AU+ttCTorcs2e8GDkJ2mIvUmYLFxA841qbkK5atSoce8WsTSLgJtrTouGx2yXMpazgub3MXjprrAmKc/KtwyXQvUKgpXZPXAhyUhIUaBrcjC/Ae67kmVdhW7fqBSn2ihWzoLEp5kUyc7t/cvv9E8QFulLw3F5mN83Zp+hKlS62QYP6JLYCHQE5KSluwKcWrDTjCfCeK6AKm75KZC+A8dArwJ7+S0AA5lXmGgZKmOFqVUGZPe1mdpF57c0fQRWWImFOT0HQ314LclL8gI/IlJmmugD1bDmLqrAQZMEEZAG4iWA//xNxaKNK7CzDe24vs4MyvwpX59T0W8WWnpKS3BJ0ZOSkhLhXKbMzQD1bcMMzIvALK5YtA2QicZOgMlA37f6JVOapo8aUMrzn9jKzYuZbpZaWlpKcFBG6BWSouF81k5xZA9SzZTdmfiHcli1b9vTTU//STGCbgho31T8/MERmqMR2W3jPUWXuHWppkZW+Jy4uErKYmZUyR0ReOP3pqWebCSb8M9c3cY3wr/7UwJ9g5MjMbLuZq1tl7p2Wmpw4IASa+zkgJ0RAljJTz+zutVPDmUHjhQunT596tqmJV1n5bwOfP1VZ8fxjAyMgT73/4d1stJgtrTOD0omJ0jupQGFcXM+IyGLm6oCFZ56PmJcR44F5ZCox528E5J/wBsQhyIjZwnu+zsxpacnJj14JhDY543tFQm6JGWIbEJeJbOFChDz9L0TiRn+jX/lvgErt/nBkkc5RYCZrXmPm5LRwS05dHF6FPdu3FWay/gswE8+W0rXAvDDMcGCjogzEGJmwEpsQiowaYgzvud3lWcKcGmrJqUsiXaqeTWyD2QDlmXhm0CNP0BSwp0uQp5+lEjeiwA4ii/vVSK9VvOd219sGwozbYVeLDGW6Dw+djP/Tn/ienwrM1DNzbv4czBxqZzlCDIYaXbdT2kjAYOPGnIsas53krBIzh1nKkpaangQ6JHlS3B2fkpzpHQHq2XRuPrS3IyHjoG70Nfp8oQ3NSMzzzpl4z+1ue+qJq0vxiZGQW+7AWjg0IvMlmjNoe1LPVfPnTw9jhhq7EREj5MaGhoEhLZBQmz51zLwqwXN7mT0kZ5WXBvRqU+XCEKXDoBPjfnmJlGK9J0A9G83z14bpDMg0rBu9DQ2YecKs1pgnjNlqFjy3l9lH55RnxyeEqpYcovI9cT8Pg5YegKow4k7vD1DPleattBKTquz3NWKJkXkRc0sKo1/ToQpjBc/tZeYMBpKzjfFJbSHHtQXdM+5TwmwwNgeoZyNbOn/O01OlyKgYE4nrkbkGtlyaySGoChM8t/t5GEPkMF0ILdBLpL0k0FOR+L7PtgYNxZmtJGJYYC/vGQq0hBmQeeIGL2ppDhzYYg3GHzJmntkkeG43s4NOpM8OSGgDOSGhV0KvEOhBSdLibCPMWvQMkHrWsfPXzno6SIxUhsuTl4T1Y6hxffv9LepMDlr08CYa2tooPAMMeOhCHeYXxcGdGoYcj7v39gqDFjHHQ2gTZ1r0XRr1rIM76JdEzGehHFPghvqGx0hjpHWZcWgHPbebmdPrsbPKC/GimntSIAwZN72AOgQ6NUkS2tiX3oDHDVHPxiqR0FOnNjbywGDkSd+ENpBnQWgbg57b/91NNRXaNj4hOYUYXKa+DUMmbEmJvSSXrEeTk+hRqajWpmKweB/vmd0KQlPoqRNExGCP3d5W9YVlLmVFnqPwHR3NWeVH8YlCmzO5z7cSZNzhNSU1BXXn7SuCfjRRaLImQ4OkkuaM9AfgPZvOz18bZK4XiG0VFRWjgo0RHAXii5RI5iqTyHP7mfkQrGAHJwgt7uTExG9DkFPwjhQJ9D0JvfgdSGZWRzJmIFc53rNYaMxMNX7+38gToGD1NjX4I6rox0ENZhB5jsJ37qzGoEeGhKZ3kKkpSYl9KfQ98fG4j28q2ZMqgr4nAd+ZkJtOJDP2o9fY6SnhPTMg9IYVBHoCIT71/G7hoZf4Oka1Dm5ZuBDLLPYcBWafljjUm8fH87fQQEahCXJKqnBHHYS+B5dyuic+7lUb9aPlB8sInpHQK1asQHeQE86eA9uNHorcLlFZrLYYeeGYMbtZiedo9BtiNMQj3GgkpPVOQ09HBGgkJeWiD04E6OAu2J4Y9wTLy1wtFHfeM1TdCHrZQtwL//bb8TMRconCYNNbsoULl815eJzZKPEcDWafhhf6zZ6JwYd/AP3szyhXyHNBtOueXqJdyXFwbdbRnAV7P/KeK6ABCtG9jELzDweQosFnCBGIly1bNmvMmHO8zNRzVPoB8nLo2Sfik4QnYVBdoW9ak1PS0kIfkoXuQpFtpz7UFtGljPesQ9EtQNMnAyR0xQ/IpBKjXRvGjNlUE+I5Ksw+DS14cEsZnyLSE91QpqZFfAQs2ZUQjGytRjz0TfBsrJonQIsCFz0Kxf8JtsTQU9IV8x6eYzPqpJ6j06+XVdMYNJ+OT0gVCZqWFoE4bFcvqLPNvBh2STuN9wx197z5byHoZQLSMukDbx58WfC5MCCPq2JCPUeHmdPSGNSaP+qZkNr72iwx7o5PzVRPjV7aUA96ZksBGn0PiWV9IbKhHcGdCPkcG+Y5Sn3WPWrsuUKvt73aMyHt1qsHvhUhf2SrIDnTqkNHZFDPep0eQ29Y8cJV216MrA/zHK3xGKyKzryOoONDv61rxdISEDK/IJeKDXtwFvSMoN8ruWroDQi5RhfuOVrMzXo1P9+87aOe8Um3pl8VcXpKPAS2jT9UbYgwsj3oGUGvPbmubdxV8O+l+TiwI3iO2lgjv0bImvnTO3r2Sr8qS4qLe+KSWciYJtJwZcFzhY49B9Bv7V3Vtu196eExc6pYbUUEz9EbU+YJLgFtvvREz/jktolTEuJ6PlcTRFZ7Ij4WFnlmbPPGAPXONoh3IpE32RhdRM9RHC/pCmatsubVnnEJKenDWwEenpIYF3fHxzWVwmLZKncLz8JFnnW20nkPz3/v5M5Widc+PGbcWYehBc/RHBfrDGZNb770S6BOTh8eEXv4cEL8KiuIrFWrXC1+ASDyrGOrNo15eO3at0rWReJdt67kLUS8ycbqWvIc1fHPDpVQprWVtk+f6BkXn5QyaHi4DerTC4ifu+ioFCE7W+lYJfZsdJybN+bh+WvfA+zQnnIlb2GNN1XVGDQteo7uOHeXKGuI+pd3xMUlJPYZJOYeNKhPQhzSWEzcqsqhnnWMvWrTOIS99q23TpbsRb0id+4tOfnWW2vnP4yJbabWPEeXOeBWqYJZ01TaLn38xB09cb+CPtgSE+PjEPATH7NALEihVbVQfUX2rNGa7LbSOePGYG7eEC8A/4etxqRr1XOUmeE2Xxn8PI2mwlxz6eNXn7gDgWPreccdT7z66aUac4VGlE6p9bU5bYXUM7RQHLazm+aMA/AxCBZwx83ZdNbmYHW6NjxHmznAmZRqRCtYhdnmqLl08cuPkX158VJNjQ0Ba/g0UKsqmauZlSXUs1bP1DhsVefO/geys1VV8DlwdRIlaMFz1Jmh6Kkhb9KpEisqKs3EKisqpLu0kNp1lfPQhHuGEmQiw+QYk06rvTrP14E54DcpVVc9c6RKabr6icSi4/l6MKOvXZQq9VVkS61Saj2Ba7FoeL4+zIFAnVapbCtvaqVSW3fN84e13/P1YoaLi17ZmiQghNLg/kHzxLXX8/VjRmPCNJC5CLlTqyBbGtYX+KHWPs9RZG5uppMver0ej4esh8MaIMxQ9iCDyFQoT2Bqg7UOJ4CUXi+dvrG5pR43UfYcFeZmPAMfZMbldDjsVmtwLkyr3c5ajFo1zRAWR2u0sHa7OJHV7nA4XXgOQz+Zv1GgvR6eo8HcTPNVBxkTf2Iwd3grWbmefxeaBrJWR/MmRr4enqMU28009nDo4dkn6bRO1ND0NNIXDjrZmwtlCAciicPQ+L4OnqNdh5GREXiaUTytKraQxQqF7X4/Pw1rc9uzP0bP8/Wstzur9YhZzGIWs5h1S7M6r9dyjm0tcenzRVrINuTyHdxBN1xzNpz2UGS7L3Czm79Oisx6Aze/+Vgps78bMAfsMeY2mJvxXaHH5YD7PtaOZkHnmm9i5mZE67Yb1cqioiKlCj3QUKIXGqPd7Ytw79jlmdHCDW6LRlmk1LJu0Zz+nNddrYWtapOTrHJx8zA3+1x6ZZHKRGibGmtrv6mq+qaqtrahCU+i4q9WK4qYLsvcHMk4Vqmvx3RNtVW6soNvvHHgwHPPPffqs89u336q6hu0q6m+yNfcReyqmJv15kBjU1Oj++LHBz788PPPP/vss/LyI0f27Xvlt79d/ssXn92+u6K+QeG5qZg5w6lG2yXg/fzzvxID6CNHEDVwv/Lb5U/oGpw3G7NJ1XT2uSOf/fWvEuR9b1N75Z3/bazf7r25mC3KprMH/vrXrygwDu19GPkdZG+/+7+NZsXNVZ45q7Kp6o3Pvvrqs88IcDkv8jvE3nVX7b7JmJudysaqNz7/+itMi6MaSjExAH73t7+uOhfCXCQTrEDdzjyqZTL3tR2hlcm0V8ts5yKbSwHMX30NwG9/eenLL3/78cWLly59vBx+ffnuO+/OSM2oOneqyCc+QsQsk8kNXHsMmOuu7QjE3PLeq2Ou2974jeLDrwH5YmNDk3v5pSawi080wIX54oyUlNSMc1WnlP4QZvqpdqWs1Rx0Vma3osGm+Prrfa+829jgabwMzFd8wOwNNDc2ZKSmpD3UCjPHWeQymaXLMXsU9bXbv/76lVc+RgJ7sc6Bi7/0B+DvtrQ0wsy1xIyyIO9yzF5gVr777iuvvPnRsWOH35zx5kcfffTpx8v37N+z//BszGw7pWqZmcuWyWiRNqCCLld78WfLZOREGWSybE7YUieTqTmDAtV+hhBm8dE4glC5kWWr+VPiVUNIydR1UWFWOupVbwLzjBkzhg6dgWz5jPR01CNwKBpnNB6Y1a0wQ64V+EUBX6vhWJdTVJRzL01nwcx8OrWEWXo0xymEWpKcHLuc7ldGhdlWf+rNd2fMeNN7+bK7ZsGM5ctn3Np7GFpVzL0emB8F5lOtMFtpcEOmiwBOKye5VFJUCAMZQyAgWR2+wFlBVblM7hUxhxyNtqNk6C9O54Udijp6zWg3s09pbjj15vIZqR+h8uxevmBBeu/eaSMamhobm/ak9gbm+lOaVpg5Gc62mg/mOkJjIJn3CorKUTggZgVfLNVB5tCj4VTJvXwYMeQUFvHvo8LciJiTP2q6cqXpyq+HoyFVwOzzeoEZ6dyg0rfGDApY0W95sJJRY1glKc4FmNKKt9bJeBa6nzKHHs3xp4Zj8Lnzyvnj0Me1n1kFzOt/nZ5yGGrqgHcSIu6dOr4RqQ7MaT+ralQZ2mBmEBtfuXtJfgtwgVZDLYR51PjM1AkscFiRwBx+dEg1bQhuVUaHuQmYH09/aMmS9Uty8fjnMc1jNgAAGy9JREFU1JTER5ENI8xKU5vMaqH25kVT4wKtkCmtmBYXZ8RcJKRSCMzhR9P2klpNZFXSAhKla5VfbQ5UrP/18PSM2bm5s4elZKCZtof1GfEQ2NDU1PSfn2tSWtpgrkPbrKKrFwlmA9ppwD/wS0mY1cJhBQJz+NFwacrmK24truL4k8JEg1lbEajalvs4xDbXxH074iLn9zefGPwtmqJxT3LqDMTMtsKMaim8zcVvKSC5RpQs2pxNXqBMu2QylYRZhY8LP9qAaYtUqiKemYkms1EdqN2YOyl5Y6CpsenbwZdQsT4x2I2mtFuZnDLjF1VNCmcrzCxudIhzTaOzCKBU6KUSEqjIpesqmPHR4JQm1IbqbIgGM6sMNBbmZqSPqAk0Bb4d/AVh9sKbmmHJg0b8orZR4WmFWYVzpwwK4aUtLwNkXoEKLeTSqyDbWmAOO1ohMBJmRfA4VRSYOXcR11SWOzs9+dEat7tm8GnUYevwYBZej09KnjH4+UazytcKsxznWhvMFEMrYcg9m422wguGFOeWmMOODlZkBFEVrLcV18DM+lqsuK0B27bH09KS+g4ePCBhwGCwvgnoV1LS0Bk/PhdQMf6WmSE3BQRQHtzN0NoIdrL4RRHVrQXmsKODzAX4w1zB67o8Gsx+kyrQdGJ4eloKGsxPDU+L12fo8sEDbQ0Kd8vMIIvcRTcSGhc5CZiHZh21ueVcK8xhRyv4Aq6lzS4FfwVXyqLBzHmKGmvPLUlPSU7qkyiiBls+48e7G09pfS0xu5TCPYAHzr/Sg1vMcpdQu5GINAgtzpaYQ4+GI+QgN9yByckRLvhb5IGsyqKiM+c3KKvOl01KBeagDQVbvvzfR9kcCpcUOeTZEF/5uOShWziaX1Et3BJz2NH8ZxSwcnwt5FiaINsQHWaPoqKq6uAgPGkD4A5CvEOHDVv+zuCfnGtQ6kMPFDErxHfWKtSKyBZtUZDijOHZ1pnDjjagt0UGEiQ4kFRkPxMVZs5nV9hsVScGpeHJowaBDZ00aRJBrlB6/FzXsVBmf4vmMylqbd+cntQ7jY6IBeQFywG5vkrhauW4zmdXz+z3GhS1tbaK3FtvuxVDPz5pwYJ/v/1cg03Bdinka2H2+yoVtvrab05k3AbUwPz44B8/X9toVli7FvI1Mfu9rKKioaG26nBG+m23De/741+ca2rUFDm6GPK1Mft9dSqFrbHWZruYO/jHj51raLIpVHVdDfkamf0+r0WptNVDDb67qqGpXqVgvF0O+VqZgdpjUigrbLaGBrNSoXd3PeIfwAzUbkapOKVSKE1uX1dE/iHMKMIder3T2yWBfyhzF7cQZm+M+aY0Xwizuxswe9iQoQnum71E+zxhgxNYq/3mNisbG3QTs5jFLGYxi1lXMTwm0+dvLQlq0oRv7aiGRnvbGV6y9Az8uD3eiCncHg+Z/N/j8XSKYXj+9jG76+ptpzcuBtt4wuIC7LAUdZCi4tS5c6dO6cz1dXXuLs9cX19TOD4xsc+wEcMSE/tu/MLlcoekcLqqds/Ba0zNWrRJaah3uYL7qsOYOa/LbrWJh6FdF+bqdiC76i+MTxy65PAF3Re60/tnJ/YttDmlw4Wdtt2Lnl5RcvLMn84c3/D0rE1Kh9Mp7LRImN2MWqXSVJpt5kqtWqU2uq4fs6U9yCf69sk9oTt9AtmFC/uH9drIiph69HCcnzdrBQJG9qczJU8v2s3aHRGYPVqV3tEYaLCxl77QmWy1jY3OCiXb+ZgdrtN9+6w/sX/Pnv3I9uw5fHh24kabLQhtPT/n6ZKT1I4fP37y5IZZAG0XmMWj0LjLX6IRWZ8fefvtd9597tWDtgb1dRpU4vvhzM4vRiSt3LPt8J7128DWw4ttezISTtiEGoI1v/R0yXFqf6ptrD1z8viGRUo7aw1jNlZWfkgGoH1GRty98ttLtZpOx2yzLU7KWL/yIndxZe7Klbm5h6/UbFu5vs9gkwDNls7aUEKgS/4UCNRXNZ4pKVkxr8zBhjFbKrSff4WGYuGBWK+gAUmXK/ixMKQ7QIG9TRi5sqU9Bpk9GsyOC337zM49BuXjRO7s2bP3eAOBS0tyMxILeWa2ct6KvXtLkB0vaQzUPz9qd8OGkp2zdltYNpSZ1VR++FV5+Ycfvv3uu2g40jvvzLiwu4JHUcAvd4HM0NHMZtvGpOEZGcfQSriHM4ZuA2Tu9ENDByWNZ3gZS2et2LmTUJ8BmTfNei3w2ooV0+cdtJGLhSXYTcFxynygfN/Fxpo3G5suftTk/1VKStl5vpuenHSWkbc5SEOubGkPMIv6QPxQZpYZnzxp0qBhSN/AsW3fQnVYOAD1hkq4UE2QqrdOx1MnA/ZeYA58c7Y2sGjC1KmjymyWUOY6le3AvncagLmp6dJHTU170lLKTpmkzGrU6cNeAFFexxXJ6Umok6m9MrUCNnoJM03AcdpsmUyupf3yi6LCbPtiRCrqNdEHKYzGcvsL43qh5TJ7FZoZlIAxz1u2bt0qPD/2itcCeBKz+tuBeUKpMYzZo7R9/Mpvf/WrXy/41Zu/zliyJKN3yqlTFimzRVbE1cnVHFcg91pkFngvq+O0MosXdeytQ4mAmU/A2VEPZwWkUMsNaNhCNJjNp/um3db71t69k7fhxZu8hXEJeOXbxBcpc9WcZfzq8xtqm9GMDv7H0LpTE7aeNptCmL3K2o9nLK+pubhgRnra+pqabWmDKipYKbNdpuAUBTSGAU0rBxlBcC/p8ibH24UEatJx3YBSIq2jojNmRj3w+5xAzF8MTiCr/Ca+aCHMFXMWkkVKFm6o5Zpsu83KgWRBtXkHw5h9yvo3ZyxvCvgXpPVOPdzUdCJtUFWFVcpsBWYMgMAKCriigoIiTl4AzKgYK+X8uSAJaBcsA4N7TTLBztzt0nlEClmbLLcGNx03kmWOkc6YyFQxh664BMh+20C09BRGnhCRueHNxyft2b8eORy/cWNu2rCqCqeUmUFFF9drimyIWMBTy6E4S5iDCbxFUIwVMoMB01qjw3xhRHIK6vGWi6ovKNP+bWSNQSjPlZi5ag5Zh2jDN82NgYHBRbgnbC0zG0KYOWXjnsczjh1bP/vYsW1Ljh1bkjqi6pQ7tA5jqIwgcp1MK2PgLEAER9AZEhTIrTi2ic6G6DDrxiPEPhi58MUaDI1XvD1dqUMJjJXzyPJ/33CNXu72CcHFekt1ptA6jFM1HZ40ojFQsxGu8oWBwJ7U8VVCd2fRtapAgfvhquBdtpxzyeCXlFlIgA9SofKswt1Y2SgwGyo3IuaVcH3mCgfEL3YD9J4+ySlJ43VGI05RuXUWQW6of/75+4OrP46jMkuYtQ0XM1IWXzq8+NKl/YsvnUhM+VmtcLHF2XcVIMEY3MNeTrvsk4E2EmYhQbbchbq3GjgVqbejwQwFelhKavIeuFDBdTk5EUGfGJacllhYaaBnpRSCe+o3Vxqu2EaJVoOcOq+sUh/G7NI3ze6d3KtXr4RevRJ7JSaP+IVNL+rXirum8n02FS7cI1mFwLUhzEICF7pOY1aVTJatjQ5zpXFxcu/UYcfcBwckQmWbuNh1YXCf3qkDdJVakkB//qWnp09ouFJ/6rH70cqPdGXARbsZfTgzp6o9mCL0Ah4649+rlL7r1YHzhzNrK8tGpN2WOnRx3yRyyRo/AF70Kqys4FNUlM5ZNn3RYwNvvz+4DOLCpwWZpcwuZe1GiJtBg4YOHTZp+T27K41c52PuUVF5cGjv23onp/ZG1+nbeqek3HZb0osGg8Csr9i6Ydn0CVPxQoB4sTy0BqLSpNdGYOYMp2r3p/dOHzR80qQF9+y2qbjOyAzQhcN633Ybv/QYvEparOcjG0Of2rpBusLUijm7dTwyMEu+3jacaqqZfett6cOH/fycTXkdv0f3toNZB0o/lNz7VrKAz629U/q+qA9GNk5xfutLK3ADdBX8XrUKIWuFkxLC7GeVtQ0Xc4f9bHdthdrfSZl7aCoqy14c0SclJT09JSWp7y8PVlSckpZ5XUXpSxt2kqWI1m2Ys1UpQg5j9vs0yqraqtpKJevvtMwQvZWGssLF4x96aPziFw9qKyv0YTWd5nzpS8TmbTqlr9Bogvss4d2OPBqlSmm5zn1E2sncQ1VRWanXlZXptIbKEJFpLOg0lRXnSneXntIaK06JkSMx3xBrL3OPHkWqUxXI1KqWSgBeBQbCXqPWSHZU+7oqMzZ567vJdP9hBYP1dYhZjR34haYeLQNww43Vx75KjlnMurv9X1tfKXCkw4XoiRfZwLX5BUwXZebQ6h1oXY5mupoHWaWjGZH7/NzNx0yB8ZI1eDWiujphMRY/1za2tO8GOh5+OjUzR1Zg8QFtXbgBOd7bWoyLvtN3uT31Nhtrq3e7xX0yOhczlGIfAoYsEkjRzPT8BjfCboVahOz6w+q5E+fOnThztd7Z8dCRmf1eL9AIwBJk8UYU5ZC0VWaXy/GHmZn5Wz4A25I/ZeYfHB1NHYmZQ/W0p47CUdAa3sTg8MeD6nGuZWaXy/JM5pav/vY1tr99tWXKansHQ/9fRJF9HrGuNdUmg1ZzlJhGazCxNeK1ILy+yFKTfhtO5rmcD/4msk+yZlok/XM6nhmVZBTV/LIS1YajO1bPnDl25oMzJ06cOBNejZ25+qhGzO32RSzVpBMDIH/ylcTKc56stncmZs7rEYlsNR1dPfPBkVOQZWZlIoNXIydOfPDJ1RomSA3HhMc37nDEPpNT/jm2T/7xjw/Iq/Kc1Q5r52H2w8VXqLBYw9GxE0ci2qwcsPwcalmZiPvB1UeNAnUdXML94cxW6x+mFFPQPwcCByj0kSl/sHcaZkAWRLYbj44dPRKAgXbLruLiI0fK0bS9xcW7NgN91uSRIx988mhQa08YNGZ+Lg8dh2TmAoHLH8Ar5GTzc9XWTsIsQnYyR58kxHmbi8v5apfWveVHduUvxdSrNaytJWjErJ9cjCc3Li//B5qh/gC8LC7evCZvyh/YzsEMyHzlZT26YyYm3hICTLH/9knxmrysyVMmjg0GeCh0jx7V1meWFh/adwhIP/z++y+/5C7nb0ExkpWVuaO6ujMwB5GdlqNjCfGRCMC82ke25GVNmTh6tZbl628pNDDbRuftO4Ss+O+By5k53wd+n0OYs56xdAZmDiGjdR9rUFzPnZKVk1/8SUvE2L46sjkvc8rEJ4+yTrwmJFrvkxMzW5gH1iDgXbu2QGGetub7wPeZOYT5OcbS8cycFy1wipkNO0aPzMzJ24Wj+m8tGdK6vBikfnDsUYudhxZdsoDZ9MCWXWCb11wG5sz85kDzHzOzsI3uDMw+t5ss72kz7EBxnVcc0pSIZCjAs1ChttDVP91un4iZMT2Qt2bzmjVrDkAF9s8pmfD7u7mU2cR0OLPf7XLgxUvtzI6Rk0lJ/upqrHzL0skAzZL1Tx0ut1/EzNyVk5+Xl5d/GXc8Q70rA3+c3FmYObilIKOBmR2jAXnNka+u1sp3YehqBx5xC9U3JzCbzKNzloIhmQPfjZyLO5rPxdH9jMnU0cw+uDwhs1uO8siowRQG+AlpSJG9OPg/R9BTHnxSw9qtNvDgcvmCzJbt0wA551+I9Z8jp2Dm/we149LM7R3O7KfINezRsXNRYH8ebp988uGHH36AoGkD+vPyTz5B8ACdA9Balpw1l4sT2iRG7b3A/HsyLOXyZTKg4LmspXkPqDsOmTJ7XA6cYVb/5ANQY0dE/vDv//v9PwC6vFxyIpDq5ZuzpoxebcIurA6XJ8hsemZp/tJ/SEdRvJGVv/QZxtjBzH6KbMX1V96h8jDickBG/XkB+oPysN3QgM4a+eDRauLE5fLzzHp92TRor70hscn5a+7VduRXTf+HKzA7yS17dDQUtuLyiIH9PQ7Q3//mA3SrIYpwDF2clznxST2JbqvdI9xL6g3PLN2ct3Ta0ry8pbzlbZ72O2NHM/tJYbZaDSiy1xyJLDNZxevygS0fRDgn5bvyp4xc/d98kfYLzwz0pmde3rxm8+uvb8a2Bn52LX1G36HfKCJmD0WuPnrX5ByI7AjQVGaAxkKHIZcf2ZIzcuZRHtobZNYansk7tEtkh6Y9YxD1RekYZk6QeSzIvIusbCOJ3PLyD/l6qPlfByJAQwqIbiQ0gcZVN/kArVa/+pFdh3g78vKdv9N3LDJi9gmlGct8hFq5OLT/LCw61/wlKdHln+P/1CD95pwpQaH9wWe9Wq1BM+SRNa8f2rdv3+svPzL6Dx2sMmLm+NA2PQl3FpuPiKycV/ED0eXmexD6iIiVWvEuJDRDqzGP+Jm+VmtUrX7muecmP/fMdpWxo4kxs0tUaeftOyKBJvbBn0XjW0HoLeI0xcjg3mlzHlyvtJZgcIs+RaPRgNwGLeqF0xm+r/KxxKp3jEaVdpgh5sviMb3+A/nFQeBdqDbGjwezsqYMef+/q7EzFNySz9FQ6xTf0XEeymzCNRhBOXRITC2RGQyELia2ZTP/MBTfLE2GWsxCvHk683exnIt0wrFoaGijugYsSF38wb8QM/pm1ocH/V45kL8FybslP5+nJZY5cazeQtxBcHdiZjvOo9my465pOWv2iQxfWhAylvm7ifjR/n/hW6OsnHxkiFjMnDVyyFHaj8nemZl9tGsXDu3XBdogdvEH/4s4L6OHJ1mZX+IW6IFMRJ0jVRnsgbve5/tu+Tsxs5cGo2HsvdDUppzAjLAxcvGfcSH+1xS44crL/xIX7cvwhgotwZ5812oDLSq+Tszsocza0ffCHZXIiovR7127SKuz+Z9TMpfmrcn/ktwL/35KVr4AHaTOHDlWS5k9nZjZxViwaVEVJkYmxJu3/J02RaZk5q3ZnE8bJ0h10RdYwQI9Vkv8Me4uwPz+XZOz8oMao2YGekq7mb+58IPOa9bwzCB0ZigvLtD93qfMrk7MbKfMv+s/LSf/EL3uItzXMTIPGeBQbOfxb5u/m4u/vQtBBubfEXeMvaswb6b3e68jQ5fgvA/5mwtu7uSlefm/EU7BH/F3tFktMls7MTNLmNnf3ZuZlb+ZGr3FX7NGYETMOcB8mX/vmztlcmYk5uouxHyXiBlzw0/+gWYRM8RyltDybv6vkVMyW9GZ7QrMENt5oKwYOz//sogZI/5L2OCPJHRQ507NbGKQWd6/d1oOVMxiy8sX3Vxwb8yFpudcX/BW4/9FEBrV29hMXYCZef+uKVlLoZUBqALyb/4luqEivXrFG94Ig84MMnfm8mynzJoh92YtXZofNED+e+tTYV0OZ753iKYLMDsIswkx55AH0BQ65zffS6cE+97nuyLZEiZ05r1jNcSfoTO3SVwGwmwacue0nBzhwftSqKO/FMvMrR49ceTIiRLoyxOnZIqhczL7jzVR5s7c9vRQZmbsnZlZEubfSGZC42aORPZPyXn4vUTonKUP9FvNUObOfI/hM5iQVTKr+0/OWipizpJ+tQbMD0DFLa7VcAuUXK9I2xuY36/G7kyGznwv6TcZcSbZo3dBcIuQD3BS5rkjp0wOYYYWKBUaEy9diqow7M3IdOpnQxY9UcY4RMoc8g0q6DwlVOdA4AoRmlQEOZn9xpqozGynZnYRZp1l7J3TgqEdKnOA2zFx7twpc69ItzYTocm5ypncbwcNbX2nfgbY7NEbkemgVfKISObLYdNXhrZJgi1QGh7TUGhjZ0a9t1OPu/EbCLTJODoodE6ozC3af42cnEkPmtbvScZEkE3+Ts3MsYTZWL26/0+F0P7H1c436ZsoMN8LtTaV2cp1bmY3ZTapoRaDRhiovDTry2tlzs+f1n+skchs0Hs6+ZgyPriNFix0HjQ7w6uwlgyuVogZNVXv7bfDYgyGdqdm5qxaox4Zox5y39I1ebitnXng8nffeb8D++d3keyf2L67/MeRD0xGj33z8qb1A5mxH73WwXX2sYM+klO9AQn9Mr6LROMPRrZqE+lfVG2jO9Cl/fv9rpo60vs6/XhJzqIlWTUZRvd/as3Lm9csRdCTH0A2ZTIy8pu8fEBsk/G3OHCa7oP2iJHKzHKdf4yolzJXVL9/133o8dCavLycnGmZmfCfb1Yuxb/R/SK2aeQPaoLlo+dJ0/oP0fAya31dYFysILTOsvquR9bgJ555+RgUCioO9rw8VGaR5YgNbUTpIbJ31FBkDZG5s48F9mr56DY+edcjr+OOXBgw+ExwDenctRk25YmMJFhzb7+ZFpOOqExl7uzMnFVDRWLUY/s/hR9v42diL7/8Onra/fpmqaFdoqfCL9/bb6yB4WV2cF1jzLdfz0NXHx1751Mvv/6y8HRfYpKn38R2YeSj1TRSNAZ/Vxnn7tGQPOv0lvdH3/nUZvJtVShyEJ38oO95incBMtRf5HitxtNlxvZzVrWWGECP7f9I8S76zWSrhr7OW4OQa3T0aLWV6zrzGfgNGgH66Ni7Hnl7X3Gbdqj40Oan7kSBrafHakxcV5rDwaelSlfoLJon77rvqdf3HWrL9r3+0/79Zhqq9RUUWevrUvNWcB61oDTDPNnvjvueapP4qfv6PbjDwgiBrZGOKev0zM2cS4DW6qBQ97vjkbcP7WuVuD/EtdXIH6RRu7muNj+JBLrauGNIvzt/+tSufZGw9+3bhYhB5GpeZK1a7eK63pwsAM3X3lq9yap5cki//vc9grD3HQp2lYP/u576KSY21ggihyF3lXloxNBaHcMadjzYr/+d9/30qafeLj506PVXXj90qPjtp5766R39+yFim0nfMnKXmXuHc6tVQnyD1qzl/ZkPgtr973zkp9juu69///79hjy44z8tNSadkFSjklRfXWu+Ic6rF0FDg7Ta+t9Hd8wc++CQIf369bur35AhY8fO3HG02lqt04nSqfSR53DoEszQOGFUEN98f2vUJGVqWEul5j+JGU0WtobR6UUpNCqVxd+155XiXBqg1ohMq9fqTAzul82YdFq9dCeUBhfX1efS4nyMSqUJMxLFYaZSMX7uJpg/jPPoVSq1pm1Tq1R6D3eTzJnGufUqpfoqiN3czTNPHMe5DarWxAZglcnNcTfT3HhoqQZWq1JG4gZepUrLerlWkLtIe5vMc4gmBPMQc7tZo0alVAI4oCODv2jGXpXGaEUT5GFD040F50fsKszCTIdofiWHw05HE6JRgHY7azGhSzCZnhjoNVq4RNslaRwONM+SMDtiV2DGxF402yEitoaaHZ0ENOqsGg0YQ4j2sDSIGgmP1l7lusrzMBTWPp+XhrQr1LCSkheimeJoiKMIF8V316nD+Ola8bT4vHmlJmz302LMRarMOi/z9bPOivz/AXQ0URo+U0pGAAAAAElFTkSuQmCC"
|
|
next
|
|
edit "logo_v2_fguard_wf"
|
|
set image-type png
|
|
set image-base64 "iVBORw0KGgoAAAANSUhEUgAAAewAAABSCAIAAAAZ/3CGAAAAAXNSR0IArs4c6QAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9sCChMxDHDbo/gAADePSURBVHja7X0JmFxVmfa9tXZXVaeXdBaykEBCQogEEhYRosAIRhwCohHZhAcUfn9mfnVmHphBfRT1EZ7fDZQBFERA0YisYRslLIEEEhMWszYhezpJJ+lOJ9VLVdc+b9Xb/XFya7u1dndyD6SfqlvnnvU773nPd77zHX3ZsmWaFcodvF4v/uq6jr92u71cyXZ3d8fj8dxxkKnL5aqpqRl2jRYKhfr6+kpJAU3tdDodDkcZ23xYhFgqJBIJCgCEJBqN4ok1Eo+G4Kirq7NawXyQcSKIyVBR0ESmgUAAfz0eT45oNpvNmQrDrlUBOkDwggrPjjDMXoBvt9ttSSnbR20ifAamA9nT280Kwx7EQe6sViisyRwOQDYQU6AcAyMYDFZiHGLUAb7zxkRJamtrQT+jqTC82jOcCiXSRqA/OgWTQSU64kgKEJWYEgxYbwWLiR9pXIYwTYqHAOCu2uoYzBSQhBx9Pl9u9s0ZZTi2MCoYiUSAv6VrP5CIy+WSadUKRdAFwrrVGhYTP3ICcAH0ViUvVRhLADVwybzkCEVi8fABcD8cUYMTFeqrVqqgFPgB2I12wHxQoj7dCtqAPh2dgt7BB4unW0x8+AVQWgJ39UENIweghgJwUzQHtLlSYfg2Mrfd8NedCkXTZ3WFZHHwSsgk+kjQPO+OuhUGDcR7enqGtZyVKylOZtxCrGYVMEhAIVVCmo2T4iHwfZgqvlUEx1KD9c2BvBl/MnQ34BszrqUBqE6vcV9U6LmZoWfNrFUC8dwq16OEcRj+ljhb6IeHbE/C4TCwDCmTkOYQfTDN3HYpQ3/AsAFRX8xYUt/0MpusBRoEKRxtdoRDoQfFeNFSsxyZTDwbGgpyVQhryihPuZMqC8QXh8JdXV3a4QaOuolgaPxBnAO4xMG8lS3HggrgdDqBIxaID6KaxcxeqMXEhx8TZ++qejSSJgSMNyouB7dfQd9YQnVJaB6aM8Ys4xRSSuMYimF+zZu7MOmTQRGzBUY7CLhBla9GzqY+MtRITPKHqTXOEYnmZOXUmFv0fLgyccELTsvozrqRo9u7At4al8+eaNuz2+Fw8BydugdVFjQ3KTS1tbXImhqMjDiVN3Gpo2zySCiav5vH7nQ4M59RoeOqxHGYrS45eLd5Ss4DmZCxsuxkWjyxjFDOfRoDK7daeBgwcQN8J7c+ElpYd8Ud7jNmTd5/4FBr276mYybE+3qDgQBtCWgUXB1WPujHFyHcvb29Jrf1ze/ymQTrSq8biqhURuzOS8kzNmy2uTZbTXOsJ9Svhqk92zRvZulw9ASyGW57WpBa/aC/9dZbhdI0lZYOsO+Et25EzFnjcLomjh29e1/Hhi3b586Z5fPU7Gzb1xsMBg91xkKBeCzqdrvFu4VAeaHcPDcSpVvpDYpYd3V1mZHpUuDADHBXVI9fHHybR3A+yTsbyeccHypUcYMDhiIUUOmRh93qQdWjyp6ntLPFxweZiaejttphdrvD5tDsNns4Ybd7veNHNY1qrLdp2tL31u7rPLTvQGdNzZjRzSMR85DP1xvsC/V22WKRRCxK/SZ15QiUYCo6DYJeUBhcbSnbChMWlTZ57UnKDuK5vxaNXyUak+Vm39l2vPOaGJoB7qpBeUGze9EYXdAyIseHHM1edC+L7YoESz8++Ew8nW4TtUPhsNdXF4xEne7amM1RW1PTWOcb09TQMMJrt+mRaJKWd3b17DnYPbZhBF4GdkdiUbxo123hSLirNxDo7XXoiUQk1O0/5HY6wMuBerL5SVjndqgByjOKBSIALgd9pysSiVBzUjTkmdQmm1GS5EXzKgBZQdS7II1KOpSbhO8c9R2+iFOorX3efsmxUMg7ZwiOc2/MUjQNPhMncAejiUg0AeyO6XGv12dH9zidI5s8Xk9Ng8/r89TUuJwOOzeaEi6Xo6sv2trpX7dyxc4Jk6ZPO8HjdsX74oFgX18kiigjfN5RTQ3hSLSvL+Ssa8R7gH1/xwFfbY0zBejRXj912VS55Oh+xhn0haQclC/oqKcZNauZHde8UFUFPl5GGm6In3vGMnzI9tU8lA87TC9U92JSx2Wma7I9FLtPC7iHBBOPRqPgyB19iWlTptiTxytcCS3htNuAnU5Qa/x14LMd/7udLt2m+0PR9dt3rl76Ruh/npu8dn37MWO7LvjM+LnnTzhmXI2u9yW9RSePlYN919a4vW6X2+VMgmDK2CDYF8bs0Lpvf/euzV6vtwZTg8sFmCbFVvVr+GkoYDdPHpbit6Tooy4mSXcp8F0ciuWlfubh254SMPFplUgLYicqKr50s9EcsH4EcPCCYN181xTdZWWXbSuYZeLZfKeAg1O360z6mXPsbNsfCAbHjGxsrPdhtaS7kvTbmTT5ciHSrk7/hxs3blu2JPHmG5M3b5sVt0+oG+Xf37Phkd9/8Oridz7xCd/p5zSNO9bjdPqceMuGMReKRLREHDiOBdi23XuB12OaG+s8tR2hkMfjoXcn9VQexvNQONwh7mHxwWD9ktHDdREKh9wPS6HheQGrEqeWiiDjpR/IzGgemjEYJoN0N9zDBfQL0quYtPjM1k3mAd0kdlsQXxKIZ/NiSCdzPT09cUctOPK+A51bd+2ZNnni2OaRNocjZrMfCEW7Og/t29W6f93qvndX1rdsnN3ROc3hafaO1MCU44lGX905ibqT9/ds/sszW/721z0nnRQ75XTvtBnNY45pqqurdzhtTnuN293W0fnGO2uam+r/qX42BkhbWxttTiORSDbSLdaK1VSFY/T2pUJBh2hKGVrFAVYpIF46TuWulJnBj05Hz1bHNSMpv5nFjQHl0+m/+jmbpn4YKViKg3LNnLmRFcrc6WvWrMn4A2A0GAz6/f4RYybYna69HZ0JUCRNi4Chg2Pv3R/dudW2aUvDjm0T/N0TE86xtT63u0ZLKsY1/tP4JdVtkXB4b6CnVYvsaa7vnDgxcsI0x4TJvgkTG0aOdttsgXDEbrNNHDPqwKGupf/zzPjx40eNGtXQ0OD1eoXqml8LcyWekccVp6+gj6oibkUp4uSLyXKa16JUU6lSojpFPUkwXMaPmU1jA7JnQ385OJZtNWBwZVE5ITS/e1GcssVC9ioxcSoNurq6RozV4wnN7XI1+Lz7ewOd//2Tif9YPSWmNUa1Zoerzu1x1h+jJeE9noTuAd21dBCfOJ2uiQ3NExOJaG/Iv3pz+3stnY54R01tW1Njzf/7jzNOn93TE0i9nMC04fP5uJqGWKef1imIbBrkXjDCjFku3g2Hw2iE4o4wmNdOlhfEtaFhnVLEOh2djqXVcHSPXnTjiGVt7glAS1l9FKoRKvSosBnDlUIR3CLj1QDxbDpxOgtNjqhEvyjFYnH0QEPXwfOj7poR9f1ATTlJmIC5VByHyz3S7R6J1zAzhMOLW/fvHZBATbPhMWSabv49Hg+YeEbH2WYMD3KQUzkcrMoT8lVVNKh4QebeBRFSk3y8CCZYFn1u6eBuUqmiKSYNllfCSqwMDNu86cHwXEu7nDNbP+awOi+IjFuYXkEmTsPnnp6ekSrBTrJZZ1LljabvB+5C+yDRr2/Bey6nLe5SmQh+A8LSYSly11L7mQWhlUkcL2WLr0S1Y9npSdF68OroavPSPU7bKIzl1qr6SwEtuylnxjkg42SgZTfYLyNfsULBTJw8FIRUFNsJPbURpAv9ZognYnGdD2w6CK0WjamgrCfpla7FoincB+mypRLT2dUOXbPrfDuptMFfjGeQ3xEjRjQ1NaFsdDwtJwgMoqPlO8WnmbARLgLLCjpGUXSECsF35c5tFsS5+JV3hFoc/IhcE6TfxWxpVwaBiSMkO2CgE9Dgtv5GTz5Jom8orDc1JpwOAr/WF9KaGnRN1lOaFggm4nGtYUTyIV7q7Exl6+JMkIRzmy6Qz3xDSYvyZHA4HAa/aK2trZdccknuKn32s5/95je/abi1qzg7jdw4hXnlwgsvxIdTTz31jjvuUE8nkd0sXLjwnXfeef/99+XFBQsWjBs3bv78+fSqWIQxVt5alKhFwd9f/OIXL774Ij4/9NBDEyZM4AFaQ8xRo0adfPLJ/PrBBx9s375dGhzxP/WpT/Gntra21atXS8vgxZkzZ44ePZodvXz5ckzSZjg44kyZMgVTOz4fOnQIOeY9C2YI4ATHHnts7jhIuaWlBRzilFNO4ZP169djCNTW1kpl+aTSt2Y7nU40VDVzrASIi8NxuXPcAu5BYOLJy2c/Wm2lHJ6ox+DDEe2r1+pXLtCT24+JxNPPab9fqD14j1Zfrw28oN1+h9Z5UP/lT/tfWb028cP/b/N3aSnbQXuSvts+wnA9Kb4Y2DWpgMFj0ImbOebDS+LxrnpWKNtWjxmAW7lyJWYFfLjxxhuvueYagQ+5U40qIBaYJVyxYsWdd965Z88eQ1JPPvkk/r700ku33HLLrFmz0q0kS/QCVlwF1Th09CoygPKwJQ3+D9RL7LxeL94C9nFnklDLMHLkSCTClkGjIRrAlD/t27cvGAzyNEDeblXncm6519fXm1ejQyTMNCwP36q3LCEj9qz6BAVAHEgmZgW6Wuvo6Ni9ezd7s+wIJTmWch/poATxTV3QEtYK5WTiPT09PNUyoPxIaTCpFcHHYChywacc//YvH3UG5gP8Cp5V13+UP6mEgeQ5XVpz/9DVP30eACBx2+26A8MvYUsSN51ad0KtMHEMJwMTp2tAfm5sbLz55pvpo1wVAoxqn8/X2dnJ834c5HKnFNG2IENvxJQmAlMDtaTxDO0owLXb29uRJvAa5BQzIjJdtWrVrbfeylc+97nPnXXWWYiAMoDlgZVv27Zt8+bN3/3ud3/+85+PHTsW8QU0S1SnmEHtvBUH5sq18eDXANnm5maDdxq62D1w4AAwGl8RAZVCXQCsaHB0jcRE7dB6kCI8JAwJXn/44Yc7duwgrOeFJ/UaUojl1q1bx48fjzRVeM0R0Ptm2hYpb9myBSnLk507d+Jd9Kz6BGUeM2YMspYioY4QDPR+WVRD1Bym5wjBG17Gl7yWU/waWmR8cJg4rVOSq6FUw9t0oc1xrIHtV19xWFdQwgxGgTYqwT9SmejzP6f95mGtdRfjD+gf+lU0oDMY+RjVtamgMnEIt0AAAR2owdP5KojzdbI/9SdavnMPraARJZkGUgFMkynjOdIEnKGt8ASkDMMMBPNHP/oR42OaAULhV042oN4nnXTSY489BnAE9D///PNf/epXDQyraCe0Jf6kwqWUgWiOloSQGECc4EIQR90pRTyno0IeAtAHbcKtDsaX9Q3eQn+xp/LWVwpPRZ+WuqfJpL8aeliTr4888siyZcsMxBklgTiNGzcOXYy5GbMyBAx9OmnSJLVTAPT00YbXpUgoz8GDB1FBw+1FRYM4ZoVnn30WMwrLcNxxx/EM8/DaPBAn46o6xVKLDwYTl31M+o+VznC79K3btUBQoyjreqJlI1ZQ2utv6D5fCq1TXHx/e8LfpS9Z+hGEYDi5XaI0t9tUdYoN+ZIMAnB5s7sqE7KKJ1shLqgjmSe2gQuIIPQNCVK5bx6+Cdwk73L5kd/vBx6RhmOskl8TufAVMVG8Bx98kE167rnnovwoA6ABaIUEWf6LLrro/vvvRwSA+IUXXnjMMccQywqS6RLpdo5XVM6L+gJECFuHGRElEugd/DR79mxRm+zatQstgx6pH1CmiTJ67dq16CN0pZBcTGOYA0444QR0DYgCWmb06NFAf6oyEBOp7d27Vw5tofuEnKJ4WBIBbWfOnMluQmQQYRq6ZGw9w41OyBGpUZMj9aLk0I/mlClTUFS8BRjl3XIqiCNO8iRzPK4uDiAYPJsmi4NRqZCtRmjDqVOnUvWE1kD5J0yYAGFAhHXr1kFOANxkACgDMkK9hG8hMhqZSx92GVJGATi7SFFBKdAv1F8hDtY9mGmkC7BaRbKV0P+o6hSevs4o2xZ2V4+J2x3OcDTKIW532F12u23AJ5F+1739NidUncTjejym/ef3VfMV3eFIOOzaf35PUwh5Ih5NILLDWaMn3Wn1Wx3GE1rqdA8AUXTiqoISMiEjBBLQ0NAAucdgVh0xciTLVXAoP0bI4sWLwX9luvryl798xhlnnHnmmbIzhgF2+eWX48NNN930la985aGHHgJZw9fbbrvtzjvvlMSXpQI+IEEy6Hnz5uErsOwnP/kJSovBvHTpUnLSGTNmANEwLDHYUFTUi1qI5uZmYDeVRcBBVAEvYgRyw/bSSy9FpkIS0cgXX3zx7t27Uc2nnnpKTioh5hNPPIFigM9K8b7+9a8jZTBHeRdrgmeeeQY/vfXWW+++++599933wQcfnH766b/61a+YBVJ4+umnJRGkMHfuXAECgjKwycDE+RPKDGhgjwAsUEh0HHi3kFPqi0888cQlS5agsniFW5oILS0tACC81ZAKACyVwCLy5MmTgT4ffvghOS/3OaSL0UfHH3+8xEcbIimkycjpwMTn8hUNPnHiRHQNyiDLLJ42Qn1RWZmcyCXVswI8D4wZWqUOZ6UCPqCRubZA+fPWSF39TJ8+XXYLSF9kc5V8BUVFmUV7g/jyOrND+ckwWFNMD5AZNQ5e2bx5sySCiVAbuP2qQteXy81tBnWKZXFYZhDPdscmQJxMPGmEkrIx1AmRkLlATziSPIZe//Tj+iRlx3/RC4mf/hJDJHlyp5+d27RwSJtzpvaTHyVSNor93fatW/2vveb2+hIuYC1mheSooytuUrNsOnGVE9EQgqCfroyDjOLv66+//uMf/9hQtcdT4aqrrgKaUyUt+I5Mr7/+esg6v3Z0dGRsHDAa1e0GynzgwAEMfiA42xNITbDAWKKhpGAQ6A/wGuONu22IjyqIrh8lwUJezqzKvYX40NraiqS4pv7Wt74FvDCU6tepcNddd5188slc7MvpR9QXwC2QAcAFwt577720QlFT+MMf/gBMlHqhQSADquKeA5IbVigS2DS+Ai+A1Kgs0ITRMD1ccMEFqAgQEAiC7kCbCJJiZhVPwph1MqogkBpKAhaPWnPRw+eYHdMjo1kAymvWrMFbamkzMnH8ilI1NjYC+g26OPykrmN4xYdKb+kYLtshXjBiVBn8IG+NkIJMeJzmJRpaVRV7lkEdp1gopCeOZly9ejWyQM9CeFQElyAIjgAxQ7JoBDRdhexeBMSz+dkv1Bm6FTKDeDZ/4sLEo9FwPKFHYomuYCgei9dqerC3x1njTlqejGxKNDVKY4ddjsCB/brHk+g/0ZOytAsGnaGAV4mW7F2HIxKLxrv9WkNDKBLbe9Bvj8ddTgc6mtYp2XTiQsyBeunojAB8vOWWW2h9DGomcRYsWABqA3naunXrCy+8ABT+05/+hOfXXXcdxrM0AtguMOvaa68FISWDuP/++997770HH3wQv86ZM+cTn/gE1abq+EdMNBSeAMr5BJQTwxJLVwxajBOiVXKiisc9qQBiBWDCB/Av5I7yCMICxzHIqWDFABbsAA5yfP7xj38kggPOPv/5zxMR1q9fv3DhQjz885//jOeIqQ4DlB+M+Oqrr0Zh0Djo3DfffJMIjoy++MUvgqYhPnj6Sy+9tHHjRtmWZOOoTFzsfDgDCYLwWiUBpp07dwKt0Fz4PHXqVNkFZdi2bRswF03EF/kQawJMuqgpKvWZz3yG6IbCoHkNBnY7duzACgMwhOzQg5wykSAjpx/0NTDxa665Jl1y2tvbMbcZNHj0d6aCOD9DhLDUOP/887GGwNfXXnsNC6NxqXD22WcLSc9dI0kT7YCOXrRoEVCY5j0yF7IMciW3DATMtZs2bcJPN9xwA3qWz9FZ6Fl0lqx4EF555RVINZLFWgErGHkOcUIPolMqbaevnvDIhtEWZFeWiTcltHA0eqgnkNT3JcdSijbTdM9htx0+VuLRiM5zPQPbn4loJMXBDwu93X6b06XHY0mqrmuHeoKhYLDOU+u022idgpCuE1epZbYA0dy1axdwB6X93e9+x4eXXnopRhdoNUYOhj1GFBAcSQEI5s+fj5hC8FFfDDaMzP3798vFFKL6pBpU1gryHF9BwTAYJB3OQ0QTFpvLbUP42te+hsJwThItRFtbGwERf+WeZbQDMIvPxQX8hRdeSPUuyjkpFYButPoAoiFraS7UBTVFyTs7OzloAUP86eKLLway4zkKDOy44oorwNAFPtALKEO6KSQrhSKJ5gHAAYERRglSjCcEcXwA4ghYg4YjWd5bj3L2r+IWLcL8wdX9888/D85Ixo3+QlIAJpWc3n333dTkoK8xP912222iNMDkgbIZ5jDpqRyBFiaGFyFOnHfV7XGeKKYq3yAYkB+hyXlrpMr2Pffcg2ahPscg9lxTqtvFSG3FihWYKlDU5557TkAcPQVBwsOTTjqJTzZs2PDoo49SM4kZAh2N7lbVKSATVfA4xnWbQLl1HL/aTJz8MXkiI3U4xU6VSDxpdxh64mn76NHi8yr69oqkacrhx3M0hyO+py3857+oy6no3r1auA8/pezE+0M0Fk/eODFgnZKuE1eZOMbAl770JbF+o3DQvhDDiRpY6q8BE8ceeyzShASTUWI8nHbaaW+//TagBAQWXFgkBm+BNiIOIgOPCJpACvkV75Jw4S0V3CGg6uEd/IS8qEshP8rYyLSlUatJHQsngNqkYuqw46bcLfjZz36GIoE2YtDiK8qJKQcVAXZrA0bcvD1DBue0adOQMhqH52CBEeDCJIYIKCFaEqVFfAAuIACDn0wcZTAwcSHjKCTyhYSw8GgTmcOApEhKzORB81999VVkxK9YRiAvtDDgTAgyyg9AwRM8R1ExKRLyMDMtX74crSEFwFoKgItuRVFRPDQCmoL7dagFlxEGmyUUMt2TmiFgBsJ6iJsxak3pUUfVbiOgkKiC9BoigNKiSBAeWQSYrxGqgGIjJmrEjlAV7hRslbkD7tEpyA5/VQUjJxgeklDLgJhIFins27dPTZarXjncMIhk3ILsCjPxFN2gpfgATiVNDhOBYPBX9+pi2JA6cA/k0L3e5GeapyByb29s85be73xfuZ5H09GhdjnsM6AoT0mWWKekn9hUdeJiIKF6OuTufCB5i2cvEY1rVer+gF/4TKsSUQ6CEwFipBFIDImMGJY8TyhEDInTnA5P1MM+9HeIsomJNEYL70VigfEXzBfDGDCBYr/55ptY5FLnDhzExKAmxVUI7TH6T8wOeDNn1fAcZLylpYWbqOmsB8misjwyJ1pXXkYKgMDIB+qJ6Qjio0YY5BjtiIPGBJQQxKkTV5m44VgQ0gfF/tjHPoavxx9/vGwtrFu3Dm114MABHudBwDwqkLd27VoyA3Vi+Pa3v51RDrnrq0oCph88RMmBeoBC9B0tDoliqDu3kdXpn6eW5Ot9992HLqBZEZ/jA/fJ0RRqHWlcoc7BbFLDHMkjUWhY1TLHfI0wLUEsUQDUCFJnsIKlTlktA9oNFUcLQN5E4ca5Cq2hPkHLULuCgBw7eV5aSZZ7HpUGcTm9KWsXy+149Zh48m9yy5GuDCE9YOIJ2VUc8ehvbdOmaUR5u73vsT/1/ea3I576sy2FIMmHNlvPf9ya2N/ue/ShftdXqYP23dfekGj5QItF9ZRE9mN04iM78YwnNlUmjvyBR+BfEGWhTrQSo7224DJiYmhhfB533HGASww8ddVPJBKhobYaUC66bPwqRxBRNjp14fkU1SMEy3z66afzCaAZTceHXPbyKCCnEKGoeAhopsGiuueGgYcScg+T7UPUoIb6gQceoEJfArjzCSec8PLLLyNBetxlZBmcKDCGMSoFNMdPgrZcc0xMBVQN71IjL9oJWqcg04weUxGfq3ISTDEAxSQBMEKOra2tWATgycc//nGBFUAYEN+8e0jDZiNpL4g/qoOCocAiAEgTQiLrm2w6cXxGHeXQFvl1fSrwakCVd6u9I0wc76oEFumzy0wePjKoL9gLInWUFjVHllmdBlBTdCWmXpnAtAFPnCrvoQkQYiJxpKCew2JF1GPGldaoyKkfLc3foQXclWLikI8kE+9vXN1uSxq32Rt88XgCfZ6orYnva3fMPeejbgAy2nTbuGOArx85FK+tTWCojPlopyXh74rvaUuBsmar0e1Om9iEJTRdPbHJg9qC4FTpqutcDDmMHIED2hdSiy1IRO02Rh2GIokVksJD/gqxBgqoOlOqwkmu8ZybliKIUjayGJWJ83z53Llzly1bhmhvvPHGlClTkC9pCApGKMSYoSqDII7FBNpZVhi8t5NZkMKzg+T8G1qACI50Lr74YkAka42iLlmyhFc2kz4DoVTVKpqF5aTmR1YM2sB1zywDPkjxeAw9o05chES2ZDXFbS9W8WhYvNXe3k4QF78loOEsDBKXfWCEW265BV+po+ByhAtBmi0iKakLkqLZAxdtqI4QEb5CuVVBwcDE0b+ANiSL7IhfnP55JFIVBm5uqzsxZJRsK1UnzlWLSnXBxP1+P2AUUsGFVE8qICNAqqpSZwHoQB/PGdmQo1oq6iWoPFGfs2DIVHRcJ5544ubNm2lRQ4836RWhGVilmTibSNWJW8d/ygbihvWjuheEpkS7R/swHhw2XTvU5bf5POETT4nqf3VTofHrB5wXfUYXSuVIOSw0GFfZ7NrhXRL69YPxPXuwIIQMxo+foNXV+dsOJLePGtyxaER8p4h1CkcRlcWqnTjPMvA4sqHXKSjgxe+88w7W11iu4jMTxHMQ4cWLF5NpgvvIbbwc3iSetI2jrAsRo9trUdbL2KYWggvqBQsWIFOMjVdfffWTn/wk1go8AEI9DFK7++67Bf3laJJYIwDTVe8xb731FqkWs8Bz1IUxUSOwb+5/ooSIxvKwlVgLoW/InUwTsEUbkpkzZwJqAbKAzlNPPRVlo1n3pk2b1q1bJ9YpGXXiEjhPIBEVHTgHgCTiYTpF2LlzJ1VVZIUCN8D6d999V86vMms2PpYRXCUwBbQVvnLWZNuKhfWOHTvUI7vSOwYmTot1pCMmRnK8ADFVyCYTVzUzQmC5X8KHqCl7h1M+40+dOnXNmjVcWYqE0P0AGgeNIHycU7tnIBgM8phjul6er6gzAeUTz9EOnDtnzJgBjoKpGq+Dj6smhtVk4sRutANLm9EXuUnstvA9A4jnOLEJOgMwqg0F9Jp6iOaOXbsiCW3snDOD48fU7vdrTkf0H2u6r7/J/cXLkvCt22Kr3gXmhR5/Uq/zaQPqlNjOnUCm8NOLknJp02Pr1vc98BDoOVh3SE/0zfusvy+6actWn9c7sr4OU4WokkkqSZyF76h+l1AkfFXVJqo0Y2BccsklwFN8XbhwIYT46quvRgqrVq264447+NacOXM4YFS+z3EoOKuqRIH+LBjyxSvpTByvY1a45pprfvvb3+L57bfffuWVV9544400OWhpaXnkkUdee+01lTqRd6N4tC3BeFu0aBEVBcuXL5ejRqIrF3OO1atXAwtQBcDB9u3bX3jhBaFvJG5kqVILNhchEunMmzcPII6fHn74YURDW+GV119//ac//anawulMXMUXNteuXbtUEOeFf+wOMFM5ECRMHEmRlyF8+OGHdBB41VVXoYloWQRQPvvsswlDGzduRIsZfF5ffvnlS5cuxfSD6syaNUuev//++5gFucyi+TO3SVBB1RCbc3z6IQPpx7xMnMIpknliKtBuBMyXDgh5CgGFwZSD3E877TTaI2Ia/vvf/86FkeTLBSiSZeOk52goFcuADlUVL4zGtRRbD+HMM89UVyRSXzWRKqhTuLcp64a8dwBZYF0YEzdYHUgfU/p7/Qc9tQ3NTfU+T41ud/Q2jOm77J9Dv/xdjdOX8NRGlrwRee11cm0douB09t7yXwPXbCY7IpGiId1f/5eBO4ASuqcmifiBvuDsaX1nnevsCp90wvEQo3Ak6kmEyKG4tORQVOVA/UrSQdasrkkFpwBw11133aOPPoqffp8Kas3PP/98IiAgQ9URiyKbeaEdxA0pWCo9Wy1btowGMAadOIYr8Pq8885Duz399NNY2C5MBUOjYzp58sknMVDJ8sjrL7vsMpB0LXW6UowIgVA8SURejGjor/nz5wMsgFbPpIIkS0N1WtDfddddIJvC9YRTU6WD51gl0CocIPtAKhjSIVnLoROnwOC5uvbXUsdfybXpwhAzn5yuxBQF2o4FBDfl0AIAcTBWep654YYb0rMAPaeHHFWPDEYJ0DfExPSwZcsWACU3b1X6bLgflaoYBE5ybBBu2hssKDgHqEBP6EeB0d1oJbGLF5TE5Ir6skYZDdKx0OGJJHVfVPUXZDhJRNOUjGUwRGZRkS9wGSI6d+5cQ9YrVqwQL8FqIlUAcdnezK1RsY7/lJOJU1+GYZbUVI6ZYNMBjrW6TQ/3BLovu8KzbJnzH1tsnlqtn2Ql5IofXfVJ1H9PsqYno+kDNijJ0Oex9958M0i+yx7RvV6sYwPBvnXvreLtzDQboPMp6bx0Jo7I5NSUSKpTRbeLh+eccw4GzHvvvQcsEKwBfNNADRJPv4MG5aaopNkOiHDTTTf95S9/kU283bt3gwWnW6fQ1xXSPOOMM8CmlyxZAkQTFTMA8YILLqAWe/z48WBk8iJwBNwT+Lt48eLW1lbG/8IXvoAhBzovWaDKwA7wULQDlhRiXY6YAA60GyYqkjhERmmlhAY7E+qIL7roIjQOsI+UnDoQgHtHRwftXmj4nE0nTrBD4aVZGDZs2ICVuwAlUFtAHJOTLRXokISurJ544okFCxZk3OfERIiJEzQfv8qq4q9//SsKSeWPBEwP999/P1UEJJiqspjnqtSvyBfNpaop9AFnEiosUo+nsl0hsIiPpRWINuZs+RUzFl55/PHH0UcZa4RZEzMNdYCSkYiBMHF1XuSWoMrEaeYRHAgGJo4SolLoBSzsZs+eTZtxCBWWWRgFAuJqIlVQpxi2NzPaGlr7nMUFnRtN6c3NNR0gHiDudNfE60Y7nY5oPOF2Otz1DWN2b2j4xr95g0VeraBr+v6br277/HXhru7UOiveFwo31Die+ePDPOhIizcDR0DZMPAAoIA/ejcFp6NL0vT7ASigKDziY6QhPpWeSYP0lIqGqkma0NJiBGiLKgMywA0B8VQC0KUcfsXYA7pBBBGf6kWkhvTBJZPbv01NKAyeI1nmu3fvXsTnGKNqlQCBAnBdSWRB+SdNmgTcx2yEkQbQBzRTScoCcKuK5u2YAGhVhvHZ1tbGIzPUiWuKhRmTRdWQI0qOYqBUoKgoM1qVMIFoPKNIW2885MQpS2we50NT4C10SrZBxf3J7du3b968GQkiRzTdlClTJk+ejKLiV7QDftq5cydqwYIhTZSNXsjxEFUGBM+YMWPevHkCzc8++ywgEu+itWn5hxdRO8THc+SIyJiEGPm5555DfFQBMZEvCmDwnYtidHZ2onnRxUgEAIpoxx57LHdfDfKP9keziAdBquDRIKgjnuBdlB8P2WWoF/oCLYwsEA19hALTNnT69OmYswXKX3zxRSx90EQoHnocHYE4kGSeQkDJKT9Uc2NeRGk3btyI+qIMmAWROHKnjTyyhiQgEZQfBUNp2SaQBLQ8niMRvIiyIfGDBw9yVc2l2A9+8AOWB8s1zCWIj16uDhOX/fmMIJ6bjFuYXgwTTwyYbKPR9+7YPmPO2O5IzOF0JO/nCfT6p5zq+P53HLd+zx2zac4CJADr1XB3d+C6L+7//LW9B/0uu63foUoivuqNV3i2iISCFiDqIpraSUSguzhIJDeXsh2loYtBDCrEgUxTkU27cqo+gLxEDVJ++oPmERuedRaxAwgiMrGPFuKIQB8d5PIcq2TBNC3HeEaazJeQTeM/Xp7AyFSnULNMV6jcrGMussrmzhj3b7lBhMLgFSQu7tFZci6lae2TdF6WUi6hhARoojynE64wgAKcGnnyk/Mc/W9oKTd4dCKGt7KNIuo6ubvI4tHNNycDmm9yC5paI/ocZ5dxVkOD4Ces9EGx2exSd3p/JP8FTgGtAIKkq0Dtp556CmUj4+aeIUpOOxZ1xSabBMiXEUgOaHtjEB5VxsQYnEViF9NBJlqM2nPEJzjShS8FjDucK1euxLpK9uSpqeNdFuwCpklvBAb54bl8+ufiJM3XedABkVlNLv4ohKJwQ3aAeO5SYHa85557eAIIb4kJLA090WViBlY1xBEynnuT0wLuInXiBj5O2wB0Pxq9e/8uvXG8nuh3YhUF9s+9yPnDPu17P3ZjFLidmhn3p/FEpKc7fOX8tv/zrc4Dflfq0k70lL+7t8kZ27BhPZgIj0rScJDgpV6xRo05hI9WGdRB5+ARHGAkLFxi0zaR9hvEU1qVcVYg7hu8+9NkApHBoSD0eE5zcr5CIwpE4EE7vkVbb+SL0UKkIEQSQVgvog8N26kIog0JLQ7jAw4deQib2C1n+fAXTURX5mT6vG9Bph+WDTmirThb0P5EVa3ycApGO3Ok6SE1EtrAAVHESXdF8pHlUQqMOHlwicCv7Bf66uPsgqajrok+EdnsnO2odkd1wCU5nUjW9FFF3OfERp8zlEkq06g9QI7NqcA5NX1ZRslBgsRH1kt1TCbckN0tR39p5MPjAnzC016sHTsC0kUwZVPQnJRoi4FCaEbutNpGU9BGhQWgVh2fVflhL/CsrxjI4jPyoqyKoys8pzxTMpkIVgYEcSR+5ZVXvv3220gKKw+x1v/b3/7GMwe0wqrmxW+iGU+n4ZbRYZGKDXRwjg1lWotjcQcGNHPWqR0RR/2IOpcTjNzucDo9TY0NSxZ5vv9jlz+ieWqy4bjOe9oi0VgoEPrq5a3X/+vu9h5nIu5CQnZ7p7/ba088t/AR+nWD8MkVyeI3SpKiJwryHW74pN8AmW7bRKorhi7cyFIvaaRgUbYMPwlhJJtjClTBk3hyYiBAU+GrvqVeM6gNHMfgQOVDPpHzkCyG/MRi9Ls9GHiXTySmJCuLGB6GlCdkgtJWar3kNlsZV6yC+A7N1sLivDu9MGoDMn2SVk4S3CpUdxHFyFomWiZC9JdzlVz9kPwyU0mWkcnoM95FKT1IGRAByCg5aky2ABtEfSJbNWoXi50im50kV3zscKLlRiJFhY3DNLk65BkFloqbCqqEiEdA1dkyE6Fksmwk2rRcyjgoli5d+thjj2GsTZ8+nZ6cqwmRHDKqGWUpFodW0HL4E5cDBQRTNOiGtaunnPgxf7fe1FDn0h1o4LC/q+vTX9CbR9m+80P7lt16nTdzUoDxYCju0sLf/sbWf74Ca2Lwdl7Leai7x1vjXLfsFQgirwWgCS1pePq9ZRwJA95WrD7OMF1lHABFb/rn8CBaXPur5RRspZc+Hq1SJzC5fJkxxZmfTA981xDZ/D5bKXt0eaOp+J6ROmQMcqxfG7CU5bTHqnGKVYU/PSkC/aZNmzZv3owxpe67rl27dtWqVatXr+aRV/ppMXnKtBIalXT4tiwOy8zE5VwcKFJXVxdWu+0dHVM/Nlv3NY5uaqzzeiBa+M9ZP8J3YKf3h7c7X35bq/WkjvwoLByp9PRoU8f1fPe/WqbM3rujze0AaXWAhQf7Qhh2LctfXb9uHaQKCM5bArhOFL6WsS/JhcnRrA7O6Hq/civTgq6ZNwnr6rJAgF6138iLpAXdm1oh7K5CshR48hsV4tkp5OaGLX2aHtIoiHshBHGMOIy16l/5Jqc3MyK4RcYLFgmDdYpBvDiuQqEQbxFsb2/H37M/fVFrZ/fopobGhhEOoDhkCQtZe8z72IOu3zyiHwhonlrNlmr9vrCWiCQu/aeOf/33lkht++62pHGL0wEQD4XDLocDCN6yYQNP9yHQ0aAsivMCkAg00byaqr0hheAGy+JC6Uz682zgUuV1NxfdKmEXsdTKcUddRXG/ouifG+JppAjihdGKv9xmoC5LVPPc1c/r3LFCgdOJoHZuKLfQPI86JZt1ikGpwn05bpS/s/TVSdNm7uuIY/U7dtRIp9OmhUJBuyNy/Tfqzj2v9t7/1v+2TOuO6pjgZ00J/d+bWs84f/vujoB/nyN1s5tu03uDoREe9441K1f/4x8UJrEm5J67AcFN0kk57KNKxhFPwFVfKJo5q9viWsawkB8ExqFo0uW+GM5hRXPz4cLfC0pKjFm5DU7TI2ojMYQ5QMDWuZ0gipoSFWUFVUT1y2heqTKIlGJYMnGV7xAseOkM5nas1Do6Os6a+6nOmNPldE0aN8bnrY0nVV1xzemudSVGvP927WuvRKZN7zxvXmvEeXDv/lg0dT4uHnMmTbuiTT7X+hVvImsgOGg4PWnQpIH2GKUbjRro+RHW30JOc2B3ec9QDNkGFKou6JDO2cuL6ZXm72WBfsOudbYtfcOKlmxd1b8LnSo7vnPbNgeIW3oVs2Nz+fLleaVHXOjRE5vf7+/s7ASaTzp+yjHTT/H3BCaMaR7d3KQnfRBGIxhETtfBroNOZ008GOoLBjCmItHUvddAeS0x1udc+PCDIAI88o7A++Bpe5dRFa6VsI1GwRVrxSNAGsQZYQ7mUhY+LmNseKmqBL5lqhNEkw3VoQzl5QLxMq5+RAYM+nf11+LWkdlO/eQl4xasm2LiqiiIJRNx/NChQ6TkdXUjRk+eGnPX1bhdE8eO9tbWJHRt287dK1evHze6+cSpx4WSnn0iwb5wKBKu93p69mxd8upi3lVPBMcHuVJStWYrsZMyUjCDIeBwlAOxPDNIee6v5peoGUdLlRW7FW09dbNHdO6GM4QVwvThtfWaO0EBbgNtV+1n8pJ31VWylqYcL0Vojy4Qf/nllwtatIo/vO7u7q6uLqA5iPn0k2ZOmjmns6evYYRvdFMDhkdXV7c9uenp6O4J9vT11boctfG+De+vWrVypc/no183EnC64edFf+ViyrmNGYiAPC05jOi5WJEXpEIpdGvBwIyO7K0FlaOom6jpe8VFw2XlIlcIvgtKLZu2U7A43TJS1c/IfkZxLrEsfO9vAYP3IjNaNupV6EKIfBwBP5182pldMUdndy9YudvpjMZioXDY7XR49Oi2DWs+aNnAg3lg33Rxp3LwbCcvMvZT2QfGoG/ZFcQizSOyVoiPZkNDHUkEvERQM/D0KnPeqs1kpSte8j5PR+q89yZbGJ03OMxcBG4QaG1gm1vsloDCnZ2dK5e90dDYePy0GXqtJxCK9BzqONTeFgl0b9uyBZFHjRoF6g3g5sF68RcqxxdzcJ+yyKJJYU0/JjoU4DubEWHuhwV52c89Q1hBbaXyWjoeATNBodJo5rMlimabmp6jDfNhXu2EHEMnJe/q6gIrP5QK+BwIBOj3R7yF8HYY3ixD+KbfEtkoL6KrikZtk+Ku0vPBkiTV7sK8lB95I6Ho8lcB2gwkXVXRDDt0Lj2vvPSiOCi3AD0X71TvECmUktNXA21RycfBuAHQ9AdEK1SCuFcJdIhBAp7NwrcsMlciiKv2TzLTVFOMDEaEZUFt6was6hP2CoH7kOXgucXJ4uDlB/GCDt2mU3K544oeiEC3ScPp44aeeuTGSB40EA14Ga3WCsVrMyxelSFx2WHYmak0Ac/YREUcrLfGw1BYOmRUrFcO3IcIyhcB4pZL8cJAvCCdeDYop7NjEnPAND0ZCVXn/SnEbvrSUo12K029SzQdyxitovRcTJuLU3yXuL1phUHh7Nrh5u2DCMplTLw4tbgF4gWDeBGXeqR3MyUP8C3Hw0QPID561AMCVdCcFAToxR3HEJ2SGFGVKG3i3i/j8ii3oFvD4MiD9YxqmeFIzC0yXlkQz3YtTtFiIWe6DO1OeFLZd+nCZBKpi3CsUXTZ5NRyoQJncJZfRvi2HFAcSfieztyridfmEyx6h1OzvF9VgYlXc6ovnYCXBdMLqpf4qTBp3yIHTFQNuPmlqFbC2XrLGPyI4ezZCPvgkveyGBpaIJ4HxHlb/FCA7NJdTOT1Ol1NSm6SnotDPpNLyNLl3hoSRxW+m1e1V07+TRJtSyVYJIiXy6Fwlc/+Forggw7oHEVyClm9Fk71FVcKZykUxy0OftSCe25VTIUEwwwdqcKVJkcgiNM6Jcdhn0oP9bL4+ikLKy/djsVMTMOZ49J5dxHGttZIsEI6pmsVtmevxLLSEmmtXDrxQbm8qiDqXV5iXvb6FrHeLNrFlcXBrVDQ8rGMYlMuMxWLiBwG4n19fdWc8yuRSKEAXQorL6O+pfQDypalrRWGAmevEJRb6hSzIM67rnP7Thl0Sq4Va02Yg0eU0bKl6Iqb1IOXwsTVn0oZeFawgskRav6C1hLVKRag94N4MBgcstJQXko+iAy9RFZSuhbF2sm0wuBiunw1bxJurSbNgjjdVx2FIF660rxoe/O8EmySj5tXHVoc3ApDOVjnNocuE6/mhmclTFaK2w7VCrFRKZciJbfEWwhuheEL65p16jg3iHs8nuHFwUuE8uqr0YvgIEWw74yzgsl7ga1ghSEI33lPO1uUvB/EA4GAVr6NzUHn49UBd61YM3PzV1hp5b663gpWGEZBXMuZF++jdggMRZ146XNDJSwRS2ToBS0Ys11dr+W8QDb9JlI6Jbfw3QrDkY8b/DxbYpyHiQ9HpK40N9dK3gvN9rxQhbhWuEFhehksNLfCcNSoaJZCPC+IV8KL4eACekEMvbzAbWa2MH/GJ7c6xYz4Zlw9WPTcCkMfxOnRk38tnXgeEN+yZcsRUI1SLkMpO7JrJbhdLsgcRTN3qj6jxa54bhncm6CtYIUc6hTNOrRpBsQnTJhw5NWqXBcol47m5SLjBSlSzNzlmO7HzrCVZAUrDC6Cp6vFLQTPDOJD8MTmYBHzQkG8OEA3Q8PN6FK0TDuZeQm44a/hqwwYXsxkYboVBhfKs1FySywPA/G6urqjAbUrwcRLB3GtNC9XeStoHr4zxhEoL/pmVCtYoUQE11KacdGSW9qVDCDe3d199NS2Qgy9xCM/5bprLQeC50DqHEAvf7n7zfuJrGFjhWpycNmEt/QqRzgTLwtPL5qhVw7EzeN4Dj14NtQuCM0ldwQydIueW6FyIC7rv3QEt8i4IfwvAoF+ROLRux8AAAAASUVORK5CYII="
|
|
next
|
|
edit "logo_v2_fguard_app"
|
|
set image-type png
|
|
set image-base64 "iVBORw0KGgoAAAANSUhEUgAAAewAAABSCAIAAAAZ/3CGAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAA4ZpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMDE0IDc5LjE1Njc5NywgMjAxNC8wOC8yMC0wOTo1MzowMiAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wTU09Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9tbS8iIHhtbG5zOnN0UmVmPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvc1R5cGUvUmVzb3VyY2VSZWYjIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtcE1NOk9yaWdpbmFsRG9jdW1lbnRJRD0ieG1wLmRpZDo1ZjMyNDdkYS0xOGMyLTRmYWUtOGE4ZS1mNDkzMTQwOWM3Y2UiIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6Q0IyNjY5QjU0OTBFMTFFNThFMUNGQ0FBRjMxNDhDMjMiIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6Q0IyNjY5QjQ0OTBFMTFFNThFMUNGQ0FBRjMxNDhDMjMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIDIwMTQgKE1hY2ludG9zaCkiPiA8eG1wTU06RGVyaXZlZEZyb20gc3RSZWY6aW5zdGFuY2VJRD0ieG1wLmlpZDo2MDZhZmM2OC02YjBlLTRlNzAtODdiOC1hYTlmZmU5YWMwODkiIHN0UmVmOmRvY3VtZW50SUQ9ImFkb2JlOmRvY2lkOnBob3Rvc2hvcDozZmMwMGU3Zi05MTc1LTExNzgtYjM5MC1hZmEyMzFmOWJmM2EiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz746FfVAAA8XElEQVR42uydCZSUxdnvu6d7enaGYVhkVxA3iLiB4oIajRr3iFuiuCQqxtycGDUn8SbHL4nJl5zPJTdXY1zuUTGaxDVuuOGOoKKouIDsi+wwwOwr0/fX/Wceat6e6enZGgbeOpw5L2/XW8tTT/3rX089VRV+7733An7ozhAKhfLy8jIyMrowzZp4aDNaZmZmTk5O12adhhCNRmtra1OpYGuBKlNxqt+jNQc5NDQ01McDz35X8kOLIVxQUOBLofNBQBkOhyORSLdmVBcPmfGQJBrFIEIwGOxxkmxsbATB26xg8lEzHA89sfqph21NQfjuoryP+HsWiJeXl/tS6IjgwuFQPLioTY+qrq7ujuxgZKRM+m3GhIFSJHXvHifVFGcYyUfT7OxsSWwPUUWNVfrLEEjFPeCu4PdZn4n7IUbxsrKy0mydgHczm6aL5ubmJo9J2XquAQH0oaaaQHQ4Eb7V4OrrqlHyxniwB4IvFp+J73GMOz8/3/7LTD9tWcsu3CaHAt/hniB4Qzz0RKCh2FS2k4UHu5GDD1LJR0qE7GO6z8T3iADt3VnrgVrWo7N5xo8WTQdQV6L1aKpITfmbk5PTmXTg4Ihi9zaCdx9Jl+3FB/SeCuIVFRW+FMwcARBoMs7UPv2dir6UYnOIdQLiPZR9B5pstUw1OilqhIA0fLNvJxtimxN8NO9hIJ6c6+1RQTzO1gPd9SI9uG8S/5v4SbvmuVVVVTy02RxgFoPNbmD2Rc5MOCLx0EkOjkB87e1CJmHrov64uIcycWt4e3BxcA8fIRIFovlsipRT7Bv2akNIT5SqCHjnVxdkTZIMfUNK1xJzgvzTe6KPk8/EOwvf22dnjY2byqpLKmuK87P7FmSHMjI81NUPHQua6npwP1GkiRDf4lwhyTSimwaJzruBW6nkle+rU3qIuW9j2c2ZuMG3lkoqahsqG4P7DBt+8F79V61bv3jFyvxQND8rnBEPOwvKQY28vDy3nG7wF3baNYdo8blNcxNYIC/mznNwTUrS6Sy0J+O4ll7M99wPu1YPnTt3bucnX4Em76XNFTWltdsG7bXXyKGD15eUlFVUjhgyCGhcvmrtug3ri3Iye+dlh0OhdEK51gC7nE6q4ob+/paKdA4qLhtIZQ7hG/S6JPhQvvswcXebr/Crqq6hvHZbKCt3yMCBhwwakJsdoa9MfXY2c7DB/fs2RgOD+vUdOnDA2o2blq9dH9pWm58Vys4MqzcGOrEemJysZcVDoPudu10LdYviqqqqqq+v97VtZ00gWnzT2kwi0LqVqQPDxu40criU3J+29hgm7lmlNL5JG9bUbausrausbQiGI8V9eg8e0Le4sFdediSUEaSR6xsaN24pra6py8/Nqa1vqK9vqGtoQJtzcrLqauvXbSrZWro1MxjNy8rMzcrMCoeEg+aa3RnqBPXupNNxFxJ2xg9/aWhPGCFSGSqSoH/HhoT0Dw+ad5qV3KfkuzoTd00lmyrrG2PYHW0MBGMbK7Kze+XlDyjO61NYkJ0ViYRDOZHMUDgUzsiIRYkN2o3LV6+bv2TZyGFD9x48UAnW1taVVVTR+MW9C4cP2osEt5aVl1VUri+tqq+tbdzWEI4vfzIMFOdmGklPUVMjkYhtTO/k+RudV/ROHsLnB3+E6MDY0OZcoV0Wp9aIlPZnKfh8fJcA8STeKQJxzZ6qyhvGfWs0bRYKZUQbQfZoRjADtM0MZYC8IWdzY2V1zcdfLVz63rR+M/4zeH5VzYG5M44+s89hpw4d2N/4aXlFVU1NbSSSCU/vV1SoA+cYIaDsaMXHX84blJWlQzDaBPGdcp5JkpDiZks/+GFXm0OkaIMi6IwafxGoBzBxmzcBTBnB7Pr6huWr18K1CwvyYN/ZkUhG5o4N3yD94m/WfL1wUf2MxwrmfjJyeXDf/N4FxX3KVtctfvDZqhnPLTjs6LqDz+pXXJyXu8PWsS1meIltOIwGoqVllfwtLCiAjm/evFlbWkLxVdAWta2AmPGf0r+7MjHExrmqKt9y4gc/+CHdIJ7k7BRAvL6+vqamJraxuwGcDSxdtWbdps0TDz8YEBdV37SldMPmLWvXrsn4/OXeCz7N/WJL/2D+kNy+2UXbtxT2yowc1qd/1fqGlU/N3vzCmw2HDl524PHRfcZDwPv1KcoMb49WsrXsuTdnjhg6aOIRh4hfRyKR7OxsxnwPiO9qZ/UhIi2ctnnKoB86QBulCdKBaPMQcLzm3Zc+PfTDntVNZs6cmYRdQnIhmLD1aOHAMfuNXLpyNcS5MD9v9YaNjZtW5n4zJ2/D8vDSVaGVjX1Cuf2ycwojyTZA07c21VRvqKkqj1RHRxVU7z2yauCBjcMOyy8sGj5kwOp1JXD8Qf37fvzl18HStfn5+cCiHWayqxkotKVNe+X90E1B/kWpr4skb68Wg+se6vuJ+mF3Y+IQcGg4Wh47pSjeESKZ4cL83Iqq6kH3/SJraaBXJFKQmVUY6Z9ZlJJJmo4I0POP58oV9VsXLiuvX1Cx7YnG0VlVv546avjgmrq6aBzrM8NhaDggzl87pU/GCh14pLCznLfA7vjyQMg/A7Kbglo5cR62E8fsQPMLFhLpvz8V8MPOAfEk54kLxIlQWlqak9fPNDO2slHVOLZ4r85knBfO5J+ePy1ZZ3CsXMrKyui9YrupH7UqJ0VdzdWaMb0zAeCurKz0Dd/GYe1AaluCNhe0Fv3PtEkn1LTbyxrIDtKz3bMyptGOih9sCqmUynLXJ0qkXXTeamcbW1JJp7WfEkG/zeBuJLa626/udqc08Bi3SOnPvbUZlVpZDWRFcrWlp/es1EWdjIkDoEjErhxzDrQKZHSpiGKpBa0ajZpHQ8Pz8vI6fN2tmjkR4oUg7WXxutky4Bu+mwYzBngEwhgvIRtr5r863IpfdVC4C3DuUodOQhc2KTWtLjTE9xNoMYY4WU1BlvHWBmapvj5XASiJNnyhQnbIcCqNrqRUHjRfJ/3qcwqchsmB9tTIS5WSkJ3JllLptC+d/qhxxTMb6MxUwMVHvZExU1nrihLLPf3zJKE27aLW0V8JRF5qVjAbcbsPZ93jTqVanZeGliHbK+pkTFxKXFFRAf3M7xOIumjYtXNnx5NJuZCjjKFoc3qWMdUSdnOmiQwJ+Ad0JKIMMkExmDAhn/gerpz8/Hykh84wb9N7wbF7xILOHWQgzI8H3bwhlkCLkyDJCj4UmaZXylANRnTj5i0O2FYkVFqeQtr2xbeFhYX6PBUcF4KTwpZ4oDuRI0UtLi7u1asXD919BbPuU0WMVAR5Sghkqvd6o0rpffKpQJJ5QOJ7stDwqdHC/He1/EN55D5bEA+uqTM9FFVloySV8SCfC5sLSrVoaBRGN812h8VV8I18jHCIaphLdCebXsaPdom6bSYum3gzJh7YQZxNfTL69xM/j5aVR+vqMvoWN6v5phLqGuwVz6sx2rhhY8AlC8Ed6em1NQYPLYL41KlT77zzzuQSufDCC3/96193ksW3eeD1zJkzr7vuOh7uueeeY445JjHCq6+++vrrr7/22mv25r/+678GDBjQYuRdJGzevPnEE0/k4YYbbrj88ssTFUOU4cgjj9x///158/HHHy9dupTejnIfddRRBx54YGspr1ixYlE8hOPLHjbVAy6HDRvWv3//cePGWeSVK1d+8803CxculCoS3/i7p1+pP1fEw0EHHXTYYYfpp08++WTx4sV0CeWVylHs4noUia8uuugindywZMkS6ijQ1Nlb3Sd86gJCAVWnnnoqXYAaTZs2jawp1WmnnUa/4Ne33npLytmFZ6mj9hq9tFsNOdD15FxA1oj3/PPPV3nQZ42OREjPMoBGVk1QGN74O2bMmIMPPpiRzOK8/fbblA0FQz3EytVSXYvjmmsKxDXAi8QIqTqpGKQpJj5p0iTEiwa++OKLaCyJJ2notpm49Cm/OOjaxN2SBvNy8+/47/DBo/Xfqr/+veGTub2m3usmVXb5teHDxub+7MfbB5zPv6q46dfRisoWmHgsm6CZTa3xXNsI/4VwtSkRWhQw6kIi/69//etvf/sbDw8//PC+++4r3QJ99CsPqJfbip9//rnw3RN+97vf8feQQw65+eabBw8evAsa5kpKSrY3XFkZ9fKwAFpk69atGzdulJ1Not6wYQN9RvwoSeLD4wHpPf/884gL1VQi3/ve9/bay7vKMiweGO1QZTon+fbp0ycRiAXfFABFPfPMM92ODZqPHj36ySeflJ2RjpGcPAq/qN369esZaK3njBw58pVXXpFawse7lYEiEMSOeKXz/OWZktsKhNZmQHN0uwv3TOqQH5qbv+eeey5v1qxZA0dBnvrJ8FpYQxB5d20L3YTg5EWV6c6IgjYVw/CEE044gb/r1q37z3/+gz7069cPoZl/alcFSkLimzZtgm1AF3iDcqItKGfn73Sk71BHqmBNz7NYC52r80w8Kmv1dhB3xracq68wBE8xED/nqsur/s89ZhMPNqPiUZkyxcc9KEw5EKKdJ/X9738fNGwhi3AYUNDEs6smufaMWCiYjkI1YwsPurBY/6XP//KXv+QBZQJZaG/1N6gl4P7uu+9+9tlnN9544yOPPMI8fVczedN7DVDoBjrC1+UL4iDu0Tpa+pONWy+B6enTp/ft2xf6xntQoKioCLAeNGjQ3nvvPXHiROikbqS79NJLQUw+mT9//qxZs9Bj4oPXEyZMEKlHgM8++6wm+CiGB8QpD/HpRWPHjhWCP/bYY6TDf6+55hpahMnBnDlzbOabnGfJJE1pR40axZsFCxZotvGtb32LmQFloJpKxMzHrhxsIdQWYNSxPSulifFtPi47uMVULrL1mWGKAqBsMvdbynqw5VzXUOsaTOzWHjemSsh/EaYRO7ElmSY8ufNSfVMkXddH2HKcu/IklUg8M8vk5lnubnFajJKoMCeffDLNynsG2vfff5+ZluZ/xx57LIM9MqHXgwlPPfUUH1JOCmkFSF5Cu2vUszoSaH5wJn/NkmPISwFkKkwC4sorce3dLQkPiazazESdZ+Ku7QTuvEPWkVO+3QGk4KsdIB7YgeJRByYklMQ7JKviwTowshCguOeDo3Mys3YVtJEjXE/PDI9DhgxBg5HP0KFDBdY8xNx44mdvzZ07Vy8hkueddx4NgJwpJAUDZdA2ZIsKrlq16oEHHoCt71KL6WiYTS8QIJXydD/XbGeqwn9jByqUl7sLPnQqBlGoqwzcCPD+++//7W9/q4kIjAnKz6RYCA528ytTE0Y1dJqsYdCTJ0/eZ599+BUknTdvHm0qOEssD+WkUfjvF198MWPGDJTn008/5RnwZRyl/5Mg5UlOXakI6ADPov8z0vCGwYAuROOC6R9//DEDkkY1zRFtCddgWp1TXVqDuqmxFqxEYM26qvLokjnFJ03ZfF3d05LDo48+SiIkSI140IKNTe15IEFti7fUxIFkUBbnUBk0VNjSMYlrWsn4bb2GaHAOvqUReZ46dSq1ILJyV47qjJRWNmJbiVUBbElWVgIbP4zCW90VEp3KJGcKtnr16jFjxgjBKSQdh/i9e/em5ESgN82ePfv666+nA/Jyv/32W7JkCT+JY0lErZVQd7SqhAR37FQDyRCnmCTCbICea9NQdBjVjd2jUFEh1utZcpDLnLs63VpJ+AlNju3LafqcZ96ggUn0NlUmHg26Zq9mmFP1t/ubQcC8BY0lmyv/eFuzlli/oWH2HM9Ld1QwK3ucIQSy47US10i0h1BV68b9+/c//PDDE48tFIJoGcoaozNzT3cbCInTjdU/KYAMCDwA0GJGgJFinnLKKRBP2AEklMi0HE2CEjD1Q+1kovnxj38MzO1SIG7DPsLXuqIbgZdUGZlbf+NBMyd0xl4iCuo+fPhwODWKJF1cvHgxGs8bDXtLly7VM2HhwoUkwn8HDhzIA52E3rho0SKBOEC/YsUKUvCs5hk3ND0xFHO9WYy6JpmWGr7Qx0aP3j65fO+99ygSRaVUDMlyUhLWiOIwPMiXwPV+07UViA6VMB8SGWrsXOLYeUFNjEw3lqAG6lqem49UHeFsoGkPlMYGnfegIcpdaiM1Wk2ioLQaQmgCYqoABuKKKbGQgsuQSFyrxPpVbNH1F1JlVQA3WXmXqeSi+TL0y51JdbQjtIiMoKRCiZu0VQZV/OijjzbDJiM9LYJ4SZ+qMYSvX78eHD/++OOJwMQXoDdk1DDfWgll2ZeIECN/VUJ5YQkGc+OBBDUgyXHI4EjjomY5sjV51ueljbLpS8KtlUSKatXnWauDSbY6psrE86I7ViIzmq+BN65d36wnVFZFy8rrpr3m7SGQoOYxm4G4axOPtsHE3bmMFnBbq6HgW8+vxcOrr76q/zKvhxEz0Xbjv/nmm7fccgsPL7zwgkwiMoITGdpo0W666Sa9/PnPf/7ll19q+fSPf/wjSE2Lwtd0wO/IkSMBIFQN5iJ7mVRWXhynn366jC2QHWmt5X777bd7CsZsUez17rvvdo2njATPPPPMZ599pjdEgPh/+9vfTvz2Jz/5CdPMDz74ADZHfP2X9xCcd999V9UkXHbZZePHjzeUlAXQM1FQhyR302Me+K9wzR0pEw/Ak8FdwM1fgNuGRoBSLhC0pl4iNMj7gw8+KPsV4tXyfaI5RdP5ZcuWIQH4GoMHwwPEnCYgAiOBVlA1b0syepE7xYOJMz8Q4yP+/PnzzznnHDUoApeyURJiksWpp56qlXbejxs3DqC3FRHIIMWgiYEnFIP4l156KT8tX778kUceOT4eFBkMYtKA2hA5cWlBjjc8XHLJJVrvQhsF1gic0iIZLfS5qVGAvn37MhASjdwZO0mWCQ1TE1s2ICYKTEytUhIZlbZ84bN33HEHD8899xx1ueqqqxhmyJ3/arWTggGdTEyPOOIIUrZVDSr49ddff/XVVzQxjYhgyQiywk9Mj/75z3+eeOKJ9D4Vg89RS9KHBlERzyBNLtBwcgGXhW5UjTKQshie+g7qIXXStxo8yFRtSt3R6tZKqLETCVNf9Ts6IMmedNJJIv4ESkjTKy86vrUy4ac//anMpPREtOLGG2+0atITqSbpk9cbb7whMx1DUWslARw8kzD1NePmnfdOaXTMKTtCwd23NzM7/OVvlY8+Hg3E5orbQZ8BPJCRd/wxuT//iRtzy9HfsYXNaLCZR1RWykxcDljJDxCn8yDoDz/80H35n3i44IILELo+d9GH5r/55ptpmESDuAtJKuH2tYH4er1axVbV9t13X9qbn1w4o6tQQT6Hv/SPB4/BC12Rzd3q6+YogTChu/baa62ECp/Fw/PPP3/bbbcJKN3TwV5++WVGmh2LGTk5qCZo7qbwSDxcccUVnWfigeb3hxhRtTUAVJNnuPl3vhPThMGDB0+ePPmll15COAhc92eSJrmLrZi3kicLuQBSgJkzZ2qB5JprrgFVr7zySsRF/zdwlH96iy698s2QbZ0+JryYN28eYzD0ee3atTwceOCBs2bNkjKYhcTaGnB0Ezw4HigSOC7Gap2TYqCQAJZFBs4Ya0lh2rRpiMXoqsWXn59JUuuKFACAO/LII23ekJgaEIYugbaICPTxLAnIuMcAgM4wHrhrwp65jmujF4sUtec94O75cO94QFyonIGRKTPa5RYYODv33HNnzJgBjsvTQ+7FxlQEYfYJeEeX4SuGKMXUkjVYqfVt/iu9RT60HRHQhyQl1MKP5Klf0RaPUxbgfsABBzADcBHWIyLQ0iYxVPPMM8+0QZoi8RNNwEhG92+tJJKwO4alxMSTWI3FxMmbv7kB1ycwmCHbNXpfm+CKUFkW2rqxheQqvf4kdTXVkazsmHtiIHZMudvtU2fiKmQSvzHKj+DmzJnD8xlnnEFnQ0Z8wswL5vvkk09u3LhR0EayZvW+6667kB2sBE4nIyy6jpTfeecdfgUdIGVM8CERYIQ+4UGmZCbgeoOS0QYUNbHhqRqfaxortkurW+5Kyvqba6EmjrwFbIyBeoNcWiRhSGf8Zyrw+OOPQ/p4Y9+C1wiBQYvIVIfc4aeG4DBNSQZtgzI8/PDDJl4K74E8+ep6mLgIsjvNpBHFZOFBWrFB1AxpZj+BQtLxQIHp06cLxw+PhwULFhCT0YiftIYmrxItHyFPz3RbRJUiMat48cUX6TyMDTfccAO/QjOhjeQiz2sl2JqfInHk/2BL5eAv0iZHHgBxGoupFYCucZQx2OoCYlJZRMcQTnyY6VlnncV71Eb2XLKjvooslyTw/fXXX9ckA/mPGDGCvGB/DD+kj9iNfHkEHjvff9MmLcCSr9CNUgHElIGXkyZNojVJ7eSTT3766afp/7Tj+eefL41CPzWtJE16hPx5SIcJGW9uvfVWUpADFcSWmZ9Zt8yUT400FlJINEr4iNYhfNqCwYlkKdXw4cNB53vvvRdpmzsZQ46oPcMhDUq7a0p63HHHffLJJ1RcI7c1MUWi4cBiwz4aSAYiwwHbgKPPzSZGOckXOE5ewoceeogcycj4NZ/Q4jBruhu698Mf/pAmowBIidn8/fffDy+EcMi885e//IUOS2d3lyXBDWaW9DhAxgxHjHaqRWslue+++5CVax0xv/hkfiJJAF6sqmnHZrDRluChIXTaDWsi0cbOuO9llpagknWwomGBWoODuIth6kz87nhITByMQ2Q8wOyE4GeffTaarXkWYeLEiTQw0nz77bf5K/8k6zbQdpCd9pO9UmUwh3FttaAB+GvaRiNRWsRl+or2yzcjsXgoDc1J02qE0DKs5a6kbHeoDbS8pwwkiIYxBZaphBmfHAz4FbKA6gDugJeIp32LEJj4o3ZIT4IFQfQTvUjIrj4A+oARpBBoul3aUwWNgh4mrjSFswavMhkLeniG8ckuIWsDAkQ+5Ei3BIAoPPNZrWESZAUCcfiQwVLUWEZDG7PFB7XChroyALje9/S0J554gvfqopKz9r8lnkEvUBAZl0sMsEgflg2HKbxS5qdly5ZpD5rrioNAGD5JFpQnR0ZTin3xxRfz07hx4xiWtCJi2cEGAHFQg08QEaMmVAOFYXAdNWoUn8tXxJi4h6bILEsEudXzTAqoJZyOXBgUGcbABRgrkgTZSVbrLvPnzwfWEaZmMP/4xz8mTJhAZM3utSpoDldE4CfaSCOox+ePjJCGUAkezQAm1kLFEcWPfvQjhiWSZTyDQLjXE1IAKjhkyBDSBONodDnsUni+lZnera+2utiUl3zpd9oF42qCFoq1T1iblXimd7RZQpSf9nW9jBjLGXtoDnoTI8ELL7zArFf2NA268heyvtw3HlzXZz6kB4HUkHoZdgAfzb2Sywpy6Ta0FvYS+2AHmTh1rGuMVlVWU/Z+gUBWk3Wl4tr/1awzLFjUYmp1b7zduGq1dw4STycYyNhaXrmlvDozM9wrftp46ky8tcBoBhIR02zZ6ApCRKYkK9LNuAp8CykQMdU0TWUeRNujwfzVZBZBGarynp6mhSNreI0NWoK3GZZr2UQbYD2JRf39738P/6I5LXce+K9RWhuHNSmjamR0++23gzLUBTKoSqGIdFHRc34Cwmh4dwyny4mDa2h89tln9f6ggw4iBbSKl6SP3HgjEO8MEz83HlpsnRUrVjBMylwr5gXVQrNRenCHzgziyMIrKF+5ciXApIU7KiUAVX+meNQUqguCjx8/XnMORHH11VfTTFOmTLnttttgx3/961/lNURMc9rzuIfTQKq7XiJMOf6TC6OIxi0wmgrSyeldRk416pMC/ItMtbo4b9480JM3mnKhb+bPQGAElR+O9nEgN8iEVilQVKrgHlpgW8yttDrDhz6vsQ0SLcDVvAH5kDUgzk9IEpXgv3/+85+poJYuBHBHHXUUwCHrlrxi3P07ZiUT4rsUR57s/BX4BuI72vrEg4whVIfWBJi0MwAiZbrNVwxgmnbIILNq1SqlQ3YIXPcEGEvTjnGPlVxrdeYcacO5fHV0AAMp02rW45KUkKEU4QeajtgjvP/++7LjIQ0ERQkNUuUd5HrRmOeJVketnOSog0O0nml6lVxWr7zyiuvp2JVMPBqI1jZsK62szo5khsNtHJ0SpPJHjW+W1Aezk8WP79lkvlFVUQXliMb9xFNk4hdeeCG66EEZ/kvP0bAsJxCRO3qgfJKoGrpLYzCT0lKJzlswaSBNoASyYDM71MsFcXEo5GvFk3WeTM3VhPIzmMv8LSVrTQJK2Zi+yEgiE5fxl59oEa2W0Jf+9Kc/tWivF2e3b4kP1UVX0B6KCozCfwUZeo9kZHjlPUoDh+0YE0/uLgkcL1myBDIrbqh5sXbW8V/BK3FQejgarUDjyi2E6TbQpsIrvpBX+1BAfCH4G/GAtBmYGQAAyiuvvFLL1BpH7UAVF8SlKlJ162ykYMe5EJjsi4wTYfHixeq3JgEgg4EQTOQv6WhSzIQJENcSLiBukqEYVAEJ8KsaFLnZ8gaRPXtnZMp39UdGarMwkBeDH6lp3oAkGcUfffRRftIedCWIDBEmo13LXr+RiLqbDTa6eoXUkCf6b+WX6BCj+Lv8QMidxKkLOkmjLFy4UJHpRO6sAlQS8eev+XVYsiqDuztERhvgmJgasSiPRRMOiHrLb0Qe5QJ6EqFIKiGf8EwhE0vIS/7r4jJJwWmIrw3b7tZCOR3Js9udKNAWsnrbWAUvAXNoEd5rgG+zJKir+e93PROP0WNns0/I6ad5t/856GRQ9Yc/1X84O//eZiaO0rO+l3nk+Nzf3LwDZSoq6sZu32Ad2u6dEu2ATVyLS7ajQcxX+wCpmhmsJQUa1bbnyLEJqUHNQEMdSWH6hKKoqWxq6WYqF11ZUe0TiUs6au7kRlflTHb//ffTtLYIyUxK2xa0fSlFJi4Ie+aZZxi0XbFcdNFF5PLUU0+ZowUCtG/pjVoVlGxtTybV1OzVuq5QssM2cSMRzIGmTZsGqMnHWSs/6gOiIdppSTm1W0fKKsc13lAMbXb/zW9+Q2QGG56hwESQ664IKYBICoceeqjmH2+99RZwxq9wKya/9BYm1Nq2I3LNGwrpnsEiAiX3cMqgbk+Qp1BiYNIGM5D5xUVbO3vENvWYSDX5c1FYw5WMEiLd1hMRkee4Hg8TVweRfd80ROTa9vJogJHnvvysL774Ynm+W/joo4+otVYjlKZGLDcj0VuXgggxtbXNAMuqo9PH5CwkX1JQzJ2fmaDMXdoURs4byEEmL0tcvtukJhxEk+nXcimxhU0+1F7Hn/3sZ/rwD3/4g0Ghzo5WpvL19pSQXMyD020dVdaFIGKKPltknWkjzLGZt5peCzY6Xyj1krjz+y61iTsuhp5jdupenZ416XvtNYjzVbPdQ+6OzWg7vFPkJy5scjdH6XOrPFIDTdx1Yborn4DgMnXJ6GZ5yertnlnoZioiIIrtYeK8oTwyN9PVoYGy5SFG2/oh1LNOyyci79YWPMhkJuj3MHHKNmPGDCE489BzzjkHIZgtz43pMnGKJxcuKb1NFxIlo31u9lWHbeLGOGSSck8xlOg0I5YNgXDfffdp+4bESL78hQDSRppuQ980MolHyzJLstRFgEJMnmUvosxPPvnk1VdfbasLX375JfFFw93CawTSX6PhSQIyBA3BEZdgqtdphUNjjBwtTHnI18Ov7dhkjXAmZDlLuC5liUzcjjA0ZUYyHvOCXXmhU26E4KD5c889h6BkuyBfA3HlIsF6stZijHV/bRGy6mg3hl5KB2TE16qvph1u3TVaa7HanRJpO67xLauphqIFCxYIxA855BCmVjKIaYFEBFzTU3MNcF1RNZ9WIWUS8ZRQxbD4xMyLB81LXOc3QZOGSYtsDnI2sGkriQz3WgNPvSQi493CxN2tLhnZ1HZ7S1f/zx3hQw8JjdinHdtJli7jqx3anBNydmy2j4lrJdqzOcI6A1VgRkPzf/7555AOtzGIbxNYpu1UUyeguiY214iZIhMnDjmK4M+aNevTTz8VSdQmYDqSPBOIaa7Z+lAPNpuzMcMtlVlvSVb/HT9+PM1M4bU314QgbiJ7or3RVkDbxYDGo1uJkuEnGGvnvVNsyNH8N+BssBbBIWVmlzZN5kMdViWrqE6oAGisY1BaedHaLjvjfabxKpjIB7zskUcemTJlin6dPXu2fuWvOx3WWjR5kbKdnHXDDTfQXuC1AIifNm7cePLJJ8vnhCb+6quvZH0yP7m5c+fKD0SnnRBk6LTB1SRDsuQO0GgXCbnzPHToUDO2yMqUhImrn5vrERJj1iLWIsfqAw44QC7PMAkoBZxAMZnAzZs3T2uVHsOXNqEI9C0X7Q8yum0SUydFwlScoZri8axtEHzClEgWefnCenqx9IfS1sSDicXOs3S3bsnSRWmZh02YMIGvRo8e/fzzz69YsYICyCLHAxKmx51xxhm2bK4ya1mCQAkpFVVA1VEtt4TEEbNJLIk88T0++55i8ywU1f5Vl/bJpKMzIOWlmrwk8mJyl1hTYuLJ/cRFK2LLBQ31AbfJB/dqnF+int24qaT09HNCo0Zu78/rNqAOpWc14+aNS5fXrttQ/+F2y/i2RUsCBpex1AodRhOk1fLiPFq7pBLR2b0pQg6hLQ5TOidILmvaPy33Zzkn8OtLL72kmKiFbNBGN+SY7DJxN1P9qsmsa8jmJRWB8MKO77kndqjAnXfeee+990J1bT+CIj/00EP0OvdDNym6jZv7119/bbAoq4gp0KhRoyAmMvRrd5LraU5ka3503Ty+xcRPOukkrfqCPnILMR95c1xJ0U9cHCqRiRcXFyMNICPxJEiZs+nwCxcu1BrmxIkT//3vf5O4SJZ2mYGD2kyvzkYfsH3k5lSrrTEoDDMqEUzzP7P9L4RTTz31wQcf1KqjCKYZ1j3u4QA0OMtwS3uJCZIFMzMb9ceNG4fo3K1DjKbvvPOOwJostEAq5sgYSYPSRi7DRfgIWbCrU8YuuugiWzbQtNrl3SibYauxPFSIdJT7nDlzSkpKtLJHanZE1LJly9xVwQ0bNogG6gh4820XbddsycMYCBoyrZOigTrdl0FXZnGKQfWVsmp0wQUX2CI2YnTRzXyfpTauFmn6qBVF68V2KvWHH34oz2s68sMPP4y0pSpalAYKzVeHWRcF4xO0S61A67/xxhuaxnlKiMBRVG2L8ZSE+LZh1XZXyPzokgDbfpno4q0JPa1JSWSpS1ISZEVJXPOLTU06vmNT40DMjpNRGQoGoD1bSkuHDxzQMPaw6unT84I7om6b93Uzrt38vxpTtjVN9pvx5Wig4eBDtzVGv1m7viA/r7ggr4Ghb1uNbEmCDM+2OmiLe3ZKku1MVAGApjmhCeApjTp58mRkTW+cOnWq3DPAr7Fjx8oe51qlPfdn2v0Ach+G5mjDsecTWRXowGeffTZ8Aco8adKk66+//rTTTlM07ex64IEH3BFbedlaPwMA0Cwv1HfffVcbRM2XWasutn9nzJgxNDyVmjZtmu3lATjMrucOaaaOZIpkXnvtNV7eeuutaKSm1XAB2CtkLcmOTW0d9hBDsUWXcNnRpqTQ4kgs0c2cOZMmEMO68sorP/roI5FccgGJjjvuOHMYENCIEspuqOUs/n722We0CJK/5JJLnnjiCeCenn/ZZZchnB3EY/BgsIaYOhTJlqzlQk4w90T6EuMuw48MQWSkAXX58uXiU1okRH9cK8FVV1315ptvIjpewuhPOeUUMz1rdHdBXNti6cw6/e7CCy9UsjQcY6qWIl1bjeemJB3ChYiYXpAUoI/onnvuOTST9+edd57IHcCBKKgCXUZ+k8jkqaeeYoyh7oyazC0MLEQw3ZYiWYrB2OAx0+vYLGIyY9P+z2OPPZYUYEU6LOEHP/iBZiH0Oxi07AbuVE9LVhpyElXLtYnbuVSkjyQhH0xtkdW11177ySefvPXWW3J/RFXMLkQxdPIdOoYwxXJoL1Iw72y3hKiEtpW6em5K7ln50MzAbUr0ipFSzMmVkqopzk4hKYn8HZOUhJHYHa1dV5wO7tiUr9L2Mx9qq+rqY+yGuWhNbd3mwyZnF76aW9bZG34oV23vxi1HXFFdVVsaX6itLewVra/Ozc+VKVPmNsMdOT+4JjOtT7Y2TCFWtPnSSy99/PHHQc//Gw9uBHg6Gj9gwAARJQ+t9jBxHeJBuCMeSPZXv/pV4ifafX7CCScg28cee4zp5E3x4CkbzAttk5FXX6EN5557roaWa665xmKSkTwN5PJFfPotkE2N6MM2jCsMGzYMZgExoX+Svhm7EWO/eLDDPRgzgDwd8/LbeLBE6JlffPFFa0ycAuhgOas7vVQbpsVw3Zdy6U0EcaStZX3whVGNiTAxR8RDYjtSTfoAlJzhynVd0EQ7ED83HMJF3SHjN998s/stfO3pp5+++uqrA/HDN0STZaQ2NwCkwbho634gNUmBFJqty26j2RvkV2gLNNAPLRdG6wMOOGBSPLi5QwkZF7Wa6jo5MC+kMGa9MeCYPn06WVMp0FxjDH8Ro6aJ9oYBRuvnpA/PpSmFa25qkG4GSJSKOoIyYB8S5r+29Gfy0TozDIDcEY5OPSMy77Xr54UXXmA6aLLivRxS0V70UG2njVoeR1KmhpKqu1rD56gln8i+Z8SCMkhhPIf9InbtyKUJPvjgA4oHDhLzpHjwGPqY34iVoydqa+ZM9HGSPSIeEkuIwOWCklgSnbxkE2j5cfJfrYTr5RnxQCuTkRnl3WpqKYi/bZaEYiNkO9HaEiHZJJvS275jU/4xVVtLyyr3Hj5wr/qY+1SoKhDZds0plbdNz+/c8XuMLw1TvlsfzMrLzRy9376hYLCssqqufEt9Vh9j4vLWcoc+9yja5Eycr9A2wBeeghYy+6O36yf0gMYbNWqU3CdkBUvCxBEFVNE9REVTocRPyBS5MzBAA2+55Ra6PYQIEqFovIeka38X5Ah40oc6UwVGw19eAsREJoXvfve7fCIQtyNK0OnLL7+cDmy+3sSEWKF5KBNUS0Y6GSVcs7WMDJojo+V0sClTpgCjlk4gfkAHOQrEW2Ticrxzp962yOZZHbIGSjyA227eoC70OsYScboJEyZYHPoJ4LhgwQJiUjU57cqibZWyC1AYCZDn/vvvb1jM51CbV199lbyAIZmzkRJ8GY3iJR/Kh4T/AsH6atGiRaogfUkuBHLz0NK07aoFNLXaYVNyBuzTTz/dDq5BqpBQiDCAKwOUO025++67+QQct12CaIhmCdqRqzVb0V5bRfe8kVTffvttFAwcN5sYWaPqtCCIowGYWjCSoe02s6F2jIt0B3T14osvFn5pvYEyMEU78sgjrWzyy7Tc5R8lH1YERcXhmBRAp1FqykKr6TwQzSoMg8TiRTDVi0031BxaXPFsbpLBmnwRzueff06zHhIPxlGgsXRwIJ438kNVXmgXCaJdiWenuCXUam2LJXEvF1M0nWnFlIsH21hvi3OJ1ZRRWrtek5dEllJX1EqEdkmyMyaovtoaAmrWQx+Lebn26r/PiJFl1bWZ4Zg1rTAna+hdP8x+e2ukozBeFw3UfLtoxXUP1DXEXFLq6uozQ8Hly5Zl1mylhlQJFZGlyfMh0Em1ddQkigt3S2TiUnS+pSVoYCTFrBBlsrPf5FNIB9PGNt5TUzowKWvPHkrpMnFEwWjJr0ADkUVq0Foko2VA9xOtlcHBgVTBqB1lZwfRkQhJEXNUPMhplOkwRRXJFbEVclF4KjJ06FAUF8ls3LiRokIYdTSo1uil6Gpyeb8CTLyhr1JIvqWnyY9Yc3PQEIihUuQr7bTDrOUPwH8htiic55BFXW6i019lv5MBUQrHe3uJlHjf2lU4QkbNW/lKh2rJec40WBMynXEmgbhetOaArxR0lp5c4szwrZ6pWmu7nbie7voRXCJwOXpKQxTBvYlNK0OiqDq2UJ+AwjKUvfzyy++//z6EwBx7hHGF8UAWNAHKYxMy6DATC5lrZNglOzIlss7LRRp2PZtKogFMb+QCK0tCWTzIOqE5lvYZ9IoHobNMRoqmcwvMlUUeUMpF8bWQqwt05AEiWNG4QuJE04E20hNdiSf/ELm0adFIvhmqoHxJBYgSr83n1GpaNFK9EvfT2vVssi3oSEJlJ0cRu8lPwXqE1s9VcRk/Fd8tobxNtIPJUxIBiCSswhNfAxIxpTOCXS2S2SFrVk35veh9myWRTNymVyMmntyZKhM3Dw3ZOstWLS3qNyA/N7c+DkPV9Q0lP7mr/+orMhZtC7cfxxuigfr9wxum3FVRWx8JxcoXDmVsQRnWf1PUK19ns8nXKrH/67AUnVLtWTcPNN3YYLsl+QlpgtQIQjvW5PhRFA/AN7KTg63e65gFOVp4kIuY8C9ZvuxCXpUk8RPdSoF+gL80thROLEZ7QeWWp+3gWg8kaKuILs0xjRcS6ShXlZMPgQBeai1Li64a9vgvL4XjKp5OAtIamnugrpY3AXeyE+sU9IjzyjYn//HEY0aEs7YDXiYUUUX3peiM1hJbtqfFUVhmIuGFdtxJvw1BtLoogbd4MqIKo25gl+dqnc1AXGU2kmU2UFk5xUDNTdBD+c0ySy4CIK3KehTPvPTcLUU29XHtv0JM2aDsxGrdP6dRSmOAHTltV7/aEbImOtnidH+be5642/NlFpPnnB3gZScHmLjE7kU4NCRLYnbdh12UarsTeRZSy1FaSu4eqaqTRDVKaRuUlpHtGF7r47qoSNt/WlQY0RS1lO7Jk5u5DdjSPTuq26omPieVNtC3EupliyXRgqqErMKbC6ZEqph2eIaCJnmqZrtKYlRDMy1hgiXSEZu4aJ2dZd7QsHHN8sUj9h+DLm3fJxbKz771rsJfXBf8JhBqD45viwbq9snY9Lu/r68NZoS295Ka2nrSDwejIqEaf1q8tk7sDBSz2+1sLo8sEptf46oO/pbs1EnksGwTN4GFpoR2r65nXyWQymxdXUVrmPKzbvETZAuwwojdqwCkfGoz8uK90tGHZKGlfPUQImtNjMrKx1l6o6GbfLXOqR4oCHD5mq7U4a/UMdHVB7GQHVMKpWN+JiIgJCWfEw8LcC/8tstZpMdyJlP/tFuS27yzyr1k3XPVunvnS5K9oIIDS8Hgxr1Yx66zcS9SSayLXbbiydG9kwVE1nm5tt1Gu3N1TJI6sHthjfVzS41oNB8KoDYyn3H3Ih63Ioa2dh2MCVbQJjhLvNlHVbDCu9W0ZO3uAru/xtMQdv2NHix384fT8rL2LqmyLd7s45G/5z6dVK6N99wp4Umzxc+thKnf7GMlaa3wtmXJvZ/InSC61bT3KZbEve4uFeVPxsTtEnENBTEP1lXL1vTqM6zJoZXCb80bGrzz//X+zZTAwm2hFDk4/w4Mb/rdvcsrGPeiAnEaf83aNaRfVNTbTjXSXtjWSq9JjfaMCNfcPXItWI7iiO9ZH/BsjUNeZplp8ZJ7N4JYhrtNo8VPWsxXHMfc2z0fumYc1dFS0BmkrtegZxnD/VyKIvgQ/WztAkzXiUrtbmVLIlJXLAYWZtC0Azfcy8PadTVHmyfkJB8YuvD+SS8LaRrwbMw2QJRBI+AcxKGpt8cNQ9YJ3XLnvlSwwc+9FSyxAC02hImuNem5mJLIc5NAp7Vpa7kb1rj+FWkIauvUtaU7dKNjt4x2SUmSMXG1nA58MePghsVfZOfm9etTFAirowYq8gZn3Pl47zuuanxra5uHGtK20ZP6rL/u7kWbazMC2+cIjBIbSjaTMgjet29fHdOu5fjkQ5A5fQf80IpiiZJ34W3RicHmkqlcMueeLW67Ct0brXpE0BRbp3HpDQ/a+CqrRaKWir/bG636yAKeSo62O9R4mWG9hZ0rE89Vn4FAoAc1aI8OwVmzZiVvGNckv3nz5i1bttRFg/sfMbG4qFf8pIvYwVExg1dmuM9Tvwj+fU44EAi24k3YEAxErxu36MT/vXz9pnAoIzMUih2mFYiWbC1b8PG7kWC0qKhICK7LzxIv3POQRx++k42XcReLbr2GPNB0hFviXp4OUBIjJi4W7JrgbttfdZif5oWmt4lKqxU5rY95Fqy6anz1UHjP3b5po8PbmoLHsd0P3QjiSbxT3EVhbdkAwYXj9dGMEYdO6FPYq3fvXlnxlZyYPTozVLjwpcjvbwt+E/XQgpj3ydCMmltuml9w+OqNsZPkYi4uMZAOlpZXLP30/cxgoxCcv3aBSyr8QrZgvyE9rSarS3f3Iq1xJVk37ypkN+buHgmycyVsRziZZay16yYCTctLWpi1Qz8S75Psxn7ePHgofJeweLeNfBBPK4jrpNY2Z0lyU5FblUJjRnjUEcf16V3Ur7h3Tk62Fs/DGRm50cqCqTdEH52f0dBk5s+MBiePWX/Bfy9aV1ZeXVPfEDMaZoHiwYytZaWLPp6R0djQuynIk0zLxO3Vb1nGfROKXC+6uwvJmSHJokW3YqjdMuMJaQMO1xYUaDoWpjXa667ctrbqtdMgoMklOZG/txfibcnRFrd9hN35TNxtGHnjMh8EweHjMW/Z+oahY8b17duvX3FRUe/CmPEjmIFiQ0V6lS/NffJPgZlLA8eMrJj0q5WBvhu3lNbXN9Q1NADikcxwRuzilU3ffPlRdmZYPhLamCRTuOhMZ/S7NU+V3ZuA21Go3Z2XHYS/60g4kba7f/2u3kmIb43CJyqAHc7uiz09Idkphok4bnsodAIZc8OFH7xVvt+YuhH7VVbVDBrYLyszZhutadhWGRkcnnxP6PJgZXVNeUVVbcOOU7iywmFaeOXShWsXfpmbC+nO1bxS7kryhOkShlJaWmqA7t7at1sGiU47CLq7V8vXpUdMls1jLJG2++DetVYa4++ucdwXUTpAPMnhWJ7OICceO9JED7HVzhULK7dsGj768Iqq6oH9i/v03r67b+XaDW++P/uYw8YWFmzPojF+VnhlddWKr+bUlm0uLu6jLWqyopCaDtPoDn5nm7y1xWY3A3QR8O72Qgk0+c8mXvnYE2ctrdH2nuUn4wc/hNetW5e60tudFNobYoc5bFm3asPqlcMOGFtbf8CGki39iovyc7Mzw6FRQwdHMsN8WVdfX11TW9+wbfXir1d+PTczlKE9LMJWre9rw6TgNT2TdDl9d9+6XHrASAccp4FUandZ4h6o3cwkZcHdfNTjnCD9sAfNh+wsrhT1Wziug7HkMqVjPHX2RUMgo2jwiF5994qZpLMy46fmN9TVx+wwZZvWbVm9NBxo1FHIOlNCjlYeDr6zzKw7ZY2u84iTNpvAzm2dXYS8uyw+4LtC+2FXYOLt2ltlJEU+UjLF2FI7KFxRUVGybF7JN4sL+g7KLx4Qycmtq66qKFlfvmlNoKEufkJN7EQkYbdONZKHgxGfnYgRrihS3LqyczElDS4oZkWRrXOPRfBULDOBhJ2NfvBDOkC8vdZh21ct1LbTW8xWrrPoqjetKl+3XN0+duxOVlZO7166okLndZkRXNfMp9OKkkpw6W3yPUc7ccqfHl7s+iT4HaaTnN0Hdz90PYi3eNxHKmoqmBMlt5NcbP+eNkHYAWM6blEgrovQ7OQp17beA+Tl3EW7s0YX93ycNCC4HcHj95bOw7o7Bnue/eCHDoJShyHJ7CqReLBbmauqqnTQkgvi2c6dmTpsT9t5dpH9Du2qtZ2zk3h0fRoQ3G5VTyeC+/0kPbTdt8n4oSMg3pnzxkzV5HamebcgW4dSmjlFZFxBZNZ8z3suxXNF5zlotDu6untcahqChth2HTrohy4cPm16Gm0efHD3Q6J5oLPQY+ep6/4kwbedwR9wTrkz8/cucu5a1wa3vl3LlM3JPW3E3z2J2w+7IHNP5Ow+su+5IO455riTUB5octTTQfgup7NDlneuC0qagwawztTXzoRLZ5n14HPwnoLpnm7oG9x9Jt4FNMEe3LMXAruS/0n6Gbpub2nXcUK2yzRtpNgdcf2wGyB7a5zdB/fdB8RTOTvFD93BdpMfQ2qnCKWtSLak4SP4bg/uiVdz+GaZHgzi3X3ahh+SwLQRbRc6bRdPOgm4XfPo+4P7yJ5okPGRfZcG8TTfhueHFoN56wu40+mFEnBcCX0juB9MJWw3WSKg++C+a4F4jz7+aXcN6XQ/t11aPgH3Q3uZe4v4HvAN7mkG8dauP/fDnhBkQvF7nR+6CtldIu+e3u6LqBtB3L+gck9GcLm0+xzcD92E7O4mNZ8odBeI6yxvP+yBCJ6ZmWlejH7wQ3cEY+I+jncjiOfk5PhS2AMRfKef5OWHPYSMe26U9nHcZ+J+6GywY17sJC8/+KH7QNxjHPdBvOtBPDc315fCHhLs+g7/aFk/pA3EA02nb/og3l0gXlVV5Uthz2rycDgSifgg7oe0BTOL+54q3dKjfZv4HjvJDTSZVvx99n7oVibuWlR8Ju4zcT90I0PPzMz0Vzv90LVcwbeJp6Hn+js2/bA91MdDoOl8Lh/Q/dB5EDf7iV237Uumi0F8yZIlvhT8kCSA5jk5OZFIxBeFH9oL4rofBmZgfuI+iHc9iA8ZMsSXgh9SDGLo/uzNDymCuNYztaTpw3d3gbjvJ+6HDgO6Lrz2ReEHD3a7CG5/fRDvLhAvKCjwpeCHDgdZPLWJ32fofjAc93ik+J6F3Qji5eXlvhT80IUBQBdD913R99hx3RDcfMN9Gu4zcT/0SC4Gjouh+4C+R4G4S8D9xczuDv9fgAEA1RuxUIoWvOsAAAAASUVORK5CYII="
|
|
next
|
|
end
|
|
config system replacemsg mail "partial"
|
|
set buffer "Fragmented emails are blocked."
|
|
set header 8bit
|
|
set format text
|
|
end
|
|
config system replacemsg http "url-block"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>The URL you requested has been blocked</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>FortiGuard Intrusion Prevention - Access Blocked</h1>
|
|
<h3>Web Page Blocked</h3>
|
|
<p>The page you have requested has been blocked because the URL is banned.</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>URL</td>
|
|
<td>%%PROTOCOL%%://%%URL%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Description</td>
|
|
<td>%%IPS_DESC%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>URL Source</td>
|
|
<td>%%URL_SOURCE%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
<p>%%OVERRIDE%%</p>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg http "urlfilter-err"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Web Page Blocked</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Web Page Blocked</h1>
|
|
<p>%%URLFILTER_ERROR%%</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>Web Filter Service Error</td>
|
|
<td>%%URLFILTER_ERROR_DETAIL%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg http "infcache-block"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>High Security Alert</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>High Security Alert</h1>
|
|
<p>The URL you requested was previously found to be infected.</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>URL</td>
|
|
<td>%%PROTOCOL%%://%%URL%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg http "http-contenttypeblock"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Attention</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Attention</h1>
|
|
<p>Content type not permitted.</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>URL</td>
|
|
<td>%%PROTOCOL%%://%%URL%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
<p>%%OVERRIDE%%</p>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg http "https-invalid-cert-block"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Invalid Connection</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>%%FORTIGUARD_WF%%</h1>
|
|
<h3>This Connection is Invalid. %%CERT_INVL_REASON%%</h3>
|
|
<p>A secure connection to %%HOSTNAME%% cannot be established.</p>
|
|
<p>When you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site\'s identity can\'t be verified.</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>Site</td>
|
|
<td>%%HOSTNAME%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Certificate CN</td>
|
|
<td>%%CN%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Certificate Authority</td>
|
|
<td>%%AUTHORITY%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Certificate Validity</td>
|
|
<td>
|
|
<div>Not Before: %%START_VALID%%</div>
|
|
<div>Not After: %%END_VALID%%</div>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Certificate Chain</td>
|
|
<td><pre>%%CERT_CHAIN%%</pre></td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg http "https-untrusted-cert-block"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Untrusted Connection</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>%%FORTIGUARD_WF%%</h1>
|
|
<h3>This Connection is Untrusted</h3>
|
|
<p>A secure connection to %%HOSTNAME%% cannot be established.</p>
|
|
<p>When you try to connect securely, sites will present trusted identification to prove that you are going to the right place. The identity for this site can\'t be verified.</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>Site</td>
|
|
<td>%%HOSTNAME%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Certificate CN</td>
|
|
<td>%%CN%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Certificate Authority</td>
|
|
<td>%%AUTHORITY%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Certificate Validity</td>
|
|
<td>
|
|
<div>Not Before: %%START_VALID%%</div>
|
|
<div>Not After: %%END_VALID%%</div>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Certificate Chain</td>
|
|
<td><pre>%%CERT_CHAIN%%</pre></td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg http "https-blocklisted-cert-block"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Blocked Connection</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>%%FORTIGUARD_WF%%</h1>
|
|
<h3>This Connection is Blocked</h3>
|
|
<p>A secure connection to %%HOSTNAME%% cannot be established.</p>
|
|
<p>When you try to connect securely, sites will present identification to prove that you are going to the right place. The identity for this site is blocked.</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>Site</td>
|
|
<td>%%HOSTNAME%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Certificate CN</td>
|
|
<td>%%CN%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Certificate Authority</td>
|
|
<td>%%AUTHORITY%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Certificate Validity</td>
|
|
<td>
|
|
<div>Not Before: %%START_VALID%%</div>
|
|
<div>Not After: %%END_VALID%%</div>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Certificate Chain</td>
|
|
<td><pre>%%CERT_CHAIN%%</pre></td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg http "https-ech-block"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Invalid Connection</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>%%FORTIGUARD_WF%%</h1>
|
|
<p>The Encrypted ClientHello has been blocked for %%SNI%%</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>SNI</td>
|
|
<td>%%SNI%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Site</td>
|
|
<td>%%HOSTNAME%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg http "switching-protocols-block"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>The request has been blocked</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>The request has been blocked</h1>
|
|
<p>The protocol switching request has been blocked for %%PROTOCOL%%://%%URL%%</p>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg http "http-antiphish-block"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Webfilter Violation</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Webfilter Violation</h1>
|
|
<p>Your attempt to submit internal credentials to an external site has been blocked by your system administrator.</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>URL</td>
|
|
<td>%%PROTOCOL%%://%%URL%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg http "videofilter-block"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>The URL you requested has been blocked</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Attention</h1>
|
|
<h3>Video Access Blocked</h3>
|
|
<p>The page you have requested has been blocked because the requested video resource is not allowed.</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>URL</td>
|
|
<td>%%PROTOCOL%%://%%URL%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Description</td>
|
|
<td>%%VIDEOFILTER_DESC%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg webproxy "deny"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Access Denied</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Access Denied</h1>
|
|
<p>The page you requested has been blocked by a firewall policy restriction.</p>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg webproxy "user-limit"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Access Denied</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Access Denied</h1>
|
|
<p>The maximum web proxy user limit has been reached.</p>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg webproxy "auth-challenge"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Firewall Authentication</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Firewall Authentication</h1>
|
|
<p>You must authenticate to use this service.</p>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg webproxy "auth-login-fail"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Firewall Authentication</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Firewall Authentication</h1>
|
|
<p>Authentication failed.</p>
|
|
<p>%%WEBPROXY_AUTH_FAIL_REASON%%</p>
|
|
<p>%%WEBPROXY_AUTH_FAIL_COMMENT%%</p>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg webproxy "auth-group-info-fail"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Firewall Authorization</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Firewall Authorization</h1>
|
|
<p>Group information query failed.</p>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg webproxy "http-err"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>%%HTTP_ERR_CODE%% %%HTTP_ERR_DESC%%</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>%%HTTP_ERR_CODE%% %%HTTP_ERR_DESC%%</h1>
|
|
<p>The webserver reported that an error occurred while trying to access the website. Please return to the previous page.</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>URL</td>
|
|
<td>%%PROTOCOL%%://%%URL%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg webproxy "auth-ip-blackout"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Access Denied</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Access Denied</h1>
|
|
<p>Your IP address has been blocked by a firewall policy due to too many failed login attempts. You can re-login in %%DURATION%% seconds.</p>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg webproxy "ztna-invalid-cert"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
virtical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>ZTNA Access Denied</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Invalid ZTNA Certificate</h1>
|
|
<table><tbody>
|
|
<tr>
|
|
<td><b>Error Code:</b></td>
|
|
<td>%%ZTNA_ERROR_CODE%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Error Message:</b></td>
|
|
<td>The page you requested has been blocked because the ZTNA certificate is invalid.</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Certificate Information:</b></td>
|
|
<td>%%ZTNA_CERT_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Request Time:</b></td>
|
|
<td>%%ZTNA_REQ_TIME%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg webproxy "ztna-empty-cert"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
virtical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>ZTNA Access Denied</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Invalid ZTNA certificate</h1>
|
|
<table><tbody>
|
|
<tr>
|
|
<td><b>Error Code:</b></td>
|
|
<td>%%ZTNA_ERROR_CODE%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Error Message:</b></td>
|
|
<td>The page you requested has been blocked because the ZTNA certificate is empty.</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Certificate Information:</b></td>
|
|
<td>%%ZTNA_CERT_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Request Time:</b></td>
|
|
<td>%%ZTNA_REQ_TIME%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg webproxy "ztna-manageable-empty-cert"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
virtical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>ZTNA Access Denied</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Invalid ZTNA certificate</h1>
|
|
<table><tbody>
|
|
<tr>
|
|
<td><b>Error Code:</b></td>
|
|
<td>%%ZTNA_ERROR_CODE%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Error Message:</b></td>
|
|
<td>The page you requested has been blocked because the device is manageable but with an empty ZTNA certificate.</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Certificate Information:</b></td>
|
|
<td>%%ZTNA_CERT_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Request Time:</b></td>
|
|
<td>%%ZTNA_REQ_TIME%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg webproxy "ztna-no-api-gwy-matched"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
virtical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>ZTNA Access Denied</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>ZTNA Application Not Found</h1>
|
|
<table><tbody>
|
|
<tr>
|
|
<td><b>Error Code:</b></td>
|
|
<td>%%ZTNA_ERROR_CODE%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Error Message:</b></td>
|
|
<td>The page you requested has been blocked because no API gateway was matched.</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Certificate Information:</b></td>
|
|
<td>%%ZTNA_CERT_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Device Information:</b></td>
|
|
<td>%%ZTNA_DEV_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Request Time:</b></td>
|
|
<td>%%ZTNA_REQ_TIME%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg webproxy "ztna-cant-find-real-srv"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
virtical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>ZTNA Access Denied</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>ZTNA Application Not Found</h1>
|
|
<table><tbody>
|
|
<tr>
|
|
<td><b>Error Code:</b></td>
|
|
<td>%%ZTNA_ERROR_CODE%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Error Message:</b></td>
|
|
<td>The page you requested has been blocked because the real server in the API gateway cannot be found.</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Certificate Information:</b></td>
|
|
<td>%%ZTNA_CERT_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Device Information:</b></td>
|
|
<td>%%ZTNA_DEV_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Request Time:</b></td>
|
|
<td>%%ZTNA_REQ_TIME%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg webproxy "ztna-fqdn-dns-failed"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
virtical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>ZTNA Access Denied</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>ZTNA Application Not Found</h1>
|
|
<table><tbody>
|
|
<tr>
|
|
<td><b>Error Code:</b></td>
|
|
<td>%%ZTNA_ERROR_CODE%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Error Message:</b></td>
|
|
<td>The page you requested has been blocked because ZTNA FQDN DNS failed.</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Certificate Information:</b></td>
|
|
<td>%%ZTNA_CERT_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Device Information:</b></td>
|
|
<td>%%ZTNA_DEV_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Request Time:</b></td>
|
|
<td>%%ZTNA_REQ_TIME%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg webproxy "ztna-ssl-bookmark-failed"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
virtical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>ZTNA Access Denied</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>ZTNA Portal Error</h1>
|
|
<table><tbody>
|
|
<tr>
|
|
<td><b>Error Code:</b></td>
|
|
<td>%%ZTNA_ERROR_CODE%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Error Message:</b></td>
|
|
<td>The page you requested has been blocked because SSLVPN bookmark address failed.</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Certificate Information:</b></td>
|
|
<td>%%ZTNA_CERT_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Device Information:</b></td>
|
|
<td>%%ZTNA_DEV_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Request Time:</b></td>
|
|
<td>%%ZTNA_REQ_TIME%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg webproxy "ztna-no-policy-matched"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
virtical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>ZTNA Access Denied</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>ZTNA Policy Denied</h1>
|
|
<table><tbody>
|
|
<tr>
|
|
<td><b>Error Code:</b></td>
|
|
<td>%%ZTNA_ERROR_CODE%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Error Message:</b></td>
|
|
<td>The page you requested has been blocked because no policy was matched.</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Device Information:</b></td>
|
|
<td>%%ZTNA_DEV_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Request Time:</b></td>
|
|
<td>%%ZTNA_REQ_TIME%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg webproxy "ztna-matched-deny-policy"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
virtical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>ZTNA Access Denied</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>ZTNA Policy Denied</h1>
|
|
<table><tbody>
|
|
<tr>
|
|
<td><b>Error Code:</b></td>
|
|
<td>%%ZTNA_ERROR_CODE%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Error Message:</b></td>
|
|
<td>The page you requested has been blocked because a policy with action deny was matched.</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Device Information:</b></td>
|
|
<td>%%ZTNA_DEV_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Request Time:</b></td>
|
|
<td>%%ZTNA_REQ_TIME%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg webproxy "ztna-client-cert-revoked"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
virtical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>ZTNA Access Denied</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>ZTNA Policy Denied</h1>
|
|
<table><tbody>
|
|
<tr>
|
|
<td><b>Error Code:</b></td>
|
|
<td>%%ZTNA_ERROR_CODE%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Error Message:</b></td>
|
|
<td>The page you requested has been blocked because the client cert has been revoked.</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Certificate Information:</b></td>
|
|
<td>%%ZTNA_CERT_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Device Information:</b></td>
|
|
<td>%%ZTNA_DEV_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Request Time:</b></td>
|
|
<td>%%ZTNA_REQ_TIME%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg webproxy "ztna-denied-by-matched-tags"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
virtical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>ZTNA Access Denied</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>ZTNA Policy Denied</h1>
|
|
<table><tbody>
|
|
<tr>
|
|
<td><b>Error Code:</b></td>
|
|
<td>%%ZTNA_ERROR_CODE%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Error Message:</b></td>
|
|
<td>The page you requested has been blocked because the tags matched a deny policy.</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Certificate Information:</b></td>
|
|
<td>%%ZTNA_CERT_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Device Information:</b></td>
|
|
<td>%%ZTNA_DEV_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Device Tags:</b></td>
|
|
<td>%%ZTNA_DEV_TAGS%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Request Time:</b></td>
|
|
<td>%%ZTNA_REQ_TIME%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg webproxy "ztna-denied-no-matched-tags"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
virtical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>ZTNA Access Denied</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>ZTNA Policy Denied</h1>
|
|
<table><tbody>
|
|
<tr>
|
|
<td><b>Error Code:</b></td>
|
|
<td>%%ZTNA_ERROR_CODE%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Error Message:</b></td>
|
|
<td>The page you requested has been blocked because the tags didn\'t match any policy.</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Certificate Information:</b></td>
|
|
<td>%%ZTNA_CERT_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Device Information:</b></td>
|
|
<td>%%ZTNA_DEV_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Device Tags:</b></td>
|
|
<td>%%ZTNA_DEV_TAGS%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Request Time:</b></td>
|
|
<td>%%ZTNA_REQ_TIME%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg webproxy "ztna-no-dev-info"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
virtical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>ZTNA Access Denied</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>ZTNA Policy Denied</h1>
|
|
<table><tbody>
|
|
<tr>
|
|
<td><b>Error Code:</b></td>
|
|
<td>%%ZTNA_ERROR_CODE%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Error Message:</b></td>
|
|
<td>The page you requested has been blocked because no device info was found.</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Certificate Information:</b></td>
|
|
<td>%%ZTNA_CERT_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Device Information:</b></td>
|
|
<td>%%ZTNA_DEV_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Request Time:</b></td>
|
|
<td>%%ZTNA_REQ_TIME%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg webproxy "ztna-dev-is-offline"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
virtical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>ZTNA Access Denied</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>ZTNA Policy Denied</h1>
|
|
<table><tbody>
|
|
<tr>
|
|
<td><b>Error Code:</b></td>
|
|
<td>%%ZTNA_ERROR_CODE%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Error Message:</b></td>
|
|
<td>The page you requested has been blocked because the device is offline.</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Certificate Information:</b></td>
|
|
<td>%%ZTNA_CERT_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Device Information:</b></td>
|
|
<td>%%ZTNA_DEV_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Request Time:</b></td>
|
|
<td>%%ZTNA_REQ_TIME%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg webproxy "ztna-dev-is-unmanageable"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
virtical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>ZTNA Access Denied</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>ZTNA Policy Denied</h1>
|
|
<table><tbody>
|
|
<tr>
|
|
<td><b>Error Code:</b></td>
|
|
<td>%%ZTNA_ERROR_CODE%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Error Message:</b></td>
|
|
<td>The page you requested has been blocked because the device is unknown or unmanaged.</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Certificate Information:</b></td>
|
|
<td>%%ZTNA_CERT_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Device Information:</b></td>
|
|
<td>%%ZTNA_DEV_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Request Time:</b></td>
|
|
<td>%%ZTNA_REQ_TIME%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg webproxy "ztna-auth-fail"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
virtical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>ZTNA Access Denied</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>ZTNA Policy Denied</h1>
|
|
<table><tbody>
|
|
<tr>
|
|
<td><b>Error Code:</b></td>
|
|
<td>%%ZTNA_ERROR_CODE%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Error Message:</b></td>
|
|
<td>The page you requested has been blocked because authorization failed.</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>User Name:</b></td>
|
|
<td>%%ZTNA_USER_NAME%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Certificate Information:</b></td>
|
|
<td>%%ZTNA_CERT_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Device Information:</b></td>
|
|
<td>%%ZTNA_DEV_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Request Time:</b></td>
|
|
<td>%%ZTNA_REQ_TIME%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg webproxy "casb-block"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Blocked by Inline CASB Control</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Blocked by Inline CASB Control</h1>
|
|
<table><tbody>
|
|
<tr>
|
|
<td><b>Error Message:</b></td>
|
|
<td>The page you requested has been blocked by inline CASB control.</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>CASB Profile:</b></td>
|
|
<td>%%CASB_PROFILE%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>CASB SaaS Application:</b></td>
|
|
<td>%%CASB_SAAS_APP%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>CASB User Activity:</b></td>
|
|
<td>%%CASB_USER_ACTIVITY%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg webproxy "swp-empty-cert"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Secure Webproxy Access Denied</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Invalid client certificate</h1>
|
|
<table><tbody>
|
|
<tr>
|
|
<td><b>Error Code:</b></td>
|
|
<td>%%SECURE_WEBPROXY_ERROR_CODE%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Error Message:</b></td>
|
|
<td>The page you requested has been blocked because the client certificate is empty.</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Certificate Information:</b></td>
|
|
<td>%%SECURE_WEBPROXY_CERT_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Request Time:</b></td>
|
|
<td>%%SECURE_WEBPROXY_REQ_TIME%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg webproxy "swp-manageable-empty-cert"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Secure Webproxy Access Block</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Invalid client certificate</h1>
|
|
<table><tbody>
|
|
<tr>
|
|
<td><b>Error Code:</b></td>
|
|
<td>%%SECURE_WEBPROXY_ERROR_CODE%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Error Message:</b></td>
|
|
<td>The page you requested has been blocked because the device is manageable but with an empty client certificate.</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Certificate Information:</b></td>
|
|
<td>%%SECURE_WEBPROXY_CERT_INFO%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>Request Time:</b></td>
|
|
<td>%%SECURE_WEBPROXY_REQ_TIME%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg ftp "ftp-explicit-banner"
|
|
set buffer "Welcome to the FortiGate FTP proxy."
|
|
set header none
|
|
set format text
|
|
end
|
|
config system replacemsg fortiguard-wf "ftgd-block"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Web Filter Violation</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>FortiGuard Intrusion Prevention - Access Blocked</h1>
|
|
<h3>Web Page Blocked</h3>
|
|
<p>You have tried to access a web page that is in violation of your Internet usage policy.</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>Category</td>
|
|
<td>%%CATEGORY%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>URL</td>
|
|
<td>%%PROTOCOL%%://%%URL%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
<p>To have the rating of this web page re-evaluated <a href=\"%%FTGD_RE_EVAL%%\">please click here</a>.</p>
|
|
<p>%%OVERRIDE%%</p>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg fortiguard-wf "ftgd-ovrd"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Web Filter Block Override</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>FortiGuard Intrusion Prevention - Access Blocked</h1>
|
|
<h3>Web Filter Block Override</h3>
|
|
<p>Please contact your administrator to gain access to the web page.</p>
|
|
<div>%%OVRD_FORM%%</div>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg fortiguard-wf "ftgd-quota"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Web Filter Quota Exceeded</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>FortiGuard Intrusion Prevention - Access Blocked</h1>
|
|
<h3>Web Page Blocked</h3>
|
|
<p>Your daily quota for this category of web page has expired.</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>Category</td>
|
|
<td>%%CATEGORY%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>URL</td>
|
|
<td>%%PROTOCOL%%://%%URL%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
<p>To have the rating of this web page re-evaluated <a href=\"%%FTGD_RE_EVAL%%\">please click here</a>.</p>
|
|
<p>%%OVERRIDE%%</p>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg fortiguard-wf "ftgd-warning"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Web Filter Block Override</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>FortiGuard Intrusion Prevention - Access Blocked</h1>
|
|
<h3>Web Page Blocked</h3>
|
|
<p>You have tried to access a web page which is in violation of your Internet usage policy.</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>Category</td>
|
|
<td>%%CATEGORY%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>URL</td>
|
|
<td>%%PROTOCOL%%://%%URL%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
<p>To have the rating of this web page re-evaluated <a href=\"%%FTGD_RE_EVAL%%\">please click here</a>.</p>
|
|
<div class=\"form-footer\">
|
|
<button type=\"button\" onclick=\"document.location.href=\'%%WARNINGLINK%%\'; return false;\">Proceed</button>
|
|
<button class=\"primary\" type=\"button\" onclick=\"history.go(-1); return false;\">Go Back</button>
|
|
</div>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg spam "ipblocklist"
|
|
set buffer "This message has been blocked because mail from this IP address is not allowed."
|
|
set header none
|
|
set format text
|
|
end
|
|
config system replacemsg spam "smtp-spam-dnsbl"
|
|
set buffer "This message has been blocked because it is from a DNSBL/ORDBL IP address."
|
|
set header none
|
|
set format text
|
|
end
|
|
config system replacemsg spam "smtp-spam-feip"
|
|
set buffer "This message has been blocked because it is from a FortiGuard AntiSpam Service blocked IP address."
|
|
set header none
|
|
set format text
|
|
end
|
|
config system replacemsg spam "smtp-spam-helo"
|
|
set buffer "This message has been blocked because the HELO/EHLO domain is invalid."
|
|
set header none
|
|
set format text
|
|
end
|
|
config system replacemsg spam "smtp-spam-emailblock-to"
|
|
set buffer "This message has been blocked because mail to this email address is not allowed."
|
|
set header none
|
|
set format text
|
|
end
|
|
config system replacemsg spam "smtp-spam-emailblock-from"
|
|
set buffer "This message has been blocked because mail from this email address is not allowed."
|
|
set header none
|
|
set format text
|
|
end
|
|
config system replacemsg spam "smtp-spam-emailblock-subject"
|
|
set buffer "This message has been blocked because the subject contains a banned phrase."
|
|
set header none
|
|
set format text
|
|
end
|
|
config system replacemsg spam "smtp-spam-mimeheader"
|
|
set buffer "This message has been blocked because it contains an invalid header."
|
|
set header none
|
|
set format text
|
|
end
|
|
config system replacemsg spam "reversedns"
|
|
set buffer "This message has been blocked because the return email domain is invalid."
|
|
set header none
|
|
set format text
|
|
end
|
|
config system replacemsg spam "smtp-spam-ase"
|
|
set buffer "This message has been blocked because ASE reports it as spam."
|
|
set header none
|
|
set format text
|
|
end
|
|
config system replacemsg spam "submit"
|
|
set buffer "If this email is not spam, contact your administrator to add the signature to the FortiGuard AntiSpam Service."
|
|
set header none
|
|
set format text
|
|
end
|
|
config system replacemsg alertmail "alertmail-virus"
|
|
set buffer "Virus/Worm detected: %%VIRUS%%; Protocol: %%PROTOCOL%%; Email Address From: %%EMAIL_FROM%%; Email Address To: %%EMAIL_TO%%;
|
|
VIRUS REFERENCE URL: %%VIRUS_REF_URL%%"
|
|
set header none
|
|
set format text
|
|
end
|
|
config system replacemsg alertmail "alertmail-block"
|
|
set buffer "File Block Detected: %%FILE%%; Protocol: %%PROTOCOL%%; Email Address From: %%EMAIL_FROM%%; Email Address To: %%EMAIL_TO%%"
|
|
set header none
|
|
set format text
|
|
end
|
|
config system replacemsg alertmail "alertmail-nids-event"
|
|
set buffer "The following intrusion was observed: %%NIDS_EVENT%%."
|
|
set header none
|
|
set format text
|
|
end
|
|
config system replacemsg alertmail "alertmail-crit-event"
|
|
set buffer "The following critical firewall event was detected: %%CRITICAL_EVENT%%."
|
|
set header none
|
|
set format text
|
|
end
|
|
config system replacemsg alertmail "alertmail-disk-full"
|
|
set buffer "The log disk is full."
|
|
set header none
|
|
set format text
|
|
end
|
|
config system replacemsg admin "pre_admin-disclaimer-text"
|
|
set buffer "PRE WARNING:
|
|
This is a private computer system. Unauthorized access or use
|
|
is prohibited and subject to prosecution and/or disciplinary
|
|
action. Any use of this system constitutes consent to
|
|
monitoring at all times and users are not entitled to any
|
|
expectation of privacy. If monitoring reveals possible evidence
|
|
of violation of criminal statutes, this evidence and any other
|
|
related information, including identification information about
|
|
the user, may be provided to law enforcement officials.
|
|
If monitoring reveals violations of security regulations or
|
|
unauthorized use, employees who violate security regulations or
|
|
make unauthorized use of this system are subject to appropriate
|
|
disciplinary action."
|
|
set header none
|
|
set format text
|
|
end
|
|
config system replacemsg admin "post_admin-disclaimer-text"
|
|
set buffer "POST WARNING:
|
|
This is a private computer system. Unauthorized access or use
|
|
is prohibited and subject to prosecution and/or disciplinary
|
|
action. Any use of this system constitutes consent to
|
|
monitoring at all times and users are not entitled to any
|
|
expectation of privacy. If monitoring reveals possible evidence
|
|
of violation of criminal statutes, this evidence and any other
|
|
related information, including identification information about
|
|
the user, may be provided to law enforcement officials.
|
|
If monitoring reveals violations of security regulations or
|
|
unauthorized use, employees who violate security regulations or
|
|
make unauthorized use of this system are subject to appropriate
|
|
disciplinary action.
|
|
|
|
%%LAST_SUCCESSFUL_LOGIN%%
|
|
%%LAST_FAILED_LOGIN%%"
|
|
set header none
|
|
set format text
|
|
end
|
|
config system replacemsg auth "auth-disclaimer-page-1"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Firewall Disclaimer</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1 class=\"text-centered\">Terms and Disclaimer Agreement</h1>
|
|
<form action=\"%%DISCLAIMER_ACT%%\" method=\"%%DISCLAIMER_METHOD%%\">
|
|
<input type=\"hidden\" name=\"%%REDIRID%%\" value=\"%%PROTURI%%\">
|
|
<input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL%%\">
|
|
<input type=\"hidden\" name=\"%%ANSWERID%%\" value=\"%%DECLINEVAL%%\">
|
|
<p class=\"text-scrollable text-container\">You are about to access Internet content that is not under the control of the network access provider. The network access provider is therefore not responsible for any of these sites, their content or their privacy policies. The network access provider and its staff do not endorse nor make any representations about these sites, or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any Internet content, you do this entirely at your own risk and you are responsible for ensuring that any accessed material does not infringe the laws governing, but not exhaustively covering, copyright, trademarks, pornography, or any other material which is slanderous, defamatory or might cause offence in any other way.</p>
|
|
<p><b>Do you agree to the above terms?</b></p>
|
|
<div class=\"form-footer\">
|
|
<button class=\"primary\" type=\"button\" onclick=\"sb(\'%%AGREEVAL%%\')\">Yes, I agree</button>
|
|
<button type=\"button\" onclick=\"sb(\'%%DECLINEVAL%%\')\">No, I decline</button>
|
|
</div>
|
|
</form>
|
|
<script>function sb(val) { document.forms[0].%%ANSWERID%%.value = val; document.forms[0].submit(); }</script>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg auth "auth-disclaimer-page-2"
|
|
set buffer ''
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg auth "auth-disclaimer-page-3"
|
|
set buffer ''
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg auth "auth-proxy-reject-page"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Firewall Disclaimer Declined</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Disclaimer Declined</h1>
|
|
<p>Sorry, network access cannot be granted unless you agree to the disclaimer.</p>
|
|
<div>
|
|
<a href=\"%%DISCLAIMER_ACT%%\">
|
|
<button class=\"primary\" >Return to Disclaimer</button>
|
|
</a>
|
|
</div>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg auth "auth-reject-page"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Firewall Disclaimer Declined</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Disclaimer Declined</h1>
|
|
<form action=\"/\" method=\"post\">
|
|
<input type=\"hidden\" name=\"%%REDIRID%%\" value=\"%%PROTURI%%\">
|
|
<input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL%%\">
|
|
<p>Sorry, network access cannot be granted unless you agree to the disclaimer.</p>
|
|
<div>
|
|
<button class=\"primary\" type=\"submit\">Return to Disclaimer</button>
|
|
</div>
|
|
</form>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg auth "auth-login-page"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Firewall Authentication</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Authentication Required</h1>
|
|
<form action=\"%%AUTH_POST_URL%%\" method=\"post\">
|
|
<input type=\"hidden\" name=\"%%REDIRID%%\" value=\"%%PROTURI%%\">
|
|
<input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL%%\">
|
|
<input type=\"hidden\" name=\"%%METHODID%%\" value=\"%%METHODVAL%%\">
|
|
<p>%%QUESTION%%</p>
|
|
<div class=\"field\">
|
|
<label for=\"ft_un\">Username</label>
|
|
<div>
|
|
<input name=\"%%USERNAMEID%%\" id=\"ft_un\" type=\"text\" autocorrect=\"off\" autocapitalize=\"off\">
|
|
</div>
|
|
</div>
|
|
<div class=\"field\">
|
|
<label for=\"ft_pd\">Password</label>
|
|
<div>
|
|
<input name=\"%%PASSWORDID%%\" id=\"ft_pd\" type=\"password\" autocomplete=\"off\">
|
|
</div>
|
|
</div>
|
|
<div class=\"form-footer\">
|
|
<button class=\"primary\" type=\"submit\">Continue</button>
|
|
</div>
|
|
</form>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg auth "auth-login-failed-page"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Firewall Authentication</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Authentication Failed</h1>
|
|
<form action=\"%%AUTH_POST_URL%%\" method=\"post\">
|
|
<input type=\"hidden\" name=\"%%REDIRID%%\" value=\"%%PROTURI%%\">
|
|
<input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL%%\">
|
|
<input type=\"hidden\" name=\"%%METHODID%%\" value=\"%%METHODVAL%%\">
|
|
<p>%%FAILED_MESSAGE%%</p>
|
|
<div class=\"field\">
|
|
<label for=\"ft_un\">Username</label>
|
|
<div>
|
|
<input name=\"%%USERNAMEID%%\" id=\"ft_un\" type=\"text\" autocorrect=\"off\" autocapitalize=\"off\">
|
|
</div>
|
|
</div>
|
|
<div class=\"field\">
|
|
<label for=\"ft_pd\">Password</label>
|
|
<div>
|
|
<input name=\"%%PASSWORDID%%\" id=\"ft_pd\" type=\"password\" autocomplete=\"off\">
|
|
</div>
|
|
</div>
|
|
<div class=\"form-footer\">
|
|
<button class=\"primary\" type=\"submit\">Continue</button>
|
|
</div>
|
|
</form>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg auth "auth-token-login-page"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Firewall Authentication</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Authentication Required</h1>
|
|
<form action=\"%%AUTH_POST_URL%%\" method=\"post\">
|
|
<input type=\"hidden\" name=\"%%REDIRID%%\" value= \"%%PROTURI%%\"><input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL%%\"><input type=\"hidden\" name=\"%%METHODID%%\" value=\"%%METHODVAL%%\">
|
|
<p>%%QUESTION%%</p>
|
|
<div class=\"field\">
|
|
<label for=\"un\">Username</label>
|
|
<div>
|
|
<input name=\"%%USERNAMEID%%\" id=\"un\" type=\"text\">
|
|
</div>
|
|
</div>
|
|
<div class=\"field\">
|
|
<label for=\"pd\">Password</label>
|
|
<div>
|
|
<input name=\"%%PASSWORDID%%\" id=\"pd\" type=\"password\" autocomplete=\"off\">
|
|
</div>
|
|
</div>
|
|
<div class=\"field\">
|
|
<label for=\"tk\">Token</label>
|
|
<div>
|
|
<input name=\"%%TOKENCODE%%\" id=\"tk\" type=\"text\">
|
|
</div>
|
|
</div>
|
|
<p>%%EXTRAINFO%%</p>
|
|
<div class=\"form-footer\">
|
|
<button class=\"primary\" type=\"submit\">Continue</button>
|
|
</div>
|
|
</form>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg auth "auth-token-login-failed-page"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Firewall Authentication</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Authentication Failed</h1>
|
|
<form action=\"%%AUTH_POST_URL%%\" method=\"post\">
|
|
<input type=\"hidden\" name=\"%%REDIRID%%\" value=\"%%PROTURI%%\">
|
|
<input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL%%\">
|
|
<input type=\"hidden\" name=\"%%METHODID%%\" value=\"%%METHODVAL%%\">
|
|
<p>%%FAILED_MESSAGE%%</p>
|
|
<div class=\"field\">
|
|
<label for=\"un\">Username</label>
|
|
<div>
|
|
<input name=\"%%USERNAMEID%%\" id=\"un\" type=\"text\">
|
|
</div>
|
|
</div>
|
|
<div class=\"field\">
|
|
<label for=\"pd\">Password</label>
|
|
<div>
|
|
<input name=\"%%PASSWORDID%%\" id=\"pd\" type=\"password\" autocomplete=\"off\">
|
|
</div>
|
|
</div>
|
|
<div class=\"field\">
|
|
<label for=\"tk\">Token</label>
|
|
<div>
|
|
<input name=\"%%TOKENCODE%%\" id=\"tk\" type=\"text\">
|
|
</div>
|
|
</div>
|
|
<p>%%EXTRAINFO%%</p>
|
|
<div class=\"form-footer\">
|
|
<button class=\"primary\" type=\"submit\">Continue</button>
|
|
</div>
|
|
</form>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg auth "auth-success-msg"
|
|
set buffer "Welcome to Fortinet Firewall
|
|
Authentication is successful, please connect again."
|
|
set header none
|
|
set format text
|
|
end
|
|
config system replacemsg auth "auth-challenge-page"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Firewall Authentication</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Authentication Required</h1>
|
|
<form action=\"/\" method=\"post\">
|
|
<input type=\"hidden\" name=\"%%USERNAMEID%%\" value=\"%%USERNAMEVAL%%\">
|
|
<input type=\"hidden\" name=\"%%REQUESTID%%\" value=\"%%REQUESTVAL%%\">
|
|
<input type=\"hidden\" name=\"%%USERGROUPID%%\" value=\"%%USERGROUPVAL%%\">
|
|
<input type=\"hidden\" name=\"%%REDIRID%%\" value=\"%%PROTURI%%\">
|
|
<input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL%%\">
|
|
<p>%%QUESTION%%</p>
|
|
<div class=\"field single\">
|
|
<label for=\"ft_un\">Password</label>
|
|
<div>
|
|
<input name=\"%%PASSWORDID%%\" id=\"ft_pd\" type=\"password\" autocomplete=\"off\">
|
|
</div>
|
|
</div>
|
|
<div class=\"form-footer\">
|
|
<button class=\"primary\" type=\"submit\" id=\"ft_ci\">Continue</button>
|
|
</div>
|
|
</form>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg auth "auth-keepalive-page"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Firewall Authentication Keepalive Window</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Authentication Keepalive</h1>
|
|
<form action=\"/\" method=\"post\">
|
|
<p>This browser window is used to keep your authentication session active. Please leave it open in the background and open a <a href=\"%%AUTH_REDIR_URL%%\" target=\"_blank\">new window</a> to continue.</p>
|
|
<p>Authentication refresh in <b id=\"countdown\">%%TIMEOUT%%</b> seconds ...</p>
|
|
<p><a href=\"%%AUTH_LOGOUT%%\">logout</a></p>
|
|
<p>%%QUOTA_TABLE%%</p>
|
|
</form>
|
|
<script id=\"heartBeatWorker\" type=\"javascript/worker\">
|
|
(function(){
|
|
function heartbeat() { self.postMessage(\"hb\"); }
|
|
setInterval(function(){ heartbeat(); }, 1000);
|
|
})();
|
|
</script>
|
|
<script>
|
|
var startTime= new Date();
|
|
function updateCountDown(){
|
|
var secElapsed = Math.floor((Date.now() - startTime.getTime()) / 1000);
|
|
if (secElapsed >= %%TIMEOUT%%){
|
|
location.href=\"%%KEEPALIVEURL%%\";
|
|
return;
|
|
}
|
|
document.getElementById(\'countdown\').innerHTML = %%TIMEOUT%% - secElapsed;
|
|
}
|
|
</script>
|
|
<script>
|
|
if (typeof(Worker) !== \"undefined\") {
|
|
var blob = new Blob([document.querySelector(\'#heartBeatWorker\').textContent], { type: \"text/javascript\" });
|
|
var worker = new Worker(window.URL.createObjectURL(blob));
|
|
worker.onmessage = function (event) {
|
|
updateCountDown();
|
|
};
|
|
} else {
|
|
function countDown(){
|
|
updateCountDown();
|
|
counter=setTimeout(\"countDown()\", 1000);
|
|
}
|
|
window.onload=countDown;
|
|
}
|
|
</script>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg auth "auth-portal-page"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Firewall Authentication</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Firewall Authentication</h1>
|
|
<p><b>Firewall authentication was successful.</b></p>
|
|
<p>You can access the network as per your protection profile.</p>
|
|
<p><a href=\"%%AUTH_REDIR_URL%%\" target=\"_blank\">open a new window</a></p>
|
|
<p><a href=\"%%AUTH_LOGIN%%\">login with another user</a></p>
|
|
<p><a href=\"%%AUTH_LOGOUT%%\">logout</a></p>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg auth "auth-password-page"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Firewall Authentication</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Password Expired</h1>
|
|
<form action=\"/\" method=\"post\" onsubmit=\'return form_check();\'>
|
|
<input name=\"%%USERNAMEID%%\" type=\"hidden\" value=\"%%USERNAMEVAL%%\" />
|
|
<input name=\"%%REQUESTID%%\" type=\"hidden\" value=\"%%REQUESTVAL%%\" />
|
|
<input name=\"%%USERGROUPID%%\" type=\"hidden\" value=\"%%USERGROUPVAL%%\" />
|
|
<input name=\"%%REDIRID%%\" type=\"hidden\" value=\"%%PROTURI%%\" />
|
|
<input name=\"%%MAGICID%%\" type=\"hidden\" value=\"%%MAGICVAL%%\" />
|
|
<p>Please set a new one.</p>
|
|
<script>
|
|
var min_length = %%MIN_LENGTH%%;if (min_length > 0) {document.write(\"Password must:<br> Be a minimum length of %%MIN_LENGTH%%\");}
|
|
var min_lower_letter_length = %%MIN_LOWER_LETTER_LENGTH%%;if (min_lower_letter_length > 0) {document.write(\"<br> Include at least %%MIN_LOWER_LETTER_LENGTH%% lower case letter(s) (a-z)\");}
|
|
var min_upper_letter_length = %%MIN_UPPER_LETTER_LENGTH%%;if (min_upper_letter_length > 0) {document.write(\"<br> Include at least %%MIN_UPPER_LETTER_LENGTH%% upper case letter(s) (A-Z)\");}
|
|
var min_non_alpha_length = %%MIN_NON_ALPHA_LENGTH%%;if (min_non_alpha_length > 0) {document.write(\"<br> Include at least %%MIN_NON_ALPHA_LENGTH%% non-alphanumeric character(s)\");}
|
|
var min_numeric_length = %%MIN_NUMERIC_LENGTH%%;if (min_numeric_length > 0) {document.write(\"<br> Include at least %%MIN_NUMERIC_LENGTH%% number(s) (0-9)\");}
|
|
var min_unique_char = %%MIN_UNIQUE_CHAR%%;if (min_unique_char > 0) {document.write(\"<br> Have at least %%MIN_UNIQUE_CHAR%% unique character(s) which don\'t exist in the old password\");}
|
|
var prevent_reuse = %%PREVENT_REUSE%%;if (prevent_reuse > 0) {document.write(\"<br> Not be same as last two passwords\");}
|
|
</script>
|
|
<div class=\"field\">
|
|
<label for=\"ft_pd\">New password</label>
|
|
<div>
|
|
<input name=\"%%PASSWORDID%%\" id=\"ft_pd\" type=\"password\" autocomplete=\"off\" onkeydown=\"keydownhandler(event)\">
|
|
</div>
|
|
</div>
|
|
<div class=\"field\">
|
|
<label for=\"ft_pd_re\">Re-enter</label>
|
|
<div>
|
|
<input name=\"password2\" id=\"ft_pd_re\" type=\"password\" autocomplete=\"off\" onkeydown=\"keydownhandler(event)\">
|
|
</div>
|
|
</div>
|
|
<div class=\"form-footer\">
|
|
<button class=\"primary\" id=\"continue\" type=\"submit\">Continue</button>
|
|
<button type=\"button\" id=\"skip\" onclick=\"form.%%PASSWORDID%%.value=\'\'; form.password2.value=\'\'; form.submit();\">Skip</button>
|
|
</div>
|
|
</form>
|
|
<script>var expire_days = %%EXPIREDAYS%%;if (expire_days < 0) { document.write(\"Your password has expired.\"); }else if (expire_days == 0) { document.write(\"Your password is expiring.\"); }else if (expire_days == 1) { document.write(\"Your password will expire in 1 day.\"); }else { document.write(\"Your password will expire in %%EXPIREDAYS%% days.\"); }</script>
|
|
<script>document.forms[0].skip.focus(); function keydownhandler(event){if (event.keyCode == 13) document.forms[0].continue.focus();} function form_check(){ var form=document.forms[0]; if (form.%%PASSWORDID%%.value != form.password2.value) { alert(\'The entered passwords do not match\'); return false; } return true;}</script>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg auth "auth-fortitoken-page"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Firewall Authentication</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>FortiToken Code Required</h1>
|
|
<form action=\"%%AUTH_POST_URL%%\" method=\"post\">
|
|
<input type=\"hidden\" name=\"%%REQUESTID%%\" value=\"%%REQUESTVAL%%\">
|
|
<input type=\"hidden\" name=\"%%REDIRID%%\" value=\"%%PROTURI%%\">
|
|
<input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL%%\">
|
|
<input type=\"hidden\" name=\"%%METHODID%%\" value=\"%%METHODVAL%%\">
|
|
<input type=\"hidden\" disabled=\"disabled\" name=\"%%FTM_PUSH%%\" value=\"%%FTM_PUSH_VAL%%\">
|
|
<p>%%QUESTION%%</p>
|
|
<div class=\"field single\">
|
|
<label for=\"ft_un\">Token Code</label>
|
|
<div>
|
|
<input name=\"%%TOKENCODE%%\" id=\"ft_tc\" required>
|
|
</div>
|
|
</div>
|
|
<p>%%EXTRAINFO%%</p>
|
|
<div class=\"form-footer\">
|
|
<button class=\"primary\" type=\"submit\" id=\"ft_ci\">Continue</button>
|
|
</div>
|
|
</form>
|
|
</div>
|
|
<script>
|
|
var ftmPushStatusTimeout = null;
|
|
var ftmPushInput = document.querySelector(\'input[name=\"%%FTM_PUSH%%\"]\');
|
|
if (ftmPushInput && ftmPushInput.value) {
|
|
setTimeout(function() {
|
|
startFtmPushPoll();
|
|
}, 2000)
|
|
}
|
|
function getFtmPushStatus() {
|
|
var xhr = new XMLHttpRequest();
|
|
xhr.open(\"POST\", \'/\', true);
|
|
xhr.setRequestHeader(\'Content-Type\', \'application/x-www-form-urlencoded\');
|
|
var encodedData = [];
|
|
var fields = [\'%%REQUESTID%%\', \'%%REDIRID%%\', \'%%MAGICID%%\'];
|
|
fields.forEach(function(field) {
|
|
var requestIdInput = document.querySelector(\'input[name=\"\' + field + \'\"]\');
|
|
if (requestIdInput && requestIdInput.value) {
|
|
encodedData.push(encodeURIComponent(field) + \'=\' + encodeURIComponent(requestIdInput.value));
|
|
}
|
|
});
|
|
encodedData.push(\'%%IS_AJAX%%=1\');
|
|
encodedData.push(\'%%TOKENCODE%%=\');
|
|
xhr.onreadystatechange = function() {
|
|
if (xhr.readyState === 4) {
|
|
try {
|
|
if (xhr.response && xhr.response.charAt(0) === \'%%AJAX_STATUS_REDIRECT%%\') {
|
|
document.location = xhr.response.substring(1);
|
|
}
|
|
} catch (e) {}
|
|
}
|
|
};
|
|
xhr.send(encodedData.join(\'&\').replace(/%20/g, \'+\'));
|
|
}
|
|
function startFtmPushPoll() {
|
|
cancelFtmPushPoll();
|
|
getFtmPushStatus();
|
|
ftmPushStatusTimeout = setTimeout(function() {
|
|
startFtmPushPoll();
|
|
}, 2000);
|
|
}
|
|
function cancelFtmPushPoll() {
|
|
clearTimeout(ftmPushStatusTimeout);
|
|
}
|
|
</script></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg auth "auth-next-fortitoken-page"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Firewall Authentication</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>FortiToken Code Required</h1>
|
|
<form action=\"%%AUTH_POST_URL%%\" method=\"post\">
|
|
<input type=\"hidden\" name=\"%%REQUESTID%%\" value=\"%%REQUESTVAL%%\">
|
|
<input type=\"hidden\" name=\"%%REDIRID%%\" value=\"%%PROTURI%%\">
|
|
<input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL%%\">
|
|
<input type=\"hidden\" name=\"%%METHODID%%\" value=\"%%METHODVAL%%\">
|
|
<p>%%QUESTION%%</p>
|
|
<div class=\"field single\">
|
|
<label for=\"ft_un\">Next Code</label>
|
|
<div>
|
|
<input name=\"%%TOKENCODE%%\" id=\"ft_tc\">
|
|
</div>
|
|
</div>
|
|
<p>%%EXTRAINFO%%</p>
|
|
<div class=\"form-footer\">
|
|
<button class=\"primary\" type=\"submit\">Continue</button>
|
|
</div>
|
|
</form>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg auth "auth-email-token-page"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Firewall Authentication</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Email Token Code Required</h1>
|
|
<form action=\"%%AUTH_POST_URL%%\" method=\"post\">
|
|
<input type=\"hidden\" name=\"%%REQUESTID%%\" value=\"%%REQUESTVAL%%\">
|
|
<input type=\"hidden\" name=\"%%REDIRID%%\" value=\"%%PROTURI%%\">
|
|
<input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL%%\">
|
|
<input type=\"hidden\" name=\"%%METHODID%%\" value=\"%%METHODVAL%%\">
|
|
<p>%%QUESTION%%</p>
|
|
<div class=\"field single\">
|
|
<label for=\"ft_un\">Token Code</label>
|
|
<div>
|
|
<input name=\"%%TOKENCODE%%\" id=\"ft_tc\">
|
|
</div>
|
|
</div>
|
|
<div class=\"form-footer\">
|
|
<button class=\"primary\" type=\"submit\" id=\"ft_ci\">Continue</button>
|
|
</div>
|
|
</form>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg auth "auth-sms-token-page"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Firewall Authentication</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>SMS Token Code Required</h1>
|
|
<form action=\"%%AUTH_POST_URL%%\" method=\"post\">
|
|
<input type=\"hidden\" name=\"%%REQUESTID%%\" value=\"%%REQUESTVAL%%\">
|
|
<input type=\"hidden\" name=\"%%REDIRID%%\" value=\"%%PROTURI%%\">
|
|
<input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL%%\">
|
|
<input type=\"hidden\" name=\"%%METHODID%%\" value=\"%%METHODVAL%%\">
|
|
<p>%%QUESTION%%</p>
|
|
<div class=\"field single\">
|
|
<label for=\"ft_un\">Token Code</label>
|
|
<div>
|
|
<input name=\"%%TOKENCODE%%\" id=\"ft_tc\">
|
|
</div>
|
|
</div>
|
|
<p>%%EXTRAINFO%%</p>
|
|
<div class=\"form-footer\">
|
|
<button class=\"primary\" type=\"submit\" id=\"ft_ci\">Continue</button>
|
|
</div>
|
|
</form>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg auth "auth-email-harvesting-page"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Firewall Authentication</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1 class=\"text-centered\">Terms and Disclaimer Agreement</h1>
|
|
<form action=\"%%HEMAIL_ACTION%%\" method=\"%%HEMAIL_METHOD%%\">
|
|
<input type=\"hidden\" name=\"%%REDIRID%%\" value=\"%%PROTURI%%\">
|
|
<input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL%%\">
|
|
<p class=\"text-scrollable text-container\">You are about to access Internet content that is not under the control of the network access provider. The network access provider is therefore not responsible for any of these sites, their content or their privacy policies. The network access provider and its staff do not endorse nor make any representations about these sites, or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any Internet content, you do this entirely at your own risk and you are responsible for ensuring that any accessed material does not infringe the laws governing, but not exhaustively covering, copyright, trademarks, pornography, or any other material which is slanderous, defamatory or might cause offence in any other way.</p>
|
|
<div class=\"text-container\">
|
|
<input type=\"checkbox\" name=\"agree\" id=\"ft_ad\" required=\"required\" onclick=\"document.getElementById(\'ft_un\').disabled = !this.checked;\">
|
|
<label for=\"ft_ad\">
|
|
I accept the Terms and Disclaimer Agreement
|
|
</label>
|
|
</div>
|
|
<div class=\"flex-container text-container column\">
|
|
<p><b>Please enter your Email address to continue.</b></p>
|
|
<div class=\"field single\">
|
|
<label for=\"ft_un\">Email</label>
|
|
<div>
|
|
<input name=\"%%USERNAMEID%%\" id=\"ft_un\" type=\"email\" autocorrect=\"off\" autocapitalize=\"off\" disabled>
|
|
</div>
|
|
</div>
|
|
<div class=\"form-footer\">
|
|
<button class=\"primary\" type=\"submit\" id=\"ft_ci\">Continue</button>
|
|
</div>
|
|
</div>
|
|
</form>
|
|
</div>
|
|
<script>var def_msg = \"Please enter your Email address to continue.\"; var cb = get(\"ft_ad\"); var un = get(\"ft_un\"); var ci = get(\"ft_ci\"); var note = get(\"note\"); var adl = get(\"ft_adl\");if (cb && un && note && adl) { cb.onclick = cb_click; cb_click.apply(cb, [def_msg]); }function get(x) { return document.getElementById(x); }function tc(elm, cn, tg) { if (!elm) return; if (tg) elm.className += \" \" + cn; else elm.className = elm.className.replace(cn,\'\'); }function cb_click(msg) { var en = !this.checked; un.disabled = en; ci.disabled = en; tc(adl, \"hl\", en); tc(note, \"hl\", !en); if(typeof msg === \"string\") { note.innerHTML = msg; } else { note.innerHTML = def_msg; } }</script></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg auth "auth-email-failed-page"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Firewall Authentication</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1 class=\"text-centered\">Terms and Disclaimer Agreement</h1>
|
|
<form action=\"%%HEMAIL_ACTION%%\" method=\"%%HEMAIL_METHOD%%\">
|
|
<input type=\"hidden\" name=\"%%REDIRID%%\" value=\"%%PROTURI%%\">
|
|
<input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL%%\">
|
|
<p class=\"text-scrollable text-container\">You are about to access Internet content that is not under the control of the network access provider. The network access provider is therefore not responsible for any of these sites, their content or their privacy policies. The network access provider and its staff do not endorse nor make any representations about these sites, or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any Internet content, you do this entirely at your own risk and you are responsible for ensuring that any accessed material does not infringe the laws governing, but not exhaustively covering, copyright, trademarks, pornography, or any other material which is slanderous, defamatory or might cause offence in any other way.</p>
|
|
<div class=\"text-container\">
|
|
<input type=\"checkbox\" name=\"agree\" id=\"ft_ad\" required=\"required\" onclick=\"document.getElementById(\'ft_un\').disabled = !this.checked;\">
|
|
<label for=\"ft_ad\">
|
|
I accept the Terms and Disclaimer Agreement
|
|
</label>
|
|
</div>
|
|
<div class=\"flex-container text-container column\">
|
|
<p><b>Please enter your Email address to continue.</b></p>
|
|
<div class=\"field single\">
|
|
<label for=\"ft_un\">Email</label>
|
|
<div>
|
|
<input name=\"%%USERNAMEID%%\" id=\"ft_un\" type=\"email\" autocorrect=\"off\" autocapitalize=\"off\" disabled>
|
|
</div>
|
|
</div>
|
|
<div class=\"form-footer\">
|
|
<button class=\"primary\" type=\"submit\" id=\"ft_ci\">Continue</button>
|
|
</div>
|
|
</div>
|
|
</form>
|
|
</div>
|
|
<script>var def_msg = \"Invalid Email address, please enter again to continue\";var cb = get(\"ft_ad\"); var un = get(\"ft_un\"); var ci = get(\"ft_ci\"); var note = get(\"note\"); var adl = get(\"ft_adl\");if (cb && un && note && adl) { cb.onclick = cb_click; cb_click.apply(cb, [def_msg]); }function get(x) { return document.getElementById(x); }function tc(elm, cn, tg) { if (!elm) return; if (tg) elm.className += \" \" + cn; else elm.className = elm.className.replace(cn,\'\'); }function cb_click(msg) { var en = !this.checked; un.disabled = en; ci.disabled = en; tc(adl, \"hl\", en); tc(note, \"hl\", !en); if(typeof msg === \"string\") { note.innerHTML = msg; } else { note.innerHTML = def_msg; } }</script></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg auth "auth-cert-passwd-page"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Firewall Authentication</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Certificate Password Required</h1>
|
|
<form action=\"%%AUTH_POST_URL%%\" method=\"post\">
|
|
<input type=\"hidden\" name=\"%%REDIRID%%\" value=\"%%PROTURI%%\">
|
|
<input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL%%\">
|
|
<p>%%QUESTION%%</p>
|
|
<div class=\"field\">
|
|
<label for=\"ft_un\">Username</label>
|
|
<div>
|
|
<input name=\"%%USERNAMEID%%\" value=\"%%USERNAMEVAL%%\" id=\"ft_un\" type=\"text\" readonly=\"readonly\" autocorrect=\"off\" autocapitalize=\"off\">
|
|
</div>
|
|
</div>
|
|
<div class=\"field\">
|
|
<label for=\"ft_pd\">Password</label>
|
|
<div>
|
|
<input name=\"%%PASSWORDID%%\" id=\"ft_pd\" type=\"password\" autocomplete=\"off\">
|
|
</div>
|
|
</div>
|
|
<div class=\"form-footer\">
|
|
<button class=\"primary\" type=\"submit\">Continue</button>
|
|
</div>
|
|
</form>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg auth "auth-guest-print-page"
|
|
set buffer "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\"><html><head><meta http-equiv=Content-Type content=\"text/html; charset=UTF-8\"><meta http-equiv=Pragma content=no-cache><title>Guest Access Credentials</title><style type=\"text/css\">body.printable{background-color: white;margin: 0 20px 0 20px;} div.first_section:not(:first-child){page-break-before: always;} div.user_section{padding: 15px;border-bottom: 1px dotted #666;font-family: Verdana, Arial, Sans-Serif;font-size: 10pt;} div.user_header{font-size: 14pt;font-weight: bold;height: 2em;} div.user_disc{font-size: 8pt;margin-bottom: 0.5in;} ul.user_details{list-style-type: none;} li.user_info_field{font-family: monospace;page-break-before: avoid;} label.user_info_label{font-weight: bold;float: left;width: 10em;font-family: Verdana, Arial, Sans-Serif;}</style></head><body class=\"printable\">%%FOR(USERS:USER_SECTIONS)%%<div class=\"user_section first_section\">%%FOR(PRINT_CREDENTIALS:USERS)%%<div class=\"user_header\">Network Guest Access Credentials</div>%%PRINT_CREDENTIALS%%<div class=\"user_disc\">The above account may be used to access Internet content that is not under the control of the network access provider. The network access provider is therefore not responsible for any of these sites, their content or their privacy policies. The network access provider and its staff do not endorse nor make any representations about these sites, or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any Internet content, you do this entirely at your own risk and you are responsible for ensuring that any accessed material does not infringe the laws governing, but not exhaustively covering, copyright, trademarks, pornography, or any other material which is slanderous, defamatory or might cause offence in any other way.</div>%%ENDFOR%%</div>%%ENDFOR%%</body><script type=\"text/javascript\">window.print();</script></html>"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg auth "auth-guest-email-page"
|
|
set buffer "User ID=%%USERID%%
|
|
Password=%%PASSWORD%%
|
|
Expires=%%EXPIRE%%
|
|
User Name=%%USERNAME%%
|
|
Mobile Phone=%%MOBILEPHONE%%
|
|
Sponsor=%%SPONSOR%%
|
|
Company=%%COMPANY%%
|
|
Email=%%EMAIL%%"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg auth "auth-success-page"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Firewall Authentication</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Firewall Authentication</h1>
|
|
<p>If JavaScript is not enabled, please <a href=\"%%AUTH_REDIR_URL%%\">click here</a> to continue.</p>
|
|
<script>window.location=\"%%AUTH_REDIR_URL%%\";</script>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg auth "auth-block-notification-page"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Firewall Notification</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Firewall Notification</h1>
|
|
<p>Your access has been blocked by firewall policy %%POLICY_ID%%.<br>If you have any questions or concerns, please contact your network administrator for more information.</p>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg auth "auth-quarantine-page"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Firewall Quarantine Notification</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Quarantine Notification</h1>
|
|
<form action=\"%%DISCLAIMER_ACT%%\" method=\"%%DISCLAIMER_METHOD%%\">
|
|
<input type=\"hidden\" name=\"%%REDIRID%%\" value=\"%%PROTURI%%\">
|
|
<input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL%%\">
|
|
<input type=\"hidden\" name=\"%%ANSWERID%%\" value=\"%%DECLINEVAL%%\">
|
|
<p>Your network access has been restricted due to the detection of potentially malicious traffic. Please contact your network administrator for further information.</p>
|
|
<p><b>Acknowledge your quarantine for limited network access.</b></p>
|
|
<div class=\"form-footer\">
|
|
<button class=\"primary\" type=\"submit\" onclick=\"sb(\'%%AGREEVAL%%\')\">Accept</button>
|
|
<button type=\"button\" onclick=\"sb(\'%%DECLINEVAL%%\')\">Decline</button>
|
|
</div>
|
|
</form>
|
|
<script>function sb(val) { document.forms[0].%%ANSWERID%%.value = val; document.forms[0].submit(); }</script>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg auth "auth-qtn-reject-page"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Firewall Quarantine Declined</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Quarantine Terms Not Acknowledged</h1>
|
|
<form action=\"/\" method=\"post\">
|
|
<input type=\"hidden\" name=\"%%REDIRID%%\" value=\"%%PROTURI%%\">
|
|
<input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL%%\">
|
|
<p>By failing to acknowledge the Terms of Quarantine, your access may be more severely restricted.</p>
|
|
<div>
|
|
<button class=\"primary\" type=\"submit\">Return to Quarantine Terms</button>
|
|
</div>
|
|
</form>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg auth "auth-saml-page"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Firewall Authentication</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Authentication Required</h1>
|
|
<form action=\"%%AUTH_POST_URL%%\" method=\"post\">
|
|
<input type=\"hidden\" name=\"%%REDIRID%%\" value=\"%%PROTURI%%\">
|
|
<input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL%%\">
|
|
<input type=\"hidden\" name=\"%%METHODID%%\" value=\"%%METHODVAL%%\">
|
|
<p>%%QUESTION%%</p>
|
|
<div class=\"field\">
|
|
<label for=\"ft_un\">Username</label>
|
|
<div>
|
|
<input name=\"%%USERNAMEID%%\" id=\"ft_un\" type=\"text\" autocorrect=\"off\" autocapitalize=\"off\">
|
|
</div>
|
|
</div>
|
|
<div class=\"field\">
|
|
<label for=\"ft_pd\">Password</label>
|
|
<div>
|
|
<input name=\"%%PASSWORDID%%\" id=\"ft_pd\" type=\"password\" autocomplete=\"off\">
|
|
</div>
|
|
</div>
|
|
<div class=\"form-footer\">
|
|
<button class=\"primary\" type=\"submit\">Continue</button>
|
|
<div>Or log in using <a href=\"%%AUTH_SAML%%\">SAML Identity Provider</a></div>
|
|
</div>
|
|
</form>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg sslvpn "sslvpn-login"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\" class=\"main-app\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<meta name=\"apple-itunes-app\" content=\"app-id=1475674905\">
|
|
<link href=\"/styles.css\" rel=\"stylesheet\" type=\"text/css\">
|
|
<link href=\"/css/legacy-main.css\" rel=\"stylesheet\" type=\"text/css\">
|
|
<title>Please Login</title>
|
|
</head>
|
|
<body>
|
|
<div class=\"view-container\">
|
|
<form class=\"prompt legacy-prompt\" action=\"%%SSL_ACT%%\" method=\"%%SSL_METHOD%%\" name=\"f\" autocomplete=\"off\">
|
|
<div class=\"content with-header with-sslvpn\">
|
|
<div class=\"sslvpn-left\">
|
|
<img src=\"/assets/brand-login-left.svg\" alt=\"brand-left\" height=\"500px\"/>
|
|
</div>
|
|
<div class=\"sub-content sub-sslvpn\">
|
|
<div class=\"sslvpn-title\">
|
|
<img src=\"/assets/sslvpn-portal-login.svg\" width=\"300px\" alt=\"SSL-VPN Portal login\" />
|
|
</div>
|
|
<div class=\"wide-inputs\">
|
|
%%SSL_LOGIN%%
|
|
</div>
|
|
<div class=\"button-actions wide sslvpn-buttons\">
|
|
<button class=\"primary\" type=\"button\" name=\"login_button\" id=\"login_button\" onClick=\"try_login()\">
|
|
Login
|
|
</button>
|
|
<button type=\"button\" name=\"skip_button\" id=\"skip_button\" onClick=\"try_skip()\" style=\"display:none\">
|
|
Skip
|
|
</button>
|
|
<button id=\"launch-forticlient-button\" type=\"button\" onClick=\"launchFortiClient()\">
|
|
<f-icon class=\"ftnt-forticlient\"></f-icon>
|
|
<span>Launch FortiClient</span>
|
|
</button>
|
|
<iframe id=\"launch-forticlient-iframe\" style=\"display:none\"></iframe>
|
|
<button id=\"saml-login-bn\" class=\"primary\" type=\"button\" name=\"saml_login_bn\" onClick=\"launchSamlLogin()\" style=\"display:none\">
|
|
SSO Login
|
|
</button>
|
|
</div>
|
|
</div>
|
|
<div class=\"sslvpn-right\">
|
|
<img src=\"/assets/brand-login-right.svg\" alt=\"brand-right\" height=\"500px\"/>
|
|
</div>
|
|
</div>
|
|
</form>
|
|
</div>
|
|
</body>
|
|
%%SSL_HIDDEN%%
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg sslvpn "sslvpn-header"
|
|
set buffer "<div></div>
|
|
%%SSL_STATUS_INFO%%
|
|
%%SSL_OPTIONS%%
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg sslvpn "sslvpn-limit"
|
|
set buffer "<html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\"><title>Already Logged In</title><meta http-equiv=\"Pragma\" content=\"no-cache\"><meta http-equiv=\"cache-control\" content=\"no-cache\"><meta http-equiv=\"cache-control\" content=\"must-revalidate\"><link href=\"/sslvpn/css/login.css\" rel=\"stylesheet\" type=\"text/css\"><script type=\"text/javascript\">if (top && top.location != window.location) top.location = top.location;if (window.opener && window.opener.top) { window.opener.top.location = window.opener.top.location; self.close(); }</script></head><body class=\"main\"><center><table class=\"container\" height=\"100%\" cellspacing=\"0\" cellpadding=\"0\" align=\"center\" width=\"100%\" valign=\"middle\"><tbody><tr valign=\"middle\"><td><table class=\"list\" height=\"180\" cellspacing=\"0\" cellpadding=\"10\" align=\"center\" width=\"400\"><tbody><tr class=\"dark\"><td colspan=\"2\"> <b>Already Logged In</b></td></tr><tr><td colspan=\"2\"><p>You already have an open SSL VPN connection. Opening multiple connections is not permitted.</p><p>If you proceed, your other connection will be disconnected.</p><p>If you have any questions or concerns, please contact your administrator for more information.</p></td></tr><tr><td style=\"text-align:center\">%%SSL_LOGIN_ANYWAY%%</td><td style=\"text-align:center\">%%SSL_LOGIN_CANCEL%%</td></tr></tbody></table></td></tr></tbody></table></center></body></html>"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg sslvpn "hostcheck-error"
|
|
set buffer "Your PC does not meet the host checking requirements set by the firewall. Please try again in a few minutes. If the issue persists check that your OS version meets the minimum requirements, that your antivirus and firewall applications are installed and running properly, and that you have the correct network interface."
|
|
set header none
|
|
set format text
|
|
end
|
|
config system replacemsg sslvpn "sslvpn-provision-user"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>FortiClient SSL-VPN Setup Instructions</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<section>
|
|
<p>
|
|
<div>How to set up the SSL-VPN connection on <b>%%FTCL_VPN_NAME%%</b></div>
|
|
</p>
|
|
<ol>
|
|
<li>
|
|
<b>Download and install FortiClient VPN</b>
|
|
<div>FortiClient securely connects your computer or mobile device to your network</div>
|
|
<a href=\"https://www.fortinet.com/support/product-downloads#vpn7\">
|
|
<button>
|
|
Download
|
|
</button>
|
|
</a>
|
|
</li>
|
|
<li>
|
|
<b>Configure the connection</b>
|
|
<div>FortiClient VPN can configure your connection automatically.</div>
|
|
<div>Click on <a href=\"%%FTCL_VPN_CONFIG_URL%%\">this link</a> (%%FTCL_VPN_CONFIG_URL%%), or scan the QR code below from the FortiClient VPN app.</div>
|
|
<div>
|
|
<img src=\"%%QR_CODE_DATA_URI%%\">
|
|
</div>
|
|
</li>
|
|
</ol>
|
|
<p>
|
|
Contact your network administrator if you require assistance.
|
|
</p>
|
|
</section>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg sslvpn "sslvpn-provision-user-sms"
|
|
set buffer "To set up the FortiClient VPN connection \"%%FTCL_VPN_NAME%%\", install the FortiClient application and click the following link: %%FTCL_VPN_CONFIG_URL%%."
|
|
set header none
|
|
set format text
|
|
end
|
|
config system replacemsg nac-quar "nac-quar-virus"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Virus Quarantine</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Blocked because of virus</h1>
|
|
<p>Your computer has been blocked because of a virus detected in your system. For more information, contact the system administrator.</p>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg nac-quar "nac-quar-dos"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Attack Detected</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Blocked because of DoS Attack</h1>
|
|
<p>Your computer has been blocked because a DoS attack originating from your system was detected. For more information, contact the system administrator.</p>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg nac-quar "nac-quar-ips"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Attack Detected</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Blocked because of an intrusion attack</h1>
|
|
<p>Your computer has been blocked because an intrusion attack originating from your system was detected. For more information, contact the system administrator.</p>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg nac-quar "nac-quar-dlp"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Data Loss Detected</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Blocked because of data loss</h1>
|
|
<p>Your computer has been blocked because of a data loss originating from your system. For more information, contact the system administrator.</p>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg nac-quar "nac-quar-admin"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Administrative Quarantine</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Blocked because of admin action</h1>
|
|
<p>Your system administrator has blocked your computer or device. For more information, contact the system administrator.</p>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg nac-quar "nac-quar-app"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Application Control</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Blocked because of application</h1>
|
|
<p>Your computer has been blocked because of an application detected in your system. For more information, contact the system administrator.</p>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg traffic-quota "per-ip-shaper-block"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Traffic Quota Control</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Traffic blocked because of exceeded session quota</h1>
|
|
<p>Traffic has been blocked because the per IP shaper session quota has been exceeded. Please contact the system administrator.</p>
|
|
<p>Quota: %%QUOTA_INFO%%</p>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg utm "virus-html"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>High Security Alert</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>High Security Alert</h1>
|
|
<p>You are not permitted to download the file \"%%FILE%%\" because it is infected with the virus \"%%VIRUS%%\".</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>URL</td>
|
|
<td>%%PROTOCOL%%://%%URL%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Quarantined File Name</td>
|
|
<td>%%QUARFILENAME%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Reference URL</td>
|
|
<td>%%VIRUS_REF_URL%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg utm "client-virus-html"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>High Security Alert</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>High Security Alert</h1>
|
|
<p>You are not permitted to transfer the file \"%%FILE%%\" because it is infected with the virus \"%%VIRUS%%\".</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>URL</td>
|
|
<td>%%PROTOCOL%%://%%URL%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Quarantined File Name</td>
|
|
<td>%%QUARFILENAME%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Reference URL</td>
|
|
<td>%%VIRUS_REF_URL%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg utm "virus-text"
|
|
set buffer "Dangerous attachment removed. The file \"%%FILE%%\" was infected with the \"%%VIRUS%%\" virus. It has been removed and quarantined as: \"%%QUARFILENAME%%\".\"%%VIRUS_REF_URL%%\"."
|
|
set header 8bit
|
|
set format text
|
|
end
|
|
config system replacemsg utm "dlp-html"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Attention</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Attention</h1>
|
|
<p>The transfer attempt has been blocked because it appears to match a data loss prevention profile.</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>URL</td>
|
|
<td>%%PROTOCOL%%://%%URL%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg utm "dlp-text"
|
|
set buffer "The transfer attempt has been blocked because it appears to match a data loss prevention profile."
|
|
set header 8bit
|
|
set format text
|
|
end
|
|
config system replacemsg utm "appblk-html"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Application Control Violation</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>FortiGate Application Control</h1>
|
|
<h3>Application Blocked</h3>
|
|
<p>You have attempted to use an application that violates your Internet usage policy.</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>Application</td>
|
|
<td>%%APPNAME%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Category</td>
|
|
<td>%%APPCAT%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>URL</td>
|
|
<td>%%PROTOCOL%%://%%URL%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Policy</td>
|
|
<td>%%POLICY_UUID%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg utm "ipsblk-html"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Intrusion Prevention Violation</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>FortiGate Intrusion Prevention</h1>
|
|
<h3>Intrusion Prevention Triggered</h3>
|
|
<p>Your attempt to access the Internet resource is blocked by Intrusion Prevention.</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>URL</td>
|
|
<td>%%PROTOCOL%%://%%URL%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Policy</td>
|
|
<td>%%POLICY_UUID%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg utm "virpatchblk-html"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Virtual Patch Violation</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>FortiGate Virtual Patch</h1>
|
|
<h3>Virtual Patch Triggered</h3>
|
|
<p>Your attempt to access the Internet resource is blocked by Virtual Patch.</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>URL</td>
|
|
<td>%%PROTOCOL%%://%%URL%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Policy</td>
|
|
<td>%%POLICY_UUID%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg utm "ipsfail-html"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Intrusion Prevention Scanning Failure</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>FortiGate Intrusion Prevention</h1>
|
|
<h3>Intrusion Prevention Scanning Failure</h3>
|
|
<p>Your attempt to access the Internet resource is blocked because of an Intrusion Prevention scanning failure.</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>URL</td>
|
|
<td>%%PROTOCOL%%://%%URL%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Policy</td>
|
|
<td>%%POLICY_UUID%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg utm "exe-text"
|
|
set buffer "Dangerous attachment removed. The file \"%%FILE%%\" has been removed because it is a Windows executable.
|
|
Quarantined File Name: \"%%QUARFILENAME%%\"."
|
|
set header 8bit
|
|
set format text
|
|
end
|
|
config system replacemsg utm "waf-html"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Web Application Firewall</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Web Application Firewall</h1>
|
|
<p>This transfer is blocked by a Web Application Firewall.</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td colspan=\"2\">This transfer is blocked.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>URL</td>
|
|
<td>%%PROTOCOL%%://%%URL%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Event ID</td>
|
|
<td>%%WAF_SIG_ID%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Event Type</td>
|
|
<td>%%WAF_DESC%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg utm "outbreak-prevention-html"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>High Security Alert</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>High Security Alert</h1>
|
|
<p>You are not permitted to transfer the file \"%%FILE%%\" because its signature \"%%VIRUS%%\" has been identified by the Virus Outbreak Prevention service.</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>URL</td>
|
|
<td>%%PROTOCOL%%://%%URL%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Quarantined File Name</td>
|
|
<td>%%QUARFILENAME%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg utm "outbreak-prevention-text"
|
|
set buffer "Dangerous attachment removed. The file \"%%FILE%%\" has been removed because its signature \"%%VIRUS%%\" has been identified by the Virus Outbreak Prevention service. Quarantined File Name: \"%%QUARFILENAME%%\"."
|
|
set header 8bit
|
|
set format text
|
|
end
|
|
config system replacemsg utm "external-blocklist-html"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>High Security Alert</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>High Security Alert</h1>
|
|
<p>You are not permitted to transfer the file \"%%FILE%%\" because its signature \"%%VIRUS%%\" has been identified by an external blocklist.</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>URL</td>
|
|
<td>%%PROTOCOL%%://%%URL%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Quarantined File Name</td>
|
|
<td>%%QUARFILENAME%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg utm "external-blocklist-text"
|
|
set buffer "Dangerous attachment removed. The file \"%%FILE%%\" has been removed because its signature \"%%VIRUS%%\" has been identified by an external blocklist. Quarantined File Name: \"%%QUARFILENAME%%\"."
|
|
set header 8bit
|
|
set format text
|
|
end
|
|
config system replacemsg utm "ems-threat-feed-html"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>High Security Alert</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>High Security Alert</h1>
|
|
<p>You are not permitted to transfer the file \"%%FILE%%\" because its signature \"%%VIRUS%%\" has been identified by the EMS Threat Feed.</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>URL</td>
|
|
<td>%%PROTOCOL%%://%%URL%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Quarantined File Name</td>
|
|
<td>%%QUARFILENAME%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg utm "ems-threat-feed-text"
|
|
set buffer "Dangerous attachment removed. The file \"%%FILE%%\" has been removed because its signature \"%%VIRUS%%\" has been identified by the EMS Threat Feed. Quarantined File Name: \"%%QUARFILENAME%%\"."
|
|
set header 8bit
|
|
set format text
|
|
end
|
|
config system replacemsg utm "file-filter-html"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Attention</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Attention</h1>
|
|
<p>The file \"%%FILE%%\" has been blocked due to its file type and/or properties.</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>URL</td>
|
|
<td>%%PROTOCOL%%://%%URL%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg utm "file-filter-text"
|
|
set buffer "The file \"%%FILE%%\" has been blocked due to its file type and/or properties."
|
|
set header 8bit
|
|
set format text
|
|
end
|
|
config system replacemsg utm "file-size-text"
|
|
set buffer "The file \"%%FILE%%\" has been blocked because it exceeded the configured file size limit."
|
|
set header 8bit
|
|
set format text
|
|
end
|
|
config system replacemsg utm "transfer-size-text"
|
|
set buffer "The transfer has been blocked because it exceeded the configured size limit."
|
|
set header 8bit
|
|
set format text
|
|
end
|
|
config system replacemsg utm "internal-error-text"
|
|
set buffer "The file \"%%FILE%%\" has been blocked because of an internal error."
|
|
set header 8bit
|
|
set format text
|
|
end
|
|
config system replacemsg utm "archive-block-html"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Attention</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Attention</h1>
|
|
<p>The transfer contained an archive that has been blocked.</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>URL</td>
|
|
<td>%%PROTOCOL%%://%%URL%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg utm "archive-block-text"
|
|
set buffer "Transfer failed. Archive \"%%FILE%%\" has been blocked."
|
|
set header 8bit
|
|
set format text
|
|
end
|
|
config system replacemsg utm "file-av-fail-text"
|
|
set buffer "Transfer of file \"%%FILE%%\" failed due to an internal error."
|
|
set header 8bit
|
|
set format text
|
|
end
|
|
config system replacemsg utm "transfer-av-fail-text"
|
|
set buffer "Transfer failed due to an internal error."
|
|
set header 8bit
|
|
set format text
|
|
end
|
|
config system replacemsg utm "banned-word-html"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Attention</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Attention</h1>
|
|
<p>The page has been blocked because it contains a banned word.</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>URL</td>
|
|
<td>%%PROTOCOL%%://%%URL%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
<p>%%OVERRIDE%%</p>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg utm "banned-word-text"
|
|
set buffer "This message has been blocked because it contains a banned word."
|
|
set header 8bit
|
|
set format text
|
|
end
|
|
config system replacemsg utm "block-html"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Attention</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Attention</h1>
|
|
<p>File blocked</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>URL</td>
|
|
<td>%%PROTOCOL%%://%%URL%%</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Quarantined File Name</td>
|
|
<td>%%QUARFILENAME%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg utm "block-text"
|
|
set buffer "Potentially dangerous file removed. The file \"%%FILE%%\" has been blocked. File quarantined as: \"%%QUARFILENAME%%\"."
|
|
set header 8bit
|
|
set format text
|
|
end
|
|
config system replacemsg utm "decompress-limit-text"
|
|
set buffer "The file \"%%FILE%%\" has been blocked because its decompressed size is over the configured limit."
|
|
set header 8bit
|
|
set format text
|
|
end
|
|
config system replacemsg utm "dlp-subject-text"
|
|
set buffer "Data loss detected! Subject: %%SUBJECT%%"
|
|
set header 8bit
|
|
set format text
|
|
end
|
|
config system replacemsg utm "file-size-html"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Attention</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Attention</h1>
|
|
<p>The file \"%%FILE%%\" has been blocked. The file is larger than the configured file size limit.</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>URL</td>
|
|
<td>%%PROTOCOL%%://%%URL%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg utm "client-file-size-html"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Attention</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Attention</h1>
|
|
<p>The transfer has been blocked because it is larger than the configured size limit.</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>URL</td>
|
|
<td>%%PROTOCOL%%://%%URL%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg utm "inline-scan-timeout-html"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Scan Incomplete</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Scan Incomplete</h1>
|
|
<p>The file \"%%FILE%%\" is still being scanned and will be released once complete. Please try the transfer again in a few minutes.</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>URL</td>
|
|
<td>%%PROTOCOL%%://%%URL%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg utm "inline-scan-timeout-text"
|
|
set buffer "The file \"%%FILE%%\" is still being scanned and will be released once complete. Please try the transfer again in a few minutes."
|
|
set header 8bit
|
|
set format text
|
|
end
|
|
config system replacemsg utm "inline-scan-error-html"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Scan Unavailable</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Scan Unavailable</h1>
|
|
<p>The file \"%%FILE%%\" has been blocked due to an inline-scan error.</p>
|
|
<table><tbody>
|
|
<tr>
|
|
<td>URL</td>
|
|
<td>%%PROTOCOL%%://%%URL%%</td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg utm "inline-scan-error-text"
|
|
set buffer "The file \"%%FILE%%\" has been blocked due to an inline-scan error."
|
|
set header 8bit
|
|
set format text
|
|
end
|
|
config system replacemsg utm "icap-block-text"
|
|
set buffer "The file \"%%FILE%%\" has been blocked by ICAP service."
|
|
set header 8bit
|
|
set format text
|
|
end
|
|
config system replacemsg utm "icap-error-text"
|
|
set buffer "The file \"%%FILE%%\" has been blocked due to ICAP error."
|
|
set header 8bit
|
|
set format text
|
|
end
|
|
config system replacemsg utm "icap-http-error"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>ICAP Error</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>ICAP Error</h1>
|
|
<p>An ICAP error was encountered while handling the request.</p>
|
|
<p>%%ICAP_ERR_DESC%%</p>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg icap "icap-req-resp"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<style type=\"text/css\">
|
|
body {
|
|
height: 100%;
|
|
font-family: Helvetica, Arial, sans-serif;
|
|
color: #6a6a6a;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
|
|
color: #262626;
|
|
vertical-align: baseline;
|
|
margin: .2em;
|
|
border-style: solid;
|
|
border-width: 1px;
|
|
border-color: #a9a9a9;
|
|
background-color: #fff;
|
|
box-sizing: border-box;
|
|
padding: 2px .5em;
|
|
appearance: none;
|
|
border-radius: 0;
|
|
}
|
|
input:focus {
|
|
border-color: #646464;
|
|
box-shadow: 0 0 1px 0 #a2a2a2;
|
|
outline: 0;
|
|
}
|
|
button {
|
|
padding: .5em 1em;
|
|
border: 1px solid;
|
|
border-radius: 3px;
|
|
min-width: 6em;
|
|
font-weight: 400;
|
|
font-size: .8em;
|
|
cursor: pointer;
|
|
}
|
|
button.primary {
|
|
color: #fff;
|
|
background-color: rgb(47, 113, 178);
|
|
border-color: rgb(34, 103, 173);
|
|
}
|
|
.message-container {
|
|
height: 500px;
|
|
width: 500px;
|
|
padding: 0;
|
|
margin: 10px;
|
|
}
|
|
.logo {
|
|
background: url(%%IMAGE:logo_v3_fguard_app%%) no-repeat left center;
|
|
height: 267px;
|
|
object-fit: contain;
|
|
}
|
|
table {
|
|
background-color: #fff;
|
|
border-spacing: 0;
|
|
margin: 1em;
|
|
}
|
|
table > tbody > tr > td:first-of-type:not([colspan]) {
|
|
white-space: nowrap;
|
|
color: rgba(0,0,0,.5);
|
|
}
|
|
table > tbody > tr > td:first-of-type {
|
|
vertical-align: top;
|
|
}
|
|
table > tbody > tr > td {
|
|
padding: .3em .3em;
|
|
}
|
|
.field {
|
|
display: table-row;
|
|
}
|
|
.field > :first-child {
|
|
display: table-cell;
|
|
width: 20%;
|
|
}
|
|
.field.single > :first-child {
|
|
display: inline;
|
|
}
|
|
.field > :not(:first-child) {
|
|
width: auto;
|
|
max-width: 100%;
|
|
display: inline-flex;
|
|
align-items: baseline;
|
|
vertical-align: top;
|
|
box-sizing: border-box;
|
|
margin: .3em;
|
|
}
|
|
.field > :not(:first-child) > input {
|
|
width: 230px;
|
|
}
|
|
.form-footer {
|
|
display: inline-flex;
|
|
justify-content: flex-start;
|
|
}
|
|
.form-footer > * {
|
|
margin: 1em;
|
|
}
|
|
.text-scrollable {
|
|
overflow: auto;
|
|
height: 150px;
|
|
border: 1px solid rgb(200, 200, 200);
|
|
padding: 5px;
|
|
font-size: 1em;
|
|
}
|
|
.text-centered {
|
|
text-align: center;
|
|
}
|
|
.text-container {
|
|
margin: 1em 1.5em;
|
|
}
|
|
.flex-container {
|
|
display: flex;
|
|
}
|
|
.flex-container.column {
|
|
flex-direction: column;
|
|
}
|
|
</style>
|
|
<title>Attention</title>
|
|
</head>
|
|
<body><div class=\"message-container\">
|
|
<div class=\"logo\"></div>
|
|
<h1>Attention</h1>
|
|
<p>HTTP POST action is not allowed for policy reasons.</p>
|
|
</div></body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg automation "automation-email"
|
|
set buffer "<!DOCTYPE html>
|
|
<html lang=\"en\">
|
|
<head>
|
|
<meta charset=\"UTF-8\">
|
|
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">
|
|
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">
|
|
<link href=\"https://fonts.googleapis.com/css?family=Roboto&display=swap\" rel=\"stylesheet\">
|
|
<style>
|
|
body {
|
|
height: 100%;
|
|
font-family: Roboto, Helvetica, Arial, sans-serif;
|
|
margin: 0;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
}
|
|
.message-container{
|
|
margin: 0 auto;
|
|
max-width: 580px;
|
|
}
|
|
.email-body {
|
|
line-height: 1.5em;
|
|
}
|
|
</style>
|
|
</head>
|
|
<body>
|
|
<div class=\"message-container\">
|
|
<img src=\"https://filestore.fortinet.com/fortiguard/logo_v3_fguard_app.png\" alt=\"Fortinet Logo\"/>
|
|
<h1>Security Fabric Automation</h1>
|
|
<h3>%%AUTOMATION_FGT_SERIAL%%: %%AUTOMATION_STITCH_NAME%%</h3>
|
|
<div class=\"email-body\">
|
|
%%AUTOMATION_EMAIL_BODY%%
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html>
|
|
"
|
|
set header http
|
|
set format html
|
|
end
|
|
config system replacemsg-group
|
|
end
|
|
config system snmp sysinfo
|
|
set status disable
|
|
set engine-id-type text
|
|
set engine-id ''
|
|
set description ''
|
|
set contact-info ''
|
|
set location ''
|
|
set trap-high-cpu-threshold 80
|
|
set trap-low-memory-threshold 80
|
|
set trap-log-full-threshold 90
|
|
set trap-free-memory-threshold 5
|
|
set trap-freeable-memory-threshold 60
|
|
set append-index enable
|
|
end
|
|
config system snmp mib-view
|
|
end
|
|
config system snmp community
|
|
end
|
|
config system snmp user
|
|
end
|
|
config system autoupdate schedule
|
|
set status enable
|
|
set frequency automatic
|
|
end
|
|
config system autoupdate tunneling
|
|
set status disable
|
|
set address ''
|
|
set port 0
|
|
set username ''
|
|
set password ENC 13w4EZYbE4EW4T9y1TNIltWeseIZzWWOmWkRLgd4MRkZSxm5GLHhlfc+Nyz3jxnpyz5LcNaeKJ0yR2m6qy5lFsTRAVZeeUKRmnTx2dV58wrt1NVECQFAQYJvagPVom4Kxv6IynNsRjsFaRem+GbtBuHgYVq2jGmJvP+vN12w9ktYpRyMR06Kduinuxjrf8fXNM3bFVlmMjY3dkVA
|
|
end
|
|
config system alias
|
|
end
|
|
config system auto-script
|
|
end
|
|
config system central-management
|
|
set mode normal
|
|
set type fortiguard
|
|
set schedule-config-restore enable
|
|
set schedule-script-restore enable
|
|
set allow-push-configuration enable
|
|
set allow-push-firmware enable
|
|
set allow-remote-firmware-upgrade enable
|
|
set allow-monitor enable
|
|
set local-cert ''
|
|
set vdom "root"
|
|
set fmg-update-port 8890
|
|
set enc-algorithm high
|
|
end
|
|
config system sdn-proxy
|
|
end
|
|
config system sdn-connector
|
|
end
|
|
config firewall wildcard-fqdn custom
|
|
edit "g-cdn-apple"
|
|
set uuid 4fcf159e-7cda-51ed-d7ef-7d1c0f82091c
|
|
set wildcard-fqdn "*.cdn-apple.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-mzstatic-apple"
|
|
set uuid 4fcf1652-7cda-51ed-df9f-4d198b596ae5
|
|
set wildcard-fqdn "*.mzstatic.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-adobe"
|
|
set uuid b5c2c30e-7e12-51ec-1da6-1db9bca6406e
|
|
set wildcard-fqdn "*.adobe.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-Adobe Login"
|
|
set uuid b5c2c426-7e12-51ec-c8c7-42a0753234df
|
|
set wildcard-fqdn "*.adobelogin.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-android"
|
|
set uuid b5c2c520-7e12-51ec-66f1-404afb0dad1a
|
|
set wildcard-fqdn "*.android.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-apple"
|
|
set uuid b5c2c61a-7e12-51ec-b2cc-2b03b1ad8ac0
|
|
set wildcard-fqdn "*.apple.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-appstore"
|
|
set uuid b5c2c714-7e12-51ec-072f-a8d60b6da6c9
|
|
set wildcard-fqdn "*.appstore.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-auth.gfx.ms"
|
|
set uuid b5c2c80e-7e12-51ec-3653-8016dcbc28a4
|
|
set wildcard-fqdn "*.auth.gfx.ms"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-citrix"
|
|
set uuid b5c2c908-7e12-51ec-01b1-b38ce4989cbb
|
|
set wildcard-fqdn "*.citrixonline.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-dropbox.com"
|
|
set uuid b5c2ca02-7e12-51ec-43dc-489077effa44
|
|
set wildcard-fqdn "*.dropbox.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-eease"
|
|
set uuid b5c2cafc-7e12-51ec-0777-7e7243cc25fe
|
|
set wildcard-fqdn "*.eease.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-firefox update server"
|
|
set uuid b5c2cbf6-7e12-51ec-d213-27b68033a384
|
|
set wildcard-fqdn "aus*.mozilla.org"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-fortinet"
|
|
set uuid b5c2ccf0-7e12-51ec-0b36-46ab64c1ba89
|
|
set wildcard-fqdn "*.fortinet.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-googleapis.com"
|
|
set uuid b5c2cdea-7e12-51ec-c49f-497c9a8f0cc4
|
|
set wildcard-fqdn "*.googleapis.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-google-drive"
|
|
set uuid b5c2cee4-7e12-51ec-9ea0-220ca0ebde0f
|
|
set wildcard-fqdn "*drive.google.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-google-play2"
|
|
set uuid b5c2cfde-7e12-51ec-3f42-4089eb70f096
|
|
set wildcard-fqdn "*.ggpht.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-google-play3"
|
|
set uuid b5c2d0d8-7e12-51ec-b5df-6cd900ac767d
|
|
set wildcard-fqdn "*.books.google.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-Gotomeeting"
|
|
set uuid b5c2d1dc-7e12-51ec-0033-c7d538e5fdef
|
|
set wildcard-fqdn "*.gotomeeting.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-icloud"
|
|
set uuid b5c2d344-7e12-51ec-c8c1-97b23449d39e
|
|
set wildcard-fqdn "*.icloud.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-itunes"
|
|
set uuid b5c2d452-7e12-51ec-d0f4-1605cffaa5b0
|
|
set wildcard-fqdn "*itunes.apple.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-microsoft"
|
|
set uuid b5c2d54c-7e12-51ec-66f6-895f67d8072d
|
|
set wildcard-fqdn "*.microsoft.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-skype"
|
|
set uuid b5c2d646-7e12-51ec-2218-dc4a982afb68
|
|
set wildcard-fqdn "*.messenger.live.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-softwareupdate.vmware.com"
|
|
set uuid b5c2d740-7e12-51ec-15f8-f8ef25f4ea30
|
|
set wildcard-fqdn "*.softwareupdate.vmware.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-verisign"
|
|
set uuid b5c2d83a-7e12-51ec-e82e-ffa878b96855
|
|
set wildcard-fqdn "*.verisign.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-Windows update 2"
|
|
set uuid b5c2d93e-7e12-51ec-1050-7b6ae64065ac
|
|
set wildcard-fqdn "*.windowsupdate.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-live.com"
|
|
set uuid b5c2da42-7e12-51ec-980b-fefb8446bc74
|
|
set wildcard-fqdn "*.live.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-google-play"
|
|
set uuid b5c2db46-7e12-51ec-efc3-be1c278ba621
|
|
set wildcard-fqdn "*play.google.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-update.microsoft.com"
|
|
set uuid b5c2dc40-7e12-51ec-7df9-3371c69c0ffb
|
|
set wildcard-fqdn "*update.microsoft.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-swscan.apple.com"
|
|
set uuid b5c2dd44-7e12-51ec-5fa2-8d51ab678ea9
|
|
set wildcard-fqdn "*swscan.apple.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-autoupdate.opera.com"
|
|
set uuid b5c2de52-7e12-51ec-9c10-927947a6ab3a
|
|
set wildcard-fqdn "*autoupdate.opera.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
end
|
|
config firewall internet-service-name
|
|
edit "Google-Other"
|
|
set type default
|
|
set internet-service-id 65536
|
|
next
|
|
edit "Google-Web"
|
|
set type default
|
|
set internet-service-id 65537
|
|
next
|
|
edit "Google-ICMP"
|
|
set type default
|
|
set internet-service-id 65538
|
|
next
|
|
edit "Google-DNS"
|
|
set type default
|
|
set internet-service-id 65539
|
|
next
|
|
edit "Google-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 65540
|
|
next
|
|
edit "Google-SSH"
|
|
set type default
|
|
set internet-service-id 65542
|
|
next
|
|
edit "Google-FTP"
|
|
set type default
|
|
set internet-service-id 65543
|
|
next
|
|
edit "Google-NTP"
|
|
set type default
|
|
set internet-service-id 65544
|
|
next
|
|
edit "Google-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 65545
|
|
next
|
|
edit "Google-LDAP"
|
|
set type default
|
|
set internet-service-id 65550
|
|
next
|
|
edit "Google-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 65551
|
|
next
|
|
edit "Google-RTMP"
|
|
set type default
|
|
set internet-service-id 65552
|
|
next
|
|
edit "Google-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 65560
|
|
next
|
|
edit "Google-Google.Cloud"
|
|
set type default
|
|
set internet-service-id 65641
|
|
next
|
|
edit "Google-Google.Bot"
|
|
set type default
|
|
set internet-service-id 65643
|
|
next
|
|
edit "Google-Gmail"
|
|
set type default
|
|
set internet-service-id 65646
|
|
next
|
|
edit "Meta-Other"
|
|
set type default
|
|
set internet-service-id 131072
|
|
next
|
|
edit "Meta-Web"
|
|
set type default
|
|
set internet-service-id 131073
|
|
next
|
|
edit "Meta-ICMP"
|
|
set type default
|
|
set internet-service-id 131074
|
|
next
|
|
edit "Meta-DNS"
|
|
set type default
|
|
set internet-service-id 131075
|
|
next
|
|
edit "Meta-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 131076
|
|
next
|
|
edit "Meta-SSH"
|
|
set type default
|
|
set internet-service-id 131078
|
|
next
|
|
edit "Meta-FTP"
|
|
set type default
|
|
set internet-service-id 131079
|
|
next
|
|
edit "Meta-NTP"
|
|
set type default
|
|
set internet-service-id 131080
|
|
next
|
|
edit "Meta-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 131081
|
|
next
|
|
edit "Meta-LDAP"
|
|
set type default
|
|
set internet-service-id 131086
|
|
next
|
|
edit "Meta-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 131087
|
|
next
|
|
edit "Meta-RTMP"
|
|
set type default
|
|
set internet-service-id 131088
|
|
next
|
|
edit "Meta-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 131096
|
|
next
|
|
edit "Meta-Whatsapp"
|
|
set type default
|
|
set internet-service-id 131184
|
|
next
|
|
edit "Meta-Instagram"
|
|
set type default
|
|
set internet-service-id 131189
|
|
next
|
|
edit "Apple-Other"
|
|
set type default
|
|
set internet-service-id 196608
|
|
next
|
|
edit "Apple-Web"
|
|
set type default
|
|
set internet-service-id 196609
|
|
next
|
|
edit "Apple-ICMP"
|
|
set type default
|
|
set internet-service-id 196610
|
|
next
|
|
edit "Apple-DNS"
|
|
set type default
|
|
set internet-service-id 196611
|
|
next
|
|
edit "Apple-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 196612
|
|
next
|
|
edit "Apple-SSH"
|
|
set type default
|
|
set internet-service-id 196614
|
|
next
|
|
edit "Apple-FTP"
|
|
set type default
|
|
set internet-service-id 196615
|
|
next
|
|
edit "Apple-NTP"
|
|
set type default
|
|
set internet-service-id 196616
|
|
next
|
|
edit "Apple-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 196617
|
|
next
|
|
edit "Apple-LDAP"
|
|
set type default
|
|
set internet-service-id 196622
|
|
next
|
|
edit "Apple-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 196623
|
|
next
|
|
edit "Apple-RTMP"
|
|
set type default
|
|
set internet-service-id 196624
|
|
next
|
|
edit "Apple-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 196632
|
|
next
|
|
edit "Apple-App.Store"
|
|
set type default
|
|
set internet-service-id 196723
|
|
next
|
|
edit "Apple-APNs"
|
|
set type default
|
|
set internet-service-id 196747
|
|
next
|
|
edit "Yahoo-Other"
|
|
set type default
|
|
set internet-service-id 262144
|
|
next
|
|
edit "Yahoo-Web"
|
|
set type default
|
|
set internet-service-id 262145
|
|
next
|
|
edit "Yahoo-ICMP"
|
|
set type default
|
|
set internet-service-id 262146
|
|
next
|
|
edit "Yahoo-DNS"
|
|
set type default
|
|
set internet-service-id 262147
|
|
next
|
|
edit "Yahoo-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 262148
|
|
next
|
|
edit "Yahoo-SSH"
|
|
set type default
|
|
set internet-service-id 262150
|
|
next
|
|
edit "Yahoo-FTP"
|
|
set type default
|
|
set internet-service-id 262151
|
|
next
|
|
edit "Yahoo-NTP"
|
|
set type default
|
|
set internet-service-id 262152
|
|
next
|
|
edit "Yahoo-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 262153
|
|
next
|
|
edit "Yahoo-LDAP"
|
|
set type default
|
|
set internet-service-id 262158
|
|
next
|
|
edit "Yahoo-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 262159
|
|
next
|
|
edit "Yahoo-RTMP"
|
|
set type default
|
|
set internet-service-id 262160
|
|
next
|
|
edit "Yahoo-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 262168
|
|
next
|
|
edit "Microsoft-Other"
|
|
set type default
|
|
set internet-service-id 327680
|
|
next
|
|
edit "Microsoft-Web"
|
|
set type default
|
|
set internet-service-id 327681
|
|
next
|
|
edit "Microsoft-ICMP"
|
|
set type default
|
|
set internet-service-id 327682
|
|
next
|
|
edit "Microsoft-DNS"
|
|
set type default
|
|
set internet-service-id 327683
|
|
next
|
|
edit "Microsoft-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 327684
|
|
next
|
|
edit "Microsoft-SSH"
|
|
set type default
|
|
set internet-service-id 327686
|
|
next
|
|
edit "Microsoft-FTP"
|
|
set type default
|
|
set internet-service-id 327687
|
|
next
|
|
edit "Microsoft-NTP"
|
|
set type default
|
|
set internet-service-id 327688
|
|
next
|
|
edit "Microsoft-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 327689
|
|
next
|
|
edit "Microsoft-LDAP"
|
|
set type default
|
|
set internet-service-id 327694
|
|
next
|
|
edit "Microsoft-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 327695
|
|
next
|
|
edit "Microsoft-RTMP"
|
|
set type default
|
|
set internet-service-id 327696
|
|
next
|
|
edit "Microsoft-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 327704
|
|
next
|
|
edit "Microsoft-Skype_Teams"
|
|
set type default
|
|
set internet-service-id 327781
|
|
next
|
|
edit "Microsoft-Office365"
|
|
set type default
|
|
set internet-service-id 327782
|
|
next
|
|
edit "Microsoft-Azure"
|
|
set type default
|
|
set internet-service-id 327786
|
|
next
|
|
edit "Microsoft-Bing.Bot"
|
|
set type default
|
|
set internet-service-id 327788
|
|
next
|
|
edit "Microsoft-Outlook"
|
|
set type default
|
|
set internet-service-id 327791
|
|
next
|
|
edit "Microsoft-Microsoft.Update"
|
|
set type default
|
|
set internet-service-id 327793
|
|
next
|
|
edit "Microsoft-Dynamics"
|
|
set type default
|
|
set internet-service-id 327837
|
|
next
|
|
edit "Microsoft-WNS"
|
|
set type default
|
|
set internet-service-id 327839
|
|
next
|
|
edit "Microsoft-Office365.Published"
|
|
set type default
|
|
set internet-service-id 327880
|
|
next
|
|
edit "Microsoft-Intune"
|
|
set type default
|
|
set internet-service-id 327886
|
|
next
|
|
edit "Amazon-Other"
|
|
set type default
|
|
set internet-service-id 393216
|
|
next
|
|
edit "Amazon-Web"
|
|
set type default
|
|
set internet-service-id 393217
|
|
next
|
|
edit "Amazon-ICMP"
|
|
set type default
|
|
set internet-service-id 393218
|
|
next
|
|
edit "Amazon-DNS"
|
|
set type default
|
|
set internet-service-id 393219
|
|
next
|
|
edit "Amazon-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 393220
|
|
next
|
|
edit "Amazon-SSH"
|
|
set type default
|
|
set internet-service-id 393222
|
|
next
|
|
edit "Amazon-FTP"
|
|
set type default
|
|
set internet-service-id 393223
|
|
next
|
|
edit "Amazon-NTP"
|
|
set type default
|
|
set internet-service-id 393224
|
|
next
|
|
edit "Amazon-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 393225
|
|
next
|
|
edit "Amazon-LDAP"
|
|
set type default
|
|
set internet-service-id 393230
|
|
next
|
|
edit "Amazon-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 393231
|
|
next
|
|
edit "Amazon-RTMP"
|
|
set type default
|
|
set internet-service-id 393232
|
|
next
|
|
edit "Amazon-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 393240
|
|
next
|
|
edit "Amazon-AWS"
|
|
set type default
|
|
set internet-service-id 393320
|
|
next
|
|
edit "Amazon-AWS.WorkSpaces.Gateway"
|
|
set type default
|
|
set internet-service-id 393403
|
|
next
|
|
edit "Amazon-Twitch"
|
|
set type default
|
|
set internet-service-id 393446
|
|
next
|
|
edit "eBay-Other"
|
|
set type default
|
|
set internet-service-id 458752
|
|
next
|
|
edit "eBay-Web"
|
|
set type default
|
|
set internet-service-id 458753
|
|
next
|
|
edit "eBay-ICMP"
|
|
set type default
|
|
set internet-service-id 458754
|
|
next
|
|
edit "eBay-DNS"
|
|
set type default
|
|
set internet-service-id 458755
|
|
next
|
|
edit "eBay-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 458756
|
|
next
|
|
edit "eBay-SSH"
|
|
set type default
|
|
set internet-service-id 458758
|
|
next
|
|
edit "eBay-FTP"
|
|
set type default
|
|
set internet-service-id 458759
|
|
next
|
|
edit "eBay-NTP"
|
|
set type default
|
|
set internet-service-id 458760
|
|
next
|
|
edit "eBay-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 458761
|
|
next
|
|
edit "eBay-LDAP"
|
|
set type default
|
|
set internet-service-id 458766
|
|
next
|
|
edit "eBay-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 458767
|
|
next
|
|
edit "eBay-RTMP"
|
|
set type default
|
|
set internet-service-id 458768
|
|
next
|
|
edit "eBay-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 458776
|
|
next
|
|
edit "PayPal-Other"
|
|
set type default
|
|
set internet-service-id 524288
|
|
next
|
|
edit "PayPal-Web"
|
|
set type default
|
|
set internet-service-id 524289
|
|
next
|
|
edit "PayPal-ICMP"
|
|
set type default
|
|
set internet-service-id 524290
|
|
next
|
|
edit "PayPal-DNS"
|
|
set type default
|
|
set internet-service-id 524291
|
|
next
|
|
edit "PayPal-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 524292
|
|
next
|
|
edit "PayPal-SSH"
|
|
set type default
|
|
set internet-service-id 524294
|
|
next
|
|
edit "PayPal-FTP"
|
|
set type default
|
|
set internet-service-id 524295
|
|
next
|
|
edit "PayPal-NTP"
|
|
set type default
|
|
set internet-service-id 524296
|
|
next
|
|
edit "PayPal-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 524297
|
|
next
|
|
edit "PayPal-LDAP"
|
|
set type default
|
|
set internet-service-id 524302
|
|
next
|
|
edit "PayPal-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 524303
|
|
next
|
|
edit "PayPal-RTMP"
|
|
set type default
|
|
set internet-service-id 524304
|
|
next
|
|
edit "PayPal-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 524312
|
|
next
|
|
edit "Box-Other"
|
|
set type default
|
|
set internet-service-id 589824
|
|
next
|
|
edit "Box-Web"
|
|
set type default
|
|
set internet-service-id 589825
|
|
next
|
|
edit "Box-ICMP"
|
|
set type default
|
|
set internet-service-id 589826
|
|
next
|
|
edit "Box-DNS"
|
|
set type default
|
|
set internet-service-id 589827
|
|
next
|
|
edit "Box-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 589828
|
|
next
|
|
edit "Box-SSH"
|
|
set type default
|
|
set internet-service-id 589830
|
|
next
|
|
edit "Box-FTP"
|
|
set type default
|
|
set internet-service-id 589831
|
|
next
|
|
edit "Box-NTP"
|
|
set type default
|
|
set internet-service-id 589832
|
|
next
|
|
edit "Box-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 589833
|
|
next
|
|
edit "Box-LDAP"
|
|
set type default
|
|
set internet-service-id 589838
|
|
next
|
|
edit "Box-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 589839
|
|
next
|
|
edit "Box-RTMP"
|
|
set type default
|
|
set internet-service-id 589840
|
|
next
|
|
edit "Box-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 589848
|
|
next
|
|
edit "Salesforce-Other"
|
|
set type default
|
|
set internet-service-id 655360
|
|
next
|
|
edit "Salesforce-Web"
|
|
set type default
|
|
set internet-service-id 655361
|
|
next
|
|
edit "Salesforce-ICMP"
|
|
set type default
|
|
set internet-service-id 655362
|
|
next
|
|
edit "Salesforce-DNS"
|
|
set type default
|
|
set internet-service-id 655363
|
|
next
|
|
edit "Salesforce-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 655364
|
|
next
|
|
edit "Salesforce-SSH"
|
|
set type default
|
|
set internet-service-id 655366
|
|
next
|
|
edit "Salesforce-FTP"
|
|
set type default
|
|
set internet-service-id 655367
|
|
next
|
|
edit "Salesforce-NTP"
|
|
set type default
|
|
set internet-service-id 655368
|
|
next
|
|
edit "Salesforce-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 655369
|
|
next
|
|
edit "Salesforce-LDAP"
|
|
set type default
|
|
set internet-service-id 655374
|
|
next
|
|
edit "Salesforce-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 655375
|
|
next
|
|
edit "Salesforce-RTMP"
|
|
set type default
|
|
set internet-service-id 655376
|
|
next
|
|
edit "Salesforce-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 655384
|
|
next
|
|
edit "Salesforce-Email.Relay"
|
|
set type default
|
|
set internet-service-id 655530
|
|
next
|
|
edit "Dropbox-Other"
|
|
set type default
|
|
set internet-service-id 720896
|
|
next
|
|
edit "Dropbox-Web"
|
|
set type default
|
|
set internet-service-id 720897
|
|
next
|
|
edit "Dropbox-ICMP"
|
|
set type default
|
|
set internet-service-id 720898
|
|
next
|
|
edit "Dropbox-DNS"
|
|
set type default
|
|
set internet-service-id 720899
|
|
next
|
|
edit "Dropbox-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 720900
|
|
next
|
|
edit "Dropbox-SSH"
|
|
set type default
|
|
set internet-service-id 720902
|
|
next
|
|
edit "Dropbox-FTP"
|
|
set type default
|
|
set internet-service-id 720903
|
|
next
|
|
edit "Dropbox-NTP"
|
|
set type default
|
|
set internet-service-id 720904
|
|
next
|
|
edit "Dropbox-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 720905
|
|
next
|
|
edit "Dropbox-LDAP"
|
|
set type default
|
|
set internet-service-id 720910
|
|
next
|
|
edit "Dropbox-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 720911
|
|
next
|
|
edit "Dropbox-RTMP"
|
|
set type default
|
|
set internet-service-id 720912
|
|
next
|
|
edit "Dropbox-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 720920
|
|
next
|
|
edit "Netflix-Other"
|
|
set type default
|
|
set internet-service-id 786432
|
|
next
|
|
edit "Netflix-Web"
|
|
set type default
|
|
set internet-service-id 786433
|
|
next
|
|
edit "Netflix-ICMP"
|
|
set type default
|
|
set internet-service-id 786434
|
|
next
|
|
edit "Netflix-DNS"
|
|
set type default
|
|
set internet-service-id 786435
|
|
next
|
|
edit "Netflix-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 786436
|
|
next
|
|
edit "Netflix-SSH"
|
|
set type default
|
|
set internet-service-id 786438
|
|
next
|
|
edit "Netflix-FTP"
|
|
set type default
|
|
set internet-service-id 786439
|
|
next
|
|
edit "Netflix-NTP"
|
|
set type default
|
|
set internet-service-id 786440
|
|
next
|
|
edit "Netflix-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 786441
|
|
next
|
|
edit "Netflix-LDAP"
|
|
set type default
|
|
set internet-service-id 786446
|
|
next
|
|
edit "Netflix-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 786447
|
|
next
|
|
edit "Netflix-RTMP"
|
|
set type default
|
|
set internet-service-id 786448
|
|
next
|
|
edit "Netflix-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 786456
|
|
next
|
|
edit "LinkedIn-Other"
|
|
set type default
|
|
set internet-service-id 851968
|
|
next
|
|
edit "LinkedIn-Web"
|
|
set type default
|
|
set internet-service-id 851969
|
|
next
|
|
edit "LinkedIn-ICMP"
|
|
set type default
|
|
set internet-service-id 851970
|
|
next
|
|
edit "LinkedIn-DNS"
|
|
set type default
|
|
set internet-service-id 851971
|
|
next
|
|
edit "LinkedIn-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 851972
|
|
next
|
|
edit "LinkedIn-SSH"
|
|
set type default
|
|
set internet-service-id 851974
|
|
next
|
|
edit "LinkedIn-FTP"
|
|
set type default
|
|
set internet-service-id 851975
|
|
next
|
|
edit "LinkedIn-NTP"
|
|
set type default
|
|
set internet-service-id 851976
|
|
next
|
|
edit "LinkedIn-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 851977
|
|
next
|
|
edit "LinkedIn-LDAP"
|
|
set type default
|
|
set internet-service-id 851982
|
|
next
|
|
edit "LinkedIn-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 851983
|
|
next
|
|
edit "LinkedIn-RTMP"
|
|
set type default
|
|
set internet-service-id 851984
|
|
next
|
|
edit "LinkedIn-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 851992
|
|
next
|
|
edit "Adobe-Other"
|
|
set type default
|
|
set internet-service-id 917504
|
|
next
|
|
edit "Adobe-Web"
|
|
set type default
|
|
set internet-service-id 917505
|
|
next
|
|
edit "Adobe-ICMP"
|
|
set type default
|
|
set internet-service-id 917506
|
|
next
|
|
edit "Adobe-DNS"
|
|
set type default
|
|
set internet-service-id 917507
|
|
next
|
|
edit "Adobe-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 917508
|
|
next
|
|
edit "Adobe-SSH"
|
|
set type default
|
|
set internet-service-id 917510
|
|
next
|
|
edit "Adobe-FTP"
|
|
set type default
|
|
set internet-service-id 917511
|
|
next
|
|
edit "Adobe-NTP"
|
|
set type default
|
|
set internet-service-id 917512
|
|
next
|
|
edit "Adobe-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 917513
|
|
next
|
|
edit "Adobe-LDAP"
|
|
set type default
|
|
set internet-service-id 917518
|
|
next
|
|
edit "Adobe-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 917519
|
|
next
|
|
edit "Adobe-RTMP"
|
|
set type default
|
|
set internet-service-id 917520
|
|
next
|
|
edit "Adobe-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 917528
|
|
next
|
|
edit "Adobe-Adobe.Experience.Cloud"
|
|
set type default
|
|
set internet-service-id 917640
|
|
next
|
|
edit "Oracle-Other"
|
|
set type default
|
|
set internet-service-id 983040
|
|
next
|
|
edit "Oracle-Web"
|
|
set type default
|
|
set internet-service-id 983041
|
|
next
|
|
edit "Oracle-ICMP"
|
|
set type default
|
|
set internet-service-id 983042
|
|
next
|
|
edit "Oracle-DNS"
|
|
set type default
|
|
set internet-service-id 983043
|
|
next
|
|
edit "Oracle-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 983044
|
|
next
|
|
edit "Oracle-SSH"
|
|
set type default
|
|
set internet-service-id 983046
|
|
next
|
|
edit "Oracle-FTP"
|
|
set type default
|
|
set internet-service-id 983047
|
|
next
|
|
edit "Oracle-NTP"
|
|
set type default
|
|
set internet-service-id 983048
|
|
next
|
|
edit "Oracle-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 983049
|
|
next
|
|
edit "Oracle-LDAP"
|
|
set type default
|
|
set internet-service-id 983054
|
|
next
|
|
edit "Oracle-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 983055
|
|
next
|
|
edit "Oracle-RTMP"
|
|
set type default
|
|
set internet-service-id 983056
|
|
next
|
|
edit "Oracle-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 983064
|
|
next
|
|
edit "Oracle-Oracle.Cloud"
|
|
set type default
|
|
set internet-service-id 983171
|
|
next
|
|
edit "Hulu-Other"
|
|
set type default
|
|
set internet-service-id 1048576
|
|
next
|
|
edit "Hulu-Web"
|
|
set type default
|
|
set internet-service-id 1048577
|
|
next
|
|
edit "Hulu-ICMP"
|
|
set type default
|
|
set internet-service-id 1048578
|
|
next
|
|
edit "Hulu-DNS"
|
|
set type default
|
|
set internet-service-id 1048579
|
|
next
|
|
edit "Hulu-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 1048580
|
|
next
|
|
edit "Hulu-SSH"
|
|
set type default
|
|
set internet-service-id 1048582
|
|
next
|
|
edit "Hulu-FTP"
|
|
set type default
|
|
set internet-service-id 1048583
|
|
next
|
|
edit "Hulu-NTP"
|
|
set type default
|
|
set internet-service-id 1048584
|
|
next
|
|
edit "Hulu-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 1048585
|
|
next
|
|
edit "Hulu-LDAP"
|
|
set type default
|
|
set internet-service-id 1048590
|
|
next
|
|
edit "Hulu-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 1048591
|
|
next
|
|
edit "Hulu-RTMP"
|
|
set type default
|
|
set internet-service-id 1048592
|
|
next
|
|
edit "Hulu-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 1048600
|
|
next
|
|
edit "Pinterest-Other"
|
|
set type default
|
|
set internet-service-id 1114112
|
|
next
|
|
edit "Pinterest-Web"
|
|
set type default
|
|
set internet-service-id 1114113
|
|
next
|
|
edit "Pinterest-ICMP"
|
|
set type default
|
|
set internet-service-id 1114114
|
|
next
|
|
edit "Pinterest-DNS"
|
|
set type default
|
|
set internet-service-id 1114115
|
|
next
|
|
edit "Pinterest-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 1114116
|
|
next
|
|
edit "Pinterest-SSH"
|
|
set type default
|
|
set internet-service-id 1114118
|
|
next
|
|
edit "Pinterest-FTP"
|
|
set type default
|
|
set internet-service-id 1114119
|
|
next
|
|
edit "Pinterest-NTP"
|
|
set type default
|
|
set internet-service-id 1114120
|
|
next
|
|
edit "Pinterest-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 1114121
|
|
next
|
|
edit "Pinterest-LDAP"
|
|
set type default
|
|
set internet-service-id 1114126
|
|
next
|
|
edit "Pinterest-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 1114127
|
|
next
|
|
edit "Pinterest-RTMP"
|
|
set type default
|
|
set internet-service-id 1114128
|
|
next
|
|
edit "Pinterest-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 1114136
|
|
next
|
|
edit "LogMeIn-Other"
|
|
set type default
|
|
set internet-service-id 1179648
|
|
next
|
|
edit "LogMeIn-Web"
|
|
set type default
|
|
set internet-service-id 1179649
|
|
next
|
|
edit "LogMeIn-ICMP"
|
|
set type default
|
|
set internet-service-id 1179650
|
|
next
|
|
edit "LogMeIn-DNS"
|
|
set type default
|
|
set internet-service-id 1179651
|
|
next
|
|
edit "LogMeIn-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 1179652
|
|
next
|
|
edit "LogMeIn-SSH"
|
|
set type default
|
|
set internet-service-id 1179654
|
|
next
|
|
edit "LogMeIn-FTP"
|
|
set type default
|
|
set internet-service-id 1179655
|
|
next
|
|
edit "LogMeIn-NTP"
|
|
set type default
|
|
set internet-service-id 1179656
|
|
next
|
|
edit "LogMeIn-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 1179657
|
|
next
|
|
edit "LogMeIn-LDAP"
|
|
set type default
|
|
set internet-service-id 1179662
|
|
next
|
|
edit "LogMeIn-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 1179663
|
|
next
|
|
edit "LogMeIn-RTMP"
|
|
set type default
|
|
set internet-service-id 1179664
|
|
next
|
|
edit "LogMeIn-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 1179672
|
|
next
|
|
edit "LogMeIn-GoTo.Suite"
|
|
set type default
|
|
set internet-service-id 1179767
|
|
next
|
|
edit "Fortinet-Other"
|
|
set type default
|
|
set internet-service-id 1245184
|
|
next
|
|
edit "Fortinet-Web"
|
|
set type default
|
|
set internet-service-id 1245185
|
|
next
|
|
edit "Fortinet-ICMP"
|
|
set type default
|
|
set internet-service-id 1245186
|
|
next
|
|
edit "Fortinet-DNS"
|
|
set type default
|
|
set internet-service-id 1245187
|
|
next
|
|
edit "Fortinet-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 1245188
|
|
next
|
|
edit "Fortinet-SSH"
|
|
set type default
|
|
set internet-service-id 1245190
|
|
next
|
|
edit "Fortinet-FTP"
|
|
set type default
|
|
set internet-service-id 1245191
|
|
next
|
|
edit "Fortinet-NTP"
|
|
set type default
|
|
set internet-service-id 1245192
|
|
next
|
|
edit "Fortinet-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 1245193
|
|
next
|
|
edit "Fortinet-LDAP"
|
|
set type default
|
|
set internet-service-id 1245198
|
|
next
|
|
edit "Fortinet-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 1245199
|
|
next
|
|
edit "Fortinet-RTMP"
|
|
set type default
|
|
set internet-service-id 1245200
|
|
next
|
|
edit "Fortinet-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 1245208
|
|
next
|
|
edit "Fortinet-FortiGuard"
|
|
set type default
|
|
set internet-service-id 1245324
|
|
next
|
|
edit "Fortinet-FortiMail.Cloud"
|
|
set type default
|
|
set internet-service-id 1245325
|
|
next
|
|
edit "Fortinet-FortiCloud"
|
|
set type default
|
|
set internet-service-id 1245326
|
|
next
|
|
edit "Fortinet-FortiVoice.Cloud"
|
|
set type default
|
|
set internet-service-id 1245432
|
|
next
|
|
edit "Fortinet-FortiGuard.Secure.DNS"
|
|
set type default
|
|
set internet-service-id 1245454
|
|
next
|
|
edit "Kaspersky-Other"
|
|
set type default
|
|
set internet-service-id 1310720
|
|
next
|
|
edit "Kaspersky-Web"
|
|
set type default
|
|
set internet-service-id 1310721
|
|
next
|
|
edit "Kaspersky-ICMP"
|
|
set type default
|
|
set internet-service-id 1310722
|
|
next
|
|
edit "Kaspersky-DNS"
|
|
set type default
|
|
set internet-service-id 1310723
|
|
next
|
|
edit "Kaspersky-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 1310724
|
|
next
|
|
edit "Kaspersky-SSH"
|
|
set type default
|
|
set internet-service-id 1310726
|
|
next
|
|
edit "Kaspersky-FTP"
|
|
set type default
|
|
set internet-service-id 1310727
|
|
next
|
|
edit "Kaspersky-NTP"
|
|
set type default
|
|
set internet-service-id 1310728
|
|
next
|
|
edit "Kaspersky-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 1310729
|
|
next
|
|
edit "Kaspersky-LDAP"
|
|
set type default
|
|
set internet-service-id 1310734
|
|
next
|
|
edit "Kaspersky-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 1310735
|
|
next
|
|
edit "Kaspersky-RTMP"
|
|
set type default
|
|
set internet-service-id 1310736
|
|
next
|
|
edit "Kaspersky-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 1310744
|
|
next
|
|
edit "McAfee-Other"
|
|
set type default
|
|
set internet-service-id 1376256
|
|
next
|
|
edit "McAfee-Web"
|
|
set type default
|
|
set internet-service-id 1376257
|
|
next
|
|
edit "McAfee-ICMP"
|
|
set type default
|
|
set internet-service-id 1376258
|
|
next
|
|
edit "McAfee-DNS"
|
|
set type default
|
|
set internet-service-id 1376259
|
|
next
|
|
edit "McAfee-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 1376260
|
|
next
|
|
edit "McAfee-SSH"
|
|
set type default
|
|
set internet-service-id 1376262
|
|
next
|
|
edit "McAfee-FTP"
|
|
set type default
|
|
set internet-service-id 1376263
|
|
next
|
|
edit "McAfee-NTP"
|
|
set type default
|
|
set internet-service-id 1376264
|
|
next
|
|
edit "McAfee-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 1376265
|
|
next
|
|
edit "McAfee-LDAP"
|
|
set type default
|
|
set internet-service-id 1376270
|
|
next
|
|
edit "McAfee-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 1376271
|
|
next
|
|
edit "McAfee-RTMP"
|
|
set type default
|
|
set internet-service-id 1376272
|
|
next
|
|
edit "McAfee-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 1376280
|
|
next
|
|
edit "Symantec-Other"
|
|
set type default
|
|
set internet-service-id 1441792
|
|
next
|
|
edit "Symantec-Web"
|
|
set type default
|
|
set internet-service-id 1441793
|
|
next
|
|
edit "Symantec-ICMP"
|
|
set type default
|
|
set internet-service-id 1441794
|
|
next
|
|
edit "Symantec-DNS"
|
|
set type default
|
|
set internet-service-id 1441795
|
|
next
|
|
edit "Symantec-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 1441796
|
|
next
|
|
edit "Symantec-SSH"
|
|
set type default
|
|
set internet-service-id 1441798
|
|
next
|
|
edit "Symantec-FTP"
|
|
set type default
|
|
set internet-service-id 1441799
|
|
next
|
|
edit "Symantec-NTP"
|
|
set type default
|
|
set internet-service-id 1441800
|
|
next
|
|
edit "Symantec-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 1441801
|
|
next
|
|
edit "Symantec-LDAP"
|
|
set type default
|
|
set internet-service-id 1441806
|
|
next
|
|
edit "Symantec-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 1441807
|
|
next
|
|
edit "Symantec-RTMP"
|
|
set type default
|
|
set internet-service-id 1441808
|
|
next
|
|
edit "Symantec-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 1441816
|
|
next
|
|
edit "Symantec-Symantec.Cloud"
|
|
set type default
|
|
set internet-service-id 1441922
|
|
next
|
|
edit "VMware-Other"
|
|
set type default
|
|
set internet-service-id 1507328
|
|
next
|
|
edit "VMware-Web"
|
|
set type default
|
|
set internet-service-id 1507329
|
|
next
|
|
edit "VMware-ICMP"
|
|
set type default
|
|
set internet-service-id 1507330
|
|
next
|
|
edit "VMware-DNS"
|
|
set type default
|
|
set internet-service-id 1507331
|
|
next
|
|
edit "VMware-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 1507332
|
|
next
|
|
edit "VMware-SSH"
|
|
set type default
|
|
set internet-service-id 1507334
|
|
next
|
|
edit "VMware-FTP"
|
|
set type default
|
|
set internet-service-id 1507335
|
|
next
|
|
edit "VMware-NTP"
|
|
set type default
|
|
set internet-service-id 1507336
|
|
next
|
|
edit "VMware-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 1507337
|
|
next
|
|
edit "VMware-LDAP"
|
|
set type default
|
|
set internet-service-id 1507342
|
|
next
|
|
edit "VMware-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 1507343
|
|
next
|
|
edit "VMware-RTMP"
|
|
set type default
|
|
set internet-service-id 1507344
|
|
next
|
|
edit "VMware-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 1507352
|
|
next
|
|
edit "VMware-Workspace.ONE"
|
|
set type default
|
|
set internet-service-id 1507461
|
|
next
|
|
edit "AOL-Other"
|
|
set type default
|
|
set internet-service-id 1572864
|
|
next
|
|
edit "AOL-Web"
|
|
set type default
|
|
set internet-service-id 1572865
|
|
next
|
|
edit "AOL-ICMP"
|
|
set type default
|
|
set internet-service-id 1572866
|
|
next
|
|
edit "AOL-DNS"
|
|
set type default
|
|
set internet-service-id 1572867
|
|
next
|
|
edit "AOL-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 1572868
|
|
next
|
|
edit "AOL-SSH"
|
|
set type default
|
|
set internet-service-id 1572870
|
|
next
|
|
edit "AOL-FTP"
|
|
set type default
|
|
set internet-service-id 1572871
|
|
next
|
|
edit "AOL-NTP"
|
|
set type default
|
|
set internet-service-id 1572872
|
|
next
|
|
edit "AOL-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 1572873
|
|
next
|
|
edit "AOL-LDAP"
|
|
set type default
|
|
set internet-service-id 1572878
|
|
next
|
|
edit "AOL-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 1572879
|
|
next
|
|
edit "AOL-RTMP"
|
|
set type default
|
|
set internet-service-id 1572880
|
|
next
|
|
edit "AOL-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 1572888
|
|
next
|
|
edit "RealNetworks-Other"
|
|
set type default
|
|
set internet-service-id 1638400
|
|
next
|
|
edit "RealNetworks-Web"
|
|
set type default
|
|
set internet-service-id 1638401
|
|
next
|
|
edit "RealNetworks-ICMP"
|
|
set type default
|
|
set internet-service-id 1638402
|
|
next
|
|
edit "RealNetworks-DNS"
|
|
set type default
|
|
set internet-service-id 1638403
|
|
next
|
|
edit "RealNetworks-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 1638404
|
|
next
|
|
edit "RealNetworks-SSH"
|
|
set type default
|
|
set internet-service-id 1638406
|
|
next
|
|
edit "RealNetworks-FTP"
|
|
set type default
|
|
set internet-service-id 1638407
|
|
next
|
|
edit "RealNetworks-NTP"
|
|
set type default
|
|
set internet-service-id 1638408
|
|
next
|
|
edit "RealNetworks-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 1638409
|
|
next
|
|
edit "RealNetworks-LDAP"
|
|
set type default
|
|
set internet-service-id 1638414
|
|
next
|
|
edit "RealNetworks-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 1638415
|
|
next
|
|
edit "RealNetworks-RTMP"
|
|
set type default
|
|
set internet-service-id 1638416
|
|
next
|
|
edit "RealNetworks-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 1638424
|
|
next
|
|
edit "Zoho-Other"
|
|
set type default
|
|
set internet-service-id 1703936
|
|
next
|
|
edit "Zoho-Web"
|
|
set type default
|
|
set internet-service-id 1703937
|
|
next
|
|
edit "Zoho-ICMP"
|
|
set type default
|
|
set internet-service-id 1703938
|
|
next
|
|
edit "Zoho-DNS"
|
|
set type default
|
|
set internet-service-id 1703939
|
|
next
|
|
edit "Zoho-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 1703940
|
|
next
|
|
edit "Zoho-SSH"
|
|
set type default
|
|
set internet-service-id 1703942
|
|
next
|
|
edit "Zoho-FTP"
|
|
set type default
|
|
set internet-service-id 1703943
|
|
next
|
|
edit "Zoho-NTP"
|
|
set type default
|
|
set internet-service-id 1703944
|
|
next
|
|
edit "Zoho-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 1703945
|
|
next
|
|
edit "Zoho-LDAP"
|
|
set type default
|
|
set internet-service-id 1703950
|
|
next
|
|
edit "Zoho-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 1703951
|
|
next
|
|
edit "Zoho-RTMP"
|
|
set type default
|
|
set internet-service-id 1703952
|
|
next
|
|
edit "Zoho-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 1703960
|
|
next
|
|
edit "Zoho-Site24x7.Monitor"
|
|
set type default
|
|
set internet-service-id 1704153
|
|
next
|
|
edit "Mozilla-Other"
|
|
set type default
|
|
set internet-service-id 1769472
|
|
next
|
|
edit "Mozilla-Web"
|
|
set type default
|
|
set internet-service-id 1769473
|
|
next
|
|
edit "Mozilla-ICMP"
|
|
set type default
|
|
set internet-service-id 1769474
|
|
next
|
|
edit "Mozilla-DNS"
|
|
set type default
|
|
set internet-service-id 1769475
|
|
next
|
|
edit "Mozilla-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 1769476
|
|
next
|
|
edit "Mozilla-SSH"
|
|
set type default
|
|
set internet-service-id 1769478
|
|
next
|
|
edit "Mozilla-FTP"
|
|
set type default
|
|
set internet-service-id 1769479
|
|
next
|
|
edit "Mozilla-NTP"
|
|
set type default
|
|
set internet-service-id 1769480
|
|
next
|
|
edit "Mozilla-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 1769481
|
|
next
|
|
edit "Mozilla-LDAP"
|
|
set type default
|
|
set internet-service-id 1769486
|
|
next
|
|
edit "Mozilla-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 1769487
|
|
next
|
|
edit "Mozilla-RTMP"
|
|
set type default
|
|
set internet-service-id 1769488
|
|
next
|
|
edit "Mozilla-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 1769496
|
|
next
|
|
edit "TeamViewer-Other"
|
|
set type default
|
|
set internet-service-id 1835008
|
|
next
|
|
edit "TeamViewer-Web"
|
|
set type default
|
|
set internet-service-id 1835009
|
|
next
|
|
edit "TeamViewer-ICMP"
|
|
set type default
|
|
set internet-service-id 1835010
|
|
next
|
|
edit "TeamViewer-DNS"
|
|
set type default
|
|
set internet-service-id 1835011
|
|
next
|
|
edit "TeamViewer-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 1835012
|
|
next
|
|
edit "TeamViewer-SSH"
|
|
set type default
|
|
set internet-service-id 1835014
|
|
next
|
|
edit "TeamViewer-FTP"
|
|
set type default
|
|
set internet-service-id 1835015
|
|
next
|
|
edit "TeamViewer-NTP"
|
|
set type default
|
|
set internet-service-id 1835016
|
|
next
|
|
edit "TeamViewer-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 1835017
|
|
next
|
|
edit "TeamViewer-LDAP"
|
|
set type default
|
|
set internet-service-id 1835022
|
|
next
|
|
edit "TeamViewer-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 1835023
|
|
next
|
|
edit "TeamViewer-RTMP"
|
|
set type default
|
|
set internet-service-id 1835024
|
|
next
|
|
edit "TeamViewer-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 1835032
|
|
next
|
|
edit "TeamViewer-TeamViewer"
|
|
set type default
|
|
set internet-service-id 1835117
|
|
next
|
|
edit "HP-Other"
|
|
set type default
|
|
set internet-service-id 1900544
|
|
next
|
|
edit "HP-Web"
|
|
set type default
|
|
set internet-service-id 1900545
|
|
next
|
|
edit "HP-ICMP"
|
|
set type default
|
|
set internet-service-id 1900546
|
|
next
|
|
edit "HP-DNS"
|
|
set type default
|
|
set internet-service-id 1900547
|
|
next
|
|
edit "HP-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 1900548
|
|
next
|
|
edit "HP-SSH"
|
|
set type default
|
|
set internet-service-id 1900550
|
|
next
|
|
edit "HP-FTP"
|
|
set type default
|
|
set internet-service-id 1900551
|
|
next
|
|
edit "HP-NTP"
|
|
set type default
|
|
set internet-service-id 1900552
|
|
next
|
|
edit "HP-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 1900553
|
|
next
|
|
edit "HP-LDAP"
|
|
set type default
|
|
set internet-service-id 1900558
|
|
next
|
|
edit "HP-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 1900559
|
|
next
|
|
edit "HP-RTMP"
|
|
set type default
|
|
set internet-service-id 1900560
|
|
next
|
|
edit "HP-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 1900568
|
|
next
|
|
edit "HP-Aruba"
|
|
set type default
|
|
set internet-service-id 1900726
|
|
next
|
|
edit "Cisco-Other"
|
|
set type default
|
|
set internet-service-id 1966080
|
|
next
|
|
edit "Cisco-Web"
|
|
set type default
|
|
set internet-service-id 1966081
|
|
next
|
|
edit "Cisco-ICMP"
|
|
set type default
|
|
set internet-service-id 1966082
|
|
next
|
|
edit "Cisco-DNS"
|
|
set type default
|
|
set internet-service-id 1966083
|
|
next
|
|
edit "Cisco-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 1966084
|
|
next
|
|
edit "Cisco-SSH"
|
|
set type default
|
|
set internet-service-id 1966086
|
|
next
|
|
edit "Cisco-FTP"
|
|
set type default
|
|
set internet-service-id 1966087
|
|
next
|
|
edit "Cisco-NTP"
|
|
set type default
|
|
set internet-service-id 1966088
|
|
next
|
|
edit "Cisco-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 1966089
|
|
next
|
|
edit "Cisco-LDAP"
|
|
set type default
|
|
set internet-service-id 1966094
|
|
next
|
|
edit "Cisco-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 1966095
|
|
next
|
|
edit "Cisco-RTMP"
|
|
set type default
|
|
set internet-service-id 1966096
|
|
next
|
|
edit "Cisco-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 1966104
|
|
next
|
|
edit "Cisco-Webex"
|
|
set type default
|
|
set internet-service-id 1966183
|
|
next
|
|
edit "Cisco-Meraki.Cloud"
|
|
set type default
|
|
set internet-service-id 1966218
|
|
next
|
|
edit "Cisco-Duo.Security"
|
|
set type default
|
|
set internet-service-id 1966225
|
|
next
|
|
edit "Cisco-AppDynamic"
|
|
set type default
|
|
set internet-service-id 1966260
|
|
next
|
|
edit "Cisco-Secure.Endpoint"
|
|
set type default
|
|
set internet-service-id 1966324
|
|
next
|
|
edit "IBM-Other"
|
|
set type default
|
|
set internet-service-id 2031616
|
|
next
|
|
edit "IBM-Web"
|
|
set type default
|
|
set internet-service-id 2031617
|
|
next
|
|
edit "IBM-ICMP"
|
|
set type default
|
|
set internet-service-id 2031618
|
|
next
|
|
edit "IBM-DNS"
|
|
set type default
|
|
set internet-service-id 2031619
|
|
next
|
|
edit "IBM-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 2031620
|
|
next
|
|
edit "IBM-SSH"
|
|
set type default
|
|
set internet-service-id 2031622
|
|
next
|
|
edit "IBM-FTP"
|
|
set type default
|
|
set internet-service-id 2031623
|
|
next
|
|
edit "IBM-NTP"
|
|
set type default
|
|
set internet-service-id 2031624
|
|
next
|
|
edit "IBM-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 2031625
|
|
next
|
|
edit "IBM-LDAP"
|
|
set type default
|
|
set internet-service-id 2031630
|
|
next
|
|
edit "IBM-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 2031631
|
|
next
|
|
edit "IBM-RTMP"
|
|
set type default
|
|
set internet-service-id 2031632
|
|
next
|
|
edit "IBM-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 2031640
|
|
next
|
|
edit "IBM-IBM.Cloud"
|
|
set type default
|
|
set internet-service-id 2031748
|
|
next
|
|
edit "Citrix-Other"
|
|
set type default
|
|
set internet-service-id 2097152
|
|
next
|
|
edit "Citrix-Web"
|
|
set type default
|
|
set internet-service-id 2097153
|
|
next
|
|
edit "Citrix-ICMP"
|
|
set type default
|
|
set internet-service-id 2097154
|
|
next
|
|
edit "Citrix-DNS"
|
|
set type default
|
|
set internet-service-id 2097155
|
|
next
|
|
edit "Citrix-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 2097156
|
|
next
|
|
edit "Citrix-SSH"
|
|
set type default
|
|
set internet-service-id 2097158
|
|
next
|
|
edit "Citrix-FTP"
|
|
set type default
|
|
set internet-service-id 2097159
|
|
next
|
|
edit "Citrix-NTP"
|
|
set type default
|
|
set internet-service-id 2097160
|
|
next
|
|
edit "Citrix-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 2097161
|
|
next
|
|
edit "Citrix-LDAP"
|
|
set type default
|
|
set internet-service-id 2097166
|
|
next
|
|
edit "Citrix-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 2097167
|
|
next
|
|
edit "Citrix-RTMP"
|
|
set type default
|
|
set internet-service-id 2097168
|
|
next
|
|
edit "Citrix-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 2097176
|
|
next
|
|
edit "Twitter-Other"
|
|
set type default
|
|
set internet-service-id 2162688
|
|
next
|
|
edit "Twitter-Web"
|
|
set type default
|
|
set internet-service-id 2162689
|
|
next
|
|
edit "Twitter-ICMP"
|
|
set type default
|
|
set internet-service-id 2162690
|
|
next
|
|
edit "Twitter-DNS"
|
|
set type default
|
|
set internet-service-id 2162691
|
|
next
|
|
edit "Twitter-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 2162692
|
|
next
|
|
edit "Twitter-SSH"
|
|
set type default
|
|
set internet-service-id 2162694
|
|
next
|
|
edit "Twitter-FTP"
|
|
set type default
|
|
set internet-service-id 2162695
|
|
next
|
|
edit "Twitter-NTP"
|
|
set type default
|
|
set internet-service-id 2162696
|
|
next
|
|
edit "Twitter-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 2162697
|
|
next
|
|
edit "Twitter-LDAP"
|
|
set type default
|
|
set internet-service-id 2162702
|
|
next
|
|
edit "Twitter-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 2162703
|
|
next
|
|
edit "Twitter-RTMP"
|
|
set type default
|
|
set internet-service-id 2162704
|
|
next
|
|
edit "Twitter-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 2162712
|
|
next
|
|
edit "Dell-Other"
|
|
set type default
|
|
set internet-service-id 2228224
|
|
next
|
|
edit "Dell-Web"
|
|
set type default
|
|
set internet-service-id 2228225
|
|
next
|
|
edit "Dell-ICMP"
|
|
set type default
|
|
set internet-service-id 2228226
|
|
next
|
|
edit "Dell-DNS"
|
|
set type default
|
|
set internet-service-id 2228227
|
|
next
|
|
edit "Dell-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 2228228
|
|
next
|
|
edit "Dell-SSH"
|
|
set type default
|
|
set internet-service-id 2228230
|
|
next
|
|
edit "Dell-FTP"
|
|
set type default
|
|
set internet-service-id 2228231
|
|
next
|
|
edit "Dell-NTP"
|
|
set type default
|
|
set internet-service-id 2228232
|
|
next
|
|
edit "Dell-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 2228233
|
|
next
|
|
edit "Dell-LDAP"
|
|
set type default
|
|
set internet-service-id 2228238
|
|
next
|
|
edit "Dell-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 2228239
|
|
next
|
|
edit "Dell-RTMP"
|
|
set type default
|
|
set internet-service-id 2228240
|
|
next
|
|
edit "Dell-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 2228248
|
|
next
|
|
edit "Vimeo-Other"
|
|
set type default
|
|
set internet-service-id 2293760
|
|
next
|
|
edit "Vimeo-Web"
|
|
set type default
|
|
set internet-service-id 2293761
|
|
next
|
|
edit "Vimeo-ICMP"
|
|
set type default
|
|
set internet-service-id 2293762
|
|
next
|
|
edit "Vimeo-DNS"
|
|
set type default
|
|
set internet-service-id 2293763
|
|
next
|
|
edit "Vimeo-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 2293764
|
|
next
|
|
edit "Vimeo-SSH"
|
|
set type default
|
|
set internet-service-id 2293766
|
|
next
|
|
edit "Vimeo-FTP"
|
|
set type default
|
|
set internet-service-id 2293767
|
|
next
|
|
edit "Vimeo-NTP"
|
|
set type default
|
|
set internet-service-id 2293768
|
|
next
|
|
edit "Vimeo-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 2293769
|
|
next
|
|
edit "Vimeo-LDAP"
|
|
set type default
|
|
set internet-service-id 2293774
|
|
next
|
|
edit "Vimeo-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 2293775
|
|
next
|
|
edit "Vimeo-RTMP"
|
|
set type default
|
|
set internet-service-id 2293776
|
|
next
|
|
edit "Vimeo-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 2293784
|
|
next
|
|
edit "Redhat-Other"
|
|
set type default
|
|
set internet-service-id 2359296
|
|
next
|
|
edit "Redhat-Web"
|
|
set type default
|
|
set internet-service-id 2359297
|
|
next
|
|
edit "Redhat-ICMP"
|
|
set type default
|
|
set internet-service-id 2359298
|
|
next
|
|
edit "Redhat-DNS"
|
|
set type default
|
|
set internet-service-id 2359299
|
|
next
|
|
edit "Redhat-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 2359300
|
|
next
|
|
edit "Redhat-SSH"
|
|
set type default
|
|
set internet-service-id 2359302
|
|
next
|
|
edit "Redhat-FTP"
|
|
set type default
|
|
set internet-service-id 2359303
|
|
next
|
|
edit "Redhat-NTP"
|
|
set type default
|
|
set internet-service-id 2359304
|
|
next
|
|
edit "Redhat-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 2359305
|
|
next
|
|
edit "Redhat-LDAP"
|
|
set type default
|
|
set internet-service-id 2359310
|
|
next
|
|
edit "Redhat-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 2359311
|
|
next
|
|
edit "Redhat-RTMP"
|
|
set type default
|
|
set internet-service-id 2359312
|
|
next
|
|
edit "Redhat-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 2359320
|
|
next
|
|
edit "VK-Other"
|
|
set type default
|
|
set internet-service-id 2424832
|
|
next
|
|
edit "VK-Web"
|
|
set type default
|
|
set internet-service-id 2424833
|
|
next
|
|
edit "VK-ICMP"
|
|
set type default
|
|
set internet-service-id 2424834
|
|
next
|
|
edit "VK-DNS"
|
|
set type default
|
|
set internet-service-id 2424835
|
|
next
|
|
edit "VK-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 2424836
|
|
next
|
|
edit "VK-SSH"
|
|
set type default
|
|
set internet-service-id 2424838
|
|
next
|
|
edit "VK-FTP"
|
|
set type default
|
|
set internet-service-id 2424839
|
|
next
|
|
edit "VK-NTP"
|
|
set type default
|
|
set internet-service-id 2424840
|
|
next
|
|
edit "VK-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 2424841
|
|
next
|
|
edit "VK-LDAP"
|
|
set type default
|
|
set internet-service-id 2424846
|
|
next
|
|
edit "VK-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 2424847
|
|
next
|
|
edit "VK-RTMP"
|
|
set type default
|
|
set internet-service-id 2424848
|
|
next
|
|
edit "VK-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 2424856
|
|
next
|
|
edit "TrendMicro-Other"
|
|
set type default
|
|
set internet-service-id 2490368
|
|
next
|
|
edit "TrendMicro-Web"
|
|
set type default
|
|
set internet-service-id 2490369
|
|
next
|
|
edit "TrendMicro-ICMP"
|
|
set type default
|
|
set internet-service-id 2490370
|
|
next
|
|
edit "TrendMicro-DNS"
|
|
set type default
|
|
set internet-service-id 2490371
|
|
next
|
|
edit "TrendMicro-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 2490372
|
|
next
|
|
edit "TrendMicro-SSH"
|
|
set type default
|
|
set internet-service-id 2490374
|
|
next
|
|
edit "TrendMicro-FTP"
|
|
set type default
|
|
set internet-service-id 2490375
|
|
next
|
|
edit "TrendMicro-NTP"
|
|
set type default
|
|
set internet-service-id 2490376
|
|
next
|
|
edit "TrendMicro-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 2490377
|
|
next
|
|
edit "TrendMicro-LDAP"
|
|
set type default
|
|
set internet-service-id 2490382
|
|
next
|
|
edit "TrendMicro-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 2490383
|
|
next
|
|
edit "TrendMicro-RTMP"
|
|
set type default
|
|
set internet-service-id 2490384
|
|
next
|
|
edit "TrendMicro-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 2490392
|
|
next
|
|
edit "Tencent-Other"
|
|
set type default
|
|
set internet-service-id 2555904
|
|
next
|
|
edit "Tencent-Web"
|
|
set type default
|
|
set internet-service-id 2555905
|
|
next
|
|
edit "Tencent-ICMP"
|
|
set type default
|
|
set internet-service-id 2555906
|
|
next
|
|
edit "Tencent-DNS"
|
|
set type default
|
|
set internet-service-id 2555907
|
|
next
|
|
edit "Tencent-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 2555908
|
|
next
|
|
edit "Tencent-SSH"
|
|
set type default
|
|
set internet-service-id 2555910
|
|
next
|
|
edit "Tencent-FTP"
|
|
set type default
|
|
set internet-service-id 2555911
|
|
next
|
|
edit "Tencent-NTP"
|
|
set type default
|
|
set internet-service-id 2555912
|
|
next
|
|
edit "Tencent-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 2555913
|
|
next
|
|
edit "Tencent-LDAP"
|
|
set type default
|
|
set internet-service-id 2555918
|
|
next
|
|
edit "Tencent-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 2555919
|
|
next
|
|
edit "Tencent-RTMP"
|
|
set type default
|
|
set internet-service-id 2555920
|
|
next
|
|
edit "Tencent-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 2555928
|
|
next
|
|
edit "Ask-Other"
|
|
set type default
|
|
set internet-service-id 2621440
|
|
next
|
|
edit "Ask-Web"
|
|
set type default
|
|
set internet-service-id 2621441
|
|
next
|
|
edit "Ask-ICMP"
|
|
set type default
|
|
set internet-service-id 2621442
|
|
next
|
|
edit "Ask-DNS"
|
|
set type default
|
|
set internet-service-id 2621443
|
|
next
|
|
edit "Ask-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 2621444
|
|
next
|
|
edit "Ask-SSH"
|
|
set type default
|
|
set internet-service-id 2621446
|
|
next
|
|
edit "Ask-FTP"
|
|
set type default
|
|
set internet-service-id 2621447
|
|
next
|
|
edit "Ask-NTP"
|
|
set type default
|
|
set internet-service-id 2621448
|
|
next
|
|
edit "Ask-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 2621449
|
|
next
|
|
edit "Ask-LDAP"
|
|
set type default
|
|
set internet-service-id 2621454
|
|
next
|
|
edit "Ask-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 2621455
|
|
next
|
|
edit "Ask-RTMP"
|
|
set type default
|
|
set internet-service-id 2621456
|
|
next
|
|
edit "Ask-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 2621464
|
|
next
|
|
edit "CNN-Other"
|
|
set type default
|
|
set internet-service-id 2686976
|
|
next
|
|
edit "CNN-Web"
|
|
set type default
|
|
set internet-service-id 2686977
|
|
next
|
|
edit "CNN-ICMP"
|
|
set type default
|
|
set internet-service-id 2686978
|
|
next
|
|
edit "CNN-DNS"
|
|
set type default
|
|
set internet-service-id 2686979
|
|
next
|
|
edit "CNN-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 2686980
|
|
next
|
|
edit "CNN-SSH"
|
|
set type default
|
|
set internet-service-id 2686982
|
|
next
|
|
edit "CNN-FTP"
|
|
set type default
|
|
set internet-service-id 2686983
|
|
next
|
|
edit "CNN-NTP"
|
|
set type default
|
|
set internet-service-id 2686984
|
|
next
|
|
edit "CNN-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 2686985
|
|
next
|
|
edit "CNN-LDAP"
|
|
set type default
|
|
set internet-service-id 2686990
|
|
next
|
|
edit "CNN-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 2686991
|
|
next
|
|
edit "CNN-RTMP"
|
|
set type default
|
|
set internet-service-id 2686992
|
|
next
|
|
edit "CNN-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 2687000
|
|
next
|
|
edit "Myspace-Other"
|
|
set type default
|
|
set internet-service-id 2752512
|
|
next
|
|
edit "Myspace-Web"
|
|
set type default
|
|
set internet-service-id 2752513
|
|
next
|
|
edit "Myspace-ICMP"
|
|
set type default
|
|
set internet-service-id 2752514
|
|
next
|
|
edit "Myspace-DNS"
|
|
set type default
|
|
set internet-service-id 2752515
|
|
next
|
|
edit "Myspace-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 2752516
|
|
next
|
|
edit "Myspace-SSH"
|
|
set type default
|
|
set internet-service-id 2752518
|
|
next
|
|
edit "Myspace-FTP"
|
|
set type default
|
|
set internet-service-id 2752519
|
|
next
|
|
edit "Myspace-NTP"
|
|
set type default
|
|
set internet-service-id 2752520
|
|
next
|
|
edit "Myspace-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 2752521
|
|
next
|
|
edit "Myspace-LDAP"
|
|
set type default
|
|
set internet-service-id 2752526
|
|
next
|
|
edit "Myspace-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 2752527
|
|
next
|
|
edit "Myspace-RTMP"
|
|
set type default
|
|
set internet-service-id 2752528
|
|
next
|
|
edit "Myspace-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 2752536
|
|
next
|
|
edit "Tor-Relay.Node"
|
|
set type default
|
|
set internet-service-id 2818238
|
|
next
|
|
edit "Tor-Exit.Node"
|
|
set type default
|
|
set internet-service-id 2818243
|
|
next
|
|
edit "Baidu-Other"
|
|
set type default
|
|
set internet-service-id 2883584
|
|
next
|
|
edit "Baidu-Web"
|
|
set type default
|
|
set internet-service-id 2883585
|
|
next
|
|
edit "Baidu-ICMP"
|
|
set type default
|
|
set internet-service-id 2883586
|
|
next
|
|
edit "Baidu-DNS"
|
|
set type default
|
|
set internet-service-id 2883587
|
|
next
|
|
edit "Baidu-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 2883588
|
|
next
|
|
edit "Baidu-SSH"
|
|
set type default
|
|
set internet-service-id 2883590
|
|
next
|
|
edit "Baidu-FTP"
|
|
set type default
|
|
set internet-service-id 2883591
|
|
next
|
|
edit "Baidu-NTP"
|
|
set type default
|
|
set internet-service-id 2883592
|
|
next
|
|
edit "Baidu-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 2883593
|
|
next
|
|
edit "Baidu-LDAP"
|
|
set type default
|
|
set internet-service-id 2883598
|
|
next
|
|
edit "Baidu-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 2883599
|
|
next
|
|
edit "Baidu-RTMP"
|
|
set type default
|
|
set internet-service-id 2883600
|
|
next
|
|
edit "Baidu-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 2883608
|
|
next
|
|
edit "ntp.org-Other"
|
|
set type default
|
|
set internet-service-id 2949120
|
|
next
|
|
edit "ntp.org-Web"
|
|
set type default
|
|
set internet-service-id 2949121
|
|
next
|
|
edit "ntp.org-ICMP"
|
|
set type default
|
|
set internet-service-id 2949122
|
|
next
|
|
edit "ntp.org-DNS"
|
|
set type default
|
|
set internet-service-id 2949123
|
|
next
|
|
edit "ntp.org-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 2949124
|
|
next
|
|
edit "ntp.org-SSH"
|
|
set type default
|
|
set internet-service-id 2949126
|
|
next
|
|
edit "ntp.org-FTP"
|
|
set type default
|
|
set internet-service-id 2949127
|
|
next
|
|
edit "ntp.org-NTP"
|
|
set type default
|
|
set internet-service-id 2949128
|
|
next
|
|
edit "ntp.org-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 2949129
|
|
next
|
|
edit "ntp.org-LDAP"
|
|
set type default
|
|
set internet-service-id 2949134
|
|
next
|
|
edit "ntp.org-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 2949135
|
|
next
|
|
edit "ntp.org-RTMP"
|
|
set type default
|
|
set internet-service-id 2949136
|
|
next
|
|
edit "ntp.org-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 2949144
|
|
next
|
|
edit "Proxy-Proxy.Server"
|
|
set type default
|
|
set internet-service-id 3014850
|
|
next
|
|
edit "Botnet-C&C.Server"
|
|
set type default
|
|
set internet-service-id 3080383
|
|
next
|
|
edit "Spam-Spamming.Server"
|
|
set type default
|
|
set internet-service-id 3145920
|
|
next
|
|
edit "Phishing-Phishing.Server"
|
|
set type default
|
|
set internet-service-id 3211457
|
|
next
|
|
edit "Zendesk-Other"
|
|
set type default
|
|
set internet-service-id 3407872
|
|
next
|
|
edit "Zendesk-Web"
|
|
set type default
|
|
set internet-service-id 3407873
|
|
next
|
|
edit "Zendesk-ICMP"
|
|
set type default
|
|
set internet-service-id 3407874
|
|
next
|
|
edit "Zendesk-DNS"
|
|
set type default
|
|
set internet-service-id 3407875
|
|
next
|
|
edit "Zendesk-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 3407876
|
|
next
|
|
edit "Zendesk-SSH"
|
|
set type default
|
|
set internet-service-id 3407878
|
|
next
|
|
edit "Zendesk-FTP"
|
|
set type default
|
|
set internet-service-id 3407879
|
|
next
|
|
edit "Zendesk-NTP"
|
|
set type default
|
|
set internet-service-id 3407880
|
|
next
|
|
edit "Zendesk-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 3407881
|
|
next
|
|
edit "Zendesk-LDAP"
|
|
set type default
|
|
set internet-service-id 3407886
|
|
next
|
|
edit "Zendesk-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 3407887
|
|
next
|
|
edit "Zendesk-RTMP"
|
|
set type default
|
|
set internet-service-id 3407888
|
|
next
|
|
edit "Zendesk-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 3407896
|
|
next
|
|
edit "Zendesk-Zendesk.Suite"
|
|
set type default
|
|
set internet-service-id 3408047
|
|
next
|
|
edit "DocuSign-Other"
|
|
set type default
|
|
set internet-service-id 3473408
|
|
next
|
|
edit "DocuSign-Web"
|
|
set type default
|
|
set internet-service-id 3473409
|
|
next
|
|
edit "DocuSign-ICMP"
|
|
set type default
|
|
set internet-service-id 3473410
|
|
next
|
|
edit "DocuSign-DNS"
|
|
set type default
|
|
set internet-service-id 3473411
|
|
next
|
|
edit "DocuSign-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 3473412
|
|
next
|
|
edit "DocuSign-SSH"
|
|
set type default
|
|
set internet-service-id 3473414
|
|
next
|
|
edit "DocuSign-FTP"
|
|
set type default
|
|
set internet-service-id 3473415
|
|
next
|
|
edit "DocuSign-NTP"
|
|
set type default
|
|
set internet-service-id 3473416
|
|
next
|
|
edit "DocuSign-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 3473417
|
|
next
|
|
edit "DocuSign-LDAP"
|
|
set type default
|
|
set internet-service-id 3473422
|
|
next
|
|
edit "DocuSign-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 3473423
|
|
next
|
|
edit "DocuSign-RTMP"
|
|
set type default
|
|
set internet-service-id 3473424
|
|
next
|
|
edit "DocuSign-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 3473432
|
|
next
|
|
edit "ServiceNow-Other"
|
|
set type default
|
|
set internet-service-id 3538944
|
|
next
|
|
edit "ServiceNow-Web"
|
|
set type default
|
|
set internet-service-id 3538945
|
|
next
|
|
edit "ServiceNow-ICMP"
|
|
set type default
|
|
set internet-service-id 3538946
|
|
next
|
|
edit "ServiceNow-DNS"
|
|
set type default
|
|
set internet-service-id 3538947
|
|
next
|
|
edit "ServiceNow-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 3538948
|
|
next
|
|
edit "ServiceNow-SSH"
|
|
set type default
|
|
set internet-service-id 3538950
|
|
next
|
|
edit "ServiceNow-FTP"
|
|
set type default
|
|
set internet-service-id 3538951
|
|
next
|
|
edit "ServiceNow-NTP"
|
|
set type default
|
|
set internet-service-id 3538952
|
|
next
|
|
edit "ServiceNow-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 3538953
|
|
next
|
|
edit "ServiceNow-LDAP"
|
|
set type default
|
|
set internet-service-id 3538958
|
|
next
|
|
edit "ServiceNow-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 3538959
|
|
next
|
|
edit "ServiceNow-RTMP"
|
|
set type default
|
|
set internet-service-id 3538960
|
|
next
|
|
edit "ServiceNow-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 3538968
|
|
next
|
|
edit "GitHub-GitHub"
|
|
set type default
|
|
set internet-service-id 3604638
|
|
next
|
|
edit "Workday-Other"
|
|
set type default
|
|
set internet-service-id 3670016
|
|
next
|
|
edit "Workday-Web"
|
|
set type default
|
|
set internet-service-id 3670017
|
|
next
|
|
edit "Workday-ICMP"
|
|
set type default
|
|
set internet-service-id 3670018
|
|
next
|
|
edit "Workday-DNS"
|
|
set type default
|
|
set internet-service-id 3670019
|
|
next
|
|
edit "Workday-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 3670020
|
|
next
|
|
edit "Workday-SSH"
|
|
set type default
|
|
set internet-service-id 3670022
|
|
next
|
|
edit "Workday-FTP"
|
|
set type default
|
|
set internet-service-id 3670023
|
|
next
|
|
edit "Workday-NTP"
|
|
set type default
|
|
set internet-service-id 3670024
|
|
next
|
|
edit "Workday-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 3670025
|
|
next
|
|
edit "Workday-LDAP"
|
|
set type default
|
|
set internet-service-id 3670030
|
|
next
|
|
edit "Workday-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 3670031
|
|
next
|
|
edit "Workday-RTMP"
|
|
set type default
|
|
set internet-service-id 3670032
|
|
next
|
|
edit "Workday-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 3670040
|
|
next
|
|
edit "HubSpot-Other"
|
|
set type default
|
|
set internet-service-id 3735552
|
|
next
|
|
edit "HubSpot-Web"
|
|
set type default
|
|
set internet-service-id 3735553
|
|
next
|
|
edit "HubSpot-ICMP"
|
|
set type default
|
|
set internet-service-id 3735554
|
|
next
|
|
edit "HubSpot-DNS"
|
|
set type default
|
|
set internet-service-id 3735555
|
|
next
|
|
edit "HubSpot-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 3735556
|
|
next
|
|
edit "HubSpot-SSH"
|
|
set type default
|
|
set internet-service-id 3735558
|
|
next
|
|
edit "HubSpot-FTP"
|
|
set type default
|
|
set internet-service-id 3735559
|
|
next
|
|
edit "HubSpot-NTP"
|
|
set type default
|
|
set internet-service-id 3735560
|
|
next
|
|
edit "HubSpot-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 3735561
|
|
next
|
|
edit "HubSpot-LDAP"
|
|
set type default
|
|
set internet-service-id 3735566
|
|
next
|
|
edit "HubSpot-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 3735567
|
|
next
|
|
edit "HubSpot-RTMP"
|
|
set type default
|
|
set internet-service-id 3735568
|
|
next
|
|
edit "HubSpot-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 3735576
|
|
next
|
|
edit "Twilio-Other"
|
|
set type default
|
|
set internet-service-id 3801088
|
|
next
|
|
edit "Twilio-Web"
|
|
set type default
|
|
set internet-service-id 3801089
|
|
next
|
|
edit "Twilio-ICMP"
|
|
set type default
|
|
set internet-service-id 3801090
|
|
next
|
|
edit "Twilio-DNS"
|
|
set type default
|
|
set internet-service-id 3801091
|
|
next
|
|
edit "Twilio-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 3801092
|
|
next
|
|
edit "Twilio-SSH"
|
|
set type default
|
|
set internet-service-id 3801094
|
|
next
|
|
edit "Twilio-FTP"
|
|
set type default
|
|
set internet-service-id 3801095
|
|
next
|
|
edit "Twilio-NTP"
|
|
set type default
|
|
set internet-service-id 3801096
|
|
next
|
|
edit "Twilio-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 3801097
|
|
next
|
|
edit "Twilio-LDAP"
|
|
set type default
|
|
set internet-service-id 3801102
|
|
next
|
|
edit "Twilio-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 3801103
|
|
next
|
|
edit "Twilio-RTMP"
|
|
set type default
|
|
set internet-service-id 3801104
|
|
next
|
|
edit "Twilio-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 3801112
|
|
next
|
|
edit "Twilio-Elastic.SIP.Trunking"
|
|
set type default
|
|
set internet-service-id 3801277
|
|
next
|
|
edit "Coupa-Other"
|
|
set type default
|
|
set internet-service-id 3866624
|
|
next
|
|
edit "Coupa-Web"
|
|
set type default
|
|
set internet-service-id 3866625
|
|
next
|
|
edit "Coupa-ICMP"
|
|
set type default
|
|
set internet-service-id 3866626
|
|
next
|
|
edit "Coupa-DNS"
|
|
set type default
|
|
set internet-service-id 3866627
|
|
next
|
|
edit "Coupa-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 3866628
|
|
next
|
|
edit "Coupa-SSH"
|
|
set type default
|
|
set internet-service-id 3866630
|
|
next
|
|
edit "Coupa-FTP"
|
|
set type default
|
|
set internet-service-id 3866631
|
|
next
|
|
edit "Coupa-NTP"
|
|
set type default
|
|
set internet-service-id 3866632
|
|
next
|
|
edit "Coupa-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 3866633
|
|
next
|
|
edit "Coupa-LDAP"
|
|
set type default
|
|
set internet-service-id 3866638
|
|
next
|
|
edit "Coupa-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 3866639
|
|
next
|
|
edit "Coupa-RTMP"
|
|
set type default
|
|
set internet-service-id 3866640
|
|
next
|
|
edit "Coupa-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 3866648
|
|
next
|
|
edit "Atlassian-Other"
|
|
set type default
|
|
set internet-service-id 3932160
|
|
next
|
|
edit "Atlassian-Web"
|
|
set type default
|
|
set internet-service-id 3932161
|
|
next
|
|
edit "Atlassian-ICMP"
|
|
set type default
|
|
set internet-service-id 3932162
|
|
next
|
|
edit "Atlassian-DNS"
|
|
set type default
|
|
set internet-service-id 3932163
|
|
next
|
|
edit "Atlassian-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 3932164
|
|
next
|
|
edit "Atlassian-SSH"
|
|
set type default
|
|
set internet-service-id 3932166
|
|
next
|
|
edit "Atlassian-FTP"
|
|
set type default
|
|
set internet-service-id 3932167
|
|
next
|
|
edit "Atlassian-NTP"
|
|
set type default
|
|
set internet-service-id 3932168
|
|
next
|
|
edit "Atlassian-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 3932169
|
|
next
|
|
edit "Atlassian-LDAP"
|
|
set type default
|
|
set internet-service-id 3932174
|
|
next
|
|
edit "Atlassian-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 3932175
|
|
next
|
|
edit "Atlassian-RTMP"
|
|
set type default
|
|
set internet-service-id 3932176
|
|
next
|
|
edit "Atlassian-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 3932184
|
|
next
|
|
edit "Atlassian-Atlassian.Cloud"
|
|
set type default
|
|
set internet-service-id 3932388
|
|
next
|
|
edit "Xero-Other"
|
|
set type default
|
|
set internet-service-id 3997696
|
|
next
|
|
edit "Xero-Web"
|
|
set type default
|
|
set internet-service-id 3997697
|
|
next
|
|
edit "Xero-ICMP"
|
|
set type default
|
|
set internet-service-id 3997698
|
|
next
|
|
edit "Xero-DNS"
|
|
set type default
|
|
set internet-service-id 3997699
|
|
next
|
|
edit "Xero-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 3997700
|
|
next
|
|
edit "Xero-SSH"
|
|
set type default
|
|
set internet-service-id 3997702
|
|
next
|
|
edit "Xero-FTP"
|
|
set type default
|
|
set internet-service-id 3997703
|
|
next
|
|
edit "Xero-NTP"
|
|
set type default
|
|
set internet-service-id 3997704
|
|
next
|
|
edit "Xero-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 3997705
|
|
next
|
|
edit "Xero-LDAP"
|
|
set type default
|
|
set internet-service-id 3997710
|
|
next
|
|
edit "Xero-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 3997711
|
|
next
|
|
edit "Xero-RTMP"
|
|
set type default
|
|
set internet-service-id 3997712
|
|
next
|
|
edit "Xero-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 3997720
|
|
next
|
|
edit "Zuora-Other"
|
|
set type default
|
|
set internet-service-id 4063232
|
|
next
|
|
edit "Zuora-Web"
|
|
set type default
|
|
set internet-service-id 4063233
|
|
next
|
|
edit "Zuora-ICMP"
|
|
set type default
|
|
set internet-service-id 4063234
|
|
next
|
|
edit "Zuora-DNS"
|
|
set type default
|
|
set internet-service-id 4063235
|
|
next
|
|
edit "Zuora-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 4063236
|
|
next
|
|
edit "Zuora-SSH"
|
|
set type default
|
|
set internet-service-id 4063238
|
|
next
|
|
edit "Zuora-FTP"
|
|
set type default
|
|
set internet-service-id 4063239
|
|
next
|
|
edit "Zuora-NTP"
|
|
set type default
|
|
set internet-service-id 4063240
|
|
next
|
|
edit "Zuora-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 4063241
|
|
next
|
|
edit "Zuora-LDAP"
|
|
set type default
|
|
set internet-service-id 4063246
|
|
next
|
|
edit "Zuora-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 4063247
|
|
next
|
|
edit "Zuora-RTMP"
|
|
set type default
|
|
set internet-service-id 4063248
|
|
next
|
|
edit "Zuora-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 4063256
|
|
next
|
|
edit "AdRoll-Other"
|
|
set type default
|
|
set internet-service-id 4128768
|
|
next
|
|
edit "AdRoll-Web"
|
|
set type default
|
|
set internet-service-id 4128769
|
|
next
|
|
edit "AdRoll-ICMP"
|
|
set type default
|
|
set internet-service-id 4128770
|
|
next
|
|
edit "AdRoll-DNS"
|
|
set type default
|
|
set internet-service-id 4128771
|
|
next
|
|
edit "AdRoll-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 4128772
|
|
next
|
|
edit "AdRoll-SSH"
|
|
set type default
|
|
set internet-service-id 4128774
|
|
next
|
|
edit "AdRoll-FTP"
|
|
set type default
|
|
set internet-service-id 4128775
|
|
next
|
|
edit "AdRoll-NTP"
|
|
set type default
|
|
set internet-service-id 4128776
|
|
next
|
|
edit "AdRoll-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 4128777
|
|
next
|
|
edit "AdRoll-LDAP"
|
|
set type default
|
|
set internet-service-id 4128782
|
|
next
|
|
edit "AdRoll-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 4128783
|
|
next
|
|
edit "AdRoll-RTMP"
|
|
set type default
|
|
set internet-service-id 4128784
|
|
next
|
|
edit "AdRoll-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 4128792
|
|
next
|
|
edit "Xactly-Other"
|
|
set type default
|
|
set internet-service-id 4194304
|
|
next
|
|
edit "Xactly-Web"
|
|
set type default
|
|
set internet-service-id 4194305
|
|
next
|
|
edit "Xactly-ICMP"
|
|
set type default
|
|
set internet-service-id 4194306
|
|
next
|
|
edit "Xactly-DNS"
|
|
set type default
|
|
set internet-service-id 4194307
|
|
next
|
|
edit "Xactly-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 4194308
|
|
next
|
|
edit "Xactly-SSH"
|
|
set type default
|
|
set internet-service-id 4194310
|
|
next
|
|
edit "Xactly-FTP"
|
|
set type default
|
|
set internet-service-id 4194311
|
|
next
|
|
edit "Xactly-NTP"
|
|
set type default
|
|
set internet-service-id 4194312
|
|
next
|
|
edit "Xactly-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 4194313
|
|
next
|
|
edit "Xactly-LDAP"
|
|
set type default
|
|
set internet-service-id 4194318
|
|
next
|
|
edit "Xactly-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 4194319
|
|
next
|
|
edit "Xactly-RTMP"
|
|
set type default
|
|
set internet-service-id 4194320
|
|
next
|
|
edit "Xactly-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 4194328
|
|
next
|
|
edit "Intuit-Other"
|
|
set type default
|
|
set internet-service-id 4259840
|
|
next
|
|
edit "Intuit-Web"
|
|
set type default
|
|
set internet-service-id 4259841
|
|
next
|
|
edit "Intuit-ICMP"
|
|
set type default
|
|
set internet-service-id 4259842
|
|
next
|
|
edit "Intuit-DNS"
|
|
set type default
|
|
set internet-service-id 4259843
|
|
next
|
|
edit "Intuit-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 4259844
|
|
next
|
|
edit "Intuit-SSH"
|
|
set type default
|
|
set internet-service-id 4259846
|
|
next
|
|
edit "Intuit-FTP"
|
|
set type default
|
|
set internet-service-id 4259847
|
|
next
|
|
edit "Intuit-NTP"
|
|
set type default
|
|
set internet-service-id 4259848
|
|
next
|
|
edit "Intuit-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 4259849
|
|
next
|
|
edit "Intuit-LDAP"
|
|
set type default
|
|
set internet-service-id 4259854
|
|
next
|
|
edit "Intuit-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 4259855
|
|
next
|
|
edit "Intuit-RTMP"
|
|
set type default
|
|
set internet-service-id 4259856
|
|
next
|
|
edit "Intuit-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 4259864
|
|
next
|
|
edit "Marketo-Other"
|
|
set type default
|
|
set internet-service-id 4325376
|
|
next
|
|
edit "Marketo-Web"
|
|
set type default
|
|
set internet-service-id 4325377
|
|
next
|
|
edit "Marketo-ICMP"
|
|
set type default
|
|
set internet-service-id 4325378
|
|
next
|
|
edit "Marketo-DNS"
|
|
set type default
|
|
set internet-service-id 4325379
|
|
next
|
|
edit "Marketo-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 4325380
|
|
next
|
|
edit "Marketo-SSH"
|
|
set type default
|
|
set internet-service-id 4325382
|
|
next
|
|
edit "Marketo-FTP"
|
|
set type default
|
|
set internet-service-id 4325383
|
|
next
|
|
edit "Marketo-NTP"
|
|
set type default
|
|
set internet-service-id 4325384
|
|
next
|
|
edit "Marketo-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 4325385
|
|
next
|
|
edit "Marketo-LDAP"
|
|
set type default
|
|
set internet-service-id 4325390
|
|
next
|
|
edit "Marketo-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 4325391
|
|
next
|
|
edit "Marketo-RTMP"
|
|
set type default
|
|
set internet-service-id 4325392
|
|
next
|
|
edit "Marketo-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 4325400
|
|
next
|
|
edit "Bill-Other"
|
|
set type default
|
|
set internet-service-id 4456448
|
|
next
|
|
edit "Bill-Web"
|
|
set type default
|
|
set internet-service-id 4456449
|
|
next
|
|
edit "Bill-ICMP"
|
|
set type default
|
|
set internet-service-id 4456450
|
|
next
|
|
edit "Bill-DNS"
|
|
set type default
|
|
set internet-service-id 4456451
|
|
next
|
|
edit "Bill-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 4456452
|
|
next
|
|
edit "Bill-SSH"
|
|
set type default
|
|
set internet-service-id 4456454
|
|
next
|
|
edit "Bill-FTP"
|
|
set type default
|
|
set internet-service-id 4456455
|
|
next
|
|
edit "Bill-NTP"
|
|
set type default
|
|
set internet-service-id 4456456
|
|
next
|
|
edit "Bill-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 4456457
|
|
next
|
|
edit "Bill-LDAP"
|
|
set type default
|
|
set internet-service-id 4456462
|
|
next
|
|
edit "Bill-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 4456463
|
|
next
|
|
edit "Bill-RTMP"
|
|
set type default
|
|
set internet-service-id 4456464
|
|
next
|
|
edit "Bill-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 4456472
|
|
next
|
|
edit "Shopify-Other"
|
|
set type default
|
|
set internet-service-id 4521984
|
|
next
|
|
edit "Shopify-Web"
|
|
set type default
|
|
set internet-service-id 4521985
|
|
next
|
|
edit "Shopify-ICMP"
|
|
set type default
|
|
set internet-service-id 4521986
|
|
next
|
|
edit "Shopify-DNS"
|
|
set type default
|
|
set internet-service-id 4521987
|
|
next
|
|
edit "Shopify-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 4521988
|
|
next
|
|
edit "Shopify-SSH"
|
|
set type default
|
|
set internet-service-id 4521990
|
|
next
|
|
edit "Shopify-FTP"
|
|
set type default
|
|
set internet-service-id 4521991
|
|
next
|
|
edit "Shopify-NTP"
|
|
set type default
|
|
set internet-service-id 4521992
|
|
next
|
|
edit "Shopify-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 4521993
|
|
next
|
|
edit "Shopify-LDAP"
|
|
set type default
|
|
set internet-service-id 4521998
|
|
next
|
|
edit "Shopify-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 4521999
|
|
next
|
|
edit "Shopify-RTMP"
|
|
set type default
|
|
set internet-service-id 4522000
|
|
next
|
|
edit "Shopify-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 4522008
|
|
next
|
|
edit "Shopify-Shopify"
|
|
set type default
|
|
set internet-service-id 4522162
|
|
next
|
|
edit "MuleSoft-Other"
|
|
set type default
|
|
set internet-service-id 4587520
|
|
next
|
|
edit "MuleSoft-Web"
|
|
set type default
|
|
set internet-service-id 4587521
|
|
next
|
|
edit "MuleSoft-ICMP"
|
|
set type default
|
|
set internet-service-id 4587522
|
|
next
|
|
edit "MuleSoft-DNS"
|
|
set type default
|
|
set internet-service-id 4587523
|
|
next
|
|
edit "MuleSoft-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 4587524
|
|
next
|
|
edit "MuleSoft-SSH"
|
|
set type default
|
|
set internet-service-id 4587526
|
|
next
|
|
edit "MuleSoft-FTP"
|
|
set type default
|
|
set internet-service-id 4587527
|
|
next
|
|
edit "MuleSoft-NTP"
|
|
set type default
|
|
set internet-service-id 4587528
|
|
next
|
|
edit "MuleSoft-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 4587529
|
|
next
|
|
edit "MuleSoft-LDAP"
|
|
set type default
|
|
set internet-service-id 4587534
|
|
next
|
|
edit "MuleSoft-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 4587535
|
|
next
|
|
edit "MuleSoft-RTMP"
|
|
set type default
|
|
set internet-service-id 4587536
|
|
next
|
|
edit "MuleSoft-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 4587544
|
|
next
|
|
edit "Cornerstone-Other"
|
|
set type default
|
|
set internet-service-id 4653056
|
|
next
|
|
edit "Cornerstone-Web"
|
|
set type default
|
|
set internet-service-id 4653057
|
|
next
|
|
edit "Cornerstone-ICMP"
|
|
set type default
|
|
set internet-service-id 4653058
|
|
next
|
|
edit "Cornerstone-DNS"
|
|
set type default
|
|
set internet-service-id 4653059
|
|
next
|
|
edit "Cornerstone-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 4653060
|
|
next
|
|
edit "Cornerstone-SSH"
|
|
set type default
|
|
set internet-service-id 4653062
|
|
next
|
|
edit "Cornerstone-FTP"
|
|
set type default
|
|
set internet-service-id 4653063
|
|
next
|
|
edit "Cornerstone-NTP"
|
|
set type default
|
|
set internet-service-id 4653064
|
|
next
|
|
edit "Cornerstone-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 4653065
|
|
next
|
|
edit "Cornerstone-LDAP"
|
|
set type default
|
|
set internet-service-id 4653070
|
|
next
|
|
edit "Cornerstone-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 4653071
|
|
next
|
|
edit "Cornerstone-RTMP"
|
|
set type default
|
|
set internet-service-id 4653072
|
|
next
|
|
edit "Cornerstone-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 4653080
|
|
next
|
|
edit "Eventbrite-Other"
|
|
set type default
|
|
set internet-service-id 4718592
|
|
next
|
|
edit "Eventbrite-Web"
|
|
set type default
|
|
set internet-service-id 4718593
|
|
next
|
|
edit "Eventbrite-ICMP"
|
|
set type default
|
|
set internet-service-id 4718594
|
|
next
|
|
edit "Eventbrite-DNS"
|
|
set type default
|
|
set internet-service-id 4718595
|
|
next
|
|
edit "Eventbrite-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 4718596
|
|
next
|
|
edit "Eventbrite-SSH"
|
|
set type default
|
|
set internet-service-id 4718598
|
|
next
|
|
edit "Eventbrite-FTP"
|
|
set type default
|
|
set internet-service-id 4718599
|
|
next
|
|
edit "Eventbrite-NTP"
|
|
set type default
|
|
set internet-service-id 4718600
|
|
next
|
|
edit "Eventbrite-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 4718601
|
|
next
|
|
edit "Eventbrite-LDAP"
|
|
set type default
|
|
set internet-service-id 4718606
|
|
next
|
|
edit "Eventbrite-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 4718607
|
|
next
|
|
edit "Eventbrite-RTMP"
|
|
set type default
|
|
set internet-service-id 4718608
|
|
next
|
|
edit "Eventbrite-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 4718616
|
|
next
|
|
edit "Paychex-Other"
|
|
set type default
|
|
set internet-service-id 4784128
|
|
next
|
|
edit "Paychex-Web"
|
|
set type default
|
|
set internet-service-id 4784129
|
|
next
|
|
edit "Paychex-ICMP"
|
|
set type default
|
|
set internet-service-id 4784130
|
|
next
|
|
edit "Paychex-DNS"
|
|
set type default
|
|
set internet-service-id 4784131
|
|
next
|
|
edit "Paychex-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 4784132
|
|
next
|
|
edit "Paychex-SSH"
|
|
set type default
|
|
set internet-service-id 4784134
|
|
next
|
|
edit "Paychex-FTP"
|
|
set type default
|
|
set internet-service-id 4784135
|
|
next
|
|
edit "Paychex-NTP"
|
|
set type default
|
|
set internet-service-id 4784136
|
|
next
|
|
edit "Paychex-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 4784137
|
|
next
|
|
edit "Paychex-LDAP"
|
|
set type default
|
|
set internet-service-id 4784142
|
|
next
|
|
edit "Paychex-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 4784143
|
|
next
|
|
edit "Paychex-RTMP"
|
|
set type default
|
|
set internet-service-id 4784144
|
|
next
|
|
edit "Paychex-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 4784152
|
|
next
|
|
edit "NewRelic-Other"
|
|
set type default
|
|
set internet-service-id 4849664
|
|
next
|
|
edit "NewRelic-Web"
|
|
set type default
|
|
set internet-service-id 4849665
|
|
next
|
|
edit "NewRelic-ICMP"
|
|
set type default
|
|
set internet-service-id 4849666
|
|
next
|
|
edit "NewRelic-DNS"
|
|
set type default
|
|
set internet-service-id 4849667
|
|
next
|
|
edit "NewRelic-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 4849668
|
|
next
|
|
edit "NewRelic-SSH"
|
|
set type default
|
|
set internet-service-id 4849670
|
|
next
|
|
edit "NewRelic-FTP"
|
|
set type default
|
|
set internet-service-id 4849671
|
|
next
|
|
edit "NewRelic-NTP"
|
|
set type default
|
|
set internet-service-id 4849672
|
|
next
|
|
edit "NewRelic-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 4849673
|
|
next
|
|
edit "NewRelic-LDAP"
|
|
set type default
|
|
set internet-service-id 4849678
|
|
next
|
|
edit "NewRelic-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 4849679
|
|
next
|
|
edit "NewRelic-RTMP"
|
|
set type default
|
|
set internet-service-id 4849680
|
|
next
|
|
edit "NewRelic-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 4849688
|
|
next
|
|
edit "Splunk-Other"
|
|
set type default
|
|
set internet-service-id 4915200
|
|
next
|
|
edit "Splunk-Web"
|
|
set type default
|
|
set internet-service-id 4915201
|
|
next
|
|
edit "Splunk-ICMP"
|
|
set type default
|
|
set internet-service-id 4915202
|
|
next
|
|
edit "Splunk-DNS"
|
|
set type default
|
|
set internet-service-id 4915203
|
|
next
|
|
edit "Splunk-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 4915204
|
|
next
|
|
edit "Splunk-SSH"
|
|
set type default
|
|
set internet-service-id 4915206
|
|
next
|
|
edit "Splunk-FTP"
|
|
set type default
|
|
set internet-service-id 4915207
|
|
next
|
|
edit "Splunk-NTP"
|
|
set type default
|
|
set internet-service-id 4915208
|
|
next
|
|
edit "Splunk-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 4915209
|
|
next
|
|
edit "Splunk-LDAP"
|
|
set type default
|
|
set internet-service-id 4915214
|
|
next
|
|
edit "Splunk-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 4915215
|
|
next
|
|
edit "Splunk-RTMP"
|
|
set type default
|
|
set internet-service-id 4915216
|
|
next
|
|
edit "Splunk-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 4915224
|
|
next
|
|
edit "Domo-Other"
|
|
set type default
|
|
set internet-service-id 4980736
|
|
next
|
|
edit "Domo-Web"
|
|
set type default
|
|
set internet-service-id 4980737
|
|
next
|
|
edit "Domo-ICMP"
|
|
set type default
|
|
set internet-service-id 4980738
|
|
next
|
|
edit "Domo-DNS"
|
|
set type default
|
|
set internet-service-id 4980739
|
|
next
|
|
edit "Domo-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 4980740
|
|
next
|
|
edit "Domo-SSH"
|
|
set type default
|
|
set internet-service-id 4980742
|
|
next
|
|
edit "Domo-FTP"
|
|
set type default
|
|
set internet-service-id 4980743
|
|
next
|
|
edit "Domo-NTP"
|
|
set type default
|
|
set internet-service-id 4980744
|
|
next
|
|
edit "Domo-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 4980745
|
|
next
|
|
edit "Domo-LDAP"
|
|
set type default
|
|
set internet-service-id 4980750
|
|
next
|
|
edit "Domo-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 4980751
|
|
next
|
|
edit "Domo-RTMP"
|
|
set type default
|
|
set internet-service-id 4980752
|
|
next
|
|
edit "Domo-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 4980760
|
|
next
|
|
edit "FreshBooks-Other"
|
|
set type default
|
|
set internet-service-id 5046272
|
|
next
|
|
edit "FreshBooks-Web"
|
|
set type default
|
|
set internet-service-id 5046273
|
|
next
|
|
edit "FreshBooks-ICMP"
|
|
set type default
|
|
set internet-service-id 5046274
|
|
next
|
|
edit "FreshBooks-DNS"
|
|
set type default
|
|
set internet-service-id 5046275
|
|
next
|
|
edit "FreshBooks-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 5046276
|
|
next
|
|
edit "FreshBooks-SSH"
|
|
set type default
|
|
set internet-service-id 5046278
|
|
next
|
|
edit "FreshBooks-FTP"
|
|
set type default
|
|
set internet-service-id 5046279
|
|
next
|
|
edit "FreshBooks-NTP"
|
|
set type default
|
|
set internet-service-id 5046280
|
|
next
|
|
edit "FreshBooks-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 5046281
|
|
next
|
|
edit "FreshBooks-LDAP"
|
|
set type default
|
|
set internet-service-id 5046286
|
|
next
|
|
edit "FreshBooks-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 5046287
|
|
next
|
|
edit "FreshBooks-RTMP"
|
|
set type default
|
|
set internet-service-id 5046288
|
|
next
|
|
edit "FreshBooks-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 5046296
|
|
next
|
|
edit "Tableau-Other"
|
|
set type default
|
|
set internet-service-id 5111808
|
|
next
|
|
edit "Tableau-Web"
|
|
set type default
|
|
set internet-service-id 5111809
|
|
next
|
|
edit "Tableau-ICMP"
|
|
set type default
|
|
set internet-service-id 5111810
|
|
next
|
|
edit "Tableau-DNS"
|
|
set type default
|
|
set internet-service-id 5111811
|
|
next
|
|
edit "Tableau-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 5111812
|
|
next
|
|
edit "Tableau-SSH"
|
|
set type default
|
|
set internet-service-id 5111814
|
|
next
|
|
edit "Tableau-FTP"
|
|
set type default
|
|
set internet-service-id 5111815
|
|
next
|
|
edit "Tableau-NTP"
|
|
set type default
|
|
set internet-service-id 5111816
|
|
next
|
|
edit "Tableau-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 5111817
|
|
next
|
|
edit "Tableau-LDAP"
|
|
set type default
|
|
set internet-service-id 5111822
|
|
next
|
|
edit "Tableau-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 5111823
|
|
next
|
|
edit "Tableau-RTMP"
|
|
set type default
|
|
set internet-service-id 5111824
|
|
next
|
|
edit "Tableau-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 5111832
|
|
next
|
|
edit "Druva-Other"
|
|
set type default
|
|
set internet-service-id 5177344
|
|
next
|
|
edit "Druva-Web"
|
|
set type default
|
|
set internet-service-id 5177345
|
|
next
|
|
edit "Druva-ICMP"
|
|
set type default
|
|
set internet-service-id 5177346
|
|
next
|
|
edit "Druva-DNS"
|
|
set type default
|
|
set internet-service-id 5177347
|
|
next
|
|
edit "Druva-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 5177348
|
|
next
|
|
edit "Druva-SSH"
|
|
set type default
|
|
set internet-service-id 5177350
|
|
next
|
|
edit "Druva-FTP"
|
|
set type default
|
|
set internet-service-id 5177351
|
|
next
|
|
edit "Druva-NTP"
|
|
set type default
|
|
set internet-service-id 5177352
|
|
next
|
|
edit "Druva-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 5177353
|
|
next
|
|
edit "Druva-LDAP"
|
|
set type default
|
|
set internet-service-id 5177358
|
|
next
|
|
edit "Druva-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 5177359
|
|
next
|
|
edit "Druva-RTMP"
|
|
set type default
|
|
set internet-service-id 5177360
|
|
next
|
|
edit "Druva-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 5177368
|
|
next
|
|
edit "Act-on-Other"
|
|
set type default
|
|
set internet-service-id 5242880
|
|
next
|
|
edit "Act-on-Web"
|
|
set type default
|
|
set internet-service-id 5242881
|
|
next
|
|
edit "Act-on-ICMP"
|
|
set type default
|
|
set internet-service-id 5242882
|
|
next
|
|
edit "Act-on-DNS"
|
|
set type default
|
|
set internet-service-id 5242883
|
|
next
|
|
edit "Act-on-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 5242884
|
|
next
|
|
edit "Act-on-SSH"
|
|
set type default
|
|
set internet-service-id 5242886
|
|
next
|
|
edit "Act-on-FTP"
|
|
set type default
|
|
set internet-service-id 5242887
|
|
next
|
|
edit "Act-on-NTP"
|
|
set type default
|
|
set internet-service-id 5242888
|
|
next
|
|
edit "Act-on-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 5242889
|
|
next
|
|
edit "Act-on-LDAP"
|
|
set type default
|
|
set internet-service-id 5242894
|
|
next
|
|
edit "Act-on-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 5242895
|
|
next
|
|
edit "Act-on-RTMP"
|
|
set type default
|
|
set internet-service-id 5242896
|
|
next
|
|
edit "Act-on-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 5242904
|
|
next
|
|
edit "GoodData-Other"
|
|
set type default
|
|
set internet-service-id 5308416
|
|
next
|
|
edit "GoodData-Web"
|
|
set type default
|
|
set internet-service-id 5308417
|
|
next
|
|
edit "GoodData-ICMP"
|
|
set type default
|
|
set internet-service-id 5308418
|
|
next
|
|
edit "GoodData-DNS"
|
|
set type default
|
|
set internet-service-id 5308419
|
|
next
|
|
edit "GoodData-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 5308420
|
|
next
|
|
edit "GoodData-SSH"
|
|
set type default
|
|
set internet-service-id 5308422
|
|
next
|
|
edit "GoodData-FTP"
|
|
set type default
|
|
set internet-service-id 5308423
|
|
next
|
|
edit "GoodData-NTP"
|
|
set type default
|
|
set internet-service-id 5308424
|
|
next
|
|
edit "GoodData-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 5308425
|
|
next
|
|
edit "GoodData-LDAP"
|
|
set type default
|
|
set internet-service-id 5308430
|
|
next
|
|
edit "GoodData-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 5308431
|
|
next
|
|
edit "GoodData-RTMP"
|
|
set type default
|
|
set internet-service-id 5308432
|
|
next
|
|
edit "GoodData-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 5308440
|
|
next
|
|
edit "SurveyMonkey-Other"
|
|
set type default
|
|
set internet-service-id 5373952
|
|
next
|
|
edit "SurveyMonkey-Web"
|
|
set type default
|
|
set internet-service-id 5373953
|
|
next
|
|
edit "SurveyMonkey-ICMP"
|
|
set type default
|
|
set internet-service-id 5373954
|
|
next
|
|
edit "SurveyMonkey-DNS"
|
|
set type default
|
|
set internet-service-id 5373955
|
|
next
|
|
edit "SurveyMonkey-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 5373956
|
|
next
|
|
edit "SurveyMonkey-SSH"
|
|
set type default
|
|
set internet-service-id 5373958
|
|
next
|
|
edit "SurveyMonkey-FTP"
|
|
set type default
|
|
set internet-service-id 5373959
|
|
next
|
|
edit "SurveyMonkey-NTP"
|
|
set type default
|
|
set internet-service-id 5373960
|
|
next
|
|
edit "SurveyMonkey-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 5373961
|
|
next
|
|
edit "SurveyMonkey-LDAP"
|
|
set type default
|
|
set internet-service-id 5373966
|
|
next
|
|
edit "SurveyMonkey-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 5373967
|
|
next
|
|
edit "SurveyMonkey-RTMP"
|
|
set type default
|
|
set internet-service-id 5373968
|
|
next
|
|
edit "SurveyMonkey-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 5373976
|
|
next
|
|
edit "Cvent-Other"
|
|
set type default
|
|
set internet-service-id 5439488
|
|
next
|
|
edit "Cvent-Web"
|
|
set type default
|
|
set internet-service-id 5439489
|
|
next
|
|
edit "Cvent-ICMP"
|
|
set type default
|
|
set internet-service-id 5439490
|
|
next
|
|
edit "Cvent-DNS"
|
|
set type default
|
|
set internet-service-id 5439491
|
|
next
|
|
edit "Cvent-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 5439492
|
|
next
|
|
edit "Cvent-SSH"
|
|
set type default
|
|
set internet-service-id 5439494
|
|
next
|
|
edit "Cvent-FTP"
|
|
set type default
|
|
set internet-service-id 5439495
|
|
next
|
|
edit "Cvent-NTP"
|
|
set type default
|
|
set internet-service-id 5439496
|
|
next
|
|
edit "Cvent-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 5439497
|
|
next
|
|
edit "Cvent-LDAP"
|
|
set type default
|
|
set internet-service-id 5439502
|
|
next
|
|
edit "Cvent-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 5439503
|
|
next
|
|
edit "Cvent-RTMP"
|
|
set type default
|
|
set internet-service-id 5439504
|
|
next
|
|
edit "Cvent-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 5439512
|
|
next
|
|
edit "Blackbaud-Other"
|
|
set type default
|
|
set internet-service-id 5505024
|
|
next
|
|
edit "Blackbaud-Web"
|
|
set type default
|
|
set internet-service-id 5505025
|
|
next
|
|
edit "Blackbaud-ICMP"
|
|
set type default
|
|
set internet-service-id 5505026
|
|
next
|
|
edit "Blackbaud-DNS"
|
|
set type default
|
|
set internet-service-id 5505027
|
|
next
|
|
edit "Blackbaud-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 5505028
|
|
next
|
|
edit "Blackbaud-SSH"
|
|
set type default
|
|
set internet-service-id 5505030
|
|
next
|
|
edit "Blackbaud-FTP"
|
|
set type default
|
|
set internet-service-id 5505031
|
|
next
|
|
edit "Blackbaud-NTP"
|
|
set type default
|
|
set internet-service-id 5505032
|
|
next
|
|
edit "Blackbaud-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 5505033
|
|
next
|
|
edit "Blackbaud-LDAP"
|
|
set type default
|
|
set internet-service-id 5505038
|
|
next
|
|
edit "Blackbaud-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 5505039
|
|
next
|
|
edit "Blackbaud-RTMP"
|
|
set type default
|
|
set internet-service-id 5505040
|
|
next
|
|
edit "Blackbaud-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 5505048
|
|
next
|
|
edit "InsideSales-Other"
|
|
set type default
|
|
set internet-service-id 5570560
|
|
next
|
|
edit "InsideSales-Web"
|
|
set type default
|
|
set internet-service-id 5570561
|
|
next
|
|
edit "InsideSales-ICMP"
|
|
set type default
|
|
set internet-service-id 5570562
|
|
next
|
|
edit "InsideSales-DNS"
|
|
set type default
|
|
set internet-service-id 5570563
|
|
next
|
|
edit "InsideSales-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 5570564
|
|
next
|
|
edit "InsideSales-SSH"
|
|
set type default
|
|
set internet-service-id 5570566
|
|
next
|
|
edit "InsideSales-FTP"
|
|
set type default
|
|
set internet-service-id 5570567
|
|
next
|
|
edit "InsideSales-NTP"
|
|
set type default
|
|
set internet-service-id 5570568
|
|
next
|
|
edit "InsideSales-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 5570569
|
|
next
|
|
edit "InsideSales-LDAP"
|
|
set type default
|
|
set internet-service-id 5570574
|
|
next
|
|
edit "InsideSales-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 5570575
|
|
next
|
|
edit "InsideSales-RTMP"
|
|
set type default
|
|
set internet-service-id 5570576
|
|
next
|
|
edit "InsideSales-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 5570584
|
|
next
|
|
edit "ServiceMax-Other"
|
|
set type default
|
|
set internet-service-id 5636096
|
|
next
|
|
edit "ServiceMax-Web"
|
|
set type default
|
|
set internet-service-id 5636097
|
|
next
|
|
edit "ServiceMax-ICMP"
|
|
set type default
|
|
set internet-service-id 5636098
|
|
next
|
|
edit "ServiceMax-DNS"
|
|
set type default
|
|
set internet-service-id 5636099
|
|
next
|
|
edit "ServiceMax-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 5636100
|
|
next
|
|
edit "ServiceMax-SSH"
|
|
set type default
|
|
set internet-service-id 5636102
|
|
next
|
|
edit "ServiceMax-FTP"
|
|
set type default
|
|
set internet-service-id 5636103
|
|
next
|
|
edit "ServiceMax-NTP"
|
|
set type default
|
|
set internet-service-id 5636104
|
|
next
|
|
edit "ServiceMax-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 5636105
|
|
next
|
|
edit "ServiceMax-LDAP"
|
|
set type default
|
|
set internet-service-id 5636110
|
|
next
|
|
edit "ServiceMax-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 5636111
|
|
next
|
|
edit "ServiceMax-RTMP"
|
|
set type default
|
|
set internet-service-id 5636112
|
|
next
|
|
edit "ServiceMax-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 5636120
|
|
next
|
|
edit "Apptio-Other"
|
|
set type default
|
|
set internet-service-id 5701632
|
|
next
|
|
edit "Apptio-Web"
|
|
set type default
|
|
set internet-service-id 5701633
|
|
next
|
|
edit "Apptio-ICMP"
|
|
set type default
|
|
set internet-service-id 5701634
|
|
next
|
|
edit "Apptio-DNS"
|
|
set type default
|
|
set internet-service-id 5701635
|
|
next
|
|
edit "Apptio-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 5701636
|
|
next
|
|
edit "Apptio-SSH"
|
|
set type default
|
|
set internet-service-id 5701638
|
|
next
|
|
edit "Apptio-FTP"
|
|
set type default
|
|
set internet-service-id 5701639
|
|
next
|
|
edit "Apptio-NTP"
|
|
set type default
|
|
set internet-service-id 5701640
|
|
next
|
|
edit "Apptio-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 5701641
|
|
next
|
|
edit "Apptio-LDAP"
|
|
set type default
|
|
set internet-service-id 5701646
|
|
next
|
|
edit "Apptio-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 5701647
|
|
next
|
|
edit "Apptio-RTMP"
|
|
set type default
|
|
set internet-service-id 5701648
|
|
next
|
|
edit "Apptio-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 5701656
|
|
next
|
|
edit "Veracode-Other"
|
|
set type default
|
|
set internet-service-id 5767168
|
|
next
|
|
edit "Veracode-Web"
|
|
set type default
|
|
set internet-service-id 5767169
|
|
next
|
|
edit "Veracode-ICMP"
|
|
set type default
|
|
set internet-service-id 5767170
|
|
next
|
|
edit "Veracode-DNS"
|
|
set type default
|
|
set internet-service-id 5767171
|
|
next
|
|
edit "Veracode-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 5767172
|
|
next
|
|
edit "Veracode-SSH"
|
|
set type default
|
|
set internet-service-id 5767174
|
|
next
|
|
edit "Veracode-FTP"
|
|
set type default
|
|
set internet-service-id 5767175
|
|
next
|
|
edit "Veracode-NTP"
|
|
set type default
|
|
set internet-service-id 5767176
|
|
next
|
|
edit "Veracode-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 5767177
|
|
next
|
|
edit "Veracode-LDAP"
|
|
set type default
|
|
set internet-service-id 5767182
|
|
next
|
|
edit "Veracode-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 5767183
|
|
next
|
|
edit "Veracode-RTMP"
|
|
set type default
|
|
set internet-service-id 5767184
|
|
next
|
|
edit "Veracode-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 5767192
|
|
next
|
|
edit "Anaplan-Other"
|
|
set type default
|
|
set internet-service-id 5832704
|
|
next
|
|
edit "Anaplan-Web"
|
|
set type default
|
|
set internet-service-id 5832705
|
|
next
|
|
edit "Anaplan-ICMP"
|
|
set type default
|
|
set internet-service-id 5832706
|
|
next
|
|
edit "Anaplan-DNS"
|
|
set type default
|
|
set internet-service-id 5832707
|
|
next
|
|
edit "Anaplan-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 5832708
|
|
next
|
|
edit "Anaplan-SSH"
|
|
set type default
|
|
set internet-service-id 5832710
|
|
next
|
|
edit "Anaplan-FTP"
|
|
set type default
|
|
set internet-service-id 5832711
|
|
next
|
|
edit "Anaplan-NTP"
|
|
set type default
|
|
set internet-service-id 5832712
|
|
next
|
|
edit "Anaplan-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 5832713
|
|
next
|
|
edit "Anaplan-LDAP"
|
|
set type default
|
|
set internet-service-id 5832718
|
|
next
|
|
edit "Anaplan-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 5832719
|
|
next
|
|
edit "Anaplan-RTMP"
|
|
set type default
|
|
set internet-service-id 5832720
|
|
next
|
|
edit "Anaplan-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 5832728
|
|
next
|
|
edit "Rapid7-Other"
|
|
set type default
|
|
set internet-service-id 5898240
|
|
next
|
|
edit "Rapid7-Web"
|
|
set type default
|
|
set internet-service-id 5898241
|
|
next
|
|
edit "Rapid7-ICMP"
|
|
set type default
|
|
set internet-service-id 5898242
|
|
next
|
|
edit "Rapid7-DNS"
|
|
set type default
|
|
set internet-service-id 5898243
|
|
next
|
|
edit "Rapid7-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 5898244
|
|
next
|
|
edit "Rapid7-SSH"
|
|
set type default
|
|
set internet-service-id 5898246
|
|
next
|
|
edit "Rapid7-FTP"
|
|
set type default
|
|
set internet-service-id 5898247
|
|
next
|
|
edit "Rapid7-NTP"
|
|
set type default
|
|
set internet-service-id 5898248
|
|
next
|
|
edit "Rapid7-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 5898249
|
|
next
|
|
edit "Rapid7-LDAP"
|
|
set type default
|
|
set internet-service-id 5898254
|
|
next
|
|
edit "Rapid7-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 5898255
|
|
next
|
|
edit "Rapid7-RTMP"
|
|
set type default
|
|
set internet-service-id 5898256
|
|
next
|
|
edit "Rapid7-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 5898264
|
|
next
|
|
edit "AnyDesk-AnyDesk"
|
|
set type default
|
|
set internet-service-id 5963927
|
|
next
|
|
edit "ESET-Eset.Service"
|
|
set type default
|
|
set internet-service-id 6029426
|
|
next
|
|
edit "Slack-Other"
|
|
set type default
|
|
set internet-service-id 6094848
|
|
next
|
|
edit "Slack-Web"
|
|
set type default
|
|
set internet-service-id 6094849
|
|
next
|
|
edit "Slack-ICMP"
|
|
set type default
|
|
set internet-service-id 6094850
|
|
next
|
|
edit "Slack-DNS"
|
|
set type default
|
|
set internet-service-id 6094851
|
|
next
|
|
edit "Slack-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 6094852
|
|
next
|
|
edit "Slack-SSH"
|
|
set type default
|
|
set internet-service-id 6094854
|
|
next
|
|
edit "Slack-FTP"
|
|
set type default
|
|
set internet-service-id 6094855
|
|
next
|
|
edit "Slack-NTP"
|
|
set type default
|
|
set internet-service-id 6094856
|
|
next
|
|
edit "Slack-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 6094857
|
|
next
|
|
edit "Slack-LDAP"
|
|
set type default
|
|
set internet-service-id 6094862
|
|
next
|
|
edit "Slack-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 6094863
|
|
next
|
|
edit "Slack-RTMP"
|
|
set type default
|
|
set internet-service-id 6094864
|
|
next
|
|
edit "Slack-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 6094872
|
|
next
|
|
edit "Slack-Slack"
|
|
set type default
|
|
set internet-service-id 6095024
|
|
next
|
|
edit "ADP-Other"
|
|
set type default
|
|
set internet-service-id 6160384
|
|
next
|
|
edit "ADP-Web"
|
|
set type default
|
|
set internet-service-id 6160385
|
|
next
|
|
edit "ADP-ICMP"
|
|
set type default
|
|
set internet-service-id 6160386
|
|
next
|
|
edit "ADP-DNS"
|
|
set type default
|
|
set internet-service-id 6160387
|
|
next
|
|
edit "ADP-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 6160388
|
|
next
|
|
edit "ADP-SSH"
|
|
set type default
|
|
set internet-service-id 6160390
|
|
next
|
|
edit "ADP-FTP"
|
|
set type default
|
|
set internet-service-id 6160391
|
|
next
|
|
edit "ADP-NTP"
|
|
set type default
|
|
set internet-service-id 6160392
|
|
next
|
|
edit "ADP-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 6160393
|
|
next
|
|
edit "ADP-LDAP"
|
|
set type default
|
|
set internet-service-id 6160398
|
|
next
|
|
edit "ADP-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 6160399
|
|
next
|
|
edit "ADP-RTMP"
|
|
set type default
|
|
set internet-service-id 6160400
|
|
next
|
|
edit "ADP-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 6160408
|
|
next
|
|
edit "Blackboard-Other"
|
|
set type default
|
|
set internet-service-id 6225920
|
|
next
|
|
edit "Blackboard-Web"
|
|
set type default
|
|
set internet-service-id 6225921
|
|
next
|
|
edit "Blackboard-ICMP"
|
|
set type default
|
|
set internet-service-id 6225922
|
|
next
|
|
edit "Blackboard-DNS"
|
|
set type default
|
|
set internet-service-id 6225923
|
|
next
|
|
edit "Blackboard-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 6225924
|
|
next
|
|
edit "Blackboard-SSH"
|
|
set type default
|
|
set internet-service-id 6225926
|
|
next
|
|
edit "Blackboard-FTP"
|
|
set type default
|
|
set internet-service-id 6225927
|
|
next
|
|
edit "Blackboard-NTP"
|
|
set type default
|
|
set internet-service-id 6225928
|
|
next
|
|
edit "Blackboard-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 6225929
|
|
next
|
|
edit "Blackboard-LDAP"
|
|
set type default
|
|
set internet-service-id 6225934
|
|
next
|
|
edit "Blackboard-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 6225935
|
|
next
|
|
edit "Blackboard-RTMP"
|
|
set type default
|
|
set internet-service-id 6225936
|
|
next
|
|
edit "Blackboard-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 6225944
|
|
next
|
|
edit "SAP-Other"
|
|
set type default
|
|
set internet-service-id 6291456
|
|
next
|
|
edit "SAP-Web"
|
|
set type default
|
|
set internet-service-id 6291457
|
|
next
|
|
edit "SAP-ICMP"
|
|
set type default
|
|
set internet-service-id 6291458
|
|
next
|
|
edit "SAP-DNS"
|
|
set type default
|
|
set internet-service-id 6291459
|
|
next
|
|
edit "SAP-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 6291460
|
|
next
|
|
edit "SAP-SSH"
|
|
set type default
|
|
set internet-service-id 6291462
|
|
next
|
|
edit "SAP-FTP"
|
|
set type default
|
|
set internet-service-id 6291463
|
|
next
|
|
edit "SAP-NTP"
|
|
set type default
|
|
set internet-service-id 6291464
|
|
next
|
|
edit "SAP-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 6291465
|
|
next
|
|
edit "SAP-LDAP"
|
|
set type default
|
|
set internet-service-id 6291470
|
|
next
|
|
edit "SAP-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 6291471
|
|
next
|
|
edit "SAP-RTMP"
|
|
set type default
|
|
set internet-service-id 6291472
|
|
next
|
|
edit "SAP-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 6291480
|
|
next
|
|
edit "SAP-HANA"
|
|
set type default
|
|
set internet-service-id 6291612
|
|
next
|
|
edit "SAP-SuccessFactors"
|
|
set type default
|
|
set internet-service-id 6291618
|
|
next
|
|
edit "Snap-Snapchat"
|
|
set type default
|
|
set internet-service-id 6357108
|
|
next
|
|
edit "Zoom.us-Zoom.Meeting"
|
|
set type default
|
|
set internet-service-id 6422646
|
|
next
|
|
edit "Sophos-Other"
|
|
set type default
|
|
set internet-service-id 6488064
|
|
next
|
|
edit "Sophos-Web"
|
|
set type default
|
|
set internet-service-id 6488065
|
|
next
|
|
edit "Sophos-ICMP"
|
|
set type default
|
|
set internet-service-id 6488066
|
|
next
|
|
edit "Sophos-DNS"
|
|
set type default
|
|
set internet-service-id 6488067
|
|
next
|
|
edit "Sophos-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 6488068
|
|
next
|
|
edit "Sophos-SSH"
|
|
set type default
|
|
set internet-service-id 6488070
|
|
next
|
|
edit "Sophos-FTP"
|
|
set type default
|
|
set internet-service-id 6488071
|
|
next
|
|
edit "Sophos-NTP"
|
|
set type default
|
|
set internet-service-id 6488072
|
|
next
|
|
edit "Sophos-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 6488073
|
|
next
|
|
edit "Sophos-LDAP"
|
|
set type default
|
|
set internet-service-id 6488078
|
|
next
|
|
edit "Sophos-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 6488079
|
|
next
|
|
edit "Sophos-RTMP"
|
|
set type default
|
|
set internet-service-id 6488080
|
|
next
|
|
edit "Sophos-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 6488088
|
|
next
|
|
edit "Cloudflare-Other"
|
|
set type default
|
|
set internet-service-id 6553600
|
|
next
|
|
edit "Cloudflare-Web"
|
|
set type default
|
|
set internet-service-id 6553601
|
|
next
|
|
edit "Cloudflare-ICMP"
|
|
set type default
|
|
set internet-service-id 6553602
|
|
next
|
|
edit "Cloudflare-DNS"
|
|
set type default
|
|
set internet-service-id 6553603
|
|
next
|
|
edit "Cloudflare-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 6553604
|
|
next
|
|
edit "Cloudflare-SSH"
|
|
set type default
|
|
set internet-service-id 6553606
|
|
next
|
|
edit "Cloudflare-FTP"
|
|
set type default
|
|
set internet-service-id 6553607
|
|
next
|
|
edit "Cloudflare-NTP"
|
|
set type default
|
|
set internet-service-id 6553608
|
|
next
|
|
edit "Cloudflare-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 6553609
|
|
next
|
|
edit "Cloudflare-LDAP"
|
|
set type default
|
|
set internet-service-id 6553614
|
|
next
|
|
edit "Cloudflare-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 6553615
|
|
next
|
|
edit "Cloudflare-RTMP"
|
|
set type default
|
|
set internet-service-id 6553616
|
|
next
|
|
edit "Cloudflare-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 6553624
|
|
next
|
|
edit "Cloudflare-CDN"
|
|
set type default
|
|
set internet-service-id 6553737
|
|
next
|
|
edit "Pexip-Pexip.Meeting"
|
|
set type default
|
|
set internet-service-id 6619256
|
|
next
|
|
edit "Zscaler-Other"
|
|
set type default
|
|
set internet-service-id 6684672
|
|
next
|
|
edit "Zscaler-Web"
|
|
set type default
|
|
set internet-service-id 6684673
|
|
next
|
|
edit "Zscaler-ICMP"
|
|
set type default
|
|
set internet-service-id 6684674
|
|
next
|
|
edit "Zscaler-DNS"
|
|
set type default
|
|
set internet-service-id 6684675
|
|
next
|
|
edit "Zscaler-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 6684676
|
|
next
|
|
edit "Zscaler-SSH"
|
|
set type default
|
|
set internet-service-id 6684678
|
|
next
|
|
edit "Zscaler-FTP"
|
|
set type default
|
|
set internet-service-id 6684679
|
|
next
|
|
edit "Zscaler-NTP"
|
|
set type default
|
|
set internet-service-id 6684680
|
|
next
|
|
edit "Zscaler-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 6684681
|
|
next
|
|
edit "Zscaler-LDAP"
|
|
set type default
|
|
set internet-service-id 6684686
|
|
next
|
|
edit "Zscaler-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 6684687
|
|
next
|
|
edit "Zscaler-RTMP"
|
|
set type default
|
|
set internet-service-id 6684688
|
|
next
|
|
edit "Zscaler-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 6684696
|
|
next
|
|
edit "Zscaler-Zscaler.Cloud"
|
|
set type default
|
|
set internet-service-id 6684793
|
|
next
|
|
edit "Yandex-Other"
|
|
set type default
|
|
set internet-service-id 6750208
|
|
next
|
|
edit "Yandex-Web"
|
|
set type default
|
|
set internet-service-id 6750209
|
|
next
|
|
edit "Yandex-ICMP"
|
|
set type default
|
|
set internet-service-id 6750210
|
|
next
|
|
edit "Yandex-DNS"
|
|
set type default
|
|
set internet-service-id 6750211
|
|
next
|
|
edit "Yandex-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 6750212
|
|
next
|
|
edit "Yandex-SSH"
|
|
set type default
|
|
set internet-service-id 6750214
|
|
next
|
|
edit "Yandex-FTP"
|
|
set type default
|
|
set internet-service-id 6750215
|
|
next
|
|
edit "Yandex-NTP"
|
|
set type default
|
|
set internet-service-id 6750216
|
|
next
|
|
edit "Yandex-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 6750217
|
|
next
|
|
edit "Yandex-LDAP"
|
|
set type default
|
|
set internet-service-id 6750222
|
|
next
|
|
edit "Yandex-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 6750223
|
|
next
|
|
edit "Yandex-RTMP"
|
|
set type default
|
|
set internet-service-id 6750224
|
|
next
|
|
edit "Yandex-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 6750232
|
|
next
|
|
edit "mail.ru-Other"
|
|
set type default
|
|
set internet-service-id 6815744
|
|
next
|
|
edit "mail.ru-Web"
|
|
set type default
|
|
set internet-service-id 6815745
|
|
next
|
|
edit "mail.ru-ICMP"
|
|
set type default
|
|
set internet-service-id 6815746
|
|
next
|
|
edit "mail.ru-DNS"
|
|
set type default
|
|
set internet-service-id 6815747
|
|
next
|
|
edit "mail.ru-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 6815748
|
|
next
|
|
edit "mail.ru-SSH"
|
|
set type default
|
|
set internet-service-id 6815750
|
|
next
|
|
edit "mail.ru-FTP"
|
|
set type default
|
|
set internet-service-id 6815751
|
|
next
|
|
edit "mail.ru-NTP"
|
|
set type default
|
|
set internet-service-id 6815752
|
|
next
|
|
edit "mail.ru-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 6815753
|
|
next
|
|
edit "mail.ru-LDAP"
|
|
set type default
|
|
set internet-service-id 6815758
|
|
next
|
|
edit "mail.ru-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 6815759
|
|
next
|
|
edit "mail.ru-RTMP"
|
|
set type default
|
|
set internet-service-id 6815760
|
|
next
|
|
edit "mail.ru-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 6815768
|
|
next
|
|
edit "Alibaba-Other"
|
|
set type default
|
|
set internet-service-id 6881280
|
|
next
|
|
edit "Alibaba-Web"
|
|
set type default
|
|
set internet-service-id 6881281
|
|
next
|
|
edit "Alibaba-ICMP"
|
|
set type default
|
|
set internet-service-id 6881282
|
|
next
|
|
edit "Alibaba-DNS"
|
|
set type default
|
|
set internet-service-id 6881283
|
|
next
|
|
edit "Alibaba-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 6881284
|
|
next
|
|
edit "Alibaba-SSH"
|
|
set type default
|
|
set internet-service-id 6881286
|
|
next
|
|
edit "Alibaba-FTP"
|
|
set type default
|
|
set internet-service-id 6881287
|
|
next
|
|
edit "Alibaba-NTP"
|
|
set type default
|
|
set internet-service-id 6881288
|
|
next
|
|
edit "Alibaba-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 6881289
|
|
next
|
|
edit "Alibaba-LDAP"
|
|
set type default
|
|
set internet-service-id 6881294
|
|
next
|
|
edit "Alibaba-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 6881295
|
|
next
|
|
edit "Alibaba-RTMP"
|
|
set type default
|
|
set internet-service-id 6881296
|
|
next
|
|
edit "Alibaba-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 6881304
|
|
next
|
|
edit "Alibaba-Alibaba.Cloud"
|
|
set type default
|
|
set internet-service-id 6881402
|
|
next
|
|
edit "GoDaddy-Other"
|
|
set type default
|
|
set internet-service-id 6946816
|
|
next
|
|
edit "GoDaddy-Web"
|
|
set type default
|
|
set internet-service-id 6946817
|
|
next
|
|
edit "GoDaddy-ICMP"
|
|
set type default
|
|
set internet-service-id 6946818
|
|
next
|
|
edit "GoDaddy-DNS"
|
|
set type default
|
|
set internet-service-id 6946819
|
|
next
|
|
edit "GoDaddy-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 6946820
|
|
next
|
|
edit "GoDaddy-SSH"
|
|
set type default
|
|
set internet-service-id 6946822
|
|
next
|
|
edit "GoDaddy-FTP"
|
|
set type default
|
|
set internet-service-id 6946823
|
|
next
|
|
edit "GoDaddy-NTP"
|
|
set type default
|
|
set internet-service-id 6946824
|
|
next
|
|
edit "GoDaddy-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 6946825
|
|
next
|
|
edit "GoDaddy-LDAP"
|
|
set type default
|
|
set internet-service-id 6946830
|
|
next
|
|
edit "GoDaddy-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 6946831
|
|
next
|
|
edit "GoDaddy-RTMP"
|
|
set type default
|
|
set internet-service-id 6946832
|
|
next
|
|
edit "GoDaddy-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 6946840
|
|
next
|
|
edit "GoDaddy-GoDaddy.Email"
|
|
set type default
|
|
set internet-service-id 6946939
|
|
next
|
|
edit "Webroot-Webroot.SecureAnywhere"
|
|
set type default
|
|
set internet-service-id 7078013
|
|
next
|
|
edit "Avast-Other"
|
|
set type default
|
|
set internet-service-id 7143424
|
|
next
|
|
edit "Avast-Web"
|
|
set type default
|
|
set internet-service-id 7143425
|
|
next
|
|
edit "Avast-ICMP"
|
|
set type default
|
|
set internet-service-id 7143426
|
|
next
|
|
edit "Avast-DNS"
|
|
set type default
|
|
set internet-service-id 7143427
|
|
next
|
|
edit "Avast-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 7143428
|
|
next
|
|
edit "Avast-SSH"
|
|
set type default
|
|
set internet-service-id 7143430
|
|
next
|
|
edit "Avast-FTP"
|
|
set type default
|
|
set internet-service-id 7143431
|
|
next
|
|
edit "Avast-NTP"
|
|
set type default
|
|
set internet-service-id 7143432
|
|
next
|
|
edit "Avast-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 7143433
|
|
next
|
|
edit "Avast-LDAP"
|
|
set type default
|
|
set internet-service-id 7143438
|
|
next
|
|
edit "Avast-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 7143439
|
|
next
|
|
edit "Avast-RTMP"
|
|
set type default
|
|
set internet-service-id 7143440
|
|
next
|
|
edit "Avast-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 7143448
|
|
next
|
|
edit "Avast-Avast.Security"
|
|
set type default
|
|
set internet-service-id 7143550
|
|
next
|
|
edit "Wetransfer-Other"
|
|
set type default
|
|
set internet-service-id 7208960
|
|
next
|
|
edit "Wetransfer-Web"
|
|
set type default
|
|
set internet-service-id 7208961
|
|
next
|
|
edit "Wetransfer-ICMP"
|
|
set type default
|
|
set internet-service-id 7208962
|
|
next
|
|
edit "Wetransfer-DNS"
|
|
set type default
|
|
set internet-service-id 7208963
|
|
next
|
|
edit "Wetransfer-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 7208964
|
|
next
|
|
edit "Wetransfer-SSH"
|
|
set type default
|
|
set internet-service-id 7208966
|
|
next
|
|
edit "Wetransfer-FTP"
|
|
set type default
|
|
set internet-service-id 7208967
|
|
next
|
|
edit "Wetransfer-NTP"
|
|
set type default
|
|
set internet-service-id 7208968
|
|
next
|
|
edit "Wetransfer-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 7208969
|
|
next
|
|
edit "Wetransfer-LDAP"
|
|
set type default
|
|
set internet-service-id 7208974
|
|
next
|
|
edit "Wetransfer-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 7208975
|
|
next
|
|
edit "Wetransfer-RTMP"
|
|
set type default
|
|
set internet-service-id 7208976
|
|
next
|
|
edit "Wetransfer-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 7208984
|
|
next
|
|
edit "Sendgrid-Sendgrid.Email"
|
|
set type default
|
|
set internet-service-id 7274623
|
|
next
|
|
edit "Ubiquiti-UniFi"
|
|
set type default
|
|
set internet-service-id 7340160
|
|
next
|
|
edit "Lifesize-Lifesize.Cloud"
|
|
set type default
|
|
set internet-service-id 7405697
|
|
next
|
|
edit "Okta-Other"
|
|
set type default
|
|
set internet-service-id 7471104
|
|
next
|
|
edit "Okta-Web"
|
|
set type default
|
|
set internet-service-id 7471105
|
|
next
|
|
edit "Okta-ICMP"
|
|
set type default
|
|
set internet-service-id 7471106
|
|
next
|
|
edit "Okta-DNS"
|
|
set type default
|
|
set internet-service-id 7471107
|
|
next
|
|
edit "Okta-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 7471108
|
|
next
|
|
edit "Okta-SSH"
|
|
set type default
|
|
set internet-service-id 7471110
|
|
next
|
|
edit "Okta-FTP"
|
|
set type default
|
|
set internet-service-id 7471111
|
|
next
|
|
edit "Okta-NTP"
|
|
set type default
|
|
set internet-service-id 7471112
|
|
next
|
|
edit "Okta-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 7471113
|
|
next
|
|
edit "Okta-LDAP"
|
|
set type default
|
|
set internet-service-id 7471118
|
|
next
|
|
edit "Okta-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 7471119
|
|
next
|
|
edit "Okta-RTMP"
|
|
set type default
|
|
set internet-service-id 7471120
|
|
next
|
|
edit "Okta-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 7471128
|
|
next
|
|
edit "Okta-Okta"
|
|
set type default
|
|
set internet-service-id 7471307
|
|
next
|
|
edit "Cybozu-Other"
|
|
set type default
|
|
set internet-service-id 7536640
|
|
next
|
|
edit "Cybozu-Web"
|
|
set type default
|
|
set internet-service-id 7536641
|
|
next
|
|
edit "Cybozu-ICMP"
|
|
set type default
|
|
set internet-service-id 7536642
|
|
next
|
|
edit "Cybozu-DNS"
|
|
set type default
|
|
set internet-service-id 7536643
|
|
next
|
|
edit "Cybozu-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 7536644
|
|
next
|
|
edit "Cybozu-SSH"
|
|
set type default
|
|
set internet-service-id 7536646
|
|
next
|
|
edit "Cybozu-FTP"
|
|
set type default
|
|
set internet-service-id 7536647
|
|
next
|
|
edit "Cybozu-NTP"
|
|
set type default
|
|
set internet-service-id 7536648
|
|
next
|
|
edit "Cybozu-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 7536649
|
|
next
|
|
edit "Cybozu-LDAP"
|
|
set type default
|
|
set internet-service-id 7536654
|
|
next
|
|
edit "Cybozu-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 7536655
|
|
next
|
|
edit "Cybozu-RTMP"
|
|
set type default
|
|
set internet-service-id 7536656
|
|
next
|
|
edit "Cybozu-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 7536664
|
|
next
|
|
edit "VNC-Other"
|
|
set type default
|
|
set internet-service-id 7602176
|
|
next
|
|
edit "VNC-Web"
|
|
set type default
|
|
set internet-service-id 7602177
|
|
next
|
|
edit "VNC-ICMP"
|
|
set type default
|
|
set internet-service-id 7602178
|
|
next
|
|
edit "VNC-DNS"
|
|
set type default
|
|
set internet-service-id 7602179
|
|
next
|
|
edit "VNC-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 7602180
|
|
next
|
|
edit "VNC-SSH"
|
|
set type default
|
|
set internet-service-id 7602182
|
|
next
|
|
edit "VNC-FTP"
|
|
set type default
|
|
set internet-service-id 7602183
|
|
next
|
|
edit "VNC-NTP"
|
|
set type default
|
|
set internet-service-id 7602184
|
|
next
|
|
edit "VNC-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 7602185
|
|
next
|
|
edit "VNC-LDAP"
|
|
set type default
|
|
set internet-service-id 7602190
|
|
next
|
|
edit "VNC-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 7602191
|
|
next
|
|
edit "VNC-RTMP"
|
|
set type default
|
|
set internet-service-id 7602192
|
|
next
|
|
edit "VNC-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 7602200
|
|
next
|
|
edit "Egnyte-Egnyte"
|
|
set type default
|
|
set internet-service-id 7667846
|
|
next
|
|
edit "CrowdStrike-CrowdStrike.Falcon.Cloud"
|
|
set type default
|
|
set internet-service-id 7733383
|
|
next
|
|
edit "Aruba.it-Other"
|
|
set type default
|
|
set internet-service-id 7798784
|
|
next
|
|
edit "Aruba.it-Web"
|
|
set type default
|
|
set internet-service-id 7798785
|
|
next
|
|
edit "Aruba.it-ICMP"
|
|
set type default
|
|
set internet-service-id 7798786
|
|
next
|
|
edit "Aruba.it-DNS"
|
|
set type default
|
|
set internet-service-id 7798787
|
|
next
|
|
edit "Aruba.it-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 7798788
|
|
next
|
|
edit "Aruba.it-SSH"
|
|
set type default
|
|
set internet-service-id 7798790
|
|
next
|
|
edit "Aruba.it-FTP"
|
|
set type default
|
|
set internet-service-id 7798791
|
|
next
|
|
edit "Aruba.it-NTP"
|
|
set type default
|
|
set internet-service-id 7798792
|
|
next
|
|
edit "Aruba.it-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 7798793
|
|
next
|
|
edit "Aruba.it-LDAP"
|
|
set type default
|
|
set internet-service-id 7798798
|
|
next
|
|
edit "Aruba.it-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 7798799
|
|
next
|
|
edit "Aruba.it-RTMP"
|
|
set type default
|
|
set internet-service-id 7798800
|
|
next
|
|
edit "Aruba.it-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 7798808
|
|
next
|
|
edit "ISLOnline-Other"
|
|
set type default
|
|
set internet-service-id 7864320
|
|
next
|
|
edit "ISLOnline-Web"
|
|
set type default
|
|
set internet-service-id 7864321
|
|
next
|
|
edit "ISLOnline-ICMP"
|
|
set type default
|
|
set internet-service-id 7864322
|
|
next
|
|
edit "ISLOnline-DNS"
|
|
set type default
|
|
set internet-service-id 7864323
|
|
next
|
|
edit "ISLOnline-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 7864324
|
|
next
|
|
edit "ISLOnline-SSH"
|
|
set type default
|
|
set internet-service-id 7864326
|
|
next
|
|
edit "ISLOnline-FTP"
|
|
set type default
|
|
set internet-service-id 7864327
|
|
next
|
|
edit "ISLOnline-NTP"
|
|
set type default
|
|
set internet-service-id 7864328
|
|
next
|
|
edit "ISLOnline-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 7864329
|
|
next
|
|
edit "ISLOnline-LDAP"
|
|
set type default
|
|
set internet-service-id 7864334
|
|
next
|
|
edit "ISLOnline-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 7864335
|
|
next
|
|
edit "ISLOnline-RTMP"
|
|
set type default
|
|
set internet-service-id 7864336
|
|
next
|
|
edit "ISLOnline-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 7864344
|
|
next
|
|
edit "Akamai-CDN"
|
|
set type default
|
|
set internet-service-id 7929993
|
|
next
|
|
edit "Rackspace-CDN"
|
|
set type default
|
|
set internet-service-id 7995529
|
|
next
|
|
edit "Instart-CDN"
|
|
set type default
|
|
set internet-service-id 8061065
|
|
next
|
|
edit "Bitdefender-Other"
|
|
set type default
|
|
set internet-service-id 8126464
|
|
next
|
|
edit "Bitdefender-Web"
|
|
set type default
|
|
set internet-service-id 8126465
|
|
next
|
|
edit "Bitdefender-ICMP"
|
|
set type default
|
|
set internet-service-id 8126466
|
|
next
|
|
edit "Bitdefender-DNS"
|
|
set type default
|
|
set internet-service-id 8126467
|
|
next
|
|
edit "Bitdefender-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 8126468
|
|
next
|
|
edit "Bitdefender-SSH"
|
|
set type default
|
|
set internet-service-id 8126470
|
|
next
|
|
edit "Bitdefender-FTP"
|
|
set type default
|
|
set internet-service-id 8126471
|
|
next
|
|
edit "Bitdefender-NTP"
|
|
set type default
|
|
set internet-service-id 8126472
|
|
next
|
|
edit "Bitdefender-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 8126473
|
|
next
|
|
edit "Bitdefender-LDAP"
|
|
set type default
|
|
set internet-service-id 8126478
|
|
next
|
|
edit "Bitdefender-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 8126479
|
|
next
|
|
edit "Bitdefender-RTMP"
|
|
set type default
|
|
set internet-service-id 8126480
|
|
next
|
|
edit "Bitdefender-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 8126488
|
|
next
|
|
edit "Pingdom-Other"
|
|
set type default
|
|
set internet-service-id 8192000
|
|
next
|
|
edit "Pingdom-Web"
|
|
set type default
|
|
set internet-service-id 8192001
|
|
next
|
|
edit "Pingdom-ICMP"
|
|
set type default
|
|
set internet-service-id 8192002
|
|
next
|
|
edit "Pingdom-DNS"
|
|
set type default
|
|
set internet-service-id 8192003
|
|
next
|
|
edit "Pingdom-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 8192004
|
|
next
|
|
edit "Pingdom-SSH"
|
|
set type default
|
|
set internet-service-id 8192006
|
|
next
|
|
edit "Pingdom-FTP"
|
|
set type default
|
|
set internet-service-id 8192007
|
|
next
|
|
edit "Pingdom-NTP"
|
|
set type default
|
|
set internet-service-id 8192008
|
|
next
|
|
edit "Pingdom-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 8192009
|
|
next
|
|
edit "Pingdom-LDAP"
|
|
set type default
|
|
set internet-service-id 8192014
|
|
next
|
|
edit "Pingdom-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 8192015
|
|
next
|
|
edit "Pingdom-RTMP"
|
|
set type default
|
|
set internet-service-id 8192016
|
|
next
|
|
edit "Pingdom-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 8192024
|
|
next
|
|
edit "UptimeRobot-Other"
|
|
set type default
|
|
set internet-service-id 8257536
|
|
next
|
|
edit "UptimeRobot-Web"
|
|
set type default
|
|
set internet-service-id 8257537
|
|
next
|
|
edit "UptimeRobot-ICMP"
|
|
set type default
|
|
set internet-service-id 8257538
|
|
next
|
|
edit "UptimeRobot-DNS"
|
|
set type default
|
|
set internet-service-id 8257539
|
|
next
|
|
edit "UptimeRobot-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 8257540
|
|
next
|
|
edit "UptimeRobot-SSH"
|
|
set type default
|
|
set internet-service-id 8257542
|
|
next
|
|
edit "UptimeRobot-FTP"
|
|
set type default
|
|
set internet-service-id 8257543
|
|
next
|
|
edit "UptimeRobot-NTP"
|
|
set type default
|
|
set internet-service-id 8257544
|
|
next
|
|
edit "UptimeRobot-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 8257545
|
|
next
|
|
edit "UptimeRobot-LDAP"
|
|
set type default
|
|
set internet-service-id 8257550
|
|
next
|
|
edit "UptimeRobot-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 8257551
|
|
next
|
|
edit "UptimeRobot-RTMP"
|
|
set type default
|
|
set internet-service-id 8257552
|
|
next
|
|
edit "UptimeRobot-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 8257560
|
|
next
|
|
edit "UptimeRobot-UptimeRobot.Monitor"
|
|
set type default
|
|
set internet-service-id 8257709
|
|
next
|
|
edit "Quovadisglobal-Other"
|
|
set type default
|
|
set internet-service-id 8323072
|
|
next
|
|
edit "Quovadisglobal-Web"
|
|
set type default
|
|
set internet-service-id 8323073
|
|
next
|
|
edit "Quovadisglobal-ICMP"
|
|
set type default
|
|
set internet-service-id 8323074
|
|
next
|
|
edit "Quovadisglobal-DNS"
|
|
set type default
|
|
set internet-service-id 8323075
|
|
next
|
|
edit "Quovadisglobal-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 8323076
|
|
next
|
|
edit "Quovadisglobal-SSH"
|
|
set type default
|
|
set internet-service-id 8323078
|
|
next
|
|
edit "Quovadisglobal-FTP"
|
|
set type default
|
|
set internet-service-id 8323079
|
|
next
|
|
edit "Quovadisglobal-NTP"
|
|
set type default
|
|
set internet-service-id 8323080
|
|
next
|
|
edit "Quovadisglobal-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 8323081
|
|
next
|
|
edit "Quovadisglobal-LDAP"
|
|
set type default
|
|
set internet-service-id 8323086
|
|
next
|
|
edit "Quovadisglobal-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 8323087
|
|
next
|
|
edit "Quovadisglobal-RTMP"
|
|
set type default
|
|
set internet-service-id 8323088
|
|
next
|
|
edit "Quovadisglobal-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 8323096
|
|
next
|
|
edit "Splashtop-Splashtop"
|
|
set type default
|
|
set internet-service-id 8388751
|
|
next
|
|
edit "Zoox-Other"
|
|
set type default
|
|
set internet-service-id 8454144
|
|
next
|
|
edit "Zoox-Web"
|
|
set type default
|
|
set internet-service-id 8454145
|
|
next
|
|
edit "Zoox-ICMP"
|
|
set type default
|
|
set internet-service-id 8454146
|
|
next
|
|
edit "Zoox-DNS"
|
|
set type default
|
|
set internet-service-id 8454147
|
|
next
|
|
edit "Zoox-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 8454148
|
|
next
|
|
edit "Zoox-SSH"
|
|
set type default
|
|
set internet-service-id 8454150
|
|
next
|
|
edit "Zoox-FTP"
|
|
set type default
|
|
set internet-service-id 8454151
|
|
next
|
|
edit "Zoox-NTP"
|
|
set type default
|
|
set internet-service-id 8454152
|
|
next
|
|
edit "Zoox-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 8454153
|
|
next
|
|
edit "Zoox-LDAP"
|
|
set type default
|
|
set internet-service-id 8454158
|
|
next
|
|
edit "Zoox-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 8454159
|
|
next
|
|
edit "Zoox-RTMP"
|
|
set type default
|
|
set internet-service-id 8454160
|
|
next
|
|
edit "Zoox-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 8454168
|
|
next
|
|
edit "Skyfii-Other"
|
|
set type default
|
|
set internet-service-id 8519680
|
|
next
|
|
edit "Skyfii-Web"
|
|
set type default
|
|
set internet-service-id 8519681
|
|
next
|
|
edit "Skyfii-ICMP"
|
|
set type default
|
|
set internet-service-id 8519682
|
|
next
|
|
edit "Skyfii-DNS"
|
|
set type default
|
|
set internet-service-id 8519683
|
|
next
|
|
edit "Skyfii-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 8519684
|
|
next
|
|
edit "Skyfii-SSH"
|
|
set type default
|
|
set internet-service-id 8519686
|
|
next
|
|
edit "Skyfii-FTP"
|
|
set type default
|
|
set internet-service-id 8519687
|
|
next
|
|
edit "Skyfii-NTP"
|
|
set type default
|
|
set internet-service-id 8519688
|
|
next
|
|
edit "Skyfii-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 8519689
|
|
next
|
|
edit "Skyfii-LDAP"
|
|
set type default
|
|
set internet-service-id 8519694
|
|
next
|
|
edit "Skyfii-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 8519695
|
|
next
|
|
edit "Skyfii-RTMP"
|
|
set type default
|
|
set internet-service-id 8519696
|
|
next
|
|
edit "Skyfii-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 8519704
|
|
next
|
|
edit "CoffeeBean-Other"
|
|
set type default
|
|
set internet-service-id 8585216
|
|
next
|
|
edit "CoffeeBean-Web"
|
|
set type default
|
|
set internet-service-id 8585217
|
|
next
|
|
edit "CoffeeBean-ICMP"
|
|
set type default
|
|
set internet-service-id 8585218
|
|
next
|
|
edit "CoffeeBean-DNS"
|
|
set type default
|
|
set internet-service-id 8585219
|
|
next
|
|
edit "CoffeeBean-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 8585220
|
|
next
|
|
edit "CoffeeBean-SSH"
|
|
set type default
|
|
set internet-service-id 8585222
|
|
next
|
|
edit "CoffeeBean-FTP"
|
|
set type default
|
|
set internet-service-id 8585223
|
|
next
|
|
edit "CoffeeBean-NTP"
|
|
set type default
|
|
set internet-service-id 8585224
|
|
next
|
|
edit "CoffeeBean-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 8585225
|
|
next
|
|
edit "CoffeeBean-LDAP"
|
|
set type default
|
|
set internet-service-id 8585230
|
|
next
|
|
edit "CoffeeBean-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 8585231
|
|
next
|
|
edit "CoffeeBean-RTMP"
|
|
set type default
|
|
set internet-service-id 8585232
|
|
next
|
|
edit "CoffeeBean-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 8585240
|
|
next
|
|
edit "Cloud4Wi-Other"
|
|
set type default
|
|
set internet-service-id 8650752
|
|
next
|
|
edit "Cloud4Wi-Web"
|
|
set type default
|
|
set internet-service-id 8650753
|
|
next
|
|
edit "Cloud4Wi-ICMP"
|
|
set type default
|
|
set internet-service-id 8650754
|
|
next
|
|
edit "Cloud4Wi-DNS"
|
|
set type default
|
|
set internet-service-id 8650755
|
|
next
|
|
edit "Cloud4Wi-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 8650756
|
|
next
|
|
edit "Cloud4Wi-SSH"
|
|
set type default
|
|
set internet-service-id 8650758
|
|
next
|
|
edit "Cloud4Wi-FTP"
|
|
set type default
|
|
set internet-service-id 8650759
|
|
next
|
|
edit "Cloud4Wi-NTP"
|
|
set type default
|
|
set internet-service-id 8650760
|
|
next
|
|
edit "Cloud4Wi-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 8650761
|
|
next
|
|
edit "Cloud4Wi-LDAP"
|
|
set type default
|
|
set internet-service-id 8650766
|
|
next
|
|
edit "Cloud4Wi-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 8650767
|
|
next
|
|
edit "Cloud4Wi-RTMP"
|
|
set type default
|
|
set internet-service-id 8650768
|
|
next
|
|
edit "Cloud4Wi-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 8650776
|
|
next
|
|
edit "Panda-Panda.Security"
|
|
set type default
|
|
set internet-service-id 8716432
|
|
next
|
|
edit "Ewon-Talk2M"
|
|
set type default
|
|
set internet-service-id 8781970
|
|
next
|
|
edit "Nutanix-Nutanix.Cloud"
|
|
set type default
|
|
set internet-service-id 8847507
|
|
next
|
|
edit "Backblaze-Other"
|
|
set type default
|
|
set internet-service-id 8912896
|
|
next
|
|
edit "Backblaze-Web"
|
|
set type default
|
|
set internet-service-id 8912897
|
|
next
|
|
edit "Backblaze-ICMP"
|
|
set type default
|
|
set internet-service-id 8912898
|
|
next
|
|
edit "Backblaze-DNS"
|
|
set type default
|
|
set internet-service-id 8912899
|
|
next
|
|
edit "Backblaze-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 8912900
|
|
next
|
|
edit "Backblaze-SSH"
|
|
set type default
|
|
set internet-service-id 8912902
|
|
next
|
|
edit "Backblaze-FTP"
|
|
set type default
|
|
set internet-service-id 8912903
|
|
next
|
|
edit "Backblaze-NTP"
|
|
set type default
|
|
set internet-service-id 8912904
|
|
next
|
|
edit "Backblaze-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 8912905
|
|
next
|
|
edit "Backblaze-LDAP"
|
|
set type default
|
|
set internet-service-id 8912910
|
|
next
|
|
edit "Backblaze-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 8912911
|
|
next
|
|
edit "Backblaze-RTMP"
|
|
set type default
|
|
set internet-service-id 8912912
|
|
next
|
|
edit "Backblaze-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 8912920
|
|
next
|
|
edit "Extreme-Extreme.Cloud"
|
|
set type default
|
|
set internet-service-id 8978580
|
|
next
|
|
edit "XING-Other"
|
|
set type default
|
|
set internet-service-id 9043968
|
|
next
|
|
edit "XING-Web"
|
|
set type default
|
|
set internet-service-id 9043969
|
|
next
|
|
edit "XING-ICMP"
|
|
set type default
|
|
set internet-service-id 9043970
|
|
next
|
|
edit "XING-DNS"
|
|
set type default
|
|
set internet-service-id 9043971
|
|
next
|
|
edit "XING-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 9043972
|
|
next
|
|
edit "XING-SSH"
|
|
set type default
|
|
set internet-service-id 9043974
|
|
next
|
|
edit "XING-FTP"
|
|
set type default
|
|
set internet-service-id 9043975
|
|
next
|
|
edit "XING-NTP"
|
|
set type default
|
|
set internet-service-id 9043976
|
|
next
|
|
edit "XING-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 9043977
|
|
next
|
|
edit "XING-LDAP"
|
|
set type default
|
|
set internet-service-id 9043982
|
|
next
|
|
edit "XING-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 9043983
|
|
next
|
|
edit "XING-RTMP"
|
|
set type default
|
|
set internet-service-id 9043984
|
|
next
|
|
edit "XING-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 9043992
|
|
next
|
|
edit "Genesys-PureCloud"
|
|
set type default
|
|
set internet-service-id 9109653
|
|
next
|
|
edit "BlackBerry-Cylance"
|
|
set type default
|
|
set internet-service-id 9175190
|
|
next
|
|
edit "DigiCert-OCSP"
|
|
set type default
|
|
set internet-service-id 9240728
|
|
next
|
|
edit "Infomaniak-SwissTransfer"
|
|
set type default
|
|
set internet-service-id 9306265
|
|
next
|
|
edit "Fuze-Fuze"
|
|
set type default
|
|
set internet-service-id 9371802
|
|
next
|
|
edit "Truecaller-Truecaller"
|
|
set type default
|
|
set internet-service-id 9437339
|
|
next
|
|
edit "GlobalSign-OCSP"
|
|
set type default
|
|
set internet-service-id 9502872
|
|
next
|
|
edit "VeriSign-OCSP"
|
|
set type default
|
|
set internet-service-id 9568408
|
|
next
|
|
edit "Sony-PlayStation.Network"
|
|
set type default
|
|
set internet-service-id 9633952
|
|
next
|
|
edit "Acronis-Cyber.Cloud"
|
|
set type default
|
|
set internet-service-id 9699489
|
|
next
|
|
edit "RingCentral-RingCentral"
|
|
set type default
|
|
set internet-service-id 9765027
|
|
next
|
|
edit "FSecure-FSecure"
|
|
set type default
|
|
set internet-service-id 9830564
|
|
next
|
|
edit "Kaseya-Kaseya.Cloud"
|
|
set type default
|
|
set internet-service-id 9896101
|
|
next
|
|
edit "Shodan-Scanner"
|
|
set type default
|
|
set internet-service-id 9961638
|
|
next
|
|
edit "Censys-Scanner"
|
|
set type default
|
|
set internet-service-id 10027174
|
|
next
|
|
edit "Valve-Steam"
|
|
set type default
|
|
set internet-service-id 10092711
|
|
next
|
|
edit "YouSeeU-Bongo"
|
|
set type default
|
|
set internet-service-id 10158248
|
|
next
|
|
edit "Cato-Cato.Cloud"
|
|
set type default
|
|
set internet-service-id 10223785
|
|
next
|
|
edit "SolarWinds-SpamExperts"
|
|
set type default
|
|
set internet-service-id 10289323
|
|
next
|
|
edit "SolarWinds-Pingdom.Probe"
|
|
set type default
|
|
set internet-service-id 10289326
|
|
next
|
|
edit "SolarWinds-SolarWinds.RMM"
|
|
set type default
|
|
set internet-service-id 10289379
|
|
next
|
|
edit "8X8-8X8.Cloud"
|
|
set type default
|
|
set internet-service-id 10354860
|
|
next
|
|
edit "Zattoo-Zattoo.TV"
|
|
set type default
|
|
set internet-service-id 10420401
|
|
next
|
|
edit "Datto-Datto.RMM"
|
|
set type default
|
|
set internet-service-id 10485939
|
|
next
|
|
edit "Barracuda-Barracuda.Cloud"
|
|
set type default
|
|
set internet-service-id 10551477
|
|
next
|
|
edit "Naver-Line"
|
|
set type default
|
|
set internet-service-id 10617015
|
|
next
|
|
edit "Disney-Disney+"
|
|
set type default
|
|
set internet-service-id 10682552
|
|
next
|
|
edit "DNS-DoH_DoT"
|
|
set type default
|
|
set internet-service-id 10748089
|
|
next
|
|
edit "DNS-Root.Name.Servers"
|
|
set type default
|
|
set internet-service-id 10748156
|
|
next
|
|
edit "Quad9-Quad9.Standard.DNS"
|
|
set type default
|
|
set internet-service-id 10813626
|
|
next
|
|
edit "Stretchoid-Scanner"
|
|
set type default
|
|
set internet-service-id 10879142
|
|
next
|
|
edit "Poly-RealConnect.Service"
|
|
set type default
|
|
set internet-service-id 10944700
|
|
next
|
|
edit "Telegram-Telegram"
|
|
set type default
|
|
set internet-service-id 11010249
|
|
next
|
|
edit "Spotify-Spotify"
|
|
set type default
|
|
set internet-service-id 11075786
|
|
next
|
|
edit "NextDNS-NextDNS"
|
|
set type default
|
|
set internet-service-id 11141324
|
|
next
|
|
edit "Fastly-CDN"
|
|
set type default
|
|
set internet-service-id 11206793
|
|
next
|
|
edit "Neustar-UltraDNS.Probes"
|
|
set type default
|
|
set internet-service-id 11272397
|
|
next
|
|
edit "Malicious-Malicious.Server"
|
|
set type default
|
|
set internet-service-id 11337935
|
|
next
|
|
edit "NIST-ITS"
|
|
set type default
|
|
set internet-service-id 11403472
|
|
next
|
|
edit "Jamf-Jamf.Cloud"
|
|
set type default
|
|
set internet-service-id 11469009
|
|
next
|
|
edit "Alcatel.Lucent-Rainbow"
|
|
set type default
|
|
set internet-service-id 11534546
|
|
next
|
|
edit "Forcepoint-Forcepoint.Cloud"
|
|
set type default
|
|
set internet-service-id 11600083
|
|
next
|
|
edit "Datadog-Datadog"
|
|
set type default
|
|
set internet-service-id 11665620
|
|
next
|
|
edit "Mimecast-Mimecast"
|
|
set type default
|
|
set internet-service-id 11731157
|
|
next
|
|
edit "MediaFire-Other"
|
|
set type default
|
|
set internet-service-id 11796480
|
|
next
|
|
edit "MediaFire-Web"
|
|
set type default
|
|
set internet-service-id 11796481
|
|
next
|
|
edit "MediaFire-ICMP"
|
|
set type default
|
|
set internet-service-id 11796482
|
|
next
|
|
edit "MediaFire-DNS"
|
|
set type default
|
|
set internet-service-id 11796483
|
|
next
|
|
edit "MediaFire-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 11796484
|
|
next
|
|
edit "MediaFire-SSH"
|
|
set type default
|
|
set internet-service-id 11796486
|
|
next
|
|
edit "MediaFire-FTP"
|
|
set type default
|
|
set internet-service-id 11796487
|
|
next
|
|
edit "MediaFire-NTP"
|
|
set type default
|
|
set internet-service-id 11796488
|
|
next
|
|
edit "MediaFire-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 11796489
|
|
next
|
|
edit "MediaFire-LDAP"
|
|
set type default
|
|
set internet-service-id 11796494
|
|
next
|
|
edit "MediaFire-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 11796495
|
|
next
|
|
edit "MediaFire-RTMP"
|
|
set type default
|
|
set internet-service-id 11796496
|
|
next
|
|
edit "MediaFire-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 11796504
|
|
next
|
|
edit "Pandora-Pandora"
|
|
set type default
|
|
set internet-service-id 11862230
|
|
next
|
|
edit "SiriusXM-SiriusXM"
|
|
set type default
|
|
set internet-service-id 11927767
|
|
next
|
|
edit "Hopin-Hopin"
|
|
set type default
|
|
set internet-service-id 11993304
|
|
next
|
|
edit "RedShield-RedShield.Cloud"
|
|
set type default
|
|
set internet-service-id 12058842
|
|
next
|
|
edit "InterneTTL-Scanner"
|
|
set type default
|
|
set internet-service-id 12124326
|
|
next
|
|
edit "VadeSecure-VadeSecure.Cloud"
|
|
set type default
|
|
set internet-service-id 12189915
|
|
next
|
|
edit "Netskope-Netskope.Cloud"
|
|
set type default
|
|
set internet-service-id 12255452
|
|
next
|
|
edit "ClickMeeting-ClickMeeting"
|
|
set type default
|
|
set internet-service-id 12320989
|
|
next
|
|
edit "Tenable-Tenable.io.Cloud.Scanner"
|
|
set type default
|
|
set internet-service-id 12386528
|
|
next
|
|
edit "Vidyo-VidyoCloud"
|
|
set type default
|
|
set internet-service-id 12452065
|
|
next
|
|
edit "OpenNIC-OpenNIC.DNS"
|
|
set type default
|
|
set internet-service-id 12517602
|
|
next
|
|
edit "Sectigo-Sectigo"
|
|
set type default
|
|
set internet-service-id 12583141
|
|
next
|
|
edit "DigitalOcean-DigitalOcean.Platform"
|
|
set type default
|
|
set internet-service-id 12648679
|
|
next
|
|
edit "Pitney.Bowes-Pitney.Bowes.Data.Center"
|
|
set type default
|
|
set internet-service-id 12714216
|
|
next
|
|
edit "VPN-Anonymous.VPN"
|
|
set type default
|
|
set internet-service-id 12779753
|
|
next
|
|
edit "Blockchain-Crypto.Mining.Pool"
|
|
set type default
|
|
set internet-service-id 12845290
|
|
next
|
|
edit "FactSet-FactSet"
|
|
set type default
|
|
set internet-service-id 12910830
|
|
next
|
|
edit "Bloomberg-Bloomberg"
|
|
set type default
|
|
set internet-service-id 12976367
|
|
next
|
|
edit "Five9-Five9"
|
|
set type default
|
|
set internet-service-id 13041904
|
|
next
|
|
edit "Gigas-Gigas.Cloud"
|
|
set type default
|
|
set internet-service-id 13107441
|
|
next
|
|
edit "Imperva-Imperva.Cloud.WAF"
|
|
set type default
|
|
set internet-service-id 13172978
|
|
next
|
|
edit "HorizonIQ-HorizonIQ"
|
|
set type default
|
|
set internet-service-id 13238515
|
|
next
|
|
edit "Azion-Azion.Platform"
|
|
set type default
|
|
set internet-service-id 13304053
|
|
next
|
|
edit "Hurricane.Electric-Hurricane.Electric.Internet.Services"
|
|
set type default
|
|
set internet-service-id 13369590
|
|
next
|
|
edit "NodePing-NodePing.Probe"
|
|
set type default
|
|
set internet-service-id 13435127
|
|
next
|
|
edit "Frontline-Frontline"
|
|
set type default
|
|
set internet-service-id 13500665
|
|
next
|
|
edit "Tally-Tally.ERP"
|
|
set type default
|
|
set internet-service-id 13566202
|
|
next
|
|
edit "Hosting-Bulletproof.Hosting"
|
|
set type default
|
|
set internet-service-id 13631739
|
|
next
|
|
edit "Okko-Okko.TV"
|
|
set type default
|
|
set internet-service-id 13697277
|
|
next
|
|
edit "Voximplant-Voximplant.Platform"
|
|
set type default
|
|
set internet-service-id 13762829
|
|
next
|
|
edit "OVHcloud-OVHcloud"
|
|
set type default
|
|
set internet-service-id 13828367
|
|
next
|
|
edit "Microsoft-Office365.Published.Optimize"
|
|
set type default
|
|
set internet-service-id 327902
|
|
next
|
|
edit "Microsoft-Office365.Published.Allow"
|
|
set type default
|
|
set internet-service-id 327903
|
|
next
|
|
edit "Microsoft-Office365.Published.USGOV"
|
|
set type default
|
|
set internet-service-id 327917
|
|
next
|
|
edit "Amazon-AWS.GovCloud.US"
|
|
set type default
|
|
set internet-service-id 393452
|
|
next
|
|
edit "Cisco-Webex.FedRAMP"
|
|
set type default
|
|
set internet-service-id 1966315
|
|
next
|
|
edit "Adobe-Adobe.Sign"
|
|
set type default
|
|
set internet-service-id 917776
|
|
next
|
|
edit "SentinelOne-SentinelOne.Cloud"
|
|
set type default
|
|
set internet-service-id 13893905
|
|
next
|
|
edit "Kakao-Kakao.Services"
|
|
set type default
|
|
set internet-service-id 13959442
|
|
next
|
|
edit "Stripe-Stripe"
|
|
set type default
|
|
set internet-service-id 14024979
|
|
next
|
|
edit "NetScout-Scanner"
|
|
set type default
|
|
set internet-service-id 14090406
|
|
next
|
|
edit "Recyber-Scanner"
|
|
set type default
|
|
set internet-service-id 14155942
|
|
next
|
|
edit "Cyber.Casa-Scanner"
|
|
set type default
|
|
set internet-service-id 14221478
|
|
next
|
|
edit "Atlassian-Atlassian.Notification"
|
|
set type default
|
|
set internet-service-id 3932436
|
|
next
|
|
edit "Amazon-Amazon.SES"
|
|
set type default
|
|
set internet-service-id 393493
|
|
next
|
|
edit "GTHost-Dedicated.Instant.Servers"
|
|
set type default
|
|
set internet-service-id 14287132
|
|
next
|
|
edit "ivi-ivi.Streaming"
|
|
set type default
|
|
set internet-service-id 14352669
|
|
next
|
|
edit "BinaryEdge-Scanner"
|
|
set type default
|
|
set internet-service-id 14418086
|
|
next
|
|
edit "Fintech-MarketMap.Terminal"
|
|
set type default
|
|
set internet-service-id 14483742
|
|
next
|
|
edit "xMatters-xMatters.Platform"
|
|
set type default
|
|
set internet-service-id 14549279
|
|
next
|
|
edit "Blizzard-Battle.Net"
|
|
set type default
|
|
set internet-service-id 14614816
|
|
next
|
|
edit "Axon-Evidence"
|
|
set type default
|
|
set internet-service-id 14680353
|
|
next
|
|
edit "CDN77-CDN"
|
|
set type default
|
|
set internet-service-id 14745737
|
|
next
|
|
edit "GCore.Labs-CDN"
|
|
set type default
|
|
set internet-service-id 14811273
|
|
next
|
|
edit "Matrix42-FastViewer"
|
|
set type default
|
|
set internet-service-id 14876962
|
|
next
|
|
edit "Fortinet-FortiEDR"
|
|
set type default
|
|
set internet-service-id 1245475
|
|
next
|
|
edit "Bunny.net-CDN"
|
|
set type default
|
|
set internet-service-id 14942345
|
|
next
|
|
edit "Akamai-Linode.Cloud"
|
|
set type default
|
|
set internet-service-id 7930148
|
|
next
|
|
edit "StackPath-CDN"
|
|
set type default
|
|
set internet-service-id 15007881
|
|
next
|
|
edit "Edgio-CDN"
|
|
set type default
|
|
set internet-service-id 15073417
|
|
next
|
|
edit "CacheFly-CDN"
|
|
set type default
|
|
set internet-service-id 15138953
|
|
next
|
|
edit "Fortinet-FortiClient.EMS"
|
|
set type default
|
|
set internet-service-id 1245477
|
|
next
|
|
edit "Paylocity-Paylocity"
|
|
set type default
|
|
set internet-service-id 15204646
|
|
next
|
|
edit "Qualys-Qualys.Cloud.Platform"
|
|
set type default
|
|
set internet-service-id 15270183
|
|
next
|
|
edit "Dailymotion-Other"
|
|
set type default
|
|
set internet-service-id 15335424
|
|
next
|
|
edit "Dailymotion-Web"
|
|
set type default
|
|
set internet-service-id 15335425
|
|
next
|
|
edit "Dailymotion-ICMP"
|
|
set type default
|
|
set internet-service-id 15335426
|
|
next
|
|
edit "Dailymotion-DNS"
|
|
set type default
|
|
set internet-service-id 15335427
|
|
next
|
|
edit "Dailymotion-Outbound_Email"
|
|
set type default
|
|
set internet-service-id 15335428
|
|
next
|
|
edit "Dailymotion-SSH"
|
|
set type default
|
|
set internet-service-id 15335430
|
|
next
|
|
edit "Dailymotion-FTP"
|
|
set type default
|
|
set internet-service-id 15335431
|
|
next
|
|
edit "Dailymotion-NTP"
|
|
set type default
|
|
set internet-service-id 15335432
|
|
next
|
|
edit "Dailymotion-Inbound_Email"
|
|
set type default
|
|
set internet-service-id 15335433
|
|
next
|
|
edit "Dailymotion-LDAP"
|
|
set type default
|
|
set internet-service-id 15335438
|
|
next
|
|
edit "Dailymotion-NetBIOS.Session.Service"
|
|
set type default
|
|
set internet-service-id 15335439
|
|
next
|
|
edit "Dailymotion-RTMP"
|
|
set type default
|
|
set internet-service-id 15335440
|
|
next
|
|
edit "Dailymotion-NetBIOS.Name.Service"
|
|
set type default
|
|
set internet-service-id 15335448
|
|
next
|
|
edit "Fortinet-FortiWeb.Cloud"
|
|
set type default
|
|
set internet-service-id 1245480
|
|
next
|
|
edit "Fortinet-FortiSASE"
|
|
set type default
|
|
set internet-service-id 1245481
|
|
next
|
|
edit "LaunchDarkly-LaunchDarkly.Platform"
|
|
set type default
|
|
set internet-service-id 15401258
|
|
next
|
|
edit "Medianova-CDN"
|
|
set type default
|
|
set internet-service-id 15466633
|
|
next
|
|
edit "NetDocuments-NetDocuments.Platform"
|
|
set type default
|
|
set internet-service-id 15532331
|
|
next
|
|
edit "Vonage-Vonage.Contact.Center"
|
|
set type default
|
|
set internet-service-id 15597869
|
|
next
|
|
edit "DNS-ARPA.Name.Servers"
|
|
set type default
|
|
set internet-service-id 10748206
|
|
next
|
|
edit "Veritas-Enterprise.Vault.Cloud"
|
|
set type default
|
|
set internet-service-id 15663407
|
|
next
|
|
edit "UK.NCSC-Scanner"
|
|
set type default
|
|
set internet-service-id 15728806
|
|
next
|
|
edit "Vonage-Vonage.Video.API"
|
|
set type default
|
|
set internet-service-id 15597872
|
|
next
|
|
edit "Restream-Restream.Platform"
|
|
set type default
|
|
set internet-service-id 15794481
|
|
next
|
|
edit "NewRelic-Synthetic.Monitor"
|
|
set type default
|
|
set internet-service-id 4849970
|
|
next
|
|
edit "ArcticWolf-ArcticWolf.Cloud"
|
|
set type default
|
|
set internet-service-id 15860019
|
|
next
|
|
edit "CounterPath-Bria"
|
|
set type default
|
|
set internet-service-id 15925556
|
|
next
|
|
edit "CriminalIP-Scanner"
|
|
set type default
|
|
set internet-service-id 15990950
|
|
next
|
|
edit "IPFS-IPFS.Gateway"
|
|
set type default
|
|
set internet-service-id 16056629
|
|
next
|
|
edit "Internet.Census.Group-Scanner"
|
|
set type default
|
|
set internet-service-id 16122022
|
|
next
|
|
edit "SAP-SAP.Ariba"
|
|
set type default
|
|
set internet-service-id 6291766
|
|
next
|
|
edit "Microsoft-Teams.Published.Worldwide.Optimize"
|
|
set type default
|
|
set internet-service-id 327991
|
|
next
|
|
edit "Microsoft-Teams.Published.Worldwide.Allow"
|
|
set type default
|
|
set internet-service-id 327992
|
|
next
|
|
edit "Performive-Performive.Cloud"
|
|
set type default
|
|
set internet-service-id 16187706
|
|
next
|
|
edit "Microsoft-Azure.Monitor"
|
|
set type default
|
|
set internet-service-id 327958
|
|
next
|
|
edit "Microsoft-Azure.SQL"
|
|
set type default
|
|
set internet-service-id 327959
|
|
next
|
|
edit "Microsoft-Azure.AD"
|
|
set type default
|
|
set internet-service-id 327960
|
|
next
|
|
edit "Microsoft-Azure.Data.Factory"
|
|
set type default
|
|
set internet-service-id 327961
|
|
next
|
|
edit "Microsoft-Azure.Virtual.Desktop"
|
|
set type default
|
|
set internet-service-id 327962
|
|
next
|
|
edit "Microsoft-Azure.Power.BI"
|
|
set type default
|
|
set internet-service-id 327963
|
|
next
|
|
edit "Tencent-VooV.Meeting"
|
|
set type default
|
|
set internet-service-id 2556219
|
|
next
|
|
edit "OneLogin-OneLogin"
|
|
set type default
|
|
set internet-service-id 16253244
|
|
next
|
|
edit "Shadowserver-Scanner"
|
|
set type default
|
|
set internet-service-id 16318630
|
|
next
|
|
edit "Turkcell-Suit.Conference"
|
|
set type default
|
|
set internet-service-id 16384317
|
|
next
|
|
edit "LeakIX-Scanner"
|
|
set type default
|
|
set internet-service-id 16449702
|
|
next
|
|
edit "Infoblox-BloxOne"
|
|
set type default
|
|
set internet-service-id 16515390
|
|
next
|
|
edit "Nice-CXone"
|
|
set type default
|
|
set internet-service-id 16580927
|
|
next
|
|
edit "Hetzner-Hetzner.Hosting.Service"
|
|
set type default
|
|
set internet-service-id 16646464
|
|
next
|
|
edit "ThreatLocker-ThreatLocker"
|
|
set type default
|
|
set internet-service-id 16712001
|
|
next
|
|
edit "ZPE-ZPE.Cloud"
|
|
set type default
|
|
set internet-service-id 16777538
|
|
next
|
|
edit "Datto-Datto.BCDR"
|
|
set type default
|
|
set internet-service-id 10486083
|
|
next
|
|
edit "ColoCrossing-ColoCrossing.Hosting.Service"
|
|
set type default
|
|
set internet-service-id 16843076
|
|
next
|
|
edit "Sinch-Mailgun"
|
|
set type default
|
|
set internet-service-id 16908613
|
|
next
|
|
edit "SpaceX-Starlink"
|
|
set type default
|
|
set internet-service-id 16974150
|
|
next
|
|
edit "Ingenuity-Ingenuity.Cloud.Service"
|
|
set type default
|
|
set internet-service-id 17039688
|
|
next
|
|
edit "Fortinet-FortiGuard.SOCaaS"
|
|
set type default
|
|
set internet-service-id 1245514
|
|
next
|
|
edit "Skyhigh.Security-Secure.Web.Gateway"
|
|
set type default
|
|
set internet-service-id 17105227
|
|
next
|
|
edit "THE.Hosting-THE.Hosting.Hosting.Service"
|
|
set type default
|
|
set internet-service-id 17170764
|
|
next
|
|
edit "StatusCake-StatusCake.Monitor"
|
|
set type default
|
|
set internet-service-id 17236307
|
|
next
|
|
edit "NAP-NAPLAN"
|
|
set type default
|
|
set internet-service-id 17301844
|
|
next
|
|
edit "Elastic-Elastic.Cloud"
|
|
set type default
|
|
set internet-service-id 17367382
|
|
next
|
|
edit "Alibaba-DingTalk"
|
|
set type default
|
|
set internet-service-id 6881623
|
|
next
|
|
edit "Zoom-phones"
|
|
set type location
|
|
set internet-service-id 6422646
|
|
set country-id 840
|
|
set region-id 1280
|
|
set city-id 65535
|
|
next
|
|
edit "NFON-NFON"
|
|
set type default
|
|
set internet-service-id 17432920
|
|
next
|
|
edit "SERVERD-SERVERD.Hosting.Service"
|
|
set type default
|
|
set internet-service-id 17498457
|
|
next
|
|
edit "MEGA-MEGA.Cloud"
|
|
set type default
|
|
set internet-service-id 17563994
|
|
next
|
|
edit "Hadrian-Scanner"
|
|
set type default
|
|
set internet-service-id 17629350
|
|
next
|
|
edit "ISLOnline-ISLOnline"
|
|
set type default
|
|
set internet-service-id 7864667
|
|
next
|
|
edit "Dotcom.Monitor-Dotcom.Monitor"
|
|
set type default
|
|
set internet-service-id 17695068
|
|
next
|
|
edit "Ahrefs-AhrefsBot"
|
|
set type default
|
|
set internet-service-id 17760605
|
|
next
|
|
edit "Semrush-SemrushBot"
|
|
set type default
|
|
set internet-service-id 17826142
|
|
next
|
|
edit "Vultr-Vultr.Cloud"
|
|
set type default
|
|
set internet-service-id 17957216
|
|
next
|
|
edit "Rapid7-Scanner"
|
|
set type default
|
|
set internet-service-id 5898406
|
|
next
|
|
edit "Lookout-Lookout.Cloud"
|
|
set type default
|
|
set internet-service-id 18219365
|
|
next
|
|
edit "Fortinet-FortiDLP.Cloud"
|
|
set type default
|
|
set internet-service-id 1245546
|
|
next
|
|
edit "Fortinet-FortiSandbox"
|
|
set type default
|
|
set internet-service-id 1245560
|
|
next
|
|
edit "Fortinet-FortiSandbox.Cloud"
|
|
set type default
|
|
set internet-service-id 1245561
|
|
next
|
|
edit "Bluejeans-Bluejeans.Meeting"
|
|
set type default
|
|
set internet-service-id 7012476
|
|
next
|
|
edit "DNS-Generic.TLD.Name.Servers"
|
|
set type default
|
|
set internet-service-id 10748284
|
|
next
|
|
edit "Microsoft-Azure.Front.Door.MicrosoftSecurity"
|
|
set type default
|
|
set internet-service-id 328080
|
|
next
|
|
edit "Microsoft-Azure.Connectors"
|
|
set type default
|
|
set internet-service-id 327980
|
|
next
|
|
edit "Microsoft-Azure.Front.Door"
|
|
set type default
|
|
set internet-service-id 327993
|
|
next
|
|
edit "Microsoft-Azure.Service.Bus"
|
|
set type default
|
|
set internet-service-id 328007
|
|
next
|
|
edit "Microsoft-Azure.Microsoft.Defender"
|
|
set type default
|
|
set internet-service-id 328009
|
|
next
|
|
edit "Microsoft-Azure.Resource.Manager"
|
|
set type default
|
|
set internet-service-id 328013
|
|
next
|
|
edit "Microsoft-Azure.Arc.Infrastructure"
|
|
set type default
|
|
set internet-service-id 328014
|
|
next
|
|
edit "Microsoft-Azure.Storage"
|
|
set type default
|
|
set internet-service-id 328015
|
|
next
|
|
edit "Microsoft-Azure.ATP"
|
|
set type default
|
|
set internet-service-id 328016
|
|
next
|
|
edit "Microsoft-Azure.Traffic.Manager"
|
|
set type default
|
|
set internet-service-id 328017
|
|
next
|
|
edit "Microsoft-Azure.Windows.Admin.Center"
|
|
set type default
|
|
set internet-service-id 328018
|
|
next
|
|
edit "Microsoft-Azure.KeyVault"
|
|
set type default
|
|
set internet-service-id 328021
|
|
next
|
|
edit "Microsoft-Azure.Databricks"
|
|
set type default
|
|
set internet-service-id 328034
|
|
next
|
|
edit "Microsoft-Azure.Event.Hub"
|
|
set type default
|
|
set internet-service-id 328035
|
|
next
|
|
edit "Microsoft-Azure.Power.Platform"
|
|
set type default
|
|
set internet-service-id 328043
|
|
next
|
|
edit "Amazon-AWS.EBS"
|
|
set type default
|
|
set internet-service-id 393470
|
|
next
|
|
edit "Amazon-AWS.Cloud9"
|
|
set type default
|
|
set internet-service-id 393471
|
|
next
|
|
edit "Amazon-AWS.DynamoDB"
|
|
set type default
|
|
set internet-service-id 393472
|
|
next
|
|
edit "Amazon-AWS.Route53"
|
|
set type default
|
|
set internet-service-id 393473
|
|
next
|
|
edit "Amazon-AWS.S3"
|
|
set type default
|
|
set internet-service-id 393474
|
|
next
|
|
edit "Amazon-AWS.Kinesis.Video.Streams"
|
|
set type default
|
|
set internet-service-id 393475
|
|
next
|
|
edit "Amazon-AWS.Global.Accelerator"
|
|
set type default
|
|
set internet-service-id 393476
|
|
next
|
|
edit "Amazon-AWS.EC2"
|
|
set type default
|
|
set internet-service-id 393477
|
|
next
|
|
edit "Amazon-AWS.API.Gateway"
|
|
set type default
|
|
set internet-service-id 393478
|
|
next
|
|
edit "Amazon-AWS.Chime.Voice.Connector"
|
|
set type default
|
|
set internet-service-id 393479
|
|
next
|
|
edit "Amazon-AWS.Connect"
|
|
set type default
|
|
set internet-service-id 393480
|
|
next
|
|
edit "Amazon-AWS.CloudFront"
|
|
set type default
|
|
set internet-service-id 393481
|
|
next
|
|
edit "Amazon-AWS.CodeBuild"
|
|
set type default
|
|
set internet-service-id 393482
|
|
next
|
|
edit "Amazon-AWS.Chime.Meetings"
|
|
set type default
|
|
set internet-service-id 393483
|
|
next
|
|
edit "Amazon-AWS.AppFlow"
|
|
set type default
|
|
set internet-service-id 393484
|
|
next
|
|
edit "Salesforce-Hyperforce"
|
|
set type default
|
|
set internet-service-id 655738
|
|
next
|
|
edit "Fortinet-FortiMonitor"
|
|
set type default
|
|
set internet-service-id 1245558
|
|
next
|
|
edit "Tor-Tor.Node"
|
|
set type default
|
|
set internet-service-id 2818432
|
|
next
|
|
edit "OVHcloud-OVH.Telecom"
|
|
set type default
|
|
set internet-service-id 13828461
|
|
next
|
|
edit "Zero.Networks-Zero.Networks"
|
|
set type default
|
|
set internet-service-id 17891679
|
|
next
|
|
edit "EGI-EGI.Hosting.Service"
|
|
set type default
|
|
set internet-service-id 18022753
|
|
next
|
|
edit "ONYPHE-Scanner"
|
|
set type default
|
|
set internet-service-id 18088102
|
|
next
|
|
edit "Proofpoint-Proofpoint"
|
|
set type default
|
|
set internet-service-id 18153828
|
|
next
|
|
edit "Heimdal-Heimdal.Security"
|
|
set type default
|
|
set internet-service-id 18284902
|
|
next
|
|
edit "Yealink-Yealink.Meeting"
|
|
set type default
|
|
set internet-service-id 18350439
|
|
next
|
|
edit "Secomea-Secomea"
|
|
set type default
|
|
set internet-service-id 18415976
|
|
next
|
|
edit "CallTower-CT.Cloud"
|
|
set type default
|
|
set internet-service-id 18481513
|
|
next
|
|
edit "OpenAI-OpenAI.Bot"
|
|
set type default
|
|
set internet-service-id 18547052
|
|
next
|
|
edit "OpenAI-GPT.Actions"
|
|
set type default
|
|
set internet-service-id 18547073
|
|
next
|
|
edit "Alpemix-Alpemix"
|
|
set type default
|
|
set internet-service-id 18612590
|
|
next
|
|
edit "M247-M247.Hosting.Service"
|
|
set type default
|
|
set internet-service-id 18678127
|
|
next
|
|
edit "Quintex-Quintex.Hosting.Service"
|
|
set type default
|
|
set internet-service-id 18743664
|
|
next
|
|
edit "Aeza-Aeza.Hosting.Service"
|
|
set type default
|
|
set internet-service-id 18809201
|
|
next
|
|
edit "Amanah-Amanah.Hosting.Service"
|
|
set type default
|
|
set internet-service-id 18874738
|
|
next
|
|
edit "ByteDance-Lark"
|
|
set type default
|
|
set internet-service-id 18940275
|
|
next
|
|
edit "KnowBe4-KnowBe4"
|
|
set type default
|
|
set internet-service-id 19005812
|
|
next
|
|
edit "Keeper-Keeper.Security"
|
|
set type default
|
|
set internet-service-id 19071349
|
|
next
|
|
edit "NinjaOne-NinjaOne"
|
|
set type default
|
|
set internet-service-id 19136887
|
|
next
|
|
edit "Modat-Scanner"
|
|
set type default
|
|
set internet-service-id 19202214
|
|
next
|
|
edit "Make-Make.Platform"
|
|
set type default
|
|
set internet-service-id 19267963
|
|
next
|
|
edit "Cloudzy-Cloudzy.Hosting.Service"
|
|
set type default
|
|
set internet-service-id 19333501
|
|
next
|
|
edit "Nokia-Deepfield.Genome.Crawler"
|
|
set type default
|
|
set internet-service-id 19399038
|
|
next
|
|
edit "Neat-Neat.Cloud"
|
|
set type default
|
|
set internet-service-id 19464575
|
|
next
|
|
edit "Brightree-Brightree"
|
|
set type default
|
|
set internet-service-id 19530114
|
|
next
|
|
edit "PagerDuty-PagerDuty"
|
|
set type default
|
|
set internet-service-id 19595651
|
|
next
|
|
edit "JFrog-JFrog"
|
|
set type default
|
|
set internet-service-id 19661188
|
|
next
|
|
edit "Tailscale-Tailscale"
|
|
set type default
|
|
set internet-service-id 19726725
|
|
next
|
|
edit "Gamma-Horizon"
|
|
set type default
|
|
set internet-service-id 19792265
|
|
next
|
|
edit "Automox-Automox"
|
|
set type default
|
|
set internet-service-id 19857802
|
|
next
|
|
edit "Pulseway-Pulseway.RMM"
|
|
set type default
|
|
set internet-service-id 19923339
|
|
next
|
|
edit "3xK-3xK.Hosting.Service"
|
|
set type default
|
|
set internet-service-id 19988876
|
|
next
|
|
edit "ASEM-UBIQUITY"
|
|
set type default
|
|
set internet-service-id 20054413
|
|
next
|
|
edit "Dialpad-Dialpad"
|
|
set type default
|
|
set internet-service-id 20119950
|
|
next
|
|
edit "iboss-iboss.Cloud"
|
|
set type default
|
|
set internet-service-id 20185487
|
|
next
|
|
edit "Redstor-Redstor"
|
|
set type default
|
|
set internet-service-id 20251025
|
|
next
|
|
edit "Anthropic-Claude"
|
|
set type default
|
|
set internet-service-id 20382099
|
|
next
|
|
edit "NETLOCK-NETLOCK"
|
|
set type default
|
|
set internet-service-id 20578711
|
|
next
|
|
edit "Aircall-Aircall"
|
|
set type default
|
|
set internet-service-id 20906400
|
|
next
|
|
edit "Mendix-Mendix.Cloud"
|
|
set type default
|
|
set internet-service-id 20971937
|
|
next
|
|
edit "Palo.Alto.Networks-Cortex.Xpanse.Scanner"
|
|
set type default
|
|
set internet-service-id 21365159
|
|
next
|
|
edit "Microsoft-Azure.OneDsCollector"
|
|
set type default
|
|
set internet-service-id 328104
|
|
next
|
|
end
|
|
config firewall internet-service-addition
|
|
end
|
|
config firewall internet-service-append
|
|
set addr-mode ipv4
|
|
set match-port 0
|
|
set append-port 0
|
|
end
|
|
config firewall internet-service-definition
|
|
end
|
|
config system external-resource
|
|
end
|
|
config certificate ca
|
|
end
|
|
config certificate remote
|
|
end
|
|
config certificate local
|
|
edit "Fortinet_CA_SSL"
|
|
set password ENC 1AGKgHqwiDQFvKctS5pzSS4172cwYdd5e9nJOYhOylhUiZU6MkWIlMtpF669kcLqY2gKhoVpCyIrK28wu03pjcaPGZWiCwEqAWejl7gBYgfg7l9LPnb4v50rHa8ZcBGyTLwrsEj/w+ZuiOFebeQJjKJz++GJt4WKPtxxxqEvdEskmDDle1fnittWl79xkfz/luS8u1lmMjY3dkVA
|
|
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
|
|
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
MIIFJDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQBHX/dtVgSVwaXL9B
|
|
gC+xVgICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIyzoFlDkEZ7cEggTI
|
|
cpRX+YMh72Nw7ZaX8TyhreoDU34tnxh8dlWZWdbMS+omU5fz/u1jVX1lpDfKhRkX
|
|
/iHqo6X3oMyl47KybrdbnjZqWSMwXLMCGTzvQpDrNQd3xeGtIXSXMXnPU6pZLiYC
|
|
W0U3Cg6D+f6sSm88ap9QxdYVnpryZljRGDD+C/JjyeGtgd3oK2WXsYBrgeCi6D8E
|
|
tO6doBICdDAFyYPHHlTJK8eQVgwMxGrXbcrfaTiU9sPZk/PNnqvqpoks/7n06Uyc
|
|
ExPXSoYSPCjoqtVSp84PrABRs5HWg91iLu1BXXp7gpfmMQqO1Yh2uMCbFtQCU5td
|
|
xnWe0Gt2LDx+QFF7rG8aNqoRiD9Hg3/oymdYPuaCyqlzQure+B7/x42OI/iKF88v
|
|
jamtKX1MwByr0nZT5mDD7g8Gdo40z4SFeoiKwPaYTpn+Ve3R1HlecF8cxhjav3oe
|
|
AauucTFO9Uc/fjZ02Qj08V8vynfDv0hDDAy+mAwbirRNPybMx1P0ao/Wlk/2o+35
|
|
eJiYYMiiL2g/30PceSdsFkdFRXQSpNxfmHAo/aSu1kE8Q0p5iX2wK8LsnpXMueNS
|
|
g2ZX62AapqK0kBmeSstPK9p/PVQw810RoJ16ILa0q2NSgU+YXyMMaNDh82FWn+IJ
|
|
R9p29HM0dtstnOQQdDc/gXF8rcuAxRuAz5WPhrlu+2Z2DnhgrGeJPzRkgdDYhTFy
|
|
98mUqdxOj/ierno6tVH6KSHi65F9sV17LU4jqPylHocPKcXuO6ad6XHUnCSwotvW
|
|
bBdL5kW0kYoFFoUAIxahcybPV4uuwWbeNQl+UCJSfa/GuXYHeGczWeGvDQoE62hT
|
|
wVgcqRkBAk68qE/cdgmSeOu6f6cZTYP9LlouMtla50dmtpyhZuocyHjFLP5l2x64
|
|
h2RkDjv7oFm5pAZAWDYqkM5v950ml2WqjtB6ecKTfIsSN+B5aBgByiWm+Jb72C0G
|
|
RxT91EzsDdPd/oPw8YGINALlD/4twVcSiCs2go2oFB7NW5U80c7NA2tOajVQ2a2G
|
|
mo7077Wv74l8XdizgBmYA63qE4QPiyQmhfeHRjnlVGAegU6NpogfUk0RqlbvjXFF
|
|
dJ7UaUGrTfqO1ppwZev676x/Wu6sLFK6YFWPSBTRC0rFM7uxq/wnOqByA8G/Dl8K
|
|
hZee7fsZulfkmRQKe7rGLsAqDxXYgJWDz7EeXP7e7WbcWpfLb0mz/5Hk9afYMvGo
|
|
rWbIsIJF6KkbA5mhy8hwSqsKbYQH9sKhMkF4XQ37fTc5p6Eq6XMql41JKe0haLIK
|
|
eJhaSvrCoT4YpWjiqlOwm81TKxGz6E3/VAacRgorD2FRZSLuZ5AToA4Iu8BPeXq0
|
|
S0NgvZx9HXVAshtnOtZ5w5BfI5go8zDeixdzCqcjKDm51Y9k62YHfDv2x4VwnSGq
|
|
K0clQQauBtuGLipvNWIEHNx6tHJMCiCTCWwzJOgfZj4UiRgEkwB/O6CNF/GzKLAk
|
|
Q+ljbLnY0w9zygTSzFnvwt1BKZCnVadG8K1JfBG1qDrJeC5hrAmgoo8inJE6woDK
|
|
nA8ZtsEEmhJrARfLcfcMB3KwNXSimv6UW3gY+Pzy33DagrplFQgoy9ekXDXMAnia
|
|
kCivrxiW/lYG5ALX50yQ/f+3UWXxxR9N
|
|
-----END ENCRYPTED PRIVATE KEY-----"
|
|
set certificate "-----BEGIN CERTIFICATE-----
|
|
MIID5jCCAs6gAwIBAgIIB7EKemWPvOQwDQYJKoZIhvcNAQELBQAwgakxCzAJBgNV
|
|
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
|
|
ETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3Jp
|
|
dHkxGTAXBgNVBAMMEEYySzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1
|
|
cHBvcnRAZm9ydGluZXQuY29tMB4XDTIyMDEyMTEzMTczMVoXDTMyMDEyMjEzMTcz
|
|
MVowgakxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQH
|
|
DAlTdW5ueXZhbGUxETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZp
|
|
Y2F0ZSBBdXRob3JpdHkxGTAXBgNVBAMMEEYySzYxRlRLMjE5MDAzMzQxIzAhBgkq
|
|
hkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEF
|
|
AAOCAQ8AMIIBCgKCAQEA8lh2I1oUF0PTeVN14j/cvF3Q+1VH1KkIOwPvr3Pi/edV
|
|
AcZ0Z0lvk/5v5i5Nk8x4c693Vju17p/nr5soKua1Sti41NUhwC+sKs3fIwDW0aOt
|
|
JET0GnKqCEXLGhzppSErYQDS90LQw64tSf7o0PolJBZNBDFJWrziJ52A+AaijF3X
|
|
8LfD1UW3SSA8onjKvt1EMc+w39rwsZVV/u7pBCj90zQGx/Z/U67gfYxPqjUxLPzK
|
|
S9bg0TbXQcF8vf+XU/FqdV+1TboiV+WZXXFX0zr+tqfDSKQS2VV85CiGgW6VZzwg
|
|
qGAOSGtGR/2kyq18FfZsCJCFisPSKqcfmiBt1F44pwIDAQABoxAwDjAMBgNVHRME
|
|
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBkRSNYYDZA/nn5sl57DA3MnRcezWS0
|
|
+NUVOLXpJXzQ3hB1yXMcKm3sgA2IyXInoZAr8kQCWHwwM8Y9igSRyZExPgp+Tm8m
|
|
iuU6T3Fn5GisEKdjkKSmrL+D9ibYqFEPNfBzNAj9aTR1Os9702fX+nE7ypLZlulz
|
|
ilF1S2XaOLVEiWK7zF7s0Gaq9bihZtkZP8VNnIJSr/5KzFrjDBV0euhpCsnsUTeg
|
|
ayKPsODLnp7grKizkKKA8Rk9OgnsEkCy7628Y1XLNTU7qB+7ZXjixmcfMdNS1PKY
|
|
xXZbFhu6d5a9mB1ykfdnxwlXwL44T273UzikwDl6YJNpJ+F8++WYJmhS
|
|
-----END CERTIFICATE-----"
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_CA_Untrusted"
|
|
set password ENC IG0xbU5vMDWTUgoXut+osAPx2ftLfFGuxjS6zB0KLyDB7hWurc2Hf04ow3OepVxO5SF/IAo/dPieDLvgBfssPRsov7OmNBZyGBF4cDy42CLmmK5/c/KCk+4zK/h5qgdK0kKJby7bSQ2bzsPFIUiB9Xne6ndtoCrd0r2KFc4YsMeHeDKdgMSTNILvWoYE/NTbW5MHfVlmMjY3dkVA
|
|
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
|
|
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
MIIFJDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQQaSKcWcF33TOukzd
|
|
4kgKtQICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQI9tSXjHwxxdcEggTI
|
|
tKHLYsYj3HGGD0USPu/bC9vsTJOb4GiHLrR9L05AcAkJdrLnSeHJfUVb+UGMHK1J
|
|
30Pv4QZuvGBST6OzNh59Py4Qvc/AHzNHkTf4syvF+guAdpfsXa/PjZxjozAPA9Rf
|
|
yMBIQi5Bm8yfefxaQZBwu+Vp1etUYowaeSbcYZapOoDVzvz7GUg6x4kiFaiILJOc
|
|
/tys1xqqFYUwbaxFz/nEhBXDWSNBYvNBSRhYQkX2NcpQDV2JUZ4LxBTn8JPK+uby
|
|
WHpq3aBHRcC7GjWvZlx96bmA5LLxyFtYzUH1AydnIzSG5zDeNJynsUmXNtQi2Gt/
|
|
PILvb9kygE3x9BD+u7pSWPSmhJjuf8k0fock3wBlQO71wMhilhbhLuKxmVRIs9d8
|
|
l2WSpiJ+014cZllXvZS3v3uerxzpdmtS5Jqs207OaWbTx12j6K+J30XZ1/GPGGHJ
|
|
OVgKvK7/NeZCB1pRWoOhLnw3cH4FxOMwUuu/fI7yU3y+Nm0lBHrXBrRow/C95ArA
|
|
+w6f8zhuAkh4E9uUgGMXSLjV+0OkPaUenrmkZkX3FiTKx+LxyxyeCFtmKUVD7iBF
|
|
lkcGoaR2gLrIyIejmcpkU+lx6/7E4o7e0Ko8Y2GtprmhnYtahKJTlDFGm7Zd6DNy
|
|
aPR4Y6cnlSWorUzQt/kOwb5lRTdW94IUW3LivMPonmK9CJQ1BkUihb4qfUGBE+KV
|
|
PSIsYxJHwjihTKopOTNL0sMQeITsOOnBaxgz44DJxicWH+qd0YDzuJeEwoEV1frF
|
|
TKbxWOUqbu3jVmnf9eJCYEid5qsiTcxEIZwiDuESz2IoLxxX0hhoFiI5Hl5BROcF
|
|
PJ7CXXyKy8Uwo/aAcveRSy2ftxUDIoBmkxpTMYhfU6E0tfgBhy7R80i12TPJQtHP
|
|
PCgMjZIJ2Wa1p+j27XlcWZFPdqkRh1EHOu9B/tg9t9DjtYWzmNVObrec/iHUXTKu
|
|
KTa38lnA2McrN8LHGeyUajAD3Ia4H5XZl4J3g8UdHdXDrGbwZPpe6EznDWQQtATO
|
|
JZ4rXtiSAWGhu8sB8ReBEojj7dgaAStslB/yJ97jFGIZG0T8UlSwZyxLG+MjoMQJ
|
|
RSsFN0ItsXKU+fuQSizNLcHCzkcFIErfR23ScriE8z6viHuVQWuXjXecP5ffC2Y/
|
|
1pSIM7kiepH+gz3+UchFkEzBLv7l3BD9cFXz68UhfoXZjOC437MIPmklO7vFf/dH
|
|
FQZEICMjZ72L7Ni1uOBbC8HYy8HHJANnEnnZUzSnsXXUjazZ2aaNfRUT/J1iDbhS
|
|
XpBWrkKo3UlEyDMSKpdEbvTMXM4/0QqS4aNVDw3cpQoerTqNd1qtyUJuzTIn/wlZ
|
|
0oGSIPxV/DuGXdQBD8Mabu1pKBx2qaAKM1dVFdyxxfmHMVnN1zvxmzopeqSBmFCQ
|
|
d/Q4pcqi+RckY9tR7Uws9iOdiJ0Fise9tSU40EwfL9AkjNWWjehu+ssVQ0M64MPe
|
|
FMrjW2ZXYola/lRCQesMEuiNskcjFWhq6jR2PzJF6lyLYCNHEaLZOpJP9B8uLTqr
|
|
sWLmRihVWeF9VUmCfQfr9Sm+NcUc2pTFJwj4zBYzEfyLf2K/0z0LHvT75vWCvW8Z
|
|
aG0UUNH/HgwEygsFC99wiZQv4UWuoOPb
|
|
-----END ENCRYPTED PRIVATE KEY-----"
|
|
set certificate "-----BEGIN CERTIFICATE-----
|
|
MIID8DCCAtigAwIBAgIIJJ5p1RsocBEwDQYJKoZIhvcNAQELBQAwga4xCzAJBgNV
|
|
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
|
|
ETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3Jp
|
|
dHkxHjAcBgNVBAMMFUZvcnRpbmV0IFVudHJ1c3RlZCBDQTEjMCEGCSqGSIb3DQEJ
|
|
ARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMjIwMTIxMTMxNzMxWhcNMzIwMTIy
|
|
MTMxNzMxWjCBrjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQ
|
|
BgNVBAcMCVN1bm55dmFsZTERMA8GA1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNl
|
|
cnRpZmljYXRlIEF1dGhvcml0eTEeMBwGA1UEAwwVRm9ydGluZXQgVW50cnVzdGVk
|
|
IENBMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTCCASIwDQYJ
|
|
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3MDfGYnRXUFwDTMvLYyQJKsggiGavE
|
|
I6S33xoF7k3vK8LDozySJP/JzyYlIH1HJNJCp5AQVbwVjZPGu05bgeFsytC8f8Ox
|
|
K6hqb+vgcQOcao+5fTYhjbkQwarPcDwasH/G0q1ye8aKLgLxskD0Zw7AzwqBWEkg
|
|
yRzAawTaZyZLqAhh/8zXpKFZ3ET4/1uWkLmWB/VHZQfue64AczjRnCrbtkGulARo
|
|
2Sz0eY3uYtS3IJ0ExyIgvVWa6ga/bF/wEayGKjAYOI11D81jgqYVi/yDHKKkP0oC
|
|
X5qBu56YSr3WladesKH2RAFflk1lPxPPFvNU7ZxGZYvJEzog6cdBCsUCAwEAAaMQ
|
|
MA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAsV/3cOb31gHxJDMY
|
|
kiaq0BilhXcKg/QWmu6TeIzID0XxKuWPpnmDDODwHy0/3w4y8fkLo9m4pJh981i1
|
|
1lP8nSTN/o2ke7coqhWZ0QeqPbkMOk+pKx1c4CK/7GTvi5QYlWfI/WVu/uLPwplU
|
|
d8d1y6uNh3JaBThoA+a8gtFgRkxmgOQ6esZUGMWHRVfyI/uWWLm79THqBqvoPEUm
|
|
/7X0XRP+n/cWieOa/6MQv5d/iHJI7BpurysCEcySdS9fx3RHxwdAMCqn9UO3dEWv
|
|
q0ik2r7sts/s3V+z8yMore1n8FcMX7ADoGjCSNHe5gOq/kThWWVR2EHwkDTnraYp
|
|
0C14eA==
|
|
-----END CERTIFICATE-----"
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL"
|
|
set password ENC iua9avm0wtrM8e/N5GWDzfsNRlAEkKxG2LMjdNGB6pQ57n9eYroZB9QXef7Ywn7nJdn/gtSsKii0DLJ5QEgRUOoD0mwYicz9O12n91SX8yygGGkKXjwH2x18ZUeeU5pFGBR3HXG4fNE40tcEV/OY97m2a+T0EsvtPwK8PbCZ44lTXTS+XZZydLwejYLBuPC7I2lA8VlmMjY3dkVA
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
MIIFJDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQSR4GWHSY94ayzNsZ
|
|
kdk5zQICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQI8uk91vsAz38EggTI
|
|
E5UW6qv+WErI4vA/koL4TH0w/Kn9BiycX2x51v2SDtpl9CU99DF0fk/Mf3dyViOv
|
|
g0gUp40xK2IHEnxYrd9JyRbRw0GoHFMzOXgDpxGYtkk1JM6wb6ACCM+xG++3Bcq/
|
|
/sL6nWFpU8RV93LPv+KFUvFel2Xmdy96WScl6wnIrCxltbUQMS8I2f/gndNwWP8v
|
|
zThGERarKfWc5h2K94HtomZ0oB6Q18RKdJV3HECoJMQFwChqBHjYweocAkMTP4ot
|
|
y+Wqu5H0uayPPtByD6NxM+43FqQdMYwFlFRFM+SoYRVMfEVpnx+c1WTPPsyGnRKc
|
|
+dh2y9rKWCt+KDLAAaaFsLeUM47pKwEU1hz4LlwZ0rljRNq178OeUvjhqzEsEe2/
|
|
KpXoMPEHInlpceQKABcuCkIhDZt717dpcdszornprZfN/JCfAR0jAMiQsaGhdF+J
|
|
FQ+RUH2qLdAzjuzDmUs6LXPC+c0s9KVO/+UoWwRT4pKkz9qjuJQBb2gS/rj6TSPy
|
|
vIMtoBSdMypgWAc/hwQ+ABBePXa8HK/u/byzaOa0C2qdhUh7z2/Gu0llmX1fmL3M
|
|
MJE52HPZxxp3erVbQzx2Xk1lwi94GcJKTgSsLgdrvMq/x9qbeioSGOwJClrn97Bt
|
|
6EevQpkmjSechOiWC5ERwCuNGdXEbGI+IHL0b+XAT2rxwONo9jGsFItKkn2YxHI8
|
|
Jxqca4ZQ+n3eFFiSAHbwCaMzCjZQkc4Q0hWO4QRqqAFfAjyBR/K/t04twPuEfDXZ
|
|
vOSxIRlgvr0QdYxplax+nOGBpqD6O9XY5ParYiR86p4xdqztaIkt6MBs/R0xko8Q
|
|
uqsdsm4WMONyJxB0ttIgSdRDgtGljxWLqRuuCwyscMu+/Krtw3cInzK+8ZgVr0Xc
|
|
hc4NYcSsKk2FxNZGgaRd36xjtJaPaEKjZIGNExKs1peWijn/GKk+WnjRwdTQgCro
|
|
i9Hvxx3wRUIzyc9chSpAp9PTWj1IRPEE4vbNNU6r7/qENn0/odd4owdiXY0I4lHT
|
|
GqvNWSyyFPwpS9u0E2r36zBWC1zsL192+eeBFqdFYfg6nMQErS6FX7UmSrDM9PrX
|
|
GYc5X5lWPquOtHFogAguCG9v0Vb+EVDjOgR0gqENR91RpBG6kDvhpNIbwtwpFjRC
|
|
H7Hu/pZ4JE9CB+Yf2DRqep3/vcJIJev6ClUjmszsixt9MsClXccYiQcJrwERGBR2
|
|
r5/eyUNkNo2PSpewKBttJ+iemBRRHVFU14U0p0bfuWaK4pn+7tMpu6AKLSXjxMfU
|
|
1FSmqjop9MlIxIgNAJkX9OXnxvTtKObrzxX4ME+db47PYBgvfo72t1C/96JlHszK
|
|
XcF0KdsM3yCfqMgNLCYqJ4WiqO19jsR37bQ6MfXMzUiNtwtaWZwZG3GhR2+ztvCd
|
|
fzPNzNNlkRF3OewXR7ODROO8yqBGIJxeIpUwmcCUZhjCl2jmf6r6J51CeMV1Tuth
|
|
AF2bYbfAJ871A92m8kpOi5HcKamj+hOcCWWI50hyF1r7PNER4sqstPK7GQWIwNOo
|
|
LeDQoGU3Ccaih3UpC+hrKj+T4++P92tyT+Yh3n78FhOPdPA/jEqZ6PmSu6OKpdcn
|
|
+5bjXhantv/fenpLeo6Jp2A85G5lnW5L
|
|
-----END ENCRYPTED PRIVATE KEY-----"
|
|
set certificate "-----BEGIN CERTIFICATE-----
|
|
MIID4DCCAsigAwIBAgIIDpscz/0cckAwDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
|
|
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
|
|
ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
|
|
EEYySzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
|
|
ZXQuY29tMB4XDTI0MDUxNDExMzIxNVoXDTI2MDgxNzExMzIxNVowgZ0xCzAJBgNV
|
|
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
|
|
ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
|
|
EEYySzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
|
|
ZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuM3oe6MYMMKx
|
|
n+pOxZF6/GApkcOBVgomZUnak7EVNvhuGLEoRHsaagdnGghpr7/1fjTjq9pwcy50
|
|
ulQZaDpd4iolIiIM6DZuLNy3g0S6tBZSDZzLzP44YZiaXxUCq3V7ofbNApb70b5n
|
|
DmuI3YeOdCa6OTlR7hP+qXgnXIU7/oMqeZbjwFeL02cHeTEZZCRMfj34aoGasMSP
|
|
1xSbuhIy0SF673a0KTwwvqCQcL1gGRgQK8N6iC5U7/LB8qofcrQETl0+gKq29awk
|
|
2ZifS8L4j2vzaRW7Wk9v2JE1gv1nv24P5R+zRNfwkMui9IuG8qMsmLy9tC0Zvqqs
|
|
on9t57/B1wIDAQABoyIwIDAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMB
|
|
MA0GCSqGSIb3DQEBCwUAA4IBAQBOaVMulzoqWefpYr6weX7dhuNl/AHU6141oxNw
|
|
EcNkP12sVRU/vOEh2OwWhGSQcYikM14Ix8n6uXWPvCaEoL9hWvxdYesLhk8LESaX
|
|
kyse8RHOaRShEpYLBTwD7Famppo7l0AB0GQy32VXMHSDIt4il4kxOxHtsFZVnt81
|
|
zduGY8rnqquEvsW2Er2gC9jSfqwdlenThRnUvoYIonCGwRmPNdYwOOFD/akJymMl
|
|
WZNQxgu2iagy+QnUmgprFMAHLe0F1Pd76u4xbViX/q95DPF9B4QYHCjL467iulQj
|
|
GIkjH1RQNZqgIWm9oqyVE6p2U5ZWpVghjAgxibuofpuddUTG
|
|
-----END CERTIFICATE-----"
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_GUI_Server"
|
|
set password ENC 5sY9BAEEffN/7tsgzJN3qucuV3JFeezbYdFwqJaBt62sm/6V7Zg+lK7G5L8Xp2dwhcdt5YZfDXXNubRXawh9unT6RGag2EF45xfrsMZXTYWoNASvdICc6lleZMc6CosydF2kDJJRXYGcW13dqud0u1yPlKmeFymuoYmvKyc4pFZPHSo1pA7mxfsxhlI2rE8XLjRhcVlmMjY3dkVA
|
|
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
|
|
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
MIIJpDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQMItho5IoXgDxTisT
|
|
cUGPBAICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIHr1ewzmvRJQEgglI
|
|
rNx3hBrSe1XaRH4BEt4xZBaUaFyVo9OmBtmGh0eR0Yuq8a7BOd5hiaVm7mwhcQnS
|
|
TfGZCk7XlFor0vLBees8ZXYI8v11WPtMUYvG12fC5QK/UaOogQdDXosZo72ZTRs9
|
|
lDOR8cWuDiZkVBXMPhNbls5hgCS9Yt636B6sMo24nwHq/U7KYFykz9sjO/MiovqD
|
|
tVCCeb7MSP081nvU+FHlj+fgRDMw49q6FFA+V8gsYEkEHm5mq61K9FSmgredbKkD
|
|
CPw5WvTPeCRgm1UUXktUQ3qEzE+AprcIb42n8gBAmhgcgsoWPlKfyJoSRVOfJxAR
|
|
pwacvz4xSY3EfDByPcwAlYzbVXwniTjZw3UsB+gtSpk1iOinukQFDdKAm2qBattA
|
|
1oraMUZsIY535FP33LFS3fQ7A2UAQHrZCknfZ0vLEkyNX21+VbFOuoBx45dgEvf2
|
|
IO0AMdLGNtlK4BBV57X3ufd3Wp48d2CGSmnEf+DTbrPcetNkYgvQmu2dK0m1hX9Z
|
|
vvv6kPKhpDG39adS/bgUMkR2g2TG9MRLweAFDy9953vyVwTLevF48WT4v7k4173N
|
|
aBmwQ515lwDze7DTHL5O/xXOc+Yb9S9G5JzvaskGeVcpPo8FF64oOWIjxywbD5CU
|
|
0USwtxH57osxGxHo3g2E70fNnvsTRpgzmC5SvkgXTDLgeSXi+vdzFWipyMVaKH6A
|
|
eWULEsW5ZPoorrJMUAhnltQ9v0Vf5TzcXnE9rB4Ns1xMZ6HwXZiWKL4wtLaJaREJ
|
|
6IUfWouFnG28YLWFYv0DfmC8TwNVUkehgnAOXOD3KKeY8JAFM7e9c0Z766qKytah
|
|
Hs8Lc1S6XkE9H03psp5INaZ6xeH8zWT5N6Zd6we9P7/Ag/Y77ps3/BrJFYQrpG62
|
|
uW2l5vnafCi7nWD+Zadk26VRsQDy0GHfPIEaXwzsAmglA8s0xFd0KN8qBaeVAWY9
|
|
K+mBRA1h2Axwne0f0n9Q0xb8wS2lKs1ZoLGbh1AcGQ/pt9Aajwxi9N9zL59Afu68
|
|
5hUtVL6wvHRitHfoa1c0oM1MPZb5WbsO2nxnAcg/pTxKs2OqWzd9LCjtzjnrYUJw
|
|
ZcEMzrue5wpxJhCdjpFdHlYk3eHYn0bJooKg2oLOrK1Hb3NW1x3YQ+VLmHP/Suap
|
|
O7IEXaVQk760/pY2d2mBF73hAXWJwjtf74cPxBhfyrJ6KR4kTnYufr21b07mZLvR
|
|
o3EwgWuQ1NpyHCkLFoLSs37A9V/3p5FO7FAbtxlTwlcP09tXPME5Lr1e+X79vdgr
|
|
/GS/MI7Gh/vMQwqFkZVdaoacVe/nYLgogTkan/p8E8h13A0iGjHjj0z8IwAywG7K
|
|
CLzaaq1qdldgAvI3vGNOjrAGFQBUV3oFFQBToT2wmRq5ZEqst43ToIi8KxhIFVNR
|
|
XE4RP1zvS6YZKa0R/ujOScacNDxKXCG4dZJ6gOMInnUpML6ZQd8flkTiuX/PMc/h
|
|
Y2ter7ICZqySMj0/JkITI4p7JM7dr30OjLO9wVu6LCDIg4+bOpP8V5whntN77JUy
|
|
HEdk8GRC8qlyG0/6l5sQaM6PucllZURQw0dUORgXMXVl1RmaTbi63g8zTjJQ9Ih9
|
|
4Jw+RZO+3YJpfhA0IDu3cV6GvCYJgKZPXNVKsXSsdH8F+9RQNWETHbUqFQiGFJxc
|
|
vPqVwHlnLD3Ox1nkBvIqaIQRcy4QWMj4F7w3Fk8AyJjfqW50d6642Hi3sg6Elpf8
|
|
bJe6GmGTwtq2KVmbKL+a5gNgQA8EzOYBLAQSQ+XYDcLZqOLEsQ1fP4viuM7WLV4d
|
|
RJeCpXwmI/4ISIyg1RbwYKt/Vw92Qga8Ut7DP1KN6BTnMKcENOCS+B1xoqQzPppE
|
|
Ci+04H5ZiXqIQWaHP5j3SexEpS+cPF+cE2Dv6zWaUoOv8l2Wo0xG+jI2ymZf5MfY
|
|
3pD9AREHqPTRtszFX1sOUDRQdV2L3udb5jbILUcBtFlsdI1IdsvOpew4nITnNKNB
|
|
kPvldkTJbwQlPovgM9rflGENeaYTJu86aLoCdEwLFZ4LACCqCsRoybDgUc3/Vmhs
|
|
OnsnVsX+D1KSSusyOnCglnHEpFHoXN5DeBjaI5iOOVadg8lfIyTniPrpn041uiDr
|
|
8tg9j1UlXV5XrlKq7remUUxGxyik7q5W7pjvHhF8wDU1/P7vKFocZqmQZTBBkuqR
|
|
SC6D5ZTBLGdZIBIafN52w+wzFJOrtshIjfdVI7LM24wIILWIVW/1IHY0RkyRIV6v
|
|
HLZ+S5bpKuTDBTs2HasisjXH4GFyoQA6yRkmjh4KoSfYHHC0hA0qgjzUoGTx53yQ
|
|
hm+GlVtlPn2zAXoQ5eTufGRcsQ79RA2lYNbX7GxhyFajRgh7JKermyemCtkONuSb
|
|
z0j/hO7FZCs+zSqDjB3DTYXOFh5d62eiWzf4fdSJMuNS2Ne2O2zukuU+mFPRvc6w
|
|
wkaEnApWQgvlEGEKa/MPOT6GAviDbjm+TyFHvKY9QBUo+IdSEJMWHc1J8y8YblKz
|
|
ZrMHPe35tDoof76wL91L/8jRMVyV164cvZFSZ59ps7NOCZkaiZILIJXpJO9kT9nB
|
|
Lb6g3pZUZm9HqUE6dnEYImso7O1E+8bkB2IRLqp9g1H59jEq6qvofwU7CYmAdgmz
|
|
g4+n+KqdZlAlCCBlhce2gvRhdgwPWAwuYJNrP8kJHqH97Bw6guuA7e6Ivo9i8pKg
|
|
gB0WUcnsMsgmYL28H4qegC5iBZz3bF/DdgEw7bhvPqHSoZXedaoHAkrI8r2endWy
|
|
Hz7pbOwXTfSLcHtFuzKBLQDG8t1vlSgG2KOVcFoaQTNM3BQk4MK/4+hvgQFDLbNc
|
|
BTWSbgvsAroU7ZA7bRbVOLULz8vUz8TBDTQIpmLh9IJPWbUn6Fg/PLz6ByTJLonR
|
|
2gQmgrzpEw19x4uEuHbvSCMS+T7X0YFiGAAxRldbHyZ+YRK7QkfRlvY2Lcbrc/Ww
|
|
1p1ef4zPsVoTaDmgqsWnDCXH2M/7S7I9uqE4jL2SFnGkB9BNcWVkTfJvQVxXDTF0
|
|
3GnPVE8/YCMUcQWhCEfOOKWbiQlv5rztgWNsq+1MHUxOIQKXBFLGBRm21orh2uil
|
|
HAwxdSCVDSKnyLZGCNIdbLFa8rlDyJMWrukUYc1X07UjdK4HuXmKQWlPxPsBQYfv
|
|
OEuN0XlQHqlJ0ATd9N9HeJk5mhIdkiBf
|
|
-----END ENCRYPTED PRIVATE KEY-----"
|
|
set certificate "-----BEGIN CERTIFICATE-----
|
|
MIIF2zCCBMOgAwIBAgIIJLn0LcCD9NkwDQYJKoZIhvcNAQELBQAwgakxCzAJBgNV
|
|
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
|
|
ETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3Jp
|
|
dHkxGTAXBgNVBAMMEEYySzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1
|
|
cHBvcnRAZm9ydGluZXQuY29tMB4XDTI1MTExNDAxMTM0MVoXDTI4MDIxNzAxMTM0
|
|
MVowdjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcM
|
|
CVN1bm55dmFsZTEWMBQGA1UECgwNRm9ydGluZXQgTHRkLjESMBAGA1UECwwJRm9y
|
|
dGlHYXRlMRIwEAYDVQQDDAlGb3J0aUdhdGUwggIiMA0GCSqGSIb3DQEBAQUAA4IC
|
|
DwAwggIKAoICAQDVH0R8Epzt94v4RQuzrMxCHn/p12MUDeBKw2F0oi7T526SiEBa
|
|
+xVCro8wVP+BLujYwN3HMWzUs5emKnOU5j814QW91yq1UVxpmmO4WoSAhYBbPZ5a
|
|
6qQaQ/1RKVp8QedF6axtiB710Za1OXPTLpDYFvt1fYxrIWbYQ3QWb4La5xTjLLHE
|
|
5qCslcE6d25SAzE4VWSLBTBi/hNAkO8yLK23b93XraSpDO5xyAu93yBiq2AP6EoH
|
|
Mi9w1+xSyBd6gq6Pn7Lb+DIwpI1G5cTR+4eWyKEciWr7neKvP98H0eRmYaEOhGts
|
|
B+/v4+99iCqdMy+X+n1HG6cOWorod4Ck8lfttQA9JjvZ9S6LJSaFJfazttkaJ6+d
|
|
VVfD8JnHTQIRUIwT0GYpCpmsNjvhFCywyjzS51tY+UF+qdogpnJZb1oh5beGi5L0
|
|
cszV+1tmmmFYDfaU6OdN0LoLazkLLqBTjDTgZm4GZCUlwVMqRCCcYgrhr6JH3Url
|
|
kBNrFEi2Bcp2bw18iiyGgsMkWlkHZTeQe3bZg5yxxoTxGp14vVxxz0wwfmoPvuaT
|
|
kC4eLNFMFG+VRzBy70CedC1QmSgNvAUw2EUSSrlumMZcXVyK8dBNG/TTpJ0h1qf2
|
|
HYDqIkQAbNis2ImNQDQ4Xic8qaXOqXWOIN+celx2OTHX2qS2JkSnsFB7XwIDAQAB
|
|
o4IBNzCCATMwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8E
|
|
BAMCB4AwHQYDVR0OBBYEFHQC3INjDa3Sw6SsBNc/zCyBfIhqMIHHBgNVHSMEgb8w
|
|
gbyhga+kgawwgakxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIw
|
|
EAYDVQQHDAlTdW5ueXZhbGUxETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVD
|
|
ZXJ0aWZpY2F0ZSBBdXRob3JpdHkxGTAXBgNVBAMMEEYySzYxRlRLMjE5MDAzMzQx
|
|
IzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tgggHsQp6ZY+85DAb
|
|
BgNVHREEFDAShwTAqJMBhwTAqAHxhwTAqMgBMA0GCSqGSIb3DQEBCwUAA4IBAQCI
|
|
RnebU56CiT1j9AS/7/wXYY2aZMIwLwCZmF3W7lL2zfYj9u0QAnf3Uk5kH7mAP5nl
|
|
BKoQGRIxNvWWLPEeqeJnt3qvakdsF2wbaiodHOUIJoAYzlnfIhWDbeyaun7Ae4z7
|
|
4O8azQzox/x1i+/gKxILmNjpx++MnxsY7D/CdEnjrOZyf26gnPn5GJB5/+4PnwI9
|
|
DCOoRcujP7glPQIfNo/JugP9gN6lqZGHnyHCgAP5cNShv0ZSDmhgb733vFLgwk4F
|
|
gT/QClZfXSltNMNP98dlVgNUyZDw8+5HwmNgXBvjZ78gJI92FYB72RIq69vKhh79
|
|
i4KlcjmY2jcCt0bIeK+6
|
|
-----END CERTIFICATE-----"
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_RSA1024"
|
|
set password ENC BrwaNoem/H2y5xwORnUfugYn5BThFIEHnVIXj3Cf2SRk56czd5Q8zdwf1/npAoO9vJxcQ/lvo7d9CWEXihO+fKlQtSlMRvnyOolHq2mnnYuBcKhyjJtGiPGym3dk7SFCBach0rVMNwDLkmesxT9Aw8sD/HEWpURR4hWp0rhfXWq7JnQGJ5YIRJ6+slV56AUF5jQGQFlmMjY3dkVA
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
MIIC3DBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQQF8tMzTwR1JhgiR/
|
|
u+ckpQICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIvccuOOa5fNUEggKA
|
|
DFQvNyQxfRpXd6Rv4+bF+E8YpciHLTZj6mJZe1H5Kl9GHzYQauFHKNWz58Cqo0IV
|
|
BDOQcaUPqFz265lS8VPojTffGfJGhZA/66YqSwt03TRh0PuWvTUiTA6+0C33Uuvi
|
|
ewirQcJ9QVgy5/OnYmkmF9vTA0szZxJL/GeUSDNKQr4F7ZajXajivLrwPBmSn8tx
|
|
lSklF+EOpstVBIIO9PtO1sykPC2bfx4JznealAtJDJM0QBLBUBh00QamiUvfawKb
|
|
xP4IEvu7pH5okRgA58tN7zLTu14pMmIMOIh/JDFs3imMXQ9K7e/dxfMhRgFnVN7Q
|
|
1YjrV0xZI1LMMKAlmGGGVgSeGDKVB5SypE2fOAjNiRRFWJ212V9UNLMeNwVukp/v
|
|
7kzbCc/XqONw72SW3pOptbNQPwgtNP2dbz7JJaHnEcfYs+Z4Y3P82CPXv2fhRpOU
|
|
vn/3hjgNqTolPzj3aIkNUfqaWLaNbE4FrSw9Nbnd4ykPRRkgvBbLumKvzIP3gsv3
|
|
LG6gG0PQew83vyh42awYb9MeedjqrunfTqS6OCPmLGaSlcIskEZRWPkXTtdv1MEy
|
|
+nAhpgi1R6NMkEcXgK5cz4YFo6BBQxjzQ95T56mU1BuTH216VdO6wFv8snJkkVbv
|
|
GkBD+CUAPEf14u8RlqI0qQWk7CY1sPc5WSCIoebfpRgYWhDqNhtO291hazK2fo47
|
|
3D1mOdzuNszqt6UY+x/0mczEQfNhKhUQFgz+E1M+dfyWB/bJ8jo66gzi6pb/ZauG
|
|
AwqOYPxnMvNURmYzLdWrEk0xyE6pTIP0ERg4Bj+KbLhFG9fkP7nxmaFPu4B/LxDZ
|
|
O823eNfss+lUblnFEeQwcQ==
|
|
-----END ENCRYPTED PRIVATE KEY-----"
|
|
set certificate "-----BEGIN CERTIFICATE-----
|
|
MIIC2zCCAkSgAwIBAgIIOvputoR7mCowDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
|
|
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
|
|
ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
|
|
EEYySzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
|
|
ZXQuY29tMB4XDTI1MTExNDAxMzA0MFoXDTI4MDIxNzAxMzA0MFowgZ0xCzAJBgNV
|
|
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
|
|
ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
|
|
EEYySzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
|
|
ZXQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4DufhwMPNciCpCyId
|
|
g+byBe65dO8hY+jfZCPyuO8EltMQKwyaAtr7q1OysM6P5utngPkpuOsBTxeU77U/
|
|
bvNaa80BkztryUayFA4v6S9owDvrk+O3N6oP1tHYHn1mZN/5+dDk0LMMhATCU5hk
|
|
Rm1eemzMGPKLDNG7FTvPZOxOtwIDAQABoyIwIDAJBgNVHRMEAjAAMBMGA1UdJQQM
|
|
MAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4GBAFEu1fCpsOzp/MSwgVKNZrft
|
|
AQmEluumGDHmRi1g93RLttGAqhMg6uScKgXybIWOGJkZIqrriucuwTT2qy8JEc0m
|
|
nK8/OnuYiDrbTYNd3a+OQpBRjqGMtxhsr44gJwng5t9ivEx1sLDwDYkHZyFJn1v4
|
|
RJjU97CJwyzxePdHuZqC
|
|
-----END CERTIFICATE-----"
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_RSA2048"
|
|
set password ENC TsR9YheiOp2zgZxmgE8AI3d+2ZbJ4r61WvRQqF12ELz5abgt28xDo2otoZwTi2jYMlgrdIzxXbMEDzJtjrn/ts7tsITgXle7HkTsNN996xXWWVt5KtFHbcua4qgpQKCrpHabHbikkVDcSsU8PI/2v8z+7VVKDF6wuNkM1f706i4qSb46SDRc/6cQhpqHrQ08qEtGe1lmMjY3dkVA
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
MIIFJDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQnwUu19w79DPPkftF
|
|
C1b8ggICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIek8ZW+eMoCAEggTI
|
|
JcmU8DsAWPHzEjKThCD09EJkhE0aoga8FjQy3T9Swt1Mw0ftxynmJ/WBsZLB2MZN
|
|
9QxD9Oh6QP32w4JoTYnM/uZIJIq0odewDMsHmx4pjytYEovQc6EmlfiuLOjYwtUK
|
|
K/0v23rn2ZArP4oz1UtpZ6skyfbw3Vw3bPMcmnKxun8jH5EAmxzwBzVUbanxAEDo
|
|
FRheTxxkb+dEmdq3rwOg5D1u1uGODBATH3xqRtvp5OS5LWP4noOLw8AbHkcjTLe2
|
|
tTGyR2xdl7mlO7JUBt6dNQfDJJU1K+KchGm0wfyij7YbamyirjOoWZGfwkMnhe01
|
|
wXYJJR3Xi2v8I4UmssMiG96Bq815WO0zoD17cT/lN985kqiLKPRx8LKpocyVUjXq
|
|
2DDUWl5ZbRYryS7prz8LQ5GNQrDScGQHo8J0AAInzWpDeIXScoU5J9LOpBKih14f
|
|
ZE15MawLc5qk6ZUES4OJBKWw7qseNaJGX1LoTd/eNQ+pjoIL43nNVbl+PHRN1RRC
|
|
R2gq+dA8InjFm+giPVmgjTzaT9qSGtiHiybJMB/PXLdq6grslYeonsRBeEPHrZ2s
|
|
fiegnKSE9FN7qcnREs+QF3cz6aW07dS5c1HTLwAIWMGQ+NRzevpMzZnedyLyAWIo
|
|
rTtIRD+oYNlFYHhq01cdBTQnrqavHsUKsD98RrK+tcMktiYZKSTMOl7Lokqw7Us7
|
|
gTCoEZLcpOkvlG5mkC4SAaKAdlGujElLDA2rGqL2dUeHox+i3P1H2/w+9n7LIuh6
|
|
KfxMm8mBqj1xQc7Pk0PF3C+f96W74nHJT+ywAwCLaZTY4Z4RPcxAWvvC+NvriFSW
|
|
EvrZpc5X3I6jEmgH7WBZ4c1qdvUtiix5T3W03QBHtAJGsG9lBkYmBLhchuXW9D08
|
|
/d+PLI/ggYy4C+AwJkV8/bopE0BvtCzNYX/hXS0nXtUNbqeysDKKDb+sGZkHmEGu
|
|
pKg7oRC2HhqMw/JVmjGcewDcn2nqHRVVSSpzDQIlzi9vP7Zl+oDGiE66LXxJZmUc
|
|
NycN77YINxzoT0ButFnbbsh7pOwDwNGvtjl1rx0n27YmgTVoygMK6oIdqoFw/6UI
|
|
qtHvWLK7hOCvNzNnBYHLIEjMWqWAo6/jdr32HETPgKtaeR3Ax/ESFyLOQ0OsIevy
|
|
J0xpELSkxZeFCSK+ZoYr4D4+OH0LqCm51SMCbFYHIKWIHvBkR4irJ1m71gp0Nlso
|
|
WLwychx7tiSZ6DZVEySbETbhEaFytRC3TvgkZ91U0S3AJkqGSNwzEdoV7p1Ggtgt
|
|
R+ME4iEH1tXNgjxyMTCVrZPnUhAzHt0zq3wLIxXO8Pbcg4PDDDdsg11SDJrArnsl
|
|
Ug+r9BhHfqrBlTmxo9fQb4ZYJ+mIXZPXNswRyogFBYV8shgW26P/HK+0bJEHYMHH
|
|
qLgBv53RGfhXXZwzK5Kb+iOYC5X/+Ob/FrOFtJPsBG7X01KTpNT3ApVEP651eQ8m
|
|
5S3i1s2J7sC5rMYul+pIScBMEOydx+xPsx3PISfqjdQLJmJtm7YQJPAiQ98UCc8e
|
|
ntUX6vWzM9citXuCUGlYIZXoBjQP3B/PqZ/M1rawlRlyDIXCbHL5WIhwzevs2VP+
|
|
hGXBLlXMzuTu5saMoU/LlLVemTJF8SBD
|
|
-----END ENCRYPTED PRIVATE KEY-----"
|
|
set certificate "-----BEGIN CERTIFICATE-----
|
|
MIID4DCCAsigAwIBAgIIVrvfpsp0uRkwDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
|
|
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
|
|
ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
|
|
EEYySzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
|
|
ZXQuY29tMB4XDTI1MTExNDAxMzA0MFoXDTI4MDIxNzAxMzA0MFowgZ0xCzAJBgNV
|
|
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
|
|
ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
|
|
EEYySzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
|
|
ZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztV+HX1vzb2X
|
|
Av2mddZO8Ll1bWCxZDPowechHX/FBzT56/V/qxvOAK1nTYUivsScaUTjsrJOpZec
|
|
6xoEzkMZdhv5riDcIUhJqCt537YQOooRo1kgPHG6fof3ab7atBZYMugu829RSl7/
|
|
kRiQhtGDzSHjzJEANsa26yOQjhhCugrTsxenY6tePM+JgbpnpYm5W1795wsQx7qA
|
|
4z8f9p/rbrEfWLeH88Wjn0eGtSPc9E9CI/mKJkQx3n+FxUndGnjhF/c3h4ziUaE7
|
|
R5a0+8Z0GKq8wf14/Q4MAbKKN30ZK+BSMkhroEvl8p1Iv6q2fsAgbnvH6b9N6CFe
|
|
Sq21HXZmgQIDAQABoyIwIDAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMB
|
|
MA0GCSqGSIb3DQEBCwUAA4IBAQCbBI8tJElTU4xoxzyYNgzJ+BeBIKVvYCI64mZb
|
|
ETeMHt701b5ueayGEuFjuETA4+/9EhysQSMs8GEQDMpXirWgAzAZUFOXHXF0Vqpc
|
|
nhT1Aj+77lzJbyb+fz/fNZKSNCi6nNtBX+woexJsZCOe2dkCzdNHGVhfOe2oIDPZ
|
|
0ADgxg3TV90caz4znujl8EL7SHqo04ss6FKQf4rrU8h3lfRDFDutgRBA7CGN9dN0
|
|
mTNgmfUsxEowLJP/CFBpvLNVQZwQjhlk8p0bx52j9CC2FgwbIQerdYl+rRFQXdyD
|
|
1KsVhHkP3OPGyDsZcnV585pek3MvDm6w67z/q4LtccXbNpQQ
|
|
-----END CERTIFICATE-----"
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_RSA4096"
|
|
set password ENC JuHB35AVKOLdhlX1ArKYQc4xv1Dl6h++QcLIOBp1bcNFGTzKsHh3wVwLEkw5bnokQlEJGrHRFkSW8VKoFVeNyRfEpaPw97wvLvX2f+8M+aoINq7QzvfypZki7MkfucuvwtJCaVQg9GtDkf9Hm0wf8xc9x8DTAQ/Nsbz+gtN3lgePY4R+2hshBj51/yaF9b93Zp9axllmMjY3dkVA
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
MIIJpDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQ5NG0OXImhWWN+/iX
|
|
c8/4vgICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQI1aZZJrtC6CoEgglI
|
|
jZOC/oHLNfr1ikwVeHuj4HYMHlYM38Arwtom60HLGqoTzUM61PVmLfq/4Px5wbvh
|
|
dvRSFZdooUwWC/4QKcvLkqsEnSDzDdynarR+4e6TZs4gWXu7CmEr7uwVr8y9HCH1
|
|
0JJyRrUJvJ+6UlE1xz6p3K0VUDpFglzaGPF8Vb12iSusG3wny0o+NCgMafAbjpJ8
|
|
+fq7GB55skIqykWsExg0JguY89eKyePP7r4552Ul5AFKadRx7rGNsp7Gq45MCP9G
|
|
P+kcbwpEXmRsqMvTrg+v+VIabqA9/lZb9+yaS44Yf6yiXVpU+F2txYsewWoQaoUy
|
|
MtzIMPURYLoqHBSxoRR9Zfrl3iQaHAe+3DBaS211hzO4ApKYePdUbbDoA3emOBbn
|
|
nmxqLcMSJeKimtPJfPezynLko5ZXZwzj05WyHo1UcrRJnEj6Bmc2nPH1FF61BrQ6
|
|
Ram7dzjVAdnEfTL/UF5oV/cVg+LO5TuVL/XfBTBTzpZBFi0Wut0tuO/3EIjsWiZ1
|
|
NTbPq0vyux+76O9bnRWdmftjVGivmeYUpH+PBfyMs6i7Crti5n1KxV0/QuMXRrbw
|
|
HjHKTiTxsfYAhANQ1f4SDPt6ri/DMXFLQ4hzv4273nZhJz68aFCDNrpsLf6sGzQr
|
|
LUvWVEDuCDK21nNQtQr1ULHrs1ZjpzPpUEFkN14mxlJD9rE4rVMC+nOpXsirp4L2
|
|
xWfMqsUIFxLjKP/YFzUZOtIQ+4fIPXhPJhJJN8vEhgKOybGWlfJxHwrf6Yv8gTgU
|
|
oUUysDv1KKTtU9lRPrXyxhf6W+lVI8FXOGMUcUWuxSk1KAribu/b4KF5vFx31DFe
|
|
c5ZNJTxfu/Cec8jEOhG5XowlB71OVtBMz78+gy+iz1xgf637P1BEvade75/UmGZz
|
|
GJJtCYVp5oMwWoGXtZ0EPdl4Q0lC8MZmXUzSLBroXU1C2hb8nPyDYi6iYvRGJnd1
|
|
cnyVJcqsFXXFhZi6MJiGu991Fsp6Zgn3AZgz4A7e/5lW87Li413iy53Y5RZuA3+Q
|
|
yDcxwb5MZ3l9fWyZ+yiWPpo5f6kmxLqXc4vF9yUOo149BzvMadZdvAISTcoYq10j
|
|
BJ01Z7dhNxk73qB4EkovjlyEh6h9ldwa+eqUsyrBfNgTTaoSLdwyLntXJk+AZ9Fb
|
|
uZydYR8ZwQVjzuMOvDSm7PMAH0o3er69Nd4Xr7ttFsViLKUYVHHPQjsCjmvtyHE9
|
|
FwquuLkdDjvjWVPfamoHsrOZqv7o5G2aQZG+yCkOQN42w76oN3HCDjptn/cz3lQj
|
|
OBbGui2/guE47j4G4QxU2SDkv/M3b352Yybz9QgARYwcaL2QJbT3KY84iAuQRV4D
|
|
De1BpCR0uw9ENxACe/VnH07NNXT56sBPRwyoDlcnceRfGyOP/Z9rInVwZo4J4lMC
|
|
Zbob7nEsHCv83HLdzgZOn79ln2AAgWLMyIMluIlygnpYcZHLaOgtSmfT/xAyHBCS
|
|
XAt5GtnmH7lKnDJTqGVL1ZEgIG+aPR6LOtsR2I/IiwH65y9A+A8RS/odRhIBVbQA
|
|
Vl+q5l0vmxTguRXppc+1CWDm/wq/yJ2rFMCBTRH6ohsT46Wp8VyZys+EwpvJcTZC
|
|
sB/YKY7SJ+YsCjE7rdyC965MdeAqnvYunLqwRnR7pwAfBrC2s6oolHLHBygZ6gZ7
|
|
1/tldIzMQRk4mD22c/YmbEdFBdnfVGoFENqk21rCmFEk5HwY1ZgmoSvKOnrmkXyy
|
|
pAOkXOnt+4GsV1c+xxAa4gUyl48a8jRgC0PpiUHdj4/CPrngVfigv5qm37RMk4bk
|
|
BgygPNMdkFa3OZgO05eoNcP2eRYN+bMOTZOLtUqs+N5OmIOeNap4feMDkAmsI003
|
|
ylrWgIQNTJOf9dUB85DnLWuX4iHDsLrs8Q69aBWPBuz8xXtk9rvic0+cs3m6N//i
|
|
buXZgOo2UAw0jN7o5SqzIUvTOHpE0IuOrbh95caxHL4Nr69mNp/1R47TFsdhIghq
|
|
lzK6wp1QUevxPJIFU2mYNN0hvWENP+nzYVZwekXxuiqervrfE/1QF/M4K9+uF6eN
|
|
3/bWMs/inqTNUZ70gcFsnr9Dif42Ub0e1ZYG/O4H7pOJsfh5VOx3IbvrL7reVsPi
|
|
ZMa5TWUtVvt6kKAVEEtVDI69FK/KOaJjtirnFKElRhHhkvpCY/6u23aB/UH5YkRH
|
|
8FYhWlbd3sCiLDhxOry5ukb6A9LbcEq+a2NR03V0f8wVVA3rEu51rkt9S0JxowIR
|
|
d2xnRkXypyHk6thLWNHZQzbL1JCYTs+V8R0YmshYxsg55Oh/7rpYZMl0gTIuqo5e
|
|
Uv5ON54kqq414re5whwtW3jHVfAmIDNpimOq1XvsN5Gj1/z1BS2HAbFBJ2qEGmWE
|
|
csPagIneZzikLBVoc7gmY6QFxga5ykQawwuCYKhLOQuIn60ICpUpdm1C/14f3GFd
|
|
DIGzz1kPCx+0jxSHPHURdIXXzKLfg5sLiAI0v6MM6nAk/0sZpoecdRfBJVO/h9IT
|
|
jXURrHkJMqkDXjKnjtfG3YXONVUQ/f6ZHSZeuJMa2eQAx40v4T5WXNFNhdgXg6ws
|
|
8kV4v4ncWqs95a6MZ1oiFc+fRbKgI1xGsAeSPQue1ti0cr/+DCOntHCpJh7LQgRD
|
|
H5CYtO7WYOBhij5MxETQjWedwyx8gRCutliqkMXtRkh1jiDgmBZhTNmYeAefPoCJ
|
|
7JjY8eMMhu0Mzp6cHcLzUV0eRmwEpmai+zDj2qmdq8dpbsm1FSssTzJeYSLI4XsW
|
|
fEJqChaympu/bvUwZfgbvkjLP9AHMqF7d+VSBCfnND2pnnzIrAR4RRQPo855Fxzj
|
|
G8F1t1Nf2TAnNxFdGwvRJ/RwQcbL3CCmUzCupk/VJjorI4DnhMbQemKexP/782jo
|
|
oABt1cXL8w59cMLXY2qAoOtMKLGfkKad6dASZ1RRWlojFfChp4/3r5PgWVxptxVh
|
|
kk8MVqsaRDyBusC297cK5AhIQ8h8wFZkQ8RUGoSoI5PBw34OVxdgKeIKIK7/6AMK
|
|
9O28osHwG14oubca1vf7tFSVOOSTvZNr2t/ocBznwOkIxCbJTPw630o2vWhtlBo9
|
|
A2NhmR147FZdePJTaLWTUJXaLPQoQuu16oa9aSOvUjTbk7DcUhCk+G6gpTzzbr2p
|
|
rEazpt52vm0hz/gJqZOeeLubwc3lRX4m
|
|
-----END ENCRYPTED PRIVATE KEY-----"
|
|
set certificate "-----BEGIN CERTIFICATE-----
|
|
MIIF4DCCA8igAwIBAgIIMT3E/XqnRLowDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
|
|
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
|
|
ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
|
|
EEYySzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
|
|
ZXQuY29tMB4XDTI1MTExNDAxMzA0MVoXDTI4MDIxNzAxMzA0MVowgZ0xCzAJBgNV
|
|
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
|
|
ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
|
|
EEYySzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
|
|
ZXQuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAl1oVndfr3v4n
|
|
W1ztkYnsv4fds/VLTpdCdPFx1docGZq2mZfv3JJp/1ARdaW07ir6FAFWpVjHp3be
|
|
DGc+bziEGwj08mYj+ZgPVzDC9Pq1b06+xj+cxvDpne9S1M/1SH87b1OE/Xxd967X
|
|
HD3W2EJg6SVZTWwhzQUi+VzoSVClyAvFrZ5dlUl5NQfR6NiCTj7Tb5quq5pYo17u
|
|
1TBehWBG6O2f0WqUmphhpTdgvqu+jFnvw3QjBYoeKLSz7rfoqgs6YOaWDbgrWS2o
|
|
AqhaebPKco/aPrO9NL+5xSwEpowuO0Z+3NA443CuaBzb9R/VWIhOfkUe3WMqzae+
|
|
0dGsNX5wGNwiB4/x4Y6hI3KvH5spNwiWVhbcUNU3jfUuF+JLI00G3Iy2O7XM27qZ
|
|
lN/6jB2RMiFJSNnKMkbFAyqMvlvshIxR5lZ4aaLoQ3ILlTKtkuKBbGGhJXTCWQYV
|
|
TdvnK1UwHq3TearynPigoDQwj45Z8SckFomkQpG5eL6Ypq3hj4AFU9Kv5aj3kzTf
|
|
wdN0BnxM3UABfrFk6dUZTrgI1csJbowHIBfCuzcsarfIbhEZhg+zvDVW7cfzjTk9
|
|
I4e5/dx4Wz4IGPKN/8iDSdzavLwG4508GBtnx1yM/gPAZaBmStyGDWlDC//mjDtm
|
|
z+jqpZj4kEhLuIdaGoQg69gic7LU3ncCAwEAAaMiMCAwCQYDVR0TBAIwADATBgNV
|
|
HSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAJRDqh3Cc66e9a236
|
|
ERPQW1c+hnI7vBHFXKR+M1NVwE4pX6cRn1gmch5wVDXJYaYBsQnHbYrZBWfvtOq8
|
|
bNweryhoLf3dwhl7ZgIYiofH5TaO+Ju2sevuV4zrI15ussXfp0cHOrJp6AXWtLBU
|
|
+nK7uZwsrxONqzf3XA8T35cW8piIT9SHWxv6GUzRoMtx9B8Siw9cuHaokgmJLcgA
|
|
CVnU6bKZL5RXQLVIGTalRePhFA62W7bk8tA9fsSkDRCeD87KqP8DQvEVbXLaZLrS
|
|
bflIntmbgKFf0LSSoIVsmTEXvdhr+/eQf+LLo3m2pPTQjB5sCJ3Z9KeuEF1YdgH1
|
|
ZC/+pVTjOYZ+PZl/clabxYiYZOHODsfrzrHfAPwD6uv4qZ7LPx8/tnSGFRWAM1S8
|
|
cyot2aQ78bNdHkoN7LO+C3Jcy5WKg9eX/9ctcFbtlMBgqwmjzG1tMrfWm3bXWx2o
|
|
047hcsKnqoi2hcOWGtUMkLSSbqo094Pf6/zVRuSU3WKiQ4SRyQmKnnyLFLWlvQQ5
|
|
xuOz4eyEAZX4c6Vf0YBQ7L9KndKJqXLfIFGWDCAiQ60PAzam+aTnqsFzRRZt6Tpu
|
|
7B32NgpcSoFauyKreHQG2qgt+/e0YrEE3v2Ufcb0jKd9rIIcLBcrJpoaPbnaAI6B
|
|
tvItQ3It73aapJ31L6iNgZ1WLN4=
|
|
-----END CERTIFICATE-----"
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_DSA1024"
|
|
set password ENC IwiEWanXUUQolXWgXJ4BlRbO3ojytRTS0UMxe9OAxm0j3/aBzn9i7QN9iaqvoIhuFc6g34yilMsPjrX+MFqMzMy3JPSzqzTD3zs+lrLm5hriZ6c+sD+StHDC/RqhKbzN0nhq2ftlcPBh48BslQn+Hdl/QI90udLzdTbv4Tdmv56r0Srrm7lOPb7TMNPMnVUBUDAW0llmMjY3dkVA
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
MIIBrDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQDj2S1oy47EpW8TVR
|
|
x6ln+QICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIIXFgFppvDIcEggFQ
|
|
45KEizMaOsBwX/P+2xj452IZywgNQ0GhkaU/zGEgUARdSQViD5aQgA+8e/SUROyp
|
|
aTcwhrt/7uF2nHZbMbA9Tb/obYusgJEv0EiFtzZ2nOgCnIJ+z8FD1JyQhBPAKRAA
|
|
s5raSq4cAYRI1JFNHvyjM7QPEVPshNgyQ3oj8SYMnr2C7MpzFk9Qucuv2MeKJZag
|
|
Py/4LtV0BAsRTN5RWy1O6B6VGxtdK5w9X16rcWVcYHxOz/CBIfp1m0+PK99gpNeR
|
|
PYu+pHdnizmNy/2SpQXyNneIVaceaeFi9o+aS56Km5JsyScgmXa5t5eWcXezY/us
|
|
8XeBxWurXg/uSUvCj0R/wlIApYKwqubTXdvFLjw4sdEtAsYvWAdq2S2+c2J+qcOp
|
|
IngTZGyNWauSnm9CAHW5aOODCFtNh4W+ZFSe1F2+JmbcVTKiQ9f4AuYk+k1m/435
|
|
-----END ENCRYPTED PRIVATE KEY-----"
|
|
set certificate "-----BEGIN CERTIFICATE-----
|
|
MIIDnDCCA1qgAwIBAgIITu8tuSZ16aUwCwYJYIZIAWUDBAMCMIGdMQswCQYDVQQG
|
|
EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw
|
|
DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG
|
|
Mks2MUZUSzIxOTAwMzM0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0
|
|
LmNvbTAeFw0yNTExMTQwMTMwNDFaFw0yODAyMTcwMTMwNDFaMIGdMQswCQYDVQQG
|
|
EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw
|
|
DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG
|
|
Mks2MUZUSzIxOTAwMzM0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0
|
|
LmNvbTCCAbYwggErBgcqhkjOOAQBMIIBHgKBgQDxE4oFTS0ubKpRxTB5sHlo72Ak
|
|
G9eMqhJ2P1/x+oGmD6dx+YWDtaBLGDRhRVHmW8Ig/lJpvngPBoKZ9NwlOedsbVWc
|
|
rm4dm351kvYBJfg9UjRP+OTGbJPlF3MrZZcW5QFemfkmI11KIzgQuBdqr31APbxk
|
|
OKT60riXJnpapJFTKQIVAPX1JgkZKORHzQT1mtBHGOVtPMixAoGAK1uLf8nex7Nb
|
|
ssr717lOU6EC/W1ZaPxdatAGygbsoaqvL9X3i02h5GFEcvmI4X2iSlvHOB1vAyPk
|
|
Pu8ef14jnekk5z7VJCRdHQskavJwJ1QR1B69kVIJFFW26l+TKqT6n8qmxPNuX658
|
|
3VErZUeZZtBNDb0TarCxw1O0Juswfp4DgYQAAoGAEXnWNsjzqQo39skoERX1qVx9
|
|
xI6ZUe2avRKEuDpDn/wUib5Frjrlqx3YkfsJ2pM2+1+morLS4Kzad0V8ahWfHEQ2
|
|
j3g6VzDs4ejalbcJmrR+N5PKQrTVidNBajuBNupMxghSQ0eG1QA0Lw8UADmHJx+w
|
|
yN0Poz7YDlrH1A59dP+jIjAgMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUH
|
|
AwEwCwYJYIZIAWUDBAMCAy8AMCwCFEXRd3P0r8/zL2q1F8hBvBtefLYaAhRe3+6n
|
|
RZpMszcHuz00adaSCeumXg==
|
|
-----END CERTIFICATE-----"
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_DSA2048"
|
|
set password ENC QOuMiH4AIAR9V9Kih5adFWqvth5UeQyJam5PjGT2/t/6gTS6/9JwNLgTDfTn4K4S2iQTKwTRcnr6aBQJ9q9GVyPwVGXiJ3oUiZQq5DvcZfi349IG0xzYsAO35jr1v7VGKYiDzLwgqHpEVBckNGW+0OBKDinviruLThMAoqQ/7ZBgniA9OCcwI280fOND9P+OiTenz1lmMjY3dkVA
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
MIICzDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQrJXVJkvFXlP58CwC
|
|
MH/idQICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQI/FH5/2WiRfQEggJw
|
|
po35rGVncGXEk0DCwzO6GNUzW6YDLhAxPVv1wMMSvRbADOAD3/E04epqA04lNECW
|
|
6MxZiMp80f5zSw/8BCZgTkjM/s48ouCOuVHKO00A/8azjLmTPGhapqubyzjQyu2E
|
|
ACPpGqjf1jR22piBDGJ3v27ISL3gBXL+xL9Rtdn/yAInYhkdzb0cgueO0vc6JpS+
|
|
PzWYOXMrLcVqRWMKeNJewPHQt1yScXtYP2K5pA6qt0gSpPAU4Rz6tv0Fb8JRKz/K
|
|
UyByRBzt5gjTMZuBavCQQweY+ltSOG0P9WNR4/5oQb1fWiD6TY4OtRSVOSp5Pb2I
|
|
1ciaWfVrj97b6Afz0BeIHe9PMpNTBpXHjAKPOjjvufMQMLh28IAvgySTrvcHx/wM
|
|
G+ebm/T65RJp+RY5OC+8lam8xKiBVFxNB2ZggjWwFO6hwW35lNL6BfwDJB2eQx5S
|
|
2PtXnDJKGKoAQn3/vNYslyS6JyW/CMi7h3BB6kTyqYX2BuuocXVjs1llBUqtIcMa
|
|
v7/O34W2JHhueQYrv7vR4BYSjtIIVMJVFkn5muM1hXtpUAQCtpWbbHC39SvJqARE
|
|
7nm0VvLvBFOg7sItECwNpDIuR3pwyQPTbVqlwmIIANSxm5U2RYEBWevPWN3GijXA
|
|
O+ZrK+mNhVi4E6b3dCevC4feN3MwoOXDK9oIiTcxwsqq25/jswlTMEGhYfQXZcV3
|
|
7eewhSQI7WD8gEWfywnQzViw3Swc45bDqh8/ujSQgvjZdN5nmMpuTFM0T10v/WuN
|
|
Du32XpAoAMoylW5XosjfNAmLRy6LH9AJIDukJEEaIiWG78XKQRek8+nb3ucZlyRz
|
|
-----END ENCRYPTED PRIVATE KEY-----"
|
|
set certificate "-----BEGIN CERTIFICATE-----
|
|
MIIFSDCCBOygAwIBAgIIG0E2Mj+F5a4wCwYJYIZIAWUDBAMCMIGdMQswCQYDVQQG
|
|
EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw
|
|
DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG
|
|
Mks2MUZUSzIxOTAwMzM0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0
|
|
LmNvbTAeFw0yNTExMTQwMTMwNDFaFw0yODAyMTcwMTMwNDFaMIGdMQswCQYDVQQG
|
|
EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw
|
|
DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG
|
|
Mks2MUZUSzIxOTAwMzM0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0
|
|
LmNvbTCCA0gwggI6BgcqhkjOOAQBMIICLQKCAQEA61WmKkADZ3KCao4L/AZjFz58
|
|
tC1q2W0NaI+6VfpDy2bBd+/sqwGLPBdtNro3mkjLH/ItrAaaW4gafK96ZBShmMUf
|
|
F73xrL+wT/Mtb0HSuDvfYFof3iePiS5REoMWQ7KVOhbrIQIjgxP3kHXlxHd14E11
|
|
TN9mVM3gKlLrHawieALVROgsEC4ImBOCbDIAe3pmaZ9dP42itTKHWxjsXbbaveJN
|
|
ZTuF+4pzeuZSVsoKzQfQgQ7AH0iQQPqTVgIMxAtsQHX61oqA+BuLSnnalX+FUmlt
|
|
e9itHNB56cBrEL1Qiew8XQw3Avbcjf9jYY/cvCOZluw8E3AqCXNkPrK0+Np9fQIh
|
|
AP4dA29px4MxDjXiowNUMQ2tx9dyKjTlF/B0fJJidshZAoIBAQDFBpiWHOOJBR5E
|
|
i343f4GMs4yW1yZH4+8EY8s+P5USrQ6IfNuziVzVcnDUeBWsxS2mfG7p+BlBJvGy
|
|
t1SqTSNyCgqMxZevFx8SeHLa8vwF3t8YSl8gSEprSN4U+KRPKoxTgc/zhzSJAFNw
|
|
Qif6ysthDfBaqGA4hYA0O4Tex0Ue8fVmFgqj9TzEx0imSP0wyeyj7r530Gw5u7Nk
|
|
6M2Iv6B1lRDnL7VWlNTWQ3usG93HLyFUrDtHbR6UIA/Mnkb3esPzfiqiI2naThVS
|
|
iV3BOPD2gVKKPRxK5YGWnv8u4y5q5r1DG2onrCPj3vWOwpWbEgBhQ5LNDri5vd8C
|
|
CyQsP6+UA4IBBgACggEBAIWjSG8VQHRXnnrMuHLOGc5NMiJIUs+YNLS07EjH41D8
|
|
BDW2EwLW15k08ncXLCYmiK6bHfODFcQ0mSiY+XKefhsf+YAjMyKywOVt49Pn8b+x
|
|
qBFvw5Ri6/bl9YAx4gOjrIWAEYjX/CgCjEEhVkMSxjiYrPN/5ObuaC2LWTZNFQsY
|
|
WRZig4MFivfPQzXFsEAkTjLe/s5fe8ocVr6vtpjq527AP3R/TX9Oz2vbbFKAVIoP
|
|
AUnkmGgBNNwpliY9hBWiHi0o5w2XLnesRZMKh2WTpuZ3YYf07SHO42hfpfTMRyab
|
|
TQnOHa//dpjk9+m2gIKE72KQSq8vWtl3RxY6/GAA7ZSjIjAgMAkGA1UdEwQCMAAw
|
|
EwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYJYIZIAWUDBAMCA0kAMEYCIQCqxHciNf7/
|
|
axdCbb0hhowr/qBaszLxahN1+s3/oaLymgIhANqPdNoihVt71wGs/+5/wHBYI/TA
|
|
XZduYvFaQP26BoR6
|
|
-----END CERTIFICATE-----"
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_ECDSA256"
|
|
set password ENC gpQRj79xd0Q8p14DcAbHnnZ69L63jx/54A3+ay77PjtiiNZK/erFI+VHTZMBOKo9Wo1PTSPGbu85zI2/2js9a2jSZte0v59vlEDCgd0rkWYbMM6gfEZPV5W+nQANM7scvstkYu28NznKRCYnKIToC/dWm8WA71b4nSNmlrAq6W0O+2H9rrPEUplptZKWVzMJnA4pPVlmMjY3dkVA
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
MIHrMFYGCSqGSIb3DQEFDTBJMDEGCSqGSIb3DQEFDDAkBBA/MLeP5/VDksRDqLT7
|
|
Wc8HAgIIADAMBggqhkiG9w0CCQUAMBQGCCqGSIb3DQMHBAjRadB4HHrukQSBkMU1
|
|
OFZ3qzLS8HBBAx5Ydz3fmgd7VGXd/iXJw4mZBXqLXggGi584ieprFhOl1XGU1JWq
|
|
RgZzHZMLG7Cixg3GUdmeV6xffyIk/NkAGCjmx5Q0p8D+UmtzpPUrTmSf3SjWtrfc
|
|
DyFcn+BlPzTnY4dLXg92ZuDVhySOaLFO+uMUjnThH3OtbkU7eMqU10gsIP/weA==
|
|
-----END ENCRYPTED PRIVATE KEY-----"
|
|
set certificate "-----BEGIN CERTIFICATE-----
|
|
MIICVTCCAfqgAwIBAgIILNW6raUlg+YwCgYIKoZIzj0EAwIwgZ0xCzAJBgNVBAYT
|
|
AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
|
|
BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEYy
|
|
SzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
|
|
Y29tMB4XDTI1MTExNDAxMzA0MVoXDTI4MDIxNzAxMzA0MVowgZ0xCzAJBgNVBAYT
|
|
AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
|
|
BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEYy
|
|
SzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
|
|
Y29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXxZ/MH6nzGJ8Fe4edYEVjs48
|
|
WceypkDVTxMqxP8U6TRk3YjJMfncX1IsaIfFY3+s31nHBkYn2rjif6NJAK7HMaMi
|
|
MCAwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAKBggqhkjOPQQDAgNJ
|
|
ADBGAiEA+Tq+595Ky67PA4Z5H145qNL2oBuS0WWqKkD6Qswge3ACIQCe0jlkjdGl
|
|
gH6+9449jDcfsbFryxjwxlCWl9mx/3s/PQ==
|
|
-----END CERTIFICATE-----"
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_ECDSA384"
|
|
set password ENC OpCROx7w02UZiFNlsiKzxcNHzx+dY9UELqIgjZ4ddNeMl2tA50vAMW58rHHD9jwGak1VgMIjEhRibRWfbEB/XEn1A91iFeTEdgI0ktwWJaOEWEvNcwMyIAhElHrrJmbu2emwF5RLjYWjPwsBk5F8ZJ1U5uIdx5DU9goH49A0rOsgHkfSPXi1BFQEVVsj90zW7Z66l1lmMjY3dkVA
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
MIIBGzBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQTNprQny0tNdC7dcG
|
|
cxp4NAICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQILQSc5PY0uPwEgcDs
|
|
2VmU26v9bim0WBNfMc6l0cIglAA1PBrs0nBA68/DgQN+YDWB0YAXVZqc6dX7tn7c
|
|
r9R3trGKTlqV5Gx8I+Sd9tVp1tAsYDlPPzVpYulqISCTieJWWCK5fHSii2neQrrb
|
|
+kNM7zQRD3VLEE1ma87iiGfjNlJw0hTr+Cc7sUIQiJksN4d0NM/Ee5b3wj033mHh
|
|
CxhBQbYxA2YkcgbCo/Aesar9ZCTBw89wq+z71Pvm4xI8NHY7Nz932sFgQpL9AcU=
|
|
-----END ENCRYPTED PRIVATE KEY-----"
|
|
set certificate "-----BEGIN CERTIFICATE-----
|
|
MIICkjCCAhegAwIBAgIIG5QXpCktDM4wCgYIKoZIzj0EAwIwgZ0xCzAJBgNVBAYT
|
|
AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
|
|
BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEYy
|
|
SzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
|
|
Y29tMB4XDTI1MTExNDAxMzA0MVoXDTI4MDIxNzAxMzA0MVowgZ0xCzAJBgNVBAYT
|
|
AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
|
|
BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEYy
|
|
SzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
|
|
Y29tMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEVW+7K239Jc4XxkQBOEwxhPgjnXE6
|
|
Rcq4GTx5wmpsOLvGqKrCaVhVT6Z9lktEDYTMnC6OKk+cCyvp/fMoSUzXyYqyF+XU
|
|
NhTkZXLCrnBD58Hwfc/RviA9I5Plr+B7zRqHoyIwIDAJBgNVHRMEAjAAMBMGA1Ud
|
|
JQQMMAoGCCsGAQUFBwMBMAoGCCqGSM49BAMCA2kAMGYCMQDP7ndKMvBDNfWc+LFt
|
|
uPP9CfFbSkpVEEvLE62ZwP2BeXdA1csWm0vekFbFSh2/iUECMQC5Rj/cpwHCECCw
|
|
GwB0oPXBYv0bs6Hpioo+Dy4nEB91ikwjFUhojQ25TmTHw1IuXrY=
|
|
-----END CERTIFICATE-----"
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_ECDSA521"
|
|
set password ENC kzXmfbJRbMWfuhDvhBNv+FEh7igPz2DkP3yRnytmYxsMu/TI5J8zubTDNjevRl0YrGzuCLAelxvh1sZeFxRBL8XNiKIaCz0BZHTRSBl8BvgLCO1wp6t53eQsTYSPO+4/3ClWlxH8QzJlCFm7/LRSAmelZj+WtKL92Ul5IGiWQgbyaKOfNmsCq8bbR+ZOrgnHvaPgkllmMjY3dkVA
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
MIIBUzBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQABdLg4IbORZFkO05
|
|
oGIfeQICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQItflqPNES6BAEgfhO
|
|
TDp/OJ81SiJ8NWwhpzZjLfB0YDnk8oMkm9uOOdhuVJ4czORDnH/UARP67HTlgGWO
|
|
8qRGCk8gjcTY7cqxJD5iL5sbgpvPqmPBPocYhatYeoJzg59g//TJiYyDfecyuBdF
|
|
Tf8DadlpjKVMmv9WjrkUHLhuPlpAnoWD8w/T6WyqKJ3r7bB1TLWHT2c80Zj/NEEW
|
|
IctRjp0gpSz8ZDa4v6gJjXbdU7sOqy+3VFLYRCLLWwPqPq5szyUos/O0e4P5JjBm
|
|
6GzpFM0nlWsRAaySNWaj9Qw1efug7oL8a2q8skH8lAirrSz5tNbiG/QlfELqoLNf
|
|
//dIYm8N2Q==
|
|
-----END ENCRYPTED PRIVATE KEY-----"
|
|
set certificate "-----BEGIN CERTIFICATE-----
|
|
MIIC2zCCAj2gAwIBAgIIUhWueGMt38AwCgYIKoZIzj0EAwIwgZ0xCzAJBgNVBAYT
|
|
AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
|
|
BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEYy
|
|
SzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
|
|
Y29tMB4XDTI1MTExNDAxMzA0MVoXDTI4MDIxNzAxMzA0MVowgZ0xCzAJBgNVBAYT
|
|
AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
|
|
BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEYy
|
|
SzYxRlRLMjE5MDAzMzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
|
|
Y29tMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBWqFY/hXIuA6B3fE3Q0AINVCk
|
|
vkxEY3t9HpxMOqjeMxheL1c6HJf9K2QnC4qUGvCNYaQAr28Df43EDD58mQyXJMoA
|
|
WjUtO9toaW6WPeaK9/vcRabISf5cPv1n5tUEKakmYd7rV8YYThGZEJFvlShdTlFr
|
|
0bukZ8z+Y1H9YZFbdAmU2d+jIjAgMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYB
|
|
BQUHAwEwCgYIKoZIzj0EAwIDgYsAMIGHAkFLvKG8jXen3dXGnWJhz8rAes/Clp3w
|
|
MIkVFEisioof2RjQUooxsjXqgFxAJLSGKk39GE9+DpQEXzbNn3NtAt1DvwJCASGT
|
|
RTQYKsLZj2Abo40BunNKX88KPo7zkO+OuLfBxRaBc3VGRdu4qlDSg/LjaXOnAuO5
|
|
KmZtc8Ln0iqVyIJn0Xyp
|
|
-----END CERTIFICATE-----"
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_ED25519"
|
|
set password ENC JqmFz0uLlCOLymtofUZQFsx9ao4OZ4BMzvCbDyr+yZkx7VcatQwIjupvUt/LOoZPPrK0H3m+UBCc2k1JKz8WTAfHvjb3IYiNvCS/YNuzFddpv5Wo254b3hyu8sNMZ+3a/GrHJzcY+m6lZc6aRQJGteavtia6x/f7gBuTIDHh03Y7xMclJ5vYdIm2gAUupngqWVEiRFlmMjY3dkVA
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
MIGSMFYGCSqGSIb3DQEFDTBJMDEGCSqGSIb3DQEFDDAkBBA/F05S4n8w/Q1tqW05
|
|
fv83AgIIADAMBggqhkiG9w0CCQUAMBQGCCqGSIb3DQMHBAh9rTMaufOkOgQ4nHcf
|
|
sOaGX3SzyENPj7CQQlfPYYyTCKXFiJbpKTKsYPNmpizBFN+dFkQbeDNt3VP2W+lJ
|
|
k9x5Wow=
|
|
-----END ENCRYPTED PRIVATE KEY-----"
|
|
set certificate "-----BEGIN CERTIFICATE-----
|
|
MIICFDCCAcagAwIBAgIITBDvv7P69TMwBQYDK2VwMIGdMQswCQYDVQQGEwJVUzET
|
|
MBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREwDwYDVQQK
|
|
DAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBGMks2MUZU
|
|
SzIxOTAwMzM0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTAe
|
|
Fw0yNTExMTQwMTMwNDFaFw0yODAyMTcwMTMwNDFaMIGdMQswCQYDVQQGEwJVUzET
|
|
MBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREwDwYDVQQK
|
|
DAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBGMks2MUZU
|
|
SzIxOTAwMzM0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTAq
|
|
MAUGAytlcAMhAOEIJR0IxVpfDEnTkVHVFHWB2dR5y7YWirilObrB3wA9oyIwIDAJ
|
|
BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAUGAytlcANBALBY0q7ljU62
|
|
aGS4USbjVm27TNYyp5kLKKTxLKaUL1QRbR1i+yMl8BhWXPa1p/f2Se6owVtESFvT
|
|
VCBi0GLZOgw=
|
|
-----END CERTIFICATE-----"
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_ED448"
|
|
set password ENC ld1Ni1tQoV+sI4oLABMWcNoE6U+RkcGqUbqLkpPNhCViEgltWZDYSOhyWr8GJDNy3KosDAPvh8doQgk6iF1CqpypWzgDQPWBnLPo5aeXigwwtw9j0exV5FDewFXeQ535L06/gBDm3mfsTo4LKMhUH/Qb6KhcFAfcDz5xOoFrwrUNPqs3SCU9n1LentztxSy73cr4t1lmMjY3dkVA
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
MIGqMFYGCSqGSIb3DQEFDTBJMDEGCSqGSIb3DQEFDDAkBBBIjVwYTFJmmLhAkTHw
|
|
sj/6AgIIADAMBggqhkiG9w0CCQUAMBQGCCqGSIb3DQMHBAgavbMkZuRB6gRQjQR9
|
|
qEZcpSpq4Xnuq2xp30bhbJT/uEDw2k3dwBtdx/wP/yFY50BEPz76VOihf/JRZJ2Q
|
|
vbEvaKYG2AUNO91y8ZlxfEVCnK1mqXvJ58XsYFU=
|
|
-----END ENCRYPTED PRIVATE KEY-----"
|
|
set certificate "-----BEGIN CERTIFICATE-----
|
|
MIICXzCCAd+gAwIBAgIIUqB2V4LUdhEwBQYDK2VxMIGdMQswCQYDVQQGEwJVUzET
|
|
MBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREwDwYDVQQK
|
|
DAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBGMks2MUZU
|
|
SzIxOTAwMzM0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTAe
|
|
Fw0yNTExMTQwMTMwNDFaFw0yODAyMTcwMTMwNDFaMIGdMQswCQYDVQQGEwJVUzET
|
|
MBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREwDwYDVQQK
|
|
DAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBGMks2MUZU
|
|
SzIxOTAwMzM0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTBD
|
|
MAUGAytlcQM6AAn6asaIw/7cIyfljXliVKnU3VnxEDZEh9KIbyjEQd6yVnBOs0Ow
|
|
ZouU6IZyNgACdgHwjrDrtvWLAKMiMCAwCQYDVR0TBAIwADATBgNVHSUEDDAKBggr
|
|
BgEFBQcDATAFBgMrZXEDcwCqpxarhVT445RMmBoADOCGxmrRGmvaO48HCXtYJOvs
|
|
+EWF9/UZ9i/4hp6oXlDLApSfsfbfxCA+IQBShUUavyPENIKqTos8Wzwy8UG/O0zD
|
|
1CcB0l2Yd63XwzGbI2q1duj5Mq7IlVHCZMJaJNePEhdzJgA=
|
|
-----END CERTIFICATE-----"
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
end
|
|
config certificate crl
|
|
end
|
|
config ips sensor
|
|
edit "g-default"
|
|
set comment "Prevent critical attacks."
|
|
set replacemsg-group ''
|
|
set block-malicious-url disable
|
|
set scan-botnet-connections disable
|
|
set extended-log disable
|
|
config entries
|
|
edit 1
|
|
set location all
|
|
set severity medium high critical
|
|
set protocol all
|
|
set os all
|
|
set application all
|
|
set default-action all
|
|
set default-status all
|
|
unset last-modified
|
|
set status default
|
|
set log enable
|
|
set log-packet disable
|
|
set log-attack-context disable
|
|
set action default
|
|
set quarantine none
|
|
next
|
|
end
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "Monitor IPS attacks."
|
|
set replacemsg-group ''
|
|
set block-malicious-url disable
|
|
set scan-botnet-connections disable
|
|
set extended-log disable
|
|
config entries
|
|
edit 1
|
|
set location all
|
|
set severity medium high critical
|
|
set protocol all
|
|
set os all
|
|
set application all
|
|
set default-action all
|
|
set default-status all
|
|
unset last-modified
|
|
set status default
|
|
set log enable
|
|
set log-packet disable
|
|
set log-attack-context disable
|
|
set action default
|
|
set quarantine none
|
|
next
|
|
end
|
|
next
|
|
edit "g-wifi-default"
|
|
set comment "Default configuration for offloading WiFi traffic."
|
|
set replacemsg-group ''
|
|
set block-malicious-url disable
|
|
set scan-botnet-connections disable
|
|
set extended-log disable
|
|
config entries
|
|
edit 1
|
|
set location all
|
|
set severity medium high critical
|
|
set protocol all
|
|
set os all
|
|
set application all
|
|
set default-action all
|
|
set default-status all
|
|
unset last-modified
|
|
set status default
|
|
set log enable
|
|
set log-packet disable
|
|
set log-attack-context disable
|
|
set action default
|
|
set quarantine none
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config sctp-filter profile
|
|
end
|
|
config diameter-filter profile
|
|
end
|
|
config application list
|
|
edit "g-default"
|
|
set comment "Monitor all applications."
|
|
set replacemsg-group ''
|
|
set extended-log disable
|
|
set other-application-action pass
|
|
set app-replacemsg enable
|
|
set other-application-log disable
|
|
set enforce-default-app-port disable
|
|
set force-inclusion-ssl-di-sigs disable
|
|
set unknown-application-action pass
|
|
set unknown-application-log disable
|
|
unset p2p-block-list
|
|
set deep-app-inspection enable
|
|
set options allow-dns
|
|
config entries
|
|
edit 1
|
|
set protocols all
|
|
set vendor all
|
|
set technology all
|
|
set behavior all
|
|
set popularity 1 2 3 4 5
|
|
set action pass
|
|
set log enable
|
|
set log-packet disable
|
|
set session-ttl 0
|
|
set shaper ''
|
|
set shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set quarantine none
|
|
next
|
|
end
|
|
set control-default-network-services disable
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "Monitor all applications."
|
|
set replacemsg-group ''
|
|
set extended-log disable
|
|
set other-application-action pass
|
|
set app-replacemsg enable
|
|
set other-application-log disable
|
|
set enforce-default-app-port disable
|
|
set force-inclusion-ssl-di-sigs disable
|
|
set unknown-application-action pass
|
|
set unknown-application-log disable
|
|
unset p2p-block-list
|
|
set deep-app-inspection enable
|
|
unset options
|
|
config entries
|
|
edit 1
|
|
set protocols all
|
|
set vendor all
|
|
set technology all
|
|
set behavior all
|
|
set popularity 1 2 3 4 5
|
|
set action pass
|
|
set log enable
|
|
set log-packet disable
|
|
set session-ttl 0
|
|
set shaper ''
|
|
set shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set quarantine none
|
|
next
|
|
end
|
|
set control-default-network-services disable
|
|
next
|
|
edit "g-wifi-default"
|
|
set comment "Default configuration for offloading WiFi traffic."
|
|
set replacemsg-group ''
|
|
set extended-log disable
|
|
set other-application-action pass
|
|
set app-replacemsg enable
|
|
set other-application-log disable
|
|
set enforce-default-app-port disable
|
|
set force-inclusion-ssl-di-sigs disable
|
|
set unknown-application-action pass
|
|
set unknown-application-log disable
|
|
unset p2p-block-list
|
|
set deep-app-inspection disable
|
|
set options allow-dns
|
|
config entries
|
|
edit 1
|
|
set protocols all
|
|
set vendor all
|
|
set technology all
|
|
set behavior all
|
|
set popularity 1 2 3 4 5
|
|
set action pass
|
|
set log disable
|
|
set log-packet disable
|
|
set session-ttl 0
|
|
set shaper ''
|
|
set shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set quarantine none
|
|
next
|
|
end
|
|
set control-default-network-services disable
|
|
next
|
|
end
|
|
config dlp data-type
|
|
edit "g-edm-keyword"
|
|
set pattern ".+"
|
|
set verify ''
|
|
set match-around ''
|
|
set transform "/\\b\\0\\b/i"
|
|
set comment ''
|
|
next
|
|
edit "g-keyword"
|
|
set pattern "built-in"
|
|
set verify ''
|
|
set match-around ''
|
|
set transform ''
|
|
set comment ''
|
|
next
|
|
edit "g-regex"
|
|
set pattern "built-in"
|
|
set verify ''
|
|
set match-around ''
|
|
set transform ''
|
|
set comment ''
|
|
next
|
|
edit "g-hex"
|
|
set pattern "built-in"
|
|
set verify ''
|
|
set match-around ''
|
|
set transform ''
|
|
set comment ''
|
|
next
|
|
edit "g-mip-label"
|
|
set pattern "^[[:xdigit:]]{8}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{12}$"
|
|
set verify ''
|
|
set match-around ''
|
|
set transform "built-in"
|
|
set comment ''
|
|
next
|
|
edit "g-credit-card"
|
|
set pattern "\\b([2-6]{1}\\d{3})[- ]?(\\d{4})[- ]?(\\d{2})[- ]?(\\d{2})[- ]?(\\d{2,4})\\b"
|
|
set verify "builtin)credit-card"
|
|
set verify2 ''
|
|
set match-around ''
|
|
set look-back 20
|
|
set look-ahead 1
|
|
set transform "\\b\\1[- ]?\\2[- ]?\\3[- ]?\\4[- ]?\\5\\b"
|
|
set verify-transformed-pattern disable
|
|
set comment ''
|
|
next
|
|
edit "g-ssn-us"
|
|
set pattern "\\b(\\d{3})-(\\d{2})-(\\d{4})\\b"
|
|
set verify "(?<!-)\\b(?!666|000|9\\d{2})\\d{3}-(?!00)\\d{2}-(?!0{4})\\d{4}\\b(?!-)"
|
|
set verify2 ''
|
|
set match-around ''
|
|
set look-back 12
|
|
set look-ahead 1
|
|
set transform "\\b\\1-\\2-\\3\\b"
|
|
set verify-transformed-pattern disable
|
|
set comment ''
|
|
next
|
|
end
|
|
config dlp dictionary
|
|
end
|
|
config dlp exact-data-match
|
|
end
|
|
config dlp sensor
|
|
end
|
|
config dlp profile
|
|
edit "g-default"
|
|
set comment "Default profile."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
set dlp-log enable
|
|
set extended-log disable
|
|
set nac-quar-log disable
|
|
unset full-archive-proto
|
|
unset summary-proto
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "Log a summary of email and web traffic."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
set dlp-log enable
|
|
set extended-log disable
|
|
set nac-quar-log disable
|
|
unset full-archive-proto
|
|
set summary-proto smtp pop3 imap http-get http-post
|
|
next
|
|
end
|
|
config webfilter ips-urlfilter-cache-setting
|
|
set dns-retry-interval 0
|
|
set extended-ttl 0
|
|
end
|
|
config system ips-urlfilter-dns
|
|
end
|
|
config system ips-urlfilter-dns6
|
|
end
|
|
config antivirus profile
|
|
edit "g-default"
|
|
set comment "Scan files and block viruses."
|
|
set replacemsg-group ''
|
|
set feature-set flow
|
|
set mobile-malware-db enable
|
|
config http
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config ftp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config imap
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config pop3
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config smtp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config nntp
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config cifs
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config nac-quar
|
|
set infected none
|
|
set log disable
|
|
end
|
|
set outbreak-prevention-archive-scan disable
|
|
set external-blocklist-enable-all enable
|
|
set ems-threat-feed disable
|
|
set av-virus-log enable
|
|
set extended-log disable
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "Scan files and monitor viruses."
|
|
set replacemsg-group ''
|
|
set feature-set flow
|
|
set mobile-malware-db enable
|
|
config http
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config ftp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config imap
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config pop3
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config smtp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config nntp
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config cifs
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config nac-quar
|
|
set infected none
|
|
set log disable
|
|
end
|
|
set outbreak-prevention-archive-scan disable
|
|
set external-blocklist-enable-all enable
|
|
set ems-threat-feed disable
|
|
set av-virus-log enable
|
|
set extended-log disable
|
|
next
|
|
edit "g-wifi-default"
|
|
set comment "Default configuration for offloading WiFi traffic."
|
|
set replacemsg-group ''
|
|
set feature-set flow
|
|
set mobile-malware-db enable
|
|
config http
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config ftp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config imap
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config pop3
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config smtp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config nntp
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config cifs
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config nac-quar
|
|
set infected none
|
|
set log disable
|
|
end
|
|
set outbreak-prevention-archive-scan disable
|
|
set external-blocklist-enable-all enable
|
|
set ems-threat-feed disable
|
|
set av-virus-log enable
|
|
set extended-log disable
|
|
next
|
|
end
|
|
config file-filter profile
|
|
edit "g-default"
|
|
set comment "File type inspection."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
set log enable
|
|
set extended-log disable
|
|
set scan-archive-contents enable
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "File type inspection."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
set log enable
|
|
set extended-log disable
|
|
set scan-archive-contents enable
|
|
next
|
|
end
|
|
config webfilter profile
|
|
edit "g-default"
|
|
set comment "Default web filtering."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
unset options
|
|
set https-replacemsg enable
|
|
set web-flow-log-encoding utf-8
|
|
unset ovrd-perm
|
|
set post-action normal
|
|
config override
|
|
set ovrd-cookie deny
|
|
set ovrd-scope user
|
|
set profile-type list
|
|
set ovrd-dur-mode constant
|
|
set ovrd-dur 15m
|
|
end
|
|
config web
|
|
set bword-threshold 10
|
|
set blocklist disable
|
|
unset allowlist
|
|
unset safe-search
|
|
end
|
|
config ftgd-wf
|
|
unset options
|
|
unset ovrd
|
|
config filters
|
|
edit 1
|
|
set category 0
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 2
|
|
set category 2
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 3
|
|
set category 7
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 4
|
|
set category 8
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 5
|
|
set category 9
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 6
|
|
set category 11
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 7
|
|
set category 12
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 8
|
|
set category 13
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 9
|
|
set category 14
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 10
|
|
set category 15
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 11
|
|
set category 16
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 12
|
|
set category 26
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 13
|
|
set category 57
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 14
|
|
set category 61
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 15
|
|
set category 63
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 16
|
|
set category 64
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 17
|
|
set category 65
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 18
|
|
set category 66
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 19
|
|
set category 67
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 20
|
|
set category 86
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 21
|
|
set category 88
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 22
|
|
set category 90
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 23
|
|
set category 91
|
|
set action block
|
|
set log enable
|
|
next
|
|
end
|
|
set rate-javascript-urls enable
|
|
set rate-css-urls enable
|
|
set rate-crl-urls enable
|
|
end
|
|
set wisp disable
|
|
set log-all-url disable
|
|
set web-content-log enable
|
|
set web-filter-command-block-log enable
|
|
set web-filter-cookie-log enable
|
|
set web-url-log enable
|
|
set web-invalid-domain-log enable
|
|
set web-ftgd-err-log enable
|
|
set extended-log disable
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "Monitor web traffic."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
unset options
|
|
set https-replacemsg enable
|
|
set web-flow-log-encoding utf-8
|
|
unset ovrd-perm
|
|
set post-action normal
|
|
config override
|
|
set ovrd-cookie deny
|
|
set ovrd-scope user
|
|
set profile-type list
|
|
set ovrd-dur-mode constant
|
|
set ovrd-dur 15m
|
|
end
|
|
config web
|
|
set bword-threshold 10
|
|
set blocklist disable
|
|
unset allowlist
|
|
unset safe-search
|
|
end
|
|
config ftgd-wf
|
|
set options ftgd-disable
|
|
unset ovrd
|
|
config filters
|
|
edit 1
|
|
set category 0
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 2
|
|
set category 1
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 3
|
|
set category 2
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 4
|
|
set category 3
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 5
|
|
set category 4
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 6
|
|
set category 5
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 7
|
|
set category 6
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 8
|
|
set category 7
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 9
|
|
set category 8
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 10
|
|
set category 9
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 11
|
|
set category 11
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 12
|
|
set category 12
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 13
|
|
set category 13
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 14
|
|
set category 14
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 15
|
|
set category 15
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 16
|
|
set category 16
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 17
|
|
set category 17
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 18
|
|
set category 18
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 19
|
|
set category 19
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 20
|
|
set category 20
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 21
|
|
set category 23
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 22
|
|
set category 24
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 23
|
|
set category 25
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 24
|
|
set category 26
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 25
|
|
set category 28
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 26
|
|
set category 29
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 27
|
|
set category 30
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 28
|
|
set category 31
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 29
|
|
set category 33
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 30
|
|
set category 34
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 31
|
|
set category 35
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 32
|
|
set category 36
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 33
|
|
set category 37
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 34
|
|
set category 38
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 35
|
|
set category 39
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 36
|
|
set category 40
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 37
|
|
set category 41
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 38
|
|
set category 42
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 39
|
|
set category 43
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 40
|
|
set category 44
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 41
|
|
set category 46
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 42
|
|
set category 47
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 43
|
|
set category 48
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 44
|
|
set category 49
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 45
|
|
set category 50
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 46
|
|
set category 51
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 47
|
|
set category 52
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 48
|
|
set category 53
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 49
|
|
set category 54
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 50
|
|
set category 55
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 51
|
|
set category 56
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 52
|
|
set category 57
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 53
|
|
set category 58
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 54
|
|
set category 59
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 55
|
|
set category 61
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 56
|
|
set category 62
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 57
|
|
set category 63
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 58
|
|
set category 64
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 59
|
|
set category 65
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 60
|
|
set category 66
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 61
|
|
set category 67
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 62
|
|
set category 68
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 63
|
|
set category 69
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 64
|
|
set category 70
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 65
|
|
set category 71
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 66
|
|
set category 72
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 67
|
|
set category 75
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 68
|
|
set category 76
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 69
|
|
set category 77
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 70
|
|
set category 78
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 71
|
|
set category 79
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 72
|
|
set category 80
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 73
|
|
set category 81
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 74
|
|
set category 82
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 75
|
|
set category 83
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 76
|
|
set category 84
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 77
|
|
set category 85
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 78
|
|
set category 86
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 79
|
|
set category 87
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 80
|
|
set category 88
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 81
|
|
set category 89
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 82
|
|
set category 90
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 83
|
|
set category 91
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 84
|
|
set category 92
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 85
|
|
set category 93
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 86
|
|
set category 94
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 87
|
|
set category 95
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
end
|
|
set rate-javascript-urls enable
|
|
set rate-css-urls enable
|
|
set rate-crl-urls enable
|
|
end
|
|
set wisp disable
|
|
set log-all-url disable
|
|
set web-content-log enable
|
|
set web-filter-command-block-log enable
|
|
set web-filter-cookie-log enable
|
|
set web-url-log enable
|
|
set web-invalid-domain-log enable
|
|
set web-ftgd-err-log enable
|
|
set extended-log disable
|
|
next
|
|
edit "g-wifi-default"
|
|
set comment "Default configuration for offloading WiFi traffic."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
set options block-invalid-url
|
|
set https-replacemsg enable
|
|
set web-flow-log-encoding utf-8
|
|
unset ovrd-perm
|
|
set post-action normal
|
|
config override
|
|
set ovrd-cookie deny
|
|
set ovrd-scope user
|
|
set profile-type list
|
|
set ovrd-dur-mode constant
|
|
set ovrd-dur 15m
|
|
end
|
|
config web
|
|
set bword-threshold 10
|
|
set blocklist disable
|
|
unset allowlist
|
|
unset safe-search
|
|
end
|
|
config ftgd-wf
|
|
unset options
|
|
unset ovrd
|
|
config filters
|
|
edit 1
|
|
set category 0
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 2
|
|
set category 2
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 3
|
|
set category 7
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 4
|
|
set category 8
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 5
|
|
set category 9
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 6
|
|
set category 11
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 7
|
|
set category 12
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 8
|
|
set category 13
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 9
|
|
set category 14
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 10
|
|
set category 15
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 11
|
|
set category 16
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 12
|
|
set category 26
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 13
|
|
set category 57
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 14
|
|
set category 61
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 15
|
|
set category 63
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 16
|
|
set category 64
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 17
|
|
set category 65
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 18
|
|
set category 66
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 19
|
|
set category 67
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 20
|
|
set category 86
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 21
|
|
set category 88
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 22
|
|
set category 90
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 23
|
|
set category 91
|
|
set action block
|
|
set log enable
|
|
next
|
|
end
|
|
set rate-javascript-urls enable
|
|
set rate-css-urls enable
|
|
set rate-crl-urls enable
|
|
end
|
|
set wisp disable
|
|
set log-all-url disable
|
|
set web-content-log enable
|
|
set web-filter-command-block-log enable
|
|
set web-filter-cookie-log enable
|
|
set web-url-log enable
|
|
set web-invalid-domain-log enable
|
|
set web-ftgd-err-log enable
|
|
set extended-log disable
|
|
next
|
|
end
|
|
config webfilter fortiguard
|
|
set cache-mode ttl
|
|
set cache-prefix-match enable
|
|
set cache-mem-permille 1
|
|
set ovrd-auth-port-http 8008
|
|
set ovrd-auth-port-https 8010
|
|
set ovrd-auth-port-https-flow 8015
|
|
set ovrd-auth-port-warning 8020
|
|
set ovrd-auth-https enable
|
|
set warn-auth-https enable
|
|
set close-ports disable
|
|
set request-packet-size-limit 0
|
|
set embed-image enable
|
|
end
|
|
config webfilter search-engine
|
|
edit "g-google"
|
|
set hostname ".*\\.google\\..*"
|
|
set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
|
|
set query "q="
|
|
set safesearch url
|
|
set safesearch-str "&safe=active"
|
|
next
|
|
edit "g-yahoo"
|
|
set hostname ".*\\.yahoo\\..*"
|
|
set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
|
|
set query "p="
|
|
set safesearch url
|
|
set safesearch-str "&vm=r"
|
|
next
|
|
edit "g-bing"
|
|
set hostname ".*\\.bing\\..*"
|
|
set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
|
|
set query "q="
|
|
set safesearch header
|
|
next
|
|
edit "g-yandex"
|
|
set hostname "yandex\\..*"
|
|
set url "^\\/((|yand|images\\/|video\\/)(search)|search\\/)\\?"
|
|
set query "text="
|
|
set safesearch url
|
|
set safesearch-str "&family=yes"
|
|
next
|
|
edit "g-youtube"
|
|
set hostname ".*youtube.*"
|
|
set url ''
|
|
set query ''
|
|
set safesearch header
|
|
next
|
|
edit "g-baidu"
|
|
set hostname ".*\\.baidu\\.com"
|
|
set url "^\\/s?\\?"
|
|
set query "wd="
|
|
set safesearch disable
|
|
next
|
|
edit "g-baidu2"
|
|
set hostname ".*\\.baidu\\.com"
|
|
set url "^\\/(ns|q|m|i|v)\\?"
|
|
set query "word="
|
|
set safesearch disable
|
|
next
|
|
edit "g-baidu3"
|
|
set hostname "tieba\\.baidu\\.com"
|
|
set url "^\\/f\\?"
|
|
set query "kw="
|
|
set safesearch disable
|
|
next
|
|
edit "g-vimeo"
|
|
set hostname ".*vimeo.*"
|
|
set url "^\\/search\\?"
|
|
set query "q="
|
|
set safesearch header
|
|
next
|
|
edit "g-yt-scan-1"
|
|
set hostname ''
|
|
set url "www.youtube.com/user/"
|
|
set query ''
|
|
set safesearch yt-scan
|
|
next
|
|
edit "g-yt-scan-2"
|
|
set hostname ''
|
|
set url "www.youtube.com/youtubei/v1/browse"
|
|
set query ''
|
|
set safesearch yt-scan
|
|
next
|
|
edit "g-yt-scan-3"
|
|
set hostname ''
|
|
set url "www.youtube.com/youtubei/v1/player"
|
|
set query ''
|
|
set safesearch yt-scan
|
|
next
|
|
edit "g-yt-scan-4"
|
|
set hostname ''
|
|
set url "www.youtube.com/youtubei/v1/navigator"
|
|
set query ''
|
|
set safesearch yt-scan
|
|
next
|
|
edit "g-yt-channel"
|
|
set hostname ''
|
|
set url "www.youtube.com/channel"
|
|
set query ''
|
|
set safesearch yt-channel
|
|
next
|
|
edit "g-yt-pattern"
|
|
set hostname ''
|
|
set url "youtube.com/channel/"
|
|
set query ''
|
|
set safesearch yt-pattern
|
|
next
|
|
edit "g-twitter"
|
|
set hostname "twitter\\.com"
|
|
set url "^\\/i\\/api\\/graphql\\/.*\\/UserByScreenName"
|
|
set query "variables="
|
|
set safesearch translate
|
|
set safesearch-str "regex::%22screen_name%22:%22([A-Za-z0-9_]{4,15})%22::twitter.com/\\1"
|
|
next
|
|
edit "g-google-translate-1"
|
|
set hostname "translate\\.google\\..*"
|
|
set url "^\\/translate"
|
|
set query "u="
|
|
set safesearch translate
|
|
set safesearch-str "regex::(?:\\?|&)u=([^&]+)::\\1"
|
|
next
|
|
edit "g-google-translate-2"
|
|
set hostname ".*\\.translate\\.goog"
|
|
set url "^\\/"
|
|
set query ''
|
|
set safesearch translate
|
|
set safesearch-str "case::google-translate"
|
|
next
|
|
end
|
|
config virtual-patch profile
|
|
edit "g-default"
|
|
set comment ''
|
|
set severity info low medium high critical
|
|
set action block
|
|
set log enable
|
|
next
|
|
end
|
|
config wanopt content-delivery-network-rule
|
|
edit "vcache://"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode all
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.m3u8"
|
|
next
|
|
end
|
|
config content-id
|
|
set target hls-manifest
|
|
set start-str "/"
|
|
set start-skip 0
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
edit "rule2"
|
|
set match-mode all
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.mpd"
|
|
next
|
|
end
|
|
config content-id
|
|
set target dash-manifest
|
|
set start-str "/"
|
|
set start-skip 0
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
edit "rule3"
|
|
set match-mode all
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.ts"
|
|
next
|
|
end
|
|
config content-id
|
|
set target hls-fragment
|
|
set start-str "/"
|
|
set start-skip 0
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
edit "rule4"
|
|
set match-mode all
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.*"
|
|
next
|
|
end
|
|
config content-id
|
|
set target dash-fragment
|
|
set start-str "/"
|
|
set start-skip 0
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://youtube/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "youtube.com"
|
|
set category youtube
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires disable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode all
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/videoplayback"
|
|
next
|
|
end
|
|
config content-id
|
|
set target youtube-id
|
|
set start-str "v="
|
|
set start-skip 2
|
|
set start-direction forward
|
|
set end-str "&"
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
edit "rule2"
|
|
set match-mode all
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/videoplayback"
|
|
next
|
|
end
|
|
config content-id
|
|
set target youtube-id
|
|
set start-str "v="
|
|
set start-skip 2
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
edit "rule3"
|
|
set match-mode any
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/stream_204"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "/ptracking"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "/get_video_info"
|
|
next
|
|
end
|
|
config content-id
|
|
set target youtube-map
|
|
set start-str "/"
|
|
set start-skip 0
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://googlevideo/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "googlevideo.com"
|
|
set category youtube
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires disable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode all
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/videoplayback"
|
|
next
|
|
end
|
|
config content-id
|
|
set target youtube-id
|
|
set start-str "v="
|
|
set start-skip 2
|
|
set start-direction forward
|
|
set end-str "&"
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
edit "rule2"
|
|
set match-mode all
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/videoplayback"
|
|
next
|
|
end
|
|
config content-id
|
|
set target youtube-id
|
|
set start-str "v="
|
|
set start-skip 2
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
edit "rule3"
|
|
set match-mode any
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/stream_204"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "/ptracking"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "/get_video_info"
|
|
next
|
|
end
|
|
config content-id
|
|
set target youtube-map
|
|
set start-str "/"
|
|
set start-skip 0
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://metacafe/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "mccont.com" "akvideos.metacafe.com" "cdn.metacafe.com"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode any
|
|
set skip-rule-mode any
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.flv"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "/*.mp4"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "/*.ts"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://facebook/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "fbcdn.net" "facebook.com"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode any
|
|
set skip-rule-mode any
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.flv"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "/*.mp4"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "/*.ts"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://dailymotion/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "dailymotion.com" "dmcdn.net"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode any
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/video/*.mp4"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "/video/*.flv"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "/video/*.ts"
|
|
next
|
|
edit 4
|
|
set target path
|
|
set pattern "/video/*.on2"
|
|
next
|
|
edit 5
|
|
set target path
|
|
set pattern "/video/*.aac"
|
|
next
|
|
edit 6
|
|
set target path
|
|
set pattern "/video/*.h264"
|
|
next
|
|
edit 7
|
|
set target path
|
|
set pattern "/video/*.h263"
|
|
next
|
|
edit 8
|
|
set target path
|
|
set pattern "/sec*.mp4"
|
|
next
|
|
edit 9
|
|
set target path
|
|
set pattern "/sec*.flv"
|
|
next
|
|
edit 10
|
|
set target path
|
|
set pattern "/sec*.on2"
|
|
next
|
|
edit 11
|
|
set target path
|
|
set pattern "/sec*.aac"
|
|
next
|
|
edit 12
|
|
set target path
|
|
set pattern "/sec*.h264"
|
|
next
|
|
edit 13
|
|
set target path
|
|
set pattern "/sec*.h263"
|
|
next
|
|
edit 14
|
|
set target path
|
|
set pattern "*.ts"
|
|
next
|
|
end
|
|
config skip-entries
|
|
edit 1
|
|
set target parameter
|
|
set pattern "start=*"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://break/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "break.com" "0ebe.edgecastcdn.net"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode any
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/dnet/media/*.flv"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "/dnet/media/*.mp4"
|
|
next
|
|
end
|
|
config skip-entries
|
|
edit 1
|
|
set target parameter
|
|
set pattern "ec_seek=*"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
edit "rule2"
|
|
set match-mode all
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.mp4*"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "*Seg*"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "*Frag*"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://msn/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "video.msn.com"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode any
|
|
set skip-rule-mode any
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.flv"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "/*.mp4"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "/*.ts"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://llnwd/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "llnwd.net"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode any
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.flv"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "/*.mp4"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "/*.fll"
|
|
next
|
|
end
|
|
config skip-entries
|
|
edit 1
|
|
set target parameter
|
|
set pattern "fs=*"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://yahoo/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "yimg.com"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode any
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.flv"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "/*.mp4"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "/*.m4s"
|
|
next
|
|
end
|
|
config content-id
|
|
set target parameter
|
|
set start-str "vid="
|
|
set start-skip 0
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://myspace/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "myspacecdn.com"
|
|
set category vcache
|
|
set request-cache-control enable
|
|
set response-cache-control enable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode any
|
|
set skip-rule-mode any
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.flv"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "/*.mp4"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "/*.ts"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://vimeo/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "vimeo.com" "vimeocdn.com" "56skyfiregce-a.akamaihd.net"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode any
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.flv"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "/*.mp4"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "/*.m4s"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://blip.tv/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "blip.tv"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode any
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.m4v"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "/*.flv"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "/*.mp4"
|
|
next
|
|
edit 4
|
|
set target path
|
|
set pattern "/*.wmv"
|
|
next
|
|
edit 5
|
|
set target path
|
|
set pattern "/*.rm"
|
|
next
|
|
edit 6
|
|
set target path
|
|
set pattern "/*.ram"
|
|
next
|
|
edit 7
|
|
set target path
|
|
set pattern "/*.mov"
|
|
next
|
|
edit 8
|
|
set target path
|
|
set pattern "/*.avi"
|
|
next
|
|
end
|
|
config skip-entries
|
|
edit 1
|
|
set target parameter
|
|
set pattern "ms=*"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://maker.tv/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "videos-f.jwpsrv.com"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode any
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.ts"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://aol/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "stream.aol.com" "5min.com" "vidiblevod-vh.akamaihd.net" "stg-ec-ore-u.uplynk.com" "vidible.tv"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode all
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.mp4"
|
|
next
|
|
end
|
|
config skip-entries
|
|
edit 1
|
|
set target parameter
|
|
set pattern "*timeoffset=*"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
edit "rule2"
|
|
set match-mode all
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.ts"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://clipfish/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "clipfish.de" "universal-music.de"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode any
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.flv"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "/*.f4v"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "/*.mp4"
|
|
next
|
|
edit 4
|
|
set target path
|
|
set pattern "/*.m4v"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://cnn/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "cnn-vh.akamaihd.net"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode all
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.flv*"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "*Seg*"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "*Frag*"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
edit "rule2"
|
|
set match-mode all
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.mp4*"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "*Seg*"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "*Frag*"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
edit "rule3"
|
|
set match-mode all
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.ts*"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "*Seg*"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "*Frag*"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://foxnews/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "foxnews.com" "foxnews-f.akamaihd.net"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode all
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.mp4*"
|
|
next
|
|
edit 2
|
|
set target parameter
|
|
set pattern "*Seg*"
|
|
next
|
|
edit 3
|
|
set target parameter
|
|
set pattern "*Frag*"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://discovery/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "discovery.com" "discidevflash-f.akamaihd.net"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode any
|
|
set skip-rule-mode any
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.flv"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "/*.mp4"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "/*.ts"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://liveleak/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "edge.liveleak.com" "cdn.liveleak.com"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode all
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.flv"
|
|
next
|
|
edit 2
|
|
set target parameter
|
|
set pattern "*seek=0"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
edit "rule2"
|
|
set match-mode all
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.mp4"
|
|
next
|
|
edit 2
|
|
set target parameter
|
|
set pattern "*seek=0"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
edit "rule3"
|
|
set match-mode all
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.wmv"
|
|
next
|
|
edit 2
|
|
set target parameter
|
|
set pattern "*seek=0"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://sevenload/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "sevenload.com"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode any
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.flv"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "/*.mp4"
|
|
next
|
|
end
|
|
config skip-entries
|
|
edit 1
|
|
set target parameter
|
|
set pattern "aktimeoffset=*"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://stupidvideos/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "stupidvideos.com"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode any
|
|
set skip-rule-mode any
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.flv"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "/*.mp4"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "/*.ts"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://howcast/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "media.howcast.com"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode any
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.flv"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "/*.mp4"
|
|
next
|
|
end
|
|
config skip-entries
|
|
edit 1
|
|
set target parameter
|
|
set pattern "start=*"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://vevo/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "vevo.com"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode any
|
|
set skip-rule-mode any
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.flv"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "/*.mp4"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "/*.ts"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://ooyala/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "ooyala.com"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode all
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "*Seg*"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "*Frag*"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://ms-ads/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "msads.net"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode any
|
|
set skip-rule-mode any
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.flv"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "/*.mp4"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "/*.ts"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://yumenetworks-ads/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "yumenetworks.com"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode any
|
|
set skip-rule-mode any
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.flv"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "/*.mp4"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "/*.ts"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://2mdn-ads/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "2mdn.net"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode any
|
|
set skip-rule-mode any
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.flv"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "/*.mp4"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "/*.ts"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://eyewonder-ads/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "eyewonder.com"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode any
|
|
set skip-rule-mode any
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.flv"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "/*.mp4"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "/*.ts"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://eyereturn-ads/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "eyereturn.com"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode any
|
|
set skip-rule-mode any
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.flv"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "/*.mp4"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "/*.ts"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://serving-sys-ads/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "serving-sys.com"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode any
|
|
set skip-rule-mode any
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.flv"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "/*.mp4"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "/*.ts"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://amazonaws-ads/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "amazonaws.com"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode any
|
|
set skip-rule-mode any
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.flv"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "/*.mp4"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "/*.ts"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://edgesuite-ads/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "edgesuite.net"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode any
|
|
set skip-rule-mode any
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.flv"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "/*.mp4"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "/*.ts"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://gorillanation-ads/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "video.gorillanation.com"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode any
|
|
set skip-rule-mode any
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/*.flv"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "/*.mp4"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "/*.ts"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://youku/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode all
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/youku/*.mp4"
|
|
next
|
|
edit 2
|
|
set target parameter
|
|
set pattern "*start=0"
|
|
next
|
|
end
|
|
config content-id
|
|
set target youku-id
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction backward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
edit "rule2"
|
|
set match-mode all
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/youku/*.flv"
|
|
next
|
|
edit 2
|
|
set target parameter
|
|
set pattern "*start=0"
|
|
next
|
|
end
|
|
config content-id
|
|
set target youku-id
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction backward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
edit "rule3"
|
|
set match-mode all
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/youku/*.kux"
|
|
next
|
|
edit 2
|
|
set target parameter
|
|
set pattern "*start=0"
|
|
next
|
|
end
|
|
config content-id
|
|
set target youku-id
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction backward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
edit "rule4"
|
|
set match-mode all
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/youku/*.mp4"
|
|
next
|
|
end
|
|
config skip-entries
|
|
edit 1
|
|
set target parameter
|
|
set pattern "*start=*"
|
|
next
|
|
end
|
|
config content-id
|
|
set target youku-id
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction backward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
edit "rule5"
|
|
set match-mode all
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/youku/*.flv"
|
|
next
|
|
end
|
|
config skip-entries
|
|
edit 1
|
|
set target parameter
|
|
set pattern "*start=*"
|
|
next
|
|
end
|
|
config content-id
|
|
set target youku-id
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction backward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
edit "rule6"
|
|
set match-mode all
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/youku/*.kux"
|
|
next
|
|
end
|
|
config skip-entries
|
|
edit 1
|
|
set target parameter
|
|
set pattern "*start=*"
|
|
next
|
|
end
|
|
config content-id
|
|
set target youku-id
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction backward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://tudou/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode all
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/f4v/*"
|
|
next
|
|
edit 2
|
|
set target parameter
|
|
set pattern "*id=tudou*"
|
|
next
|
|
end
|
|
config skip-entries
|
|
edit 1
|
|
set target parameter
|
|
set pattern "*begin=*"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction backward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://cbc/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "cbc.ca" "mobilehls-vh.akamaihd.net"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode all
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "*.mp4*"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "*Seg*"
|
|
next
|
|
edit 3
|
|
set target path
|
|
set pattern "*Frag*"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
edit "rule2"
|
|
set match-mode any
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "*.ts"
|
|
next
|
|
edit 2
|
|
set target path
|
|
set pattern "*.mp4"
|
|
next
|
|
end
|
|
config content-id
|
|
set target path
|
|
set start-str "/"
|
|
set start-skip 1
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "vcache://megaupload/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "megaupload.com"
|
|
set category vcache
|
|
set request-cache-control disable
|
|
set response-cache-control disable
|
|
set response-expires enable
|
|
set updateserver disable
|
|
config rules
|
|
edit "rule1"
|
|
set match-mode all
|
|
set skip-rule-mode all
|
|
config match-entries
|
|
edit 1
|
|
set target path
|
|
set pattern "/files/*"
|
|
next
|
|
end
|
|
config content-id
|
|
set target referrer
|
|
set start-str "d="
|
|
set start-skip 2
|
|
set start-direction forward
|
|
set end-str ''
|
|
set end-skip 0
|
|
set end-direction forward
|
|
set range-str ''
|
|
end
|
|
next
|
|
end
|
|
next
|
|
edit "update://windowsupdate/"
|
|
set comment "Static entries are not allowed to change except disable."
|
|
set status enable
|
|
set host-domain-name-suffix "download.windowsupdate.com"
|
|
set category vcache
|
|
set request-cache-control enable
|
|
set response-cache-control enable
|
|
set response-expires enable
|
|
set updateserver enable
|
|
next
|
|
end
|
|
config wanopt cache-service
|
|
set prefer-scenario balance
|
|
set collaboration disable
|
|
set device-id "default_dev_id"
|
|
set acceptable-connections any
|
|
end
|
|
config wanopt remote-storage
|
|
set status disable
|
|
end
|
|
config system resource-limits
|
|
set log-disk-quota 703406
|
|
end
|
|
config system vdom-property
|
|
edit "root"
|
|
set description "property limits for vdom root"
|
|
set snmp-index 1
|
|
set session 0 0
|
|
set ipsec-phase1 0 0
|
|
set ipsec-phase2 0 0
|
|
set ipsec-phase1-interface 0 0
|
|
set ipsec-phase2-interface 0 0
|
|
set dialup-tunnel 0 0
|
|
set firewall-policy 0 0
|
|
set firewall-address 0 0
|
|
set firewall-addrgrp 0 0
|
|
set custom-service 0 0
|
|
set service-group 0 0
|
|
set onetime-schedule 0 0
|
|
set recurring-schedule 0 0
|
|
set user 0 0
|
|
set user-group 0 0
|
|
set sslvpn 0 0
|
|
set proxy 0 0
|
|
set log-disk-quota 0 0
|
|
next
|
|
edit "Policy"
|
|
set description "property limits for vdom Policy"
|
|
set snmp-index 4
|
|
set session 0 0
|
|
set ipsec-phase1 0 0
|
|
set ipsec-phase2 0 0
|
|
set ipsec-phase1-interface 0 0
|
|
set ipsec-phase2-interface 0 0
|
|
set dialup-tunnel 0 0
|
|
set firewall-policy 0 0
|
|
set firewall-address 0 0
|
|
set firewall-addrgrp 0 0
|
|
set custom-service 0 0
|
|
set service-group 0 0
|
|
set onetime-schedule 0 0
|
|
set recurring-schedule 0 0
|
|
set user 0 0
|
|
set user-group 0 0
|
|
set sslvpn 0 0
|
|
set proxy 0 0
|
|
set log-disk-quota 0 0
|
|
next
|
|
edit "TEST"
|
|
set description "property limits for vdom TEST"
|
|
set snmp-index 3
|
|
set session 0 0
|
|
set ipsec-phase1 0 0
|
|
set ipsec-phase2 0 0
|
|
set ipsec-phase1-interface 0 0
|
|
set ipsec-phase2-interface 0 0
|
|
set dialup-tunnel 0 0
|
|
set firewall-policy 0 0
|
|
set firewall-address 0 0
|
|
set firewall-addrgrp 0 0
|
|
set custom-service 0 0
|
|
set service-group 0 0
|
|
set onetime-schedule 0 0
|
|
set recurring-schedule 0 0
|
|
set user 0 0
|
|
set user-group 0 0
|
|
set sslvpn 0 0
|
|
set proxy 0 0
|
|
set log-disk-quota 0 0
|
|
next
|
|
edit "scsd"
|
|
set description "property limits for vdom scsd"
|
|
set snmp-index 2
|
|
set session 0 0
|
|
set ipsec-phase1 0 0
|
|
set ipsec-phase2 0 0
|
|
set ipsec-phase1-interface 0 0
|
|
set ipsec-phase2-interface 0 0
|
|
set dialup-tunnel 0 0
|
|
set firewall-policy 0 0
|
|
set firewall-address 0 0
|
|
set firewall-addrgrp 0 0
|
|
set custom-service 0 0
|
|
set service-group 0 0
|
|
set onetime-schedule 0 0
|
|
set recurring-schedule 0 0
|
|
set user 0 0
|
|
set user-group 0 0
|
|
set sslvpn 0 0
|
|
set proxy 0 0
|
|
set log-disk-quota 0 0
|
|
next
|
|
end
|
|
config log syslogd setting
|
|
set status disable
|
|
end
|
|
config log syslogd2 setting
|
|
set status disable
|
|
end
|
|
config log syslogd3 setting
|
|
set status disable
|
|
end
|
|
config log syslogd4 setting
|
|
set status disable
|
|
end
|
|
config log webtrends setting
|
|
set status disable
|
|
end
|
|
config log memory global-setting
|
|
set max-size 507278663
|
|
set full-first-warning-threshold 75
|
|
set full-second-warning-threshold 90
|
|
set full-final-warning-threshold 95
|
|
end
|
|
config log syslogd filter
|
|
set severity error
|
|
set forward-traffic enable
|
|
set local-traffic enable
|
|
set multicast-traffic enable
|
|
set sniffer-traffic enable
|
|
set ztna-traffic enable
|
|
set anomaly enable
|
|
set voip enable
|
|
set gtp enable
|
|
set forti-switch enable
|
|
end
|
|
config log syslogd2 filter
|
|
set severity information
|
|
set forward-traffic enable
|
|
set local-traffic enable
|
|
set multicast-traffic enable
|
|
set sniffer-traffic enable
|
|
set ztna-traffic enable
|
|
set anomaly enable
|
|
set voip enable
|
|
set gtp enable
|
|
set forti-switch enable
|
|
end
|
|
config log syslogd3 filter
|
|
set severity information
|
|
set forward-traffic enable
|
|
set local-traffic enable
|
|
set multicast-traffic enable
|
|
set sniffer-traffic enable
|
|
set ztna-traffic enable
|
|
set anomaly enable
|
|
set voip enable
|
|
set gtp enable
|
|
set forti-switch enable
|
|
end
|
|
config log syslogd4 filter
|
|
set severity information
|
|
set forward-traffic enable
|
|
set local-traffic enable
|
|
set multicast-traffic enable
|
|
set sniffer-traffic enable
|
|
set ztna-traffic enable
|
|
set anomaly enable
|
|
set voip enable
|
|
set gtp enable
|
|
set forti-switch enable
|
|
end
|
|
config log webtrends filter
|
|
set severity information
|
|
set forward-traffic enable
|
|
set local-traffic enable
|
|
set multicast-traffic enable
|
|
set sniffer-traffic enable
|
|
set ztna-traffic enable
|
|
set anomaly enable
|
|
set voip enable
|
|
set gtp enable
|
|
set forti-switch enable
|
|
end
|
|
config log fortiguard setting
|
|
set status disable
|
|
set access-config enable
|
|
set source-ip 0.0.0.0
|
|
set interface-select-method auto
|
|
end
|
|
config log fortianalyzer setting
|
|
set status enable
|
|
set ips-archive enable
|
|
set server "10.1.48.40"
|
|
set alt-server ''
|
|
set fallback-to-primary enable
|
|
set certificate-verification enable
|
|
set serial "FAZVMSTM22000402"
|
|
set server-cert-ca ''
|
|
set preshared-key ''
|
|
set access-config enable
|
|
set enc-algorithm high
|
|
set ssl-min-proto-version default
|
|
set conn-timeout 10
|
|
set monitor-keepalive-period 5
|
|
set monitor-failure-retry-period 5
|
|
set certificate ''
|
|
set source-ip "192.168.1.241"
|
|
set interface-select-method auto
|
|
set upload-option realtime
|
|
set reliable disable
|
|
set priority default
|
|
set max-log-rate 0
|
|
end
|
|
config log fortianalyzer2 setting
|
|
set status disable
|
|
end
|
|
config log fortianalyzer3 setting
|
|
set status disable
|
|
end
|
|
config log fortianalyzer-cloud setting
|
|
set status disable
|
|
end
|
|
config log fortianalyzer filter
|
|
set severity information
|
|
set forward-traffic enable
|
|
set local-traffic enable
|
|
set multicast-traffic enable
|
|
set sniffer-traffic enable
|
|
set ztna-traffic enable
|
|
set anomaly enable
|
|
set voip enable
|
|
set dlp-archive enable
|
|
set gtp enable
|
|
set forti-switch enable
|
|
end
|
|
config firewall ssh local-key
|
|
edit "g-Fortinet_SSH_RSA2048"
|
|
set password ENC rVlOUFFDUpbU8EZPmQnZRl2Ghf7N+7yJHCjm3Ht6p3OBvAkOrlQCOgXe9tvwjD3yAX3zbN7YeBKCxXIyCLeC8hBPB6T5G1k6/8v4GrI9zXpIe20qkJKRBbwFZ4WDtPJT8uxNeKimVTPigIyuyez5l7g113JAy969bVCafMoFp3oSxJ6p6x4h2DxX2mQ+LmzmrXdV2llmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBV/6oGox
|
|
s8r2NeX1aYozX/AAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhh
|
|
Q5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7
|
|
A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GK
|
|
hFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvC
|
|
HA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8z
|
|
OSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0vAAADwNY1Gj3rHBwaak
|
|
/XfAz6YK3kX+fEHOOzWTndUjw6DIoxsTMHZmi/LcesSRkvPMRyaNxuTO55as3pObXZGFqa
|
|
ZmMttSroXyNIiF8AdUCMkA1AZZqpD+S2FURxgLgVQdLFW4auM8wl6Ci55LGqnQYXDiJWSX
|
|
0yBEc1MuHmN0TH4JEW0kGAeWD8i5rCCD8i4J6thxMbtOBqBB5WDPcrBQHetw8cKWU5F2ee
|
|
2+SjVLKhoct25Uija7lsPAX3NXnTwfz9NK2j0jGZ34PVbUmfxfoV0ubBi76SasjBwfQ8DO
|
|
TV/buWY9I98HSV8271/HAW1WOSQ61XfgymKUQkeVH1Ybv4tz8wp9Kkzp+bX1tFtN1dSCwj
|
|
S4MpJKYsFLaFB2nlPiupaLtGk1bn4nKrlVQYfT679oo3vUKTfYcHPr6SDILBaM+EKL2AjU
|
|
2OEA6TlHZ4gZeo3gUgfg1Jgzt2OgG5SO79nlkRGvR1Gylc3XzaEMiN3WWhVqKy9V0ldPgO
|
|
kv3M+jlt2rJkmt4QtfASQftQKeVb7oiGNM0UM1hJnwVEGUCMpg53mcfjQ9hkB0fUYAVLz9
|
|
dgANa82ULxHi0HVGpfbqVBI6NdFJmw57bJoJljCfJQ+Wq5nRHkUawuuNXj7MOeGUBdxNug
|
|
qQ2sC9brktnF0TamT3WH8aRGC8B5Z1IQceoKlGHYLOnEDHUHtnQQACA1TD3XPeHHuy0U+x
|
|
5vMPAOX/ZR2DsFpvqF2FaRL17kMAoCxwzPUsjFq/Y5yu1My3f3XZjcXYa4Mg1MTqxnnzK8
|
|
QvKUbdmihaGyR/RWCfVsscE0IOZz3ETeGEGhEqJ5eGWeuAPZqki6I27JYLKkoZUQ8i8j/n
|
|
damYMauMsFEsJtg89urRF6KkH0NtrcXQYr4fPHYY0W/xMQkUesyarBh2n91D6RWYCt7Blp
|
|
7Yr15Ycc8cQ19ahNxCaQVZOH6/mkfJGVRWKJfhf1BtKD/ORoatbRflHde11dysy8BF1FxM
|
|
ZLnC2S2UcJxIDNP4tmSsSnpbfAGghSzNkAx3ibJ1ch+TkK61a3gCqW023qlT85bS21yii6
|
|
cBvcEA5qk37bJFMFD1/aazPMOrro0pI10i0ptssTEEpS310O9GHdUbM5djJEEb60pWQQK2
|
|
43G5JtJz1n5WCXacVPCq7otkhEQ+xf3Y8AXs54FGrgBrDC4FZsQLWgT49oLr8B6scDGRee
|
|
F3L1d65Jd4v0i2w7DFGKZBoZB5VvZpbgnwcQN41iWGdJp5c9/sEZd65vw9dFGIU+ql2lTl
|
|
5aoiXWbA==
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhhQ5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GKhFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvCHA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8zOSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0v"
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_DSA1024"
|
|
set password ENC I7KkjuwYrL5+2jjINlLSI22jnSuCKIqS81cpceQN8nR4MpNobRovKRk++/nZ/cwpWtObiQ+nzFUqKaiW53WoA20p/tJN8MHLaY3h9fkIBdaq0jpf9IwPF6sRFuybCw8qaEdT1/ks1rezlelAR/bucmksvyBjkG84TMh0xLkx7Cs63QBYxASuPaBe7Jiy+Mi0NaYaMFlmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCV7DL5b6
|
|
cQ4DFxLFfd9NBXAAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDho
|
|
KqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTq
|
|
a7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq
|
|
7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXk
|
|
jxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFR
|
|
XsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEe
|
|
P+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5
|
|
lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11G
|
|
wlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQAAAHgUeQzjFiceCe8Mfak
|
|
H97NypLIabuKsuXWYdK/YowIdC9ZVR0k2T28Zv+c3zNpLJfnm5pZnO4aX3VX98d5NlYarc
|
|
CuGS/xMjwxVuTo/FoJ5Pv3EUIvAO8i9JYPs+FGNkYQlbAQ+duxXUKVjGLBSID8zxQx/cz/
|
|
PAR1iwLkbXdJdO+NCgj81YIiwGG8YtSHHR0hYzf+Trb04p9sDwZWcBLBWEHDv7WW7ZH4t5
|
|
D8uGkNAlivP8VIdSYxtpMcGa52+LADwGh9/4nezEvcHRLogwc2pEQRGCNKdayXWBuYiplY
|
|
Yddz734+NQHkmyTZZ8UuoINM8fCfu8nu8MKGA0w1aFyBJMAMoHQMsPRdUNr9Jv/JeZcfht
|
|
N9cXibpgIzxC+DvnxUASnKbF+s5ry0L9KQWmZukfm9W4UMoBadgLRF7GwK0bgasacWiP+w
|
|
UPDXc5woeJgBWw2qOaC0Fq4tpoUndCni0IHrKwihZb0lqMBK1wTWSdXX1PDvAgD/dluttR
|
|
hoLJzECgbAT8hK6UYoCHbAFl854ZSCYbZE3ZqknMWMPrAx67VQkcfkoI+7vL4G60NdKPJ3
|
|
l9v1llo/eMY8StltYorKalr7PHu8cM1dpkvpfHTMJn1Ox78QXmbLP2kK57ChPm3s
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDhoKqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTqa7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXkjxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFRXsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEeP+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11GwlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQ="
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_ECDSA256"
|
|
set password ENC 87iJsrfPWtxbgSYghckUXGSXZw28uWo4K8Rgj3jb5KK8N7hTrVAEmbHdmhjjqWE69+qsdZwPS2GZNBzbnkIUdeMfpACl/yenWmsE+t+R+wdILG64evRu9P5jEfh2otfcL+yZ0L32igDKQI8FZ46m8dXc1E/UqRaWOvmPME/GtZRZ4HLtZ49gve11l1hcTgqe9DXn5FlmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDWswKzHl
|
|
aPj5eXaLmQWZXVAAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
|
|
dHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvK
|
|
y7MHqF8ARHi1glc6RSoarryTUQuCIAAACg4SS+EPsp+ZqCTFN7GvtH9z9bU4OTN6G1Bfdv
|
|
vrru+xqPzixqYvUAvgqwvNnrtkq6NVCx5QANnxBGdnJNrUckZTw6f6KBUoVKF78fRBMYWe
|
|
JsOBJ1uJujShmxSiEGSyFYcXhCCq8Fy9goi1VpuAn3EXi8ymij6j+iqlU9+kIsbNTuZqd8
|
|
zolTGUvO8QIuzpzl2VK47Y8KnDwmXaEhwYPbPA==
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvKy7MHqF8ARHi1glc6RSoarryTUQuCI="
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_ECDSA384"
|
|
set password ENC KDr6L1pQes9OVDcSCSeRNq9DLXq+N5RWsO3vIQKIhR359lnmI2ToTYB51HMVGbiwvX+pMeJ/iKfISntASzNY3cgXPPKqZXzfd1rWEc4c6NgcBnQYEwiwY+B7lSQ8ApE02EBW7axOFHv/o9bCMqZZjMIfTsD6Djim1MvoG+sCG200Wd7CBAOo01O+XsJQbU9wA7hsHVlmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDbSYBuM2
|
|
11IfFhYCRE5sRQAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
|
|
dHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMj
|
|
U5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXx
|
|
dgAAANCGkPrVLVn6hc/M4lCGoZ1nFz57gA+8Kzl0cAXL4UAJHZPOuNI6C137KbjNlxsGQc
|
|
YwFFKpDU23zcQyWbUkqydmggO+czct9o3kAU6WVK3RlGs9lhI6eeT7Z2FBRm0DISCXgi3c
|
|
JETaHXDDeMYB5WWDuNut2ex/qtWiv93xxm9JBgv113GdAYaD1+s1wsFWQgq40gOVFtLpJT
|
|
7ck+uCjfgkvj0u0EHgSCHCl/FYin5tH2mAS9yz1kKW2EsUzufEBU9roWaBgUuZszrWsX7T
|
|
Uzjs
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMjU5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXxdg=="
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_ECDSA521"
|
|
set password ENC soU2U2z7zJG4vlFB3CH9lBFh/l9S1v5IVTu/WUjBm6he93ssVls38xSD55/Hy9dUDPoV6WTveBSsZKX6ObJA/KLPzogqEuPEQ/RqYJfI/IEfF5kDSNaaJaGRPDrb2kbKeEFLxgFpWbtO5QzMROg9qRh7YU48fLJGn4zTwxw0agF0WP8qbdsxiCIsPBmMwrT5YAjW31lmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBDVO8Ujp
|
|
OpeKLIgEatpDJnAAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
|
|
dHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdF
|
|
t5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+K
|
|
HPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RAAAAQCJDmDSUGShG163fq
|
|
XABvww6uZX6RKPV0hve3T9e8VwFWeqjKegGTEP3q4bhXErJ20Ur1oqyQh1a2rf95VXHkoL
|
|
W9dGf9c09ifXDYVHMtUto1M0S2T+szFRr0fnAtLsvmeUM5GUlB07Kin+VKmycHZiB1bF0z
|
|
vIKMBi3KLMXtAUevSvKyruI7YiKqD4CwSvULU73zoziGh0jhUNVpzBdK9pNZHdUMVtxTrX
|
|
a9gu13ZGVvPGyrRuDsvQMks6L7KIIKF0W0vRBY6AOvy3A2GNrLrdkHj2jy8fzcyZwWkt+b
|
|
azdh/FrGRZTDTro6CDeF92cjGixeU26B2se812bLw/U2It
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdFt5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+KHPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RA=="
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_ED25519"
|
|
set password ENC bvrvVlw407GMGujqnX/ALiprZ+aPmK270EMJ5KKnwtVfKp0vgGe2hYeskutXyJPcQy96sQdA27NmQoby6TSAioauWwJPT0FFja3yZnXEa0t0O82cFKfnfFiWNM/lkio6EICVObTRLG4u0OHDh383SVKBnwFoWHCg2p7T4m9ZxCrDrsvYsEC1PF7wnoSsfIfWeNlRqllmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAg8FF7ts
|
|
9O5tOD/3vfMgwHAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd
|
|
3JUEAvHnugjOGiXz5Puxg/8YfanOAAAAkBccPI9Dq/7BCMcTVUE9z4ybcOVMlI+53gfr+g
|
|
p67zVLKHPX96XSk/XQBKLjKJ6PSLl9UuEE4MP40LjlSH6U7DlQc3+Kbw8ijV0SbLgH3tV3
|
|
8sXLY4Q3xZCI9VROo82lN2NZfSBk90A5+SahMizkr/M25+OjcLWgkxmzz1t08sjfIt4ZsH
|
|
60nNsm7lppl/WZJw==
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd3JUEAvHnugjOGiXz5Puxg/8YfanO"
|
|
set source built-in
|
|
next
|
|
end
|
|
config firewall ssh local-ca
|
|
edit "g-Fortinet_SSH_CA"
|
|
set password ENC nWOR3lwW3NpCTJs7ighQ7ZM+7sZPJhwFRPAoRohyCyaY8WZXul5WvIzvsBsdOAuQtl0d9u9V5L6uAvu3+WFIGZA0/fAVCLcKN2IcX+kmIZTBbhokWA2OQ0mEEvEFbSuQgACAJWEpb/2P5vYiblK7OCHaiYoigZv9XNPthfA13cNgeFw8WMknkftZVPtweGlgp5KhdFlmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAZX89z8D
|
|
GkPICCVmUOqFHzAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAAC
|
|
NC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+U
|
|
ZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGP
|
|
E/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7A
|
|
TB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIa
|
|
Mk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9AAADwGnQQNm4H/LBQ9
|
|
Gr4hdGE5Aat0klop3XgTQRD8Z1YDr9ukmYdLJQF6o1f+eIAl8S2C+pgU8gPHWhJyGohG3A
|
|
SzK82bz602VrHPrDQoWS3judXppJ+A1NTxtwXXM7KmxZJyfxBkaTkgIljysEGbvJuGivGF
|
|
NU8kAwZBAgeK0JiuaI4DqQGoe0mYcaZmdHiXkD+5csUDGya5aJjlo75sbbP4A+f4SisAjp
|
|
J0myeXeb6XO1ihGbuVOk5bPWD00LPmYf/5ANCAyA2J/Df/5E4gdhpQc8aLAYf5kQLBiGgw
|
|
/Y4TGBWuMIgKtTxPku0mHZb3AZbKNfli6yT0nJguouUhI1rfkqHJOW4XlkESr8F9uEtZlm
|
|
POVsoCIGehjvUInBe7r40nQAb04LZ6GmWqZHX40fupFU4La4522c1o28r1qgu9h6mxq68i
|
|
wYIfaOxRQR0xKoHLV9UjcX7MDo2lMOl31hBL6wbm/SuvoOfbr3x5Ouf0aw1GA71IFMSfHn
|
|
coDAW3V7kF1ejFCFEkddzj/0zpZUXf+blCQPG5UIWmb4qjKCsrrzLHUyx/G3d0UHpTK0Ih
|
|
FZgzYUn5kX6ImlsHwOptqtoJYPeqVHZ+kK7pSSgz0M4IEmdBC1ABtaXe3uvl6KhkFlymFu
|
|
yrbWSCtyW227l3jwcQj3ZRosp2mqB37VZSvEhw9QQbfgfv7f0a5Jnhgbct5L4f66HhZfhU
|
|
Eb/L42SC4TkxPrl0ZSQ/UPOXSQUlHOGCIiVQT164rlGNDnOc7WrwtuZ+CpgrjdrRglCrsX
|
|
r4eOf/MjSGbXEjShqg2F+C75s90/ogXAB2q0Cyv1ykbB7c3ljmwtvC8P5XKhzdA2tV5YL9
|
|
4nLkzs3yQhQzszVGBtFonAGlVqz45evYGUpGULc7YUaUb5lJ52ypstknwJGxtHVzhCoppU
|
|
Jhuki0jbsOpoCOVHoVTpmShxdW62tStFEWTffSHQKJglOGXV65nb5REuZadBBI+BGEPv1N
|
|
lxICgxDdjH1nQle6g++odOcIGx3yxYCpCPnRXpO0iTmqMBC0MB+om7fx2fJLcDMrPmBflK
|
|
nBvGLdD0yxYnUzJieKyYkRmR2U+yVdLaqKA/Tk2l6W3ZYDqtnxjMsEGjFUyhF64KdRia6R
|
|
mCM9FbLZJ/F/CboBk/l1xk+yHK50bt5r8eUTbo82Sd5IzveQ57C0bR446AlW9hQuFHquZu
|
|
wbZ+sz590wvdYXi/AfdljEKuXrHEYncXYrYLtasQ0BQHAcE/hQBHSFrkI9qVicXRlCPaXP
|
|
pqdp+YAw==
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAACNC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+UZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGPE/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7ATB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIaMk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9"
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_CA_Untrusted"
|
|
set password ENC wYG/9uSVhIak2yVQJA7ckSvgjZhpZZE3zEw6bsb/cTwUTA+dVSjFvPUJjO3In45v17ZFIk8x759+ZEo43wphLG1BXjpJuLJW8AB1Aos+uRq2QMQOWMYhRaqEDCEg53Y89Ogxokwipt1dLXnNSd5KJhScpE/KdZyIu/A6+G0VOnr2m7TgxuIUhMKgipe00Rqu2789DllmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCQTdPzMa
|
|
0vRUCkbWP2fbZGAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9
|
|
RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lE
|
|
ZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eU
|
|
iw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFG
|
|
Xi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mv
|
|
NVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZlAAADwMYPhQ4qitkI6G
|
|
hq4Dfuzz6gmftmbuxj565Fztt4KA8I0LZ9ySrt4LtLdmQVOcQJ2SfmnA+1DtL4c9bEOLSx
|
|
zsEg1ooHPkruFcj2eJr2flQKYbLZLAe6Xn81wIO3qIPuAT0Fpb5vm9gzX8rirXNnHbo6sy
|
|
QXikdWDawL4rlqpRaecBKzcTSatgIz1OIv3TPm4JoJrObH10a8C3JEB/Y5f+/2P3fyi/PB
|
|
FVYl8VXiiNzzZhsJgFH64H8s2oK3ktD8of3u7zAmIj1NwT4f/81QY5I5Tiq2vsWJwv3yen
|
|
pRGf+dDVt1QMuSOF7RBPY6nFe9pr4OTeamO6mQ0DTFyssEd5yp5I+Omwzge+1WJuf9ldP2
|
|
wZRLoaNWNSVS6zUFtaNTFP8PKzRnWRl46dwS8R1hBcfMEtx+84TFKtgc71tH0/xDkHVboc
|
|
KVwPGbzyO6ESjNNaXJDdF/U4KEKYGa6kCSBU+fdg+2aKzr6yEM9rB27BBaqXa6Nxgc0oTK
|
|
w9BqZe23dP3wUmdX+HWkWXcHb+LHB2Z08h/fqgV91zJ9SM9bRGf6jh+sPL6Ifjcv1ymeRs
|
|
9uAbP/qDh+cRcF0/hKByY/zqnROlEgxSxGqakDLtEVDuKmG9eK2RjEBrHrLtdQJC7AbTMu
|
|
t6HUNp/9Cpwm5TB/jDb0etscB+h15FHGlXhsnXiDzDC2eUxpOELQCXWIbh8ONlRGl1ZmW2
|
|
rAMRWlAKxKwwUaNjJOxK4bqWkAFZG+9m9jYJKi4a1vOCgGNLsubLVY8WMMEAb3abbRgWaU
|
|
WIKp6PJR4ZSZTYuh9aJ3OneEy1DB9zURTV8cgh9UrALDwGT2GdjTHzKCFL+1UivpQ/gsSY
|
|
EeMdNmsLvxUSzmWF6btw/F8iX0tjflRkkHlicHvqe031yH9AEYpaHhSTg4wpLf7l4rvZRP
|
|
2/D/qL+ME91UAdG8vxGiIW+Urd9lCYD1+y013zRKBt9miPBzzX62LX9JXUvghfXPRacUXM
|
|
WgHjUBzcvKxUYeevh64FiDlnZ1omvlDlPYsfd67pyr0BWa8UwppdCRKAUYIb/ux2q7Ae5s
|
|
0hcVtBwKEvf/YLi8jdVWEYQKQLBaMj0hMLgNcZA8YVNUySpHe8bzm7FlmeSvPQD9t6Cpie
|
|
2jorGg+aR5MODJGKXIvAoLQ/IInwUS2NgwP+/vh74Tp5ryWTUE+svsrpQo6i8qZKCisngW
|
|
tvmxChpPCh54mbqvYlKAVs4MfO9ZZRV8NqIzU2FlL2STAmjRLMA+sr9HlPbXrXD6Xqf2VS
|
|
att5Ib/Q==
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lEZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eUiw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFGXi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mvNVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZl"
|
|
set source built-in
|
|
next
|
|
end
|
|
config firewall ssl setting
|
|
set proxy-connect-timeout 30
|
|
set ssl-dh-bits 2048
|
|
set ssl-send-empty-frags enable
|
|
set no-matching-cipher-action bypass
|
|
set cert-cache-capacity 200
|
|
set cert-cache-timeout 10
|
|
set session-cache-capacity 500
|
|
set session-cache-timeout 20
|
|
set kxp-queue-threshold 16
|
|
set ssl-queue-threshold 32
|
|
set abbreviate-handshake enable
|
|
end
|
|
config firewall ipv6-eh-filter
|
|
set hop-opt disable
|
|
set dest-opt disable
|
|
set routing enable
|
|
set routing-type 0
|
|
set fragment disable
|
|
set auth disable
|
|
set no-next disable
|
|
end
|
|
config firewall global
|
|
set banned-ip-persistency disabled
|
|
end
|
|
config system speed-test-setting
|
|
set latency-threshold 60
|
|
set multiple-tcp-stream 4
|
|
end
|
|
config dlp settings
|
|
set storage-device ''
|
|
set size 16
|
|
set db-mode stop-adding
|
|
set cache-mem-percent 2
|
|
set chunk-size 2800
|
|
end
|
|
config system standalone-cluster
|
|
set standalone-group-id 0
|
|
set group-member-id 0
|
|
set layer2-connection unavailable
|
|
unset session-sync-dev
|
|
set encryption disable
|
|
set asymmetric-traffic-control cps-preferred
|
|
config cluster-peer
|
|
end
|
|
end
|
|
config switch-controller system
|
|
set parallel-process-override disable
|
|
set data-sync-interval 60
|
|
set iot-weight-threshold 1
|
|
set iot-scan-interval 60
|
|
set iot-holdoff 5
|
|
set iot-mac-idle 1440
|
|
set nac-periodic-interval 60
|
|
set dynamic-periodic-interval 60
|
|
set tunnel-mode compatible
|
|
set caputp-echo-interval 30
|
|
set caputp-max-retransmit 5
|
|
end
|
|
config wireless-controller timers
|
|
set echo-interval 30
|
|
set nat-session-keep-alive 0
|
|
set discovery-interval 5
|
|
set client-idle-timeout 300
|
|
set client-idle-rehome-timeout 20
|
|
set auth-timeout 5
|
|
set rogue-ap-log 0
|
|
set fake-ap-log 1
|
|
set sta-cap-cleanup 0
|
|
set rogue-ap-cleanup 0
|
|
set rogue-sta-cleanup 0
|
|
set ble-device-cleanup 60
|
|
set sta-stats-interval 10
|
|
set vap-stats-interval 15
|
|
set radio-stats-interval 15
|
|
set sta-capability-interval 30
|
|
set sta-locate-timer 1800
|
|
set ipsec-intf-cleanup 120
|
|
set ble-scan-report-intv 30
|
|
set drma-interval 60
|
|
set ap-reboot-wait-interval1 0
|
|
set ap-reboot-wait-time ''
|
|
set ap-reboot-wait-interval2 0
|
|
end
|
|
config emailfilter fortishield
|
|
set spam-submit-srv "www.nospammer.net"
|
|
set spam-submit-force enable
|
|
set spam-submit-txt2htm enable
|
|
end
|
|
config emailfilter options
|
|
set dns-timeout 7
|
|
end
|
|
config system fortiguard
|
|
set fortiguard-anycast disable
|
|
set protocol udp
|
|
set port 53
|
|
set load-balance-servers 1
|
|
set update-server-location usa
|
|
set sandbox-region ''
|
|
set update-ffdb enable
|
|
set update-uwdb enable
|
|
set update-dldb enable
|
|
set update-extdb enable
|
|
set update-build-proxy enable
|
|
set vdom ''
|
|
set auto-firmware-upgrade disable
|
|
unset auto-firmware-upgrade-day
|
|
set auto-firmware-upgrade-delay 3
|
|
set auto-firmware-upgrade-start-hour 1
|
|
set auto-firmware-upgrade-end-hour 4
|
|
set FDS-license-expiring-days 15
|
|
set antispam-force-off disable
|
|
set antispam-cache enable
|
|
set antispam-cache-ttl 1800
|
|
set antispam-cache-mpermille 1
|
|
set antispam-timeout 7
|
|
set outbreak-prevention-force-off disable
|
|
set outbreak-prevention-cache enable
|
|
set outbreak-prevention-cache-ttl 300
|
|
set outbreak-prevention-cache-mpermille 1
|
|
set outbreak-prevention-timeout 7
|
|
set webfilter-force-off disable
|
|
set webfilter-cache enable
|
|
set webfilter-cache-ttl 3600
|
|
set webfilter-timeout 15
|
|
set sdns-server-ip "208.91.112.220" "173.243.140.53" "210.7.96.53"
|
|
set sdns-server-port 53
|
|
unset sdns-options
|
|
set source-ip 0.0.0.0
|
|
set source-ip6 ::
|
|
set proxy-server-ip ''
|
|
set proxy-server-port 0
|
|
set proxy-username ''
|
|
set proxy-password ENC hMrRv19+1rNdDmr0ePZmlLt/8aktTitE+YvLITo7uF3nf/3aJHeHUm5rA5f10EWcC57hBfO0+3e2AInswU22hcava3Aoz1lgHH9/9dy4hcQ82+2nH7qDFrkOuCWY0jTW3L115W1z62LRIoK3A6+gVk8uTeg6oLhz6kspi+Pxi+00OJSjnvR7xEnkzW7yIF1esa1TJVlmMjY3dkVA
|
|
set ddns-server-ip 0.0.0.0
|
|
set ddns-server-ip6 ::
|
|
set ddns-server-port 443
|
|
set interface-select-method auto
|
|
end
|
|
config endpoint-control fctems
|
|
edit 1
|
|
set status disable
|
|
set name ''
|
|
set dirty-reason none
|
|
set fortinetone-cloud-authentication disable
|
|
set server ''
|
|
set https-port 443
|
|
set serial-number ''
|
|
set tenant-id ''
|
|
set source-ip 0.0.0.0
|
|
set pull-sysinfo disable
|
|
set pull-vulnerabilities disable
|
|
set pull-avatars disable
|
|
set pull-tags disable
|
|
set pull-malware-hash disable
|
|
unset capabilities
|
|
set call-timeout 30
|
|
set out-of-sync-threshold 180
|
|
set send-tags-to-all-vdoms disable
|
|
set websocket-override disable
|
|
set preserve-ssl-session disable
|
|
set interface-select-method auto
|
|
set trust-ca-cn enable
|
|
set verifying-ca ''
|
|
next
|
|
edit 2
|
|
set status disable
|
|
set name ''
|
|
set dirty-reason none
|
|
set fortinetone-cloud-authentication disable
|
|
set server ''
|
|
set https-port 443
|
|
set serial-number ''
|
|
set tenant-id ''
|
|
set source-ip 0.0.0.0
|
|
set pull-sysinfo enable
|
|
set pull-vulnerabilities enable
|
|
set pull-avatars enable
|
|
set pull-tags enable
|
|
set pull-malware-hash enable
|
|
unset capabilities
|
|
set call-timeout 30
|
|
set out-of-sync-threshold 180
|
|
set send-tags-to-all-vdoms disable
|
|
set websocket-override disable
|
|
set preserve-ssl-session disable
|
|
set interface-select-method auto
|
|
set trust-ca-cn enable
|
|
set verifying-ca ''
|
|
next
|
|
edit 3
|
|
set status disable
|
|
set name ''
|
|
set dirty-reason none
|
|
set fortinetone-cloud-authentication disable
|
|
set server ''
|
|
set https-port 443
|
|
set serial-number ''
|
|
set tenant-id ''
|
|
set source-ip 0.0.0.0
|
|
set pull-sysinfo enable
|
|
set pull-vulnerabilities enable
|
|
set pull-avatars enable
|
|
set pull-tags enable
|
|
set pull-malware-hash enable
|
|
unset capabilities
|
|
set call-timeout 30
|
|
set out-of-sync-threshold 180
|
|
set send-tags-to-all-vdoms disable
|
|
set websocket-override disable
|
|
set preserve-ssl-session disable
|
|
set interface-select-method auto
|
|
set trust-ca-cn enable
|
|
set verifying-ca ''
|
|
next
|
|
edit 4
|
|
set status disable
|
|
set name ''
|
|
set dirty-reason none
|
|
set fortinetone-cloud-authentication disable
|
|
set server ''
|
|
set https-port 443
|
|
set serial-number ''
|
|
set tenant-id ''
|
|
set source-ip 0.0.0.0
|
|
set pull-sysinfo enable
|
|
set pull-vulnerabilities enable
|
|
set pull-avatars enable
|
|
set pull-tags enable
|
|
set pull-malware-hash enable
|
|
unset capabilities
|
|
set call-timeout 30
|
|
set out-of-sync-threshold 180
|
|
set send-tags-to-all-vdoms disable
|
|
set websocket-override disable
|
|
set preserve-ssl-session disable
|
|
set interface-select-method auto
|
|
set trust-ca-cn enable
|
|
set verifying-ca ''
|
|
next
|
|
edit 5
|
|
set status disable
|
|
set name ''
|
|
set dirty-reason none
|
|
set fortinetone-cloud-authentication disable
|
|
set server ''
|
|
set https-port 443
|
|
set serial-number ''
|
|
set tenant-id ''
|
|
set source-ip 0.0.0.0
|
|
set pull-sysinfo enable
|
|
set pull-vulnerabilities enable
|
|
set pull-avatars enable
|
|
set pull-tags enable
|
|
set pull-malware-hash enable
|
|
unset capabilities
|
|
set call-timeout 30
|
|
set out-of-sync-threshold 180
|
|
set send-tags-to-all-vdoms disable
|
|
set websocket-override disable
|
|
set preserve-ssl-session disable
|
|
set interface-select-method auto
|
|
set trust-ca-cn enable
|
|
set verifying-ca ''
|
|
next
|
|
edit 6
|
|
set status disable
|
|
set name ''
|
|
set dirty-reason none
|
|
set fortinetone-cloud-authentication disable
|
|
set server ''
|
|
set https-port 443
|
|
set serial-number ''
|
|
set tenant-id ''
|
|
set source-ip 0.0.0.0
|
|
set pull-sysinfo enable
|
|
set pull-vulnerabilities enable
|
|
set pull-avatars enable
|
|
set pull-tags enable
|
|
set pull-malware-hash enable
|
|
unset capabilities
|
|
set call-timeout 30
|
|
set out-of-sync-threshold 180
|
|
set send-tags-to-all-vdoms disable
|
|
set websocket-override disable
|
|
set preserve-ssl-session disable
|
|
set interface-select-method auto
|
|
set trust-ca-cn enable
|
|
set verifying-ca ''
|
|
next
|
|
edit 7
|
|
set status disable
|
|
set name ''
|
|
set dirty-reason none
|
|
set fortinetone-cloud-authentication disable
|
|
set server ''
|
|
set https-port 443
|
|
set serial-number ''
|
|
set tenant-id ''
|
|
set source-ip 0.0.0.0
|
|
set pull-sysinfo enable
|
|
set pull-vulnerabilities enable
|
|
set pull-avatars enable
|
|
set pull-tags enable
|
|
set pull-malware-hash enable
|
|
unset capabilities
|
|
set call-timeout 30
|
|
set out-of-sync-threshold 180
|
|
set send-tags-to-all-vdoms disable
|
|
set websocket-override disable
|
|
set preserve-ssl-session disable
|
|
set interface-select-method auto
|
|
set trust-ca-cn enable
|
|
set verifying-ca ''
|
|
next
|
|
end
|
|
config ips global
|
|
set fail-open disable
|
|
set database extended
|
|
set traffic-submit disable
|
|
set anomaly-mode continuous
|
|
set session-limit-mode heuristic
|
|
set socket-size 128
|
|
set engine-count 0
|
|
set sync-session-ttl enable
|
|
set np-accel-mode basic
|
|
set ips-reserve-cpu disable
|
|
set cp-accel-mode advanced
|
|
set deep-app-insp-timeout 0
|
|
set deep-app-insp-db-limit 0
|
|
set exclude-signatures ot
|
|
set packet-log-queue-depth 128
|
|
set ngfw-max-scan-range 4096
|
|
set av-mem-limit 0
|
|
config tls-active-probe
|
|
set interface-select-method auto
|
|
end
|
|
end
|
|
config system email-server
|
|
set type custom
|
|
set server "fortinet-notifications.com"
|
|
set port 465
|
|
set source-ip 0.0.0.0
|
|
set source-ip6 ::
|
|
set authenticate disable
|
|
set validate-server disable
|
|
set security smtps
|
|
set ssl-min-proto-version default
|
|
set interface-select-method auto
|
|
end
|
|
config system session-helper
|
|
edit 1
|
|
set name pptp
|
|
set protocol 6
|
|
set port 1723
|
|
next
|
|
edit 2
|
|
set name h323
|
|
set protocol 6
|
|
set port 1720
|
|
next
|
|
edit 3
|
|
set name ras
|
|
set protocol 17
|
|
set port 1719
|
|
next
|
|
edit 4
|
|
set name tns
|
|
set protocol 6
|
|
set port 1521
|
|
next
|
|
edit 5
|
|
set name tftp
|
|
set protocol 17
|
|
set port 69
|
|
next
|
|
edit 6
|
|
set name rtsp
|
|
set protocol 6
|
|
set port 554
|
|
next
|
|
edit 7
|
|
set name rtsp
|
|
set protocol 6
|
|
set port 7070
|
|
next
|
|
edit 8
|
|
set name rtsp
|
|
set protocol 6
|
|
set port 8554
|
|
next
|
|
edit 9
|
|
set name ftp
|
|
set protocol 6
|
|
set port 21
|
|
next
|
|
edit 10
|
|
set name mms
|
|
set protocol 6
|
|
set port 1863
|
|
next
|
|
edit 11
|
|
set name pmap
|
|
set protocol 6
|
|
set port 111
|
|
next
|
|
edit 12
|
|
set name pmap
|
|
set protocol 17
|
|
set port 111
|
|
next
|
|
edit 14
|
|
set name dns-udp
|
|
set protocol 17
|
|
set port 53
|
|
next
|
|
edit 15
|
|
set name rsh
|
|
set protocol 6
|
|
set port 514
|
|
next
|
|
edit 16
|
|
set name rsh
|
|
set protocol 6
|
|
set port 512
|
|
next
|
|
edit 17
|
|
set name dcerpc
|
|
set protocol 6
|
|
set port 135
|
|
next
|
|
edit 18
|
|
set name dcerpc
|
|
set protocol 17
|
|
set port 135
|
|
next
|
|
edit 19
|
|
set name mgcp
|
|
set protocol 17
|
|
set port 2427
|
|
next
|
|
edit 20
|
|
set name mgcp
|
|
set protocol 17
|
|
set port 2727
|
|
next
|
|
end
|
|
config system fips-cc
|
|
end
|
|
config system tos-based-priority
|
|
end
|
|
config system dscp-based-priority
|
|
end
|
|
config system probe-response
|
|
set mode none
|
|
end
|
|
config system lte-modem
|
|
set status disable
|
|
set extra-init ''
|
|
set authtype none
|
|
set apn ''
|
|
set modem-port 255
|
|
end
|
|
config system auto-install
|
|
set auto-install-config enable
|
|
set auto-install-image enable
|
|
set default-config-file "fgt_system.conf"
|
|
set default-image-file "image.out"
|
|
end
|
|
config system console
|
|
set output standard
|
|
set login enable
|
|
set fortiexplorer enable
|
|
end
|
|
config system ntp
|
|
set ntpsync enable
|
|
set type custom
|
|
set syncinterval 5
|
|
config ntpserver
|
|
edit 1
|
|
set server "10.1.1.2"
|
|
set ntpv3 disable
|
|
set authentication disable
|
|
set ip-type Both
|
|
set interface-select-method auto
|
|
next
|
|
edit 2
|
|
set server "10.1.1.3"
|
|
set ntpv3 disable
|
|
set authentication disable
|
|
set ip-type Both
|
|
set interface-select-method auto
|
|
next
|
|
end
|
|
set source-ip 0.0.0.0
|
|
set source-ip6 ::
|
|
set server-mode disable
|
|
end
|
|
config system smc-ntp
|
|
set ntpsync disable
|
|
set syncinterval 60
|
|
set channel 5
|
|
end
|
|
config system vdom-radius-server
|
|
end
|
|
config system ftm-push
|
|
set proxy enable
|
|
set interface ''
|
|
set server ''
|
|
set server-port 4433
|
|
set server-cert "Fortinet_GUI_Server"
|
|
set status disable
|
|
end
|
|
config system geoip-override
|
|
end
|
|
config system fortisandbox
|
|
set status disable
|
|
set email ''
|
|
end
|
|
config system fortindr
|
|
set status disable
|
|
end
|
|
config system vdom-exception
|
|
end
|
|
config system csf
|
|
set status disable
|
|
set forticloud-account-enforcement enable
|
|
end
|
|
config automation setting
|
|
set max-concurrent-stitches 512
|
|
set fabric-sync enable
|
|
end
|
|
config system automation-trigger
|
|
edit "Network Down"
|
|
set description ''
|
|
set trigger-type event-based
|
|
set event-type event-log
|
|
set logid 20099
|
|
config fields
|
|
edit 1
|
|
set name "status"
|
|
set value "DOWN"
|
|
next
|
|
end
|
|
next
|
|
edit "HA Failover"
|
|
set description ''
|
|
set trigger-type event-based
|
|
set event-type ha-failover
|
|
next
|
|
edit "Reboot"
|
|
set description ''
|
|
set trigger-type event-based
|
|
set event-type reboot
|
|
next
|
|
edit "FortiAnalyzer Connection Down"
|
|
set description ''
|
|
set trigger-type event-based
|
|
set event-type event-log
|
|
set logid 22902
|
|
next
|
|
edit "License Expired Notification"
|
|
set description ''
|
|
set trigger-type event-based
|
|
set event-type license-near-expiry
|
|
set license-type any
|
|
next
|
|
edit "Compromised Host Quarantine"
|
|
set description ''
|
|
set trigger-type event-based
|
|
set event-type ioc
|
|
next
|
|
edit "Incoming Webhook Call"
|
|
set description ''
|
|
set trigger-type event-based
|
|
set event-type incoming-webhook
|
|
next
|
|
edit "Security Rating Notification"
|
|
set description ''
|
|
set trigger-type event-based
|
|
set event-type security-rating-summary
|
|
set report-type posture
|
|
next
|
|
edit "Local Cert Expired Notification"
|
|
set description "Default automation trigger configuration for when a local certificate is near expiration."
|
|
set trigger-type event-based
|
|
set event-type local-cert-near-expiry
|
|
next
|
|
edit "Compromised Host"
|
|
set description "An incident of compromise has been detected on a host endpoint."
|
|
set trigger-type event-based
|
|
set event-type ioc
|
|
next
|
|
edit "Any Security Rating Notification"
|
|
set description "A security rating summary report has been generated."
|
|
set trigger-type event-based
|
|
set event-type security-rating-summary
|
|
set report-type posture
|
|
next
|
|
edit "AV & IPS DB update"
|
|
set description "The antivirus and IPS database has been updated."
|
|
set trigger-type event-based
|
|
set event-type virus-ips-db-updated
|
|
next
|
|
edit "Configuration Change"
|
|
set description "An administrator\'s session that changed a FortiGate\'s configuration has ended."
|
|
set trigger-type event-based
|
|
set event-type config-change
|
|
next
|
|
edit "Conserve Mode"
|
|
set description "A FortiGate has entered conserve mode due to low memory."
|
|
set trigger-type event-based
|
|
set event-type low-memory
|
|
next
|
|
edit "High CPU"
|
|
set description "A FortiGate has high CPU usage."
|
|
set trigger-type event-based
|
|
set event-type high-cpu
|
|
next
|
|
edit "License Expiry"
|
|
set description "A FortiGate license is near expiration."
|
|
set trigger-type event-based
|
|
set event-type license-near-expiry
|
|
set license-type any
|
|
next
|
|
edit "Anomaly Logs"
|
|
set description "An anomalous event has occurred."
|
|
set trigger-type event-based
|
|
set event-type anomaly-logs
|
|
next
|
|
edit "IPS Logs"
|
|
set description "An IPS event has occurred."
|
|
set trigger-type event-based
|
|
set event-type ips-logs
|
|
next
|
|
edit "SSH Logs"
|
|
set description "A SSH event has occurred."
|
|
set trigger-type event-based
|
|
set event-type ssh-logs
|
|
next
|
|
edit "Traffic Violation"
|
|
set description "A traffic policy has been violated."
|
|
set trigger-type event-based
|
|
set event-type traffic-violation
|
|
next
|
|
edit "Virus Logs"
|
|
set description "A virus event has occurred."
|
|
set trigger-type event-based
|
|
set event-type virus-logs
|
|
next
|
|
edit "Webfilter Violation"
|
|
set description "A webfilter policy has been violated."
|
|
set trigger-type event-based
|
|
set event-type webfilter-violation
|
|
next
|
|
edit "Admin Login"
|
|
set description "A FortiOS event with specified log ID has occurred."
|
|
set trigger-type event-based
|
|
set event-type event-log
|
|
set logid 32001
|
|
next
|
|
edit "Local Certificate Expiry"
|
|
set description "A local certificate is near expiration."
|
|
set trigger-type event-based
|
|
set event-type local-cert-near-expiry
|
|
next
|
|
edit "Auto Firmware upgrade"
|
|
set description "Automatic firmware upgrade."
|
|
set trigger-type event-based
|
|
set event-type event-log
|
|
set logid 22094 22095 32263
|
|
next
|
|
end
|
|
config system automation-condition
|
|
end
|
|
config system automation-action
|
|
edit "Network Down_email"
|
|
set description ''
|
|
set action-type email
|
|
set forticare-email disable
|
|
set email-from ''
|
|
set email-subject "Network Down"
|
|
set minimum-interval 0
|
|
set message "%%log%%"
|
|
set replacement-message disable
|
|
next
|
|
edit "HA Failover_email"
|
|
set description ''
|
|
set action-type email
|
|
set forticare-email disable
|
|
set email-from ''
|
|
set email-subject "HA Failover"
|
|
set minimum-interval 0
|
|
set message "%%log%%"
|
|
set replacement-message disable
|
|
next
|
|
edit "Reboot_email"
|
|
set description ''
|
|
set action-type email
|
|
set forticare-email disable
|
|
set email-from ''
|
|
set email-subject "Reboot"
|
|
set minimum-interval 0
|
|
set message "%%log%%"
|
|
set replacement-message disable
|
|
next
|
|
edit "FortiAnalyzer Connection Down_ios-notification"
|
|
set description ''
|
|
set action-type fortiexplorer-notification
|
|
set minimum-interval 0
|
|
next
|
|
edit "License Expired Notification_ios-notification"
|
|
set description ''
|
|
set action-type fortiexplorer-notification
|
|
set minimum-interval 0
|
|
next
|
|
edit "Security Rating Notification_ios-notification"
|
|
set description ''
|
|
set action-type fortiexplorer-notification
|
|
set minimum-interval 0
|
|
next
|
|
edit "Compromised Host Quarantine_quarantine"
|
|
set description ''
|
|
set action-type quarantine
|
|
next
|
|
edit "Compromised Host Quarantine_quarantine-forticlient"
|
|
set description ''
|
|
set action-type quarantine-forticlient
|
|
next
|
|
edit "Reboot FortiGate"
|
|
set description "Default automation action configuration for rebooting this FortiGate unit."
|
|
set action-type system-actions
|
|
set system-action reboot
|
|
set minimum-interval 300
|
|
next
|
|
edit "Shutdown FortiGate"
|
|
set description "Default automation action configuration for shuting down this FortiGate unit."
|
|
set action-type system-actions
|
|
set system-action shutdown
|
|
set minimum-interval 0
|
|
next
|
|
edit "Backup Config Disk"
|
|
set description "Default automation action configuration for backing up the configuration on disk."
|
|
set action-type system-actions
|
|
set system-action backup-config
|
|
set minimum-interval 0
|
|
next
|
|
edit "Access Layer Quarantine"
|
|
set description "Quarantine the MAC address on access layer devices (FortiSwitch and FortiAP)."
|
|
set action-type quarantine
|
|
next
|
|
edit "FortiClient Quarantine"
|
|
set description "Use FortiClient EMS to quarantine the endpoint device."
|
|
set action-type quarantine-forticlient
|
|
next
|
|
edit "FortiNAC Quarantine"
|
|
set description "Use FortiNAC to quarantine the endpoint device."
|
|
set action-type quarantine-fortinac
|
|
next
|
|
edit "IP Ban"
|
|
set description "Ban the IP address specified in the automation trigger event."
|
|
set action-type ban-ip
|
|
next
|
|
edit "FortiExplorer Notification"
|
|
set description "Send a notification to FortiExplorer mobile application."
|
|
set action-type fortiexplorer-notification
|
|
set minimum-interval 0
|
|
next
|
|
edit "Email Notification"
|
|
set description "Send a custom email notification to the FortiCare email address registered on this device."
|
|
set action-type email
|
|
set forticare-email enable
|
|
set email-from ''
|
|
set email-subject "%%log.logdesc%%"
|
|
set minimum-interval 0
|
|
set message "%%log%%"
|
|
set replacement-message disable
|
|
next
|
|
edit "CLI Script - System Status"
|
|
set description "Execute a CLI script to return the system status."
|
|
set action-type cli-script
|
|
set minimum-interval 0
|
|
set script "get system status"
|
|
set output-size 10
|
|
set timeout 0
|
|
set execute-security-fabric disable
|
|
set accprofile "super_admin_readonly"
|
|
next
|
|
end
|
|
config system automation-destination
|
|
end
|
|
config system automation-stitch
|
|
edit "Network Down"
|
|
set description ''
|
|
set status disable
|
|
set trigger "Network Down"
|
|
set condition-logic and
|
|
config actions
|
|
edit 1
|
|
set action "Network Down_email"
|
|
set delay 0
|
|
set required disable
|
|
next
|
|
end
|
|
next
|
|
edit "HA Failover"
|
|
set description ''
|
|
set status disable
|
|
set trigger "HA Failover"
|
|
set condition-logic and
|
|
config actions
|
|
edit 1
|
|
set action "HA Failover_email"
|
|
set delay 0
|
|
set required disable
|
|
next
|
|
end
|
|
next
|
|
edit "Reboot"
|
|
set description ''
|
|
set status disable
|
|
set trigger "Reboot"
|
|
set condition-logic and
|
|
config actions
|
|
edit 1
|
|
set action "Reboot_email"
|
|
set delay 0
|
|
set required disable
|
|
next
|
|
end
|
|
next
|
|
edit "FortiAnalyzer Connection Down"
|
|
set description ''
|
|
set status enable
|
|
set trigger "FortiAnalyzer Connection Down"
|
|
set condition-logic and
|
|
config actions
|
|
edit 1
|
|
set action "FortiAnalyzer Connection Down_ios-notification"
|
|
set delay 0
|
|
set required disable
|
|
next
|
|
end
|
|
next
|
|
edit "License Expired Notification"
|
|
set description ''
|
|
set status enable
|
|
set trigger "License Expired Notification"
|
|
set condition-logic and
|
|
config actions
|
|
edit 1
|
|
set action "License Expired Notification_ios-notification"
|
|
set delay 0
|
|
set required disable
|
|
next
|
|
end
|
|
next
|
|
edit "Compromised Host Quarantine"
|
|
set description ''
|
|
set status disable
|
|
set trigger "Compromised Host Quarantine"
|
|
set condition-logic and
|
|
config actions
|
|
edit 1
|
|
set action "Compromised Host Quarantine_quarantine"
|
|
set delay 0
|
|
set required disable
|
|
next
|
|
edit 2
|
|
set action "Compromised Host Quarantine_quarantine-forticlient"
|
|
set delay 0
|
|
set required disable
|
|
next
|
|
end
|
|
next
|
|
edit "Incoming Webhook Quarantine"
|
|
set description ''
|
|
set status disable
|
|
set trigger "Incoming Webhook Call"
|
|
set condition-logic and
|
|
config actions
|
|
edit 1
|
|
set action "Compromised Host Quarantine_quarantine"
|
|
set delay 0
|
|
set required disable
|
|
next
|
|
edit 2
|
|
set action "Compromised Host Quarantine_quarantine-forticlient"
|
|
set delay 0
|
|
set required disable
|
|
next
|
|
end
|
|
next
|
|
edit "Security Rating Notification"
|
|
set description ''
|
|
set status enable
|
|
set trigger "Security Rating Notification"
|
|
set condition-logic and
|
|
config actions
|
|
edit 1
|
|
set action "Security Rating Notification_ios-notification"
|
|
set delay 0
|
|
set required disable
|
|
next
|
|
end
|
|
next
|
|
edit "Firmware upgrade notification"
|
|
set description "Automatic firmware upgrade notification."
|
|
set status enable
|
|
set trigger "Auto Firmware upgrade"
|
|
set condition-logic or
|
|
config actions
|
|
edit 1
|
|
set action "Email Notification"
|
|
set delay 0
|
|
set required disable
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config monitoring npu-hpe
|
|
set status disable
|
|
set interval 1
|
|
set multipliers 4 4 4 4 8 8 8 8 8 8 8 8
|
|
end
|
|
config system saml
|
|
set status disable
|
|
end
|
|
config system federated-upgrade
|
|
set status disabled
|
|
set upgrade-id 0
|
|
set next-path-index 0
|
|
end
|
|
config system device-upgrade
|
|
end
|
|
config system ike
|
|
set embryonic-limit 20000
|
|
set dh-multiprocess disable
|
|
end
|
|
config system acme
|
|
set source-ip 0.0.0.0
|
|
set source-ip6 ::
|
|
end
|
|
config system ipam
|
|
set status disable
|
|
set server-type fabric-root
|
|
set automatic-conflict-resolution disable
|
|
set require-subnet-size-match enable
|
|
set manage-lan-addresses disable
|
|
set manage-lan-extension-addresses disable
|
|
set manage-ssid-addresses disable
|
|
end
|
|
config system fabric-vpn
|
|
set status disable
|
|
end
|
|
config system ssh-config
|
|
set ssh-enc-algo aes256-ctr aes256-gcm@openssh.com
|
|
set ssh-hsk-algo ecdsa-sha2-nistp521 ecdsa-sha2-nistp384 ecdsa-sha2-nistp256 rsa-sha2-256 rsa-sha2-512 ssh-ed25519
|
|
set ssh-hsk-override disable
|
|
set ssh-kex-algo diffie-hellman-group14-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group-exchange-sha256 curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521
|
|
set ssh-mac-algo hmac-sha2-256 hmac-sha2-256-etm@openssh.com hmac-sha2-512 hmac-sha2-512-etm@openssh.com
|
|
end
|
|
end
|
|
|
|
config vdom
|
|
edit root
|
|
config wireless-controller hotspot20 anqp-venue-name
|
|
end
|
|
config wireless-controller hotspot20 anqp-venue-url
|
|
end
|
|
config wireless-controller hotspot20 anqp-network-auth-type
|
|
end
|
|
config wireless-controller hotspot20 anqp-roaming-consortium
|
|
end
|
|
config wireless-controller hotspot20 anqp-nai-realm
|
|
end
|
|
config wireless-controller hotspot20 anqp-3gpp-cellular
|
|
end
|
|
config wireless-controller hotspot20 anqp-ip-address-type
|
|
end
|
|
config wireless-controller hotspot20 h2qp-operator-name
|
|
end
|
|
config wireless-controller hotspot20 h2qp-wan-metric
|
|
end
|
|
config wireless-controller hotspot20 h2qp-conn-capability
|
|
end
|
|
config wireless-controller hotspot20 icon
|
|
end
|
|
config wireless-controller hotspot20 h2qp-osu-provider
|
|
end
|
|
config wireless-controller hotspot20 qos-map
|
|
end
|
|
config wireless-controller hotspot20 h2qp-advice-of-charge
|
|
end
|
|
config wireless-controller hotspot20 h2qp-osu-provider-nai
|
|
end
|
|
config wireless-controller hotspot20 h2qp-terms-and-conditions
|
|
end
|
|
config wireless-controller hotspot20 hs-profile
|
|
end
|
|
config wireless-controller vap
|
|
end
|
|
config system object-tagging
|
|
edit "default"
|
|
set address optional
|
|
set device optional
|
|
set interface optional
|
|
set multiple enable
|
|
set color 0
|
|
next
|
|
end
|
|
config switch-controller traffic-policy
|
|
edit "quarantine"
|
|
set description "Rate control for quarantined traffic"
|
|
set policer-status enable
|
|
set guaranteed-bandwidth 163840
|
|
set guaranteed-burst 8192
|
|
set maximum-burst 163840
|
|
set cos-queue 0
|
|
next
|
|
edit "sniffer"
|
|
set description "Rate control for sniffer mirrored traffic"
|
|
set policer-status enable
|
|
set guaranteed-bandwidth 50000
|
|
set guaranteed-burst 8192
|
|
set maximum-burst 163840
|
|
set cos-queue 0
|
|
next
|
|
end
|
|
config switch-controller fortilink-settings
|
|
end
|
|
config system stp
|
|
set switch-priority 32768
|
|
set hello-time 2
|
|
set forward-delay 15
|
|
set max-age 20
|
|
set max-hops 20
|
|
end
|
|
config system settings
|
|
set comments ''
|
|
set vdom-type traffic
|
|
set opmode nat
|
|
set policy-offload-level disable
|
|
set ngfw-mode profile-based
|
|
set http-external-dest fortiweb
|
|
set firewall-session-dirty check-all
|
|
set bfd disable
|
|
set utf8-spam-tagging enable
|
|
set wccp-cache-engine disable
|
|
set vpn-stats-log ipsec pptp l2tp ssl
|
|
set vpn-stats-period 600
|
|
set v4-ecmp-mode source-ip-based
|
|
set fw-session-hairpin disable
|
|
set prp-trailer-action disable
|
|
set snat-hairpin-traffic enable
|
|
set dhcp-proxy disable
|
|
set central-nat disable
|
|
set lldp-reception global
|
|
set lldp-transmission global
|
|
set link-down-access enable
|
|
set nat46-generate-ipv6-fragment-header disable
|
|
set nat46-force-ipv4-packet-forwarding disable
|
|
set nat64-force-ipv6-packet-forwarding enable
|
|
set detect-unknown-esp enable
|
|
set intree-ses-best-route disable
|
|
set auxiliary-session disable
|
|
set asymroute disable
|
|
set asymroute-icmp disable
|
|
set tcp-session-without-syn disable
|
|
set ses-denied-traffic disable
|
|
set ses-denied-multicast-traffic disable
|
|
set strict-src-check disable
|
|
set allow-linkdown-path disable
|
|
set asymroute6 disable
|
|
set asymroute6-icmp disable
|
|
set sctp-session-without-init disable
|
|
set sip-expectation disable
|
|
set sip-nat-trace enable
|
|
set h323-direct-model enable
|
|
set status enable
|
|
set sip-tcp-port 5060
|
|
set sip-udp-port 5060
|
|
set sip-ssl-port 5061
|
|
set sccp-port 2000
|
|
set multicast-forward enable
|
|
set multicast-ttl-notchange disable
|
|
set allow-subnet-overlap disable
|
|
set deny-tcp-with-icmp disable
|
|
set ecmp-max-paths 255
|
|
set discovered-device-timeout 28
|
|
set email-portal-check-dns enable
|
|
set default-voip-alg-mode proxy-based
|
|
set gui-proxy-inspection enable
|
|
set gui-icap disable
|
|
set gui-implicit-policy enable
|
|
set gui-dns-database disable
|
|
set gui-load-balance disable
|
|
set gui-multicast-policy disable
|
|
set gui-dos-policy enable
|
|
set gui-object-colors enable
|
|
set gui-route-tag-address-creation disable
|
|
set gui-voip-profile disable
|
|
set gui-ap-profile enable
|
|
set gui-security-profile-group disable
|
|
set gui-local-in-policy disable
|
|
set gui-wanopt-cache disable
|
|
set gui-explicit-proxy disable
|
|
set gui-dynamic-routing enable
|
|
set gui-policy-based-ipsec disable
|
|
set gui-threat-weight enable
|
|
set gui-spamfilter disable
|
|
set gui-file-filter disable
|
|
set gui-application-control enable
|
|
set gui-ips enable
|
|
set gui-dhcp-advanced enable
|
|
set gui-vpn enable
|
|
set gui-sslvpn disable
|
|
set gui-wireless-controller enable
|
|
set gui-advanced-wireless-features disable
|
|
set gui-switch-controller enable
|
|
set gui-fortiap-split-tunneling disable
|
|
set gui-traffic-shaping enable
|
|
set gui-wan-load-balancing enable
|
|
set gui-antivirus enable
|
|
set gui-webfilter disable
|
|
set gui-videofilter enable
|
|
set gui-dnsfilter disable
|
|
set gui-waf-profile disable
|
|
set gui-dlp-profile disable
|
|
set gui-virtual-patch-profile disable
|
|
set gui-casb disable
|
|
set gui-fortiextender-controller disable
|
|
set gui-advanced-policy disable
|
|
set gui-allow-unnamed-policy disable
|
|
set gui-email-collection disable
|
|
set gui-multiple-interface-policy disable
|
|
set gui-policy-disclaimer disable
|
|
set gui-ztna enable
|
|
set gui-ot disable
|
|
set gui-dynamic-device-os-id disable
|
|
set location-id 0.0.0.0
|
|
set ike-session-resume disable
|
|
set ike-quick-crash-detect disable
|
|
set ike-dn-format with-space
|
|
set ike-port 500
|
|
set ike-tcp-port 4500
|
|
set ike-policy-route disable
|
|
set block-land-attack disable
|
|
set application-bandwidth-tracking disable
|
|
set fqdn-session-check disable
|
|
set ext-resource-session-check disable
|
|
set dyn-addr-session-check disable
|
|
set default-policy-expiry-days 30
|
|
set gui-enforce-change-summary require
|
|
set internet-service-database-cache disable
|
|
set internet-service-app-ctrl-size 32768
|
|
end
|
|
config system sit-tunnel
|
|
end
|
|
config system arp-table
|
|
end
|
|
config system ipv6-neighbor-cache
|
|
end
|
|
config system replacemsg-group
|
|
edit "default"
|
|
set comment "Default replacement message group."
|
|
set group-type default
|
|
next
|
|
end
|
|
config system session-ttl
|
|
set default 3600
|
|
end
|
|
config system dhcp server
|
|
edit 1
|
|
set status enable
|
|
set lease-time 604800
|
|
set mac-acl-default-action assign
|
|
set forticlient-on-net-status enable
|
|
set dns-service default
|
|
set wifi-ac-service specify
|
|
set wifi-ac1 0.0.0.0
|
|
set wifi-ac2 0.0.0.0
|
|
set wifi-ac3 0.0.0.0
|
|
set ntp-service specify
|
|
set domain ''
|
|
set wins-server1 0.0.0.0
|
|
set wins-server2 0.0.0.0
|
|
set default-gateway 192.168.200.1
|
|
set next-server 0.0.0.0
|
|
set netmask 255.255.255.0
|
|
set interface "mgmt2"
|
|
config ip-range
|
|
edit 1
|
|
set start-ip 192.168.200.2
|
|
set end-ip 192.168.200.254
|
|
set vci-match disable
|
|
set uci-match disable
|
|
set lease-time 0
|
|
next
|
|
end
|
|
set timezone-option disable
|
|
set filename ''
|
|
set server-type regular
|
|
set conflicted-ip-timeout 1800
|
|
set auto-configuration enable
|
|
set dhcp-settings-from-fortiipam disable
|
|
set ddns-update disable
|
|
set vci-match disable
|
|
set shared-subnet disable
|
|
set ntp-server1 0.0.0.0
|
|
set ntp-server2 0.0.0.0
|
|
set ntp-server3 0.0.0.0
|
|
next
|
|
end
|
|
config system dhcp6 server
|
|
end
|
|
config system modem
|
|
set status disable
|
|
set pin-init ''
|
|
set network-init ''
|
|
set lockdown-lac ''
|
|
set mode standalone
|
|
set auto-dial disable
|
|
set dial-on-demand disable
|
|
set idle-timer 5
|
|
set redial none
|
|
set reset 0
|
|
set connect-timeout 90
|
|
set wireless-port 0
|
|
set dont-send-CR1 disable
|
|
set phone1 ''
|
|
set dial-cmd1 ''
|
|
set username1 ''
|
|
set passwd1 ENC UfjOffMipQS5cQhvm5zzm+DbVyN4kbRF+LmY9XZjLWCPJU7RTtNMNxxO4qFP4A+IFRKPI2jZDcDqDLS93Rf9A5QKML1qAKyMtuwgJi2Hb0JkxPPDNMxak/DXzqCSn0DeM6UzmeaDMen2QyRtxGMVEWoWXOZBmqd9+qCat6zHvMfp9Mr+hsYBf14KxfVO9l9K530mWVlmMjY3dkVA
|
|
set extra-init1 ''
|
|
set peer-modem1 generic
|
|
set ppp-echo-request1 enable
|
|
set authtype1 pap chap mschap mschapv2
|
|
set dont-send-CR2 disable
|
|
set phone2 ''
|
|
set dial-cmd2 ''
|
|
set username2 ''
|
|
set passwd2 ENC T47e3AsxLackUJCtdpqNu73VYUYgnFtqyiZ8zJbWpw925LMuItYS1BaHJCfS/vHxC7FTvwKmYrj9WF1O7nOAJtie5U9m5oDI0RXOq1hTWbDZokruKeGereS2h3ZE7FCglgiFaPO7xmg/so/npaxHODQSAs8BTBXooTGnAzPN8dTAy7W+1ak5blovHghhaEC2YiuGi1lmMjY3dkVA
|
|
set extra-init2 ''
|
|
set peer-modem2 generic
|
|
set ppp-echo-request2 enable
|
|
set authtype2 pap chap mschap mschapv2
|
|
set dont-send-CR3 disable
|
|
set phone3 ''
|
|
set dial-cmd3 ''
|
|
set username3 ''
|
|
set passwd3 ENC VQWQyC1wJoMchNGW0qfW2j6FXqOYAD9KJzC2STbT9llwVwLUZbfhGUjti+Dk/JGipplqcXVsZdF4k/FrfkaLzlWnK+kcGXnIwlLcYXHxvLhg85FJitjWhzGd/qIkpPvJaYAlzc5qwcGAMDXu79BP6OZu1m3lE2sF1EKTXDJqhoOplTxAR5lYXPNEuRQNOOjmNIGueFlmMjY3dkVA
|
|
set extra-init3 ''
|
|
set peer-modem3 generic
|
|
set ppp-echo-request3 enable
|
|
set altmode enable
|
|
set authtype3 pap chap mschap mschapv2
|
|
set distance 1
|
|
set priority 1
|
|
end
|
|
config system 3g-modem custom
|
|
end
|
|
config system zone
|
|
end
|
|
config firewall address
|
|
edit "EMS_ALL_UNKNOWN_CLIENTS"
|
|
set uuid 4bea0f66-c0f6-51f0-446c-c886382c9609
|
|
set type dynamic
|
|
set sub-type ems-tag
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set obj-tag ''
|
|
set obj-type ip
|
|
set tag-detection-level ''
|
|
set tag-type ''
|
|
next
|
|
edit "EMS_ALL_UNMANAGEABLE_CLIENTS"
|
|
set uuid 4be9fc4c-c0f6-51f0-891c-a9b86390257d
|
|
set type dynamic
|
|
set sub-type ems-tag
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set obj-tag ''
|
|
set obj-type ip
|
|
set tag-detection-level ''
|
|
set tag-type ''
|
|
next
|
|
edit "none"
|
|
set uuid 7e89d32c-7abc-51ec-ada3-e0bf09e3f43d
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 0.0.0.0 255.255.255.255
|
|
next
|
|
edit "login.microsoftonline.com"
|
|
set uuid 7e89d9bc-7abc-51ec-748f-69691c3b494c
|
|
set type fqdn
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set fqdn "login.microsoftonline.com"
|
|
set cache-ttl 0
|
|
next
|
|
edit "login.microsoft.com"
|
|
set uuid 7e89df3e-7abc-51ec-f5ae-b57e90f6f270
|
|
set type fqdn
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set fqdn "login.microsoft.com"
|
|
set cache-ttl 0
|
|
next
|
|
edit "login.windows.net"
|
|
set uuid 7e89e3c6-7abc-51ec-e5a7-17e461dedf86
|
|
set type fqdn
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set fqdn "login.windows.net"
|
|
set cache-ttl 0
|
|
next
|
|
edit "gmail.com"
|
|
set uuid 7e89e826-7abc-51ec-bb70-9f12149152de
|
|
set type fqdn
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set fqdn "gmail.com"
|
|
set cache-ttl 0
|
|
next
|
|
edit "wildcard.google.com"
|
|
set uuid 7e89ec72-7abc-51ec-a7bb-3a00a6de5aca
|
|
set type fqdn
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set fqdn "*.google.com"
|
|
set cache-ttl 0
|
|
next
|
|
edit "wildcard.dropbox.com"
|
|
set uuid 7e89f5f0-7abc-51ec-dee4-ca2ba4b9de4d
|
|
set type fqdn
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set fqdn "*.dropbox.com"
|
|
set cache-ttl 0
|
|
next
|
|
edit "all"
|
|
set uuid 7e946422-7abc-51ec-fcd4-6272903f0e79
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 0.0.0.0 0.0.0.0
|
|
next
|
|
edit "FIREWALL_AUTH_PORTAL_ADDRESS"
|
|
set uuid 7e9465e4-7abc-51ec-18eb-b3a1b533951c
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 0.0.0.0 0.0.0.0
|
|
next
|
|
edit "FABRIC_DEVICE"
|
|
set uuid 7e946756-7abc-51ec-8e5a-18caba2cdf21
|
|
set type ipmask
|
|
set comment "IPv4 addresses of Fabric Devices."
|
|
set associated-interface ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set subnet 0.0.0.0 0.0.0.0
|
|
next
|
|
edit "SSLVPN_TUNNEL_ADDR1"
|
|
set uuid 7e94dbfa-7abc-51ec-26c3-04e68952913c
|
|
set type iprange
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set start-ip 10.212.134.200
|
|
set end-ip 10.212.134.210
|
|
next
|
|
edit "FCTEMS_ALL_FORTICLOUD_SERVERS"
|
|
set uuid 89320da2-7d1a-51ec-883d-26894f0a2b7e
|
|
set type dynamic
|
|
set sub-type ems-tag
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set obj-tag ''
|
|
set obj-type ip
|
|
set tag-detection-level ''
|
|
set tag-type ''
|
|
next
|
|
end
|
|
config firewall multicast-address
|
|
edit "all"
|
|
set type multicastrange
|
|
set start-ip 224.0.0.0
|
|
set end-ip 239.255.255.255
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
next
|
|
edit "all_hosts"
|
|
set type multicastrange
|
|
set start-ip 224.0.0.1
|
|
set end-ip 224.0.0.1
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
next
|
|
edit "all_routers"
|
|
set type multicastrange
|
|
set start-ip 224.0.0.2
|
|
set end-ip 224.0.0.2
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
next
|
|
edit "Bonjour"
|
|
set type multicastrange
|
|
set start-ip 224.0.0.251
|
|
set end-ip 224.0.0.251
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
next
|
|
edit "EIGRP"
|
|
set type multicastrange
|
|
set start-ip 224.0.0.10
|
|
set end-ip 224.0.0.10
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
next
|
|
edit "OSPF"
|
|
set type multicastrange
|
|
set start-ip 224.0.0.5
|
|
set end-ip 224.0.0.6
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
next
|
|
end
|
|
config firewall address6-template
|
|
end
|
|
config firewall address6
|
|
edit "SSLVPN_TUNNEL_IPv6_ADDR1"
|
|
set uuid 7e94de98-7abc-51ec-535f-ea484729663b
|
|
set type ipprefix
|
|
set ip6 fdff:ffff::/120
|
|
set color 0
|
|
set comment ''
|
|
set fabric-object disable
|
|
next
|
|
edit "all"
|
|
set uuid 7e8a0bda-7abc-51ec-6793-47d646768988
|
|
set type ipprefix
|
|
set ip6 ::/0
|
|
set color 0
|
|
set comment ''
|
|
set fabric-object disable
|
|
next
|
|
edit "none"
|
|
set uuid 7e8a0fa4-7abc-51ec-1f1e-1d8d41102c74
|
|
set type ipprefix
|
|
set ip6 ::/128
|
|
set color 0
|
|
set comment ''
|
|
set fabric-object disable
|
|
next
|
|
end
|
|
config firewall multicast-address6
|
|
edit "all"
|
|
set ip6 ff00::/8
|
|
set comment ''
|
|
set color 0
|
|
next
|
|
end
|
|
config system ipv6-tunnel
|
|
end
|
|
config firewall addrgrp
|
|
edit "G Suite"
|
|
set type default
|
|
set category default
|
|
set uuid 7e89fd16-7abc-51ec-b36a-97f92912a844
|
|
set member "gmail.com" "wildcard.google.com"
|
|
set comment ''
|
|
set exclude disable
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "Microsoft Office 365"
|
|
set type default
|
|
set category default
|
|
set uuid 7e8a03ba-7abc-51ec-826a-4988e9b80b6e
|
|
set member "login.microsoftonline.com" "login.microsoft.com" "login.windows.net"
|
|
set comment ''
|
|
set exclude disable
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
end
|
|
config firewall addrgrp6
|
|
end
|
|
config firewall wildcard-fqdn custom
|
|
edit "g-Adobe Login"
|
|
set uuid b5c2c426-7e12-51ec-c8c7-42a0753234df
|
|
set wildcard-fqdn "*.adobelogin.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-Gotomeeting"
|
|
set uuid b5c2d1dc-7e12-51ec-0033-c7d538e5fdef
|
|
set wildcard-fqdn "*.gotomeeting.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-Windows update 2"
|
|
set uuid b5c2d93e-7e12-51ec-1050-7b6ae64065ac
|
|
set wildcard-fqdn "*.windowsupdate.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-adobe"
|
|
set uuid b5c2c30e-7e12-51ec-1da6-1db9bca6406e
|
|
set wildcard-fqdn "*.adobe.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-android"
|
|
set uuid b5c2c520-7e12-51ec-66f1-404afb0dad1a
|
|
set wildcard-fqdn "*.android.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-apple"
|
|
set uuid b5c2c61a-7e12-51ec-b2cc-2b03b1ad8ac0
|
|
set wildcard-fqdn "*.apple.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-appstore"
|
|
set uuid b5c2c714-7e12-51ec-072f-a8d60b6da6c9
|
|
set wildcard-fqdn "*.appstore.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-auth.gfx.ms"
|
|
set uuid b5c2c80e-7e12-51ec-3653-8016dcbc28a4
|
|
set wildcard-fqdn "*.auth.gfx.ms"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-autoupdate.opera.com"
|
|
set uuid b5c2de52-7e12-51ec-9c10-927947a6ab3a
|
|
set wildcard-fqdn "*autoupdate.opera.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-cdn-apple"
|
|
set uuid 4fcf159e-7cda-51ed-d7ef-7d1c0f82091c
|
|
set wildcard-fqdn "*.cdn-apple.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-citrix"
|
|
set uuid b5c2c908-7e12-51ec-01b1-b38ce4989cbb
|
|
set wildcard-fqdn "*.citrixonline.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-dropbox.com"
|
|
set uuid b5c2ca02-7e12-51ec-43dc-489077effa44
|
|
set wildcard-fqdn "*.dropbox.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-eease"
|
|
set uuid b5c2cafc-7e12-51ec-0777-7e7243cc25fe
|
|
set wildcard-fqdn "*.eease.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-firefox update server"
|
|
set uuid b5c2cbf6-7e12-51ec-d213-27b68033a384
|
|
set wildcard-fqdn "aus*.mozilla.org"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-fortinet"
|
|
set uuid b5c2ccf0-7e12-51ec-0b36-46ab64c1ba89
|
|
set wildcard-fqdn "*.fortinet.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-google-drive"
|
|
set uuid b5c2cee4-7e12-51ec-9ea0-220ca0ebde0f
|
|
set wildcard-fqdn "*drive.google.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-google-play"
|
|
set uuid b5c2db46-7e12-51ec-efc3-be1c278ba621
|
|
set wildcard-fqdn "*play.google.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-google-play2"
|
|
set uuid b5c2cfde-7e12-51ec-3f42-4089eb70f096
|
|
set wildcard-fqdn "*.ggpht.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-google-play3"
|
|
set uuid b5c2d0d8-7e12-51ec-b5df-6cd900ac767d
|
|
set wildcard-fqdn "*.books.google.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-googleapis.com"
|
|
set uuid b5c2cdea-7e12-51ec-c49f-497c9a8f0cc4
|
|
set wildcard-fqdn "*.googleapis.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-icloud"
|
|
set uuid b5c2d344-7e12-51ec-c8c1-97b23449d39e
|
|
set wildcard-fqdn "*.icloud.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-itunes"
|
|
set uuid b5c2d452-7e12-51ec-d0f4-1605cffaa5b0
|
|
set wildcard-fqdn "*itunes.apple.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-live.com"
|
|
set uuid b5c2da42-7e12-51ec-980b-fefb8446bc74
|
|
set wildcard-fqdn "*.live.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-microsoft"
|
|
set uuid b5c2d54c-7e12-51ec-66f6-895f67d8072d
|
|
set wildcard-fqdn "*.microsoft.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-mzstatic-apple"
|
|
set uuid 4fcf1652-7cda-51ed-df9f-4d198b596ae5
|
|
set wildcard-fqdn "*.mzstatic.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-skype"
|
|
set uuid b5c2d646-7e12-51ec-2218-dc4a982afb68
|
|
set wildcard-fqdn "*.messenger.live.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-softwareupdate.vmware.com"
|
|
set uuid b5c2d740-7e12-51ec-15f8-f8ef25f4ea30
|
|
set wildcard-fqdn "*.softwareupdate.vmware.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-swscan.apple.com"
|
|
set uuid b5c2dd44-7e12-51ec-5fa2-8d51ab678ea9
|
|
set wildcard-fqdn "*swscan.apple.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-update.microsoft.com"
|
|
set uuid b5c2dc40-7e12-51ec-7df9-3371c69c0ffb
|
|
set wildcard-fqdn "*update.microsoft.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-verisign"
|
|
set uuid b5c2d83a-7e12-51ec-e82e-ffa878b96855
|
|
set wildcard-fqdn "*.verisign.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
end
|
|
config firewall wildcard-fqdn group
|
|
end
|
|
config firewall traffic-class
|
|
end
|
|
config firewall service category
|
|
edit "General"
|
|
set comment "General services."
|
|
set fabric-object disable
|
|
next
|
|
edit "Web Access"
|
|
set comment "Web access."
|
|
set fabric-object disable
|
|
next
|
|
edit "File Access"
|
|
set comment "File access."
|
|
set fabric-object disable
|
|
next
|
|
edit "Email"
|
|
set comment "Email services."
|
|
set fabric-object disable
|
|
next
|
|
edit "Network Services"
|
|
set comment "Network services."
|
|
set fabric-object disable
|
|
next
|
|
edit "Authentication"
|
|
set comment "Authentication service."
|
|
set fabric-object disable
|
|
next
|
|
edit "Remote Access"
|
|
set comment "Remote access."
|
|
set fabric-object disable
|
|
next
|
|
edit "Tunneling"
|
|
set comment "Tunneling service."
|
|
set fabric-object disable
|
|
next
|
|
edit "VoIP, Messaging & Other Applications"
|
|
set comment "VoIP, messaging, and other applications."
|
|
set fabric-object disable
|
|
next
|
|
edit "Web Proxy"
|
|
set comment "Explicit web proxy."
|
|
set fabric-object disable
|
|
next
|
|
end
|
|
config firewall service custom
|
|
edit "ALL"
|
|
set uuid 8ae5612c-c0f9-51f0-2e4c-905a445bd7f2
|
|
set proxy disable
|
|
set category "General"
|
|
set protocol IP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set protocol-number 0
|
|
next
|
|
edit "FTP"
|
|
set uuid 8ae56244-c0f9-51f0-02c5-df2c2396039f
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 21
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "FTP_GET"
|
|
set uuid 8ae56302-c0f9-51f0-2d1c-f5ddc173b1aa
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 21
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "FTP_PUT"
|
|
set uuid 8ae563ca-c0f9-51f0-9183-7d90610956d9
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 21
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "DNS"
|
|
set uuid 96dc097c-c0f9-51f0-ecf8-a0840f069c98
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 53
|
|
set udp-portrange 53
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "HTTP"
|
|
set uuid 96dc0ddc-c0f9-51f0-3a1e-1e0d5c46e30f
|
|
set proxy disable
|
|
set category "Web Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 80
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "HTTPS"
|
|
set uuid 96dc1156-c0f9-51f0-a5ff-8f63740c8792
|
|
set proxy disable
|
|
set category "Web Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 443
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "IMAP"
|
|
set uuid 96dc14bc-c0f9-51f0-e592-58b943d70566
|
|
set proxy disable
|
|
set category "Email"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 143
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "IMAPS"
|
|
set uuid 96dc1804-c0f9-51f0-ef09-98d49d804157
|
|
set proxy disable
|
|
set category "Email"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 993
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "LDAP"
|
|
set uuid 96dc1b56-c0f9-51f0-bcd4-f59e2896f98c
|
|
set proxy disable
|
|
set category "Authentication"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 389
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "DCE-RPC"
|
|
set uuid 96dc1ebc-c0f9-51f0-4882-ee9cfbed8edf
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 135
|
|
set udp-portrange 135
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "POP3"
|
|
set uuid 96dc225e-c0f9-51f0-09d7-2d058b5d8896
|
|
set proxy disable
|
|
set category "Email"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 110
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "POP3S"
|
|
set uuid 96dc25a6-c0f9-51f0-9b58-e77496ac1fa7
|
|
set proxy disable
|
|
set category "Email"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 995
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SAMBA"
|
|
set uuid 96dc28ee-c0f9-51f0-28b7-04b4844ed867
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 139
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SMTP"
|
|
set uuid 96dc2c36-c0f9-51f0-7233-0fab4a392a77
|
|
set proxy disable
|
|
set category "Email"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 25
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SMTPS"
|
|
set uuid 96dc31c2-c0f9-51f0-66a3-c98642711d8f
|
|
set proxy disable
|
|
set category "Email"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 465
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "KERBEROS"
|
|
set uuid 96dc371c-c0f9-51f0-e4b0-c150f3f48e91
|
|
set proxy disable
|
|
set category "Authentication"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 88 464
|
|
set udp-portrange 88 464
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "LDAP_UDP"
|
|
set uuid 96dc3adc-c0f9-51f0-b6aa-2b0c6e4e3be8
|
|
set proxy disable
|
|
set category "Authentication"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 389
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SMB"
|
|
set uuid 96dc3e38-c0f9-51f0-83ce-7fe076cb3813
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 445
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "ALL_TCP"
|
|
set uuid 96dc4f5e-c0f9-51f0-dd54-a9a33bf2d1ec
|
|
set proxy disable
|
|
set category "General"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1-65535
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "ALL_UDP"
|
|
set uuid 96dc52e2-c0f9-51f0-b988-ff9c912784c6
|
|
set proxy disable
|
|
set category "General"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 1-65535
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "ALL_ICMP"
|
|
set uuid 96dc563e-c0f9-51f0-5629-e76b8f490313
|
|
set proxy disable
|
|
set category "General"
|
|
set protocol ICMP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
unset icmptype
|
|
next
|
|
edit "ALL_ICMP6"
|
|
set uuid 96dc59e0-c0f9-51f0-0595-64b9d1b8eb4e
|
|
set proxy disable
|
|
set category "General"
|
|
set protocol ICMP6
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
unset icmptype
|
|
next
|
|
edit "GRE"
|
|
set uuid 96dc5d6e-c0f9-51f0-f759-3d003823edf5
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol IP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set protocol-number 47
|
|
next
|
|
edit "AH"
|
|
set uuid 96dc612e-c0f9-51f0-a7b1-bbf75e6fd8ab
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol IP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set protocol-number 51
|
|
next
|
|
edit "ESP"
|
|
set uuid 96dc64d0-c0f9-51f0-7fb9-25aabfb0c3d2
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol IP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set protocol-number 50
|
|
next
|
|
edit "AOL"
|
|
set uuid 96dc685e-c0f9-51f0-11d6-5e0d1d928d5c
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 5190-5194
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "BGP"
|
|
set uuid 96dc6b2e-c0f9-51f0-864f-bc785992a5e3
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 179
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "DHCP"
|
|
set uuid 96dc6e94-c0f9-51f0-3600-1c5c00ea8407
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 67-68
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "FINGER"
|
|
set uuid 96dc71e6-c0f9-51f0-137a-d8c6e0ece8f1
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 79
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "GOPHER"
|
|
set uuid 96dc74ac-c0f9-51f0-1f25-c9edef91dfc1
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 70
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "H323"
|
|
set uuid 96dc781c-c0f9-51f0-1318-edaf11cfeac2
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1720 1503
|
|
set udp-portrange 1719
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "IKE"
|
|
set uuid 96dc7bfa-c0f9-51f0-6750-5d04c9bf09da
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 500 4500
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "Internet-Locator-Service"
|
|
set uuid 96dc7f56-c0f9-51f0-a7f0-70717bfbb2e3
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 389
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "IRC"
|
|
set uuid 96dc8212-c0f9-51f0-411c-492312ddbcf6
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 6660-6669
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "L2TP"
|
|
set uuid 96dc8582-c0f9-51f0-4f7a-145477b45dd9
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1701
|
|
set udp-portrange 1701
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "NetMeeting"
|
|
set uuid 96dc891a-c0f9-51f0-f49f-99593392af89
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1720
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "NFS"
|
|
set uuid 96dc8bd6-c0f9-51f0-1646-21229ce92c39
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 111 2049
|
|
set udp-portrange 111 2049
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "NNTP"
|
|
set uuid 96dc8f6e-c0f9-51f0-65d2-6a2d424f723d
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 119
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "NTP"
|
|
set uuid 96dc9234-c0f9-51f0-66da-dfa3e4b339a6
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 123
|
|
set udp-portrange 123
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "OSPF"
|
|
set uuid 96dc95cc-c0f9-51f0-083f-1bf4b2d04cf8
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol IP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set protocol-number 89
|
|
next
|
|
edit "PC-Anywhere"
|
|
set uuid 96dc995a-c0f9-51f0-76b4-e92b05d2e591
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 5631
|
|
set udp-portrange 5632
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "PING"
|
|
set uuid 96dc9cfc-c0f9-51f0-2006-3d5719acad24
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol ICMP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set icmptype 8
|
|
unset icmpcode
|
|
next
|
|
edit "TIMESTAMP"
|
|
set uuid 96dca0e4-c0f9-51f0-3f01-16c5b51a1993
|
|
set proxy disable
|
|
set category ''
|
|
set protocol ICMP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set icmptype 13
|
|
unset icmpcode
|
|
next
|
|
edit "INFO_REQUEST"
|
|
set uuid 96dca436-c0f9-51f0-d58b-b2252bc96769
|
|
set proxy disable
|
|
set category ''
|
|
set protocol ICMP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set icmptype 15
|
|
unset icmpcode
|
|
next
|
|
edit "INFO_ADDRESS"
|
|
set uuid 96dca774-c0f9-51f0-ba49-555795abd6f6
|
|
set proxy disable
|
|
set category ''
|
|
set protocol ICMP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set icmptype 17
|
|
unset icmpcode
|
|
next
|
|
edit "ONC-RPC"
|
|
set uuid 96dcaada-c0f9-51f0-e67b-7e28a6e61318
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 111
|
|
set udp-portrange 111
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "PPTP"
|
|
set uuid 96dcaf26-c0f9-51f0-486d-cf73aac702b1
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1723
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "QUAKE"
|
|
set uuid 96dcb476-c0f9-51f0-9620-a493b4465a43
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 26000 27000 27910 27960
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RAUDIO"
|
|
set uuid 96dcb746-c0f9-51f0-819a-f9084e467039
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 7070
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "REXEC"
|
|
set uuid 96dcba02-c0f9-51f0-70f0-1118588d4bbc
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 512
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RIP"
|
|
set uuid 96dcbcd2-c0f9-51f0-909a-b35e40b03c5f
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 520
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RLOGIN"
|
|
set uuid 96dcc024-c0f9-51f0-c24a-a866c356cba8
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 513:512-1023
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RSH"
|
|
set uuid 96dcc2ea-c0f9-51f0-a728-c76e08ac3b7f
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 514:512-1023
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SCCP"
|
|
set uuid 96dcc5a6-c0f9-51f0-c2cd-3e6dafdc4f49
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 2000
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SIP"
|
|
set uuid 96dcc902-c0f9-51f0-8bf5-23ed35cb4de0
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 5060
|
|
set udp-portrange 5060
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SIP-MSNmessenger"
|
|
set uuid 96dcccb8-c0f9-51f0-b09f-24f9960276af
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1863
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SNMP"
|
|
set uuid 96dcd000-c0f9-51f0-f6f6-1e8a17c2ecb8
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 161-162
|
|
set udp-portrange 161-162
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SSH"
|
|
set uuid 96dcd3ac-c0f9-51f0-2420-b749f43f383c
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 22
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SYSLOG"
|
|
set uuid 96dcd6fe-c0f9-51f0-5014-73eab88c543a
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 514
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TALK"
|
|
set uuid 96dcda46-c0f9-51f0-6d06-ca32fb3efe71
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 517-518
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TELNET"
|
|
set uuid 96dcdd16-c0f9-51f0-a510-eee51cedbc20
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 23
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TFTP"
|
|
set uuid 96dce072-c0f9-51f0-d1bb-7e68b2d0efde
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 69
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "MGCP"
|
|
set uuid 96dce464-c0f9-51f0-008c-51dbd0ed4464
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 2427 2727
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "UUCP"
|
|
set uuid 96dce752-c0f9-51f0-5e2a-3a12b9fad1ad
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 540
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "VDOLIVE"
|
|
set uuid 96dcea0e-c0f9-51f0-59be-027c91887fad
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 7000-7010
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "WAIS"
|
|
set uuid 96dcecde-c0f9-51f0-939f-77cf35202b0f
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 210
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "WINFRAME"
|
|
set uuid 96dcef90-c0f9-51f0-c7eb-5f6acb475f54
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1494 2598
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "X-WINDOWS"
|
|
set uuid 96dcf256-c0f9-51f0-c864-530f861e8d42
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 6000-6063
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "PING6"
|
|
set uuid 96dcf5b2-c0f9-51f0-60a8-cdf847abf544
|
|
set proxy disable
|
|
set category ''
|
|
set protocol ICMP6
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set icmptype 128
|
|
unset icmpcode
|
|
next
|
|
edit "MS-SQL"
|
|
set uuid 96dcf918-c0f9-51f0-a8b9-b3937a0161b4
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1433 1434
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "MYSQL"
|
|
set uuid 96dcfc88-c0f9-51f0-a70e-ba60f18aecb0
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 3306
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RDP"
|
|
set uuid 96dcffe4-c0f9-51f0-3edc-36760041d1d8
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 3389
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "VNC"
|
|
set uuid 96dd0336-c0f9-51f0-b2cd-85a996bfb443
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 5900
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "DHCP6"
|
|
set uuid 96dd0688-c0f9-51f0-0425-1b7d481bab46
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 546 547
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SQUID"
|
|
set uuid 96dd09d0-c0f9-51f0-0b4c-49d9065535de
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 3128
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SOCKS"
|
|
set uuid 96dd0d2c-c0f9-51f0-5e3f-389172ff73a0
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1080
|
|
set udp-portrange 1080
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "WINS"
|
|
set uuid 96dd10ba-c0f9-51f0-72d2-20b0cd3f7305
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1512
|
|
set udp-portrange 1512
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RADIUS"
|
|
set uuid 96dd1452-c0f9-51f0-123b-fd91a170e288
|
|
set proxy disable
|
|
set category "Authentication"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 1812 1813
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RADIUS-OLD"
|
|
set uuid 96dd1862-c0f9-51f0-bb9c-1eff7427d060
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 1645 1646
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "CVSPSERVER"
|
|
set uuid 96dd1b46-c0f9-51f0-8622-c2eb9925327e
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 2401
|
|
set udp-portrange 2401
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "AFS3"
|
|
set uuid 96dd1e52-c0f9-51f0-1200-3e52be2ea783
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 7000-7009
|
|
set udp-portrange 7000-7009
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TRACEROUTE"
|
|
set uuid 96dd2208-c0f9-51f0-568d-324c1983232e
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 33434-33535
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RTSP"
|
|
set uuid 96dd2564-c0f9-51f0-2fcf-c32bb61c70b5
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 554 7070 8554
|
|
set udp-portrange 554
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "MMS"
|
|
set uuid 96dd2910-c0f9-51f0-a984-86a1d9335745
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1755
|
|
set udp-portrange 1024-5000
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "NONE"
|
|
set uuid 96dd2c26-c0f9-51f0-f0bf-8721dd42bc03
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 0
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "webproxy"
|
|
set uuid 8ae5511e-c0f9-51f0-327f-95a60c483551
|
|
set proxy enable
|
|
set category "Web Proxy"
|
|
set protocol ALL
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set app-service-type disable
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 0-65535:0-65535
|
|
next
|
|
end
|
|
config firewall service group
|
|
edit "Email Access"
|
|
set uuid 8ae564ce-c0f9-51f0-f457-51c0b8d12287
|
|
set proxy disable
|
|
set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "Web Access"
|
|
set uuid 8ae56c6c-c0f9-51f0-002c-df7bb8e3d432
|
|
set proxy disable
|
|
set member "DNS" "HTTP" "HTTPS"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "Windows AD"
|
|
set uuid 8ae5702c-c0f9-51f0-ffa8-2148cd664a4c
|
|
set proxy disable
|
|
set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "Exchange Server"
|
|
set uuid 8ae57590-c0f9-51f0-6150-2ef50d42889a
|
|
set proxy disable
|
|
set member "DCE-RPC" "DNS" "HTTPS"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
end
|
|
config firewall internet-service-group
|
|
end
|
|
config firewall internet-service-extension
|
|
end
|
|
config firewall internet-service-custom
|
|
end
|
|
config firewall internet-service-custom-group
|
|
end
|
|
config firewall network-service-dynamic
|
|
end
|
|
config system external-resource
|
|
end
|
|
config vpn certificate ca
|
|
end
|
|
config vpn certificate remote
|
|
end
|
|
config vpn certificate local
|
|
edit "Fortinet_CA_SSL"
|
|
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_CA_Untrusted"
|
|
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_GUI_Server"
|
|
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_RSA1024"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_RSA2048"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_RSA4096"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_DSA1024"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_DSA2048"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_ECDSA256"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_ECDSA384"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_ECDSA521"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_ED25519"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_ED448"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
end
|
|
config vpn certificate crl
|
|
end
|
|
config vpn certificate ocsp-server
|
|
end
|
|
config vpn certificate setting
|
|
set ocsp-status disable
|
|
set ocsp-option server
|
|
set proxy ''
|
|
set source-ip ''
|
|
set ocsp-default-server ''
|
|
set interface-select-method auto
|
|
set check-ca-cert enable
|
|
set check-ca-chain disable
|
|
set subject-match substring
|
|
set subject-set subset
|
|
set cn-match substring
|
|
set cn-allow-multi enable
|
|
config crl-verification
|
|
set expiry ignore
|
|
set leaf-crl-absence ignore
|
|
set chain-crl-absence ignore
|
|
end
|
|
set strict-ocsp-check disable
|
|
set ssl-min-proto-version default
|
|
set cmp-save-extra-certs disable
|
|
set cmp-key-usage-checking enable
|
|
set cert-expire-warning 14
|
|
set certname-rsa1024 "Fortinet_SSL_RSA1024"
|
|
set certname-rsa2048 "Fortinet_SSL_RSA2048"
|
|
set certname-rsa4096 "Fortinet_SSL_RSA4096"
|
|
set certname-dsa1024 "Fortinet_SSL_DSA1024"
|
|
set certname-dsa2048 "Fortinet_SSL_DSA2048"
|
|
set certname-ecdsa256 "Fortinet_SSL_ECDSA256"
|
|
set certname-ecdsa384 "Fortinet_SSL_ECDSA384"
|
|
set certname-ecdsa521 "Fortinet_SSL_ECDSA521"
|
|
set certname-ed25519 "Fortinet_SSL_ED25519"
|
|
set certname-ed448 "Fortinet_SSL_ED448"
|
|
end
|
|
config webfilter ftgd-local-cat
|
|
edit "custom1"
|
|
set status enable
|
|
set id 140
|
|
next
|
|
edit "custom2"
|
|
set status enable
|
|
set id 141
|
|
next
|
|
end
|
|
config ips sensor
|
|
edit "g-default"
|
|
set comment "Prevent critical attacks."
|
|
set replacemsg-group ''
|
|
set block-malicious-url disable
|
|
set scan-botnet-connections disable
|
|
set extended-log disable
|
|
config entries
|
|
edit 1
|
|
set location all
|
|
set severity medium high critical
|
|
set protocol all
|
|
set os all
|
|
set application all
|
|
set default-action all
|
|
set default-status all
|
|
unset last-modified
|
|
set status default
|
|
set log enable
|
|
set log-packet disable
|
|
set log-attack-context disable
|
|
set action default
|
|
set quarantine none
|
|
next
|
|
end
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "Monitor IPS attacks."
|
|
set replacemsg-group ''
|
|
set block-malicious-url disable
|
|
set scan-botnet-connections disable
|
|
set extended-log disable
|
|
config entries
|
|
edit 1
|
|
set location all
|
|
set severity medium high critical
|
|
set protocol all
|
|
set os all
|
|
set application all
|
|
set default-action all
|
|
set default-status all
|
|
unset last-modified
|
|
set status default
|
|
set log enable
|
|
set log-packet disable
|
|
set log-attack-context disable
|
|
set action default
|
|
set quarantine none
|
|
next
|
|
end
|
|
next
|
|
edit "g-wifi-default"
|
|
set comment "Default configuration for offloading WiFi traffic."
|
|
set replacemsg-group ''
|
|
set block-malicious-url disable
|
|
set scan-botnet-connections disable
|
|
set extended-log disable
|
|
config entries
|
|
edit 1
|
|
set location all
|
|
set severity medium high critical
|
|
set protocol all
|
|
set os all
|
|
set application all
|
|
set default-action all
|
|
set default-status all
|
|
unset last-modified
|
|
set status default
|
|
set log enable
|
|
set log-packet disable
|
|
set log-attack-context disable
|
|
set action default
|
|
set quarantine none
|
|
next
|
|
end
|
|
next
|
|
edit "all_default"
|
|
set comment "All predefined signatures with default setting."
|
|
set replacemsg-group ''
|
|
set block-malicious-url disable
|
|
set scan-botnet-connections disable
|
|
set extended-log disable
|
|
config entries
|
|
edit 1
|
|
set location all
|
|
set severity all
|
|
set protocol all
|
|
set os all
|
|
set application all
|
|
set default-action all
|
|
set default-status all
|
|
unset last-modified
|
|
set status default
|
|
set log enable
|
|
set log-packet disable
|
|
set log-attack-context disable
|
|
set action default
|
|
set quarantine none
|
|
next
|
|
end
|
|
next
|
|
edit "all_default_pass"
|
|
set comment "All predefined signatures with PASS action."
|
|
set replacemsg-group ''
|
|
set block-malicious-url disable
|
|
set scan-botnet-connections disable
|
|
set extended-log disable
|
|
config entries
|
|
edit 1
|
|
set location all
|
|
set severity all
|
|
set protocol all
|
|
set os all
|
|
set application all
|
|
set default-action all
|
|
set default-status all
|
|
unset last-modified
|
|
set status default
|
|
set log enable
|
|
set log-packet disable
|
|
set log-attack-context disable
|
|
set action pass
|
|
set quarantine none
|
|
next
|
|
end
|
|
next
|
|
edit "high_security"
|
|
set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities"
|
|
set replacemsg-group ''
|
|
set block-malicious-url enable
|
|
set scan-botnet-connections disable
|
|
set extended-log disable
|
|
config entries
|
|
edit 1
|
|
set location all
|
|
set severity medium high critical
|
|
set protocol all
|
|
set os all
|
|
set application all
|
|
set default-action all
|
|
set default-status all
|
|
unset last-modified
|
|
set status enable
|
|
set log enable
|
|
set log-packet disable
|
|
set log-attack-context disable
|
|
set action block
|
|
set quarantine none
|
|
next
|
|
edit 2
|
|
set location all
|
|
set severity low
|
|
set protocol all
|
|
set os all
|
|
set application all
|
|
set default-action all
|
|
set default-status all
|
|
unset last-modified
|
|
set status default
|
|
set log enable
|
|
set log-packet disable
|
|
set log-attack-context disable
|
|
set action default
|
|
set quarantine none
|
|
next
|
|
end
|
|
next
|
|
edit "protect_client"
|
|
set comment "Protect against client-side vulnerabilities."
|
|
set replacemsg-group ''
|
|
set block-malicious-url disable
|
|
set scan-botnet-connections disable
|
|
set extended-log disable
|
|
config entries
|
|
edit 1
|
|
set location client
|
|
set severity all
|
|
set protocol all
|
|
set os all
|
|
set application all
|
|
set default-action all
|
|
set default-status all
|
|
unset last-modified
|
|
set status default
|
|
set log enable
|
|
set log-packet disable
|
|
set log-attack-context disable
|
|
set action default
|
|
set quarantine none
|
|
next
|
|
end
|
|
next
|
|
edit "protect_email_server"
|
|
set comment "Protect against email server-side vulnerabilities."
|
|
set replacemsg-group ''
|
|
set block-malicious-url disable
|
|
set scan-botnet-connections disable
|
|
set extended-log disable
|
|
config entries
|
|
edit 1
|
|
set location server
|
|
set severity all
|
|
set protocol SMTP POP3 IMAP
|
|
set os all
|
|
set application all
|
|
set default-action all
|
|
set default-status all
|
|
unset last-modified
|
|
set status default
|
|
set log enable
|
|
set log-packet disable
|
|
set log-attack-context disable
|
|
set action default
|
|
set quarantine none
|
|
next
|
|
end
|
|
next
|
|
edit "protect_http_server"
|
|
set comment "Protect against HTTP server-side vulnerabilities."
|
|
set replacemsg-group ''
|
|
set block-malicious-url disable
|
|
set scan-botnet-connections disable
|
|
set extended-log disable
|
|
config entries
|
|
edit 1
|
|
set location server
|
|
set severity all
|
|
set protocol HTTP
|
|
set os all
|
|
set application all
|
|
set default-action all
|
|
set default-status all
|
|
unset last-modified
|
|
set status default
|
|
set log enable
|
|
set log-packet disable
|
|
set log-attack-context disable
|
|
set action default
|
|
set quarantine none
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config sctp-filter profile
|
|
end
|
|
config diameter-filter profile
|
|
end
|
|
config firewall shaper traffic-shaper
|
|
edit "high-priority"
|
|
set guaranteed-bandwidth 0
|
|
set maximum-bandwidth 1048576
|
|
set bandwidth-unit kbps
|
|
set priority high
|
|
set per-policy enable
|
|
set diffserv disable
|
|
set cos-marking disable
|
|
set overhead 0
|
|
next
|
|
edit "medium-priority"
|
|
set guaranteed-bandwidth 0
|
|
set maximum-bandwidth 1048576
|
|
set bandwidth-unit kbps
|
|
set priority medium
|
|
set per-policy enable
|
|
set diffserv disable
|
|
set cos-marking disable
|
|
set overhead 0
|
|
next
|
|
edit "low-priority"
|
|
set guaranteed-bandwidth 0
|
|
set maximum-bandwidth 1048576
|
|
set bandwidth-unit kbps
|
|
set priority low
|
|
set per-policy enable
|
|
set diffserv disable
|
|
set cos-marking disable
|
|
set overhead 0
|
|
next
|
|
edit "guarantee-100kbps"
|
|
set guaranteed-bandwidth 100
|
|
set maximum-bandwidth 1048576
|
|
set bandwidth-unit kbps
|
|
set priority high
|
|
set per-policy enable
|
|
set diffserv disable
|
|
set cos-marking disable
|
|
set overhead 0
|
|
next
|
|
edit "shared-1M-pipe"
|
|
set guaranteed-bandwidth 0
|
|
set maximum-bandwidth 1024
|
|
set bandwidth-unit kbps
|
|
set priority high
|
|
set per-policy disable
|
|
set diffserv disable
|
|
set cos-marking disable
|
|
set overhead 0
|
|
next
|
|
end
|
|
config firewall shaper per-ip-shaper
|
|
end
|
|
config firewall proxy-address
|
|
edit "IPv4-address"
|
|
set uuid 2999f822-c0f6-51f0-fb0c-ee6964deeeee
|
|
set type host-regex
|
|
set host-regex "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}$"
|
|
set referrer disable
|
|
set case-sensitivity disable
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "IPv6-address"
|
|
set uuid 2999f930-c0f6-51f0-5cd1-1b203433e660
|
|
set type host-regex
|
|
set host-regex "^\\[(([0-9a-f]{0,4}:){1,7}[0-9a-f]{1,4})\\]$"
|
|
set referrer disable
|
|
set case-sensitivity disable
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
end
|
|
config firewall proxy-addrgrp
|
|
end
|
|
config web-proxy profile
|
|
end
|
|
config web-proxy global
|
|
set ssl-cert "Fortinet_Factory"
|
|
set ssl-ca-cert "Fortinet_CA_SSL"
|
|
set fast-policy-match enable
|
|
set ldap-user-cache disable
|
|
set proxy-fqdn "default.fqdn"
|
|
set max-request-length 8
|
|
set max-message-length 32
|
|
set strict-web-check disable
|
|
set forward-proxy-auth disable
|
|
set forward-server-affinity-timeout 30
|
|
set max-waf-body-cache-length 1
|
|
set webproxy-profile ''
|
|
set learn-client-ip disable
|
|
set policy-category-deep-inspect enable
|
|
set log-policy-pending disable
|
|
set log-forward-server disable
|
|
set log-app-id disable
|
|
set proxy-transparent-cert-inspection disable
|
|
set request-obs-fold keep
|
|
end
|
|
config web-proxy explicit
|
|
set status disable
|
|
set secure-web-proxy disable
|
|
set http-connection-mode static
|
|
set ipv6-status disable
|
|
set strict-guest disable
|
|
set https-replacement-message enable
|
|
set ssl-algorithm low
|
|
end
|
|
config web-proxy forward-server
|
|
end
|
|
config web-proxy forward-server-group
|
|
end
|
|
config web-proxy debug-url
|
|
end
|
|
config web-proxy wisp
|
|
end
|
|
config wanopt webcache
|
|
set max-object-size 512000
|
|
set neg-resp-time 0
|
|
set fresh-factor 100
|
|
set max-ttl 7200
|
|
set min-ttl 5
|
|
set default-ttl 1440
|
|
set ignore-ims disable
|
|
set ignore-conditional disable
|
|
set ignore-pnc disable
|
|
set ignore-ie-reload enable
|
|
set cache-expired disable
|
|
set cache-cookie disable
|
|
set reval-pnc disable
|
|
set always-revalidate disable
|
|
set cache-by-default disable
|
|
set host-validate disable
|
|
set external disable
|
|
end
|
|
config ftp-proxy explicit
|
|
set status disable
|
|
set ssl disable
|
|
end
|
|
config web-proxy fast-fallback
|
|
end
|
|
config web-proxy url-match
|
|
end
|
|
config application custom
|
|
end
|
|
config application list
|
|
edit "g-default"
|
|
set comment "Monitor all applications."
|
|
set replacemsg-group ''
|
|
set extended-log disable
|
|
set other-application-action pass
|
|
set app-replacemsg enable
|
|
set other-application-log disable
|
|
set enforce-default-app-port disable
|
|
set force-inclusion-ssl-di-sigs disable
|
|
set unknown-application-action pass
|
|
set unknown-application-log disable
|
|
unset p2p-block-list
|
|
set deep-app-inspection enable
|
|
set options allow-dns
|
|
config entries
|
|
edit 1
|
|
set protocols all
|
|
set vendor all
|
|
set technology all
|
|
set behavior all
|
|
set popularity 1 2 3 4 5
|
|
set action pass
|
|
set log enable
|
|
set log-packet disable
|
|
set session-ttl 0
|
|
set shaper ''
|
|
set shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set quarantine none
|
|
next
|
|
end
|
|
set control-default-network-services disable
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "Monitor all applications."
|
|
set replacemsg-group ''
|
|
set extended-log disable
|
|
set other-application-action pass
|
|
set app-replacemsg enable
|
|
set other-application-log disable
|
|
set enforce-default-app-port disable
|
|
set force-inclusion-ssl-di-sigs disable
|
|
set unknown-application-action pass
|
|
set unknown-application-log disable
|
|
unset p2p-block-list
|
|
set deep-app-inspection enable
|
|
unset options
|
|
config entries
|
|
edit 1
|
|
set protocols all
|
|
set vendor all
|
|
set technology all
|
|
set behavior all
|
|
set popularity 1 2 3 4 5
|
|
set action pass
|
|
set log enable
|
|
set log-packet disable
|
|
set session-ttl 0
|
|
set shaper ''
|
|
set shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set quarantine none
|
|
next
|
|
end
|
|
set control-default-network-services disable
|
|
next
|
|
edit "g-wifi-default"
|
|
set comment "Default configuration for offloading WiFi traffic."
|
|
set replacemsg-group ''
|
|
set extended-log disable
|
|
set other-application-action pass
|
|
set app-replacemsg enable
|
|
set other-application-log disable
|
|
set enforce-default-app-port disable
|
|
set force-inclusion-ssl-di-sigs disable
|
|
set unknown-application-action pass
|
|
set unknown-application-log disable
|
|
unset p2p-block-list
|
|
set deep-app-inspection disable
|
|
set options allow-dns
|
|
config entries
|
|
edit 1
|
|
set protocols all
|
|
set vendor all
|
|
set technology all
|
|
set behavior all
|
|
set popularity 1 2 3 4 5
|
|
set action pass
|
|
set log disable
|
|
set log-packet disable
|
|
set session-ttl 0
|
|
set shaper ''
|
|
set shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set quarantine none
|
|
next
|
|
end
|
|
set control-default-network-services disable
|
|
next
|
|
edit "block-high-risk"
|
|
set comment ''
|
|
set replacemsg-group ''
|
|
set extended-log disable
|
|
set other-application-action pass
|
|
set app-replacemsg enable
|
|
set other-application-log disable
|
|
set enforce-default-app-port disable
|
|
set force-inclusion-ssl-di-sigs disable
|
|
set unknown-application-action pass
|
|
set unknown-application-log disable
|
|
unset p2p-block-list
|
|
set deep-app-inspection enable
|
|
set options allow-dns
|
|
config entries
|
|
edit 1
|
|
set category 2 6
|
|
set protocols all
|
|
set vendor all
|
|
set technology all
|
|
set behavior all
|
|
set popularity 1 2 3 4 5
|
|
set action block
|
|
set log enable
|
|
set log-packet disable
|
|
set session-ttl 0
|
|
set quarantine none
|
|
next
|
|
edit 2
|
|
set protocols all
|
|
set vendor all
|
|
set technology all
|
|
set behavior all
|
|
set popularity 1 2 3 4 5
|
|
set action pass
|
|
set log enable
|
|
set log-packet disable
|
|
set session-ttl 0
|
|
set shaper ''
|
|
set shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set quarantine none
|
|
next
|
|
end
|
|
set control-default-network-services disable
|
|
next
|
|
end
|
|
config application group
|
|
end
|
|
config dlp data-type
|
|
edit "g-credit-card"
|
|
set pattern "\\b([2-6]{1}\\d{3})[- ]?(\\d{4})[- ]?(\\d{2})[- ]?(\\d{2})[- ]?(\\d{2,4})\\b"
|
|
set verify "builtin)credit-card"
|
|
set verify2 ''
|
|
set match-around ''
|
|
set look-back 20
|
|
set look-ahead 1
|
|
set transform "\\b\\1[- ]?\\2[- ]?\\3[- ]?\\4[- ]?\\5\\b"
|
|
set verify-transformed-pattern disable
|
|
set comment ''
|
|
next
|
|
edit "g-edm-keyword"
|
|
set pattern ".+"
|
|
set verify ''
|
|
set match-around ''
|
|
set transform "/\\b\\0\\b/i"
|
|
set comment ''
|
|
next
|
|
edit "g-hex"
|
|
set pattern "built-in"
|
|
set verify ''
|
|
set match-around ''
|
|
set transform ''
|
|
set comment ''
|
|
next
|
|
edit "g-keyword"
|
|
set pattern "built-in"
|
|
set verify ''
|
|
set match-around ''
|
|
set transform ''
|
|
set comment ''
|
|
next
|
|
edit "g-mip-label"
|
|
set pattern "^[[:xdigit:]]{8}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{12}$"
|
|
set verify ''
|
|
set match-around ''
|
|
set transform "built-in"
|
|
set comment ''
|
|
next
|
|
edit "g-regex"
|
|
set pattern "built-in"
|
|
set verify ''
|
|
set match-around ''
|
|
set transform ''
|
|
set comment ''
|
|
next
|
|
edit "g-ssn-us"
|
|
set pattern "\\b(\\d{3})-(\\d{2})-(\\d{4})\\b"
|
|
set verify "(?<!-)\\b(?!666|000|9\\d{2})\\d{3}-(?!00)\\d{2}-(?!0{4})\\d{4}\\b(?!-)"
|
|
set verify2 ''
|
|
set match-around ''
|
|
set look-back 12
|
|
set look-ahead 1
|
|
set transform "\\b\\1-\\2-\\3\\b"
|
|
set verify-transformed-pattern disable
|
|
set comment ''
|
|
next
|
|
end
|
|
config dlp dictionary
|
|
edit "SSN-Sensor-r1d"
|
|
set uuid 364447d0-c0f6-51f0-7a3c-a8d706c06466
|
|
set match-type match-any
|
|
set match-around disable
|
|
set comment ''
|
|
config entries
|
|
edit 1
|
|
set type "g-regex"
|
|
set pattern "WebEx"
|
|
set repeat disable
|
|
set status enable
|
|
set comment ''
|
|
next
|
|
end
|
|
next
|
|
edit "def-cc-dict"
|
|
set uuid 3644311e-c0f6-51f0-1961-ec115833f88a
|
|
set match-type match-any
|
|
set match-around disable
|
|
set comment ''
|
|
config entries
|
|
edit 1
|
|
set type "g-credit-card"
|
|
set pattern ''
|
|
set repeat disable
|
|
set status enable
|
|
set comment ''
|
|
next
|
|
end
|
|
next
|
|
edit "def-ssn-dict"
|
|
set uuid 36446d96-c0f6-51f0-c0c9-571786b51558
|
|
set match-type match-any
|
|
set match-around disable
|
|
set comment ''
|
|
config entries
|
|
edit 1
|
|
set type "g-ssn-us"
|
|
set pattern ''
|
|
set repeat disable
|
|
set status enable
|
|
set comment ''
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config dlp exact-data-match
|
|
end
|
|
config dlp sensor
|
|
edit "SSN-Sensor-r1s"
|
|
set match-type match-any
|
|
set comment ''
|
|
config entries
|
|
edit 1
|
|
set dictionary "SSN-Sensor-r1d"
|
|
set count 1
|
|
set status enable
|
|
next
|
|
end
|
|
next
|
|
edit "def-cc-sensor"
|
|
set match-type match-any
|
|
set comment ''
|
|
config entries
|
|
edit 1
|
|
set dictionary "def-cc-dict"
|
|
set count 1
|
|
set status enable
|
|
next
|
|
end
|
|
next
|
|
edit "def-ssn-sensor"
|
|
set match-type match-any
|
|
set comment ''
|
|
config entries
|
|
edit 1
|
|
set dictionary "def-ssn-dict"
|
|
set count 1
|
|
set status enable
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config dlp filepattern
|
|
edit 1
|
|
set name "builtin-patterns"
|
|
set comment ''
|
|
config entries
|
|
edit "*.bat"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.com"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.dll"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.doc"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.exe"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.gz"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.hta"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.ppt"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.rar"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.scr"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.tar"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.tgz"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.vb?"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.wps"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.xl?"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.zip"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.pif"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.cpl"
|
|
set filter-type pattern
|
|
next
|
|
end
|
|
next
|
|
edit 2
|
|
set name "all_executables"
|
|
set comment ''
|
|
config entries
|
|
edit "bat"
|
|
set filter-type type
|
|
set file-type bat
|
|
next
|
|
edit "exe"
|
|
set filter-type type
|
|
set file-type exe
|
|
next
|
|
edit "elf"
|
|
set filter-type type
|
|
set file-type elf
|
|
next
|
|
edit "hta"
|
|
set filter-type type
|
|
set file-type hta
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config dlp sensitivity
|
|
edit "Private"
|
|
next
|
|
edit "Critical"
|
|
next
|
|
edit "Warning"
|
|
next
|
|
end
|
|
config dlp fp-doc-source
|
|
end
|
|
config dlp profile
|
|
edit "g-default"
|
|
set comment "Default profile."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
set dlp-log enable
|
|
set extended-log disable
|
|
set nac-quar-log disable
|
|
unset full-archive-proto
|
|
unset summary-proto
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "Log a summary of email and web traffic."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
set dlp-log enable
|
|
set extended-log disable
|
|
set nac-quar-log disable
|
|
unset full-archive-proto
|
|
set summary-proto smtp pop3 imap http-get http-post
|
|
next
|
|
edit "Content_Archive"
|
|
set comment ''
|
|
set feature-set proxy
|
|
set replacemsg-group ''
|
|
set dlp-log enable
|
|
set extended-log disable
|
|
set nac-quar-log disable
|
|
set full-archive-proto smtp pop3 imap http-get http-post ftp nntp mapi
|
|
set summary-proto smtp pop3 imap http-get http-post ftp nntp mapi
|
|
next
|
|
edit "Content_Summary"
|
|
set comment ''
|
|
set feature-set proxy
|
|
set replacemsg-group ''
|
|
set dlp-log enable
|
|
set extended-log disable
|
|
set nac-quar-log disable
|
|
unset full-archive-proto
|
|
set summary-proto smtp pop3 imap http-get http-post ftp nntp mapi
|
|
next
|
|
edit "Credit-Card"
|
|
set comment ''
|
|
set feature-set proxy
|
|
set replacemsg-group ''
|
|
config rule
|
|
edit 1
|
|
set name "Credit-Card-Filter"
|
|
set severity high
|
|
set type file
|
|
set proto smtp pop3 imap http-get http-post mapi
|
|
set filter-by sensor
|
|
set file-size 0
|
|
unset file-type
|
|
set sensor "def-cc-sensor"
|
|
set archive disable
|
|
set action log-only
|
|
next
|
|
edit 2
|
|
set name "Credit-Card-Filter"
|
|
set severity high
|
|
set type message
|
|
set proto smtp pop3 imap http-post mapi
|
|
set filter-by sensor
|
|
set sensor "def-cc-sensor"
|
|
set archive disable
|
|
set action log-only
|
|
next
|
|
end
|
|
set dlp-log enable
|
|
set extended-log disable
|
|
set nac-quar-log disable
|
|
unset full-archive-proto
|
|
unset summary-proto
|
|
next
|
|
edit "Large-File"
|
|
set comment ''
|
|
set feature-set proxy
|
|
set replacemsg-group ''
|
|
config rule
|
|
edit 1
|
|
set name "Large-File-Filter"
|
|
set severity medium
|
|
set type file
|
|
set proto smtp pop3 imap http-get http-post mapi
|
|
set filter-by none
|
|
set file-size 5120
|
|
unset file-type
|
|
set archive disable
|
|
set action log-only
|
|
next
|
|
end
|
|
set dlp-log enable
|
|
set extended-log disable
|
|
set nac-quar-log disable
|
|
unset full-archive-proto
|
|
unset summary-proto
|
|
next
|
|
edit "SSN-Sensor"
|
|
set comment "Match SSN numbers but NOT WebEx invite emails."
|
|
set feature-set proxy
|
|
set replacemsg-group ''
|
|
config rule
|
|
edit 1
|
|
set name "SSN-Sensor-Filter"
|
|
set severity high
|
|
set type message
|
|
set proto smtp pop3 imap mapi
|
|
set filter-by sensor
|
|
set sensor "SSN-Sensor-r1s"
|
|
set archive disable
|
|
set action allow
|
|
next
|
|
edit 2
|
|
set name "SSN-Sensor-Filter"
|
|
set severity high
|
|
set type message
|
|
set proto smtp pop3 imap mapi
|
|
set filter-by sensor
|
|
set sensor "def-ssn-sensor"
|
|
set archive disable
|
|
set action log-only
|
|
next
|
|
edit 3
|
|
set name "SSN-Sensor-Filter"
|
|
set severity high
|
|
set type file
|
|
set proto smtp pop3 imap http-get http-post ftp mapi
|
|
set filter-by sensor
|
|
set file-size 0
|
|
unset file-type
|
|
set sensor "def-ssn-sensor"
|
|
set archive disable
|
|
set action log-only
|
|
next
|
|
end
|
|
set dlp-log enable
|
|
set extended-log disable
|
|
set nac-quar-log disable
|
|
unset full-archive-proto
|
|
unset summary-proto
|
|
next
|
|
end
|
|
config webfilter content
|
|
end
|
|
config webfilter content-header
|
|
end
|
|
config webfilter urlfilter
|
|
end
|
|
config videofilter youtube-key
|
|
end
|
|
config videofilter keyword
|
|
end
|
|
config videofilter profile
|
|
end
|
|
config webfilter ips-urlfilter-setting
|
|
set device ''
|
|
set distance 1
|
|
set gateway 0.0.0.0
|
|
set geo-filter ''
|
|
end
|
|
config webfilter ips-urlfilter-setting6
|
|
set device ''
|
|
set distance 1
|
|
set gateway6 ::
|
|
set geo-filter ''
|
|
end
|
|
config emailfilter bword
|
|
end
|
|
config emailfilter block-allow-list
|
|
end
|
|
config emailfilter mheader
|
|
end
|
|
config emailfilter dnsbl
|
|
end
|
|
config emailfilter iptrust
|
|
end
|
|
config log threat-weight
|
|
set status enable
|
|
config level
|
|
set low 5
|
|
set medium 10
|
|
set high 30
|
|
set critical 50
|
|
end
|
|
set blocked-connection high
|
|
set failed-connection low
|
|
set url-block-detected high
|
|
set botnet-connection-detected critical
|
|
config malware
|
|
set virus-infected critical
|
|
set inline-block critical
|
|
set file-blocked low
|
|
set command-blocked disable
|
|
set oversized disable
|
|
set virus-scan-error high
|
|
set switch-proto disable
|
|
set mimefragmented disable
|
|
set virus-file-type-executable medium
|
|
set virus-outbreak-prevention critical
|
|
set content-disarm medium
|
|
set malware-list medium
|
|
set ems-threat-feed medium
|
|
set fsa-malicious critical
|
|
set fsa-high-risk high
|
|
set fsa-medium-risk medium
|
|
end
|
|
config ips
|
|
set info-severity disable
|
|
set low-severity low
|
|
set medium-severity medium
|
|
set high-severity high
|
|
set critical-severity critical
|
|
end
|
|
config web
|
|
edit 1
|
|
set category 26
|
|
set level high
|
|
next
|
|
edit 2
|
|
set category 61
|
|
set level high
|
|
next
|
|
edit 3
|
|
set category 86
|
|
set level high
|
|
next
|
|
edit 4
|
|
set category 1
|
|
set level medium
|
|
next
|
|
edit 5
|
|
set category 3
|
|
set level medium
|
|
next
|
|
edit 6
|
|
set category 4
|
|
set level medium
|
|
next
|
|
edit 7
|
|
set category 5
|
|
set level medium
|
|
next
|
|
edit 8
|
|
set category 6
|
|
set level medium
|
|
next
|
|
edit 9
|
|
set category 12
|
|
set level medium
|
|
next
|
|
edit 10
|
|
set category 59
|
|
set level medium
|
|
next
|
|
edit 11
|
|
set category 62
|
|
set level medium
|
|
next
|
|
edit 12
|
|
set category 83
|
|
set level medium
|
|
next
|
|
edit 13
|
|
set category 72
|
|
set level low
|
|
next
|
|
edit 14
|
|
set category 14
|
|
set level low
|
|
next
|
|
edit 15
|
|
set category 96
|
|
set level medium
|
|
next
|
|
end
|
|
config application
|
|
edit 1
|
|
set category 2
|
|
set level low
|
|
next
|
|
edit 2
|
|
set category 6
|
|
set level medium
|
|
next
|
|
end
|
|
end
|
|
config icap server
|
|
end
|
|
config icap server-group
|
|
end
|
|
config icap profile
|
|
edit "default"
|
|
set replacemsg-group ''
|
|
set comment ''
|
|
set request disable
|
|
set response disable
|
|
unset file-transfer
|
|
set streaming-content-bypass disable
|
|
set 204-response disable
|
|
set preview disable
|
|
set methods delete get head options post put trace connect other
|
|
set icap-block-log disable
|
|
set chunk-encap disable
|
|
unset extension-feature
|
|
set timeout 30
|
|
config icap-headers
|
|
edit 1
|
|
set name "X-Authenticated-User"
|
|
set content "$user"
|
|
set base64-encoding disable
|
|
next
|
|
edit 2
|
|
set name "X-Authenticated-Groups"
|
|
set content "$local_grp"
|
|
set base64-encoding disable
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config system network-visibility
|
|
set destination-visibility enable
|
|
set source-location enable
|
|
set destination-hostname-visibility enable
|
|
set hostname-ttl 86400
|
|
set hostname-limit 5000
|
|
set destination-location enable
|
|
end
|
|
config user peer
|
|
end
|
|
config user peergrp
|
|
end
|
|
config vpn qkd
|
|
end
|
|
config user certificate
|
|
end
|
|
config user radius
|
|
end
|
|
config user tacacs+
|
|
end
|
|
config user exchange
|
|
end
|
|
config user ldap
|
|
end
|
|
config user krb-keytab
|
|
end
|
|
config user domain-controller
|
|
end
|
|
config user pop3
|
|
end
|
|
config user saml
|
|
end
|
|
config user external-identity-provider
|
|
end
|
|
config user fsso
|
|
end
|
|
config user adgrp
|
|
end
|
|
config user fsso-polling
|
|
end
|
|
config user fortitoken
|
|
edit "FTKMOB2134C905F9"
|
|
set status active
|
|
set comments ''
|
|
set license "FTMTRIAL03307A6F"
|
|
set activation-code ''
|
|
set activation-expire 0
|
|
set reg-id ''
|
|
set os-ver ''
|
|
next
|
|
edit "FTKMOB21BF31F838"
|
|
set status active
|
|
set comments ''
|
|
set license "FTMTRIAL03307A6F"
|
|
set activation-code ''
|
|
set activation-expire 0
|
|
set reg-id ''
|
|
set os-ver ''
|
|
next
|
|
end
|
|
config user password-policy
|
|
end
|
|
config user local
|
|
edit "guest"
|
|
set status enable
|
|
set type password
|
|
set two-factor disable
|
|
set email-to ''
|
|
set sms-server fortiguard
|
|
set sms-phone ''
|
|
set passwd-policy ''
|
|
set passwd-time 0000-00-00 00:00:00
|
|
set authtimeout 0
|
|
set auth-concurrent-override disable
|
|
set ppk-secret ENC bzHiCcpXjbsuaj/VlNMI/0un9CoVgUImVMi2lIUI2kugAOUlJoban40bpexHUXiCVx+YYdc5SfewLrpHamKmy1DlxmBuNZb26ujxkP8p8QN2zOJbNsvMND8UpWKoUsCfStGP+TW8X6RWyQu2vjjp9N1S+PVeaF69MoN8cUXri5UMJRiybrwO2KaAr4IyTsQp7dNwGVlmMjY3dkVA
|
|
set ppk-identity ''
|
|
set qkd-profile ''
|
|
set passwd ENC bMw3Sqkfyq5Bs9bjil+6wq12DwcuoWYgX01OdLNnfgyzW4MyAQVDjhq/Iuvs+68QeDDpGxN4PEs0+495FRKn4nU5F5y0OJTOT3pOcpYgGrbHe1UN5/C4G9FGVRtLy2MlqdUwu7QSCRwyEhOSFRbe6sGeSqQRmvyuU4IoNBvdlCKDZ7Zn9geoK/FxLpKfxRPfgFMgsVlmMjY3dkVA
|
|
next
|
|
end
|
|
config user setting
|
|
set auth-type http https ftp telnet
|
|
set auth-cert "Fortinet_Factory"
|
|
set auth-ca-cert ''
|
|
set auth-secure-http disable
|
|
set auth-http-basic disable
|
|
set auth-ssl-allow-renegotiation disable
|
|
set auth-src-mac enable
|
|
set auth-on-demand implicitly
|
|
set auth-timeout 5
|
|
set auth-timeout-type idle-timeout
|
|
set auth-portal-timeout 3
|
|
set radius-ses-timeout-act hard-timeout
|
|
set auth-blackout-time 0
|
|
set auth-invalid-max 5
|
|
set auth-lockout-threshold 3
|
|
set auth-lockout-duration 0
|
|
set per-policy-disclaimer disable
|
|
set auth-ssl-min-proto-version default
|
|
unset auth-ssl-max-proto-version
|
|
set auth-ssl-sigalgs all
|
|
set default-user-password-policy ''
|
|
end
|
|
config user quarantine
|
|
set quarantine enable
|
|
set traffic-policy ''
|
|
set firewall-groups ''
|
|
end
|
|
config user group
|
|
edit "SSO_Guest_Users"
|
|
set authtimeout 0
|
|
set http-digest-realm ''
|
|
next
|
|
edit "Guest-group"
|
|
set group-type firewall
|
|
set authtimeout 0
|
|
set auth-concurrent-override disable
|
|
set http-digest-realm ''
|
|
set member "guest"
|
|
next
|
|
end
|
|
config user security-exempt-list
|
|
end
|
|
config vpn ssl web realm
|
|
end
|
|
config vpn ssl web host-check-software
|
|
edit "FortiClient-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "1A0271D5-3D4F-46DB-0C2C-AB37BA90D9F7"
|
|
next
|
|
edit "FortiClient-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
|
|
next
|
|
edit "FortiClient-AV-Vista"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
|
|
next
|
|
edit "FortiClient-FW-Vista"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
|
|
next
|
|
edit "FortiClient5-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "5EEDDB8C-C27A-6714-3657-DBD811D1F1B7"
|
|
next
|
|
edit "AVG-Internet-Security-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
|
|
next
|
|
edit "AVG-Internet-Security-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "8DECF618-9569-4340-B34A-D78D28969B66"
|
|
next
|
|
edit "AVG-Internet-Security-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
|
|
next
|
|
edit "AVG-Internet-Security-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
|
|
next
|
|
edit "CA-Anti-Virus"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
|
|
next
|
|
edit "CA-Internet-Security-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
|
|
next
|
|
edit "CA-Internet-Security-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
|
|
next
|
|
edit "CA-Internet-Security-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
|
|
next
|
|
edit "CA-Internet-Security-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
|
|
next
|
|
edit "CA-Personal-Firewall"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
|
|
next
|
|
edit "F-Secure-Internet-Security-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
|
|
next
|
|
edit "F-Secure-Internet-Security-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "D4747503-0346-49EB-9262-997542F79BF4"
|
|
next
|
|
edit "F-Secure-Internet-Security-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "15414183-282E-D62C-CA37-EF24860A2F17"
|
|
next
|
|
edit "F-Secure-Internet-Security-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
|
|
next
|
|
edit "Kaspersky-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
|
|
next
|
|
edit "Kaspersky-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
|
|
next
|
|
edit "Kaspersky-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
|
|
next
|
|
edit "Kaspersky-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
|
|
next
|
|
edit "McAfee-Internet-Security-Suite-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
|
|
next
|
|
edit "McAfee-Internet-Security-Suite-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
|
|
next
|
|
edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
|
|
next
|
|
edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
|
|
next
|
|
edit "McAfee-Virus-Scan-Enterprise"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
|
|
next
|
|
edit "Norton-360-2.0-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
|
|
next
|
|
edit "Norton-360-2.0-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
|
|
next
|
|
edit "Norton-360-3.0-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
|
|
next
|
|
edit "Norton-360-3.0-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
|
|
next
|
|
edit "Norton-Internet-Security-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
|
|
next
|
|
edit "Norton-Internet-Security-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
|
|
next
|
|
edit "Norton-Internet-Security-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
|
|
next
|
|
edit "Norton-Internet-Security-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
|
|
next
|
|
edit "Symantec-Endpoint-Protection-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
|
|
next
|
|
edit "Symantec-Endpoint-Protection-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
|
|
next
|
|
edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
|
|
next
|
|
edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
|
|
next
|
|
edit "Panda-Antivirus+Firewall-2008-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
|
|
next
|
|
edit "Panda-Antivirus+Firewall-2008-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
|
|
next
|
|
edit "Panda-Internet-Security-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
|
|
next
|
|
edit "Panda-Internet-Security-2006~2007-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
|
|
next
|
|
edit "Panda-Internet-Security-2008~2009-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
|
|
next
|
|
edit "Sophos-Anti-Virus"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
|
|
next
|
|
edit "Sophos-Enpoint-Secuirty-and-Control-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
|
|
next
|
|
edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
|
|
next
|
|
edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
|
|
next
|
|
edit "Trend-Micro-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
|
|
next
|
|
edit "Trend-Micro-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
|
|
next
|
|
edit "Trend-Micro-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
|
|
next
|
|
edit "Trend-Micro-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
|
|
next
|
|
edit "ZoneAlarm-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
|
|
next
|
|
edit "ZoneAlarm-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
|
|
next
|
|
edit "ZoneAlarm-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
|
|
next
|
|
edit "ZoneAlarm-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
|
|
next
|
|
edit "ESET-Smart-Security-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
|
|
next
|
|
edit "ESET-Smart-Security-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
|
|
next
|
|
end
|
|
config vpn ssl web portal
|
|
edit "full-access"
|
|
set tunnel-mode enable
|
|
set ipv6-tunnel-mode enable
|
|
set web-mode enable
|
|
set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
|
|
set limit-user-logins disable
|
|
set forticlient-download enable
|
|
set ip-mode range
|
|
set auto-connect disable
|
|
set keep-alive disable
|
|
set save-password disable
|
|
set ip-pools "SSLVPN_TUNNEL_ADDR1"
|
|
set split-tunneling enable
|
|
set split-tunneling-routing-negate disable
|
|
set dns-server1 0.0.0.0
|
|
set dns-server2 0.0.0.0
|
|
set dns-suffix ''
|
|
set wins-server1 0.0.0.0
|
|
set wins-server2 0.0.0.0
|
|
set dhcp-ra-giaddr 0.0.0.0
|
|
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
|
|
set ipv6-split-tunneling enable
|
|
set ipv6-split-tunneling-routing-negate disable
|
|
set ipv6-dns-server1 ::
|
|
set ipv6-dns-server2 ::
|
|
set ipv6-wins-server1 ::
|
|
set ipv6-wins-server2 ::
|
|
set dhcp6-ra-linkaddr ::
|
|
set client-src-range disable
|
|
set landing-page-mode disable
|
|
set display-bookmark enable
|
|
set user-bookmark enable
|
|
set default-protocol web
|
|
set user-group-bookmark enable
|
|
set display-connection-tools enable
|
|
set display-history enable
|
|
set focus-bookmark disable
|
|
set display-status enable
|
|
set rewrite-ip-uri-ui disable
|
|
set heading "SSL-VPN Portal"
|
|
set redir-url ''
|
|
set theme security-fabric
|
|
set smb-ntlmv1-auth disable
|
|
set smb-min-version smbv2
|
|
set smb-max-version smbv3
|
|
set use-sdwan disable
|
|
set clipboard enable
|
|
set default-window-width 1024
|
|
set default-window-height 768
|
|
set host-check none
|
|
set mac-addr-check disable
|
|
set os-check disable
|
|
set forticlient-download-method direct
|
|
set customize-forticlient-download-url disable
|
|
set hide-sso-credential enable
|
|
next
|
|
edit "web-access"
|
|
set tunnel-mode disable
|
|
set ipv6-tunnel-mode disable
|
|
set web-mode enable
|
|
set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
|
|
set limit-user-logins disable
|
|
set forticlient-download enable
|
|
set dns-suffix ''
|
|
set landing-page-mode disable
|
|
set display-bookmark enable
|
|
set user-bookmark enable
|
|
set default-protocol web
|
|
set user-group-bookmark enable
|
|
set display-connection-tools enable
|
|
set display-history enable
|
|
set focus-bookmark disable
|
|
set display-status enable
|
|
set rewrite-ip-uri-ui disable
|
|
set heading "SSL-VPN Portal"
|
|
set redir-url ''
|
|
set theme security-fabric
|
|
set smb-ntlmv1-auth disable
|
|
set smb-min-version smbv2
|
|
set smb-max-version smbv3
|
|
set use-sdwan disable
|
|
set clipboard enable
|
|
set default-window-width 1024
|
|
set default-window-height 768
|
|
set forticlient-download-method direct
|
|
set customize-forticlient-download-url disable
|
|
set hide-sso-credential enable
|
|
next
|
|
edit "tunnel-access"
|
|
set tunnel-mode enable
|
|
set ipv6-tunnel-mode enable
|
|
set web-mode disable
|
|
set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
|
|
set limit-user-logins disable
|
|
set forticlient-download enable
|
|
set ip-mode range
|
|
set auto-connect disable
|
|
set keep-alive disable
|
|
set save-password disable
|
|
set ip-pools "SSLVPN_TUNNEL_ADDR1"
|
|
set split-tunneling enable
|
|
set split-tunneling-routing-negate disable
|
|
set dns-server1 0.0.0.0
|
|
set dns-server2 0.0.0.0
|
|
set dns-suffix ''
|
|
set wins-server1 0.0.0.0
|
|
set wins-server2 0.0.0.0
|
|
set dhcp-ra-giaddr 0.0.0.0
|
|
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
|
|
set ipv6-split-tunneling enable
|
|
set ipv6-split-tunneling-routing-negate disable
|
|
set ipv6-dns-server1 ::
|
|
set ipv6-dns-server2 ::
|
|
set ipv6-wins-server1 ::
|
|
set ipv6-wins-server2 ::
|
|
set dhcp6-ra-linkaddr ::
|
|
set client-src-range disable
|
|
set host-check none
|
|
set mac-addr-check disable
|
|
set os-check disable
|
|
set forticlient-download-method direct
|
|
set customize-forticlient-download-url disable
|
|
next
|
|
end
|
|
config vpn ssl settings
|
|
set status enable
|
|
set reqclientcert disable
|
|
set ssl-max-proto-ver tls1-3
|
|
set ssl-min-proto-ver tls1-2
|
|
set banned-cipher SHA1 SHA256 SHA384
|
|
set ciphersuite TLS-AES-128-GCM-SHA256 TLS-AES-256-GCM-SHA384 TLS-CHACHA20-POLY1305-SHA256
|
|
set ssl-insert-empty-fragment enable
|
|
set https-redirect disable
|
|
set x-content-type-options enable
|
|
set ssl-client-renegotiation disable
|
|
set force-two-factor-auth disable
|
|
set servercert "Fortinet_Factory"
|
|
set algorithm high
|
|
set idle-timeout 300
|
|
set auth-timeout 28800
|
|
set login-attempt-limit 2
|
|
set login-block-time 60
|
|
set login-timeout 30
|
|
set dns-suffix ''
|
|
set dns-server1 0.0.0.0
|
|
set dns-server2 0.0.0.0
|
|
set wins-server1 0.0.0.0
|
|
set wins-server2 0.0.0.0
|
|
set ipv6-dns-server1 ::
|
|
set ipv6-dns-server2 ::
|
|
set ipv6-wins-server1 ::
|
|
set ipv6-wins-server2 ::
|
|
set url-obscuration disable
|
|
set http-compression disable
|
|
set http-only-cookie enable
|
|
set port 443
|
|
set port-precedence enable
|
|
set auto-tunnel-static-route enable
|
|
set header-x-forwarded-for add
|
|
set browser-language-detection enable
|
|
set dtls-tunnel enable
|
|
set check-referer disable
|
|
set http-request-header-timeout 20
|
|
set http-request-body-timeout 30
|
|
set auth-session-check-source-ip enable
|
|
set tunnel-connect-without-reauth disable
|
|
set hsts-include-subdomains disable
|
|
set transform-backward-slashes disable
|
|
set encode-2f-sequence disable
|
|
set encrypt-and-store-password disable
|
|
set client-sigalgs all
|
|
set dual-stack-mode disable
|
|
set tunnel-addr-assigned-method first-available
|
|
set saml-redirect-port 8020
|
|
set ztna-trusted-client disable
|
|
set server-hostname ''
|
|
set dtls-hello-timeout 10
|
|
set dtls-heartbeat-idle-timeout 3
|
|
set dtls-heartbeat-interval 3
|
|
set dtls-heartbeat-fail-count 3
|
|
set dtls-max-proto-ver dtls1-2
|
|
set dtls-min-proto-ver dtls1-0
|
|
end
|
|
config vpn ssl web user-group-bookmark
|
|
end
|
|
config vpn ssl web user-bookmark
|
|
end
|
|
config vpn ssl client
|
|
end
|
|
config voip profile
|
|
edit "default"
|
|
set comment "Default VoIP profile."
|
|
config sip
|
|
set status enable
|
|
set rtp enable
|
|
set nat-port-range 5117-65533
|
|
set open-register-pinhole enable
|
|
set open-contact-pinhole enable
|
|
set strict-register enable
|
|
set register-rate 0
|
|
set invite-rate 0
|
|
set max-dialogs 0
|
|
set max-line-length 998
|
|
set block-long-lines enable
|
|
set block-unknown enable
|
|
set call-keepalive 0
|
|
set block-ack disable
|
|
set block-bye disable
|
|
set block-cancel disable
|
|
set block-info disable
|
|
set block-invite disable
|
|
set block-message disable
|
|
set block-notify disable
|
|
set block-options disable
|
|
set block-prack disable
|
|
set block-publish disable
|
|
set block-refer disable
|
|
set block-register disable
|
|
set block-subscribe disable
|
|
set block-update disable
|
|
set register-contact-trace disable
|
|
set open-via-pinhole disable
|
|
set open-record-route-pinhole enable
|
|
set rfc2543-branch disable
|
|
set log-violations disable
|
|
set log-call-summary enable
|
|
set nat-trace enable
|
|
set subscribe-rate 0
|
|
set message-rate 0
|
|
set notify-rate 0
|
|
set refer-rate 0
|
|
set update-rate 0
|
|
set options-rate 0
|
|
set ack-rate 0
|
|
set prack-rate 0
|
|
set info-rate 0
|
|
set publish-rate 0
|
|
set bye-rate 0
|
|
set cancel-rate 0
|
|
set preserve-override disable
|
|
set no-sdp-fixup disable
|
|
set contact-fixup enable
|
|
set max-idle-dialogs 0
|
|
set block-geo-red-options disable
|
|
set hosted-nat-traversal disable
|
|
set hnt-restrict-source-ip disable
|
|
set max-body-length 0
|
|
set unknown-header pass
|
|
set malformed-request-line pass
|
|
set malformed-header-via pass
|
|
set malformed-header-from pass
|
|
set malformed-header-to pass
|
|
set malformed-header-call-id pass
|
|
set malformed-header-cseq pass
|
|
set malformed-header-rack pass
|
|
set malformed-header-rseq pass
|
|
set malformed-header-contact pass
|
|
set malformed-header-record-route pass
|
|
set malformed-header-route pass
|
|
set malformed-header-expires pass
|
|
set malformed-header-content-type pass
|
|
set malformed-header-content-length pass
|
|
set malformed-header-max-forwards pass
|
|
set malformed-header-allow pass
|
|
set malformed-header-p-asserted-identity pass
|
|
set malformed-header-sdp-v pass
|
|
set malformed-header-sdp-o pass
|
|
set malformed-header-sdp-s pass
|
|
set malformed-header-sdp-i pass
|
|
set malformed-header-sdp-c pass
|
|
set malformed-header-sdp-b pass
|
|
set malformed-header-sdp-z pass
|
|
set malformed-header-sdp-k pass
|
|
set malformed-header-sdp-a pass
|
|
set malformed-header-sdp-t pass
|
|
set malformed-header-sdp-r pass
|
|
set malformed-header-sdp-m pass
|
|
set provisional-invite-expiry-time 210
|
|
set ips-rtp enable
|
|
set ssl-mode off
|
|
end
|
|
config sccp
|
|
set status enable
|
|
set block-mcast disable
|
|
set verify-header disable
|
|
set log-call-summary disable
|
|
set log-violations disable
|
|
set max-calls 0
|
|
end
|
|
next
|
|
edit "strict"
|
|
set feature-set voipd
|
|
set comment ''
|
|
config sip
|
|
set status enable
|
|
set rtp enable
|
|
set nat-port-range 5117-65533
|
|
set open-register-pinhole enable
|
|
set open-contact-pinhole enable
|
|
set strict-register enable
|
|
set register-rate 0
|
|
set invite-rate 0
|
|
set max-dialogs 0
|
|
set max-line-length 998
|
|
set block-long-lines enable
|
|
set block-unknown enable
|
|
set call-keepalive 0
|
|
set block-ack disable
|
|
set block-bye disable
|
|
set block-cancel disable
|
|
set block-info disable
|
|
set block-invite disable
|
|
set block-message disable
|
|
set block-notify disable
|
|
set block-options disable
|
|
set block-prack disable
|
|
set block-publish disable
|
|
set block-refer disable
|
|
set block-register disable
|
|
set block-subscribe disable
|
|
set block-update disable
|
|
set register-contact-trace disable
|
|
set open-via-pinhole disable
|
|
set open-record-route-pinhole enable
|
|
set rfc2543-branch disable
|
|
set log-violations disable
|
|
set log-call-summary enable
|
|
set nat-trace enable
|
|
set subscribe-rate 0
|
|
set message-rate 0
|
|
set notify-rate 0
|
|
set refer-rate 0
|
|
set update-rate 0
|
|
set options-rate 0
|
|
set ack-rate 0
|
|
set prack-rate 0
|
|
set info-rate 0
|
|
set publish-rate 0
|
|
set bye-rate 0
|
|
set cancel-rate 0
|
|
set preserve-override disable
|
|
set no-sdp-fixup disable
|
|
set contact-fixup enable
|
|
set max-idle-dialogs 0
|
|
set block-geo-red-options disable
|
|
set hosted-nat-traversal disable
|
|
set hnt-restrict-source-ip disable
|
|
set max-body-length 0
|
|
set unknown-header pass
|
|
set malformed-request-line discard
|
|
set malformed-header-via discard
|
|
set malformed-header-from discard
|
|
set malformed-header-to discard
|
|
set malformed-header-call-id discard
|
|
set malformed-header-cseq discard
|
|
set malformed-header-rack discard
|
|
set malformed-header-rseq discard
|
|
set malformed-header-contact discard
|
|
set malformed-header-record-route discard
|
|
set malformed-header-route discard
|
|
set malformed-header-expires discard
|
|
set malformed-header-content-type discard
|
|
set malformed-header-content-length discard
|
|
set malformed-header-max-forwards discard
|
|
set malformed-header-allow discard
|
|
set malformed-header-p-asserted-identity discard
|
|
set malformed-header-sdp-v discard
|
|
set malformed-header-sdp-o discard
|
|
set malformed-header-sdp-s discard
|
|
set malformed-header-sdp-i discard
|
|
set malformed-header-sdp-c discard
|
|
set malformed-header-sdp-b discard
|
|
set malformed-header-sdp-z discard
|
|
set malformed-header-sdp-k discard
|
|
set malformed-header-sdp-a discard
|
|
set malformed-header-sdp-t discard
|
|
set malformed-header-sdp-r discard
|
|
set malformed-header-sdp-m discard
|
|
set provisional-invite-expiry-time 210
|
|
set ips-rtp enable
|
|
set ssl-mode off
|
|
end
|
|
config sccp
|
|
set status enable
|
|
set block-mcast disable
|
|
set verify-header disable
|
|
set log-call-summary disable
|
|
set log-violations disable
|
|
set max-calls 0
|
|
end
|
|
next
|
|
end
|
|
config system sdwan
|
|
set status disable
|
|
set load-balance-mode source-ip-based
|
|
set speedtest-bypass-routing disable
|
|
set duplication-max-num 2
|
|
set neighbor-hold-down disable
|
|
set neighbor-hold-down-time 0
|
|
set app-perf-log-period 0
|
|
set neighbor-hold-boot-time 0
|
|
set fail-detect disable
|
|
config zone
|
|
edit "virtual-wan-link"
|
|
set advpn-select disable
|
|
set service-sla-tie-break cfg-order
|
|
set minimum-sla-meet-members 1
|
|
next
|
|
end
|
|
config health-check
|
|
edit "Default_Office_365"
|
|
set probe-packets enable
|
|
set addr-mode ipv4
|
|
set server "www.office.com"
|
|
set detect-mode active
|
|
set protocol https
|
|
set port 0
|
|
set ha-priority 1
|
|
set http-get "/"
|
|
set http-agent "Chrome/ Safari/"
|
|
set http-match ''
|
|
set interval 120000
|
|
set probe-timeout 1000
|
|
set failtime 5
|
|
set recoverytime 10
|
|
set probe-count 30
|
|
set diffservcode 000000
|
|
set update-cascade-interface enable
|
|
set update-static-route enable
|
|
set embed-measured-health disable
|
|
set sla-id-redistribute 0
|
|
set sla-fail-log-period 0
|
|
set sla-pass-log-period 0
|
|
set threshold-warning-packetloss 0
|
|
set threshold-alert-packetloss 0
|
|
set threshold-warning-latency 0
|
|
set threshold-alert-latency 0
|
|
set threshold-warning-jitter 0
|
|
set threshold-alert-jitter 0
|
|
set vrf 0
|
|
set source 0.0.0.0
|
|
set mos-codec g711
|
|
unset class-id
|
|
config sla
|
|
edit 1
|
|
set link-cost-factor latency jitter packet-loss
|
|
set latency-threshold 250
|
|
set jitter-threshold 50
|
|
set packetloss-threshold 5
|
|
set priority-in-sla 0
|
|
set priority-out-sla 0
|
|
next
|
|
end
|
|
next
|
|
edit "Default_Gmail"
|
|
set probe-packets enable
|
|
set addr-mode ipv4
|
|
set server "gmail.com"
|
|
set detect-mode active
|
|
set protocol ping
|
|
set ha-priority 1
|
|
set interval 1000
|
|
set probe-timeout 1000
|
|
set failtime 5
|
|
set recoverytime 10
|
|
set probe-count 30
|
|
set diffservcode 000000
|
|
set update-cascade-interface enable
|
|
set update-static-route enable
|
|
set embed-measured-health disable
|
|
set sla-id-redistribute 0
|
|
set sla-fail-log-period 0
|
|
set sla-pass-log-period 0
|
|
set threshold-warning-packetloss 0
|
|
set threshold-alert-packetloss 0
|
|
set threshold-warning-latency 0
|
|
set threshold-alert-latency 0
|
|
set threshold-warning-jitter 0
|
|
set threshold-alert-jitter 0
|
|
set vrf 0
|
|
set source 0.0.0.0
|
|
set mos-codec g711
|
|
unset class-id
|
|
config sla
|
|
edit 1
|
|
set link-cost-factor latency jitter packet-loss
|
|
set latency-threshold 250
|
|
set jitter-threshold 50
|
|
set packetloss-threshold 2
|
|
set priority-in-sla 0
|
|
set priority-out-sla 0
|
|
next
|
|
end
|
|
next
|
|
edit "Default_Google Search"
|
|
set probe-packets enable
|
|
set addr-mode ipv4
|
|
set server "www.google.com"
|
|
set detect-mode active
|
|
set protocol https
|
|
set port 0
|
|
set ha-priority 1
|
|
set http-get "/"
|
|
set http-agent "Chrome/ Safari/"
|
|
set http-match ''
|
|
set interval 120000
|
|
set probe-timeout 1000
|
|
set failtime 5
|
|
set recoverytime 10
|
|
set probe-count 30
|
|
set diffservcode 000000
|
|
set update-cascade-interface enable
|
|
set update-static-route enable
|
|
set embed-measured-health disable
|
|
set sla-id-redistribute 0
|
|
set sla-fail-log-period 0
|
|
set sla-pass-log-period 0
|
|
set threshold-warning-packetloss 0
|
|
set threshold-alert-packetloss 0
|
|
set threshold-warning-latency 0
|
|
set threshold-alert-latency 0
|
|
set threshold-warning-jitter 0
|
|
set threshold-alert-jitter 0
|
|
set vrf 0
|
|
set source 0.0.0.0
|
|
set mos-codec g711
|
|
unset class-id
|
|
config sla
|
|
edit 1
|
|
set link-cost-factor latency jitter packet-loss
|
|
set latency-threshold 250
|
|
set jitter-threshold 50
|
|
set packetloss-threshold 5
|
|
set priority-in-sla 0
|
|
set priority-out-sla 0
|
|
next
|
|
end
|
|
next
|
|
edit "Default_FortiGuard"
|
|
set probe-packets enable
|
|
set addr-mode ipv4
|
|
set server "fortiguard.com"
|
|
set detect-mode active
|
|
set protocol https
|
|
set port 0
|
|
set ha-priority 1
|
|
set http-get "/"
|
|
set http-agent "Chrome/ Safari/"
|
|
set http-match ''
|
|
set interval 120000
|
|
set probe-timeout 1000
|
|
set failtime 5
|
|
set recoverytime 10
|
|
set probe-count 30
|
|
set diffservcode 000000
|
|
set update-cascade-interface enable
|
|
set update-static-route enable
|
|
set embed-measured-health disable
|
|
set sla-id-redistribute 0
|
|
set sla-fail-log-period 0
|
|
set sla-pass-log-period 0
|
|
set threshold-warning-packetloss 0
|
|
set threshold-alert-packetloss 0
|
|
set threshold-warning-latency 0
|
|
set threshold-alert-latency 0
|
|
set threshold-warning-jitter 0
|
|
set threshold-alert-jitter 0
|
|
set vrf 0
|
|
set source 0.0.0.0
|
|
set mos-codec g711
|
|
unset class-id
|
|
config sla
|
|
edit 1
|
|
set link-cost-factor latency jitter packet-loss
|
|
set latency-threshold 250
|
|
set jitter-threshold 50
|
|
set packetloss-threshold 5
|
|
set priority-in-sla 0
|
|
set priority-out-sla 0
|
|
next
|
|
end
|
|
next
|
|
end
|
|
end
|
|
config vpn ipsec fec
|
|
end
|
|
config vpn kmip-server
|
|
end
|
|
config vpn ipsec phase1
|
|
end
|
|
config vpn ipsec phase2
|
|
end
|
|
config vpn ipsec manualkey
|
|
end
|
|
config vpn ipsec concentrator
|
|
end
|
|
config vpn ipsec phase1-interface
|
|
end
|
|
config vpn ipsec phase2-interface
|
|
end
|
|
config vpn ipsec manualkey-interface
|
|
end
|
|
config vpn pptp
|
|
set status disable
|
|
end
|
|
config vpn l2tp
|
|
set status disable
|
|
set lcp-max-echo-fails 3
|
|
set hello-interval 60
|
|
end
|
|
config vpn ipsec forticlient
|
|
end
|
|
config system evpn
|
|
end
|
|
config dnsfilter domain-filter
|
|
end
|
|
config dnsfilter profile
|
|
edit "default"
|
|
set comment "Default dns filtering."
|
|
config domain-filter
|
|
unset domain-filter-table
|
|
end
|
|
config ftgd-dns
|
|
unset options
|
|
config filters
|
|
edit 1
|
|
set category 2
|
|
set action monitor
|
|
next
|
|
edit 2
|
|
set category 7
|
|
set action monitor
|
|
next
|
|
edit 3
|
|
set category 8
|
|
set action monitor
|
|
next
|
|
edit 4
|
|
set category 9
|
|
set action monitor
|
|
next
|
|
edit 5
|
|
set category 11
|
|
set action monitor
|
|
next
|
|
edit 6
|
|
set category 12
|
|
set action monitor
|
|
next
|
|
edit 7
|
|
set category 13
|
|
set action monitor
|
|
next
|
|
edit 8
|
|
set category 14
|
|
set action monitor
|
|
next
|
|
edit 9
|
|
set category 15
|
|
set action monitor
|
|
next
|
|
edit 10
|
|
set category 16
|
|
set action monitor
|
|
next
|
|
edit 11
|
|
set category 0
|
|
set action monitor
|
|
next
|
|
edit 12
|
|
set category 57
|
|
set action monitor
|
|
next
|
|
edit 13
|
|
set category 63
|
|
set action monitor
|
|
next
|
|
edit 14
|
|
set category 64
|
|
set action monitor
|
|
next
|
|
edit 15
|
|
set category 65
|
|
set action monitor
|
|
next
|
|
edit 16
|
|
set category 66
|
|
set action monitor
|
|
next
|
|
edit 17
|
|
set category 67
|
|
set action monitor
|
|
next
|
|
edit 18
|
|
set category 26
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 19
|
|
set category 61
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 20
|
|
set category 86
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 21
|
|
set category 88
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 22
|
|
set category 90
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 23
|
|
set category 91
|
|
set action block
|
|
set log enable
|
|
next
|
|
end
|
|
end
|
|
set log-all-domain disable
|
|
set sdns-ftgd-err-log enable
|
|
set sdns-domain-log enable
|
|
set block-action redirect
|
|
set block-botnet enable
|
|
set safe-search disable
|
|
set strip-ech enable
|
|
set redirect-portal 0.0.0.0
|
|
set redirect-portal6 ::
|
|
next
|
|
end
|
|
config system gre-tunnel
|
|
end
|
|
config system ipsec-aggregate
|
|
end
|
|
config system ipip-tunnel
|
|
end
|
|
config system mobile-tunnel
|
|
end
|
|
config system pppoe-interface
|
|
end
|
|
config system vxlan
|
|
end
|
|
config system geneve
|
|
end
|
|
config system virtual-wire-pair
|
|
end
|
|
config system dns-database
|
|
end
|
|
config system dns-server
|
|
end
|
|
config log custom-field
|
|
end
|
|
config antivirus settings
|
|
set machine-learning-detection enable
|
|
set use-extreme-db disable
|
|
set grayware enable
|
|
set override-timeout 0
|
|
set cache-infected-result enable
|
|
end
|
|
config antivirus quarantine
|
|
set agelimit 0
|
|
set maxfilesize 0
|
|
set quarantine-quota 0
|
|
unset drop-infected
|
|
set store-infected imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
|
|
unset drop-machine-learning
|
|
set store-machine-learning imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
|
|
set lowspace ovrw-old
|
|
set destination disk
|
|
end
|
|
config antivirus exempt-list
|
|
end
|
|
config ssh-filter profile
|
|
end
|
|
config antivirus profile
|
|
edit "g-default"
|
|
set comment "Scan files and block viruses."
|
|
set replacemsg-group ''
|
|
set feature-set flow
|
|
set mobile-malware-db enable
|
|
config http
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config ftp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config imap
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config pop3
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config smtp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config nntp
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config cifs
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config nac-quar
|
|
set infected none
|
|
set log disable
|
|
end
|
|
set outbreak-prevention-archive-scan disable
|
|
set external-blocklist-enable-all enable
|
|
set ems-threat-feed disable
|
|
set av-virus-log enable
|
|
set extended-log disable
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "Scan files and monitor viruses."
|
|
set replacemsg-group ''
|
|
set feature-set flow
|
|
set mobile-malware-db enable
|
|
config http
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config ftp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config imap
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config pop3
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config smtp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config nntp
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config cifs
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config nac-quar
|
|
set infected none
|
|
set log disable
|
|
end
|
|
set outbreak-prevention-archive-scan disable
|
|
set external-blocklist-enable-all enable
|
|
set ems-threat-feed disable
|
|
set av-virus-log enable
|
|
set extended-log disable
|
|
next
|
|
edit "g-wifi-default"
|
|
set comment "Default configuration for offloading WiFi traffic."
|
|
set replacemsg-group ''
|
|
set feature-set flow
|
|
set mobile-malware-db enable
|
|
config http
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config ftp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config imap
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config pop3
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config smtp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config nntp
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config cifs
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config nac-quar
|
|
set infected none
|
|
set log disable
|
|
end
|
|
set outbreak-prevention-archive-scan disable
|
|
set external-blocklist-enable-all enable
|
|
set ems-threat-feed disable
|
|
set av-virus-log enable
|
|
set extended-log disable
|
|
next
|
|
end
|
|
config file-filter profile
|
|
edit "g-default"
|
|
set comment "File type inspection."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
set log enable
|
|
set extended-log disable
|
|
set scan-archive-contents enable
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "File type inspection."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
set log enable
|
|
set extended-log disable
|
|
set scan-archive-contents enable
|
|
next
|
|
end
|
|
config webfilter profile
|
|
edit "g-default"
|
|
set comment "Default web filtering."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
unset options
|
|
set https-replacemsg enable
|
|
set web-flow-log-encoding utf-8
|
|
unset ovrd-perm
|
|
set post-action normal
|
|
config override
|
|
set ovrd-cookie deny
|
|
set ovrd-scope user
|
|
set profile-type list
|
|
set ovrd-dur-mode constant
|
|
set ovrd-dur 15m
|
|
end
|
|
config web
|
|
set bword-threshold 10
|
|
set blocklist disable
|
|
unset allowlist
|
|
unset safe-search
|
|
end
|
|
config ftgd-wf
|
|
unset options
|
|
unset ovrd
|
|
config filters
|
|
edit 1
|
|
set category 0
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 2
|
|
set category 2
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 3
|
|
set category 7
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 4
|
|
set category 8
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 5
|
|
set category 9
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 6
|
|
set category 11
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 7
|
|
set category 12
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 8
|
|
set category 13
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 9
|
|
set category 14
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 10
|
|
set category 15
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 11
|
|
set category 16
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 12
|
|
set category 26
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 13
|
|
set category 57
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 14
|
|
set category 61
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 15
|
|
set category 63
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 16
|
|
set category 64
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 17
|
|
set category 65
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 18
|
|
set category 66
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 19
|
|
set category 67
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 20
|
|
set category 86
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 21
|
|
set category 88
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 22
|
|
set category 90
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 23
|
|
set category 91
|
|
set action block
|
|
set log enable
|
|
next
|
|
end
|
|
set rate-javascript-urls enable
|
|
set rate-css-urls enable
|
|
set rate-crl-urls enable
|
|
end
|
|
set wisp disable
|
|
set log-all-url disable
|
|
set web-content-log enable
|
|
set web-filter-command-block-log enable
|
|
set web-filter-cookie-log enable
|
|
set web-url-log enable
|
|
set web-invalid-domain-log enable
|
|
set web-ftgd-err-log enable
|
|
set extended-log disable
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "Monitor web traffic."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
unset options
|
|
set https-replacemsg enable
|
|
set web-flow-log-encoding utf-8
|
|
unset ovrd-perm
|
|
set post-action normal
|
|
config override
|
|
set ovrd-cookie deny
|
|
set ovrd-scope user
|
|
set profile-type list
|
|
set ovrd-dur-mode constant
|
|
set ovrd-dur 15m
|
|
end
|
|
config web
|
|
set bword-threshold 10
|
|
set blocklist disable
|
|
unset allowlist
|
|
unset safe-search
|
|
end
|
|
config ftgd-wf
|
|
set options ftgd-disable
|
|
unset ovrd
|
|
config filters
|
|
edit 1
|
|
set category 0
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 2
|
|
set category 1
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 3
|
|
set category 2
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 4
|
|
set category 3
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 5
|
|
set category 4
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 6
|
|
set category 5
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 7
|
|
set category 6
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 8
|
|
set category 7
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 9
|
|
set category 8
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 10
|
|
set category 9
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 11
|
|
set category 11
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 12
|
|
set category 12
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 13
|
|
set category 13
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 14
|
|
set category 14
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 15
|
|
set category 15
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 16
|
|
set category 16
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 17
|
|
set category 17
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 18
|
|
set category 18
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 19
|
|
set category 19
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 20
|
|
set category 20
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 21
|
|
set category 23
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 22
|
|
set category 24
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 23
|
|
set category 25
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 24
|
|
set category 26
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 25
|
|
set category 28
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 26
|
|
set category 29
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 27
|
|
set category 30
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 28
|
|
set category 31
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 29
|
|
set category 33
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 30
|
|
set category 34
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 31
|
|
set category 35
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 32
|
|
set category 36
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 33
|
|
set category 37
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 34
|
|
set category 38
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 35
|
|
set category 39
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 36
|
|
set category 40
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 37
|
|
set category 41
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 38
|
|
set category 42
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 39
|
|
set category 43
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 40
|
|
set category 44
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 41
|
|
set category 46
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 42
|
|
set category 47
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 43
|
|
set category 48
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 44
|
|
set category 49
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 45
|
|
set category 50
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 46
|
|
set category 51
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 47
|
|
set category 52
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 48
|
|
set category 53
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 49
|
|
set category 54
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 50
|
|
set category 55
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 51
|
|
set category 56
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 52
|
|
set category 57
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 53
|
|
set category 58
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 54
|
|
set category 59
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 55
|
|
set category 61
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 56
|
|
set category 62
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 57
|
|
set category 63
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 58
|
|
set category 64
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 59
|
|
set category 65
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 60
|
|
set category 66
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 61
|
|
set category 67
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 62
|
|
set category 68
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 63
|
|
set category 69
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 64
|
|
set category 70
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 65
|
|
set category 71
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 66
|
|
set category 72
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 67
|
|
set category 75
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 68
|
|
set category 76
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 69
|
|
set category 77
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 70
|
|
set category 78
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 71
|
|
set category 79
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 72
|
|
set category 80
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 73
|
|
set category 81
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 74
|
|
set category 82
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 75
|
|
set category 83
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 76
|
|
set category 84
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 77
|
|
set category 85
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 78
|
|
set category 86
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 79
|
|
set category 87
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 80
|
|
set category 88
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 81
|
|
set category 89
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 82
|
|
set category 90
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 83
|
|
set category 91
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 84
|
|
set category 92
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 85
|
|
set category 93
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 86
|
|
set category 94
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 87
|
|
set category 95
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
end
|
|
set rate-javascript-urls enable
|
|
set rate-css-urls enable
|
|
set rate-crl-urls enable
|
|
end
|
|
set wisp disable
|
|
set log-all-url disable
|
|
set web-content-log enable
|
|
set web-filter-command-block-log enable
|
|
set web-filter-cookie-log enable
|
|
set web-url-log enable
|
|
set web-invalid-domain-log enable
|
|
set web-ftgd-err-log enable
|
|
set extended-log disable
|
|
next
|
|
edit "g-wifi-default"
|
|
set comment "Default configuration for offloading WiFi traffic."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
set options block-invalid-url
|
|
set https-replacemsg enable
|
|
set web-flow-log-encoding utf-8
|
|
unset ovrd-perm
|
|
set post-action normal
|
|
config override
|
|
set ovrd-cookie deny
|
|
set ovrd-scope user
|
|
set profile-type list
|
|
set ovrd-dur-mode constant
|
|
set ovrd-dur 15m
|
|
end
|
|
config web
|
|
set bword-threshold 10
|
|
set blocklist disable
|
|
unset allowlist
|
|
unset safe-search
|
|
end
|
|
config ftgd-wf
|
|
unset options
|
|
unset ovrd
|
|
config filters
|
|
edit 1
|
|
set category 0
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 2
|
|
set category 2
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 3
|
|
set category 7
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 4
|
|
set category 8
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 5
|
|
set category 9
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 6
|
|
set category 11
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 7
|
|
set category 12
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 8
|
|
set category 13
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 9
|
|
set category 14
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 10
|
|
set category 15
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 11
|
|
set category 16
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 12
|
|
set category 26
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 13
|
|
set category 57
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 14
|
|
set category 61
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 15
|
|
set category 63
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 16
|
|
set category 64
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 17
|
|
set category 65
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 18
|
|
set category 66
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 19
|
|
set category 67
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 20
|
|
set category 86
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 21
|
|
set category 88
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 22
|
|
set category 90
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 23
|
|
set category 91
|
|
set action block
|
|
set log enable
|
|
next
|
|
end
|
|
set rate-javascript-urls enable
|
|
set rate-css-urls enable
|
|
set rate-crl-urls enable
|
|
end
|
|
set wisp disable
|
|
set log-all-url disable
|
|
set web-content-log enable
|
|
set web-filter-command-block-log enable
|
|
set web-filter-cookie-log enable
|
|
set web-url-log enable
|
|
set web-invalid-domain-log enable
|
|
set web-ftgd-err-log enable
|
|
set extended-log disable
|
|
next
|
|
edit "default"
|
|
set comment "Default web filtering."
|
|
set feature-set proxy
|
|
set replacemsg-group ''
|
|
unset options
|
|
set https-replacemsg enable
|
|
unset ovrd-perm
|
|
set post-action normal
|
|
config override
|
|
set ovrd-cookie deny
|
|
set ovrd-scope user
|
|
set profile-type list
|
|
set ovrd-dur-mode constant
|
|
set ovrd-dur 15m
|
|
end
|
|
config web
|
|
set bword-threshold 10
|
|
unset bword-table
|
|
unset urlfilter-table
|
|
unset content-header-list
|
|
set blocklist disable
|
|
unset allowlist
|
|
unset safe-search
|
|
set log-search disable
|
|
end
|
|
config ftgd-wf
|
|
unset options
|
|
set exempt-quota 17
|
|
unset ovrd
|
|
config filters
|
|
edit 1
|
|
set category 0
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 2
|
|
set category 2
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 3
|
|
set category 7
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 4
|
|
set category 8
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 5
|
|
set category 9
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 6
|
|
set category 11
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 7
|
|
set category 12
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 8
|
|
set category 13
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 9
|
|
set category 14
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 10
|
|
set category 15
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 11
|
|
set category 16
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 12
|
|
set category 26
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 13
|
|
set category 57
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 14
|
|
set category 61
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 15
|
|
set category 63
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 16
|
|
set category 64
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 17
|
|
set category 65
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 18
|
|
set category 66
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 19
|
|
set category 67
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 20
|
|
set category 86
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 21
|
|
set category 88
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 22
|
|
set category 90
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 23
|
|
set category 91
|
|
set action block
|
|
set log enable
|
|
next
|
|
end
|
|
set max-quota-timeout 300
|
|
set rate-javascript-urls enable
|
|
set rate-css-urls enable
|
|
set rate-crl-urls enable
|
|
end
|
|
config antiphish
|
|
set status disable
|
|
set check-username-only disable
|
|
set max-body-len 1024
|
|
end
|
|
set wisp disable
|
|
set log-all-url disable
|
|
set web-content-log enable
|
|
set web-filter-activex-log enable
|
|
set web-filter-command-block-log enable
|
|
set web-filter-cookie-log enable
|
|
set web-filter-applet-log enable
|
|
set web-filter-jscript-log enable
|
|
set web-filter-js-log enable
|
|
set web-filter-vbs-log enable
|
|
set web-filter-unknown-log enable
|
|
set web-filter-referer-log enable
|
|
set web-filter-cookie-removal-log enable
|
|
set web-url-log enable
|
|
set web-invalid-domain-log enable
|
|
set web-ftgd-err-log enable
|
|
set web-ftgd-quota-usage enable
|
|
set extended-log disable
|
|
set web-antiphishing-log enable
|
|
next
|
|
edit "monitor-all"
|
|
set comment "Monitor and log all visited URLs, flow-based."
|
|
set feature-set proxy
|
|
set replacemsg-group ''
|
|
unset options
|
|
set https-replacemsg enable
|
|
unset ovrd-perm
|
|
set post-action normal
|
|
config override
|
|
set ovrd-cookie deny
|
|
set ovrd-scope user
|
|
set profile-type list
|
|
set ovrd-dur-mode constant
|
|
set ovrd-dur 15m
|
|
end
|
|
config web
|
|
set bword-threshold 10
|
|
unset bword-table
|
|
unset urlfilter-table
|
|
unset content-header-list
|
|
set blocklist disable
|
|
unset allowlist
|
|
unset safe-search
|
|
set log-search disable
|
|
end
|
|
config ftgd-wf
|
|
unset options
|
|
set exempt-quota 17
|
|
unset ovrd
|
|
config filters
|
|
edit 1
|
|
set category 1
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 2
|
|
set category 3
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 3
|
|
set category 4
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 4
|
|
set category 5
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 5
|
|
set category 6
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 6
|
|
set category 12
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 7
|
|
set category 59
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 8
|
|
set category 62
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 9
|
|
set category 83
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 10
|
|
set category 2
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 11
|
|
set category 7
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 12
|
|
set category 8
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 13
|
|
set category 9
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 14
|
|
set category 11
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 15
|
|
set category 13
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 16
|
|
set category 14
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 17
|
|
set category 15
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 18
|
|
set category 16
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 19
|
|
set category 57
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 20
|
|
set category 63
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 21
|
|
set category 64
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 22
|
|
set category 65
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 23
|
|
set category 66
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 24
|
|
set category 67
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 25
|
|
set category 19
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 26
|
|
set category 24
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 27
|
|
set category 25
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 28
|
|
set category 72
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 29
|
|
set category 75
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 30
|
|
set category 76
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 31
|
|
set category 26
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 32
|
|
set category 61
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 33
|
|
set category 86
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 34
|
|
set category 17
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 35
|
|
set category 18
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 36
|
|
set category 20
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 37
|
|
set category 23
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 38
|
|
set category 28
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 39
|
|
set category 29
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 40
|
|
set category 30
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 41
|
|
set category 33
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 42
|
|
set category 34
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 43
|
|
set category 35
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 44
|
|
set category 36
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 45
|
|
set category 37
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 46
|
|
set category 38
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 47
|
|
set category 39
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 48
|
|
set category 40
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 49
|
|
set category 42
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 50
|
|
set category 44
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 51
|
|
set category 46
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 52
|
|
set category 47
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 53
|
|
set category 48
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 54
|
|
set category 54
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 55
|
|
set category 55
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 56
|
|
set category 58
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 57
|
|
set category 68
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 58
|
|
set category 69
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 59
|
|
set category 70
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 60
|
|
set category 71
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 61
|
|
set category 77
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 62
|
|
set category 78
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 63
|
|
set category 79
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 64
|
|
set category 80
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 65
|
|
set category 82
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 66
|
|
set category 85
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 67
|
|
set category 87
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 68
|
|
set category 31
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 69
|
|
set category 41
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 70
|
|
set category 43
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 71
|
|
set category 49
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 72
|
|
set category 50
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 73
|
|
set category 51
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 74
|
|
set category 52
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 75
|
|
set category 53
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 76
|
|
set category 56
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 77
|
|
set category 81
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 78
|
|
set category 84
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 79
|
|
set category 0
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 80
|
|
set category 88
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 81
|
|
set category 89
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 82
|
|
set category 90
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 83
|
|
set category 91
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 84
|
|
set category 92
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 85
|
|
set category 93
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 86
|
|
set category 94
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 87
|
|
set category 95
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
end
|
|
set max-quota-timeout 300
|
|
set rate-javascript-urls enable
|
|
set rate-css-urls enable
|
|
set rate-crl-urls enable
|
|
end
|
|
config antiphish
|
|
set status disable
|
|
set check-username-only disable
|
|
set max-body-len 1024
|
|
end
|
|
set wisp disable
|
|
set log-all-url enable
|
|
set web-content-log disable
|
|
set web-filter-activex-log disable
|
|
set web-filter-command-block-log disable
|
|
set web-filter-cookie-log disable
|
|
set web-filter-applet-log disable
|
|
set web-filter-jscript-log disable
|
|
set web-filter-js-log disable
|
|
set web-filter-vbs-log disable
|
|
set web-filter-unknown-log disable
|
|
set web-filter-referer-log disable
|
|
set web-filter-cookie-removal-log disable
|
|
set web-url-log disable
|
|
set web-invalid-domain-log disable
|
|
set web-ftgd-err-log disable
|
|
set web-ftgd-quota-usage disable
|
|
set extended-log disable
|
|
set web-antiphishing-log enable
|
|
next
|
|
edit "sniffer-profile"
|
|
set comment "Monitor web traffic."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
unset options
|
|
set https-replacemsg enable
|
|
set web-flow-log-encoding utf-8
|
|
unset ovrd-perm
|
|
set post-action normal
|
|
config override
|
|
set ovrd-cookie deny
|
|
set ovrd-scope user
|
|
set profile-type list
|
|
set ovrd-dur-mode constant
|
|
set ovrd-dur 15m
|
|
end
|
|
config web
|
|
set bword-threshold 10
|
|
unset bword-table
|
|
unset urlfilter-table
|
|
unset content-header-list
|
|
set blocklist disable
|
|
unset allowlist
|
|
unset safe-search
|
|
end
|
|
config ftgd-wf
|
|
set options ftgd-disable
|
|
unset ovrd
|
|
config filters
|
|
edit 1
|
|
set category 0
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 2
|
|
set category 1
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 3
|
|
set category 2
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 4
|
|
set category 3
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 5
|
|
set category 4
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 6
|
|
set category 5
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 7
|
|
set category 6
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 8
|
|
set category 7
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 9
|
|
set category 8
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 10
|
|
set category 9
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 11
|
|
set category 11
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 12
|
|
set category 12
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 13
|
|
set category 13
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 14
|
|
set category 14
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 15
|
|
set category 15
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 16
|
|
set category 16
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 17
|
|
set category 17
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 18
|
|
set category 18
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 19
|
|
set category 19
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 20
|
|
set category 20
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 21
|
|
set category 23
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 22
|
|
set category 24
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 23
|
|
set category 25
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 24
|
|
set category 26
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 25
|
|
set category 28
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 26
|
|
set category 29
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 27
|
|
set category 30
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 28
|
|
set category 31
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 29
|
|
set category 33
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 30
|
|
set category 34
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 31
|
|
set category 35
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 32
|
|
set category 36
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 33
|
|
set category 37
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 34
|
|
set category 38
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 35
|
|
set category 39
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 36
|
|
set category 40
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 37
|
|
set category 41
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 38
|
|
set category 42
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 39
|
|
set category 43
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 40
|
|
set category 44
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 41
|
|
set category 46
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 42
|
|
set category 47
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 43
|
|
set category 48
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 44
|
|
set category 49
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 45
|
|
set category 50
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 46
|
|
set category 51
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 47
|
|
set category 52
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 48
|
|
set category 53
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 49
|
|
set category 54
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 50
|
|
set category 55
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 51
|
|
set category 56
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 52
|
|
set category 57
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 53
|
|
set category 58
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 54
|
|
set category 59
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 55
|
|
set category 61
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 56
|
|
set category 62
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 57
|
|
set category 63
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 58
|
|
set category 64
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 59
|
|
set category 65
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 60
|
|
set category 66
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 61
|
|
set category 67
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 62
|
|
set category 68
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 63
|
|
set category 69
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 64
|
|
set category 70
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 65
|
|
set category 71
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 66
|
|
set category 72
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 67
|
|
set category 75
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 68
|
|
set category 76
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 69
|
|
set category 77
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 70
|
|
set category 78
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 71
|
|
set category 79
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 72
|
|
set category 80
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 73
|
|
set category 81
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 74
|
|
set category 82
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 75
|
|
set category 83
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 76
|
|
set category 84
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 77
|
|
set category 85
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 78
|
|
set category 86
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 79
|
|
set category 87
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 80
|
|
set category 88
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 81
|
|
set category 89
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 82
|
|
set category 90
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 83
|
|
set category 91
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 84
|
|
set category 92
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 85
|
|
set category 93
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 86
|
|
set category 94
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 87
|
|
set category 95
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
end
|
|
set rate-javascript-urls enable
|
|
set rate-css-urls enable
|
|
set rate-crl-urls enable
|
|
end
|
|
set wisp disable
|
|
set log-all-url disable
|
|
set web-content-log enable
|
|
set web-filter-command-block-log enable
|
|
set web-filter-cookie-log enable
|
|
set web-url-log enable
|
|
set web-invalid-domain-log enable
|
|
set web-ftgd-err-log enable
|
|
set extended-log disable
|
|
next
|
|
edit "wifi-default"
|
|
set comment "Default configuration for offloading WiFi traffic."
|
|
set feature-set proxy
|
|
set replacemsg-group ''
|
|
set options block-invalid-url
|
|
set https-replacemsg enable
|
|
unset ovrd-perm
|
|
set post-action normal
|
|
config override
|
|
set ovrd-cookie deny
|
|
set ovrd-scope user
|
|
set profile-type list
|
|
set ovrd-dur-mode constant
|
|
set ovrd-dur 15m
|
|
end
|
|
config web
|
|
set bword-threshold 10
|
|
unset bword-table
|
|
unset urlfilter-table
|
|
unset content-header-list
|
|
set blocklist disable
|
|
unset allowlist
|
|
unset safe-search
|
|
set log-search disable
|
|
end
|
|
config ftgd-wf
|
|
unset options
|
|
set exempt-quota 17
|
|
unset ovrd
|
|
config filters
|
|
edit 1
|
|
set category 0
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 2
|
|
set category 2
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 3
|
|
set category 7
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 4
|
|
set category 8
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 5
|
|
set category 9
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 6
|
|
set category 11
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 7
|
|
set category 12
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 8
|
|
set category 13
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 9
|
|
set category 14
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 10
|
|
set category 15
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 11
|
|
set category 16
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 12
|
|
set category 26
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 13
|
|
set category 57
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 14
|
|
set category 61
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 15
|
|
set category 63
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 16
|
|
set category 64
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 17
|
|
set category 65
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 18
|
|
set category 66
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 19
|
|
set category 67
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 20
|
|
set category 86
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 21
|
|
set category 88
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 22
|
|
set category 90
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 23
|
|
set category 91
|
|
set action block
|
|
set log enable
|
|
next
|
|
end
|
|
set max-quota-timeout 300
|
|
set rate-javascript-urls enable
|
|
set rate-css-urls enable
|
|
set rate-crl-urls enable
|
|
end
|
|
config antiphish
|
|
set status disable
|
|
set check-username-only disable
|
|
set max-body-len 1024
|
|
end
|
|
set wisp disable
|
|
set log-all-url disable
|
|
set web-content-log enable
|
|
set web-filter-activex-log enable
|
|
set web-filter-command-block-log enable
|
|
set web-filter-cookie-log enable
|
|
set web-filter-applet-log enable
|
|
set web-filter-jscript-log enable
|
|
set web-filter-js-log enable
|
|
set web-filter-vbs-log enable
|
|
set web-filter-unknown-log enable
|
|
set web-filter-referer-log enable
|
|
set web-filter-cookie-removal-log enable
|
|
set web-url-log enable
|
|
set web-invalid-domain-log enable
|
|
set web-ftgd-err-log enable
|
|
set web-ftgd-quota-usage enable
|
|
set extended-log disable
|
|
set web-antiphishing-log enable
|
|
next
|
|
end
|
|
config webfilter override
|
|
end
|
|
config webfilter ftgd-local-rating
|
|
end
|
|
config webfilter search-engine
|
|
edit "g-baidu"
|
|
set hostname ".*\\.baidu\\.com"
|
|
set url "^\\/s?\\?"
|
|
set query "wd="
|
|
set safesearch disable
|
|
next
|
|
edit "g-baidu2"
|
|
set hostname ".*\\.baidu\\.com"
|
|
set url "^\\/(ns|q|m|i|v)\\?"
|
|
set query "word="
|
|
set safesearch disable
|
|
next
|
|
edit "g-baidu3"
|
|
set hostname "tieba\\.baidu\\.com"
|
|
set url "^\\/f\\?"
|
|
set query "kw="
|
|
set safesearch disable
|
|
next
|
|
edit "g-bing"
|
|
set hostname ".*\\.bing\\..*"
|
|
set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
|
|
set query "q="
|
|
set safesearch header
|
|
next
|
|
edit "g-google"
|
|
set hostname ".*\\.google\\..*"
|
|
set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
|
|
set query "q="
|
|
set safesearch url
|
|
set safesearch-str "&safe=active"
|
|
next
|
|
edit "g-google-translate-1"
|
|
set hostname "translate\\.google\\..*"
|
|
set url "^\\/translate"
|
|
set query "u="
|
|
set safesearch translate
|
|
set safesearch-str "regex::(?:\\?|&)u=([^&]+)::\\1"
|
|
next
|
|
edit "g-google-translate-2"
|
|
set hostname ".*\\.translate\\.goog"
|
|
set url "^\\/"
|
|
set query ''
|
|
set safesearch translate
|
|
set safesearch-str "case::google-translate"
|
|
next
|
|
edit "g-twitter"
|
|
set hostname "twitter\\.com"
|
|
set url "^\\/i\\/api\\/graphql\\/.*\\/UserByScreenName"
|
|
set query "variables="
|
|
set safesearch translate
|
|
set safesearch-str "regex::%22screen_name%22:%22([A-Za-z0-9_]{4,15})%22::twitter.com/\\1"
|
|
next
|
|
edit "g-vimeo"
|
|
set hostname ".*vimeo.*"
|
|
set url "^\\/search\\?"
|
|
set query "q="
|
|
set safesearch header
|
|
next
|
|
edit "g-yahoo"
|
|
set hostname ".*\\.yahoo\\..*"
|
|
set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
|
|
set query "p="
|
|
set safesearch url
|
|
set safesearch-str "&vm=r"
|
|
next
|
|
edit "g-yandex"
|
|
set hostname "yandex\\..*"
|
|
set url "^\\/((|yand|images\\/|video\\/)(search)|search\\/)\\?"
|
|
set query "text="
|
|
set safesearch url
|
|
set safesearch-str "&family=yes"
|
|
next
|
|
edit "g-youtube"
|
|
set hostname ".*youtube.*"
|
|
set url ''
|
|
set query ''
|
|
set safesearch header
|
|
next
|
|
edit "g-yt-channel"
|
|
set hostname ''
|
|
set url "www.youtube.com/channel"
|
|
set query ''
|
|
set safesearch yt-channel
|
|
next
|
|
edit "g-yt-pattern"
|
|
set hostname ''
|
|
set url "youtube.com/channel/"
|
|
set query ''
|
|
set safesearch yt-pattern
|
|
next
|
|
edit "g-yt-scan-1"
|
|
set hostname ''
|
|
set url "www.youtube.com/user/"
|
|
set query ''
|
|
set safesearch yt-scan
|
|
next
|
|
edit "g-yt-scan-2"
|
|
set hostname ''
|
|
set url "www.youtube.com/youtubei/v1/browse"
|
|
set query ''
|
|
set safesearch yt-scan
|
|
next
|
|
edit "g-yt-scan-3"
|
|
set hostname ''
|
|
set url "www.youtube.com/youtubei/v1/player"
|
|
set query ''
|
|
set safesearch yt-scan
|
|
next
|
|
edit "g-yt-scan-4"
|
|
set hostname ''
|
|
set url "www.youtube.com/youtubei/v1/navigator"
|
|
set query ''
|
|
set safesearch yt-scan
|
|
next
|
|
edit "yt-video"
|
|
set hostname ''
|
|
set url "www.youtube.com/watch"
|
|
set query ''
|
|
set safesearch yt-video
|
|
next
|
|
end
|
|
config emailfilter profile
|
|
edit "sniffer-profile"
|
|
set comment "Malware and phishing URL monitoring."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
set spam-log enable
|
|
set spam-filtering disable
|
|
unset options
|
|
config imap
|
|
set log-all disable
|
|
end
|
|
config pop3
|
|
set log-all disable
|
|
end
|
|
config smtp
|
|
set log-all disable
|
|
end
|
|
config msn-hotmail
|
|
set log-all disable
|
|
end
|
|
config gmail
|
|
set log-all disable
|
|
end
|
|
set spam-bword-threshold 10
|
|
unset spam-bword-table
|
|
unset spam-bal-table
|
|
unset spam-mheader-table
|
|
unset spam-iptrust-table
|
|
next
|
|
edit "default"
|
|
set comment "Malware and phishing URL filtering."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
set spam-log enable
|
|
set spam-filtering disable
|
|
unset options
|
|
config imap
|
|
set log-all disable
|
|
end
|
|
config pop3
|
|
set log-all disable
|
|
end
|
|
config smtp
|
|
set log-all disable
|
|
end
|
|
config msn-hotmail
|
|
set log-all disable
|
|
end
|
|
config gmail
|
|
set log-all disable
|
|
end
|
|
set spam-bword-threshold 10
|
|
unset spam-bword-table
|
|
unset spam-bal-table
|
|
unset spam-mheader-table
|
|
unset spam-iptrust-table
|
|
next
|
|
end
|
|
config virtual-patch profile
|
|
edit "g-default"
|
|
set comment ''
|
|
set severity info low medium high critical
|
|
set action block
|
|
set log enable
|
|
next
|
|
end
|
|
config wanopt settings
|
|
set host-id "default-id"
|
|
set tunnel-ssl-algorithm high
|
|
set auto-detect-algorithm simple
|
|
set tunnel-optimization balanced
|
|
end
|
|
config wanopt peer
|
|
end
|
|
config wanopt auth-group
|
|
end
|
|
config wanopt profile
|
|
edit "default"
|
|
set transparent enable
|
|
set comments "Default WANopt profile."
|
|
set auth-group ''
|
|
config http
|
|
set status disable
|
|
set secure-tunnel disable
|
|
set byte-caching enable
|
|
set ssl disable
|
|
set prefer-chunking fix
|
|
set protocol-opt protocol
|
|
set tunnel-sharing private
|
|
end
|
|
config cifs
|
|
set status disable
|
|
set secure-tunnel disable
|
|
set byte-caching enable
|
|
set prefer-chunking fix
|
|
set protocol-opt protocol
|
|
set tunnel-sharing private
|
|
end
|
|
config mapi
|
|
set status disable
|
|
set secure-tunnel disable
|
|
set byte-caching enable
|
|
set tunnel-sharing private
|
|
end
|
|
config ftp
|
|
set status disable
|
|
set secure-tunnel disable
|
|
set byte-caching enable
|
|
set prefer-chunking fix
|
|
set protocol-opt protocol
|
|
set tunnel-sharing private
|
|
end
|
|
config tcp
|
|
set status disable
|
|
end
|
|
next
|
|
end
|
|
config system speed-test-server
|
|
end
|
|
config log memory setting
|
|
set status enable
|
|
end
|
|
config log disk setting
|
|
set status disable
|
|
end
|
|
config log eventfilter
|
|
set event enable
|
|
set system enable
|
|
set vpn enable
|
|
set user enable
|
|
set router enable
|
|
set wireless-activity enable
|
|
set wan-opt enable
|
|
set endpoint enable
|
|
set ha enable
|
|
set security-rating enable
|
|
set fortiextender enable
|
|
set connector enable
|
|
set sdwan enable
|
|
set cifs enable
|
|
set switch-controller enable
|
|
set webproxy enable
|
|
end
|
|
config log memory filter
|
|
set severity information
|
|
set forward-traffic enable
|
|
set local-traffic enable
|
|
set multicast-traffic enable
|
|
set sniffer-traffic enable
|
|
set ztna-traffic enable
|
|
set anomaly enable
|
|
set voip enable
|
|
set gtp enable
|
|
set forti-switch enable
|
|
end
|
|
config log disk filter
|
|
set severity information
|
|
set forward-traffic enable
|
|
set local-traffic enable
|
|
set multicast-traffic enable
|
|
set sniffer-traffic enable
|
|
set ztna-traffic enable
|
|
set anomaly enable
|
|
set voip enable
|
|
set dlp-archive enable
|
|
set gtp enable
|
|
set forti-switch enable
|
|
end
|
|
config log fortiguard override-setting
|
|
set override disable
|
|
set access-config enable
|
|
end
|
|
config log tacacs+accounting setting
|
|
set status disable
|
|
set source-ip ''
|
|
set interface-select-method auto
|
|
end
|
|
config log tacacs+accounting2 setting
|
|
set status disable
|
|
set source-ip ''
|
|
set interface-select-method auto
|
|
end
|
|
config log tacacs+accounting3 setting
|
|
set status disable
|
|
set source-ip ''
|
|
set interface-select-method auto
|
|
end
|
|
config log tacacs+accounting filter
|
|
set login-audit enable
|
|
set config-change-audit enable
|
|
set cli-cmd-audit disable
|
|
end
|
|
config log tacacs+accounting2 filter
|
|
set login-audit enable
|
|
set config-change-audit enable
|
|
set cli-cmd-audit disable
|
|
end
|
|
config log tacacs+accounting3 filter
|
|
set login-audit enable
|
|
set config-change-audit enable
|
|
set cli-cmd-audit disable
|
|
end
|
|
config log null-device setting
|
|
set status disable
|
|
end
|
|
config log null-device filter
|
|
set severity information
|
|
set forward-traffic enable
|
|
set local-traffic enable
|
|
set multicast-traffic enable
|
|
set sniffer-traffic enable
|
|
set ztna-traffic enable
|
|
set anomaly enable
|
|
set voip enable
|
|
set gtp enable
|
|
set forti-switch enable
|
|
end
|
|
config log setting
|
|
set resolve-ip disable
|
|
set resolve-port enable
|
|
set log-user-in-upper disable
|
|
set fwpolicy-implicit-log disable
|
|
set fwpolicy6-implicit-log disable
|
|
set extended-log disable
|
|
set local-in-allow enable
|
|
set local-in-deny-unicast enable
|
|
set local-in-deny-broadcast enable
|
|
set local-out enable
|
|
set local-out-ioc-detection enable
|
|
set daemon-log disable
|
|
set neighbor-event disable
|
|
set brief-traffic-format disable
|
|
set user-anonymize disable
|
|
set fortiview-weekly-data disable
|
|
set expolicy-implicit-log disable
|
|
set log-policy-comment disable
|
|
set faz-override disable
|
|
set syslog-override disable
|
|
set rest-api-set disable
|
|
set rest-api-get disable
|
|
set rest-api-performance disable
|
|
set long-live-session-stat enable
|
|
end
|
|
config log gui-display
|
|
set resolve-hosts enable
|
|
set resolve-apps enable
|
|
set fortiview-unscanned-apps disable
|
|
end
|
|
config system lldp network-policy
|
|
end
|
|
config system pcp-server
|
|
set status disable
|
|
end
|
|
config firewall schedule onetime
|
|
end
|
|
config firewall schedule recurring
|
|
edit "always"
|
|
set start 00:00
|
|
set end 00:00
|
|
set day sunday monday tuesday wednesday thursday friday saturday
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "none"
|
|
set start 00:00
|
|
set end 00:00
|
|
set day none
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "default-darrp-optimize"
|
|
set start 01:00
|
|
set end 01:30
|
|
set day sunday monday tuesday wednesday thursday friday saturday
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
end
|
|
config firewall schedule group
|
|
end
|
|
config firewall ippool
|
|
end
|
|
config firewall ippool6
|
|
end
|
|
config firewall ldb-monitor
|
|
end
|
|
config firewall vip
|
|
end
|
|
config firewall vip6
|
|
end
|
|
config firewall vipgrp
|
|
end
|
|
config firewall vipgrp6
|
|
end
|
|
config firewall ssh local-key
|
|
edit "g-Fortinet_SSH_DSA1024"
|
|
set password ENC KqnjClw+sTZ6C+WvHVBRb9IZp8ziu5anSlEfqsM3uFaUrQ/1O1FI8MVKDAc31WOBw/jJoF2Tndir91AQlztSrlhmfbMhz0fQbdAW2dqU7OLZaCkbYNPbUhrqXDH/HYxU+vbH1DO1u9Ce/3ExFR3XwfBfXX2ugrG/aZQrGLSa+oa84xmmQQv12XyN6MuCic3UFqMFnllmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCV7DL5b6
|
|
cQ4DFxLFfd9NBXAAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDho
|
|
KqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTq
|
|
a7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq
|
|
7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXk
|
|
jxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFR
|
|
XsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEe
|
|
P+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5
|
|
lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11G
|
|
wlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQAAAHgUeQzjFiceCe8Mfak
|
|
H97NypLIabuKsuXWYdK/YowIdC9ZVR0k2T28Zv+c3zNpLJfnm5pZnO4aX3VX98d5NlYarc
|
|
CuGS/xMjwxVuTo/FoJ5Pv3EUIvAO8i9JYPs+FGNkYQlbAQ+duxXUKVjGLBSID8zxQx/cz/
|
|
PAR1iwLkbXdJdO+NCgj81YIiwGG8YtSHHR0hYzf+Trb04p9sDwZWcBLBWEHDv7WW7ZH4t5
|
|
D8uGkNAlivP8VIdSYxtpMcGa52+LADwGh9/4nezEvcHRLogwc2pEQRGCNKdayXWBuYiplY
|
|
Yddz734+NQHkmyTZZ8UuoINM8fCfu8nu8MKGA0w1aFyBJMAMoHQMsPRdUNr9Jv/JeZcfht
|
|
N9cXibpgIzxC+DvnxUASnKbF+s5ry0L9KQWmZukfm9W4UMoBadgLRF7GwK0bgasacWiP+w
|
|
UPDXc5woeJgBWw2qOaC0Fq4tpoUndCni0IHrKwihZb0lqMBK1wTWSdXX1PDvAgD/dluttR
|
|
hoLJzECgbAT8hK6UYoCHbAFl854ZSCYbZE3ZqknMWMPrAx67VQkcfkoI+7vL4G60NdKPJ3
|
|
l9v1llo/eMY8StltYorKalr7PHu8cM1dpkvpfHTMJn1Ox78QXmbLP2kK57ChPm3s
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDhoKqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTqa7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXkjxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFRXsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEeP+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11GwlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQ="
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_ECDSA256"
|
|
set password ENC 8a812Ind/7BHX6D5LoEypLMjNuJ2M26u32uTgEspanlAH8zIKSkDtHB9RGtjNColSTX6Ht+MBkuLIFd0mnBd+Pv0gtC79FFDZhGce7rQ4AhBRAQ3MYdfd3gdZOJbDN2nWvJYMqnxashOuNb7bepFUiQ2nA5xsayYbPACE6pZNplC8CMNcCJlpMn5Ou2b73K7LSlDmVlmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDWswKzHl
|
|
aPj5eXaLmQWZXVAAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
|
|
dHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvK
|
|
y7MHqF8ARHi1glc6RSoarryTUQuCIAAACg4SS+EPsp+ZqCTFN7GvtH9z9bU4OTN6G1Bfdv
|
|
vrru+xqPzixqYvUAvgqwvNnrtkq6NVCx5QANnxBGdnJNrUckZTw6f6KBUoVKF78fRBMYWe
|
|
JsOBJ1uJujShmxSiEGSyFYcXhCCq8Fy9goi1VpuAn3EXi8ymij6j+iqlU9+kIsbNTuZqd8
|
|
zolTGUvO8QIuzpzl2VK47Y8KnDwmXaEhwYPbPA==
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvKy7MHqF8ARHi1glc6RSoarryTUQuCI="
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_ECDSA384"
|
|
set password ENC +T3Mk9KJP+34EkYTlI3Q4D/t+aYwQVkrzUnPDxyY6V+jYv6IFV/2/GMfy1Hg/8zOnYEXftFpjAHLYW6ZGraXt3dBckC5iYwWLRTNZtMd0udKuuA6jrIUOtD8kS4GsQZfb7fKm2R3iNuvZbaJC7Nx9mEn1f7UIJSyK3P6yTBSJ5Gj6iVWAnqygzGq/L7j97bFTYaaHVlmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDbSYBuM2
|
|
11IfFhYCRE5sRQAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
|
|
dHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMj
|
|
U5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXx
|
|
dgAAANCGkPrVLVn6hc/M4lCGoZ1nFz57gA+8Kzl0cAXL4UAJHZPOuNI6C137KbjNlxsGQc
|
|
YwFFKpDU23zcQyWbUkqydmggO+czct9o3kAU6WVK3RlGs9lhI6eeT7Z2FBRm0DISCXgi3c
|
|
JETaHXDDeMYB5WWDuNut2ex/qtWiv93xxm9JBgv113GdAYaD1+s1wsFWQgq40gOVFtLpJT
|
|
7ck+uCjfgkvj0u0EHgSCHCl/FYin5tH2mAS9yz1kKW2EsUzufEBU9roWaBgUuZszrWsX7T
|
|
Uzjs
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMjU5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXxdg=="
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_ECDSA521"
|
|
set password ENC GcJ5LNg6EzDZh2LgXMyyFZc0/UXysDI6VBI+t/2b06eXh9mVRgH7r+k5I1CnhnoQUKkifXHnqu0Rv5vjf+CORC900VjBXYP0UNb+IBtvEXQWd1UoyJQAhUyxOenZ5WNg+rm2Ndi3AltXgiDKDgDKOh4vrLONF18EvAtY94t5GJu7Sbt44gmnEtd7kYkEkKyMzFInX1lmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBDVO8Ujp
|
|
OpeKLIgEatpDJnAAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
|
|
dHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdF
|
|
t5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+K
|
|
HPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RAAAAQCJDmDSUGShG163fq
|
|
XABvww6uZX6RKPV0hve3T9e8VwFWeqjKegGTEP3q4bhXErJ20Ur1oqyQh1a2rf95VXHkoL
|
|
W9dGf9c09ifXDYVHMtUto1M0S2T+szFRr0fnAtLsvmeUM5GUlB07Kin+VKmycHZiB1bF0z
|
|
vIKMBi3KLMXtAUevSvKyruI7YiKqD4CwSvULU73zoziGh0jhUNVpzBdK9pNZHdUMVtxTrX
|
|
a9gu13ZGVvPGyrRuDsvQMks6L7KIIKF0W0vRBY6AOvy3A2GNrLrdkHj2jy8fzcyZwWkt+b
|
|
azdh/FrGRZTDTro6CDeF92cjGixeU26B2se812bLw/U2It
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdFt5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+KHPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RA=="
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_ED25519"
|
|
set password ENC kfM9YVmOr5rlsoNZarhS1lyUs7WMHvKPr4BZvK6GFqL23Y/mEuy+c4S8ISiuMDMNP1Ej8V8xyoLV7yxhXSjZhVo5H7VKz/bKzFKQbc+ty0fbHYJ/fK621fI6LgPIKVxZFOfJ8qVtOt2gZidHMAJSF2CV4BNDzQMEIlw4flmag/th+TYSHAKI6JTkU3i8vkQKYcc+qVlmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAg8FF7ts
|
|
9O5tOD/3vfMgwHAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd
|
|
3JUEAvHnugjOGiXz5Puxg/8YfanOAAAAkBccPI9Dq/7BCMcTVUE9z4ybcOVMlI+53gfr+g
|
|
p67zVLKHPX96XSk/XQBKLjKJ6PSLl9UuEE4MP40LjlSH6U7DlQc3+Kbw8ijV0SbLgH3tV3
|
|
8sXLY4Q3xZCI9VROo82lN2NZfSBk90A5+SahMizkr/M25+OjcLWgkxmzz1t08sjfIt4ZsH
|
|
60nNsm7lppl/WZJw==
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd3JUEAvHnugjOGiXz5Puxg/8YfanO"
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_RSA2048"
|
|
set password ENC GCIXCQGBRALJAlb1/j0sQApJTyyaQATVfw5Y85QIUYxsEAWbrLs/9MasxU/fYD237hW5c64+0w4qFcMDOxhvuSuOLXdqEzbMBAbVaxH0MGIer8yluJH6wXE2vbn/3YaM3WryyC2yeiPbNnoeBuglrKv7gcKTXtoLKnqvB3R+u99/R5RiD593o1IQOAXrmAaLlScb21lmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBV/6oGox
|
|
s8r2NeX1aYozX/AAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhh
|
|
Q5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7
|
|
A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GK
|
|
hFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvC
|
|
HA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8z
|
|
OSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0vAAADwNY1Gj3rHBwaak
|
|
/XfAz6YK3kX+fEHOOzWTndUjw6DIoxsTMHZmi/LcesSRkvPMRyaNxuTO55as3pObXZGFqa
|
|
ZmMttSroXyNIiF8AdUCMkA1AZZqpD+S2FURxgLgVQdLFW4auM8wl6Ci55LGqnQYXDiJWSX
|
|
0yBEc1MuHmN0TH4JEW0kGAeWD8i5rCCD8i4J6thxMbtOBqBB5WDPcrBQHetw8cKWU5F2ee
|
|
2+SjVLKhoct25Uija7lsPAX3NXnTwfz9NK2j0jGZ34PVbUmfxfoV0ubBi76SasjBwfQ8DO
|
|
TV/buWY9I98HSV8271/HAW1WOSQ61XfgymKUQkeVH1Ybv4tz8wp9Kkzp+bX1tFtN1dSCwj
|
|
S4MpJKYsFLaFB2nlPiupaLtGk1bn4nKrlVQYfT679oo3vUKTfYcHPr6SDILBaM+EKL2AjU
|
|
2OEA6TlHZ4gZeo3gUgfg1Jgzt2OgG5SO79nlkRGvR1Gylc3XzaEMiN3WWhVqKy9V0ldPgO
|
|
kv3M+jlt2rJkmt4QtfASQftQKeVb7oiGNM0UM1hJnwVEGUCMpg53mcfjQ9hkB0fUYAVLz9
|
|
dgANa82ULxHi0HVGpfbqVBI6NdFJmw57bJoJljCfJQ+Wq5nRHkUawuuNXj7MOeGUBdxNug
|
|
qQ2sC9brktnF0TamT3WH8aRGC8B5Z1IQceoKlGHYLOnEDHUHtnQQACA1TD3XPeHHuy0U+x
|
|
5vMPAOX/ZR2DsFpvqF2FaRL17kMAoCxwzPUsjFq/Y5yu1My3f3XZjcXYa4Mg1MTqxnnzK8
|
|
QvKUbdmihaGyR/RWCfVsscE0IOZz3ETeGEGhEqJ5eGWeuAPZqki6I27JYLKkoZUQ8i8j/n
|
|
damYMauMsFEsJtg89urRF6KkH0NtrcXQYr4fPHYY0W/xMQkUesyarBh2n91D6RWYCt7Blp
|
|
7Yr15Ycc8cQ19ahNxCaQVZOH6/mkfJGVRWKJfhf1BtKD/ORoatbRflHde11dysy8BF1FxM
|
|
ZLnC2S2UcJxIDNP4tmSsSnpbfAGghSzNkAx3ibJ1ch+TkK61a3gCqW023qlT85bS21yii6
|
|
cBvcEA5qk37bJFMFD1/aazPMOrro0pI10i0ptssTEEpS310O9GHdUbM5djJEEb60pWQQK2
|
|
43G5JtJz1n5WCXacVPCq7otkhEQ+xf3Y8AXs54FGrgBrDC4FZsQLWgT49oLr8B6scDGRee
|
|
F3L1d65Jd4v0i2w7DFGKZBoZB5VvZpbgnwcQN41iWGdJp5c9/sEZd65vw9dFGIU+ql2lTl
|
|
5aoiXWbA==
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhhQ5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GKhFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvCHA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8zOSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0v"
|
|
set source built-in
|
|
next
|
|
end
|
|
config firewall ssh local-ca
|
|
edit "g-Fortinet_SSH_CA"
|
|
set password ENC Jh5918NTD7Qgubeik3vqHS+j7+pgbgyNWNyPjANJ2eIPDwJ1r9b021sVTnZk7NuCa9iYM6c/Yw3vUJxov9QhC2G1RKC9x6aEx4qBG+lol30gZUXJgNZ1PkpGAzEFzLvPApikP1QVqM8gvZJisXG3eAvy8pD50d0lC6BtpAsbyYL5ymvsWfhoSP43N1d5uKRGbXifallmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAZX89z8D
|
|
GkPICCVmUOqFHzAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAAC
|
|
NC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+U
|
|
ZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGP
|
|
E/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7A
|
|
TB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIa
|
|
Mk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9AAADwGnQQNm4H/LBQ9
|
|
Gr4hdGE5Aat0klop3XgTQRD8Z1YDr9ukmYdLJQF6o1f+eIAl8S2C+pgU8gPHWhJyGohG3A
|
|
SzK82bz602VrHPrDQoWS3judXppJ+A1NTxtwXXM7KmxZJyfxBkaTkgIljysEGbvJuGivGF
|
|
NU8kAwZBAgeK0JiuaI4DqQGoe0mYcaZmdHiXkD+5csUDGya5aJjlo75sbbP4A+f4SisAjp
|
|
J0myeXeb6XO1ihGbuVOk5bPWD00LPmYf/5ANCAyA2J/Df/5E4gdhpQc8aLAYf5kQLBiGgw
|
|
/Y4TGBWuMIgKtTxPku0mHZb3AZbKNfli6yT0nJguouUhI1rfkqHJOW4XlkESr8F9uEtZlm
|
|
POVsoCIGehjvUInBe7r40nQAb04LZ6GmWqZHX40fupFU4La4522c1o28r1qgu9h6mxq68i
|
|
wYIfaOxRQR0xKoHLV9UjcX7MDo2lMOl31hBL6wbm/SuvoOfbr3x5Ouf0aw1GA71IFMSfHn
|
|
coDAW3V7kF1ejFCFEkddzj/0zpZUXf+blCQPG5UIWmb4qjKCsrrzLHUyx/G3d0UHpTK0Ih
|
|
FZgzYUn5kX6ImlsHwOptqtoJYPeqVHZ+kK7pSSgz0M4IEmdBC1ABtaXe3uvl6KhkFlymFu
|
|
yrbWSCtyW227l3jwcQj3ZRosp2mqB37VZSvEhw9QQbfgfv7f0a5Jnhgbct5L4f66HhZfhU
|
|
Eb/L42SC4TkxPrl0ZSQ/UPOXSQUlHOGCIiVQT164rlGNDnOc7WrwtuZ+CpgrjdrRglCrsX
|
|
r4eOf/MjSGbXEjShqg2F+C75s90/ogXAB2q0Cyv1ykbB7c3ljmwtvC8P5XKhzdA2tV5YL9
|
|
4nLkzs3yQhQzszVGBtFonAGlVqz45evYGUpGULc7YUaUb5lJ52ypstknwJGxtHVzhCoppU
|
|
Jhuki0jbsOpoCOVHoVTpmShxdW62tStFEWTffSHQKJglOGXV65nb5REuZadBBI+BGEPv1N
|
|
lxICgxDdjH1nQle6g++odOcIGx3yxYCpCPnRXpO0iTmqMBC0MB+om7fx2fJLcDMrPmBflK
|
|
nBvGLdD0yxYnUzJieKyYkRmR2U+yVdLaqKA/Tk2l6W3ZYDqtnxjMsEGjFUyhF64KdRia6R
|
|
mCM9FbLZJ/F/CboBk/l1xk+yHK50bt5r8eUTbo82Sd5IzveQ57C0bR446AlW9hQuFHquZu
|
|
wbZ+sz590wvdYXi/AfdljEKuXrHEYncXYrYLtasQ0BQHAcE/hQBHSFrkI9qVicXRlCPaXP
|
|
pqdp+YAw==
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAACNC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+UZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGPE/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7ATB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIaMk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9"
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_CA_Untrusted"
|
|
set password ENC 6+jbOn4COJdH4l60qScvKCneBx0btYXja1KvPKpSH1BnL5EMfisfsLbMZYtBZ/7nTdAnD/dwA0Ao9MAfrV3zY9JP27d78Irf1TuY9dvRZdRl4zzCL0UBdoL++8ixVFF/kBBm6VXBjgVYcrGrueRe2fAqSplWeNLDQ6BkvpxrjlhxsxVRem1ZNTVlrzCaJ/gu2r035VlmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCQTdPzMa
|
|
0vRUCkbWP2fbZGAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9
|
|
RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lE
|
|
ZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eU
|
|
iw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFG
|
|
Xi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mv
|
|
NVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZlAAADwMYPhQ4qitkI6G
|
|
hq4Dfuzz6gmftmbuxj565Fztt4KA8I0LZ9ySrt4LtLdmQVOcQJ2SfmnA+1DtL4c9bEOLSx
|
|
zsEg1ooHPkruFcj2eJr2flQKYbLZLAe6Xn81wIO3qIPuAT0Fpb5vm9gzX8rirXNnHbo6sy
|
|
QXikdWDawL4rlqpRaecBKzcTSatgIz1OIv3TPm4JoJrObH10a8C3JEB/Y5f+/2P3fyi/PB
|
|
FVYl8VXiiNzzZhsJgFH64H8s2oK3ktD8of3u7zAmIj1NwT4f/81QY5I5Tiq2vsWJwv3yen
|
|
pRGf+dDVt1QMuSOF7RBPY6nFe9pr4OTeamO6mQ0DTFyssEd5yp5I+Omwzge+1WJuf9ldP2
|
|
wZRLoaNWNSVS6zUFtaNTFP8PKzRnWRl46dwS8R1hBcfMEtx+84TFKtgc71tH0/xDkHVboc
|
|
KVwPGbzyO6ESjNNaXJDdF/U4KEKYGa6kCSBU+fdg+2aKzr6yEM9rB27BBaqXa6Nxgc0oTK
|
|
w9BqZe23dP3wUmdX+HWkWXcHb+LHB2Z08h/fqgV91zJ9SM9bRGf6jh+sPL6Ifjcv1ymeRs
|
|
9uAbP/qDh+cRcF0/hKByY/zqnROlEgxSxGqakDLtEVDuKmG9eK2RjEBrHrLtdQJC7AbTMu
|
|
t6HUNp/9Cpwm5TB/jDb0etscB+h15FHGlXhsnXiDzDC2eUxpOELQCXWIbh8ONlRGl1ZmW2
|
|
rAMRWlAKxKwwUaNjJOxK4bqWkAFZG+9m9jYJKi4a1vOCgGNLsubLVY8WMMEAb3abbRgWaU
|
|
WIKp6PJR4ZSZTYuh9aJ3OneEy1DB9zURTV8cgh9UrALDwGT2GdjTHzKCFL+1UivpQ/gsSY
|
|
EeMdNmsLvxUSzmWF6btw/F8iX0tjflRkkHlicHvqe031yH9AEYpaHhSTg4wpLf7l4rvZRP
|
|
2/D/qL+ME91UAdG8vxGiIW+Urd9lCYD1+y013zRKBt9miPBzzX62LX9JXUvghfXPRacUXM
|
|
WgHjUBzcvKxUYeevh64FiDlnZ1omvlDlPYsfd67pyr0BWa8UwppdCRKAUYIb/ux2q7Ae5s
|
|
0hcVtBwKEvf/YLi8jdVWEYQKQLBaMj0hMLgNcZA8YVNUySpHe8bzm7FlmeSvPQD9t6Cpie
|
|
2jorGg+aR5MODJGKXIvAoLQ/IInwUS2NgwP+/vh74Tp5ryWTUE+svsrpQo6i8qZKCisngW
|
|
tvmxChpPCh54mbqvYlKAVs4MfO9ZZRV8NqIzU2FlL2STAmjRLMA+sr9HlPbXrXD6Xqf2VS
|
|
att5Ib/Q==
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lEZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eUiw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFGXi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mvNVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZl"
|
|
set source built-in
|
|
next
|
|
end
|
|
config firewall ssh setting
|
|
set caname "g-Fortinet_SSH_CA"
|
|
set untrusted-caname "g-Fortinet_SSH_CA_Untrusted"
|
|
set hostkey-rsa2048 "g-Fortinet_SSH_RSA2048"
|
|
set hostkey-dsa1024 "g-Fortinet_SSH_DSA1024"
|
|
set hostkey-ecdsa256 "g-Fortinet_SSH_ECDSA256"
|
|
set hostkey-ecdsa384 "g-Fortinet_SSH_ECDSA384"
|
|
set hostkey-ecdsa521 "g-Fortinet_SSH_ECDSA521"
|
|
set hostkey-ed25519 "g-Fortinet_SSH_ED25519"
|
|
set host-trusted-checking enable
|
|
end
|
|
config firewall ssh host-key
|
|
end
|
|
config firewall decrypted-traffic-mirror
|
|
end
|
|
config firewall access-proxy-virtual-host
|
|
end
|
|
config firewall access-proxy-ssh-client-cert
|
|
end
|
|
config firewall access-proxy
|
|
end
|
|
config firewall access-proxy6
|
|
end
|
|
config firewall ipmacbinding setting
|
|
set bindthroughfw disable
|
|
set bindtofw disable
|
|
end
|
|
config firewall ipmacbinding table
|
|
end
|
|
config firewall profile-protocol-options
|
|
edit "default"
|
|
set comment "All default services."
|
|
set replacemsg-group ''
|
|
set oversize-log disable
|
|
set switching-protocols-log disable
|
|
config http
|
|
set ports 80
|
|
set status enable
|
|
set inspect-all disable
|
|
set proxy-after-tcp-handshake disable
|
|
unset options
|
|
set comfort-interval 10
|
|
set comfort-amount 1
|
|
set range-block disable
|
|
set strip-x-forwarded-for disable
|
|
unset post-lang
|
|
set streaming-content-bypass enable
|
|
set switching-protocols bypass
|
|
set unknown-http-version reject
|
|
set tunnel-non-http enable
|
|
set h2c disable
|
|
set unknown-content-encoding block
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set stream-based-uncompressed-limit 0
|
|
set scan-bzip2 enable
|
|
set verify-dns-for-policy-matching enable
|
|
set block-page-status-code 403
|
|
set retry-count 0
|
|
set tcp-window-type auto-tuning
|
|
set ssl-offloaded no
|
|
set address-ip-rating enable
|
|
end
|
|
config ftp
|
|
set ports 21
|
|
set status enable
|
|
set inspect-all disable
|
|
set options splice
|
|
set comfort-interval 10
|
|
set comfort-amount 1
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set stream-based-uncompressed-limit 0
|
|
set scan-bzip2 enable
|
|
set tcp-window-type auto-tuning
|
|
set ssl-offloaded no
|
|
set explicit-ftp-tls disable
|
|
end
|
|
config imap
|
|
set ports 143
|
|
set status enable
|
|
set inspect-all disable
|
|
set proxy-after-tcp-handshake disable
|
|
set options fragmail
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set scan-bzip2 enable
|
|
set ssl-offloaded no
|
|
end
|
|
config mapi
|
|
set ports 135
|
|
set status enable
|
|
set options fragmail
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set scan-bzip2 enable
|
|
end
|
|
config pop3
|
|
set ports 110
|
|
set status enable
|
|
set inspect-all disable
|
|
set proxy-after-tcp-handshake disable
|
|
set options fragmail
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set scan-bzip2 enable
|
|
set ssl-offloaded no
|
|
end
|
|
config smtp
|
|
set ports 25
|
|
set status enable
|
|
set inspect-all disable
|
|
set proxy-after-tcp-handshake disable
|
|
set options fragmail splice
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set scan-bzip2 enable
|
|
set server-busy disable
|
|
set ssl-offloaded no
|
|
end
|
|
config nntp
|
|
set ports 119
|
|
set status enable
|
|
set inspect-all disable
|
|
set proxy-after-tcp-handshake disable
|
|
set options splice
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set scan-bzip2 enable
|
|
end
|
|
config ssh
|
|
unset options
|
|
set comfort-interval 10
|
|
set comfort-amount 1
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set stream-based-uncompressed-limit 0
|
|
set scan-bzip2 enable
|
|
set tcp-window-type auto-tuning
|
|
set ssl-offloaded no
|
|
end
|
|
config dns
|
|
set ports 53
|
|
set status enable
|
|
end
|
|
config cifs
|
|
set ports 445
|
|
set status enable
|
|
unset options
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set scan-bzip2 enable
|
|
set tcp-window-type auto-tuning
|
|
set server-credential-type none
|
|
end
|
|
config mail-signature
|
|
set status disable
|
|
set signature ''
|
|
end
|
|
set rpc-over-http disable
|
|
next
|
|
end
|
|
config firewall ssl-ssh-profile
|
|
edit "deep-inspection"
|
|
set comment "Read-only deep inspection profile."
|
|
config ssl
|
|
set inspect-all disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
end
|
|
config https
|
|
set ports 443
|
|
set status deep-inspection
|
|
set quic inspect
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
set sni-server-cert-check enable
|
|
set cert-probe-failure block
|
|
set min-allowed-ssl-version tls-1.1
|
|
end
|
|
config ftps
|
|
set ports 990
|
|
set status deep-inspection
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
set min-allowed-ssl-version tls-1.1
|
|
end
|
|
config imaps
|
|
set ports 993
|
|
set status deep-inspection
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config pop3s
|
|
set ports 995
|
|
set status deep-inspection
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config smtps
|
|
set ports 465
|
|
set status deep-inspection
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config ssh
|
|
set ports 22
|
|
set status disable
|
|
set inspect-all disable
|
|
set unsupported-version bypass
|
|
set ssh-tun-policy-check disable
|
|
set ssh-algorithm compatible
|
|
end
|
|
config dot
|
|
set status disable
|
|
set quic inspect
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
set allowlist disable
|
|
set block-blocklisted-certificates enable
|
|
config ssl-exempt
|
|
edit 1
|
|
set type fortiguard-category
|
|
set fortiguard-category 31
|
|
next
|
|
edit 2
|
|
set type fortiguard-category
|
|
set fortiguard-category 33
|
|
next
|
|
edit 3
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-adobe"
|
|
next
|
|
edit 4
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-Adobe Login"
|
|
next
|
|
edit 5
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-android"
|
|
next
|
|
edit 6
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-apple"
|
|
next
|
|
edit 7
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-appstore"
|
|
next
|
|
edit 8
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-auth.gfx.ms"
|
|
next
|
|
edit 9
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-citrix"
|
|
next
|
|
edit 10
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-dropbox.com"
|
|
next
|
|
edit 11
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-eease"
|
|
next
|
|
edit 12
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-firefox update server"
|
|
next
|
|
edit 13
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-fortinet"
|
|
next
|
|
edit 14
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-googleapis.com"
|
|
next
|
|
edit 15
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-drive"
|
|
next
|
|
edit 16
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-play2"
|
|
next
|
|
edit 17
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-play3"
|
|
next
|
|
edit 18
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-Gotomeeting"
|
|
next
|
|
edit 19
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-icloud"
|
|
next
|
|
edit 20
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-itunes"
|
|
next
|
|
edit 21
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-microsoft"
|
|
next
|
|
edit 22
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-skype"
|
|
next
|
|
edit 23
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-softwareupdate.vmware.com"
|
|
next
|
|
edit 24
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-verisign"
|
|
next
|
|
edit 25
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-Windows update 2"
|
|
next
|
|
edit 26
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-live.com"
|
|
next
|
|
edit 27
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-play"
|
|
next
|
|
edit 28
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-update.microsoft.com"
|
|
next
|
|
edit 29
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-swscan.apple.com"
|
|
next
|
|
edit 30
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-autoupdate.opera.com"
|
|
next
|
|
edit 31
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-cdn-apple"
|
|
next
|
|
edit 32
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-mzstatic-apple"
|
|
next
|
|
end
|
|
set server-cert-mode re-sign
|
|
set caname "Fortinet_CA_SSL"
|
|
set untrusted-caname "Fortinet_CA_Untrusted"
|
|
set ssl-exemption-ip-rating enable
|
|
set ssl-exemption-log disable
|
|
set ssl-anomaly-log enable
|
|
set ssl-negotiation-log enable
|
|
set ssl-server-cert-log disable
|
|
set ssl-handshake-log disable
|
|
set rpc-over-https disable
|
|
set mapi-over-https disable
|
|
set supported-alpn all
|
|
set use-ssl-server disable
|
|
next
|
|
edit "custom-deep-inspection"
|
|
set comment "Customizable deep inspection profile."
|
|
config ssl
|
|
set inspect-all disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
end
|
|
config https
|
|
set ports 443
|
|
set status deep-inspection
|
|
set quic inspect
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
set sni-server-cert-check enable
|
|
set cert-probe-failure block
|
|
set min-allowed-ssl-version tls-1.1
|
|
end
|
|
config ftps
|
|
set ports 990
|
|
set status deep-inspection
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
set min-allowed-ssl-version tls-1.1
|
|
end
|
|
config imaps
|
|
set ports 993
|
|
set status deep-inspection
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config pop3s
|
|
set ports 995
|
|
set status deep-inspection
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config smtps
|
|
set ports 465
|
|
set status deep-inspection
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config ssh
|
|
set ports 22
|
|
set status disable
|
|
set inspect-all disable
|
|
set unsupported-version bypass
|
|
set ssh-tun-policy-check disable
|
|
set ssh-algorithm compatible
|
|
end
|
|
config dot
|
|
set status disable
|
|
set quic inspect
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
set allowlist disable
|
|
set block-blocklisted-certificates enable
|
|
config ssl-exempt
|
|
edit 1
|
|
set type fortiguard-category
|
|
set fortiguard-category 31
|
|
next
|
|
edit 2
|
|
set type fortiguard-category
|
|
set fortiguard-category 33
|
|
next
|
|
edit 3
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-adobe"
|
|
next
|
|
edit 4
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-Adobe Login"
|
|
next
|
|
edit 5
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-android"
|
|
next
|
|
edit 6
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-apple"
|
|
next
|
|
edit 7
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-appstore"
|
|
next
|
|
edit 8
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-auth.gfx.ms"
|
|
next
|
|
edit 9
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-citrix"
|
|
next
|
|
edit 10
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-dropbox.com"
|
|
next
|
|
edit 11
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-eease"
|
|
next
|
|
edit 12
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-firefox update server"
|
|
next
|
|
edit 13
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-fortinet"
|
|
next
|
|
edit 14
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-googleapis.com"
|
|
next
|
|
edit 15
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-drive"
|
|
next
|
|
edit 16
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-play2"
|
|
next
|
|
edit 17
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-play3"
|
|
next
|
|
edit 18
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-Gotomeeting"
|
|
next
|
|
edit 19
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-icloud"
|
|
next
|
|
edit 20
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-itunes"
|
|
next
|
|
edit 21
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-microsoft"
|
|
next
|
|
edit 22
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-skype"
|
|
next
|
|
edit 23
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-softwareupdate.vmware.com"
|
|
next
|
|
edit 24
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-verisign"
|
|
next
|
|
edit 25
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-Windows update 2"
|
|
next
|
|
edit 26
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-live.com"
|
|
next
|
|
edit 27
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-play"
|
|
next
|
|
edit 28
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-update.microsoft.com"
|
|
next
|
|
edit 29
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-swscan.apple.com"
|
|
next
|
|
edit 30
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-autoupdate.opera.com"
|
|
next
|
|
edit 31
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-cdn-apple"
|
|
next
|
|
edit 32
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-mzstatic-apple"
|
|
next
|
|
end
|
|
set server-cert-mode re-sign
|
|
set caname "Fortinet_CA_SSL"
|
|
set untrusted-caname "Fortinet_CA_Untrusted"
|
|
set ssl-exemption-ip-rating enable
|
|
set ssl-exemption-log disable
|
|
set ssl-anomaly-log enable
|
|
set ssl-negotiation-log enable
|
|
set ssl-server-cert-log disable
|
|
set ssl-handshake-log disable
|
|
set rpc-over-https disable
|
|
set mapi-over-https disable
|
|
set supported-alpn all
|
|
set use-ssl-server disable
|
|
next
|
|
edit "no-inspection"
|
|
set comment "Read-only profile that does no inspection."
|
|
config ssl
|
|
set inspect-all disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
end
|
|
config https
|
|
set status disable
|
|
set quic bypass
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
set sni-server-cert-check enable
|
|
end
|
|
config ftps
|
|
set status disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config imaps
|
|
set status disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config pop3s
|
|
set status disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config smtps
|
|
set status disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config ssh
|
|
set ports 22
|
|
set status disable
|
|
set inspect-all disable
|
|
set unsupported-version bypass
|
|
set ssh-tun-policy-check disable
|
|
set ssh-algorithm compatible
|
|
end
|
|
config dot
|
|
set status disable
|
|
set quic bypass
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
set block-blocklisted-certificates enable
|
|
set caname "Fortinet_CA_SSL"
|
|
set ssl-anomaly-log enable
|
|
set ssl-negotiation-log enable
|
|
set ssl-server-cert-log disable
|
|
set ssl-handshake-log disable
|
|
next
|
|
edit "certificate-inspection"
|
|
set comment "Read-only SSL handshake inspection profile."
|
|
config ssl
|
|
set inspect-all disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
end
|
|
config https
|
|
set ports 443
|
|
set status certificate-inspection
|
|
set quic inspect
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
set sni-server-cert-check enable
|
|
set cert-probe-failure block
|
|
set encrypted-client-hello block
|
|
end
|
|
config ftps
|
|
set status disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config imaps
|
|
set status disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config pop3s
|
|
set status disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config smtps
|
|
set status disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config ssh
|
|
set ports 22
|
|
set status disable
|
|
set inspect-all disable
|
|
set unsupported-version bypass
|
|
set ssh-tun-policy-check disable
|
|
set ssh-algorithm compatible
|
|
end
|
|
config dot
|
|
set status disable
|
|
set quic inspect
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
set block-blocklisted-certificates enable
|
|
set caname "Fortinet_CA_SSL"
|
|
set ssl-anomaly-log enable
|
|
set ssl-negotiation-log enable
|
|
set ssl-server-cert-log disable
|
|
set ssl-handshake-log disable
|
|
next
|
|
end
|
|
config waf profile
|
|
edit "default"
|
|
set external disable
|
|
set extended-log disable
|
|
config signature
|
|
config main-class 100000000
|
|
set status disable
|
|
set action block
|
|
set log disable
|
|
set severity high
|
|
end
|
|
config main-class 20000000
|
|
set status disable
|
|
set action allow
|
|
set log disable
|
|
set severity medium
|
|
end
|
|
config main-class 30000000
|
|
set status enable
|
|
set action block
|
|
set log disable
|
|
set severity high
|
|
end
|
|
config main-class 40000000
|
|
set status disable
|
|
set action allow
|
|
set log disable
|
|
set severity medium
|
|
end
|
|
config main-class 50000000
|
|
set status enable
|
|
set action block
|
|
set log disable
|
|
set severity high
|
|
end
|
|
config main-class 60000000
|
|
set status disable
|
|
set action allow
|
|
set log disable
|
|
set severity medium
|
|
end
|
|
config main-class 70000000
|
|
set status enable
|
|
set action block
|
|
set log disable
|
|
set severity high
|
|
end
|
|
config main-class 80000000
|
|
set status enable
|
|
set action allow
|
|
set log disable
|
|
set severity low
|
|
end
|
|
config main-class 110000000
|
|
set status enable
|
|
set action allow
|
|
set log disable
|
|
set severity high
|
|
end
|
|
config main-class 90000000
|
|
set status enable
|
|
set action block
|
|
set log disable
|
|
set severity high
|
|
end
|
|
set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002
|
|
set credit-card-detection-threshold 3
|
|
end
|
|
config constraint
|
|
config header-length
|
|
set status enable
|
|
set length 8192
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config content-length
|
|
set status enable
|
|
set length 67108864
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config param-length
|
|
set status enable
|
|
set length 8192
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config line-length
|
|
set status enable
|
|
set length 1024
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config url-param-length
|
|
set status enable
|
|
set length 8192
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config version
|
|
set status disable
|
|
set action allow
|
|
set log enable
|
|
set severity medium
|
|
end
|
|
config method
|
|
set status disable
|
|
set action block
|
|
set log enable
|
|
set severity medium
|
|
end
|
|
config hostname
|
|
set status disable
|
|
set action block
|
|
set log enable
|
|
set severity medium
|
|
end
|
|
config malformed
|
|
set status disable
|
|
set action allow
|
|
set log enable
|
|
set severity medium
|
|
end
|
|
config max-cookie
|
|
set status enable
|
|
set max-cookie 16
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config max-header-line
|
|
set status enable
|
|
set max-header-line 32
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config max-url-param
|
|
set status enable
|
|
set max-url-param 16
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config max-range-segment
|
|
set status enable
|
|
set max-range-segment 5
|
|
set action allow
|
|
set log enable
|
|
set severity high
|
|
end
|
|
end
|
|
config method
|
|
set status disable
|
|
set log disable
|
|
set severity medium
|
|
unset default-allowed-methods
|
|
end
|
|
config address-list
|
|
set status disable
|
|
set blocked-log disable
|
|
set severity medium
|
|
end
|
|
set comment ''
|
|
next
|
|
end
|
|
config firewall ssl-server
|
|
end
|
|
config casb saas-application
|
|
end
|
|
config casb user-activity
|
|
end
|
|
config casb profile
|
|
edit "default"
|
|
set comment ''
|
|
next
|
|
end
|
|
config firewall profile-group
|
|
end
|
|
config firewall identity-based-route
|
|
end
|
|
config firewall auth-portal
|
|
set portal-addr ''
|
|
set portal-addr6 ''
|
|
set identity-based-route ''
|
|
set proxy-auth disable
|
|
end
|
|
config firewall policy
|
|
end
|
|
config firewall shaping-policy
|
|
end
|
|
config firewall shaping-profile
|
|
end
|
|
config firewall local-in-policy
|
|
end
|
|
config firewall local-in-policy6
|
|
end
|
|
config firewall ttl-policy
|
|
end
|
|
config firewall proxy-policy
|
|
end
|
|
config firewall dnstranslation
|
|
end
|
|
config firewall multicast-policy
|
|
end
|
|
config firewall multicast-policy6
|
|
end
|
|
config firewall interface-policy
|
|
end
|
|
config firewall interface-policy6
|
|
end
|
|
config firewall DoS-policy
|
|
end
|
|
config firewall DoS-policy6
|
|
end
|
|
config firewall sniffer
|
|
end
|
|
config firewall on-demand-sniffer
|
|
end
|
|
config firewall acl
|
|
end
|
|
config firewall acl6
|
|
end
|
|
config firewall central-snat-map
|
|
end
|
|
config firewall ip-translation
|
|
end
|
|
config authentication scheme
|
|
end
|
|
config authentication rule
|
|
end
|
|
config authentication setting
|
|
set active-auth-scheme ''
|
|
set sso-auth-scheme ''
|
|
set update-time 0000-00-00 00:00:00
|
|
set persistent-cookie enable
|
|
set ip-auth-cookie disable
|
|
set cookie-max-age 480
|
|
set cookie-refresh-div 2
|
|
set captive-portal-type fqdn
|
|
set captive-portal ''
|
|
set captive-portal6 ''
|
|
set cert-auth disable
|
|
set captive-portal-port 7830
|
|
set auth-https enable
|
|
set captive-portal-ssl-port 7831
|
|
end
|
|
config system speed-test-schedule
|
|
end
|
|
config switch-controller switch-interface-tag
|
|
end
|
|
config switch-controller 802-1X-settings
|
|
set link-down-auth set-unauth
|
|
set reauth-period 60
|
|
set max-reauth-attempt 3
|
|
set tx-period 30
|
|
set mab-reauth disable
|
|
set mac-username-delimiter hyphen
|
|
set mac-password-delimiter hyphen
|
|
set mac-calling-station-delimiter hyphen
|
|
set mac-called-station-delimiter hyphen
|
|
set mac-case lowercase
|
|
end
|
|
config switch-controller security-policy 802-1X
|
|
edit "802-1X-policy-default"
|
|
set security-mode 802.1X
|
|
set user-group "SSO_Guest_Users"
|
|
set mac-auth-bypass disable
|
|
set open-auth disable
|
|
set eap-passthru enable
|
|
set eap-auto-untagged-vlans enable
|
|
set guest-vlan disable
|
|
set guest-auth-delay 30
|
|
set auth-fail-vlan disable
|
|
set framevid-apply enable
|
|
set radius-timeout-overwrite disable
|
|
set policy-type 802.1X
|
|
set authserver-timeout-vlan disable
|
|
set dacl disable
|
|
next
|
|
end
|
|
config switch-controller security-policy local-access
|
|
edit "default"
|
|
set mgmt-allowaccess https ping ssh
|
|
set internal-allowaccess https ping ssh
|
|
next
|
|
end
|
|
config switch-controller location
|
|
end
|
|
config switch-controller lldp-settings
|
|
set tx-hold 4
|
|
set tx-interval 30
|
|
set fast-start-interval 2
|
|
set management-interface internal
|
|
set device-detection enable
|
|
end
|
|
config switch-controller lldp-profile
|
|
edit "default"
|
|
set med-tlvs inventory-management network-policy location-identification
|
|
unset 802.1-tlvs
|
|
unset 802.3-tlvs
|
|
set auto-isl disable
|
|
config med-network-policy
|
|
edit "voice"
|
|
set status disable
|
|
next
|
|
edit "voice-signaling"
|
|
set status disable
|
|
next
|
|
edit "guest-voice"
|
|
set status disable
|
|
next
|
|
edit "guest-voice-signaling"
|
|
set status disable
|
|
next
|
|
edit "softphone-voice"
|
|
set status disable
|
|
next
|
|
edit "video-conferencing"
|
|
set status disable
|
|
next
|
|
edit "streaming-video"
|
|
set status disable
|
|
next
|
|
edit "video-signaling"
|
|
set status disable
|
|
next
|
|
end
|
|
config med-location-service
|
|
edit "coordinates"
|
|
set status disable
|
|
next
|
|
edit "address-civic"
|
|
set status disable
|
|
next
|
|
edit "elin-number"
|
|
set status disable
|
|
next
|
|
end
|
|
next
|
|
edit "default-auto-isl"
|
|
unset med-tlvs
|
|
unset 802.1-tlvs
|
|
unset 802.3-tlvs
|
|
set auto-isl enable
|
|
set auto-isl-hello-timer 3
|
|
set auto-isl-receive-timeout 60
|
|
set auto-isl-port-group 0
|
|
set auto-mclag-icl disable
|
|
set auto-isl-auth legacy
|
|
next
|
|
edit "default-auto-mclag-icl"
|
|
unset med-tlvs
|
|
unset 802.1-tlvs
|
|
unset 802.3-tlvs
|
|
set auto-isl enable
|
|
set auto-isl-hello-timer 3
|
|
set auto-isl-receive-timeout 60
|
|
set auto-isl-port-group 0
|
|
set auto-mclag-icl enable
|
|
set auto-isl-auth legacy
|
|
next
|
|
end
|
|
config switch-controller qos dot1p-map
|
|
edit "voice-dot1p"
|
|
set description ''
|
|
set egress-pri-tagging disable
|
|
set priority-0 queue-4
|
|
set priority-1 queue-4
|
|
set priority-2 queue-3
|
|
set priority-3 queue-2
|
|
set priority-4 queue-3
|
|
set priority-5 queue-1
|
|
set priority-6 queue-2
|
|
set priority-7 queue-2
|
|
next
|
|
end
|
|
config switch-controller qos ip-dscp-map
|
|
edit "voice-dscp"
|
|
set description ''
|
|
config map
|
|
edit "1"
|
|
set cos-queue 1
|
|
set value 46
|
|
next
|
|
edit "2"
|
|
set cos-queue 2
|
|
set value 24,26,48,56
|
|
next
|
|
edit "5"
|
|
set cos-queue 3
|
|
set value 34
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config switch-controller qos queue-policy
|
|
edit "default"
|
|
set schedule round-robin
|
|
set rate-by kbps
|
|
config cos-queue
|
|
edit "queue-0"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-1"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-2"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-3"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-4"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-5"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-6"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-7"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
end
|
|
next
|
|
edit "voice-egress"
|
|
set schedule weighted
|
|
set rate-by kbps
|
|
config cos-queue
|
|
edit "queue-0"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-1"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 0
|
|
next
|
|
edit "queue-2"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 6
|
|
next
|
|
edit "queue-3"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 37
|
|
next
|
|
edit "queue-4"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 12
|
|
next
|
|
edit "queue-5"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-6"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-7"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config switch-controller qos qos-policy
|
|
edit "default"
|
|
set default-cos 0
|
|
set trust-dot1p-map ''
|
|
set trust-ip-dscp-map ''
|
|
set queue-policy "default"
|
|
next
|
|
edit "voice-qos"
|
|
set default-cos 0
|
|
set trust-dot1p-map "voice-dot1p"
|
|
set trust-ip-dscp-map "voice-dscp"
|
|
set queue-policy "voice-egress"
|
|
next
|
|
end
|
|
config switch-controller storm-control-policy
|
|
edit "default"
|
|
set description "default storm control on all port"
|
|
set storm-control-mode global
|
|
next
|
|
edit "auto-config"
|
|
set description "storm control policy for fortilink-isl-icl port"
|
|
set storm-control-mode disabled
|
|
next
|
|
end
|
|
config switch-controller auto-config policy
|
|
edit "pse"
|
|
set qos-policy "default"
|
|
set storm-control-policy "auto-config"
|
|
set poe-status enable
|
|
set igmp-flood-report disable
|
|
set igmp-flood-traffic disable
|
|
next
|
|
edit "default"
|
|
set qos-policy "default"
|
|
set storm-control-policy "auto-config"
|
|
set poe-status enable
|
|
set igmp-flood-report disable
|
|
set igmp-flood-traffic disable
|
|
next
|
|
edit "default-icl"
|
|
set qos-policy "default"
|
|
set storm-control-policy "auto-config"
|
|
set poe-status disable
|
|
set igmp-flood-report enable
|
|
set igmp-flood-traffic enable
|
|
next
|
|
end
|
|
config switch-controller auto-config default
|
|
set fgt-policy "default"
|
|
set isl-policy "default"
|
|
set icl-policy "default-icl"
|
|
end
|
|
config switch-controller auto-config custom
|
|
end
|
|
config switch-controller initial-config template
|
|
edit "_default"
|
|
set vlanid 1
|
|
unset allowaccess
|
|
set dhcp-server disable
|
|
next
|
|
edit "quarantine"
|
|
set vlanid 4093
|
|
unset allowaccess
|
|
set auto-ip enable
|
|
set dhcp-server enable
|
|
next
|
|
edit "rspan"
|
|
set vlanid 4092
|
|
unset allowaccess
|
|
set auto-ip enable
|
|
set dhcp-server enable
|
|
next
|
|
edit "voice"
|
|
set vlanid 4091
|
|
unset allowaccess
|
|
set dhcp-server disable
|
|
next
|
|
edit "video"
|
|
set vlanid 4090
|
|
unset allowaccess
|
|
set dhcp-server disable
|
|
next
|
|
edit "onboarding"
|
|
set vlanid 4089
|
|
unset allowaccess
|
|
set dhcp-server disable
|
|
next
|
|
edit "nac_segment"
|
|
set vlanid 4088
|
|
unset allowaccess
|
|
set auto-ip enable
|
|
set dhcp-server enable
|
|
next
|
|
end
|
|
config switch-controller initial-config vlans
|
|
set default-vlan "_default"
|
|
set quarantine "quarantine"
|
|
set rspan "rspan"
|
|
set voice "voice"
|
|
set video "video"
|
|
set nac "onboarding"
|
|
set nac-segment "nac_segment"
|
|
end
|
|
config switch-controller switch-profile
|
|
edit "default"
|
|
set login-passwd-override disable
|
|
set login enable
|
|
set revision-backup-on-logout disable
|
|
set revision-backup-on-upgrade disable
|
|
next
|
|
end
|
|
config switch-controller custom-command
|
|
end
|
|
config switch-controller virtual-port-pool
|
|
end
|
|
config switch-controller ptp profile
|
|
edit "default"
|
|
set description ''
|
|
set mode transparent-e2e
|
|
next
|
|
end
|
|
config switch-controller ptp interface-policy
|
|
edit "default"
|
|
set description ''
|
|
set vlan ''
|
|
set vlan-pri 4
|
|
next
|
|
end
|
|
config switch-controller vlan-policy
|
|
end
|
|
config switch-controller acl ingress
|
|
end
|
|
config switch-controller acl group
|
|
end
|
|
config switch-controller dynamic-port-policy
|
|
end
|
|
config switch-controller managed-switch
|
|
end
|
|
config switch-controller switch-group
|
|
end
|
|
config switch-controller stp-settings
|
|
set name ''
|
|
set revision 0
|
|
set hello-time 2
|
|
set forward-time 15
|
|
set max-age 20
|
|
set max-hops 20
|
|
end
|
|
config switch-controller stp-instance
|
|
end
|
|
config switch-controller storm-control
|
|
set rate 500
|
|
set unknown-unicast disable
|
|
set unknown-multicast disable
|
|
set broadcast disable
|
|
end
|
|
config switch-controller global
|
|
set mac-aging-interval 300
|
|
set https-image-push enable
|
|
set vlan-optimization enable
|
|
set vlan-identity name
|
|
set mac-retention-period 24
|
|
set default-virtual-switch-vlan ''
|
|
set dhcp-server-access-list disable
|
|
set dhcp-option82-format ascii
|
|
set dhcp-option82-circuit-id intfname vlan mode
|
|
set dhcp-option82-remote-id mac
|
|
set dhcp-snoop-client-req drop-untrusted
|
|
set dhcp-snoop-client-db-exp 86400
|
|
set dhcp-snoop-db-per-port-learn-limit 64
|
|
set log-mac-limit-violations disable
|
|
set sn-dns-resolution enable
|
|
set mac-event-logging disable
|
|
set bounce-quarantined-link disable
|
|
set quarantine-mode by-vlan
|
|
set update-user-device mac-cache lldp dhcp-snooping l2-db l3-db
|
|
set fips-enforce enable
|
|
set firmware-provision-on-authorization disable
|
|
set switch-on-deauth no-op
|
|
end
|
|
config switch-controller switch-log
|
|
set status enable
|
|
set severity notification
|
|
end
|
|
config switch-controller igmp-snooping
|
|
set aging-time 300
|
|
set flood-unknown-multicast disable
|
|
set query-interval 125
|
|
end
|
|
config switch-controller sflow
|
|
set collector-ip 0.0.0.0
|
|
set collector-port 6343
|
|
end
|
|
config switch-controller network-monitor-settings
|
|
set network-monitoring disable
|
|
end
|
|
config switch-controller flow-tracking
|
|
set sample-mode perimeter
|
|
set sample-rate 512
|
|
set format netflow9
|
|
set level ip
|
|
set max-export-pkt-size 512
|
|
set template-export-period 5
|
|
set timeout-general 3600
|
|
set timeout-icmp 300
|
|
set timeout-max 604800
|
|
set timeout-tcp 3600
|
|
set timeout-tcp-fin 300
|
|
set timeout-tcp-rst 120
|
|
set timeout-udp 300
|
|
end
|
|
config switch-controller snmp-sysinfo
|
|
set status disable
|
|
set engine-id ''
|
|
set description ''
|
|
set contact-info ''
|
|
set location ''
|
|
end
|
|
config switch-controller snmp-trap-threshold
|
|
set trap-high-cpu-threshold 80
|
|
set trap-low-memory-threshold 80
|
|
set trap-log-full-threshold 90
|
|
end
|
|
config switch-controller snmp-community
|
|
end
|
|
config switch-controller snmp-user
|
|
end
|
|
config switch-controller traffic-sniffer
|
|
set mode erspan-auto
|
|
set erspan-ip 0.0.0.0
|
|
end
|
|
config switch-controller remote-log
|
|
edit "syslogd"
|
|
set status disable
|
|
next
|
|
edit "syslogd2"
|
|
set status disable
|
|
next
|
|
end
|
|
config switch-controller mac-policy
|
|
end
|
|
config wireless-controller setting
|
|
set account-id ''
|
|
set country US
|
|
set duplicate-ssid disable
|
|
set fapc-compatibility disable
|
|
set wfa-compatibility disable
|
|
set phishing-ssid-detect enable
|
|
set fake-ssid-action log
|
|
set device-weight 1
|
|
set device-holdoff 5
|
|
set device-idle 1440
|
|
set firmware-provision-on-authorization disable
|
|
set rolling-wtp-upgrade disable
|
|
set darrp-optimize 86400
|
|
set darrp-optimize-schedules "default-darrp-optimize"
|
|
end
|
|
config wireless-controller log
|
|
set status enable
|
|
set addrgrp-log notification
|
|
set ble-log notification
|
|
set clb-log notification
|
|
set dhcp-starv-log notification
|
|
set led-sched-log notification
|
|
set radio-event-log notification
|
|
set rogue-event-log notification
|
|
set sta-event-log notification
|
|
set sta-locate-log notification
|
|
set wids-log notification
|
|
set wtp-event-log notification
|
|
set wtp-fips-event-log notification
|
|
end
|
|
config wireless-controller apcfg-profile
|
|
end
|
|
config wireless-controller bonjour-profile
|
|
end
|
|
config wireless-controller arrp-profile
|
|
edit "arrp-default"
|
|
set comment ''
|
|
set selection-period 3600
|
|
set monitor-period 300
|
|
set weight-managed-ap 50
|
|
set weight-rogue-ap 10
|
|
set weight-noise-floor 40
|
|
set weight-channel-load 20
|
|
set weight-spectral-rssi 40
|
|
set weight-weather-channel 0
|
|
set weight-dfs-channel 0
|
|
set threshold-ap 250
|
|
set threshold-noise-floor "-85"
|
|
set threshold-channel-load 60
|
|
set threshold-spectral-rssi "-65"
|
|
set threshold-tx-retries 300
|
|
set threshold-rx-errors 50
|
|
set include-weather-channel enable
|
|
set include-dfs-channel enable
|
|
set override-darrp-optimize disable
|
|
next
|
|
end
|
|
config wireless-controller region
|
|
end
|
|
config wireless-controller vap-group
|
|
end
|
|
config wireless-controller wids-profile
|
|
edit "default"
|
|
set comment "Default WIDS profile."
|
|
set sensor-mode disable
|
|
set ap-scan enable
|
|
set ap-bgscan-period 600
|
|
set ap-bgscan-intv 1
|
|
set ap-bgscan-duration 20
|
|
set ap-bgscan-idle 0
|
|
set ap-bgscan-report-intv 30
|
|
set ap-fgscan-report-intv 15
|
|
set ap-scan-passive disable
|
|
set ap-scan-threshold "-90"
|
|
set wireless-bridge enable
|
|
set deauth-broadcast enable
|
|
set null-ssid-probe-resp enable
|
|
set long-duration-attack enable
|
|
set long-duration-thresh 8200
|
|
set invalid-mac-oui enable
|
|
set weak-wep-iv enable
|
|
set auth-frame-flood enable
|
|
set auth-flood-time 10
|
|
set auth-flood-thresh 30
|
|
set assoc-frame-flood enable
|
|
set assoc-flood-time 10
|
|
set assoc-flood-thresh 30
|
|
set spoofed-deauth enable
|
|
set asleap-attack enable
|
|
set eapol-start-flood enable
|
|
set eapol-start-thresh 10
|
|
set eapol-start-intv 1
|
|
set eapol-logoff-flood enable
|
|
set eapol-logoff-thresh 10
|
|
set eapol-logoff-intv 1
|
|
set eapol-succ-flood enable
|
|
set eapol-succ-thresh 10
|
|
set eapol-succ-intv 1
|
|
set eapol-fail-flood enable
|
|
set eapol-fail-thresh 10
|
|
set eapol-fail-intv 1
|
|
set eapol-pre-succ-flood enable
|
|
set eapol-pre-succ-thresh 10
|
|
set eapol-pre-succ-intv 1
|
|
set eapol-pre-fail-flood enable
|
|
set eapol-pre-fail-thresh 10
|
|
set eapol-pre-fail-intv 1
|
|
set deauth-unknown-src-thresh 10
|
|
next
|
|
edit "default-wids-apscan-enabled"
|
|
set comment ''
|
|
set sensor-mode disable
|
|
set ap-scan enable
|
|
set ap-bgscan-period 600
|
|
set ap-bgscan-intv 1
|
|
set ap-bgscan-duration 20
|
|
set ap-bgscan-idle 0
|
|
set ap-bgscan-report-intv 30
|
|
set ap-fgscan-report-intv 15
|
|
set ap-scan-passive disable
|
|
set ap-scan-threshold "-90"
|
|
set wireless-bridge disable
|
|
set deauth-broadcast disable
|
|
set null-ssid-probe-resp disable
|
|
set long-duration-attack disable
|
|
set long-duration-thresh 8200
|
|
set invalid-mac-oui disable
|
|
set weak-wep-iv disable
|
|
set auth-frame-flood disable
|
|
set assoc-frame-flood disable
|
|
set spoofed-deauth disable
|
|
set asleap-attack disable
|
|
set eapol-start-flood disable
|
|
set eapol-logoff-flood disable
|
|
set eapol-succ-flood disable
|
|
set eapol-fail-flood disable
|
|
set eapol-pre-succ-flood disable
|
|
set eapol-pre-fail-flood disable
|
|
set deauth-unknown-src-thresh 10
|
|
next
|
|
end
|
|
config wireless-controller ble-profile
|
|
edit "fortiap-discovery"
|
|
set comment ''
|
|
set advertising ibeacon eddystone-uid eddystone-url
|
|
set ibeacon-uuid "wtp-uuid"
|
|
set major-id 1000
|
|
set minor-id 2000
|
|
set eddystone-namespace "0102030405"
|
|
set eddystone-instance "abcdef"
|
|
set eddystone-url "http://www.fortinet.com"
|
|
set txpower 0
|
|
set beacon-interval 100
|
|
set ble-scanning disable
|
|
set scan-type active
|
|
set scan-threshold "-90"
|
|
next
|
|
end
|
|
config wireless-controller syslog-profile
|
|
end
|
|
config wireless-controller wtp-profile
|
|
end
|
|
config wireless-controller wtp
|
|
end
|
|
config wireless-controller wtp-group
|
|
end
|
|
config wireless-controller qos-profile
|
|
end
|
|
config wireless-controller wag-profile
|
|
end
|
|
config wireless-controller snmp
|
|
set engine-id ''
|
|
set contact-info ''
|
|
set trap-high-cpu-threshold 80
|
|
set trap-high-mem-threshold 80
|
|
end
|
|
config wireless-controller mpsk-profile
|
|
end
|
|
config wireless-controller nac-profile
|
|
end
|
|
config wireless-controller ssid-policy
|
|
end
|
|
config wireless-controller access-control-list
|
|
end
|
|
config wireless-controller ap-status
|
|
end
|
|
config user nac-policy
|
|
end
|
|
config extension-controller dataplan
|
|
end
|
|
config extension-controller extender-vap
|
|
end
|
|
config extension-controller extender-profile
|
|
end
|
|
config extension-controller extender
|
|
end
|
|
config extension-controller fortigate-profile
|
|
end
|
|
config extension-controller fortigate
|
|
end
|
|
config system ips
|
|
set signature-hold-time 0h
|
|
end
|
|
config endpoint-control settings
|
|
set override disable
|
|
end
|
|
config ips custom
|
|
end
|
|
config ips settings
|
|
set packet-log-history 1
|
|
set packet-log-post-attack 0
|
|
set ips-packet-quota 0
|
|
set proxy-inline-ips disable
|
|
end
|
|
config alertemail setting
|
|
set username ''
|
|
set mailto1 ''
|
|
set mailto2 ''
|
|
set mailto3 ''
|
|
set filter-mode category
|
|
set email-interval 5
|
|
set IPS-logs disable
|
|
set firewall-authentication-failure-logs disable
|
|
set HA-logs disable
|
|
set IPsec-errors-logs disable
|
|
set FDS-update-logs disable
|
|
set PPP-errors-logs disable
|
|
set sslvpn-authentication-errors-logs disable
|
|
set antivirus-logs disable
|
|
set webfilter-logs disable
|
|
set configuration-changes-logs disable
|
|
set violation-traffic-logs disable
|
|
set admin-login-logs disable
|
|
set FDS-license-expiring-warning disable
|
|
set log-disk-usage-warning disable
|
|
set FSSO-disconnect-logs disable
|
|
set ssh-logs disable
|
|
set local-disk-usage 75
|
|
end
|
|
config router access-list
|
|
end
|
|
config router access-list6
|
|
end
|
|
config router aspath-list
|
|
end
|
|
config router prefix-list
|
|
end
|
|
config router prefix-list6
|
|
end
|
|
config router key-chain
|
|
end
|
|
config router community-list
|
|
end
|
|
config router extcommunity-list
|
|
end
|
|
config router route-map
|
|
end
|
|
config router rip
|
|
set default-information-originate disable
|
|
set default-metric 1
|
|
set max-out-metric 0
|
|
config redistribute "connected"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "static"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "ospf"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "bgp"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "isis"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
set update-timer 30
|
|
set timeout-timer 180
|
|
set garbage-timer 120
|
|
set version 2
|
|
end
|
|
config router ripng
|
|
set default-information-originate disable
|
|
set default-metric 1
|
|
set max-out-metric 0
|
|
config redistribute "connected"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "static"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "ospf"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "bgp"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "isis"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
set update-timer 30
|
|
set timeout-timer 180
|
|
set garbage-timer 120
|
|
end
|
|
config router static
|
|
edit 1
|
|
set status enable
|
|
set dst 0.0.0.0 0.0.0.0
|
|
set gateway 192.168.1.1
|
|
set preferred-source 0.0.0.0
|
|
set distance 10
|
|
set weight 0
|
|
set priority 1
|
|
set device "mgmt1"
|
|
set comment ''
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set dstaddr ''
|
|
unset internet-service
|
|
set internet-service-custom ''
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
end
|
|
config router policy
|
|
end
|
|
config router policy6
|
|
end
|
|
config router static6
|
|
end
|
|
config router ospf
|
|
set abr-type standard
|
|
set auto-cost-ref-bandwidth 1000
|
|
set distance-external 110
|
|
set distance-inter-area 110
|
|
set distance-intra-area 110
|
|
set database-overflow disable
|
|
set database-overflow-max-lsas 10000
|
|
set database-overflow-time-to-recover 300
|
|
set default-information-originate disable
|
|
set default-information-metric 10
|
|
set default-information-metric-type 2
|
|
set default-information-route-map ''
|
|
set default-metric 10
|
|
set distance 110
|
|
set rfc1583-compatible disable
|
|
set router-id 0.0.0.0
|
|
set spf-timers 5 10
|
|
set bfd disable
|
|
set log-neighbour-changes enable
|
|
set distribute-list-in ''
|
|
set distribute-route-map-in ''
|
|
set restart-mode none
|
|
config redistribute "connected"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
set tag 0
|
|
end
|
|
config redistribute "static"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
set tag 0
|
|
end
|
|
config redistribute "rip"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
set tag 0
|
|
end
|
|
config redistribute "bgp"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
set tag 0
|
|
end
|
|
config redistribute "isis"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
set tag 0
|
|
end
|
|
end
|
|
config router ospf6
|
|
set abr-type standard
|
|
set auto-cost-ref-bandwidth 1000
|
|
set default-information-originate disable
|
|
set log-neighbour-changes enable
|
|
set default-information-metric 10
|
|
set default-information-metric-type 2
|
|
set default-information-route-map ''
|
|
set default-metric 10
|
|
set router-id 0.0.0.0
|
|
set spf-timers 5 10
|
|
set bfd disable
|
|
set restart-mode none
|
|
config redistribute "connected"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
end
|
|
config redistribute "static"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
end
|
|
config redistribute "rip"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
end
|
|
config redistribute "bgp"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
end
|
|
config redistribute "isis"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
end
|
|
end
|
|
config router bgp
|
|
unset as
|
|
set keepalive-timer 60
|
|
set holdtime-timer 180
|
|
set always-compare-med disable
|
|
set bestpath-as-path-ignore disable
|
|
set bestpath-cmp-confed-aspath disable
|
|
set bestpath-cmp-routerid disable
|
|
set bestpath-med-confed disable
|
|
set bestpath-med-missing-as-worst disable
|
|
set client-to-client-reflection enable
|
|
set dampening disable
|
|
set deterministic-med disable
|
|
set ebgp-multipath disable
|
|
set ibgp-multipath disable
|
|
set enforce-first-as enable
|
|
set fast-external-failover enable
|
|
set log-neighbour-changes enable
|
|
set network-import-check enable
|
|
set ignore-optional-capability enable
|
|
set multipath-recursive-distance disable
|
|
set recursive-next-hop disable
|
|
set recursive-inherit-priority disable
|
|
set tag-resolve-mode disable
|
|
set cluster-id 0.0.0.0
|
|
set confederation-identifier 0
|
|
set default-local-preference 100
|
|
set scan-time 60
|
|
set distance-external 20
|
|
set distance-internal 200
|
|
set distance-local 200
|
|
set synchronization disable
|
|
set graceful-restart disable
|
|
set cross-family-conditional-adv disable
|
|
config redistribute "connected"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute "rip"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute "ospf"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute "static"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute "isis"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute6 "connected"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute6 "rip"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute6 "ospf"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute6 "static"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute6 "isis"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
end
|
|
config router isis
|
|
set is-type level-1-2
|
|
set adv-passive-only disable
|
|
set adv-passive-only6 disable
|
|
set auth-mode-l1 password
|
|
set auth-mode-l2 password
|
|
set auth-password-l1 ENC 6d0cO7g0Ks/YBBmZcHly76YlRJFt3+r2uaLqDvJjVyF5ks/5h16Lf+qQBRrttO8j9OVkDQuQfBsV6pHw8Xqfhn51+AVkkCzXkQjjU4eF591QQo/cbkDqZvS2YARkIgyuxY+4rDFKi05a0TXkZIAEvclOLpBDDBkdnLDpcsVqiQjxwMDHb4qS8ce/jA9innJ+Si+NJFlmMjY3dkVA
|
|
set auth-password-l2 ENC iogYjwVZv11CxAQdCIdpGHnaJ5OnacIz2cHiil6gum1UbEXKL9wTYmEoYhVfz+xP63zQqjyl1A3kvufajHX6vvFKSMBnvHWM11r50OqzAiDKu1X5Pqk0vwr3BHXR2lZR6dqbiD/Ygz+LAMSsSJrcghnanT/KpHKkOkvP14GVVB1YGV4cMtX36zPocDhsmMAQRGetGFlmMjY3dkVA
|
|
set auth-sendonly-l1 disable
|
|
set auth-sendonly-l2 disable
|
|
set ignore-lsp-errors disable
|
|
set lsp-gen-interval-l1 30
|
|
set lsp-gen-interval-l2 30
|
|
set lsp-refresh-interval 900
|
|
set max-lsp-lifetime 1200
|
|
set spf-interval-exp-l1 500 50000
|
|
set spf-interval-exp-l2 500 50000
|
|
set dynamic-hostname disable
|
|
set adjacency-check disable
|
|
set adjacency-check6 disable
|
|
set overload-bit disable
|
|
unset overload-bit-suppress
|
|
set overload-bit-on-startup 0
|
|
set default-originate disable
|
|
set default-originate6 disable
|
|
set metric-style narrow
|
|
set redistribute-l1 disable
|
|
set redistribute-l2 disable
|
|
set redistribute6-l1 disable
|
|
set redistribute6-l2 disable
|
|
config redistribute "connected"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute "rip"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute "ospf"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute "bgp"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute "static"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute6 "connected"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute6 "rip"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute6 "ospf"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute6 "bgp"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute6 "static"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
end
|
|
config router multicast-flow
|
|
end
|
|
config router multicast
|
|
set route-limit 2147483647
|
|
set multicast-routing disable
|
|
config pim-sm-global
|
|
set message-interval 60
|
|
set join-prune-holdtime 210
|
|
set accept-register-list ''
|
|
set accept-source-list ''
|
|
set bsr-candidate disable
|
|
set bsr-allow-quick-refresh disable
|
|
set cisco-register-checksum disable
|
|
set cisco-crp-prefix disable
|
|
set cisco-ignore-rp-set-priority disable
|
|
set register-rp-reachability enable
|
|
set register-source disable
|
|
set register-supression 60
|
|
set null-register-retries 1
|
|
set rp-register-keepalive 185
|
|
set spt-threshold enable
|
|
set ssm disable
|
|
set register-rate-limit 0
|
|
set pim-use-sdwan disable
|
|
set spt-threshold-group ''
|
|
end
|
|
end
|
|
config router multicast6
|
|
set multicast-routing disable
|
|
config pim-sm-global
|
|
end
|
|
end
|
|
config router auth-path
|
|
end
|
|
config router setting
|
|
set show-filter ''
|
|
set hostname ''
|
|
end
|
|
config router bfd
|
|
end
|
|
config router bfd6
|
|
end
|
|
config system proxy-arp
|
|
end
|
|
config system link-monitor
|
|
end
|
|
config system wccp
|
|
end
|
|
config system dns64
|
|
set status disable
|
|
set dns64-prefix 64:ff9b::/96
|
|
set always-synthesize-aaaa-record enable
|
|
end
|
|
config system nd-proxy
|
|
set status disable
|
|
end
|
|
config system vne-tunnel
|
|
set status disable
|
|
end
|
|
end
|
|
|
|
config vdom
|
|
edit Policy
|
|
config wireless-controller hotspot20 anqp-venue-name
|
|
end
|
|
config wireless-controller hotspot20 anqp-venue-url
|
|
end
|
|
config wireless-controller hotspot20 anqp-network-auth-type
|
|
end
|
|
config wireless-controller hotspot20 anqp-roaming-consortium
|
|
end
|
|
config wireless-controller hotspot20 anqp-nai-realm
|
|
end
|
|
config wireless-controller hotspot20 anqp-3gpp-cellular
|
|
end
|
|
config wireless-controller hotspot20 anqp-ip-address-type
|
|
end
|
|
config wireless-controller hotspot20 h2qp-operator-name
|
|
end
|
|
config wireless-controller hotspot20 h2qp-wan-metric
|
|
end
|
|
config wireless-controller hotspot20 h2qp-conn-capability
|
|
end
|
|
config wireless-controller hotspot20 icon
|
|
end
|
|
config wireless-controller hotspot20 h2qp-osu-provider
|
|
end
|
|
config wireless-controller hotspot20 qos-map
|
|
end
|
|
config wireless-controller hotspot20 h2qp-advice-of-charge
|
|
end
|
|
config wireless-controller hotspot20 h2qp-osu-provider-nai
|
|
end
|
|
config wireless-controller hotspot20 h2qp-terms-and-conditions
|
|
end
|
|
config wireless-controller hotspot20 hs-profile
|
|
end
|
|
config wireless-controller vap
|
|
end
|
|
config system object-tagging
|
|
edit "default"
|
|
set address optional
|
|
set device optional
|
|
set interface optional
|
|
set multiple enable
|
|
set color 0
|
|
next
|
|
end
|
|
config switch-controller traffic-policy
|
|
edit "quarantine"
|
|
set description "Rate control for quarantined traffic"
|
|
set policer-status enable
|
|
set guaranteed-bandwidth 163840
|
|
set guaranteed-burst 8192
|
|
set maximum-burst 163840
|
|
set cos-queue 0
|
|
next
|
|
edit "sniffer"
|
|
set description "Rate control for sniffer mirrored traffic"
|
|
set policer-status enable
|
|
set guaranteed-bandwidth 50000
|
|
set guaranteed-burst 8192
|
|
set maximum-burst 163840
|
|
set cos-queue 0
|
|
next
|
|
end
|
|
config switch-controller fortilink-settings
|
|
end
|
|
config system stp
|
|
set switch-priority 32768
|
|
set hello-time 2
|
|
set forward-delay 15
|
|
set max-age 20
|
|
set max-hops 20
|
|
end
|
|
config system settings
|
|
set comments "Test VDOM for Policy-based"
|
|
set vdom-type traffic
|
|
set opmode nat
|
|
set policy-offload-level disable
|
|
set ngfw-mode policy-based
|
|
set http-external-dest fortiweb
|
|
set firewall-session-dirty check-all
|
|
set bfd disable
|
|
set utf8-spam-tagging enable
|
|
set wccp-cache-engine disable
|
|
set vpn-stats-log ipsec pptp l2tp ssl
|
|
set vpn-stats-period 600
|
|
set v4-ecmp-mode source-ip-based
|
|
set fw-session-hairpin disable
|
|
set prp-trailer-action disable
|
|
set snat-hairpin-traffic enable
|
|
set dhcp-proxy disable
|
|
set lldp-reception global
|
|
set lldp-transmission global
|
|
set link-down-access enable
|
|
set nat46-generate-ipv6-fragment-header disable
|
|
set nat46-force-ipv4-packet-forwarding disable
|
|
set nat64-force-ipv6-packet-forwarding enable
|
|
set detect-unknown-esp enable
|
|
set intree-ses-best-route disable
|
|
set auxiliary-session disable
|
|
set asymroute disable
|
|
set asymroute-icmp disable
|
|
set ses-denied-traffic disable
|
|
set ses-denied-multicast-traffic disable
|
|
set strict-src-check disable
|
|
set allow-linkdown-path disable
|
|
set asymroute6 disable
|
|
set asymroute6-icmp disable
|
|
set sctp-session-without-init disable
|
|
set sip-expectation disable
|
|
set sip-nat-trace enable
|
|
set h323-direct-model enable
|
|
set status enable
|
|
set sip-tcp-port 5060
|
|
set sip-udp-port 5060
|
|
set sip-ssl-port 5061
|
|
set sccp-port 2000
|
|
set multicast-forward enable
|
|
set multicast-ttl-notchange disable
|
|
set allow-subnet-overlap disable
|
|
set deny-tcp-with-icmp disable
|
|
set ecmp-max-paths 255
|
|
set discovered-device-timeout 28
|
|
set email-portal-check-dns enable
|
|
set default-voip-alg-mode proxy-based
|
|
set gui-implicit-policy enable
|
|
set gui-dns-database disable
|
|
set gui-load-balance disable
|
|
set gui-multicast-policy disable
|
|
set gui-dos-policy enable
|
|
set gui-object-colors enable
|
|
set gui-route-tag-address-creation disable
|
|
set gui-ap-profile enable
|
|
set gui-security-profile-group disable
|
|
set gui-local-in-policy disable
|
|
set gui-dynamic-routing enable
|
|
set gui-threat-weight enable
|
|
set gui-spamfilter disable
|
|
set gui-file-filter disable
|
|
set gui-ips enable
|
|
set gui-dhcp-advanced enable
|
|
set gui-vpn enable
|
|
set gui-sslvpn disable
|
|
set gui-wireless-controller enable
|
|
set gui-advanced-wireless-features disable
|
|
set gui-switch-controller enable
|
|
set gui-fortiap-split-tunneling disable
|
|
set gui-webfilter-advanced disable
|
|
set gui-traffic-shaping enable
|
|
set gui-wan-load-balancing enable
|
|
set gui-antivirus enable
|
|
set gui-webfilter enable
|
|
set gui-dnsfilter enable
|
|
set gui-virtual-patch-profile disable
|
|
set gui-fortiextender-controller disable
|
|
set gui-advanced-policy disable
|
|
set gui-allow-unnamed-policy disable
|
|
set gui-email-collection disable
|
|
set gui-multiple-interface-policy disable
|
|
set gui-ztna enable
|
|
set gui-ot disable
|
|
set gui-dynamic-device-os-id disable
|
|
set location-id 0.0.0.0
|
|
set ike-session-resume disable
|
|
set ike-quick-crash-detect disable
|
|
set ike-dn-format with-space
|
|
set ike-port 500
|
|
set ike-tcp-port 4500
|
|
set ike-policy-route disable
|
|
set block-land-attack disable
|
|
set default-app-port-as-service disable
|
|
set application-bandwidth-tracking disable
|
|
set fqdn-session-check disable
|
|
set ext-resource-session-check disable
|
|
set dyn-addr-session-check disable
|
|
set default-policy-expiry-days 30
|
|
set gui-enforce-change-summary require
|
|
set internet-service-database-cache disable
|
|
set internet-service-app-ctrl-size 32768
|
|
end
|
|
config system sit-tunnel
|
|
end
|
|
config system arp-table
|
|
end
|
|
config system ipv6-neighbor-cache
|
|
end
|
|
config system vdom-sflow
|
|
set vdom-sflow disable
|
|
end
|
|
config system vdom-netflow
|
|
set vdom-netflow disable
|
|
end
|
|
config system vdom-dns
|
|
set vdom-dns disable
|
|
set alt-primary 0.0.0.0
|
|
set alt-secondary 0.0.0.0
|
|
end
|
|
config system replacemsg-group
|
|
edit "default"
|
|
set comment "Default replacement message group."
|
|
set group-type default
|
|
next
|
|
end
|
|
config system session-ttl
|
|
set default 3600
|
|
end
|
|
config system dhcp server
|
|
end
|
|
config system dhcp6 server
|
|
end
|
|
config system zone
|
|
end
|
|
config firewall address
|
|
edit "EMS_ALL_UNKNOWN_CLIENTS"
|
|
set uuid 4be8fcc0-c0f6-51f0-ecfa-4607f7769429
|
|
set type dynamic
|
|
set sub-type ems-tag
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set obj-tag ''
|
|
set obj-type ip
|
|
set tag-detection-level ''
|
|
set tag-type ''
|
|
next
|
|
edit "EMS_ALL_UNMANAGEABLE_CLIENTS"
|
|
set uuid 4be8d826-c0f6-51f0-a93a-10ea8db33ad3
|
|
set type dynamic
|
|
set sub-type ems-tag
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set obj-tag ''
|
|
set obj-type ip
|
|
set tag-detection-level ''
|
|
set tag-type ''
|
|
next
|
|
edit "none"
|
|
set uuid bde11ce6-3520-51ed-9974-a5b4264be0b3
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 0.0.0.0 255.255.255.255
|
|
next
|
|
edit "login.microsoftonline.com"
|
|
set uuid bde12b0a-3520-51ed-d2a0-e807d4a14a3f
|
|
set type fqdn
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set fqdn "login.microsoftonline.com"
|
|
set cache-ttl 0
|
|
next
|
|
edit "login.microsoft.com"
|
|
set uuid bde139e2-3520-51ed-d55f-33931d299d78
|
|
set type fqdn
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set fqdn "login.microsoft.com"
|
|
set cache-ttl 0
|
|
next
|
|
edit "login.windows.net"
|
|
set uuid bde14b94-3520-51ed-a1e7-319da9a479ea
|
|
set type fqdn
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set fqdn "login.windows.net"
|
|
set cache-ttl 0
|
|
next
|
|
edit "gmail.com"
|
|
set uuid bde158b4-3520-51ed-b71e-57f937fa40cb
|
|
set type fqdn
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set fqdn "gmail.com"
|
|
set cache-ttl 0
|
|
next
|
|
edit "wildcard.google.com"
|
|
set uuid bde165c0-3520-51ed-0783-860a2a214ffd
|
|
set type fqdn
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set fqdn "*.google.com"
|
|
set cache-ttl 0
|
|
next
|
|
edit "wildcard.dropbox.com"
|
|
set uuid bde17240-3520-51ed-a328-5346f2fa7447
|
|
set type fqdn
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set fqdn "*.dropbox.com"
|
|
set cache-ttl 0
|
|
next
|
|
edit "SSLVPN_TUNNEL_ADDR1"
|
|
set uuid bde88710-3520-51ed-728e-76461d6221fe
|
|
set type iprange
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set start-ip 10.212.134.200
|
|
set end-ip 10.212.134.210
|
|
next
|
|
edit "all"
|
|
set uuid bde8d012-3520-51ed-6285-eddc784a24b1
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 0.0.0.0 0.0.0.0
|
|
next
|
|
edit "FIREWALL_AUTH_PORTAL_ADDRESS"
|
|
set uuid bde8d1f2-3520-51ed-0936-132ed3b829c9
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 0.0.0.0 0.0.0.0
|
|
next
|
|
edit "FABRIC_DEVICE"
|
|
set uuid bde8d3c8-3520-51ed-3305-2f204031c35c
|
|
set type ipmask
|
|
set comment "IPv4 addresses of Fabric Devices."
|
|
set associated-interface ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set subnet 0.0.0.0 0.0.0.0
|
|
next
|
|
edit "FCTEMS_ALL_FORTICLOUD_SERVERS"
|
|
set uuid 516aa2ce-3522-51ed-0c4a-0d18239acea9
|
|
set type dynamic
|
|
set sub-type ems-tag
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set obj-tag ''
|
|
set obj-type ip
|
|
set tag-detection-level ''
|
|
set tag-type ''
|
|
next
|
|
end
|
|
config firewall multicast-address
|
|
edit "all_hosts"
|
|
set type multicastrange
|
|
set start-ip 224.0.0.1
|
|
set end-ip 224.0.0.1
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
next
|
|
edit "all_routers"
|
|
set type multicastrange
|
|
set start-ip 224.0.0.2
|
|
set end-ip 224.0.0.2
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
next
|
|
edit "Bonjour"
|
|
set type multicastrange
|
|
set start-ip 224.0.0.251
|
|
set end-ip 224.0.0.251
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
next
|
|
edit "EIGRP"
|
|
set type multicastrange
|
|
set start-ip 224.0.0.10
|
|
set end-ip 224.0.0.10
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
next
|
|
edit "OSPF"
|
|
set type multicastrange
|
|
set start-ip 224.0.0.5
|
|
set end-ip 224.0.0.6
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
next
|
|
edit "all"
|
|
set type multicastrange
|
|
set start-ip 224.0.0.0
|
|
set end-ip 239.255.255.255
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
next
|
|
end
|
|
config firewall address6-template
|
|
end
|
|
config firewall address6
|
|
edit "all"
|
|
set uuid bde1bfa2-3520-51ed-7b6a-7bad8cadabaa
|
|
set type ipprefix
|
|
set ip6 ::/0
|
|
set color 0
|
|
set comment ''
|
|
set fabric-object disable
|
|
next
|
|
edit "none"
|
|
set uuid bde1c8d0-3520-51ed-d759-9123906c2212
|
|
set type ipprefix
|
|
set ip6 ::/128
|
|
set color 0
|
|
set comment ''
|
|
set fabric-object disable
|
|
next
|
|
edit "SSLVPN_TUNNEL_IPv6_ADDR1"
|
|
set uuid bde88a26-3520-51ed-47a2-8ac186cdb86d
|
|
set type ipprefix
|
|
set ip6 fdff:ffff::/120
|
|
set color 0
|
|
set comment ''
|
|
set fabric-object disable
|
|
next
|
|
end
|
|
config firewall multicast-address6
|
|
edit "all"
|
|
set ip6 ff00::/8
|
|
set comment ''
|
|
set color 0
|
|
next
|
|
end
|
|
config system ipv6-tunnel
|
|
end
|
|
config firewall addrgrp
|
|
edit "G Suite"
|
|
set type default
|
|
set category default
|
|
set uuid bde18140-3520-51ed-b156-8feccd84c03c
|
|
set member "gmail.com" "wildcard.google.com"
|
|
set comment ''
|
|
set exclude disable
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "Microsoft Office 365"
|
|
set type default
|
|
set category default
|
|
set uuid bde19b44-3520-51ed-cc72-40627cfd767c
|
|
set member "login.microsoftonline.com" "login.microsoft.com" "login.windows.net"
|
|
set comment ''
|
|
set exclude disable
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
end
|
|
config firewall addrgrp6
|
|
end
|
|
config firewall wildcard-fqdn custom
|
|
edit "g-Adobe Login"
|
|
set uuid b5c2c426-7e12-51ec-c8c7-42a0753234df
|
|
set wildcard-fqdn "*.adobelogin.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-Gotomeeting"
|
|
set uuid b5c2d1dc-7e12-51ec-0033-c7d538e5fdef
|
|
set wildcard-fqdn "*.gotomeeting.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-Windows update 2"
|
|
set uuid b5c2d93e-7e12-51ec-1050-7b6ae64065ac
|
|
set wildcard-fqdn "*.windowsupdate.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-adobe"
|
|
set uuid b5c2c30e-7e12-51ec-1da6-1db9bca6406e
|
|
set wildcard-fqdn "*.adobe.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-android"
|
|
set uuid b5c2c520-7e12-51ec-66f1-404afb0dad1a
|
|
set wildcard-fqdn "*.android.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-apple"
|
|
set uuid b5c2c61a-7e12-51ec-b2cc-2b03b1ad8ac0
|
|
set wildcard-fqdn "*.apple.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-appstore"
|
|
set uuid b5c2c714-7e12-51ec-072f-a8d60b6da6c9
|
|
set wildcard-fqdn "*.appstore.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-auth.gfx.ms"
|
|
set uuid b5c2c80e-7e12-51ec-3653-8016dcbc28a4
|
|
set wildcard-fqdn "*.auth.gfx.ms"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-autoupdate.opera.com"
|
|
set uuid b5c2de52-7e12-51ec-9c10-927947a6ab3a
|
|
set wildcard-fqdn "*autoupdate.opera.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-cdn-apple"
|
|
set uuid 4fcf159e-7cda-51ed-d7ef-7d1c0f82091c
|
|
set wildcard-fqdn "*.cdn-apple.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-citrix"
|
|
set uuid b5c2c908-7e12-51ec-01b1-b38ce4989cbb
|
|
set wildcard-fqdn "*.citrixonline.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-dropbox.com"
|
|
set uuid b5c2ca02-7e12-51ec-43dc-489077effa44
|
|
set wildcard-fqdn "*.dropbox.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-eease"
|
|
set uuid b5c2cafc-7e12-51ec-0777-7e7243cc25fe
|
|
set wildcard-fqdn "*.eease.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-firefox update server"
|
|
set uuid b5c2cbf6-7e12-51ec-d213-27b68033a384
|
|
set wildcard-fqdn "aus*.mozilla.org"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-fortinet"
|
|
set uuid b5c2ccf0-7e12-51ec-0b36-46ab64c1ba89
|
|
set wildcard-fqdn "*.fortinet.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-google-drive"
|
|
set uuid b5c2cee4-7e12-51ec-9ea0-220ca0ebde0f
|
|
set wildcard-fqdn "*drive.google.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-google-play"
|
|
set uuid b5c2db46-7e12-51ec-efc3-be1c278ba621
|
|
set wildcard-fqdn "*play.google.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-google-play2"
|
|
set uuid b5c2cfde-7e12-51ec-3f42-4089eb70f096
|
|
set wildcard-fqdn "*.ggpht.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-google-play3"
|
|
set uuid b5c2d0d8-7e12-51ec-b5df-6cd900ac767d
|
|
set wildcard-fqdn "*.books.google.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-googleapis.com"
|
|
set uuid b5c2cdea-7e12-51ec-c49f-497c9a8f0cc4
|
|
set wildcard-fqdn "*.googleapis.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-icloud"
|
|
set uuid b5c2d344-7e12-51ec-c8c1-97b23449d39e
|
|
set wildcard-fqdn "*.icloud.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-itunes"
|
|
set uuid b5c2d452-7e12-51ec-d0f4-1605cffaa5b0
|
|
set wildcard-fqdn "*itunes.apple.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-live.com"
|
|
set uuid b5c2da42-7e12-51ec-980b-fefb8446bc74
|
|
set wildcard-fqdn "*.live.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-microsoft"
|
|
set uuid b5c2d54c-7e12-51ec-66f6-895f67d8072d
|
|
set wildcard-fqdn "*.microsoft.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-mzstatic-apple"
|
|
set uuid 4fcf1652-7cda-51ed-df9f-4d198b596ae5
|
|
set wildcard-fqdn "*.mzstatic.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-skype"
|
|
set uuid b5c2d646-7e12-51ec-2218-dc4a982afb68
|
|
set wildcard-fqdn "*.messenger.live.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-softwareupdate.vmware.com"
|
|
set uuid b5c2d740-7e12-51ec-15f8-f8ef25f4ea30
|
|
set wildcard-fqdn "*.softwareupdate.vmware.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-swscan.apple.com"
|
|
set uuid b5c2dd44-7e12-51ec-5fa2-8d51ab678ea9
|
|
set wildcard-fqdn "*swscan.apple.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-update.microsoft.com"
|
|
set uuid b5c2dc40-7e12-51ec-7df9-3371c69c0ffb
|
|
set wildcard-fqdn "*update.microsoft.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-verisign"
|
|
set uuid b5c2d83a-7e12-51ec-e82e-ffa878b96855
|
|
set wildcard-fqdn "*.verisign.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
end
|
|
config firewall wildcard-fqdn group
|
|
end
|
|
config firewall traffic-class
|
|
end
|
|
config firewall service category
|
|
edit "General"
|
|
set comment "General services."
|
|
set fabric-object disable
|
|
next
|
|
edit "Web Access"
|
|
set comment "Web access."
|
|
set fabric-object disable
|
|
next
|
|
edit "File Access"
|
|
set comment "File access."
|
|
set fabric-object disable
|
|
next
|
|
edit "Email"
|
|
set comment "Email services."
|
|
set fabric-object disable
|
|
next
|
|
edit "Network Services"
|
|
set comment "Network services."
|
|
set fabric-object disable
|
|
next
|
|
edit "Authentication"
|
|
set comment "Authentication service."
|
|
set fabric-object disable
|
|
next
|
|
edit "Remote Access"
|
|
set comment "Remote access."
|
|
set fabric-object disable
|
|
next
|
|
edit "Tunneling"
|
|
set comment "Tunneling service."
|
|
set fabric-object disable
|
|
next
|
|
edit "VoIP, Messaging & Other Applications"
|
|
set comment "VoIP, messaging, and other applications."
|
|
set fabric-object disable
|
|
next
|
|
edit "Web Proxy"
|
|
set comment "Explicit web proxy."
|
|
set fabric-object disable
|
|
next
|
|
end
|
|
config firewall service custom
|
|
edit "ALL"
|
|
set uuid 8b52a764-c0f9-51f0-4aa2-af72ef33b933
|
|
set proxy disable
|
|
set category "General"
|
|
set protocol IP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set protocol-number 0
|
|
next
|
|
edit "FTP"
|
|
set uuid 8b52a87c-c0f9-51f0-5aff-fe07e0708c86
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 21
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "FTP_GET"
|
|
set uuid 8b52a958-c0f9-51f0-eebf-1540af59bdff
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 21
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "FTP_PUT"
|
|
set uuid 8b52aa16-c0f9-51f0-e937-4e513baceb22
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 21
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "DNS"
|
|
set uuid 96ea92ee-c0f9-51f0-f47c-c79155ab4432
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 53
|
|
set udp-portrange 53
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "HTTP"
|
|
set uuid 96ea974e-c0f9-51f0-9510-be2b05bbf0c0
|
|
set proxy disable
|
|
set category "Web Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 80
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "HTTPS"
|
|
set uuid 96ea9ac8-c0f9-51f0-1c5b-d7b9821f0138
|
|
set proxy disable
|
|
set category "Web Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 443
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "IMAP"
|
|
set uuid 96ea9e42-c0f9-51f0-1427-b5653be8387f
|
|
set proxy disable
|
|
set category "Email"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 143
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "IMAPS"
|
|
set uuid 96eaa19e-c0f9-51f0-14a3-38281f36bc2f
|
|
set proxy disable
|
|
set category "Email"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 993
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "LDAP"
|
|
set uuid 96eaa4fa-c0f9-51f0-acd0-7183294a6351
|
|
set proxy disable
|
|
set category "Authentication"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 389
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "DCE-RPC"
|
|
set uuid 96eaa84c-c0f9-51f0-7fc3-f453bc75c260
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 135
|
|
set udp-portrange 135
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "POP3"
|
|
set uuid 96eaabee-c0f9-51f0-4664-b72bddaf1c15
|
|
set proxy disable
|
|
set category "Email"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 110
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "POP3S"
|
|
set uuid 96eaaf54-c0f9-51f0-e708-bb2ad0c52057
|
|
set proxy disable
|
|
set category "Email"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 995
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SAMBA"
|
|
set uuid 96eab2a6-c0f9-51f0-8077-0cc0ec53feed
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 139
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SMTP"
|
|
set uuid 96eab5ee-c0f9-51f0-fffa-2b301bb12104
|
|
set proxy disable
|
|
set category "Email"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 25
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SMTPS"
|
|
set uuid 96eabb84-c0f9-51f0-ae56-6da39a53a345
|
|
set proxy disable
|
|
set category "Email"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 465
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "KERBEROS"
|
|
set uuid 96eac0de-c0f9-51f0-9ec8-2a09b9d90928
|
|
set proxy disable
|
|
set category "Authentication"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 88 464
|
|
set udp-portrange 88 464
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "LDAP_UDP"
|
|
set uuid 96eac49e-c0f9-51f0-91f1-53f1a147e2b0
|
|
set proxy disable
|
|
set category "Authentication"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 389
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SMB"
|
|
set uuid 96eac7f0-c0f9-51f0-58ef-5a3fdc558452
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 445
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "ALL_TCP"
|
|
set uuid 96ead88a-c0f9-51f0-d27a-450f94683808
|
|
set proxy disable
|
|
set category "General"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1-65535
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "ALL_UDP"
|
|
set uuid 96eadc04-c0f9-51f0-3b11-cf2b149a9e19
|
|
set proxy disable
|
|
set category "General"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 1-65535
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "ALL_ICMP"
|
|
set uuid 96eadf60-c0f9-51f0-5e14-3cb4384b028c
|
|
set proxy disable
|
|
set category "General"
|
|
set protocol ICMP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
unset icmptype
|
|
next
|
|
edit "ALL_ICMP6"
|
|
set uuid 96eae2f8-c0f9-51f0-69be-47a18fa89724
|
|
set proxy disable
|
|
set category "General"
|
|
set protocol ICMP6
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
unset icmptype
|
|
next
|
|
edit "GRE"
|
|
set uuid 96eae67c-c0f9-51f0-1618-998f8ecc78c1
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol IP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set protocol-number 47
|
|
next
|
|
edit "AH"
|
|
set uuid 96eaea14-c0f9-51f0-40f6-44db37089197
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol IP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set protocol-number 51
|
|
next
|
|
edit "ESP"
|
|
set uuid 96eaeda2-c0f9-51f0-82e8-5004b6c3deb9
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol IP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set protocol-number 50
|
|
next
|
|
edit "AOL"
|
|
set uuid 96eaf130-c0f9-51f0-6de1-71a7fe31d49d
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 5190-5194
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "BGP"
|
|
set uuid 96eaf400-c0f9-51f0-fff3-34cea08d42de
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 179
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "DHCP"
|
|
set uuid 96eaf752-c0f9-51f0-2d8e-c4e58238fcb7
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 67-68
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "FINGER"
|
|
set uuid 96eafaae-c0f9-51f0-3e8e-ffdab5271364
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 79
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "GOPHER"
|
|
set uuid 96eafd7e-c0f9-51f0-39dd-b835fdbf2026
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 70
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "H323"
|
|
set uuid 96eb00e4-c0f9-51f0-a396-078ddf6f28f2
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1720 1503
|
|
set udp-portrange 1719
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "IKE"
|
|
set uuid 96eb04cc-c0f9-51f0-87e4-00ed5e566008
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 500 4500
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "Internet-Locator-Service"
|
|
set uuid 96eb0832-c0f9-51f0-be7c-b4be2e6e2da0
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 389
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "IRC"
|
|
set uuid 96eb0af8-c0f9-51f0-dfdd-6c2c977d2607
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 6660-6669
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "L2TP"
|
|
set uuid 96eb0e68-c0f9-51f0-05d3-763419406339
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1701
|
|
set udp-portrange 1701
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "NetMeeting"
|
|
set uuid 96eb120a-c0f9-51f0-e709-a42a856c93ed
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1720
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "NFS"
|
|
set uuid 96eb14c6-c0f9-51f0-4664-e0f6f0f809a6
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 111 2049
|
|
set udp-portrange 111 2049
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "NNTP"
|
|
set uuid 96eb1868-c0f9-51f0-ace7-2d5814d31293
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 119
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "NTP"
|
|
set uuid 96eb1b24-c0f9-51f0-2981-e5d408846b2c
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 123
|
|
set udp-portrange 123
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "OSPF"
|
|
set uuid 96eb1ed0-c0f9-51f0-22b7-8d6057df1ed2
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol IP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set protocol-number 89
|
|
next
|
|
edit "PC-Anywhere"
|
|
set uuid 96eb2268-c0f9-51f0-ce5f-9d9f4306e4fd
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 5631
|
|
set udp-portrange 5632
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "PING"
|
|
set uuid 96eb2600-c0f9-51f0-342b-1fde718db4fd
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol ICMP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set icmptype 8
|
|
unset icmpcode
|
|
next
|
|
edit "TIMESTAMP"
|
|
set uuid 96eb29e8-c0f9-51f0-5a7c-874cf9d0784a
|
|
set proxy disable
|
|
set category ''
|
|
set protocol ICMP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set icmptype 13
|
|
unset icmpcode
|
|
next
|
|
edit "INFO_REQUEST"
|
|
set uuid 96eb2d44-c0f9-51f0-029d-63d4b96e01d9
|
|
set proxy disable
|
|
set category ''
|
|
set protocol ICMP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set icmptype 15
|
|
unset icmpcode
|
|
next
|
|
edit "INFO_ADDRESS"
|
|
set uuid 96eb308c-c0f9-51f0-6953-186396cfd1ee
|
|
set proxy disable
|
|
set category ''
|
|
set protocol ICMP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set icmptype 17
|
|
unset icmpcode
|
|
next
|
|
edit "ONC-RPC"
|
|
set uuid 96eb33de-c0f9-51f0-c72f-eba47bc6eaaf
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 111
|
|
set udp-portrange 111
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "PPTP"
|
|
set uuid 96eb3834-c0f9-51f0-9569-c189fbf611d6
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1723
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "QUAKE"
|
|
set uuid 96eb3cbc-c0f9-51f0-8eda-6cccbe8dd8db
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 26000 27000 27910 27960
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RAUDIO"
|
|
set uuid 96eb3f8c-c0f9-51f0-2766-7a064258f89f
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 7070
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "REXEC"
|
|
set uuid 96eb4248-c0f9-51f0-a417-21f1837e3d9f
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 512
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RIP"
|
|
set uuid 96eb4518-c0f9-51f0-ac40-ce1d1165e9c0
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 520
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RLOGIN"
|
|
set uuid 96eb486a-c0f9-51f0-188a-1120489796f9
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 513:512-1023
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RSH"
|
|
set uuid 96eb4b3a-c0f9-51f0-a28d-13150b8c009a
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 514:512-1023
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SCCP"
|
|
set uuid 96eb4e00-c0f9-51f0-76a5-1f04d7b5f155
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 2000
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SIP"
|
|
set uuid 96eb515c-c0f9-51f0-e179-4f5e6bccda38
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 5060
|
|
set udp-portrange 5060
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SIP-MSNmessenger"
|
|
set uuid 96eb5508-c0f9-51f0-a5e8-7b68f1efa994
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1863
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SNMP"
|
|
set uuid 96eb585a-c0f9-51f0-5e4c-48921c692606
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 161-162
|
|
set udp-portrange 161-162
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SSH"
|
|
set uuid 96eb5c06-c0f9-51f0-e2d0-c53a44363bfb
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 22
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SYSLOG"
|
|
set uuid 96eb5f58-c0f9-51f0-3692-de5bed3288fd
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 514
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TALK"
|
|
set uuid 96eb62aa-c0f9-51f0-2995-43a045ad0ada
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 517-518
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TELNET"
|
|
set uuid 96eb6584-c0f9-51f0-a260-3da38d402f14
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 23
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TFTP"
|
|
set uuid 96eb68d6-c0f9-51f0-4c7e-7291509d2421
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 69
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "MGCP"
|
|
set uuid 96eb6cc8-c0f9-51f0-1806-faf0c650dbe0
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 2427 2727
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "UUCP"
|
|
set uuid 96eb6fc0-c0f9-51f0-1ec5-ffa70f421e4f
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 540
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "VDOLIVE"
|
|
set uuid 96eb7286-c0f9-51f0-d970-6254c12532b5
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 7000-7010
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "WAIS"
|
|
set uuid 96eb7560-c0f9-51f0-fbfd-699a6e8bf421
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 210
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "WINFRAME"
|
|
set uuid 96eb781c-c0f9-51f0-a7f2-e2a0c86856a4
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1494 2598
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "X-WINDOWS"
|
|
set uuid 96eb7ae2-c0f9-51f0-8946-a6a7af3d7f2c
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 6000-6063
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "PING6"
|
|
set uuid 96eb7e48-c0f9-51f0-10a5-5b1849988f16
|
|
set proxy disable
|
|
set category ''
|
|
set protocol ICMP6
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set icmptype 128
|
|
unset icmpcode
|
|
next
|
|
edit "MS-SQL"
|
|
set uuid 96eb81a4-c0f9-51f0-ebd9-46bc951420b2
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1433 1434
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "MYSQL"
|
|
set uuid 96eb850a-c0f9-51f0-65ca-3f3f002c1c25
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 3306
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RDP"
|
|
set uuid 96eb8866-c0f9-51f0-ed02-033142444e21
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 3389
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "VNC"
|
|
set uuid 96eb8bb8-c0f9-51f0-c884-d7f7cbfe1256
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 5900
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "DHCP6"
|
|
set uuid 96eb8f0a-c0f9-51f0-9818-47ddbfe02012
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 546 547
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SQUID"
|
|
set uuid 96eb9266-c0f9-51f0-ee45-cfa010379154
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 3128
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SOCKS"
|
|
set uuid 96eb95c2-c0f9-51f0-a063-dff622758fd7
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1080
|
|
set udp-portrange 1080
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "WINS"
|
|
set uuid 96eb9964-c0f9-51f0-4bc3-ae39100db90a
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1512
|
|
set udp-portrange 1512
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RADIUS"
|
|
set uuid 96eb9cfc-c0f9-51f0-22d9-aaa43a0c929f
|
|
set proxy disable
|
|
set category "Authentication"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 1812 1813
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RADIUS-OLD"
|
|
set uuid 96eba2c4-c0f9-51f0-6c7c-920fafd3f30a
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 1645 1646
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "CVSPSERVER"
|
|
set uuid 96eba5da-c0f9-51f0-67b5-0f3cd75ba490
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 2401
|
|
set udp-portrange 2401
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "AFS3"
|
|
set uuid 96eba8fa-c0f9-51f0-c5cb-a35a51d20d2b
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 7000-7009
|
|
set udp-portrange 7000-7009
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TRACEROUTE"
|
|
set uuid 96ebacc4-c0f9-51f0-1040-6e081096c638
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 33434-33535
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RTSP"
|
|
set uuid 96ebb020-c0f9-51f0-5bd7-900814e82a52
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 554 7070 8554
|
|
set udp-portrange 554
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "MMS"
|
|
set uuid 96ebb3d6-c0f9-51f0-12d2-86199fbee22e
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1755
|
|
set udp-portrange 1024-5000
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "NONE"
|
|
set uuid 96ebb6ec-c0f9-51f0-b3b4-15ce15d6e4c1
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 0
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "webproxy"
|
|
set uuid 8b529a62-c0f9-51f0-4381-b573f9911285
|
|
set proxy enable
|
|
set category "Web Proxy"
|
|
set protocol ALL
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set app-service-type disable
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 0-65535:0-65535
|
|
next
|
|
end
|
|
config firewall service group
|
|
edit "Email Access"
|
|
set uuid 8b52abb0-c0f9-51f0-86f0-9817e4e67a19
|
|
set proxy disable
|
|
set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "Web Access"
|
|
set uuid 8b52b236-c0f9-51f0-3dc8-b1d8b8b7b65e
|
|
set proxy disable
|
|
set member "DNS" "HTTP" "HTTPS"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "Windows AD"
|
|
set uuid 8b52b5e2-c0f9-51f0-bb72-ccdd40d89710
|
|
set proxy disable
|
|
set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "Exchange Server"
|
|
set uuid 8b52bb5a-c0f9-51f0-8975-7ba71ea48ea7
|
|
set proxy disable
|
|
set member "DCE-RPC" "DNS" "HTTPS"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
end
|
|
config firewall internet-service-group
|
|
end
|
|
config firewall internet-service-extension
|
|
end
|
|
config firewall internet-service-custom
|
|
end
|
|
config firewall internet-service-custom-group
|
|
end
|
|
config firewall network-service-dynamic
|
|
end
|
|
config system external-resource
|
|
end
|
|
config vpn certificate ca
|
|
end
|
|
config vpn certificate remote
|
|
end
|
|
config vpn certificate local
|
|
edit "Fortinet_CA_SSL"
|
|
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_CA_Untrusted"
|
|
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_GUI_Server"
|
|
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_RSA1024"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_RSA2048"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_RSA4096"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_DSA1024"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_DSA2048"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_ECDSA256"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_ECDSA384"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_ECDSA521"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_ED25519"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_ED448"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
end
|
|
config vpn certificate crl
|
|
end
|
|
config vpn certificate ocsp-server
|
|
end
|
|
config vpn certificate setting
|
|
set ocsp-status disable
|
|
set ocsp-option server
|
|
set proxy ''
|
|
set source-ip ''
|
|
set ocsp-default-server ''
|
|
set interface-select-method auto
|
|
set check-ca-cert enable
|
|
set check-ca-chain disable
|
|
set subject-match substring
|
|
set subject-set subset
|
|
set cn-match substring
|
|
set cn-allow-multi enable
|
|
config crl-verification
|
|
set expiry ignore
|
|
set leaf-crl-absence ignore
|
|
set chain-crl-absence ignore
|
|
end
|
|
set strict-ocsp-check disable
|
|
set ssl-min-proto-version default
|
|
set cmp-save-extra-certs disable
|
|
set cmp-key-usage-checking enable
|
|
set cert-expire-warning 14
|
|
set certname-rsa1024 "Fortinet_SSL_RSA1024"
|
|
set certname-rsa2048 "Fortinet_SSL_RSA2048"
|
|
set certname-rsa4096 "Fortinet_SSL_RSA4096"
|
|
set certname-dsa1024 "Fortinet_SSL_DSA1024"
|
|
set certname-dsa2048 "Fortinet_SSL_DSA2048"
|
|
set certname-ecdsa256 "Fortinet_SSL_ECDSA256"
|
|
set certname-ecdsa384 "Fortinet_SSL_ECDSA384"
|
|
set certname-ecdsa521 "Fortinet_SSL_ECDSA521"
|
|
set certname-ed25519 "Fortinet_SSL_ED25519"
|
|
set certname-ed448 "Fortinet_SSL_ED448"
|
|
end
|
|
config webfilter ftgd-local-cat
|
|
edit "custom1"
|
|
set status enable
|
|
set id 140
|
|
next
|
|
edit "custom2"
|
|
set status enable
|
|
set id 141
|
|
next
|
|
end
|
|
config ips sensor
|
|
edit "g-default"
|
|
set comment "Prevent critical attacks."
|
|
set replacemsg-group ''
|
|
set block-malicious-url disable
|
|
set scan-botnet-connections disable
|
|
set extended-log disable
|
|
config entries
|
|
edit 1
|
|
set location all
|
|
set severity medium high critical
|
|
set protocol all
|
|
set os all
|
|
set application all
|
|
set default-action all
|
|
set default-status all
|
|
unset last-modified
|
|
set status default
|
|
set log enable
|
|
set log-packet disable
|
|
set log-attack-context disable
|
|
set action default
|
|
set quarantine none
|
|
next
|
|
end
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "Monitor IPS attacks."
|
|
set replacemsg-group ''
|
|
set block-malicious-url disable
|
|
set scan-botnet-connections disable
|
|
set extended-log disable
|
|
config entries
|
|
edit 1
|
|
set location all
|
|
set severity medium high critical
|
|
set protocol all
|
|
set os all
|
|
set application all
|
|
set default-action all
|
|
set default-status all
|
|
unset last-modified
|
|
set status default
|
|
set log enable
|
|
set log-packet disable
|
|
set log-attack-context disable
|
|
set action default
|
|
set quarantine none
|
|
next
|
|
end
|
|
next
|
|
edit "g-wifi-default"
|
|
set comment "Default configuration for offloading WiFi traffic."
|
|
set replacemsg-group ''
|
|
set block-malicious-url disable
|
|
set scan-botnet-connections disable
|
|
set extended-log disable
|
|
config entries
|
|
edit 1
|
|
set location all
|
|
set severity medium high critical
|
|
set protocol all
|
|
set os all
|
|
set application all
|
|
set default-action all
|
|
set default-status all
|
|
unset last-modified
|
|
set status default
|
|
set log enable
|
|
set log-packet disable
|
|
set log-attack-context disable
|
|
set action default
|
|
set quarantine none
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config sctp-filter profile
|
|
end
|
|
config diameter-filter profile
|
|
end
|
|
config firewall shaper traffic-shaper
|
|
edit "high-priority"
|
|
set guaranteed-bandwidth 0
|
|
set maximum-bandwidth 1048576
|
|
set bandwidth-unit kbps
|
|
set priority high
|
|
set per-policy enable
|
|
set diffserv disable
|
|
set cos-marking disable
|
|
set overhead 0
|
|
next
|
|
edit "medium-priority"
|
|
set guaranteed-bandwidth 0
|
|
set maximum-bandwidth 1048576
|
|
set bandwidth-unit kbps
|
|
set priority medium
|
|
set per-policy enable
|
|
set diffserv disable
|
|
set cos-marking disable
|
|
set overhead 0
|
|
next
|
|
edit "low-priority"
|
|
set guaranteed-bandwidth 0
|
|
set maximum-bandwidth 1048576
|
|
set bandwidth-unit kbps
|
|
set priority low
|
|
set per-policy enable
|
|
set diffserv disable
|
|
set cos-marking disable
|
|
set overhead 0
|
|
next
|
|
edit "guarantee-100kbps"
|
|
set guaranteed-bandwidth 100
|
|
set maximum-bandwidth 1048576
|
|
set bandwidth-unit kbps
|
|
set priority high
|
|
set per-policy enable
|
|
set diffserv disable
|
|
set cos-marking disable
|
|
set overhead 0
|
|
next
|
|
edit "shared-1M-pipe"
|
|
set guaranteed-bandwidth 0
|
|
set maximum-bandwidth 1024
|
|
set bandwidth-unit kbps
|
|
set priority high
|
|
set per-policy disable
|
|
set diffserv disable
|
|
set cos-marking disable
|
|
set overhead 0
|
|
next
|
|
end
|
|
config firewall shaper per-ip-shaper
|
|
end
|
|
config firewall proxy-address
|
|
edit "IPv4-address"
|
|
set uuid 2a03897c-c0f6-51f0-4d81-bcec477adf58
|
|
set type host-regex
|
|
set host-regex "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}$"
|
|
set referrer disable
|
|
set case-sensitivity disable
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "IPv6-address"
|
|
set uuid 2a038a94-c0f6-51f0-6ea6-d2a11f818ac9
|
|
set type host-regex
|
|
set host-regex "^\\[(([0-9a-f]{0,4}:){1,7}[0-9a-f]{1,4})\\]$"
|
|
set referrer disable
|
|
set case-sensitivity disable
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
end
|
|
config firewall proxy-addrgrp
|
|
end
|
|
config web-proxy profile
|
|
end
|
|
config web-proxy global
|
|
set ssl-cert "Fortinet_Factory"
|
|
set ssl-ca-cert "Fortinet_CA_SSL"
|
|
set fast-policy-match enable
|
|
set ldap-user-cache disable
|
|
set proxy-fqdn "default.fqdn"
|
|
set max-request-length 8
|
|
set max-message-length 32
|
|
set strict-web-check disable
|
|
set forward-proxy-auth disable
|
|
set forward-server-affinity-timeout 30
|
|
set max-waf-body-cache-length 1
|
|
set webproxy-profile ''
|
|
set learn-client-ip disable
|
|
set policy-category-deep-inspect enable
|
|
set log-policy-pending disable
|
|
set log-forward-server disable
|
|
set log-app-id disable
|
|
set proxy-transparent-cert-inspection disable
|
|
set request-obs-fold keep
|
|
end
|
|
config web-proxy forward-server
|
|
end
|
|
config web-proxy forward-server-group
|
|
end
|
|
config web-proxy debug-url
|
|
end
|
|
config web-proxy wisp
|
|
end
|
|
config wanopt webcache
|
|
set max-object-size 512000
|
|
set neg-resp-time 0
|
|
set fresh-factor 100
|
|
set max-ttl 7200
|
|
set min-ttl 5
|
|
set default-ttl 1440
|
|
set ignore-ims disable
|
|
set ignore-conditional disable
|
|
set ignore-pnc disable
|
|
set ignore-ie-reload enable
|
|
set cache-expired disable
|
|
set cache-cookie disable
|
|
set reval-pnc disable
|
|
set always-revalidate disable
|
|
set cache-by-default disable
|
|
set host-validate disable
|
|
set external disable
|
|
end
|
|
config web-proxy fast-fallback
|
|
end
|
|
config web-proxy url-match
|
|
end
|
|
config application custom
|
|
end
|
|
config application group
|
|
end
|
|
config dlp data-type
|
|
edit "g-credit-card"
|
|
set pattern "\\b([2-6]{1}\\d{3})[- ]?(\\d{4})[- ]?(\\d{2})[- ]?(\\d{2})[- ]?(\\d{2,4})\\b"
|
|
set verify "builtin)credit-card"
|
|
set verify2 ''
|
|
set match-around ''
|
|
set look-back 20
|
|
set look-ahead 1
|
|
set transform "\\b\\1[- ]?\\2[- ]?\\3[- ]?\\4[- ]?\\5\\b"
|
|
set verify-transformed-pattern disable
|
|
set comment ''
|
|
next
|
|
edit "g-edm-keyword"
|
|
set pattern ".+"
|
|
set verify ''
|
|
set match-around ''
|
|
set transform "/\\b\\0\\b/i"
|
|
set comment ''
|
|
next
|
|
edit "g-hex"
|
|
set pattern "built-in"
|
|
set verify ''
|
|
set match-around ''
|
|
set transform ''
|
|
set comment ''
|
|
next
|
|
edit "g-keyword"
|
|
set pattern "built-in"
|
|
set verify ''
|
|
set match-around ''
|
|
set transform ''
|
|
set comment ''
|
|
next
|
|
edit "g-mip-label"
|
|
set pattern "^[[:xdigit:]]{8}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{12}$"
|
|
set verify ''
|
|
set match-around ''
|
|
set transform "built-in"
|
|
set comment ''
|
|
next
|
|
edit "g-regex"
|
|
set pattern "built-in"
|
|
set verify ''
|
|
set match-around ''
|
|
set transform ''
|
|
set comment ''
|
|
next
|
|
edit "g-ssn-us"
|
|
set pattern "\\b(\\d{3})-(\\d{2})-(\\d{4})\\b"
|
|
set verify "(?<!-)\\b(?!666|000|9\\d{2})\\d{3}-(?!00)\\d{2}-(?!0{4})\\d{4}\\b(?!-)"
|
|
set verify2 ''
|
|
set match-around ''
|
|
set look-back 12
|
|
set look-ahead 1
|
|
set transform "\\b\\1-\\2-\\3\\b"
|
|
set verify-transformed-pattern disable
|
|
set comment ''
|
|
next
|
|
end
|
|
config dlp dictionary
|
|
end
|
|
config dlp exact-data-match
|
|
end
|
|
config dlp sensor
|
|
end
|
|
config dlp filepattern
|
|
edit 1
|
|
set name "builtin-patterns"
|
|
set comment ''
|
|
config entries
|
|
edit "*.bat"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.com"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.dll"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.doc"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.exe"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.gz"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.hta"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.ppt"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.rar"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.scr"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.tar"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.tgz"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.vb?"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.wps"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.xl?"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.zip"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.pif"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.cpl"
|
|
set filter-type pattern
|
|
next
|
|
end
|
|
next
|
|
edit 2
|
|
set name "all_executables"
|
|
set comment ''
|
|
config entries
|
|
edit "bat"
|
|
set filter-type type
|
|
set file-type bat
|
|
next
|
|
edit "exe"
|
|
set filter-type type
|
|
set file-type exe
|
|
next
|
|
edit "elf"
|
|
set filter-type type
|
|
set file-type elf
|
|
next
|
|
edit "hta"
|
|
set filter-type type
|
|
set file-type hta
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config dlp sensitivity
|
|
edit "Private"
|
|
next
|
|
edit "Critical"
|
|
next
|
|
edit "Warning"
|
|
next
|
|
end
|
|
config dlp fp-doc-source
|
|
end
|
|
config dlp profile
|
|
edit "g-default"
|
|
set comment "Default profile."
|
|
set replacemsg-group ''
|
|
set dlp-log enable
|
|
set extended-log disable
|
|
set nac-quar-log disable
|
|
unset full-archive-proto
|
|
unset summary-proto
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "Log a summary of email and web traffic."
|
|
set replacemsg-group ''
|
|
set dlp-log enable
|
|
set extended-log disable
|
|
set nac-quar-log disable
|
|
unset full-archive-proto
|
|
set summary-proto smtp pop3 imap http-get http-post
|
|
next
|
|
end
|
|
config webfilter content
|
|
end
|
|
config webfilter content-header
|
|
end
|
|
config webfilter urlfilter
|
|
end
|
|
config videofilter youtube-key
|
|
end
|
|
config videofilter keyword
|
|
end
|
|
config videofilter profile
|
|
end
|
|
config webfilter ips-urlfilter-setting
|
|
set device ''
|
|
set distance 1
|
|
set gateway 0.0.0.0
|
|
set geo-filter ''
|
|
end
|
|
config webfilter ips-urlfilter-setting6
|
|
set device ''
|
|
set distance 1
|
|
set gateway6 ::
|
|
set geo-filter ''
|
|
end
|
|
config emailfilter bword
|
|
end
|
|
config emailfilter block-allow-list
|
|
end
|
|
config emailfilter mheader
|
|
end
|
|
config emailfilter dnsbl
|
|
end
|
|
config emailfilter iptrust
|
|
end
|
|
config log threat-weight
|
|
set status enable
|
|
config level
|
|
set low 5
|
|
set medium 10
|
|
set high 30
|
|
set critical 50
|
|
end
|
|
set blocked-connection high
|
|
set failed-connection low
|
|
set url-block-detected high
|
|
set botnet-connection-detected critical
|
|
config malware
|
|
set virus-infected critical
|
|
set inline-block critical
|
|
set file-blocked low
|
|
set command-blocked disable
|
|
set oversized disable
|
|
set virus-scan-error high
|
|
set switch-proto disable
|
|
set mimefragmented disable
|
|
set virus-file-type-executable medium
|
|
set virus-outbreak-prevention critical
|
|
set content-disarm medium
|
|
set malware-list medium
|
|
set ems-threat-feed medium
|
|
set fsa-malicious critical
|
|
set fsa-high-risk high
|
|
set fsa-medium-risk medium
|
|
end
|
|
config ips
|
|
set info-severity disable
|
|
set low-severity low
|
|
set medium-severity medium
|
|
set high-severity high
|
|
set critical-severity critical
|
|
end
|
|
config web
|
|
edit 1
|
|
set category 26
|
|
set level high
|
|
next
|
|
edit 2
|
|
set category 61
|
|
set level high
|
|
next
|
|
edit 3
|
|
set category 86
|
|
set level high
|
|
next
|
|
edit 4
|
|
set category 1
|
|
set level medium
|
|
next
|
|
edit 5
|
|
set category 3
|
|
set level medium
|
|
next
|
|
edit 6
|
|
set category 4
|
|
set level medium
|
|
next
|
|
edit 7
|
|
set category 5
|
|
set level medium
|
|
next
|
|
edit 8
|
|
set category 6
|
|
set level medium
|
|
next
|
|
edit 9
|
|
set category 12
|
|
set level medium
|
|
next
|
|
edit 10
|
|
set category 59
|
|
set level medium
|
|
next
|
|
edit 11
|
|
set category 62
|
|
set level medium
|
|
next
|
|
edit 12
|
|
set category 83
|
|
set level medium
|
|
next
|
|
edit 13
|
|
set category 72
|
|
set level low
|
|
next
|
|
edit 14
|
|
set category 14
|
|
set level low
|
|
next
|
|
edit 15
|
|
set category 96
|
|
set level medium
|
|
next
|
|
end
|
|
config application
|
|
edit 1
|
|
set category 2
|
|
set level low
|
|
next
|
|
edit 2
|
|
set category 6
|
|
set level medium
|
|
next
|
|
end
|
|
end
|
|
config icap server
|
|
end
|
|
config icap server-group
|
|
end
|
|
config icap profile
|
|
edit "default"
|
|
set replacemsg-group ''
|
|
set comment ''
|
|
set request disable
|
|
set response disable
|
|
unset file-transfer
|
|
set streaming-content-bypass disable
|
|
set 204-response disable
|
|
set preview disable
|
|
set methods delete get head options post put trace connect other
|
|
set icap-block-log disable
|
|
set chunk-encap disable
|
|
unset extension-feature
|
|
set timeout 30
|
|
config icap-headers
|
|
edit 1
|
|
set name "X-Authenticated-User"
|
|
set content "$user"
|
|
set base64-encoding disable
|
|
next
|
|
edit 2
|
|
set name "X-Authenticated-Groups"
|
|
set content "$local_grp"
|
|
set base64-encoding disable
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config system network-visibility
|
|
set destination-visibility enable
|
|
set source-location enable
|
|
set destination-hostname-visibility enable
|
|
set hostname-ttl 86400
|
|
set hostname-limit 5000
|
|
set destination-location enable
|
|
end
|
|
config user peer
|
|
end
|
|
config user peergrp
|
|
end
|
|
config vpn qkd
|
|
end
|
|
config user certificate
|
|
end
|
|
config user radius
|
|
end
|
|
config user tacacs+
|
|
end
|
|
config user exchange
|
|
end
|
|
config user ldap
|
|
end
|
|
config user krb-keytab
|
|
end
|
|
config user domain-controller
|
|
end
|
|
config user pop3
|
|
end
|
|
config user saml
|
|
end
|
|
config user external-identity-provider
|
|
end
|
|
config user fsso
|
|
end
|
|
config user adgrp
|
|
end
|
|
config user fsso-polling
|
|
end
|
|
config user fortitoken
|
|
end
|
|
config user password-policy
|
|
end
|
|
config user local
|
|
end
|
|
config user setting
|
|
set auth-type http https ftp telnet
|
|
set auth-cert "Fortinet_Factory"
|
|
set auth-ca-cert ''
|
|
set auth-secure-http disable
|
|
set auth-http-basic disable
|
|
set auth-ssl-allow-renegotiation disable
|
|
set auth-src-mac enable
|
|
set auth-on-demand implicitly
|
|
set auth-timeout 5
|
|
set auth-timeout-type idle-timeout
|
|
set auth-portal-timeout 3
|
|
set radius-ses-timeout-act hard-timeout
|
|
set auth-blackout-time 0
|
|
set auth-invalid-max 5
|
|
set auth-lockout-threshold 3
|
|
set auth-lockout-duration 0
|
|
set per-policy-disclaimer disable
|
|
set auth-ssl-min-proto-version default
|
|
unset auth-ssl-max-proto-version
|
|
set auth-ssl-sigalgs all
|
|
set default-user-password-policy ''
|
|
end
|
|
config user quarantine
|
|
set quarantine enable
|
|
set traffic-policy ''
|
|
set firewall-groups ''
|
|
end
|
|
config user group
|
|
edit "SSO_Guest_Users"
|
|
set authtimeout 0
|
|
set http-digest-realm ''
|
|
next
|
|
end
|
|
config user security-exempt-list
|
|
end
|
|
config vpn ssl web realm
|
|
end
|
|
config vpn ssl web host-check-software
|
|
edit "FortiClient-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "1A0271D5-3D4F-46DB-0C2C-AB37BA90D9F7"
|
|
next
|
|
edit "FortiClient-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
|
|
next
|
|
edit "FortiClient-AV-Vista"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
|
|
next
|
|
edit "FortiClient-FW-Vista"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
|
|
next
|
|
edit "FortiClient5-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "5EEDDB8C-C27A-6714-3657-DBD811D1F1B7"
|
|
next
|
|
edit "AVG-Internet-Security-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
|
|
next
|
|
edit "AVG-Internet-Security-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "8DECF618-9569-4340-B34A-D78D28969B66"
|
|
next
|
|
edit "AVG-Internet-Security-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
|
|
next
|
|
edit "AVG-Internet-Security-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
|
|
next
|
|
edit "CA-Anti-Virus"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
|
|
next
|
|
edit "CA-Internet-Security-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
|
|
next
|
|
edit "CA-Internet-Security-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
|
|
next
|
|
edit "CA-Internet-Security-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
|
|
next
|
|
edit "CA-Internet-Security-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
|
|
next
|
|
edit "CA-Personal-Firewall"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
|
|
next
|
|
edit "F-Secure-Internet-Security-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
|
|
next
|
|
edit "F-Secure-Internet-Security-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "D4747503-0346-49EB-9262-997542F79BF4"
|
|
next
|
|
edit "F-Secure-Internet-Security-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "15414183-282E-D62C-CA37-EF24860A2F17"
|
|
next
|
|
edit "F-Secure-Internet-Security-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
|
|
next
|
|
edit "Kaspersky-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
|
|
next
|
|
edit "Kaspersky-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
|
|
next
|
|
edit "Kaspersky-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
|
|
next
|
|
edit "Kaspersky-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
|
|
next
|
|
edit "McAfee-Internet-Security-Suite-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
|
|
next
|
|
edit "McAfee-Internet-Security-Suite-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
|
|
next
|
|
edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
|
|
next
|
|
edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
|
|
next
|
|
edit "McAfee-Virus-Scan-Enterprise"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
|
|
next
|
|
edit "Norton-360-2.0-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
|
|
next
|
|
edit "Norton-360-2.0-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
|
|
next
|
|
edit "Norton-360-3.0-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
|
|
next
|
|
edit "Norton-360-3.0-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
|
|
next
|
|
edit "Norton-Internet-Security-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
|
|
next
|
|
edit "Norton-Internet-Security-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
|
|
next
|
|
edit "Norton-Internet-Security-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
|
|
next
|
|
edit "Norton-Internet-Security-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
|
|
next
|
|
edit "Symantec-Endpoint-Protection-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
|
|
next
|
|
edit "Symantec-Endpoint-Protection-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
|
|
next
|
|
edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
|
|
next
|
|
edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
|
|
next
|
|
edit "Panda-Antivirus+Firewall-2008-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
|
|
next
|
|
edit "Panda-Antivirus+Firewall-2008-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
|
|
next
|
|
edit "Panda-Internet-Security-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
|
|
next
|
|
edit "Panda-Internet-Security-2006~2007-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
|
|
next
|
|
edit "Panda-Internet-Security-2008~2009-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
|
|
next
|
|
edit "Sophos-Anti-Virus"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
|
|
next
|
|
edit "Sophos-Enpoint-Secuirty-and-Control-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
|
|
next
|
|
edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
|
|
next
|
|
edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
|
|
next
|
|
edit "Trend-Micro-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
|
|
next
|
|
edit "Trend-Micro-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
|
|
next
|
|
edit "Trend-Micro-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
|
|
next
|
|
edit "Trend-Micro-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
|
|
next
|
|
edit "ZoneAlarm-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
|
|
next
|
|
edit "ZoneAlarm-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
|
|
next
|
|
edit "ZoneAlarm-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
|
|
next
|
|
edit "ZoneAlarm-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
|
|
next
|
|
edit "ESET-Smart-Security-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
|
|
next
|
|
edit "ESET-Smart-Security-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
|
|
next
|
|
end
|
|
config vpn ssl web portal
|
|
edit "full-access"
|
|
set tunnel-mode enable
|
|
set ipv6-tunnel-mode enable
|
|
set web-mode enable
|
|
set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
|
|
set limit-user-logins disable
|
|
set forticlient-download enable
|
|
set ip-mode range
|
|
set auto-connect disable
|
|
set keep-alive disable
|
|
set save-password disable
|
|
set ip-pools "SSLVPN_TUNNEL_ADDR1"
|
|
set split-tunneling enable
|
|
set split-tunneling-routing-negate disable
|
|
set dns-server1 0.0.0.0
|
|
set dns-server2 0.0.0.0
|
|
set dns-suffix ''
|
|
set wins-server1 0.0.0.0
|
|
set wins-server2 0.0.0.0
|
|
set dhcp-ra-giaddr 0.0.0.0
|
|
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
|
|
set ipv6-split-tunneling enable
|
|
set ipv6-split-tunneling-routing-negate disable
|
|
set ipv6-dns-server1 ::
|
|
set ipv6-dns-server2 ::
|
|
set ipv6-wins-server1 ::
|
|
set ipv6-wins-server2 ::
|
|
set dhcp6-ra-linkaddr ::
|
|
set client-src-range disable
|
|
set landing-page-mode disable
|
|
set display-bookmark enable
|
|
set user-bookmark enable
|
|
set default-protocol web
|
|
set user-group-bookmark enable
|
|
set display-connection-tools enable
|
|
set display-history enable
|
|
set focus-bookmark disable
|
|
set display-status enable
|
|
set rewrite-ip-uri-ui disable
|
|
set heading "SSL-VPN Portal"
|
|
set redir-url ''
|
|
set theme security-fabric
|
|
set smb-ntlmv1-auth disable
|
|
set smb-min-version smbv2
|
|
set smb-max-version smbv3
|
|
set use-sdwan disable
|
|
set clipboard enable
|
|
set default-window-width 1024
|
|
set default-window-height 768
|
|
set host-check none
|
|
set mac-addr-check disable
|
|
set os-check disable
|
|
set forticlient-download-method direct
|
|
set customize-forticlient-download-url disable
|
|
set hide-sso-credential enable
|
|
next
|
|
edit "web-access"
|
|
set tunnel-mode disable
|
|
set ipv6-tunnel-mode disable
|
|
set web-mode enable
|
|
set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
|
|
set limit-user-logins disable
|
|
set forticlient-download enable
|
|
set dns-suffix ''
|
|
set landing-page-mode disable
|
|
set display-bookmark enable
|
|
set user-bookmark enable
|
|
set default-protocol web
|
|
set user-group-bookmark enable
|
|
set display-connection-tools enable
|
|
set display-history enable
|
|
set focus-bookmark disable
|
|
set display-status enable
|
|
set rewrite-ip-uri-ui disable
|
|
set heading "SSL-VPN Portal"
|
|
set redir-url ''
|
|
set theme security-fabric
|
|
set smb-ntlmv1-auth disable
|
|
set smb-min-version smbv2
|
|
set smb-max-version smbv3
|
|
set use-sdwan disable
|
|
set clipboard enable
|
|
set default-window-width 1024
|
|
set default-window-height 768
|
|
set forticlient-download-method direct
|
|
set customize-forticlient-download-url disable
|
|
set hide-sso-credential enable
|
|
next
|
|
edit "tunnel-access"
|
|
set tunnel-mode enable
|
|
set ipv6-tunnel-mode enable
|
|
set web-mode disable
|
|
set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
|
|
set limit-user-logins disable
|
|
set forticlient-download enable
|
|
set ip-mode range
|
|
set auto-connect disable
|
|
set keep-alive disable
|
|
set save-password disable
|
|
set ip-pools "SSLVPN_TUNNEL_ADDR1"
|
|
set split-tunneling enable
|
|
set split-tunneling-routing-negate disable
|
|
set dns-server1 0.0.0.0
|
|
set dns-server2 0.0.0.0
|
|
set dns-suffix ''
|
|
set wins-server1 0.0.0.0
|
|
set wins-server2 0.0.0.0
|
|
set dhcp-ra-giaddr 0.0.0.0
|
|
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
|
|
set ipv6-split-tunneling enable
|
|
set ipv6-split-tunneling-routing-negate disable
|
|
set ipv6-dns-server1 ::
|
|
set ipv6-dns-server2 ::
|
|
set ipv6-wins-server1 ::
|
|
set ipv6-wins-server2 ::
|
|
set dhcp6-ra-linkaddr ::
|
|
set client-src-range disable
|
|
set host-check none
|
|
set mac-addr-check disable
|
|
set os-check disable
|
|
set forticlient-download-method direct
|
|
set customize-forticlient-download-url disable
|
|
next
|
|
end
|
|
config vpn ssl settings
|
|
set status enable
|
|
set reqclientcert disable
|
|
set ssl-max-proto-ver tls1-3
|
|
set ssl-min-proto-ver tls1-2
|
|
set banned-cipher SHA1 SHA256 SHA384
|
|
set ciphersuite TLS-AES-128-GCM-SHA256 TLS-AES-256-GCM-SHA384 TLS-CHACHA20-POLY1305-SHA256
|
|
set ssl-insert-empty-fragment enable
|
|
set https-redirect disable
|
|
set x-content-type-options enable
|
|
set ssl-client-renegotiation disable
|
|
set force-two-factor-auth disable
|
|
set servercert "Fortinet_Factory"
|
|
set algorithm high
|
|
set idle-timeout 300
|
|
set auth-timeout 28800
|
|
set login-attempt-limit 2
|
|
set login-block-time 60
|
|
set login-timeout 30
|
|
set dns-suffix ''
|
|
set dns-server1 0.0.0.0
|
|
set dns-server2 0.0.0.0
|
|
set wins-server1 0.0.0.0
|
|
set wins-server2 0.0.0.0
|
|
set ipv6-dns-server1 ::
|
|
set ipv6-dns-server2 ::
|
|
set ipv6-wins-server1 ::
|
|
set ipv6-wins-server2 ::
|
|
set url-obscuration disable
|
|
set http-compression disable
|
|
set http-only-cookie enable
|
|
set port 443
|
|
set port-precedence enable
|
|
set auto-tunnel-static-route enable
|
|
set header-x-forwarded-for add
|
|
set browser-language-detection enable
|
|
set dtls-tunnel enable
|
|
set check-referer disable
|
|
set http-request-header-timeout 20
|
|
set http-request-body-timeout 30
|
|
set auth-session-check-source-ip enable
|
|
set tunnel-connect-without-reauth disable
|
|
set hsts-include-subdomains disable
|
|
set transform-backward-slashes disable
|
|
set encode-2f-sequence disable
|
|
set encrypt-and-store-password disable
|
|
set client-sigalgs all
|
|
set dual-stack-mode disable
|
|
set tunnel-addr-assigned-method first-available
|
|
set saml-redirect-port 8020
|
|
set ztna-trusted-client disable
|
|
set server-hostname ''
|
|
set dtls-hello-timeout 10
|
|
set dtls-heartbeat-idle-timeout 3
|
|
set dtls-heartbeat-interval 3
|
|
set dtls-heartbeat-fail-count 3
|
|
set dtls-max-proto-ver dtls1-2
|
|
set dtls-min-proto-ver dtls1-0
|
|
end
|
|
config vpn ssl web user-group-bookmark
|
|
end
|
|
config vpn ssl web user-bookmark
|
|
end
|
|
config vpn ssl client
|
|
end
|
|
config system sdwan
|
|
set status disable
|
|
set load-balance-mode source-ip-based
|
|
set speedtest-bypass-routing disable
|
|
set duplication-max-num 2
|
|
set neighbor-hold-down disable
|
|
set neighbor-hold-down-time 0
|
|
set app-perf-log-period 0
|
|
set neighbor-hold-boot-time 0
|
|
set fail-detect disable
|
|
config zone
|
|
edit "virtual-wan-link"
|
|
set advpn-select disable
|
|
set service-sla-tie-break cfg-order
|
|
set minimum-sla-meet-members 1
|
|
next
|
|
end
|
|
config health-check
|
|
edit "Default_DNS"
|
|
set probe-packets enable
|
|
set addr-mode ipv4
|
|
set system-dns enable
|
|
set detect-mode active
|
|
set ha-priority 1
|
|
set dns-request-domain "www.example.com"
|
|
set dns-match-ip 0.0.0.0
|
|
set interval 1000
|
|
set probe-timeout 1000
|
|
set failtime 5
|
|
set recoverytime 10
|
|
set probe-count 30
|
|
set diffservcode 000000
|
|
set update-cascade-interface enable
|
|
set update-static-route enable
|
|
set embed-measured-health disable
|
|
set sla-id-redistribute 0
|
|
set sla-fail-log-period 0
|
|
set sla-pass-log-period 0
|
|
set threshold-warning-packetloss 0
|
|
set threshold-alert-packetloss 0
|
|
set threshold-warning-latency 0
|
|
set threshold-alert-latency 0
|
|
set threshold-warning-jitter 0
|
|
set threshold-alert-jitter 0
|
|
set vrf 0
|
|
set source 0.0.0.0
|
|
set mos-codec g711
|
|
unset class-id
|
|
config sla
|
|
edit 1
|
|
set link-cost-factor latency jitter packet-loss
|
|
set latency-threshold 250
|
|
set jitter-threshold 50
|
|
set packetloss-threshold 5
|
|
set priority-in-sla 0
|
|
set priority-out-sla 0
|
|
next
|
|
end
|
|
next
|
|
edit "Default_Office_365"
|
|
set probe-packets enable
|
|
set addr-mode ipv4
|
|
set server "www.office.com"
|
|
set detect-mode active
|
|
set protocol https
|
|
set port 0
|
|
set ha-priority 1
|
|
set http-get "/"
|
|
set http-agent "Chrome/ Safari/"
|
|
set http-match ''
|
|
set interval 120000
|
|
set probe-timeout 1000
|
|
set failtime 5
|
|
set recoverytime 10
|
|
set probe-count 30
|
|
set diffservcode 000000
|
|
set update-cascade-interface enable
|
|
set update-static-route enable
|
|
set embed-measured-health disable
|
|
set sla-id-redistribute 0
|
|
set sla-fail-log-period 0
|
|
set sla-pass-log-period 0
|
|
set threshold-warning-packetloss 0
|
|
set threshold-alert-packetloss 0
|
|
set threshold-warning-latency 0
|
|
set threshold-alert-latency 0
|
|
set threshold-warning-jitter 0
|
|
set threshold-alert-jitter 0
|
|
set vrf 0
|
|
set source 0.0.0.0
|
|
set mos-codec g711
|
|
unset class-id
|
|
config sla
|
|
edit 1
|
|
set link-cost-factor latency jitter packet-loss
|
|
set latency-threshold 250
|
|
set jitter-threshold 50
|
|
set packetloss-threshold 5
|
|
set priority-in-sla 0
|
|
set priority-out-sla 0
|
|
next
|
|
end
|
|
next
|
|
edit "Default_Gmail"
|
|
set probe-packets enable
|
|
set addr-mode ipv4
|
|
set server "gmail.com"
|
|
set detect-mode active
|
|
set protocol ping
|
|
set ha-priority 1
|
|
set interval 1000
|
|
set probe-timeout 1000
|
|
set failtime 5
|
|
set recoverytime 10
|
|
set probe-count 30
|
|
set diffservcode 000000
|
|
set update-cascade-interface enable
|
|
set update-static-route enable
|
|
set embed-measured-health disable
|
|
set sla-id-redistribute 0
|
|
set sla-fail-log-period 0
|
|
set sla-pass-log-period 0
|
|
set threshold-warning-packetloss 0
|
|
set threshold-alert-packetloss 0
|
|
set threshold-warning-latency 0
|
|
set threshold-alert-latency 0
|
|
set threshold-warning-jitter 0
|
|
set threshold-alert-jitter 0
|
|
set vrf 0
|
|
set source 0.0.0.0
|
|
set mos-codec g711
|
|
unset class-id
|
|
config sla
|
|
edit 1
|
|
set link-cost-factor latency jitter packet-loss
|
|
set latency-threshold 250
|
|
set jitter-threshold 50
|
|
set packetloss-threshold 2
|
|
set priority-in-sla 0
|
|
set priority-out-sla 0
|
|
next
|
|
end
|
|
next
|
|
edit "Default_Google Search"
|
|
set probe-packets enable
|
|
set addr-mode ipv4
|
|
set server "www.google.com"
|
|
set detect-mode active
|
|
set protocol https
|
|
set port 0
|
|
set ha-priority 1
|
|
set http-get "/"
|
|
set http-agent "Chrome/ Safari/"
|
|
set http-match ''
|
|
set interval 120000
|
|
set probe-timeout 1000
|
|
set failtime 5
|
|
set recoverytime 10
|
|
set probe-count 30
|
|
set diffservcode 000000
|
|
set update-cascade-interface enable
|
|
set update-static-route enable
|
|
set embed-measured-health disable
|
|
set sla-id-redistribute 0
|
|
set sla-fail-log-period 0
|
|
set sla-pass-log-period 0
|
|
set threshold-warning-packetloss 0
|
|
set threshold-alert-packetloss 0
|
|
set threshold-warning-latency 0
|
|
set threshold-alert-latency 0
|
|
set threshold-warning-jitter 0
|
|
set threshold-alert-jitter 0
|
|
set vrf 0
|
|
set source 0.0.0.0
|
|
set mos-codec g711
|
|
unset class-id
|
|
config sla
|
|
edit 1
|
|
set link-cost-factor latency jitter packet-loss
|
|
set latency-threshold 250
|
|
set jitter-threshold 50
|
|
set packetloss-threshold 5
|
|
set priority-in-sla 0
|
|
set priority-out-sla 0
|
|
next
|
|
end
|
|
next
|
|
edit "Default_FortiGuard"
|
|
set probe-packets enable
|
|
set addr-mode ipv4
|
|
set server "fortiguard.com"
|
|
set detect-mode active
|
|
set protocol https
|
|
set port 0
|
|
set ha-priority 1
|
|
set http-get "/"
|
|
set http-agent "Chrome/ Safari/"
|
|
set http-match ''
|
|
set interval 120000
|
|
set probe-timeout 1000
|
|
set failtime 5
|
|
set recoverytime 10
|
|
set probe-count 30
|
|
set diffservcode 000000
|
|
set update-cascade-interface enable
|
|
set update-static-route enable
|
|
set embed-measured-health disable
|
|
set sla-id-redistribute 0
|
|
set sla-fail-log-period 0
|
|
set sla-pass-log-period 0
|
|
set threshold-warning-packetloss 0
|
|
set threshold-alert-packetloss 0
|
|
set threshold-warning-latency 0
|
|
set threshold-alert-latency 0
|
|
set threshold-warning-jitter 0
|
|
set threshold-alert-jitter 0
|
|
set vrf 0
|
|
set source 0.0.0.0
|
|
set mos-codec g711
|
|
unset class-id
|
|
config sla
|
|
edit 1
|
|
set link-cost-factor latency jitter packet-loss
|
|
set latency-threshold 250
|
|
set jitter-threshold 50
|
|
set packetloss-threshold 5
|
|
set priority-in-sla 0
|
|
set priority-out-sla 0
|
|
next
|
|
end
|
|
next
|
|
end
|
|
end
|
|
config vpn ipsec fec
|
|
end
|
|
config vpn kmip-server
|
|
end
|
|
config vpn ipsec phase1
|
|
end
|
|
config vpn ipsec phase2
|
|
end
|
|
config vpn ipsec manualkey
|
|
end
|
|
config vpn ipsec concentrator
|
|
end
|
|
config vpn ipsec phase1-interface
|
|
end
|
|
config vpn ipsec phase2-interface
|
|
end
|
|
config vpn ipsec manualkey-interface
|
|
end
|
|
config vpn pptp
|
|
set status disable
|
|
end
|
|
config vpn l2tp
|
|
set status disable
|
|
set lcp-max-echo-fails 3
|
|
set hello-interval 60
|
|
end
|
|
config vpn ipsec forticlient
|
|
end
|
|
config system evpn
|
|
end
|
|
config dnsfilter domain-filter
|
|
end
|
|
config dnsfilter profile
|
|
edit "default"
|
|
set comment "Default dns filtering."
|
|
config domain-filter
|
|
unset domain-filter-table
|
|
end
|
|
config ftgd-dns
|
|
unset options
|
|
config filters
|
|
edit 1
|
|
set category 2
|
|
set action monitor
|
|
next
|
|
edit 2
|
|
set category 7
|
|
set action monitor
|
|
next
|
|
edit 3
|
|
set category 8
|
|
set action monitor
|
|
next
|
|
edit 4
|
|
set category 9
|
|
set action monitor
|
|
next
|
|
edit 5
|
|
set category 11
|
|
set action monitor
|
|
next
|
|
edit 6
|
|
set category 12
|
|
set action monitor
|
|
next
|
|
edit 7
|
|
set category 13
|
|
set action monitor
|
|
next
|
|
edit 8
|
|
set category 14
|
|
set action monitor
|
|
next
|
|
edit 9
|
|
set category 15
|
|
set action monitor
|
|
next
|
|
edit 10
|
|
set category 16
|
|
set action monitor
|
|
next
|
|
edit 11
|
|
set category 0
|
|
set action monitor
|
|
next
|
|
edit 12
|
|
set category 57
|
|
set action monitor
|
|
next
|
|
edit 13
|
|
set category 63
|
|
set action monitor
|
|
next
|
|
edit 14
|
|
set category 64
|
|
set action monitor
|
|
next
|
|
edit 15
|
|
set category 65
|
|
set action monitor
|
|
next
|
|
edit 16
|
|
set category 66
|
|
set action monitor
|
|
next
|
|
edit 17
|
|
set category 67
|
|
set action monitor
|
|
next
|
|
edit 18
|
|
set category 26
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 19
|
|
set category 61
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 20
|
|
set category 86
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 21
|
|
set category 88
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 22
|
|
set category 90
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 23
|
|
set category 91
|
|
set action block
|
|
set log enable
|
|
next
|
|
end
|
|
end
|
|
set log-all-domain disable
|
|
set sdns-ftgd-err-log enable
|
|
set sdns-domain-log enable
|
|
set block-action redirect
|
|
set block-botnet enable
|
|
set safe-search disable
|
|
set strip-ech enable
|
|
set redirect-portal 0.0.0.0
|
|
set redirect-portal6 ::
|
|
next
|
|
end
|
|
config system gre-tunnel
|
|
end
|
|
config system ipsec-aggregate
|
|
end
|
|
config system ipip-tunnel
|
|
end
|
|
config system mobile-tunnel
|
|
end
|
|
config system pppoe-interface
|
|
end
|
|
config system vxlan
|
|
end
|
|
config system geneve
|
|
end
|
|
config system virtual-wire-pair
|
|
end
|
|
config system dns-database
|
|
end
|
|
config system dns-server
|
|
end
|
|
config log custom-field
|
|
end
|
|
config antivirus settings
|
|
set machine-learning-detection enable
|
|
set use-extreme-db disable
|
|
set grayware enable
|
|
set override-timeout 0
|
|
set cache-infected-result enable
|
|
end
|
|
config antivirus quarantine
|
|
set agelimit 0
|
|
set maxfilesize 0
|
|
set quarantine-quota 0
|
|
unset drop-infected
|
|
set store-infected imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
|
|
unset drop-machine-learning
|
|
set store-machine-learning imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
|
|
set lowspace ovrw-old
|
|
set destination disk
|
|
end
|
|
config antivirus exempt-list
|
|
end
|
|
config ssh-filter profile
|
|
end
|
|
config antivirus profile
|
|
edit "g-default"
|
|
set comment "Scan files and block viruses."
|
|
set replacemsg-group ''
|
|
set mobile-malware-db enable
|
|
config http
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config ftp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config imap
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config pop3
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config smtp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config nntp
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config cifs
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config nac-quar
|
|
set infected none
|
|
set log disable
|
|
end
|
|
set outbreak-prevention-archive-scan disable
|
|
set external-blocklist-enable-all enable
|
|
set ems-threat-feed disable
|
|
set av-virus-log enable
|
|
set extended-log disable
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "Scan files and monitor viruses."
|
|
set replacemsg-group ''
|
|
set mobile-malware-db enable
|
|
config http
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config ftp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config imap
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config pop3
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config smtp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config nntp
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config cifs
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config nac-quar
|
|
set infected none
|
|
set log disable
|
|
end
|
|
set outbreak-prevention-archive-scan disable
|
|
set external-blocklist-enable-all enable
|
|
set ems-threat-feed disable
|
|
set av-virus-log enable
|
|
set extended-log disable
|
|
next
|
|
edit "g-wifi-default"
|
|
set comment "Default configuration for offloading WiFi traffic."
|
|
set replacemsg-group ''
|
|
set mobile-malware-db enable
|
|
config http
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config ftp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config imap
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config pop3
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config smtp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config nntp
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config cifs
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config nac-quar
|
|
set infected none
|
|
set log disable
|
|
end
|
|
set outbreak-prevention-archive-scan disable
|
|
set external-blocklist-enable-all enable
|
|
set ems-threat-feed disable
|
|
set av-virus-log enable
|
|
set extended-log disable
|
|
next
|
|
end
|
|
config file-filter profile
|
|
edit "g-default"
|
|
set comment "File type inspection."
|
|
set replacemsg-group ''
|
|
set log enable
|
|
set extended-log disable
|
|
set scan-archive-contents enable
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "File type inspection."
|
|
set replacemsg-group ''
|
|
set log enable
|
|
set extended-log disable
|
|
set scan-archive-contents enable
|
|
next
|
|
end
|
|
config webfilter profile
|
|
edit "g-default"
|
|
set comment "Default web filtering."
|
|
set replacemsg-group ''
|
|
unset options
|
|
set https-replacemsg enable
|
|
set web-flow-log-encoding utf-8
|
|
set post-action normal
|
|
config web
|
|
set bword-threshold 10
|
|
set blocklist disable
|
|
unset allowlist
|
|
unset safe-search
|
|
end
|
|
set wisp disable
|
|
set log-all-url disable
|
|
set web-content-log enable
|
|
set web-filter-command-block-log enable
|
|
set web-filter-cookie-log enable
|
|
set web-url-log enable
|
|
set web-invalid-domain-log enable
|
|
set extended-log disable
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "Monitor web traffic."
|
|
set replacemsg-group ''
|
|
unset options
|
|
set https-replacemsg enable
|
|
set web-flow-log-encoding utf-8
|
|
set post-action normal
|
|
config web
|
|
set bword-threshold 10
|
|
set blocklist disable
|
|
unset allowlist
|
|
unset safe-search
|
|
end
|
|
set wisp disable
|
|
set log-all-url disable
|
|
set web-content-log enable
|
|
set web-filter-command-block-log enable
|
|
set web-filter-cookie-log enable
|
|
set web-url-log enable
|
|
set web-invalid-domain-log enable
|
|
set extended-log disable
|
|
next
|
|
edit "g-wifi-default"
|
|
set comment "Default configuration for offloading WiFi traffic."
|
|
set replacemsg-group ''
|
|
set options block-invalid-url
|
|
set https-replacemsg enable
|
|
set web-flow-log-encoding utf-8
|
|
set post-action normal
|
|
config web
|
|
set bword-threshold 10
|
|
set blocklist disable
|
|
unset allowlist
|
|
unset safe-search
|
|
end
|
|
set wisp disable
|
|
set log-all-url disable
|
|
set web-content-log enable
|
|
set web-filter-command-block-log enable
|
|
set web-filter-cookie-log enable
|
|
set web-url-log enable
|
|
set web-invalid-domain-log enable
|
|
set extended-log disable
|
|
next
|
|
end
|
|
config webfilter ftgd-local-rating
|
|
end
|
|
config webfilter search-engine
|
|
edit "g-baidu"
|
|
set hostname ".*\\.baidu\\.com"
|
|
set url "^\\/s?\\?"
|
|
set query "wd="
|
|
set safesearch disable
|
|
next
|
|
edit "g-baidu2"
|
|
set hostname ".*\\.baidu\\.com"
|
|
set url "^\\/(ns|q|m|i|v)\\?"
|
|
set query "word="
|
|
set safesearch disable
|
|
next
|
|
edit "g-baidu3"
|
|
set hostname "tieba\\.baidu\\.com"
|
|
set url "^\\/f\\?"
|
|
set query "kw="
|
|
set safesearch disable
|
|
next
|
|
edit "g-bing"
|
|
set hostname ".*\\.bing\\..*"
|
|
set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
|
|
set query "q="
|
|
set safesearch header
|
|
next
|
|
edit "g-google"
|
|
set hostname ".*\\.google\\..*"
|
|
set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
|
|
set query "q="
|
|
set safesearch url
|
|
set safesearch-str "&safe=active"
|
|
next
|
|
edit "g-google-translate-1"
|
|
set hostname "translate\\.google\\..*"
|
|
set url "^\\/translate"
|
|
set query "u="
|
|
set safesearch translate
|
|
set safesearch-str "regex::(?:\\?|&)u=([^&]+)::\\1"
|
|
next
|
|
edit "g-google-translate-2"
|
|
set hostname ".*\\.translate\\.goog"
|
|
set url "^\\/"
|
|
set query ''
|
|
set safesearch translate
|
|
set safesearch-str "case::google-translate"
|
|
next
|
|
edit "g-twitter"
|
|
set hostname "twitter\\.com"
|
|
set url "^\\/i\\/api\\/graphql\\/.*\\/UserByScreenName"
|
|
set query "variables="
|
|
set safesearch translate
|
|
set safesearch-str "regex::%22screen_name%22:%22([A-Za-z0-9_]{4,15})%22::twitter.com/\\1"
|
|
next
|
|
edit "g-vimeo"
|
|
set hostname ".*vimeo.*"
|
|
set url "^\\/search\\?"
|
|
set query "q="
|
|
set safesearch header
|
|
next
|
|
edit "g-yahoo"
|
|
set hostname ".*\\.yahoo\\..*"
|
|
set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
|
|
set query "p="
|
|
set safesearch url
|
|
set safesearch-str "&vm=r"
|
|
next
|
|
edit "g-yandex"
|
|
set hostname "yandex\\..*"
|
|
set url "^\\/((|yand|images\\/|video\\/)(search)|search\\/)\\?"
|
|
set query "text="
|
|
set safesearch url
|
|
set safesearch-str "&family=yes"
|
|
next
|
|
edit "g-youtube"
|
|
set hostname ".*youtube.*"
|
|
set url ''
|
|
set query ''
|
|
set safesearch header
|
|
next
|
|
edit "g-yt-channel"
|
|
set hostname ''
|
|
set url "www.youtube.com/channel"
|
|
set query ''
|
|
set safesearch yt-channel
|
|
next
|
|
edit "g-yt-pattern"
|
|
set hostname ''
|
|
set url "youtube.com/channel/"
|
|
set query ''
|
|
set safesearch yt-pattern
|
|
next
|
|
edit "g-yt-scan-1"
|
|
set hostname ''
|
|
set url "www.youtube.com/user/"
|
|
set query ''
|
|
set safesearch yt-scan
|
|
next
|
|
edit "g-yt-scan-2"
|
|
set hostname ''
|
|
set url "www.youtube.com/youtubei/v1/browse"
|
|
set query ''
|
|
set safesearch yt-scan
|
|
next
|
|
edit "g-yt-scan-3"
|
|
set hostname ''
|
|
set url "www.youtube.com/youtubei/v1/player"
|
|
set query ''
|
|
set safesearch yt-scan
|
|
next
|
|
edit "g-yt-scan-4"
|
|
set hostname ''
|
|
set url "www.youtube.com/youtubei/v1/navigator"
|
|
set query ''
|
|
set safesearch yt-scan
|
|
next
|
|
edit "yt-video"
|
|
set hostname ''
|
|
set url "www.youtube.com/watch"
|
|
set query ''
|
|
set safesearch yt-video
|
|
next
|
|
end
|
|
config emailfilter profile
|
|
edit "default"
|
|
set comment "Malware and phishing URL filtering."
|
|
set replacemsg-group ''
|
|
set spam-log enable
|
|
set spam-filtering disable
|
|
unset options
|
|
config imap
|
|
set log-all disable
|
|
end
|
|
config pop3
|
|
set log-all disable
|
|
end
|
|
config smtp
|
|
set log-all disable
|
|
end
|
|
config msn-hotmail
|
|
set log-all disable
|
|
end
|
|
config gmail
|
|
set log-all disable
|
|
end
|
|
set spam-bword-threshold 10
|
|
unset spam-bword-table
|
|
unset spam-bal-table
|
|
unset spam-mheader-table
|
|
unset spam-iptrust-table
|
|
next
|
|
edit "sniffer-profile"
|
|
set comment "Malware and phishing URL monitoring."
|
|
set replacemsg-group ''
|
|
set spam-log enable
|
|
set spam-filtering disable
|
|
unset options
|
|
config imap
|
|
set log-all disable
|
|
end
|
|
config pop3
|
|
set log-all disable
|
|
end
|
|
config smtp
|
|
set log-all disable
|
|
end
|
|
config msn-hotmail
|
|
set log-all disable
|
|
end
|
|
config gmail
|
|
set log-all disable
|
|
end
|
|
set spam-bword-threshold 10
|
|
unset spam-bword-table
|
|
unset spam-bal-table
|
|
unset spam-mheader-table
|
|
unset spam-iptrust-table
|
|
next
|
|
end
|
|
config virtual-patch profile
|
|
edit "g-default"
|
|
set comment ''
|
|
set severity info low medium high critical
|
|
set action block
|
|
set log enable
|
|
next
|
|
end
|
|
config wanopt settings
|
|
set host-id "default-id"
|
|
set tunnel-ssl-algorithm high
|
|
set auto-detect-algorithm simple
|
|
set tunnel-optimization balanced
|
|
end
|
|
config wanopt peer
|
|
end
|
|
config wanopt auth-group
|
|
end
|
|
config wanopt profile
|
|
edit "default"
|
|
set transparent enable
|
|
set comments "Default WANopt profile."
|
|
set auth-group ''
|
|
config http
|
|
set status disable
|
|
set secure-tunnel disable
|
|
set byte-caching enable
|
|
set ssl disable
|
|
set prefer-chunking fix
|
|
set protocol-opt protocol
|
|
set tunnel-sharing private
|
|
end
|
|
config cifs
|
|
set status disable
|
|
set secure-tunnel disable
|
|
set byte-caching enable
|
|
set prefer-chunking fix
|
|
set protocol-opt protocol
|
|
set tunnel-sharing private
|
|
end
|
|
config mapi
|
|
set status disable
|
|
set secure-tunnel disable
|
|
set byte-caching enable
|
|
set tunnel-sharing private
|
|
end
|
|
config ftp
|
|
set status disable
|
|
set secure-tunnel disable
|
|
set byte-caching enable
|
|
set prefer-chunking fix
|
|
set protocol-opt protocol
|
|
set tunnel-sharing private
|
|
end
|
|
config tcp
|
|
set status disable
|
|
end
|
|
next
|
|
end
|
|
config system speed-test-server
|
|
end
|
|
config log memory setting
|
|
set status enable
|
|
end
|
|
config log disk setting
|
|
set status disable
|
|
end
|
|
config log eventfilter
|
|
set event enable
|
|
set system enable
|
|
set vpn enable
|
|
set user enable
|
|
set router enable
|
|
set wireless-activity enable
|
|
set wan-opt enable
|
|
set endpoint enable
|
|
set ha enable
|
|
set security-rating enable
|
|
set fortiextender enable
|
|
set connector enable
|
|
set sdwan enable
|
|
set cifs enable
|
|
set switch-controller enable
|
|
set webproxy enable
|
|
end
|
|
config log memory filter
|
|
set severity information
|
|
set forward-traffic enable
|
|
set local-traffic enable
|
|
set multicast-traffic enable
|
|
set sniffer-traffic enable
|
|
set ztna-traffic enable
|
|
set anomaly enable
|
|
set voip enable
|
|
set gtp enable
|
|
set forti-switch enable
|
|
end
|
|
config log disk filter
|
|
set severity information
|
|
set forward-traffic enable
|
|
set local-traffic enable
|
|
set multicast-traffic enable
|
|
set sniffer-traffic enable
|
|
set ztna-traffic enable
|
|
set anomaly enable
|
|
set voip enable
|
|
set dlp-archive enable
|
|
set gtp enable
|
|
set forti-switch enable
|
|
end
|
|
config log fortiguard override-setting
|
|
set override disable
|
|
set access-config enable
|
|
end
|
|
config log tacacs+accounting setting
|
|
set status disable
|
|
set source-ip ''
|
|
set interface-select-method auto
|
|
end
|
|
config log tacacs+accounting2 setting
|
|
set status disable
|
|
set source-ip ''
|
|
set interface-select-method auto
|
|
end
|
|
config log tacacs+accounting3 setting
|
|
set status disable
|
|
set source-ip ''
|
|
set interface-select-method auto
|
|
end
|
|
config log tacacs+accounting filter
|
|
set login-audit enable
|
|
set config-change-audit enable
|
|
set cli-cmd-audit disable
|
|
end
|
|
config log tacacs+accounting2 filter
|
|
set login-audit enable
|
|
set config-change-audit enable
|
|
set cli-cmd-audit disable
|
|
end
|
|
config log tacacs+accounting3 filter
|
|
set login-audit enable
|
|
set config-change-audit enable
|
|
set cli-cmd-audit disable
|
|
end
|
|
config log null-device setting
|
|
set status disable
|
|
end
|
|
config log null-device filter
|
|
set severity information
|
|
set forward-traffic enable
|
|
set local-traffic enable
|
|
set multicast-traffic enable
|
|
set sniffer-traffic enable
|
|
set ztna-traffic enable
|
|
set anomaly enable
|
|
set voip enable
|
|
set gtp enable
|
|
set forti-switch enable
|
|
end
|
|
config log setting
|
|
set resolve-ip disable
|
|
set resolve-port enable
|
|
set log-user-in-upper disable
|
|
set fwpolicy-implicit-log disable
|
|
set fwpolicy6-implicit-log disable
|
|
set extended-log disable
|
|
set local-in-allow disable
|
|
set local-in-deny-unicast disable
|
|
set local-in-deny-broadcast disable
|
|
set local-out enable
|
|
set local-out-ioc-detection enable
|
|
set neighbor-event disable
|
|
set brief-traffic-format disable
|
|
set user-anonymize disable
|
|
set fortiview-weekly-data disable
|
|
set expolicy-implicit-log disable
|
|
set log-policy-comment disable
|
|
set faz-override disable
|
|
set syslog-override disable
|
|
set rest-api-set disable
|
|
set rest-api-get disable
|
|
set rest-api-performance disable
|
|
set long-live-session-stat enable
|
|
end
|
|
config log gui-display
|
|
set resolve-hosts enable
|
|
set resolve-apps enable
|
|
set fortiview-unscanned-apps disable
|
|
end
|
|
config system lldp network-policy
|
|
end
|
|
config system pcp-server
|
|
set status disable
|
|
end
|
|
config firewall schedule onetime
|
|
end
|
|
config firewall schedule recurring
|
|
edit "always"
|
|
set start 00:00
|
|
set end 00:00
|
|
set day sunday monday tuesday wednesday thursday friday saturday
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "none"
|
|
set start 00:00
|
|
set end 00:00
|
|
set day none
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "default-darrp-optimize"
|
|
set start 01:00
|
|
set end 01:30
|
|
set day sunday monday tuesday wednesday thursday friday saturday
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
end
|
|
config firewall schedule group
|
|
end
|
|
config firewall ippool
|
|
end
|
|
config firewall ippool6
|
|
end
|
|
config firewall ldb-monitor
|
|
end
|
|
config firewall vip
|
|
end
|
|
config firewall vip6
|
|
end
|
|
config firewall vipgrp
|
|
end
|
|
config firewall vipgrp6
|
|
end
|
|
config firewall ssh local-key
|
|
edit "g-Fortinet_SSH_DSA1024"
|
|
set password ENC THFVdQx+6sx+UInmPpUxURq5tfekrSRdPobHtFhPWgnaticPmEfKqpGg7TH1LF3+tR5R2QRtjuH/9Js6gPcDKYgKNbDQ1qc+bC7DJLf/DFlVtAM4v3GsOk1ugL42hvN0y7v7kr+kYNL+FQUuKX2R2uXf8BFkSShwjd/o8X6STctbPmqy9J6BQA1XRMZeip3GtmKCKVlmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCV7DL5b6
|
|
cQ4DFxLFfd9NBXAAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDho
|
|
KqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTq
|
|
a7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq
|
|
7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXk
|
|
jxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFR
|
|
XsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEe
|
|
P+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5
|
|
lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11G
|
|
wlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQAAAHgUeQzjFiceCe8Mfak
|
|
H97NypLIabuKsuXWYdK/YowIdC9ZVR0k2T28Zv+c3zNpLJfnm5pZnO4aX3VX98d5NlYarc
|
|
CuGS/xMjwxVuTo/FoJ5Pv3EUIvAO8i9JYPs+FGNkYQlbAQ+duxXUKVjGLBSID8zxQx/cz/
|
|
PAR1iwLkbXdJdO+NCgj81YIiwGG8YtSHHR0hYzf+Trb04p9sDwZWcBLBWEHDv7WW7ZH4t5
|
|
D8uGkNAlivP8VIdSYxtpMcGa52+LADwGh9/4nezEvcHRLogwc2pEQRGCNKdayXWBuYiplY
|
|
Yddz734+NQHkmyTZZ8UuoINM8fCfu8nu8MKGA0w1aFyBJMAMoHQMsPRdUNr9Jv/JeZcfht
|
|
N9cXibpgIzxC+DvnxUASnKbF+s5ry0L9KQWmZukfm9W4UMoBadgLRF7GwK0bgasacWiP+w
|
|
UPDXc5woeJgBWw2qOaC0Fq4tpoUndCni0IHrKwihZb0lqMBK1wTWSdXX1PDvAgD/dluttR
|
|
hoLJzECgbAT8hK6UYoCHbAFl854ZSCYbZE3ZqknMWMPrAx67VQkcfkoI+7vL4G60NdKPJ3
|
|
l9v1llo/eMY8StltYorKalr7PHu8cM1dpkvpfHTMJn1Ox78QXmbLP2kK57ChPm3s
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDhoKqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTqa7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXkjxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFRXsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEeP+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11GwlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQ="
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_ECDSA256"
|
|
set password ENC 0VEnMsBgX3yZ0GnrKX+CvhY7BOSBM/quVacQBVlvfH7X6vFeUZJEDDL8eDRcDmBxmTE0R17FEvCEvo5xdxwrxTaiCluTAWFBxNiHZkiwlr6MBvMgkNQTbZvEaRZP7ccWbsRpL016BeGkGiXNJSNtWXli8t9YmxnXa2VCE275Th+rtY4C3t1klTLnmWQuR5Jh2ObP11lmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDWswKzHl
|
|
aPj5eXaLmQWZXVAAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
|
|
dHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvK
|
|
y7MHqF8ARHi1glc6RSoarryTUQuCIAAACg4SS+EPsp+ZqCTFN7GvtH9z9bU4OTN6G1Bfdv
|
|
vrru+xqPzixqYvUAvgqwvNnrtkq6NVCx5QANnxBGdnJNrUckZTw6f6KBUoVKF78fRBMYWe
|
|
JsOBJ1uJujShmxSiEGSyFYcXhCCq8Fy9goi1VpuAn3EXi8ymij6j+iqlU9+kIsbNTuZqd8
|
|
zolTGUvO8QIuzpzl2VK47Y8KnDwmXaEhwYPbPA==
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvKy7MHqF8ARHi1glc6RSoarryTUQuCI="
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_ECDSA384"
|
|
set password ENC LCwbpr4hPlNZJ4HNiYDxD2Iu6UBvMuRdOjpUiEeYOhAFQr1rT4m1aAAwXfbvwS2kg6+qRqusdB9WQKC+pMsvgnhnJGXLdeh4M7+vHzVLGX3YwVkRV1DvM+X9KF1/WpQX28pJgdDwlQzZGk8rS0TKq7xuoz1Zets2zZ/cKXsRN6K+eYKVrg6wFT+S27RCmB16vhwQnllmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDbSYBuM2
|
|
11IfFhYCRE5sRQAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
|
|
dHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMj
|
|
U5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXx
|
|
dgAAANCGkPrVLVn6hc/M4lCGoZ1nFz57gA+8Kzl0cAXL4UAJHZPOuNI6C137KbjNlxsGQc
|
|
YwFFKpDU23zcQyWbUkqydmggO+czct9o3kAU6WVK3RlGs9lhI6eeT7Z2FBRm0DISCXgi3c
|
|
JETaHXDDeMYB5WWDuNut2ex/qtWiv93xxm9JBgv113GdAYaD1+s1wsFWQgq40gOVFtLpJT
|
|
7ck+uCjfgkvj0u0EHgSCHCl/FYin5tH2mAS9yz1kKW2EsUzufEBU9roWaBgUuZszrWsX7T
|
|
Uzjs
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMjU5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXxdg=="
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_ECDSA521"
|
|
set password ENC J3bMWepdS0X8taze9AQ43a9cKbOW1WGptxlh4jr36Kh8hhlbIXh/ZovjKDjcrpSiOqjFvFALkMoYahNHnPV4xAot/kadtgldrOgyJnKPdy7/KFLJ4zbQkEBNUCUUYVMQYZ2meJi0qxLciaX0zxrBfc8BJPycm0DcKmFNRCBnoOedUksucMN6rajUxgLdyPMM4kvAyFlmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBDVO8Ujp
|
|
OpeKLIgEatpDJnAAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
|
|
dHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdF
|
|
t5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+K
|
|
HPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RAAAAQCJDmDSUGShG163fq
|
|
XABvww6uZX6RKPV0hve3T9e8VwFWeqjKegGTEP3q4bhXErJ20Ur1oqyQh1a2rf95VXHkoL
|
|
W9dGf9c09ifXDYVHMtUto1M0S2T+szFRr0fnAtLsvmeUM5GUlB07Kin+VKmycHZiB1bF0z
|
|
vIKMBi3KLMXtAUevSvKyruI7YiKqD4CwSvULU73zoziGh0jhUNVpzBdK9pNZHdUMVtxTrX
|
|
a9gu13ZGVvPGyrRuDsvQMks6L7KIIKF0W0vRBY6AOvy3A2GNrLrdkHj2jy8fzcyZwWkt+b
|
|
azdh/FrGRZTDTro6CDeF92cjGixeU26B2se812bLw/U2It
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdFt5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+KHPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RA=="
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_ED25519"
|
|
set password ENC gmZf6fecmdjX8W2P1oYg5wmk2dEPbVikLLZ4g5LXk622QhrKuCghOlqxVLwMD5WTD322LgANUJZBomP51N6WXAaXWO0qC7c8A2NbdwuS08Be+j/opXwuz95vFxSv8du3Vgncad1JxWgnF5PSXVjX4/rgwcvbLpZ8vWN4xFabhjzo/FKA8VP/y4Y5L63lU0NvX2d1mllmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAg8FF7ts
|
|
9O5tOD/3vfMgwHAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd
|
|
3JUEAvHnugjOGiXz5Puxg/8YfanOAAAAkBccPI9Dq/7BCMcTVUE9z4ybcOVMlI+53gfr+g
|
|
p67zVLKHPX96XSk/XQBKLjKJ6PSLl9UuEE4MP40LjlSH6U7DlQc3+Kbw8ijV0SbLgH3tV3
|
|
8sXLY4Q3xZCI9VROo82lN2NZfSBk90A5+SahMizkr/M25+OjcLWgkxmzz1t08sjfIt4ZsH
|
|
60nNsm7lppl/WZJw==
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd3JUEAvHnugjOGiXz5Puxg/8YfanO"
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_RSA2048"
|
|
set password ENC PeJMXBjZU9LFjlLHjZJJk5cEsg6o4z6U736Nv7QI7QUVHabNqXbAJZXb844ZfXgcgYyN+rg0JR6eig3U4PMYxpV8bG05J8PDXzEdguJzM6dXffDRNvxvncC0b0eB8zjFh23NK4XCfNdBd+ZnBAogtpO+0rAlvYn8uFoGWskzWrcCahWb9mxSS2aiHGPydw6UKtXh6llmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBV/6oGox
|
|
s8r2NeX1aYozX/AAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhh
|
|
Q5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7
|
|
A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GK
|
|
hFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvC
|
|
HA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8z
|
|
OSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0vAAADwNY1Gj3rHBwaak
|
|
/XfAz6YK3kX+fEHOOzWTndUjw6DIoxsTMHZmi/LcesSRkvPMRyaNxuTO55as3pObXZGFqa
|
|
ZmMttSroXyNIiF8AdUCMkA1AZZqpD+S2FURxgLgVQdLFW4auM8wl6Ci55LGqnQYXDiJWSX
|
|
0yBEc1MuHmN0TH4JEW0kGAeWD8i5rCCD8i4J6thxMbtOBqBB5WDPcrBQHetw8cKWU5F2ee
|
|
2+SjVLKhoct25Uija7lsPAX3NXnTwfz9NK2j0jGZ34PVbUmfxfoV0ubBi76SasjBwfQ8DO
|
|
TV/buWY9I98HSV8271/HAW1WOSQ61XfgymKUQkeVH1Ybv4tz8wp9Kkzp+bX1tFtN1dSCwj
|
|
S4MpJKYsFLaFB2nlPiupaLtGk1bn4nKrlVQYfT679oo3vUKTfYcHPr6SDILBaM+EKL2AjU
|
|
2OEA6TlHZ4gZeo3gUgfg1Jgzt2OgG5SO79nlkRGvR1Gylc3XzaEMiN3WWhVqKy9V0ldPgO
|
|
kv3M+jlt2rJkmt4QtfASQftQKeVb7oiGNM0UM1hJnwVEGUCMpg53mcfjQ9hkB0fUYAVLz9
|
|
dgANa82ULxHi0HVGpfbqVBI6NdFJmw57bJoJljCfJQ+Wq5nRHkUawuuNXj7MOeGUBdxNug
|
|
qQ2sC9brktnF0TamT3WH8aRGC8B5Z1IQceoKlGHYLOnEDHUHtnQQACA1TD3XPeHHuy0U+x
|
|
5vMPAOX/ZR2DsFpvqF2FaRL17kMAoCxwzPUsjFq/Y5yu1My3f3XZjcXYa4Mg1MTqxnnzK8
|
|
QvKUbdmihaGyR/RWCfVsscE0IOZz3ETeGEGhEqJ5eGWeuAPZqki6I27JYLKkoZUQ8i8j/n
|
|
damYMauMsFEsJtg89urRF6KkH0NtrcXQYr4fPHYY0W/xMQkUesyarBh2n91D6RWYCt7Blp
|
|
7Yr15Ycc8cQ19ahNxCaQVZOH6/mkfJGVRWKJfhf1BtKD/ORoatbRflHde11dysy8BF1FxM
|
|
ZLnC2S2UcJxIDNP4tmSsSnpbfAGghSzNkAx3ibJ1ch+TkK61a3gCqW023qlT85bS21yii6
|
|
cBvcEA5qk37bJFMFD1/aazPMOrro0pI10i0ptssTEEpS310O9GHdUbM5djJEEb60pWQQK2
|
|
43G5JtJz1n5WCXacVPCq7otkhEQ+xf3Y8AXs54FGrgBrDC4FZsQLWgT49oLr8B6scDGRee
|
|
F3L1d65Jd4v0i2w7DFGKZBoZB5VvZpbgnwcQN41iWGdJp5c9/sEZd65vw9dFGIU+ql2lTl
|
|
5aoiXWbA==
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhhQ5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GKhFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvCHA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8zOSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0v"
|
|
set source built-in
|
|
next
|
|
end
|
|
config firewall ssh local-ca
|
|
edit "g-Fortinet_SSH_CA"
|
|
set password ENC xIjbuzI5OsWY2yUVSVJgXbdsmq9GNmFLyNSbLIYDd8KDCkMG5amD3QsKv8oUuBEd0OatI+HK0zi24refu0Zka6qiHHEV+ksZWrHbwoFeJX5IIkxJy5uGXDAcdRaia0J4n4jUciGXPIyPwAEvJ1yUFnnVVMTqrb+eOuniY+dmHr/3JAnlNMgoZoCXy3byirm+BugqHllmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAZX89z8D
|
|
GkPICCVmUOqFHzAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAAC
|
|
NC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+U
|
|
ZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGP
|
|
E/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7A
|
|
TB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIa
|
|
Mk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9AAADwGnQQNm4H/LBQ9
|
|
Gr4hdGE5Aat0klop3XgTQRD8Z1YDr9ukmYdLJQF6o1f+eIAl8S2C+pgU8gPHWhJyGohG3A
|
|
SzK82bz602VrHPrDQoWS3judXppJ+A1NTxtwXXM7KmxZJyfxBkaTkgIljysEGbvJuGivGF
|
|
NU8kAwZBAgeK0JiuaI4DqQGoe0mYcaZmdHiXkD+5csUDGya5aJjlo75sbbP4A+f4SisAjp
|
|
J0myeXeb6XO1ihGbuVOk5bPWD00LPmYf/5ANCAyA2J/Df/5E4gdhpQc8aLAYf5kQLBiGgw
|
|
/Y4TGBWuMIgKtTxPku0mHZb3AZbKNfli6yT0nJguouUhI1rfkqHJOW4XlkESr8F9uEtZlm
|
|
POVsoCIGehjvUInBe7r40nQAb04LZ6GmWqZHX40fupFU4La4522c1o28r1qgu9h6mxq68i
|
|
wYIfaOxRQR0xKoHLV9UjcX7MDo2lMOl31hBL6wbm/SuvoOfbr3x5Ouf0aw1GA71IFMSfHn
|
|
coDAW3V7kF1ejFCFEkddzj/0zpZUXf+blCQPG5UIWmb4qjKCsrrzLHUyx/G3d0UHpTK0Ih
|
|
FZgzYUn5kX6ImlsHwOptqtoJYPeqVHZ+kK7pSSgz0M4IEmdBC1ABtaXe3uvl6KhkFlymFu
|
|
yrbWSCtyW227l3jwcQj3ZRosp2mqB37VZSvEhw9QQbfgfv7f0a5Jnhgbct5L4f66HhZfhU
|
|
Eb/L42SC4TkxPrl0ZSQ/UPOXSQUlHOGCIiVQT164rlGNDnOc7WrwtuZ+CpgrjdrRglCrsX
|
|
r4eOf/MjSGbXEjShqg2F+C75s90/ogXAB2q0Cyv1ykbB7c3ljmwtvC8P5XKhzdA2tV5YL9
|
|
4nLkzs3yQhQzszVGBtFonAGlVqz45evYGUpGULc7YUaUb5lJ52ypstknwJGxtHVzhCoppU
|
|
Jhuki0jbsOpoCOVHoVTpmShxdW62tStFEWTffSHQKJglOGXV65nb5REuZadBBI+BGEPv1N
|
|
lxICgxDdjH1nQle6g++odOcIGx3yxYCpCPnRXpO0iTmqMBC0MB+om7fx2fJLcDMrPmBflK
|
|
nBvGLdD0yxYnUzJieKyYkRmR2U+yVdLaqKA/Tk2l6W3ZYDqtnxjMsEGjFUyhF64KdRia6R
|
|
mCM9FbLZJ/F/CboBk/l1xk+yHK50bt5r8eUTbo82Sd5IzveQ57C0bR446AlW9hQuFHquZu
|
|
wbZ+sz590wvdYXi/AfdljEKuXrHEYncXYrYLtasQ0BQHAcE/hQBHSFrkI9qVicXRlCPaXP
|
|
pqdp+YAw==
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAACNC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+UZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGPE/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7ATB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIaMk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9"
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_CA_Untrusted"
|
|
set password ENC 56v3ASfooKJDZ3qX8clmFEWBdsxxA8dj1pMnTbEOoveKc5tI4LWYXJberbnug1LWgCLB0DTVgYw1hYqeek9QnbDGOqTUATib5H2EqrGYZ05LrpgytKufdyQTrzzOHo+8DTsHt4EPtAeXFWiKePn2QqNFgv1fTJoJ7woyZGnYmk4m+LSN8r+xgtmi2IQqhUqHo4S1SFlmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCQTdPzMa
|
|
0vRUCkbWP2fbZGAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9
|
|
RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lE
|
|
ZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eU
|
|
iw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFG
|
|
Xi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mv
|
|
NVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZlAAADwMYPhQ4qitkI6G
|
|
hq4Dfuzz6gmftmbuxj565Fztt4KA8I0LZ9ySrt4LtLdmQVOcQJ2SfmnA+1DtL4c9bEOLSx
|
|
zsEg1ooHPkruFcj2eJr2flQKYbLZLAe6Xn81wIO3qIPuAT0Fpb5vm9gzX8rirXNnHbo6sy
|
|
QXikdWDawL4rlqpRaecBKzcTSatgIz1OIv3TPm4JoJrObH10a8C3JEB/Y5f+/2P3fyi/PB
|
|
FVYl8VXiiNzzZhsJgFH64H8s2oK3ktD8of3u7zAmIj1NwT4f/81QY5I5Tiq2vsWJwv3yen
|
|
pRGf+dDVt1QMuSOF7RBPY6nFe9pr4OTeamO6mQ0DTFyssEd5yp5I+Omwzge+1WJuf9ldP2
|
|
wZRLoaNWNSVS6zUFtaNTFP8PKzRnWRl46dwS8R1hBcfMEtx+84TFKtgc71tH0/xDkHVboc
|
|
KVwPGbzyO6ESjNNaXJDdF/U4KEKYGa6kCSBU+fdg+2aKzr6yEM9rB27BBaqXa6Nxgc0oTK
|
|
w9BqZe23dP3wUmdX+HWkWXcHb+LHB2Z08h/fqgV91zJ9SM9bRGf6jh+sPL6Ifjcv1ymeRs
|
|
9uAbP/qDh+cRcF0/hKByY/zqnROlEgxSxGqakDLtEVDuKmG9eK2RjEBrHrLtdQJC7AbTMu
|
|
t6HUNp/9Cpwm5TB/jDb0etscB+h15FHGlXhsnXiDzDC2eUxpOELQCXWIbh8ONlRGl1ZmW2
|
|
rAMRWlAKxKwwUaNjJOxK4bqWkAFZG+9m9jYJKi4a1vOCgGNLsubLVY8WMMEAb3abbRgWaU
|
|
WIKp6PJR4ZSZTYuh9aJ3OneEy1DB9zURTV8cgh9UrALDwGT2GdjTHzKCFL+1UivpQ/gsSY
|
|
EeMdNmsLvxUSzmWF6btw/F8iX0tjflRkkHlicHvqe031yH9AEYpaHhSTg4wpLf7l4rvZRP
|
|
2/D/qL+ME91UAdG8vxGiIW+Urd9lCYD1+y013zRKBt9miPBzzX62LX9JXUvghfXPRacUXM
|
|
WgHjUBzcvKxUYeevh64FiDlnZ1omvlDlPYsfd67pyr0BWa8UwppdCRKAUYIb/ux2q7Ae5s
|
|
0hcVtBwKEvf/YLi8jdVWEYQKQLBaMj0hMLgNcZA8YVNUySpHe8bzm7FlmeSvPQD9t6Cpie
|
|
2jorGg+aR5MODJGKXIvAoLQ/IInwUS2NgwP+/vh74Tp5ryWTUE+svsrpQo6i8qZKCisngW
|
|
tvmxChpPCh54mbqvYlKAVs4MfO9ZZRV8NqIzU2FlL2STAmjRLMA+sr9HlPbXrXD6Xqf2VS
|
|
att5Ib/Q==
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lEZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eUiw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFGXi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mvNVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZl"
|
|
set source built-in
|
|
next
|
|
end
|
|
config firewall ssh setting
|
|
set caname "g-Fortinet_SSH_CA"
|
|
set untrusted-caname "g-Fortinet_SSH_CA_Untrusted"
|
|
set hostkey-rsa2048 "g-Fortinet_SSH_RSA2048"
|
|
set hostkey-dsa1024 "g-Fortinet_SSH_DSA1024"
|
|
set hostkey-ecdsa256 "g-Fortinet_SSH_ECDSA256"
|
|
set hostkey-ecdsa384 "g-Fortinet_SSH_ECDSA384"
|
|
set hostkey-ecdsa521 "g-Fortinet_SSH_ECDSA521"
|
|
set hostkey-ed25519 "g-Fortinet_SSH_ED25519"
|
|
set host-trusted-checking enable
|
|
end
|
|
config firewall ssh host-key
|
|
end
|
|
config firewall decrypted-traffic-mirror
|
|
end
|
|
config firewall access-proxy-virtual-host
|
|
end
|
|
config firewall access-proxy-ssh-client-cert
|
|
end
|
|
config firewall access-proxy
|
|
end
|
|
config firewall access-proxy6
|
|
end
|
|
config firewall ipmacbinding setting
|
|
set bindthroughfw disable
|
|
set bindtofw disable
|
|
end
|
|
config firewall ipmacbinding table
|
|
end
|
|
config firewall profile-protocol-options
|
|
edit "default"
|
|
set comment "All default services."
|
|
set replacemsg-group ''
|
|
set oversize-log disable
|
|
set switching-protocols-log disable
|
|
config http
|
|
set ports 80
|
|
set status enable
|
|
set inspect-all disable
|
|
set proxy-after-tcp-handshake disable
|
|
unset options
|
|
set comfort-interval 10
|
|
set comfort-amount 1
|
|
set range-block disable
|
|
set strip-x-forwarded-for disable
|
|
unset post-lang
|
|
set streaming-content-bypass enable
|
|
set switching-protocols bypass
|
|
set unknown-http-version reject
|
|
set tunnel-non-http enable
|
|
set h2c disable
|
|
set unknown-content-encoding block
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set stream-based-uncompressed-limit 0
|
|
set scan-bzip2 enable
|
|
set verify-dns-for-policy-matching enable
|
|
set block-page-status-code 403
|
|
set retry-count 0
|
|
set tcp-window-type auto-tuning
|
|
set ssl-offloaded no
|
|
set address-ip-rating enable
|
|
end
|
|
config ftp
|
|
set ports 21
|
|
set status enable
|
|
set inspect-all disable
|
|
set options splice
|
|
set comfort-interval 10
|
|
set comfort-amount 1
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set stream-based-uncompressed-limit 0
|
|
set scan-bzip2 enable
|
|
set tcp-window-type auto-tuning
|
|
set ssl-offloaded no
|
|
set explicit-ftp-tls disable
|
|
end
|
|
config imap
|
|
set ports 143
|
|
set status enable
|
|
set inspect-all disable
|
|
set proxy-after-tcp-handshake disable
|
|
set options fragmail
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set scan-bzip2 enable
|
|
set ssl-offloaded no
|
|
end
|
|
config mapi
|
|
set ports 135
|
|
set status enable
|
|
set options fragmail
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set scan-bzip2 enable
|
|
end
|
|
config pop3
|
|
set ports 110
|
|
set status enable
|
|
set inspect-all disable
|
|
set proxy-after-tcp-handshake disable
|
|
set options fragmail
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set scan-bzip2 enable
|
|
set ssl-offloaded no
|
|
end
|
|
config smtp
|
|
set ports 25
|
|
set status enable
|
|
set inspect-all disable
|
|
set proxy-after-tcp-handshake disable
|
|
set options fragmail splice
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set scan-bzip2 enable
|
|
set server-busy disable
|
|
set ssl-offloaded no
|
|
end
|
|
config nntp
|
|
set ports 119
|
|
set status enable
|
|
set inspect-all disable
|
|
set proxy-after-tcp-handshake disable
|
|
set options splice
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set scan-bzip2 enable
|
|
end
|
|
config ssh
|
|
unset options
|
|
set comfort-interval 10
|
|
set comfort-amount 1
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set stream-based-uncompressed-limit 0
|
|
set scan-bzip2 enable
|
|
set tcp-window-type auto-tuning
|
|
set ssl-offloaded no
|
|
end
|
|
config dns
|
|
set ports 53
|
|
set status enable
|
|
end
|
|
config cifs
|
|
set ports 445
|
|
set status enable
|
|
unset options
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set scan-bzip2 enable
|
|
set tcp-window-type auto-tuning
|
|
set server-credential-type none
|
|
end
|
|
config mail-signature
|
|
set status disable
|
|
set signature ''
|
|
end
|
|
set rpc-over-http disable
|
|
next
|
|
end
|
|
config firewall ssl-ssh-profile
|
|
edit "certificate-inspection"
|
|
set comment "Read-only SSL handshake inspection profile."
|
|
config ssl
|
|
set inspect-all disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
end
|
|
config https
|
|
set ports 443
|
|
set status certificate-inspection
|
|
set quic inspect
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
set sni-server-cert-check enable
|
|
set cert-probe-failure block
|
|
set encrypted-client-hello block
|
|
end
|
|
config ftps
|
|
set status disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config imaps
|
|
set status disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config pop3s
|
|
set status disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config smtps
|
|
set status disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config ssh
|
|
set ports 22
|
|
set status disable
|
|
set inspect-all disable
|
|
set unsupported-version bypass
|
|
set ssh-tun-policy-check disable
|
|
set ssh-algorithm compatible
|
|
end
|
|
config dot
|
|
set status disable
|
|
set quic inspect
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
set block-blocklisted-certificates enable
|
|
set caname "Fortinet_CA_SSL"
|
|
set ssl-anomaly-log enable
|
|
set ssl-negotiation-log enable
|
|
set ssl-server-cert-log disable
|
|
set ssl-handshake-log disable
|
|
next
|
|
edit "deep-inspection"
|
|
set comment "Read-only deep inspection profile."
|
|
config ssl
|
|
set inspect-all disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
end
|
|
config https
|
|
set ports 443
|
|
set status deep-inspection
|
|
set quic inspect
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
set sni-server-cert-check enable
|
|
set cert-probe-failure block
|
|
set min-allowed-ssl-version tls-1.1
|
|
end
|
|
config ftps
|
|
set ports 990
|
|
set status deep-inspection
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
set min-allowed-ssl-version tls-1.1
|
|
end
|
|
config imaps
|
|
set ports 993
|
|
set status deep-inspection
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config pop3s
|
|
set ports 995
|
|
set status deep-inspection
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config smtps
|
|
set ports 465
|
|
set status deep-inspection
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config ssh
|
|
set ports 22
|
|
set status disable
|
|
set inspect-all disable
|
|
set unsupported-version bypass
|
|
set ssh-tun-policy-check disable
|
|
set ssh-algorithm compatible
|
|
end
|
|
config dot
|
|
set status disable
|
|
set quic inspect
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
set allowlist disable
|
|
set block-blocklisted-certificates enable
|
|
config ssl-exempt
|
|
edit 1
|
|
set type fortiguard-category
|
|
set fortiguard-category 31
|
|
next
|
|
edit 2
|
|
set type fortiguard-category
|
|
set fortiguard-category 33
|
|
next
|
|
edit 3
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-adobe"
|
|
next
|
|
edit 4
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-Adobe Login"
|
|
next
|
|
edit 5
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-android"
|
|
next
|
|
edit 6
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-apple"
|
|
next
|
|
edit 7
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-appstore"
|
|
next
|
|
edit 8
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-auth.gfx.ms"
|
|
next
|
|
edit 9
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-citrix"
|
|
next
|
|
edit 10
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-dropbox.com"
|
|
next
|
|
edit 11
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-eease"
|
|
next
|
|
edit 12
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-firefox update server"
|
|
next
|
|
edit 13
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-fortinet"
|
|
next
|
|
edit 14
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-googleapis.com"
|
|
next
|
|
edit 15
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-drive"
|
|
next
|
|
edit 16
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-play2"
|
|
next
|
|
edit 17
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-play3"
|
|
next
|
|
edit 18
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-Gotomeeting"
|
|
next
|
|
edit 19
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-icloud"
|
|
next
|
|
edit 20
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-itunes"
|
|
next
|
|
edit 21
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-microsoft"
|
|
next
|
|
edit 22
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-skype"
|
|
next
|
|
edit 23
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-softwareupdate.vmware.com"
|
|
next
|
|
edit 24
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-verisign"
|
|
next
|
|
edit 25
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-Windows update 2"
|
|
next
|
|
edit 26
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-live.com"
|
|
next
|
|
edit 27
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-play"
|
|
next
|
|
edit 28
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-update.microsoft.com"
|
|
next
|
|
edit 29
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-swscan.apple.com"
|
|
next
|
|
edit 30
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-autoupdate.opera.com"
|
|
next
|
|
edit 31
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-cdn-apple"
|
|
next
|
|
edit 32
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-mzstatic-apple"
|
|
next
|
|
end
|
|
set server-cert-mode re-sign
|
|
set caname "Fortinet_CA_SSL"
|
|
set untrusted-caname "Fortinet_CA_Untrusted"
|
|
set ssl-exemption-ip-rating enable
|
|
set ssl-exemption-log disable
|
|
set ssl-anomaly-log enable
|
|
set ssl-negotiation-log enable
|
|
set ssl-server-cert-log disable
|
|
set ssl-handshake-log disable
|
|
set rpc-over-https disable
|
|
set mapi-over-https disable
|
|
set supported-alpn all
|
|
set use-ssl-server disable
|
|
next
|
|
edit "custom-deep-inspection"
|
|
set comment "Customizable deep inspection profile."
|
|
config ssl
|
|
set inspect-all disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
end
|
|
config https
|
|
set ports 443
|
|
set status deep-inspection
|
|
set quic inspect
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
set sni-server-cert-check enable
|
|
set cert-probe-failure block
|
|
set min-allowed-ssl-version tls-1.1
|
|
end
|
|
config ftps
|
|
set ports 990
|
|
set status deep-inspection
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
set min-allowed-ssl-version tls-1.1
|
|
end
|
|
config imaps
|
|
set ports 993
|
|
set status deep-inspection
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config pop3s
|
|
set ports 995
|
|
set status deep-inspection
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config smtps
|
|
set ports 465
|
|
set status deep-inspection
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config ssh
|
|
set ports 22
|
|
set status disable
|
|
set inspect-all disable
|
|
set unsupported-version bypass
|
|
set ssh-tun-policy-check disable
|
|
set ssh-algorithm compatible
|
|
end
|
|
config dot
|
|
set status disable
|
|
set quic inspect
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
set allowlist disable
|
|
set block-blocklisted-certificates enable
|
|
config ssl-exempt
|
|
edit 1
|
|
set type fortiguard-category
|
|
set fortiguard-category 31
|
|
next
|
|
edit 2
|
|
set type fortiguard-category
|
|
set fortiguard-category 33
|
|
next
|
|
edit 3
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-adobe"
|
|
next
|
|
edit 4
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-Adobe Login"
|
|
next
|
|
edit 5
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-android"
|
|
next
|
|
edit 6
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-apple"
|
|
next
|
|
edit 7
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-appstore"
|
|
next
|
|
edit 8
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-auth.gfx.ms"
|
|
next
|
|
edit 9
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-citrix"
|
|
next
|
|
edit 10
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-dropbox.com"
|
|
next
|
|
edit 11
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-eease"
|
|
next
|
|
edit 12
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-firefox update server"
|
|
next
|
|
edit 13
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-fortinet"
|
|
next
|
|
edit 14
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-googleapis.com"
|
|
next
|
|
edit 15
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-drive"
|
|
next
|
|
edit 16
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-play2"
|
|
next
|
|
edit 17
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-play3"
|
|
next
|
|
edit 18
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-Gotomeeting"
|
|
next
|
|
edit 19
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-icloud"
|
|
next
|
|
edit 20
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-itunes"
|
|
next
|
|
edit 21
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-microsoft"
|
|
next
|
|
edit 22
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-skype"
|
|
next
|
|
edit 23
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-softwareupdate.vmware.com"
|
|
next
|
|
edit 24
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-verisign"
|
|
next
|
|
edit 25
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-Windows update 2"
|
|
next
|
|
edit 26
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-live.com"
|
|
next
|
|
edit 27
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-play"
|
|
next
|
|
edit 28
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-update.microsoft.com"
|
|
next
|
|
edit 29
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-swscan.apple.com"
|
|
next
|
|
edit 30
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-autoupdate.opera.com"
|
|
next
|
|
edit 31
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-cdn-apple"
|
|
next
|
|
edit 32
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-mzstatic-apple"
|
|
next
|
|
end
|
|
set server-cert-mode re-sign
|
|
set caname "Fortinet_CA_SSL"
|
|
set untrusted-caname "Fortinet_CA_Untrusted"
|
|
set ssl-exemption-ip-rating enable
|
|
set ssl-exemption-log disable
|
|
set ssl-anomaly-log enable
|
|
set ssl-negotiation-log enable
|
|
set ssl-server-cert-log disable
|
|
set ssl-handshake-log disable
|
|
set rpc-over-https disable
|
|
set mapi-over-https disable
|
|
set supported-alpn all
|
|
set use-ssl-server disable
|
|
next
|
|
edit "no-inspection"
|
|
set comment "Read-only profile that does no inspection."
|
|
config ssl
|
|
set inspect-all disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
end
|
|
config https
|
|
set status disable
|
|
set quic bypass
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
set sni-server-cert-check enable
|
|
end
|
|
config ftps
|
|
set status disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config imaps
|
|
set status disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config pop3s
|
|
set status disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config smtps
|
|
set status disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config ssh
|
|
set ports 22
|
|
set status disable
|
|
set inspect-all disable
|
|
set unsupported-version bypass
|
|
set ssh-tun-policy-check disable
|
|
set ssh-algorithm compatible
|
|
end
|
|
config dot
|
|
set status disable
|
|
set quic bypass
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
set block-blocklisted-certificates enable
|
|
set caname "Fortinet_CA_SSL"
|
|
set ssl-anomaly-log enable
|
|
set ssl-negotiation-log enable
|
|
set ssl-server-cert-log disable
|
|
set ssl-handshake-log disable
|
|
next
|
|
end
|
|
config waf profile
|
|
edit "default"
|
|
set external disable
|
|
set extended-log disable
|
|
config signature
|
|
config main-class 100000000
|
|
set status disable
|
|
set action block
|
|
set log enable
|
|
set severity high
|
|
end
|
|
config main-class 20000000
|
|
set status disable
|
|
set action allow
|
|
set log enable
|
|
set severity medium
|
|
end
|
|
config main-class 30000000
|
|
set status enable
|
|
set action block
|
|
set log enable
|
|
set severity high
|
|
end
|
|
config main-class 40000000
|
|
set status disable
|
|
set action allow
|
|
set log enable
|
|
set severity medium
|
|
end
|
|
config main-class 50000000
|
|
set status enable
|
|
set action block
|
|
set log enable
|
|
set severity high
|
|
end
|
|
config main-class 60000000
|
|
set status disable
|
|
set action allow
|
|
set log enable
|
|
set severity medium
|
|
end
|
|
config main-class 70000000
|
|
set status enable
|
|
set action block
|
|
set log enable
|
|
set severity high
|
|
end
|
|
config main-class 80000000
|
|
set status enable
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config main-class 110000000
|
|
set status enable
|
|
set action allow
|
|
set log enable
|
|
set severity high
|
|
end
|
|
config main-class 90000000
|
|
set status enable
|
|
set action block
|
|
set log enable
|
|
set severity high
|
|
end
|
|
set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002
|
|
set credit-card-detection-threshold 3
|
|
end
|
|
config constraint
|
|
config header-length
|
|
set status enable
|
|
set length 8192
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config content-length
|
|
set status enable
|
|
set length 67108864
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config param-length
|
|
set status enable
|
|
set length 8192
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config line-length
|
|
set status enable
|
|
set length 1024
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config url-param-length
|
|
set status enable
|
|
set length 8192
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config version
|
|
set status disable
|
|
set action allow
|
|
set log enable
|
|
set severity medium
|
|
end
|
|
config method
|
|
set status disable
|
|
set action block
|
|
set log enable
|
|
set severity medium
|
|
end
|
|
config hostname
|
|
set status disable
|
|
set action block
|
|
set log enable
|
|
set severity medium
|
|
end
|
|
config malformed
|
|
set status disable
|
|
set action allow
|
|
set log enable
|
|
set severity medium
|
|
end
|
|
config max-cookie
|
|
set status enable
|
|
set max-cookie 16
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config max-header-line
|
|
set status enable
|
|
set max-header-line 32
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config max-url-param
|
|
set status enable
|
|
set max-url-param 16
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config max-range-segment
|
|
set status enable
|
|
set max-range-segment 5
|
|
set action allow
|
|
set log enable
|
|
set severity high
|
|
end
|
|
end
|
|
config method
|
|
set status disable
|
|
set log disable
|
|
set severity medium
|
|
unset default-allowed-methods
|
|
end
|
|
config address-list
|
|
set status disable
|
|
set blocked-log disable
|
|
set severity medium
|
|
end
|
|
set comment ''
|
|
next
|
|
end
|
|
config firewall ssl-server
|
|
end
|
|
config casb saas-application
|
|
end
|
|
config casb user-activity
|
|
end
|
|
config casb profile
|
|
edit "default"
|
|
set comment ''
|
|
next
|
|
end
|
|
config firewall profile-group
|
|
end
|
|
config firewall identity-based-route
|
|
end
|
|
config firewall auth-portal
|
|
set portal-addr ''
|
|
set portal-addr6 ''
|
|
set identity-based-route ''
|
|
set proxy-auth disable
|
|
end
|
|
config firewall security-policy
|
|
end
|
|
config firewall policy
|
|
edit 1
|
|
set status enable
|
|
set name "Default"
|
|
set uuid bdf03fc8-3520-51ed-3963-cb429fce01ab
|
|
set srcintf "any"
|
|
set dstintf "any"
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "all"
|
|
set dstaddr "all"
|
|
set srcaddr6 "all"
|
|
set dstaddr6 "all"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
set service "ALL"
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set auto-asic-offload enable
|
|
set pcp-outbound disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set fec disable
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
next
|
|
end
|
|
config firewall shaping-policy
|
|
end
|
|
config firewall shaping-profile
|
|
end
|
|
config firewall local-in-policy
|
|
end
|
|
config firewall local-in-policy6
|
|
end
|
|
config firewall ttl-policy
|
|
end
|
|
config firewall dnstranslation
|
|
end
|
|
config firewall multicast-policy
|
|
end
|
|
config firewall multicast-policy6
|
|
end
|
|
config firewall interface-policy
|
|
end
|
|
config firewall interface-policy6
|
|
end
|
|
config firewall DoS-policy
|
|
end
|
|
config firewall DoS-policy6
|
|
end
|
|
config firewall sniffer
|
|
end
|
|
config firewall on-demand-sniffer
|
|
end
|
|
config firewall acl
|
|
end
|
|
config firewall acl6
|
|
end
|
|
config firewall central-snat-map
|
|
end
|
|
config firewall ip-translation
|
|
end
|
|
config authentication scheme
|
|
end
|
|
config authentication rule
|
|
end
|
|
config authentication setting
|
|
set active-auth-scheme ''
|
|
set sso-auth-scheme ''
|
|
set update-time 0000-00-00 00:00:00
|
|
set persistent-cookie enable
|
|
set ip-auth-cookie disable
|
|
set cookie-max-age 480
|
|
set cookie-refresh-div 2
|
|
set captive-portal-type fqdn
|
|
set captive-portal ''
|
|
set captive-portal6 ''
|
|
set cert-auth disable
|
|
set captive-portal-port 7830
|
|
set auth-https enable
|
|
set captive-portal-ssl-port 7831
|
|
end
|
|
config system speed-test-schedule
|
|
end
|
|
config switch-controller switch-interface-tag
|
|
end
|
|
config switch-controller 802-1X-settings
|
|
set link-down-auth set-unauth
|
|
set reauth-period 60
|
|
set max-reauth-attempt 3
|
|
set tx-period 30
|
|
set mab-reauth disable
|
|
set mac-username-delimiter hyphen
|
|
set mac-password-delimiter hyphen
|
|
set mac-calling-station-delimiter hyphen
|
|
set mac-called-station-delimiter hyphen
|
|
set mac-case lowercase
|
|
end
|
|
config switch-controller security-policy 802-1X
|
|
edit "802-1X-policy-default"
|
|
set security-mode 802.1X
|
|
set user-group "SSO_Guest_Users"
|
|
set mac-auth-bypass disable
|
|
set open-auth disable
|
|
set eap-passthru enable
|
|
set eap-auto-untagged-vlans enable
|
|
set guest-vlan disable
|
|
set guest-auth-delay 30
|
|
set auth-fail-vlan disable
|
|
set framevid-apply enable
|
|
set radius-timeout-overwrite disable
|
|
set policy-type 802.1X
|
|
set authserver-timeout-vlan disable
|
|
set dacl disable
|
|
next
|
|
end
|
|
config switch-controller security-policy local-access
|
|
edit "default"
|
|
set mgmt-allowaccess https ping ssh
|
|
set internal-allowaccess https ping ssh
|
|
next
|
|
end
|
|
config switch-controller location
|
|
end
|
|
config switch-controller lldp-settings
|
|
set tx-hold 4
|
|
set tx-interval 30
|
|
set fast-start-interval 2
|
|
set management-interface internal
|
|
set device-detection enable
|
|
end
|
|
config switch-controller lldp-profile
|
|
edit "default"
|
|
set med-tlvs inventory-management network-policy location-identification
|
|
unset 802.1-tlvs
|
|
unset 802.3-tlvs
|
|
set auto-isl disable
|
|
config med-network-policy
|
|
edit "voice"
|
|
set status disable
|
|
next
|
|
edit "voice-signaling"
|
|
set status disable
|
|
next
|
|
edit "guest-voice"
|
|
set status disable
|
|
next
|
|
edit "guest-voice-signaling"
|
|
set status disable
|
|
next
|
|
edit "softphone-voice"
|
|
set status disable
|
|
next
|
|
edit "video-conferencing"
|
|
set status disable
|
|
next
|
|
edit "streaming-video"
|
|
set status disable
|
|
next
|
|
edit "video-signaling"
|
|
set status disable
|
|
next
|
|
end
|
|
config med-location-service
|
|
edit "coordinates"
|
|
set status disable
|
|
next
|
|
edit "address-civic"
|
|
set status disable
|
|
next
|
|
edit "elin-number"
|
|
set status disable
|
|
next
|
|
end
|
|
next
|
|
edit "default-auto-isl"
|
|
unset med-tlvs
|
|
unset 802.1-tlvs
|
|
unset 802.3-tlvs
|
|
set auto-isl enable
|
|
set auto-isl-hello-timer 3
|
|
set auto-isl-receive-timeout 60
|
|
set auto-isl-port-group 0
|
|
set auto-mclag-icl disable
|
|
set auto-isl-auth legacy
|
|
next
|
|
edit "default-auto-mclag-icl"
|
|
unset med-tlvs
|
|
unset 802.1-tlvs
|
|
unset 802.3-tlvs
|
|
set auto-isl enable
|
|
set auto-isl-hello-timer 3
|
|
set auto-isl-receive-timeout 60
|
|
set auto-isl-port-group 0
|
|
set auto-mclag-icl enable
|
|
set auto-isl-auth legacy
|
|
next
|
|
end
|
|
config switch-controller qos dot1p-map
|
|
edit "voice-dot1p"
|
|
set description ''
|
|
set egress-pri-tagging disable
|
|
set priority-0 queue-4
|
|
set priority-1 queue-4
|
|
set priority-2 queue-3
|
|
set priority-3 queue-2
|
|
set priority-4 queue-3
|
|
set priority-5 queue-1
|
|
set priority-6 queue-2
|
|
set priority-7 queue-2
|
|
next
|
|
end
|
|
config switch-controller qos ip-dscp-map
|
|
edit "voice-dscp"
|
|
set description ''
|
|
config map
|
|
edit "1"
|
|
set cos-queue 1
|
|
set value 46
|
|
next
|
|
edit "2"
|
|
set cos-queue 2
|
|
set value 24,26,48,56
|
|
next
|
|
edit "5"
|
|
set cos-queue 3
|
|
set value 34
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config switch-controller qos queue-policy
|
|
edit "default"
|
|
set schedule round-robin
|
|
set rate-by kbps
|
|
config cos-queue
|
|
edit "queue-0"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-1"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-2"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-3"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-4"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-5"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-6"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-7"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
end
|
|
next
|
|
edit "voice-egress"
|
|
set schedule weighted
|
|
set rate-by kbps
|
|
config cos-queue
|
|
edit "queue-0"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-1"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 0
|
|
next
|
|
edit "queue-2"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 6
|
|
next
|
|
edit "queue-3"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 37
|
|
next
|
|
edit "queue-4"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 12
|
|
next
|
|
edit "queue-5"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-6"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-7"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config switch-controller qos qos-policy
|
|
edit "default"
|
|
set default-cos 0
|
|
set trust-dot1p-map ''
|
|
set trust-ip-dscp-map ''
|
|
set queue-policy "default"
|
|
next
|
|
edit "voice-qos"
|
|
set default-cos 0
|
|
set trust-dot1p-map "voice-dot1p"
|
|
set trust-ip-dscp-map "voice-dscp"
|
|
set queue-policy "voice-egress"
|
|
next
|
|
end
|
|
config switch-controller storm-control-policy
|
|
edit "default"
|
|
set description "default storm control on all port"
|
|
set storm-control-mode global
|
|
next
|
|
edit "auto-config"
|
|
set description "storm control policy for fortilink-isl-icl port"
|
|
set storm-control-mode disabled
|
|
next
|
|
end
|
|
config switch-controller auto-config policy
|
|
edit "pse"
|
|
set qos-policy "default"
|
|
set storm-control-policy "auto-config"
|
|
set poe-status enable
|
|
set igmp-flood-report disable
|
|
set igmp-flood-traffic disable
|
|
next
|
|
edit "default"
|
|
set qos-policy "default"
|
|
set storm-control-policy "auto-config"
|
|
set poe-status enable
|
|
set igmp-flood-report disable
|
|
set igmp-flood-traffic disable
|
|
next
|
|
edit "default-icl"
|
|
set qos-policy "default"
|
|
set storm-control-policy "auto-config"
|
|
set poe-status disable
|
|
set igmp-flood-report enable
|
|
set igmp-flood-traffic enable
|
|
next
|
|
end
|
|
config switch-controller auto-config default
|
|
set fgt-policy "default"
|
|
set isl-policy "default"
|
|
set icl-policy "default-icl"
|
|
end
|
|
config switch-controller auto-config custom
|
|
end
|
|
config switch-controller initial-config template
|
|
edit "_default"
|
|
set vlanid 1
|
|
unset allowaccess
|
|
set dhcp-server disable
|
|
next
|
|
edit "quarantine"
|
|
set vlanid 4093
|
|
unset allowaccess
|
|
set auto-ip enable
|
|
set dhcp-server enable
|
|
next
|
|
edit "rspan"
|
|
set vlanid 4092
|
|
unset allowaccess
|
|
set auto-ip enable
|
|
set dhcp-server enable
|
|
next
|
|
edit "voice"
|
|
set vlanid 4091
|
|
unset allowaccess
|
|
set dhcp-server disable
|
|
next
|
|
edit "video"
|
|
set vlanid 4090
|
|
unset allowaccess
|
|
set dhcp-server disable
|
|
next
|
|
edit "onboarding"
|
|
set vlanid 4089
|
|
unset allowaccess
|
|
set dhcp-server disable
|
|
next
|
|
edit "nac_segment"
|
|
set vlanid 4088
|
|
unset allowaccess
|
|
set auto-ip enable
|
|
set dhcp-server enable
|
|
next
|
|
end
|
|
config switch-controller initial-config vlans
|
|
set default-vlan "_default"
|
|
set quarantine "quarantine"
|
|
set rspan "rspan"
|
|
set voice "voice"
|
|
set video "video"
|
|
set nac "onboarding"
|
|
set nac-segment "nac_segment"
|
|
end
|
|
config switch-controller switch-profile
|
|
edit "default"
|
|
set login-passwd-override disable
|
|
set login enable
|
|
set revision-backup-on-logout disable
|
|
set revision-backup-on-upgrade disable
|
|
next
|
|
end
|
|
config switch-controller custom-command
|
|
end
|
|
config switch-controller virtual-port-pool
|
|
end
|
|
config switch-controller ptp profile
|
|
edit "default"
|
|
set description ''
|
|
set mode transparent-e2e
|
|
next
|
|
end
|
|
config switch-controller ptp interface-policy
|
|
edit "default"
|
|
set description ''
|
|
set vlan ''
|
|
set vlan-pri 4
|
|
next
|
|
end
|
|
config switch-controller vlan-policy
|
|
end
|
|
config switch-controller acl ingress
|
|
end
|
|
config switch-controller acl group
|
|
end
|
|
config switch-controller dynamic-port-policy
|
|
end
|
|
config switch-controller managed-switch
|
|
end
|
|
config switch-controller switch-group
|
|
end
|
|
config switch-controller stp-settings
|
|
set name ''
|
|
set revision 0
|
|
set hello-time 2
|
|
set forward-time 15
|
|
set max-age 20
|
|
set max-hops 20
|
|
end
|
|
config switch-controller stp-instance
|
|
end
|
|
config switch-controller storm-control
|
|
set rate 500
|
|
set unknown-unicast disable
|
|
set unknown-multicast disable
|
|
set broadcast disable
|
|
end
|
|
config switch-controller global
|
|
set mac-aging-interval 300
|
|
set https-image-push enable
|
|
set vlan-optimization enable
|
|
set vlan-identity name
|
|
set mac-retention-period 24
|
|
set default-virtual-switch-vlan ''
|
|
set dhcp-server-access-list disable
|
|
set dhcp-option82-format ascii
|
|
set dhcp-option82-circuit-id intfname vlan mode
|
|
set dhcp-option82-remote-id mac
|
|
set dhcp-snoop-client-req drop-untrusted
|
|
set dhcp-snoop-client-db-exp 86400
|
|
set dhcp-snoop-db-per-port-learn-limit 64
|
|
set log-mac-limit-violations disable
|
|
set sn-dns-resolution enable
|
|
set mac-event-logging disable
|
|
set bounce-quarantined-link disable
|
|
set quarantine-mode by-vlan
|
|
set update-user-device mac-cache lldp dhcp-snooping l2-db l3-db
|
|
set fips-enforce enable
|
|
set firmware-provision-on-authorization disable
|
|
set switch-on-deauth no-op
|
|
end
|
|
config switch-controller switch-log
|
|
set status enable
|
|
set severity notification
|
|
end
|
|
config switch-controller igmp-snooping
|
|
set aging-time 300
|
|
set flood-unknown-multicast disable
|
|
set query-interval 125
|
|
end
|
|
config switch-controller sflow
|
|
set collector-ip 0.0.0.0
|
|
set collector-port 6343
|
|
end
|
|
config switch-controller network-monitor-settings
|
|
set network-monitoring disable
|
|
end
|
|
config switch-controller flow-tracking
|
|
set sample-mode perimeter
|
|
set sample-rate 512
|
|
set format netflow9
|
|
set level ip
|
|
set max-export-pkt-size 512
|
|
set template-export-period 5
|
|
set timeout-general 3600
|
|
set timeout-icmp 300
|
|
set timeout-max 604800
|
|
set timeout-tcp 3600
|
|
set timeout-tcp-fin 300
|
|
set timeout-tcp-rst 120
|
|
set timeout-udp 300
|
|
end
|
|
config switch-controller snmp-sysinfo
|
|
set status disable
|
|
set engine-id ''
|
|
set description ''
|
|
set contact-info ''
|
|
set location ''
|
|
end
|
|
config switch-controller snmp-trap-threshold
|
|
set trap-high-cpu-threshold 80
|
|
set trap-low-memory-threshold 80
|
|
set trap-log-full-threshold 90
|
|
end
|
|
config switch-controller snmp-community
|
|
end
|
|
config switch-controller snmp-user
|
|
end
|
|
config switch-controller traffic-sniffer
|
|
set mode erspan-auto
|
|
set erspan-ip 0.0.0.0
|
|
end
|
|
config switch-controller remote-log
|
|
edit "syslogd"
|
|
set status disable
|
|
next
|
|
edit "syslogd2"
|
|
set status disable
|
|
next
|
|
end
|
|
config switch-controller mac-policy
|
|
end
|
|
config wireless-controller setting
|
|
set account-id ''
|
|
set country US
|
|
set duplicate-ssid disable
|
|
set fapc-compatibility disable
|
|
set wfa-compatibility disable
|
|
set phishing-ssid-detect enable
|
|
set fake-ssid-action log
|
|
set device-weight 1
|
|
set device-holdoff 5
|
|
set device-idle 1440
|
|
set firmware-provision-on-authorization disable
|
|
set rolling-wtp-upgrade disable
|
|
set darrp-optimize 86400
|
|
set darrp-optimize-schedules "default-darrp-optimize"
|
|
end
|
|
config wireless-controller log
|
|
set status enable
|
|
set addrgrp-log notification
|
|
set ble-log notification
|
|
set clb-log notification
|
|
set dhcp-starv-log notification
|
|
set led-sched-log notification
|
|
set radio-event-log notification
|
|
set rogue-event-log notification
|
|
set sta-event-log notification
|
|
set sta-locate-log notification
|
|
set wids-log notification
|
|
set wtp-event-log notification
|
|
set wtp-fips-event-log notification
|
|
end
|
|
config wireless-controller apcfg-profile
|
|
end
|
|
config wireless-controller bonjour-profile
|
|
end
|
|
config wireless-controller arrp-profile
|
|
edit "arrp-default"
|
|
set comment ''
|
|
set selection-period 3600
|
|
set monitor-period 300
|
|
set weight-managed-ap 50
|
|
set weight-rogue-ap 10
|
|
set weight-noise-floor 40
|
|
set weight-channel-load 20
|
|
set weight-spectral-rssi 40
|
|
set weight-weather-channel 0
|
|
set weight-dfs-channel 0
|
|
set threshold-ap 250
|
|
set threshold-noise-floor "-85"
|
|
set threshold-channel-load 60
|
|
set threshold-spectral-rssi "-65"
|
|
set threshold-tx-retries 300
|
|
set threshold-rx-errors 50
|
|
set include-weather-channel enable
|
|
set include-dfs-channel enable
|
|
set override-darrp-optimize disable
|
|
next
|
|
end
|
|
config wireless-controller region
|
|
end
|
|
config wireless-controller vap-group
|
|
end
|
|
config wireless-controller wids-profile
|
|
edit "default"
|
|
set comment "Default WIDS profile."
|
|
set sensor-mode disable
|
|
set ap-scan enable
|
|
set ap-bgscan-period 600
|
|
set ap-bgscan-intv 1
|
|
set ap-bgscan-duration 20
|
|
set ap-bgscan-idle 0
|
|
set ap-bgscan-report-intv 30
|
|
set ap-fgscan-report-intv 15
|
|
set ap-scan-passive disable
|
|
set ap-scan-threshold "-90"
|
|
set wireless-bridge enable
|
|
set deauth-broadcast enable
|
|
set null-ssid-probe-resp enable
|
|
set long-duration-attack enable
|
|
set long-duration-thresh 8200
|
|
set invalid-mac-oui enable
|
|
set weak-wep-iv enable
|
|
set auth-frame-flood enable
|
|
set auth-flood-time 10
|
|
set auth-flood-thresh 30
|
|
set assoc-frame-flood enable
|
|
set assoc-flood-time 10
|
|
set assoc-flood-thresh 30
|
|
set spoofed-deauth enable
|
|
set asleap-attack enable
|
|
set eapol-start-flood enable
|
|
set eapol-start-thresh 10
|
|
set eapol-start-intv 1
|
|
set eapol-logoff-flood enable
|
|
set eapol-logoff-thresh 10
|
|
set eapol-logoff-intv 1
|
|
set eapol-succ-flood enable
|
|
set eapol-succ-thresh 10
|
|
set eapol-succ-intv 1
|
|
set eapol-fail-flood enable
|
|
set eapol-fail-thresh 10
|
|
set eapol-fail-intv 1
|
|
set eapol-pre-succ-flood enable
|
|
set eapol-pre-succ-thresh 10
|
|
set eapol-pre-succ-intv 1
|
|
set eapol-pre-fail-flood enable
|
|
set eapol-pre-fail-thresh 10
|
|
set eapol-pre-fail-intv 1
|
|
set deauth-unknown-src-thresh 10
|
|
next
|
|
edit "default-wids-apscan-enabled"
|
|
set comment ''
|
|
set sensor-mode disable
|
|
set ap-scan enable
|
|
set ap-bgscan-period 600
|
|
set ap-bgscan-intv 1
|
|
set ap-bgscan-duration 20
|
|
set ap-bgscan-idle 0
|
|
set ap-bgscan-report-intv 30
|
|
set ap-fgscan-report-intv 15
|
|
set ap-scan-passive disable
|
|
set ap-scan-threshold "-90"
|
|
set wireless-bridge disable
|
|
set deauth-broadcast disable
|
|
set null-ssid-probe-resp disable
|
|
set long-duration-attack disable
|
|
set long-duration-thresh 8200
|
|
set invalid-mac-oui disable
|
|
set weak-wep-iv disable
|
|
set auth-frame-flood disable
|
|
set assoc-frame-flood disable
|
|
set spoofed-deauth disable
|
|
set asleap-attack disable
|
|
set eapol-start-flood disable
|
|
set eapol-logoff-flood disable
|
|
set eapol-succ-flood disable
|
|
set eapol-fail-flood disable
|
|
set eapol-pre-succ-flood disable
|
|
set eapol-pre-fail-flood disable
|
|
set deauth-unknown-src-thresh 10
|
|
next
|
|
end
|
|
config wireless-controller ble-profile
|
|
edit "fortiap-discovery"
|
|
set comment ''
|
|
set advertising ibeacon eddystone-uid eddystone-url
|
|
set ibeacon-uuid "wtp-uuid"
|
|
set major-id 1000
|
|
set minor-id 2000
|
|
set eddystone-namespace "0102030405"
|
|
set eddystone-instance "abcdef"
|
|
set eddystone-url "http://www.fortinet.com"
|
|
set txpower 0
|
|
set beacon-interval 100
|
|
set ble-scanning disable
|
|
set scan-type active
|
|
set scan-threshold "-90"
|
|
next
|
|
end
|
|
config wireless-controller syslog-profile
|
|
end
|
|
config wireless-controller wtp-profile
|
|
end
|
|
config wireless-controller wtp
|
|
end
|
|
config wireless-controller wtp-group
|
|
end
|
|
config wireless-controller qos-profile
|
|
end
|
|
config wireless-controller wag-profile
|
|
end
|
|
config wireless-controller snmp
|
|
set engine-id ''
|
|
set contact-info ''
|
|
set trap-high-cpu-threshold 80
|
|
set trap-high-mem-threshold 80
|
|
end
|
|
config wireless-controller mpsk-profile
|
|
end
|
|
config wireless-controller nac-profile
|
|
end
|
|
config wireless-controller ssid-policy
|
|
end
|
|
config wireless-controller access-control-list
|
|
end
|
|
config wireless-controller ap-status
|
|
end
|
|
config user nac-policy
|
|
end
|
|
config extension-controller dataplan
|
|
end
|
|
config extension-controller extender-vap
|
|
end
|
|
config extension-controller extender-profile
|
|
end
|
|
config extension-controller extender
|
|
end
|
|
config extension-controller fortigate-profile
|
|
end
|
|
config extension-controller fortigate
|
|
end
|
|
config system ips
|
|
set signature-hold-time 0h
|
|
end
|
|
config endpoint-control settings
|
|
set override disable
|
|
end
|
|
config ips custom
|
|
end
|
|
config ips settings
|
|
set packet-log-history 1
|
|
set packet-log-post-attack 0
|
|
set ips-packet-quota 0
|
|
end
|
|
config alertemail setting
|
|
set username ''
|
|
set mailto1 ''
|
|
set mailto2 ''
|
|
set mailto3 ''
|
|
set filter-mode category
|
|
set email-interval 5
|
|
set IPS-logs disable
|
|
set firewall-authentication-failure-logs disable
|
|
set IPsec-errors-logs disable
|
|
set PPP-errors-logs disable
|
|
set sslvpn-authentication-errors-logs disable
|
|
set antivirus-logs disable
|
|
set webfilter-logs disable
|
|
set configuration-changes-logs disable
|
|
set violation-traffic-logs disable
|
|
set admin-login-logs disable
|
|
set log-disk-usage-warning disable
|
|
set FSSO-disconnect-logs disable
|
|
set ssh-logs disable
|
|
set local-disk-usage 75
|
|
end
|
|
config router access-list
|
|
end
|
|
config router access-list6
|
|
end
|
|
config router aspath-list
|
|
end
|
|
config router prefix-list
|
|
end
|
|
config router prefix-list6
|
|
end
|
|
config router key-chain
|
|
end
|
|
config router community-list
|
|
end
|
|
config router extcommunity-list
|
|
end
|
|
config router route-map
|
|
end
|
|
config router rip
|
|
set default-information-originate disable
|
|
set default-metric 1
|
|
set max-out-metric 0
|
|
config redistribute "connected"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "static"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "ospf"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "bgp"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "isis"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
set update-timer 30
|
|
set timeout-timer 180
|
|
set garbage-timer 120
|
|
set version 2
|
|
end
|
|
config router ripng
|
|
set default-information-originate disable
|
|
set default-metric 1
|
|
set max-out-metric 0
|
|
config redistribute "connected"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "static"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "ospf"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "bgp"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "isis"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
set update-timer 30
|
|
set timeout-timer 180
|
|
set garbage-timer 120
|
|
end
|
|
config router static
|
|
end
|
|
config router policy
|
|
end
|
|
config router policy6
|
|
end
|
|
config router static6
|
|
end
|
|
config router ospf
|
|
set abr-type standard
|
|
set auto-cost-ref-bandwidth 1000
|
|
set distance-external 110
|
|
set distance-inter-area 110
|
|
set distance-intra-area 110
|
|
set database-overflow disable
|
|
set database-overflow-max-lsas 10000
|
|
set database-overflow-time-to-recover 300
|
|
set default-information-originate disable
|
|
set default-information-metric 10
|
|
set default-information-metric-type 2
|
|
set default-information-route-map ''
|
|
set default-metric 10
|
|
set distance 110
|
|
set rfc1583-compatible disable
|
|
set router-id 0.0.0.0
|
|
set spf-timers 5 10
|
|
set bfd disable
|
|
set log-neighbour-changes enable
|
|
set distribute-list-in ''
|
|
set distribute-route-map-in ''
|
|
set restart-mode none
|
|
config redistribute "connected"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
set tag 0
|
|
end
|
|
config redistribute "static"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
set tag 0
|
|
end
|
|
config redistribute "rip"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
set tag 0
|
|
end
|
|
config redistribute "bgp"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
set tag 0
|
|
end
|
|
config redistribute "isis"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
set tag 0
|
|
end
|
|
end
|
|
config router ospf6
|
|
set abr-type standard
|
|
set auto-cost-ref-bandwidth 1000
|
|
set default-information-originate disable
|
|
set log-neighbour-changes enable
|
|
set default-information-metric 10
|
|
set default-information-metric-type 2
|
|
set default-information-route-map ''
|
|
set default-metric 10
|
|
set router-id 0.0.0.0
|
|
set spf-timers 5 10
|
|
set bfd disable
|
|
set restart-mode none
|
|
config redistribute "connected"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
end
|
|
config redistribute "static"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
end
|
|
config redistribute "rip"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
end
|
|
config redistribute "bgp"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
end
|
|
config redistribute "isis"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
end
|
|
end
|
|
config router bgp
|
|
unset as
|
|
set keepalive-timer 60
|
|
set holdtime-timer 180
|
|
set always-compare-med disable
|
|
set bestpath-as-path-ignore disable
|
|
set bestpath-cmp-confed-aspath disable
|
|
set bestpath-cmp-routerid disable
|
|
set bestpath-med-confed disable
|
|
set bestpath-med-missing-as-worst disable
|
|
set client-to-client-reflection enable
|
|
set dampening disable
|
|
set deterministic-med disable
|
|
set ebgp-multipath disable
|
|
set ibgp-multipath disable
|
|
set enforce-first-as enable
|
|
set fast-external-failover enable
|
|
set log-neighbour-changes enable
|
|
set network-import-check enable
|
|
set ignore-optional-capability enable
|
|
set multipath-recursive-distance disable
|
|
set recursive-next-hop disable
|
|
set recursive-inherit-priority disable
|
|
set tag-resolve-mode disable
|
|
set cluster-id 0.0.0.0
|
|
set confederation-identifier 0
|
|
set default-local-preference 100
|
|
set scan-time 60
|
|
set distance-external 20
|
|
set distance-internal 200
|
|
set distance-local 200
|
|
set synchronization disable
|
|
set graceful-restart disable
|
|
set cross-family-conditional-adv disable
|
|
config redistribute "connected"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute "rip"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute "ospf"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute "static"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute "isis"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute6 "connected"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute6 "rip"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute6 "ospf"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute6 "static"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute6 "isis"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
end
|
|
config router isis
|
|
set is-type level-1-2
|
|
set adv-passive-only disable
|
|
set adv-passive-only6 disable
|
|
set auth-mode-l1 password
|
|
set auth-mode-l2 password
|
|
set auth-password-l1 ENC PFvyes3e/Bg3y24endAx6iS1dnBd1Icc2hCXyF86S2tLEvEt6fYxqiU8m8PVCG4HbH+xDynAQsO6X6Ko5/zJBlpn5k7Al9M21wR9OWxhKImdvEzL9D5dK3GR4JkIDFVTz4dNbEPCV99IgVaXjwK5lLuPVCFjKvBd1rW2ilAq1ipbCITzCs13XEotIAHvO3D7sU14oVlmMjY3dkVA
|
|
set auth-password-l2 ENC yBrg+MCm7vlUJzH+dHW+Z9x575VneOswYRYSTYKnRNcor0u1y2lFXl2+WoYvDIEaJj0aayIoV29TXp1pWhpS16REffLli9wofGpb++BfKv8cUbpcvgbT9+z0VkT2npIyaXTX7EmyNq5tYh7LDjagF6bVMEoMCEavSUFvROxarZ2DFA4nVouW4PwY8iAl03+rk7mSMVlmMjY3dkVA
|
|
set auth-sendonly-l1 disable
|
|
set auth-sendonly-l2 disable
|
|
set ignore-lsp-errors disable
|
|
set lsp-gen-interval-l1 30
|
|
set lsp-gen-interval-l2 30
|
|
set lsp-refresh-interval 900
|
|
set max-lsp-lifetime 1200
|
|
set spf-interval-exp-l1 500 50000
|
|
set spf-interval-exp-l2 500 50000
|
|
set dynamic-hostname disable
|
|
set adjacency-check disable
|
|
set adjacency-check6 disable
|
|
set overload-bit disable
|
|
unset overload-bit-suppress
|
|
set overload-bit-on-startup 0
|
|
set default-originate disable
|
|
set default-originate6 disable
|
|
set metric-style narrow
|
|
set redistribute-l1 disable
|
|
set redistribute-l2 disable
|
|
set redistribute6-l1 disable
|
|
set redistribute6-l2 disable
|
|
config redistribute "connected"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute "rip"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute "ospf"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute "bgp"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute "static"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute6 "connected"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute6 "rip"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute6 "ospf"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute6 "bgp"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute6 "static"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
end
|
|
config router multicast-flow
|
|
end
|
|
config router multicast
|
|
set route-limit 2147483647
|
|
set multicast-routing disable
|
|
config pim-sm-global
|
|
set message-interval 60
|
|
set join-prune-holdtime 210
|
|
set accept-register-list ''
|
|
set accept-source-list ''
|
|
set bsr-candidate disable
|
|
set bsr-allow-quick-refresh disable
|
|
set cisco-register-checksum disable
|
|
set cisco-crp-prefix disable
|
|
set cisco-ignore-rp-set-priority disable
|
|
set register-rp-reachability enable
|
|
set register-source disable
|
|
set register-supression 60
|
|
set null-register-retries 1
|
|
set rp-register-keepalive 185
|
|
set spt-threshold enable
|
|
set ssm disable
|
|
set register-rate-limit 0
|
|
set pim-use-sdwan disable
|
|
set spt-threshold-group ''
|
|
end
|
|
end
|
|
config router multicast6
|
|
set multicast-routing disable
|
|
config pim-sm-global
|
|
end
|
|
end
|
|
config router auth-path
|
|
end
|
|
config router setting
|
|
set show-filter ''
|
|
set hostname ''
|
|
end
|
|
config router bfd
|
|
end
|
|
config router bfd6
|
|
end
|
|
config system proxy-arp
|
|
end
|
|
config system link-monitor
|
|
end
|
|
config system wccp
|
|
end
|
|
config system dns64
|
|
set status disable
|
|
set dns64-prefix 64:ff9b::/96
|
|
set always-synthesize-aaaa-record enable
|
|
end
|
|
config system nd-proxy
|
|
set status disable
|
|
end
|
|
config system vne-tunnel
|
|
set status disable
|
|
end
|
|
end
|
|
|
|
config vdom
|
|
edit TEST
|
|
config wireless-controller hotspot20 anqp-venue-name
|
|
end
|
|
config wireless-controller hotspot20 anqp-venue-url
|
|
end
|
|
config wireless-controller hotspot20 anqp-network-auth-type
|
|
end
|
|
config wireless-controller hotspot20 anqp-roaming-consortium
|
|
end
|
|
config wireless-controller hotspot20 anqp-nai-realm
|
|
end
|
|
config wireless-controller hotspot20 anqp-3gpp-cellular
|
|
end
|
|
config wireless-controller hotspot20 anqp-ip-address-type
|
|
end
|
|
config wireless-controller hotspot20 h2qp-operator-name
|
|
end
|
|
config wireless-controller hotspot20 h2qp-wan-metric
|
|
end
|
|
config wireless-controller hotspot20 h2qp-conn-capability
|
|
end
|
|
config wireless-controller hotspot20 icon
|
|
end
|
|
config wireless-controller hotspot20 h2qp-osu-provider
|
|
end
|
|
config wireless-controller hotspot20 qos-map
|
|
end
|
|
config wireless-controller hotspot20 h2qp-advice-of-charge
|
|
end
|
|
config wireless-controller hotspot20 h2qp-osu-provider-nai
|
|
end
|
|
config wireless-controller hotspot20 h2qp-terms-and-conditions
|
|
end
|
|
config wireless-controller hotspot20 hs-profile
|
|
end
|
|
config wireless-controller vap
|
|
end
|
|
config system object-tagging
|
|
edit "default"
|
|
set address optional
|
|
set device optional
|
|
set interface optional
|
|
set multiple enable
|
|
set color 0
|
|
next
|
|
end
|
|
config switch-controller traffic-policy
|
|
edit "quarantine"
|
|
set description "Rate control for quarantined traffic"
|
|
set policer-status enable
|
|
set guaranteed-bandwidth 163840
|
|
set guaranteed-burst 8192
|
|
set maximum-burst 163840
|
|
set cos-queue 0
|
|
next
|
|
edit "sniffer"
|
|
set description "Rate control for sniffer mirrored traffic"
|
|
set policer-status enable
|
|
set guaranteed-bandwidth 50000
|
|
set guaranteed-burst 8192
|
|
set maximum-burst 163840
|
|
set cos-queue 0
|
|
next
|
|
end
|
|
config switch-controller fortilink-settings
|
|
end
|
|
config system stp
|
|
set switch-priority 32768
|
|
set hello-time 2
|
|
set forward-delay 15
|
|
set max-age 20
|
|
set max-hops 20
|
|
end
|
|
config system settings
|
|
set comments ''
|
|
set vdom-type traffic
|
|
set opmode nat
|
|
set policy-offload-level disable
|
|
set ngfw-mode profile-based
|
|
set http-external-dest fortiweb
|
|
set firewall-session-dirty check-all
|
|
set bfd disable
|
|
set utf8-spam-tagging enable
|
|
set wccp-cache-engine disable
|
|
set vpn-stats-log ipsec pptp l2tp ssl
|
|
set vpn-stats-period 600
|
|
set v4-ecmp-mode source-ip-based
|
|
set fw-session-hairpin disable
|
|
set prp-trailer-action disable
|
|
set snat-hairpin-traffic enable
|
|
set dhcp-proxy disable
|
|
set central-nat disable
|
|
set lldp-reception global
|
|
set lldp-transmission global
|
|
set link-down-access enable
|
|
set nat46-generate-ipv6-fragment-header disable
|
|
set nat46-force-ipv4-packet-forwarding disable
|
|
set nat64-force-ipv6-packet-forwarding enable
|
|
set detect-unknown-esp enable
|
|
set intree-ses-best-route disable
|
|
set auxiliary-session disable
|
|
set asymroute disable
|
|
set asymroute-icmp disable
|
|
set tcp-session-without-syn disable
|
|
set ses-denied-traffic disable
|
|
set ses-denied-multicast-traffic disable
|
|
set strict-src-check disable
|
|
set allow-linkdown-path disable
|
|
set asymroute6 disable
|
|
set asymroute6-icmp disable
|
|
set sctp-session-without-init disable
|
|
set sip-expectation disable
|
|
set sip-nat-trace enable
|
|
set h323-direct-model enable
|
|
set status enable
|
|
set sip-tcp-port 5060
|
|
set sip-udp-port 5060
|
|
set sip-ssl-port 5061
|
|
set sccp-port 2000
|
|
set multicast-forward enable
|
|
set multicast-ttl-notchange disable
|
|
set allow-subnet-overlap disable
|
|
set deny-tcp-with-icmp disable
|
|
set ecmp-max-paths 255
|
|
set discovered-device-timeout 28
|
|
set email-portal-check-dns enable
|
|
set default-voip-alg-mode proxy-based
|
|
set gui-proxy-inspection enable
|
|
set gui-icap disable
|
|
set gui-implicit-policy enable
|
|
set gui-dns-database disable
|
|
set gui-load-balance disable
|
|
set gui-multicast-policy disable
|
|
set gui-dos-policy enable
|
|
set gui-object-colors enable
|
|
set gui-route-tag-address-creation disable
|
|
set gui-voip-profile disable
|
|
set gui-ap-profile enable
|
|
set gui-security-profile-group disable
|
|
set gui-local-in-policy disable
|
|
set gui-wanopt-cache disable
|
|
set gui-explicit-proxy disable
|
|
set gui-dynamic-routing enable
|
|
set gui-policy-based-ipsec disable
|
|
set gui-threat-weight enable
|
|
set gui-spamfilter disable
|
|
set gui-file-filter disable
|
|
set gui-application-control enable
|
|
set gui-ips enable
|
|
set gui-dhcp-advanced enable
|
|
set gui-vpn enable
|
|
set gui-sslvpn disable
|
|
set gui-wireless-controller enable
|
|
set gui-advanced-wireless-features disable
|
|
set gui-switch-controller enable
|
|
set gui-fortiap-split-tunneling disable
|
|
set gui-webfilter-advanced disable
|
|
set gui-traffic-shaping enable
|
|
set gui-wan-load-balancing enable
|
|
set gui-antivirus enable
|
|
set gui-webfilter enable
|
|
set gui-videofilter enable
|
|
set gui-dnsfilter enable
|
|
set gui-waf-profile disable
|
|
set gui-dlp-profile disable
|
|
set gui-virtual-patch-profile disable
|
|
set gui-casb disable
|
|
set gui-fortiextender-controller disable
|
|
set gui-advanced-policy enable
|
|
set gui-allow-unnamed-policy disable
|
|
set gui-email-collection disable
|
|
set gui-multiple-interface-policy disable
|
|
set gui-policy-disclaimer disable
|
|
set gui-ztna enable
|
|
set gui-ot disable
|
|
set gui-dynamic-device-os-id disable
|
|
set location-id 0.0.0.0
|
|
set ike-session-resume disable
|
|
set ike-quick-crash-detect disable
|
|
set ike-dn-format with-space
|
|
set ike-port 500
|
|
set ike-tcp-port 4500
|
|
set ike-policy-route disable
|
|
set block-land-attack disable
|
|
set application-bandwidth-tracking disable
|
|
set fqdn-session-check disable
|
|
set ext-resource-session-check disable
|
|
set dyn-addr-session-check disable
|
|
set default-policy-expiry-days 30
|
|
set gui-enforce-change-summary require
|
|
set internet-service-database-cache disable
|
|
set internet-service-app-ctrl-size 32768
|
|
end
|
|
config system sit-tunnel
|
|
end
|
|
config system arp-table
|
|
end
|
|
config system ipv6-neighbor-cache
|
|
end
|
|
config system vdom-sflow
|
|
set vdom-sflow disable
|
|
end
|
|
config system vdom-netflow
|
|
set vdom-netflow disable
|
|
end
|
|
config system vdom-dns
|
|
set vdom-dns disable
|
|
set alt-primary 0.0.0.0
|
|
set alt-secondary 0.0.0.0
|
|
end
|
|
config system replacemsg-group
|
|
edit "default"
|
|
set comment "Default replacement message group."
|
|
set group-type default
|
|
next
|
|
end
|
|
config system session-ttl
|
|
set default 3600
|
|
end
|
|
config system dhcp server
|
|
end
|
|
config system dhcp6 server
|
|
end
|
|
config system zone
|
|
edit "Outside_Zone"
|
|
set description ''
|
|
set intrazone deny
|
|
set interface "port10"
|
|
next
|
|
edit "Inside_Zone"
|
|
set description ''
|
|
set intrazone deny
|
|
set interface "port9"
|
|
next
|
|
end
|
|
config firewall address
|
|
edit "EMS_ALL_UNKNOWN_CLIENTS"
|
|
set uuid 4be9e716-c0f6-51f0-b3d5-f72c9ff867b4
|
|
set type dynamic
|
|
set sub-type ems-tag
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set obj-tag ''
|
|
set obj-type ip
|
|
set tag-detection-level ''
|
|
set tag-type ''
|
|
next
|
|
edit "EMS_ALL_UNMANAGEABLE_CLIENTS"
|
|
set uuid 4be9d096-c0f6-51f0-f066-1fd7f6c53bf9
|
|
set type dynamic
|
|
set sub-type ems-tag
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set obj-tag ''
|
|
set obj-type ip
|
|
set tag-detection-level ''
|
|
set tag-type ''
|
|
next
|
|
edit "none"
|
|
set uuid 80cf53a0-9fba-51ec-9be6-b74007eabe43
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 0.0.0.0 255.255.255.255
|
|
next
|
|
edit "login.microsoftonline.com"
|
|
set uuid 80cf6016-9fba-51ec-be0c-028d48d0faf8
|
|
set type fqdn
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set fqdn "login.microsoftonline.com"
|
|
set cache-ttl 0
|
|
next
|
|
edit "login.microsoft.com"
|
|
set uuid 80cf6c32-9fba-51ec-c480-ffee0ab26f94
|
|
set type fqdn
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set fqdn "login.microsoft.com"
|
|
set cache-ttl 0
|
|
next
|
|
edit "login.windows.net"
|
|
set uuid 80cf7880-9fba-51ec-1117-fb27513a173a
|
|
set type fqdn
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set fqdn "login.windows.net"
|
|
set cache-ttl 0
|
|
next
|
|
edit "gmail.com"
|
|
set uuid 80cf8424-9fba-51ec-5659-65d02fd5bf5c
|
|
set type fqdn
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set fqdn "gmail.com"
|
|
set cache-ttl 0
|
|
next
|
|
edit "wildcard.google.com"
|
|
set uuid 80cf8fd2-9fba-51ec-7b0c-cc55cf764b96
|
|
set type fqdn
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set fqdn "*.google.com"
|
|
set cache-ttl 0
|
|
next
|
|
edit "wildcard.dropbox.com"
|
|
set uuid 80cf9b8a-9fba-51ec-0acd-a8852f2c1f4a
|
|
set type fqdn
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set fqdn "*.dropbox.com"
|
|
set cache-ttl 0
|
|
next
|
|
edit "SSLVPN_TUNNEL_ADDR1"
|
|
set uuid 80d94054-9fba-51ec-e630-3567fd1becb8
|
|
set type iprange
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set start-ip 10.212.134.200
|
|
set end-ip 10.212.134.210
|
|
next
|
|
edit "all"
|
|
set uuid 80d998e2-9fba-51ec-6ae4-b09445ed7230
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 0.0.0.0 0.0.0.0
|
|
next
|
|
edit "FIREWALL_AUTH_PORTAL_ADDRESS"
|
|
set uuid 80d99aea-9fba-51ec-6fe2-a17b98274b3e
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 0.0.0.0 0.0.0.0
|
|
next
|
|
edit "FABRIC_DEVICE"
|
|
set uuid 80d99cb6-9fba-51ec-e62e-b841424fa8c0
|
|
set type ipmask
|
|
set comment "IPv4 addresses of Fabric Devices."
|
|
set associated-interface ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set subnet 0.0.0.0 0.0.0.0
|
|
next
|
|
edit "FCTEMS_ALL_FORTICLOUD_SERVERS"
|
|
set uuid c0ae3c9c-9fbb-51ec-1447-18c5c1fef0f3
|
|
set type dynamic
|
|
set sub-type ems-tag
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set obj-tag ''
|
|
set obj-type ip
|
|
set tag-detection-level ''
|
|
set tag-type ''
|
|
next
|
|
edit "10.0.0.0_8"
|
|
set uuid 2e3d8790-9fbc-51ec-8bca-5e95c580ea36
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.0.0.0 255.0.0.0
|
|
next
|
|
edit "192.168.0.0_16"
|
|
set uuid 491395a0-9fbc-51ec-1275-3414c9a13da4
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 192.168.0.0 255.255.0.0
|
|
next
|
|
edit "172.16.0.0_12"
|
|
set uuid 58888298-9fbc-51ec-cca9-312f8a493e61
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 172.16.0.0 255.240.0.0
|
|
next
|
|
edit "Russia"
|
|
set uuid 96cea918-9fbe-51ec-e0d6-53c4a1fba7cc
|
|
set type geography
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 6
|
|
set fabric-object disable
|
|
set country "RU"
|
|
next
|
|
edit "China"
|
|
set uuid 7c30cee6-9fbf-51ec-5d85-a2ce4f48568b
|
|
set type geography
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 6
|
|
set fabric-object disable
|
|
set country "CN"
|
|
next
|
|
edit "Belarus"
|
|
set uuid 8fbf28b8-9fbf-51ec-69ef-572fc83693f8
|
|
set type geography
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 6
|
|
set fabric-object disable
|
|
set country "BY"
|
|
next
|
|
end
|
|
config firewall multicast-address
|
|
edit "all_hosts"
|
|
set type multicastrange
|
|
set start-ip 224.0.0.1
|
|
set end-ip 224.0.0.1
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
next
|
|
edit "all_routers"
|
|
set type multicastrange
|
|
set start-ip 224.0.0.2
|
|
set end-ip 224.0.0.2
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
next
|
|
edit "Bonjour"
|
|
set type multicastrange
|
|
set start-ip 224.0.0.251
|
|
set end-ip 224.0.0.251
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
next
|
|
edit "EIGRP"
|
|
set type multicastrange
|
|
set start-ip 224.0.0.10
|
|
set end-ip 224.0.0.10
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
next
|
|
edit "OSPF"
|
|
set type multicastrange
|
|
set start-ip 224.0.0.5
|
|
set end-ip 224.0.0.6
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
next
|
|
edit "all"
|
|
set type multicastrange
|
|
set start-ip 224.0.0.0
|
|
set end-ip 239.255.255.255
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
next
|
|
end
|
|
config firewall address6-template
|
|
end
|
|
config firewall address6
|
|
edit "all"
|
|
set uuid 80cfe3c4-9fba-51ec-b885-7ad5ae0f228a
|
|
set type ipprefix
|
|
set ip6 ::/0
|
|
set color 0
|
|
set comment ''
|
|
set fabric-object disable
|
|
next
|
|
edit "none"
|
|
set uuid 80cfec3e-9fba-51ec-3afe-9da1db0408ee
|
|
set type ipprefix
|
|
set ip6 ::/128
|
|
set color 0
|
|
set comment ''
|
|
set fabric-object disable
|
|
next
|
|
edit "SSLVPN_TUNNEL_IPv6_ADDR1"
|
|
set uuid 80d9441e-9fba-51ec-fb53-0cb27c846ccb
|
|
set type ipprefix
|
|
set ip6 fdff:ffff::/120
|
|
set color 0
|
|
set comment ''
|
|
set fabric-object disable
|
|
next
|
|
end
|
|
config firewall multicast-address6
|
|
edit "all"
|
|
set ip6 ff00::/8
|
|
set comment ''
|
|
set color 0
|
|
next
|
|
end
|
|
config system ipv6-tunnel
|
|
end
|
|
config firewall addrgrp
|
|
edit "G Suite"
|
|
set type default
|
|
set category default
|
|
set uuid 80cfa97c-9fba-51ec-cb88-5fc589094707
|
|
set member "gmail.com" "wildcard.google.com"
|
|
set comment ''
|
|
set exclude disable
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "Microsoft Office 365"
|
|
set type default
|
|
set category default
|
|
set uuid 80cfc24a-9fba-51ec-53bc-6a6c3d6964c6
|
|
set member "login.microsoftonline.com" "login.microsoft.com" "login.windows.net"
|
|
set comment ''
|
|
set exclude disable
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "IPv4-Private-All-RFC1918"
|
|
set type default
|
|
set category default
|
|
set uuid 87bcd064-9fbc-51ec-c912-c07ba5dfb345
|
|
set member "10.0.0.0_8" "172.16.0.0_12" "192.168.0.0_16"
|
|
set comment ''
|
|
set exclude disable
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "Geo_Block_Group"
|
|
set type default
|
|
set category default
|
|
set uuid a62837de-9fbf-51ec-3ddf-ee9c6f1e1784
|
|
set member "Belarus" "China" "Russia"
|
|
set comment ''
|
|
set exclude disable
|
|
set color 6
|
|
set fabric-object disable
|
|
next
|
|
end
|
|
config firewall addrgrp6
|
|
end
|
|
config firewall wildcard-fqdn custom
|
|
edit "g-Adobe Login"
|
|
set uuid b5c2c426-7e12-51ec-c8c7-42a0753234df
|
|
set wildcard-fqdn "*.adobelogin.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-Gotomeeting"
|
|
set uuid b5c2d1dc-7e12-51ec-0033-c7d538e5fdef
|
|
set wildcard-fqdn "*.gotomeeting.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-Windows update 2"
|
|
set uuid b5c2d93e-7e12-51ec-1050-7b6ae64065ac
|
|
set wildcard-fqdn "*.windowsupdate.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-adobe"
|
|
set uuid b5c2c30e-7e12-51ec-1da6-1db9bca6406e
|
|
set wildcard-fqdn "*.adobe.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-android"
|
|
set uuid b5c2c520-7e12-51ec-66f1-404afb0dad1a
|
|
set wildcard-fqdn "*.android.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-apple"
|
|
set uuid b5c2c61a-7e12-51ec-b2cc-2b03b1ad8ac0
|
|
set wildcard-fqdn "*.apple.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-appstore"
|
|
set uuid b5c2c714-7e12-51ec-072f-a8d60b6da6c9
|
|
set wildcard-fqdn "*.appstore.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-auth.gfx.ms"
|
|
set uuid b5c2c80e-7e12-51ec-3653-8016dcbc28a4
|
|
set wildcard-fqdn "*.auth.gfx.ms"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-autoupdate.opera.com"
|
|
set uuid b5c2de52-7e12-51ec-9c10-927947a6ab3a
|
|
set wildcard-fqdn "*autoupdate.opera.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-cdn-apple"
|
|
set uuid 4fcf159e-7cda-51ed-d7ef-7d1c0f82091c
|
|
set wildcard-fqdn "*.cdn-apple.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-citrix"
|
|
set uuid b5c2c908-7e12-51ec-01b1-b38ce4989cbb
|
|
set wildcard-fqdn "*.citrixonline.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-dropbox.com"
|
|
set uuid b5c2ca02-7e12-51ec-43dc-489077effa44
|
|
set wildcard-fqdn "*.dropbox.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-eease"
|
|
set uuid b5c2cafc-7e12-51ec-0777-7e7243cc25fe
|
|
set wildcard-fqdn "*.eease.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-firefox update server"
|
|
set uuid b5c2cbf6-7e12-51ec-d213-27b68033a384
|
|
set wildcard-fqdn "aus*.mozilla.org"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-fortinet"
|
|
set uuid b5c2ccf0-7e12-51ec-0b36-46ab64c1ba89
|
|
set wildcard-fqdn "*.fortinet.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-google-drive"
|
|
set uuid b5c2cee4-7e12-51ec-9ea0-220ca0ebde0f
|
|
set wildcard-fqdn "*drive.google.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-google-play"
|
|
set uuid b5c2db46-7e12-51ec-efc3-be1c278ba621
|
|
set wildcard-fqdn "*play.google.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-google-play2"
|
|
set uuid b5c2cfde-7e12-51ec-3f42-4089eb70f096
|
|
set wildcard-fqdn "*.ggpht.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-google-play3"
|
|
set uuid b5c2d0d8-7e12-51ec-b5df-6cd900ac767d
|
|
set wildcard-fqdn "*.books.google.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-googleapis.com"
|
|
set uuid b5c2cdea-7e12-51ec-c49f-497c9a8f0cc4
|
|
set wildcard-fqdn "*.googleapis.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-icloud"
|
|
set uuid b5c2d344-7e12-51ec-c8c1-97b23449d39e
|
|
set wildcard-fqdn "*.icloud.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-itunes"
|
|
set uuid b5c2d452-7e12-51ec-d0f4-1605cffaa5b0
|
|
set wildcard-fqdn "*itunes.apple.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-live.com"
|
|
set uuid b5c2da42-7e12-51ec-980b-fefb8446bc74
|
|
set wildcard-fqdn "*.live.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-microsoft"
|
|
set uuid b5c2d54c-7e12-51ec-66f6-895f67d8072d
|
|
set wildcard-fqdn "*.microsoft.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-mzstatic-apple"
|
|
set uuid 4fcf1652-7cda-51ed-df9f-4d198b596ae5
|
|
set wildcard-fqdn "*.mzstatic.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-skype"
|
|
set uuid b5c2d646-7e12-51ec-2218-dc4a982afb68
|
|
set wildcard-fqdn "*.messenger.live.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-softwareupdate.vmware.com"
|
|
set uuid b5c2d740-7e12-51ec-15f8-f8ef25f4ea30
|
|
set wildcard-fqdn "*.softwareupdate.vmware.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-swscan.apple.com"
|
|
set uuid b5c2dd44-7e12-51ec-5fa2-8d51ab678ea9
|
|
set wildcard-fqdn "*swscan.apple.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-update.microsoft.com"
|
|
set uuid b5c2dc40-7e12-51ec-7df9-3371c69c0ffb
|
|
set wildcard-fqdn "*update.microsoft.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-verisign"
|
|
set uuid b5c2d83a-7e12-51ec-e82e-ffa878b96855
|
|
set wildcard-fqdn "*.verisign.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
end
|
|
config firewall wildcard-fqdn group
|
|
end
|
|
config firewall traffic-class
|
|
end
|
|
config firewall service category
|
|
edit "General"
|
|
set comment "General services."
|
|
set fabric-object disable
|
|
next
|
|
edit "Web Access"
|
|
set comment "Web access."
|
|
set fabric-object disable
|
|
next
|
|
edit "File Access"
|
|
set comment "File access."
|
|
set fabric-object disable
|
|
next
|
|
edit "Email"
|
|
set comment "Email services."
|
|
set fabric-object disable
|
|
next
|
|
edit "Network Services"
|
|
set comment "Network services."
|
|
set fabric-object disable
|
|
next
|
|
edit "Authentication"
|
|
set comment "Authentication service."
|
|
set fabric-object disable
|
|
next
|
|
edit "Remote Access"
|
|
set comment "Remote access."
|
|
set fabric-object disable
|
|
next
|
|
edit "Tunneling"
|
|
set comment "Tunneling service."
|
|
set fabric-object disable
|
|
next
|
|
edit "VoIP, Messaging & Other Applications"
|
|
set comment "VoIP, messaging, and other applications."
|
|
set fabric-object disable
|
|
next
|
|
edit "Web Proxy"
|
|
set comment "Explicit web proxy."
|
|
set fabric-object disable
|
|
next
|
|
end
|
|
config firewall service custom
|
|
edit "ALL"
|
|
set uuid 8b743d2a-c0f9-51f0-6d5e-bc0b7855a24f
|
|
set proxy disable
|
|
set category "General"
|
|
set protocol IP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set protocol-number 0
|
|
next
|
|
edit "FTP"
|
|
set uuid 8b743e4c-c0f9-51f0-2396-a437ab4fcb0d
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 21
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "FTP_GET"
|
|
set uuid 8b743f1e-c0f9-51f0-24fb-f75bf24da028
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 21
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "FTP_PUT"
|
|
set uuid 8b743fdc-c0f9-51f0-5f1a-fe9799588add
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 21
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "DNS"
|
|
set uuid 96f50166-c0f9-51f0-fc64-b948164f4051
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 53
|
|
set udp-portrange 53
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "HTTP"
|
|
set uuid 96f505a8-c0f9-51f0-2b57-daa3596aa8ad
|
|
set proxy disable
|
|
set category "Web Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 80
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "HTTPS"
|
|
set uuid 96f50918-c0f9-51f0-7537-53978cacccdb
|
|
set proxy disable
|
|
set category "Web Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 443
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "IMAP"
|
|
set uuid 96f50c74-c0f9-51f0-839d-2e5fa6a57cab
|
|
set proxy disable
|
|
set category "Email"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 143
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "IMAPS"
|
|
set uuid 96f50fc6-c0f9-51f0-fb9e-69da6f62d7ee
|
|
set proxy disable
|
|
set category "Email"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 993
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "LDAP"
|
|
set uuid 96f5130e-c0f9-51f0-95c6-e443dec4365e
|
|
set proxy disable
|
|
set category "Authentication"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 389
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "DCE-RPC"
|
|
set uuid 96f5166a-c0f9-51f0-794d-5266b08e9ef9
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 135
|
|
set udp-portrange 135
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "POP3"
|
|
set uuid 96f51a02-c0f9-51f0-20a3-dff9f765beb0
|
|
set proxy disable
|
|
set category "Email"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 110
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "POP3S"
|
|
set uuid 96f51d54-c0f9-51f0-2f40-36b87fde1373
|
|
set proxy disable
|
|
set category "Email"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 995
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SAMBA"
|
|
set uuid 96f52092-c0f9-51f0-b4a1-774ae7aa7c46
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 139
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SMTP"
|
|
set uuid 96f523da-c0f9-51f0-a1c7-5b51f8e03dce
|
|
set proxy disable
|
|
set category "Email"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 25
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SMTPS"
|
|
set uuid 96f52934-c0f9-51f0-8fe6-124acda85b24
|
|
set proxy disable
|
|
set category "Email"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 465
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "KERBEROS"
|
|
set uuid 96f52e70-c0f9-51f0-d05f-7485632786fb
|
|
set proxy disable
|
|
set category "Authentication"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 88 464
|
|
set udp-portrange 88 464
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "LDAP_UDP"
|
|
set uuid 96f53226-c0f9-51f0-1c29-60168b5fd719
|
|
set proxy disable
|
|
set category "Authentication"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 389
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SMB"
|
|
set uuid 96f53582-c0f9-51f0-b95d-7d370a44a7ce
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 445
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "ALL_TCP"
|
|
set uuid 96f54612-c0f9-51f0-b96c-2b8c4df9ace5
|
|
set proxy disable
|
|
set category "General"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1-65535
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "ALL_UDP"
|
|
set uuid 96f54996-c0f9-51f0-6c20-38c18b6bc125
|
|
set proxy disable
|
|
set category "General"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 1-65535
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "ALL_ICMP"
|
|
set uuid 96f54cf2-c0f9-51f0-68fb-6f1dbc308afd
|
|
set proxy disable
|
|
set category "General"
|
|
set protocol ICMP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
unset icmptype
|
|
next
|
|
edit "ALL_ICMP6"
|
|
set uuid 96f5508a-c0f9-51f0-c704-88f3da5a94de
|
|
set proxy disable
|
|
set category "General"
|
|
set protocol ICMP6
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
unset icmptype
|
|
next
|
|
edit "GRE"
|
|
set uuid 96f55418-c0f9-51f0-4427-4605ffd297d4
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol IP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set protocol-number 47
|
|
next
|
|
edit "AH"
|
|
set uuid 96f557b0-c0f9-51f0-bd99-8e5631387fd9
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol IP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set protocol-number 51
|
|
next
|
|
edit "ESP"
|
|
set uuid 96f55b48-c0f9-51f0-4342-a5043beb506b
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol IP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set protocol-number 50
|
|
next
|
|
edit "AOL"
|
|
set uuid 96f55ecc-c0f9-51f0-fbda-c6a055a2f81f
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 5190-5194
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "BGP"
|
|
set uuid 96f56192-c0f9-51f0-70c3-ff25ff13d32c
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 179
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "DHCP"
|
|
set uuid 96f564e4-c0f9-51f0-0467-7f6ad11de689
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 67-68
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "FINGER"
|
|
set uuid 96f56836-c0f9-51f0-0eea-39bc3a683127
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 79
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "GOPHER"
|
|
set uuid 96f56b10-c0f9-51f0-7c12-89442e18cd06
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 70
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "H323"
|
|
set uuid 96f56e6c-c0f9-51f0-f5a4-ffb42ab3fafa
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1720 1503
|
|
set udp-portrange 1719
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "IKE"
|
|
set uuid 96f57240-c0f9-51f0-1cab-d6120d1c5ffb
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 500 4500
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "Internet-Locator-Service"
|
|
set uuid 96f57592-c0f9-51f0-e2ac-a576effbe570
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 389
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "IRC"
|
|
set uuid 96f57858-c0f9-51f0-2b8e-59702cd43b59
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 6660-6669
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "L2TP"
|
|
set uuid 96f57bc8-c0f9-51f0-056d-c3fb82dbd93d
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1701
|
|
set udp-portrange 1701
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "NetMeeting"
|
|
set uuid 96f57f6a-c0f9-51f0-f03e-f6c632415cb1
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1720
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "NFS"
|
|
set uuid 96f58230-c0f9-51f0-43ec-f0d9bdbf460f
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 111 2049
|
|
set udp-portrange 111 2049
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "NNTP"
|
|
set uuid 96f585d2-c0f9-51f0-67cc-190ac5c92bf4
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 119
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "NTP"
|
|
set uuid 96f5888e-c0f9-51f0-321b-fd3a6933a2a9
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 123
|
|
set udp-portrange 123
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "OSPF"
|
|
set uuid 96f58c30-c0f9-51f0-44e6-5aa1627d239c
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol IP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set protocol-number 89
|
|
next
|
|
edit "PC-Anywhere"
|
|
set uuid 96f58fbe-c0f9-51f0-b654-11340a330887
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 5631
|
|
set udp-portrange 5632
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "PING"
|
|
set uuid 96f59360-c0f9-51f0-1405-ed0aa0c07c1a
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol ICMP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set icmptype 8
|
|
unset icmpcode
|
|
next
|
|
edit "TIMESTAMP"
|
|
set uuid 96f5973e-c0f9-51f0-7998-bfd03695a594
|
|
set proxy disable
|
|
set category ''
|
|
set protocol ICMP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set icmptype 13
|
|
unset icmpcode
|
|
next
|
|
edit "INFO_REQUEST"
|
|
set uuid 96f59a86-c0f9-51f0-e6e0-2d68e4fefc6a
|
|
set proxy disable
|
|
set category ''
|
|
set protocol ICMP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set icmptype 15
|
|
unset icmpcode
|
|
next
|
|
edit "INFO_ADDRESS"
|
|
set uuid 96f59dce-c0f9-51f0-5fa7-7c6d0959e11c
|
|
set proxy disable
|
|
set category ''
|
|
set protocol ICMP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set icmptype 17
|
|
unset icmpcode
|
|
next
|
|
edit "ONC-RPC"
|
|
set uuid 96f5a12a-c0f9-51f0-b3b4-eec5841bf40a
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 111
|
|
set udp-portrange 111
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "PPTP"
|
|
set uuid 96f5a576-c0f9-51f0-82cc-19bb03f63b33
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1723
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "QUAKE"
|
|
set uuid 96f5a9ea-c0f9-51f0-d16d-5f37a8e0c38d
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 26000 27000 27910 27960
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RAUDIO"
|
|
set uuid 96f5acce-c0f9-51f0-9a5b-ee4f22c9a3d7
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 7070
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "REXEC"
|
|
set uuid 96f5af8a-c0f9-51f0-66c7-199285d80167
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 512
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RIP"
|
|
set uuid 96f5b25a-c0f9-51f0-4385-079972061cf1
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 520
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RLOGIN"
|
|
set uuid 96f5b5a2-c0f9-51f0-0891-75d2d64dc90a
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 513:512-1023
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RSH"
|
|
set uuid 96f5b872-c0f9-51f0-260b-f2fb645db637
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 514:512-1023
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SCCP"
|
|
set uuid 96f5bb38-c0f9-51f0-de1d-476c59245428
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 2000
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SIP"
|
|
set uuid 96f5be94-c0f9-51f0-74ac-d4914dda030b
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 5060
|
|
set udp-portrange 5060
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SIP-MSNmessenger"
|
|
set uuid 96f5c240-c0f9-51f0-9fe0-4fd15dee9383
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1863
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SNMP"
|
|
set uuid 96f5c592-c0f9-51f0-33f7-70134c1048b1
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 161-162
|
|
set udp-portrange 161-162
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SSH"
|
|
set uuid 96f5c948-c0f9-51f0-cd48-196a7373bfca
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 22
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SYSLOG"
|
|
set uuid 96f5cc9a-c0f9-51f0-295a-299522a6e90c
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 514
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TALK"
|
|
set uuid 96f5d000-c0f9-51f0-72ed-06d247a926f5
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 517-518
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TELNET"
|
|
set uuid 96f5d2d0-c0f9-51f0-0fa1-7004312eaf19
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 23
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TFTP"
|
|
set uuid 96f5d622-c0f9-51f0-1eb7-e2ade6f587b2
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 69
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "MGCP"
|
|
set uuid 96f5da1e-c0f9-51f0-5514-593a0404fb6a
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 2427 2727
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "UUCP"
|
|
set uuid 96f5dd0c-c0f9-51f0-da54-5ed3c7bc0eaa
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 540
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "VDOLIVE"
|
|
set uuid 96f5dfc8-c0f9-51f0-ba05-a609adea1a29
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 7000-7010
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "WAIS"
|
|
set uuid 96f5e2a2-c0f9-51f0-dda0-397d998e360d
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 210
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "WINFRAME"
|
|
set uuid 96f5e55e-c0f9-51f0-c47e-c352bf16c1ed
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1494 2598
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "X-WINDOWS"
|
|
set uuid 96f5e824-c0f9-51f0-c3e3-079573af8c63
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 6000-6063
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "PING6"
|
|
set uuid 96f5eb8a-c0f9-51f0-50b1-801bfeec52de
|
|
set proxy disable
|
|
set category ''
|
|
set protocol ICMP6
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set icmptype 128
|
|
unset icmpcode
|
|
next
|
|
edit "MS-SQL"
|
|
set uuid 96f5eee6-c0f9-51f0-dad2-6b74df69c35c
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1433 1434
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "MYSQL"
|
|
set uuid 96f5f256-c0f9-51f0-eeba-fc01f740e146
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 3306
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RDP"
|
|
set uuid 96f5f5a8-c0f9-51f0-5211-9df7685e568c
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 3389
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "VNC"
|
|
set uuid 96f5f8f0-c0f9-51f0-6b0d-0a4431659dd0
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 5900
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "DHCP6"
|
|
set uuid 96f5fc42-c0f9-51f0-b7d8-328d514f480c
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 546 547
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SQUID"
|
|
set uuid 96f5ff94-c0f9-51f0-488f-b629f81f8656
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 3128
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SOCKS"
|
|
set uuid 96f602e6-c0f9-51f0-4dde-2207327d2c7c
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1080
|
|
set udp-portrange 1080
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "WINS"
|
|
set uuid 96f6067e-c0f9-51f0-51e0-54f3a669ef5e
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1512
|
|
set udp-portrange 1512
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RADIUS"
|
|
set uuid 96f60a16-c0f9-51f0-baa0-ce18311324b9
|
|
set proxy disable
|
|
set category "Authentication"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 1812 1813
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RADIUS-OLD"
|
|
set uuid 96f60fc0-c0f9-51f0-31a8-44a563789949
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 1645 1646
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "CVSPSERVER"
|
|
set uuid 96f612f4-c0f9-51f0-3b26-9bda985825c8
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 2401
|
|
set udp-portrange 2401
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "AFS3"
|
|
set uuid 96f61600-c0f9-51f0-bfa6-b69dc2317c41
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 7000-7009
|
|
set udp-portrange 7000-7009
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TRACEROUTE"
|
|
set uuid 96f619ca-c0f9-51f0-61cf-44ef95be8053
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 33434-33535
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RTSP"
|
|
set uuid 96f61d26-c0f9-51f0-efaa-4003e04ee2b4
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 554 7070 8554
|
|
set udp-portrange 554
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "MMS"
|
|
set uuid 96f620dc-c0f9-51f0-fec5-0ca7f54fa4d0
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1755
|
|
set udp-portrange 1024-5000
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "NONE"
|
|
set uuid 96f623f2-c0f9-51f0-419a-056f53f453f4
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 0
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "webproxy"
|
|
set uuid 8b742f9c-c0f9-51f0-c282-a5cb04651e47
|
|
set proxy enable
|
|
set category "Web Proxy"
|
|
set protocol ALL
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set app-service-type disable
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 0-65535:0-65535
|
|
next
|
|
end
|
|
config firewall service group
|
|
edit "Email Access"
|
|
set uuid 8b744194-c0f9-51f0-1ed8-f394d8e7442d
|
|
set proxy disable
|
|
set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "Web Access"
|
|
set uuid 8b744856-c0f9-51f0-1b17-dc35a1e3d206
|
|
set proxy disable
|
|
set member "DNS" "HTTP" "HTTPS"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "Windows AD"
|
|
set uuid 8b744c02-c0f9-51f0-7f3f-5533ce62b3a3
|
|
set proxy disable
|
|
set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "Exchange Server"
|
|
set uuid 8b74517a-c0f9-51f0-e42f-1a0b38c99a34
|
|
set proxy disable
|
|
set member "DCE-RPC" "DNS" "HTTPS"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
end
|
|
config firewall internet-service-group
|
|
end
|
|
config firewall internet-service-extension
|
|
end
|
|
config firewall internet-service-custom
|
|
end
|
|
config firewall internet-service-custom-group
|
|
end
|
|
config firewall network-service-dynamic
|
|
end
|
|
config system external-resource
|
|
end
|
|
config vpn certificate ca
|
|
end
|
|
config vpn certificate remote
|
|
end
|
|
config vpn certificate local
|
|
edit "Fortinet_CA_SSL"
|
|
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_CA_Untrusted"
|
|
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_GUI_Server"
|
|
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_RSA1024"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_RSA2048"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_RSA4096"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_DSA1024"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_DSA2048"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_ECDSA256"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_ECDSA384"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_ECDSA521"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_ED25519"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_ED448"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
end
|
|
config vpn certificate crl
|
|
end
|
|
config vpn certificate ocsp-server
|
|
end
|
|
config vpn certificate setting
|
|
set ocsp-status disable
|
|
set ocsp-option server
|
|
set proxy ''
|
|
set source-ip ''
|
|
set ocsp-default-server ''
|
|
set interface-select-method auto
|
|
set check-ca-cert enable
|
|
set check-ca-chain disable
|
|
set subject-match substring
|
|
set subject-set subset
|
|
set cn-match substring
|
|
set cn-allow-multi enable
|
|
config crl-verification
|
|
set expiry ignore
|
|
set leaf-crl-absence ignore
|
|
set chain-crl-absence ignore
|
|
end
|
|
set strict-ocsp-check disable
|
|
set ssl-min-proto-version default
|
|
set cmp-save-extra-certs disable
|
|
set cmp-key-usage-checking enable
|
|
set cert-expire-warning 14
|
|
set certname-rsa1024 "Fortinet_SSL_RSA1024"
|
|
set certname-rsa2048 "Fortinet_SSL_RSA2048"
|
|
set certname-rsa4096 "Fortinet_SSL_RSA4096"
|
|
set certname-dsa1024 "Fortinet_SSL_DSA1024"
|
|
set certname-dsa2048 "Fortinet_SSL_DSA2048"
|
|
set certname-ecdsa256 "Fortinet_SSL_ECDSA256"
|
|
set certname-ecdsa384 "Fortinet_SSL_ECDSA384"
|
|
set certname-ecdsa521 "Fortinet_SSL_ECDSA521"
|
|
set certname-ed25519 "Fortinet_SSL_ED25519"
|
|
set certname-ed448 "Fortinet_SSL_ED448"
|
|
end
|
|
config webfilter ftgd-local-cat
|
|
edit "custom1"
|
|
set status enable
|
|
set id 140
|
|
next
|
|
edit "custom2"
|
|
set status enable
|
|
set id 141
|
|
next
|
|
end
|
|
config ips sensor
|
|
edit "g-default"
|
|
set comment "Prevent critical attacks."
|
|
set replacemsg-group ''
|
|
set block-malicious-url disable
|
|
set scan-botnet-connections disable
|
|
set extended-log disable
|
|
config entries
|
|
edit 1
|
|
set location all
|
|
set severity medium high critical
|
|
set protocol all
|
|
set os all
|
|
set application all
|
|
set default-action all
|
|
set default-status all
|
|
unset last-modified
|
|
set status default
|
|
set log enable
|
|
set log-packet disable
|
|
set log-attack-context disable
|
|
set action default
|
|
set quarantine none
|
|
next
|
|
end
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "Monitor IPS attacks."
|
|
set replacemsg-group ''
|
|
set block-malicious-url disable
|
|
set scan-botnet-connections disable
|
|
set extended-log disable
|
|
config entries
|
|
edit 1
|
|
set location all
|
|
set severity medium high critical
|
|
set protocol all
|
|
set os all
|
|
set application all
|
|
set default-action all
|
|
set default-status all
|
|
unset last-modified
|
|
set status default
|
|
set log enable
|
|
set log-packet disable
|
|
set log-attack-context disable
|
|
set action default
|
|
set quarantine none
|
|
next
|
|
end
|
|
next
|
|
edit "g-wifi-default"
|
|
set comment "Default configuration for offloading WiFi traffic."
|
|
set replacemsg-group ''
|
|
set block-malicious-url disable
|
|
set scan-botnet-connections disable
|
|
set extended-log disable
|
|
config entries
|
|
edit 1
|
|
set location all
|
|
set severity medium high critical
|
|
set protocol all
|
|
set os all
|
|
set application all
|
|
set default-action all
|
|
set default-status all
|
|
unset last-modified
|
|
set status default
|
|
set log enable
|
|
set log-packet disable
|
|
set log-attack-context disable
|
|
set action default
|
|
set quarantine none
|
|
next
|
|
end
|
|
next
|
|
edit "IPS_Test"
|
|
set comment ''
|
|
set replacemsg-group ''
|
|
set block-malicious-url enable
|
|
set scan-botnet-connections block
|
|
set extended-log disable
|
|
config entries
|
|
edit 1
|
|
set location all
|
|
set severity medium high critical
|
|
set protocol all
|
|
set os all
|
|
set application all
|
|
set default-action all
|
|
set default-status all
|
|
unset last-modified
|
|
set status default
|
|
set log enable
|
|
set log-packet disable
|
|
set log-attack-context disable
|
|
set action block
|
|
set quarantine none
|
|
next
|
|
end
|
|
next
|
|
edit "gdd-botnet C&C IP blocking"
|
|
set comment "This allows you to enable botnet blocking across all traffic that matches the policy by configuring one setting in the GUI"
|
|
set replacemsg-group ''
|
|
set block-malicious-url disable
|
|
set scan-botnet-connections disable
|
|
set extended-log disable
|
|
next
|
|
end
|
|
config sctp-filter profile
|
|
end
|
|
config diameter-filter profile
|
|
end
|
|
config firewall shaper traffic-shaper
|
|
edit "high-priority"
|
|
set guaranteed-bandwidth 0
|
|
set maximum-bandwidth 1048576
|
|
set bandwidth-unit kbps
|
|
set priority high
|
|
set per-policy enable
|
|
set diffserv disable
|
|
set cos-marking disable
|
|
set overhead 0
|
|
next
|
|
edit "medium-priority"
|
|
set guaranteed-bandwidth 0
|
|
set maximum-bandwidth 1048576
|
|
set bandwidth-unit kbps
|
|
set priority medium
|
|
set per-policy enable
|
|
set diffserv disable
|
|
set cos-marking disable
|
|
set overhead 0
|
|
next
|
|
edit "low-priority"
|
|
set guaranteed-bandwidth 0
|
|
set maximum-bandwidth 1048576
|
|
set bandwidth-unit kbps
|
|
set priority low
|
|
set per-policy enable
|
|
set diffserv disable
|
|
set cos-marking disable
|
|
set overhead 0
|
|
next
|
|
edit "guarantee-100kbps"
|
|
set guaranteed-bandwidth 100
|
|
set maximum-bandwidth 1048576
|
|
set bandwidth-unit kbps
|
|
set priority high
|
|
set per-policy enable
|
|
set diffserv disable
|
|
set cos-marking disable
|
|
set overhead 0
|
|
next
|
|
edit "shared-1M-pipe"
|
|
set guaranteed-bandwidth 0
|
|
set maximum-bandwidth 1024
|
|
set bandwidth-unit kbps
|
|
set priority high
|
|
set per-policy disable
|
|
set diffserv disable
|
|
set cos-marking disable
|
|
set overhead 0
|
|
next
|
|
end
|
|
config firewall shaper per-ip-shaper
|
|
end
|
|
config firewall proxy-address
|
|
edit "IPv4-address"
|
|
set uuid 2a1f31fe-c0f6-51f0-9dea-2fa35c0eace0
|
|
set type host-regex
|
|
set host-regex "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}$"
|
|
set referrer disable
|
|
set case-sensitivity disable
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "IPv6-address"
|
|
set uuid 2a1f3366-c0f6-51f0-3e8a-592ee6504265
|
|
set type host-regex
|
|
set host-regex "^\\[(([0-9a-f]{0,4}:){1,7}[0-9a-f]{1,4})\\]$"
|
|
set referrer disable
|
|
set case-sensitivity disable
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
end
|
|
config firewall proxy-addrgrp
|
|
end
|
|
config web-proxy profile
|
|
end
|
|
config web-proxy global
|
|
set ssl-cert "Fortinet_Factory"
|
|
set ssl-ca-cert "Fortinet_CA_SSL"
|
|
set fast-policy-match enable
|
|
set ldap-user-cache disable
|
|
set proxy-fqdn "default.fqdn"
|
|
set max-request-length 8
|
|
set max-message-length 32
|
|
set strict-web-check disable
|
|
set forward-proxy-auth disable
|
|
set forward-server-affinity-timeout 30
|
|
set max-waf-body-cache-length 1
|
|
set webproxy-profile ''
|
|
set learn-client-ip disable
|
|
set policy-category-deep-inspect enable
|
|
set log-policy-pending disable
|
|
set log-forward-server disable
|
|
set log-app-id disable
|
|
set proxy-transparent-cert-inspection disable
|
|
set request-obs-fold keep
|
|
end
|
|
config web-proxy explicit
|
|
set status disable
|
|
set secure-web-proxy disable
|
|
set http-connection-mode static
|
|
set ipv6-status disable
|
|
set strict-guest disable
|
|
set https-replacement-message enable
|
|
set ssl-algorithm low
|
|
end
|
|
config web-proxy forward-server
|
|
end
|
|
config web-proxy forward-server-group
|
|
end
|
|
config web-proxy debug-url
|
|
end
|
|
config web-proxy wisp
|
|
end
|
|
config wanopt webcache
|
|
set max-object-size 512000
|
|
set neg-resp-time 0
|
|
set fresh-factor 100
|
|
set max-ttl 7200
|
|
set min-ttl 5
|
|
set default-ttl 1440
|
|
set ignore-ims disable
|
|
set ignore-conditional disable
|
|
set ignore-pnc disable
|
|
set ignore-ie-reload enable
|
|
set cache-expired disable
|
|
set cache-cookie disable
|
|
set reval-pnc disable
|
|
set always-revalidate disable
|
|
set cache-by-default disable
|
|
set host-validate disable
|
|
set external disable
|
|
end
|
|
config ftp-proxy explicit
|
|
set status disable
|
|
set ssl disable
|
|
end
|
|
config web-proxy fast-fallback
|
|
end
|
|
config web-proxy url-match
|
|
end
|
|
config application custom
|
|
end
|
|
config application list
|
|
edit "g-default"
|
|
set comment "Monitor all applications."
|
|
set replacemsg-group ''
|
|
set extended-log disable
|
|
set other-application-action pass
|
|
set app-replacemsg enable
|
|
set other-application-log disable
|
|
set enforce-default-app-port disable
|
|
set force-inclusion-ssl-di-sigs disable
|
|
set unknown-application-action pass
|
|
set unknown-application-log disable
|
|
unset p2p-block-list
|
|
set deep-app-inspection enable
|
|
set options allow-dns
|
|
config entries
|
|
edit 1
|
|
set protocols all
|
|
set vendor all
|
|
set technology all
|
|
set behavior all
|
|
set popularity 1 2 3 4 5
|
|
set action pass
|
|
set log enable
|
|
set log-packet disable
|
|
set session-ttl 0
|
|
set shaper ''
|
|
set shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set quarantine none
|
|
next
|
|
end
|
|
set control-default-network-services disable
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "Monitor all applications."
|
|
set replacemsg-group ''
|
|
set extended-log disable
|
|
set other-application-action pass
|
|
set app-replacemsg enable
|
|
set other-application-log disable
|
|
set enforce-default-app-port disable
|
|
set force-inclusion-ssl-di-sigs disable
|
|
set unknown-application-action pass
|
|
set unknown-application-log disable
|
|
unset p2p-block-list
|
|
set deep-app-inspection enable
|
|
unset options
|
|
config entries
|
|
edit 1
|
|
set protocols all
|
|
set vendor all
|
|
set technology all
|
|
set behavior all
|
|
set popularity 1 2 3 4 5
|
|
set action pass
|
|
set log enable
|
|
set log-packet disable
|
|
set session-ttl 0
|
|
set shaper ''
|
|
set shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set quarantine none
|
|
next
|
|
end
|
|
set control-default-network-services disable
|
|
next
|
|
edit "g-wifi-default"
|
|
set comment "Default configuration for offloading WiFi traffic."
|
|
set replacemsg-group ''
|
|
set extended-log disable
|
|
set other-application-action pass
|
|
set app-replacemsg enable
|
|
set other-application-log disable
|
|
set enforce-default-app-port disable
|
|
set force-inclusion-ssl-di-sigs disable
|
|
set unknown-application-action pass
|
|
set unknown-application-log disable
|
|
unset p2p-block-list
|
|
set deep-app-inspection disable
|
|
set options allow-dns
|
|
config entries
|
|
edit 1
|
|
set protocols all
|
|
set vendor all
|
|
set technology all
|
|
set behavior all
|
|
set popularity 1 2 3 4 5
|
|
set action pass
|
|
set log disable
|
|
set log-packet disable
|
|
set session-ttl 0
|
|
set shaper ''
|
|
set shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set quarantine none
|
|
next
|
|
end
|
|
set control-default-network-services disable
|
|
next
|
|
end
|
|
config application group
|
|
end
|
|
config dlp data-type
|
|
edit "g-credit-card"
|
|
set pattern "\\b([2-6]{1}\\d{3})[- ]?(\\d{4})[- ]?(\\d{2})[- ]?(\\d{2})[- ]?(\\d{2,4})\\b"
|
|
set verify "builtin)credit-card"
|
|
set verify2 ''
|
|
set match-around ''
|
|
set look-back 20
|
|
set look-ahead 1
|
|
set transform "\\b\\1[- ]?\\2[- ]?\\3[- ]?\\4[- ]?\\5\\b"
|
|
set verify-transformed-pattern disable
|
|
set comment ''
|
|
next
|
|
edit "g-edm-keyword"
|
|
set pattern ".+"
|
|
set verify ''
|
|
set match-around ''
|
|
set transform "/\\b\\0\\b/i"
|
|
set comment ''
|
|
next
|
|
edit "g-hex"
|
|
set pattern "built-in"
|
|
set verify ''
|
|
set match-around ''
|
|
set transform ''
|
|
set comment ''
|
|
next
|
|
edit "g-keyword"
|
|
set pattern "built-in"
|
|
set verify ''
|
|
set match-around ''
|
|
set transform ''
|
|
set comment ''
|
|
next
|
|
edit "g-mip-label"
|
|
set pattern "^[[:xdigit:]]{8}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{12}$"
|
|
set verify ''
|
|
set match-around ''
|
|
set transform "built-in"
|
|
set comment ''
|
|
next
|
|
edit "g-regex"
|
|
set pattern "built-in"
|
|
set verify ''
|
|
set match-around ''
|
|
set transform ''
|
|
set comment ''
|
|
next
|
|
edit "g-ssn-us"
|
|
set pattern "\\b(\\d{3})-(\\d{2})-(\\d{4})\\b"
|
|
set verify "(?<!-)\\b(?!666|000|9\\d{2})\\d{3}-(?!00)\\d{2}-(?!0{4})\\d{4}\\b(?!-)"
|
|
set verify2 ''
|
|
set match-around ''
|
|
set look-back 12
|
|
set look-ahead 1
|
|
set transform "\\b\\1-\\2-\\3\\b"
|
|
set verify-transformed-pattern disable
|
|
set comment ''
|
|
next
|
|
end
|
|
config dlp dictionary
|
|
end
|
|
config dlp exact-data-match
|
|
end
|
|
config dlp sensor
|
|
end
|
|
config dlp filepattern
|
|
edit 1
|
|
set name "builtin-patterns"
|
|
set comment ''
|
|
config entries
|
|
edit "*.bat"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.com"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.dll"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.doc"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.exe"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.gz"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.hta"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.ppt"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.rar"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.scr"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.tar"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.tgz"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.vb?"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.wps"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.xl?"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.zip"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.pif"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.cpl"
|
|
set filter-type pattern
|
|
next
|
|
end
|
|
next
|
|
edit 2
|
|
set name "all_executables"
|
|
set comment ''
|
|
config entries
|
|
edit "bat"
|
|
set filter-type type
|
|
set file-type bat
|
|
next
|
|
edit "exe"
|
|
set filter-type type
|
|
set file-type exe
|
|
next
|
|
edit "elf"
|
|
set filter-type type
|
|
set file-type elf
|
|
next
|
|
edit "hta"
|
|
set filter-type type
|
|
set file-type hta
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config dlp sensitivity
|
|
edit "Private"
|
|
next
|
|
edit "Critical"
|
|
next
|
|
edit "Warning"
|
|
next
|
|
end
|
|
config dlp fp-doc-source
|
|
end
|
|
config dlp profile
|
|
edit "g-default"
|
|
set comment "Default profile."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
set dlp-log enable
|
|
set extended-log disable
|
|
set nac-quar-log disable
|
|
unset full-archive-proto
|
|
unset summary-proto
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "Log a summary of email and web traffic."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
set dlp-log enable
|
|
set extended-log disable
|
|
set nac-quar-log disable
|
|
unset full-archive-proto
|
|
set summary-proto smtp pop3 imap http-get http-post
|
|
next
|
|
end
|
|
config webfilter content
|
|
end
|
|
config webfilter content-header
|
|
end
|
|
config webfilter urlfilter
|
|
end
|
|
config videofilter youtube-key
|
|
end
|
|
config videofilter keyword
|
|
end
|
|
config videofilter profile
|
|
end
|
|
config webfilter ips-urlfilter-setting
|
|
set device ''
|
|
set distance 1
|
|
set gateway 0.0.0.0
|
|
set geo-filter ''
|
|
end
|
|
config webfilter ips-urlfilter-setting6
|
|
set device ''
|
|
set distance 1
|
|
set gateway6 ::
|
|
set geo-filter ''
|
|
end
|
|
config emailfilter bword
|
|
end
|
|
config emailfilter block-allow-list
|
|
end
|
|
config emailfilter mheader
|
|
end
|
|
config emailfilter dnsbl
|
|
end
|
|
config emailfilter iptrust
|
|
end
|
|
config log threat-weight
|
|
set status enable
|
|
config level
|
|
set low 5
|
|
set medium 10
|
|
set high 30
|
|
set critical 50
|
|
end
|
|
set blocked-connection high
|
|
set failed-connection low
|
|
set url-block-detected high
|
|
set botnet-connection-detected critical
|
|
config malware
|
|
set virus-infected critical
|
|
set inline-block critical
|
|
set file-blocked low
|
|
set command-blocked disable
|
|
set oversized disable
|
|
set virus-scan-error high
|
|
set switch-proto disable
|
|
set mimefragmented disable
|
|
set virus-file-type-executable medium
|
|
set virus-outbreak-prevention critical
|
|
set content-disarm medium
|
|
set malware-list medium
|
|
set ems-threat-feed medium
|
|
set fsa-malicious critical
|
|
set fsa-high-risk high
|
|
set fsa-medium-risk medium
|
|
end
|
|
config ips
|
|
set info-severity disable
|
|
set low-severity low
|
|
set medium-severity medium
|
|
set high-severity high
|
|
set critical-severity critical
|
|
end
|
|
config web
|
|
edit 1
|
|
set category 26
|
|
set level high
|
|
next
|
|
edit 2
|
|
set category 61
|
|
set level high
|
|
next
|
|
edit 3
|
|
set category 86
|
|
set level high
|
|
next
|
|
edit 4
|
|
set category 1
|
|
set level medium
|
|
next
|
|
edit 5
|
|
set category 3
|
|
set level medium
|
|
next
|
|
edit 6
|
|
set category 4
|
|
set level medium
|
|
next
|
|
edit 7
|
|
set category 5
|
|
set level medium
|
|
next
|
|
edit 8
|
|
set category 6
|
|
set level medium
|
|
next
|
|
edit 9
|
|
set category 12
|
|
set level medium
|
|
next
|
|
edit 10
|
|
set category 59
|
|
set level medium
|
|
next
|
|
edit 11
|
|
set category 62
|
|
set level medium
|
|
next
|
|
edit 12
|
|
set category 83
|
|
set level medium
|
|
next
|
|
edit 13
|
|
set category 72
|
|
set level low
|
|
next
|
|
edit 14
|
|
set category 14
|
|
set level low
|
|
next
|
|
edit 15
|
|
set category 96
|
|
set level medium
|
|
next
|
|
end
|
|
config application
|
|
edit 1
|
|
set category 2
|
|
set level low
|
|
next
|
|
edit 2
|
|
set category 6
|
|
set level medium
|
|
next
|
|
end
|
|
end
|
|
config icap server
|
|
end
|
|
config icap server-group
|
|
end
|
|
config icap profile
|
|
edit "default"
|
|
set replacemsg-group ''
|
|
set comment ''
|
|
set request disable
|
|
set response disable
|
|
unset file-transfer
|
|
set streaming-content-bypass disable
|
|
set 204-response disable
|
|
set preview disable
|
|
set methods delete get head options post put trace connect other
|
|
set icap-block-log disable
|
|
set chunk-encap disable
|
|
unset extension-feature
|
|
set timeout 30
|
|
config icap-headers
|
|
edit 1
|
|
set name "X-Authenticated-User"
|
|
set content "$user"
|
|
set base64-encoding disable
|
|
next
|
|
edit 2
|
|
set name "X-Authenticated-Groups"
|
|
set content "$local_grp"
|
|
set base64-encoding disable
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config system network-visibility
|
|
set destination-visibility enable
|
|
set source-location enable
|
|
set destination-hostname-visibility enable
|
|
set hostname-ttl 86400
|
|
set hostname-limit 5000
|
|
set destination-location enable
|
|
end
|
|
config user peer
|
|
end
|
|
config user peergrp
|
|
end
|
|
config vpn qkd
|
|
end
|
|
config user certificate
|
|
end
|
|
config user radius
|
|
end
|
|
config user tacacs+
|
|
end
|
|
config user exchange
|
|
end
|
|
config user ldap
|
|
end
|
|
config user krb-keytab
|
|
end
|
|
config user domain-controller
|
|
end
|
|
config user pop3
|
|
end
|
|
config user saml
|
|
end
|
|
config user external-identity-provider
|
|
end
|
|
config user fsso
|
|
end
|
|
config user adgrp
|
|
end
|
|
config user fsso-polling
|
|
end
|
|
config user fortitoken
|
|
end
|
|
config user password-policy
|
|
end
|
|
config user local
|
|
end
|
|
config user setting
|
|
set auth-type http https ftp telnet
|
|
set auth-cert "Fortinet_Factory"
|
|
set auth-ca-cert ''
|
|
set auth-secure-http disable
|
|
set auth-http-basic disable
|
|
set auth-ssl-allow-renegotiation disable
|
|
set auth-src-mac enable
|
|
set auth-on-demand implicitly
|
|
set auth-timeout 5
|
|
set auth-timeout-type idle-timeout
|
|
set auth-portal-timeout 3
|
|
set radius-ses-timeout-act hard-timeout
|
|
set auth-blackout-time 0
|
|
set auth-invalid-max 5
|
|
set auth-lockout-threshold 3
|
|
set auth-lockout-duration 0
|
|
set per-policy-disclaimer disable
|
|
set auth-ssl-min-proto-version default
|
|
unset auth-ssl-max-proto-version
|
|
set auth-ssl-sigalgs all
|
|
set default-user-password-policy ''
|
|
end
|
|
config user quarantine
|
|
set quarantine enable
|
|
set traffic-policy ''
|
|
set firewall-groups ''
|
|
end
|
|
config user group
|
|
edit "SSO_Guest_Users"
|
|
set authtimeout 0
|
|
set http-digest-realm ''
|
|
next
|
|
end
|
|
config user security-exempt-list
|
|
end
|
|
config vpn ssl web realm
|
|
end
|
|
config vpn ssl web host-check-software
|
|
edit "FortiClient-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "1A0271D5-3D4F-46DB-0C2C-AB37BA90D9F7"
|
|
next
|
|
edit "FortiClient-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
|
|
next
|
|
edit "FortiClient-AV-Vista"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
|
|
next
|
|
edit "FortiClient-FW-Vista"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
|
|
next
|
|
edit "FortiClient5-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "5EEDDB8C-C27A-6714-3657-DBD811D1F1B7"
|
|
next
|
|
edit "AVG-Internet-Security-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
|
|
next
|
|
edit "AVG-Internet-Security-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "8DECF618-9569-4340-B34A-D78D28969B66"
|
|
next
|
|
edit "AVG-Internet-Security-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
|
|
next
|
|
edit "AVG-Internet-Security-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
|
|
next
|
|
edit "CA-Anti-Virus"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
|
|
next
|
|
edit "CA-Internet-Security-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
|
|
next
|
|
edit "CA-Internet-Security-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
|
|
next
|
|
edit "CA-Internet-Security-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
|
|
next
|
|
edit "CA-Internet-Security-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
|
|
next
|
|
edit "CA-Personal-Firewall"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
|
|
next
|
|
edit "F-Secure-Internet-Security-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
|
|
next
|
|
edit "F-Secure-Internet-Security-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "D4747503-0346-49EB-9262-997542F79BF4"
|
|
next
|
|
edit "F-Secure-Internet-Security-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "15414183-282E-D62C-CA37-EF24860A2F17"
|
|
next
|
|
edit "F-Secure-Internet-Security-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
|
|
next
|
|
edit "Kaspersky-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
|
|
next
|
|
edit "Kaspersky-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
|
|
next
|
|
edit "Kaspersky-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
|
|
next
|
|
edit "Kaspersky-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
|
|
next
|
|
edit "McAfee-Internet-Security-Suite-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
|
|
next
|
|
edit "McAfee-Internet-Security-Suite-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
|
|
next
|
|
edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
|
|
next
|
|
edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
|
|
next
|
|
edit "McAfee-Virus-Scan-Enterprise"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
|
|
next
|
|
edit "Norton-360-2.0-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
|
|
next
|
|
edit "Norton-360-2.0-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
|
|
next
|
|
edit "Norton-360-3.0-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
|
|
next
|
|
edit "Norton-360-3.0-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
|
|
next
|
|
edit "Norton-Internet-Security-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
|
|
next
|
|
edit "Norton-Internet-Security-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
|
|
next
|
|
edit "Norton-Internet-Security-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
|
|
next
|
|
edit "Norton-Internet-Security-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
|
|
next
|
|
edit "Symantec-Endpoint-Protection-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
|
|
next
|
|
edit "Symantec-Endpoint-Protection-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
|
|
next
|
|
edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
|
|
next
|
|
edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
|
|
next
|
|
edit "Panda-Antivirus+Firewall-2008-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
|
|
next
|
|
edit "Panda-Antivirus+Firewall-2008-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
|
|
next
|
|
edit "Panda-Internet-Security-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
|
|
next
|
|
edit "Panda-Internet-Security-2006~2007-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
|
|
next
|
|
edit "Panda-Internet-Security-2008~2009-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
|
|
next
|
|
edit "Sophos-Anti-Virus"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
|
|
next
|
|
edit "Sophos-Enpoint-Secuirty-and-Control-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
|
|
next
|
|
edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
|
|
next
|
|
edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
|
|
next
|
|
edit "Trend-Micro-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
|
|
next
|
|
edit "Trend-Micro-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
|
|
next
|
|
edit "Trend-Micro-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
|
|
next
|
|
edit "Trend-Micro-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
|
|
next
|
|
edit "ZoneAlarm-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
|
|
next
|
|
edit "ZoneAlarm-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
|
|
next
|
|
edit "ZoneAlarm-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
|
|
next
|
|
edit "ZoneAlarm-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
|
|
next
|
|
edit "ESET-Smart-Security-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
|
|
next
|
|
edit "ESET-Smart-Security-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
|
|
next
|
|
end
|
|
config vpn ssl web portal
|
|
edit "full-access"
|
|
set tunnel-mode enable
|
|
set ipv6-tunnel-mode enable
|
|
set web-mode enable
|
|
set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
|
|
set limit-user-logins disable
|
|
set forticlient-download enable
|
|
set ip-mode range
|
|
set auto-connect disable
|
|
set keep-alive disable
|
|
set save-password disable
|
|
set ip-pools "SSLVPN_TUNNEL_ADDR1"
|
|
set split-tunneling enable
|
|
set split-tunneling-routing-negate disable
|
|
set dns-server1 0.0.0.0
|
|
set dns-server2 0.0.0.0
|
|
set dns-suffix ''
|
|
set wins-server1 0.0.0.0
|
|
set wins-server2 0.0.0.0
|
|
set dhcp-ra-giaddr 0.0.0.0
|
|
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
|
|
set ipv6-split-tunneling enable
|
|
set ipv6-split-tunneling-routing-negate disable
|
|
set ipv6-dns-server1 ::
|
|
set ipv6-dns-server2 ::
|
|
set ipv6-wins-server1 ::
|
|
set ipv6-wins-server2 ::
|
|
set dhcp6-ra-linkaddr ::
|
|
set client-src-range disable
|
|
set landing-page-mode disable
|
|
set display-bookmark enable
|
|
set user-bookmark enable
|
|
set default-protocol web
|
|
set user-group-bookmark enable
|
|
set display-connection-tools enable
|
|
set display-history enable
|
|
set focus-bookmark disable
|
|
set display-status enable
|
|
set rewrite-ip-uri-ui disable
|
|
set heading "SSL-VPN Portal"
|
|
set redir-url ''
|
|
set theme security-fabric
|
|
set smb-ntlmv1-auth disable
|
|
set smb-min-version smbv2
|
|
set smb-max-version smbv3
|
|
set use-sdwan disable
|
|
set clipboard enable
|
|
set default-window-width 1024
|
|
set default-window-height 768
|
|
set host-check none
|
|
set mac-addr-check disable
|
|
set os-check disable
|
|
set forticlient-download-method direct
|
|
set customize-forticlient-download-url disable
|
|
set hide-sso-credential enable
|
|
next
|
|
edit "web-access"
|
|
set tunnel-mode disable
|
|
set ipv6-tunnel-mode disable
|
|
set web-mode enable
|
|
set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
|
|
set limit-user-logins disable
|
|
set forticlient-download enable
|
|
set dns-suffix ''
|
|
set landing-page-mode disable
|
|
set display-bookmark enable
|
|
set user-bookmark enable
|
|
set default-protocol web
|
|
set user-group-bookmark enable
|
|
set display-connection-tools enable
|
|
set display-history enable
|
|
set focus-bookmark disable
|
|
set display-status enable
|
|
set rewrite-ip-uri-ui disable
|
|
set heading "SSL-VPN Portal"
|
|
set redir-url ''
|
|
set theme security-fabric
|
|
set smb-ntlmv1-auth disable
|
|
set smb-min-version smbv2
|
|
set smb-max-version smbv3
|
|
set use-sdwan disable
|
|
set clipboard enable
|
|
set default-window-width 1024
|
|
set default-window-height 768
|
|
set forticlient-download-method direct
|
|
set customize-forticlient-download-url disable
|
|
set hide-sso-credential enable
|
|
next
|
|
edit "tunnel-access"
|
|
set tunnel-mode enable
|
|
set ipv6-tunnel-mode enable
|
|
set web-mode disable
|
|
set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
|
|
set limit-user-logins disable
|
|
set forticlient-download enable
|
|
set ip-mode range
|
|
set auto-connect disable
|
|
set keep-alive disable
|
|
set save-password disable
|
|
set ip-pools "SSLVPN_TUNNEL_ADDR1"
|
|
set split-tunneling enable
|
|
set split-tunneling-routing-negate disable
|
|
set dns-server1 0.0.0.0
|
|
set dns-server2 0.0.0.0
|
|
set dns-suffix ''
|
|
set wins-server1 0.0.0.0
|
|
set wins-server2 0.0.0.0
|
|
set dhcp-ra-giaddr 0.0.0.0
|
|
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
|
|
set ipv6-split-tunneling enable
|
|
set ipv6-split-tunneling-routing-negate disable
|
|
set ipv6-dns-server1 ::
|
|
set ipv6-dns-server2 ::
|
|
set ipv6-wins-server1 ::
|
|
set ipv6-wins-server2 ::
|
|
set dhcp6-ra-linkaddr ::
|
|
set client-src-range disable
|
|
set host-check none
|
|
set mac-addr-check disable
|
|
set os-check disable
|
|
set forticlient-download-method direct
|
|
set customize-forticlient-download-url disable
|
|
next
|
|
end
|
|
config vpn ssl settings
|
|
set status enable
|
|
set reqclientcert disable
|
|
set ssl-max-proto-ver tls1-3
|
|
set ssl-min-proto-ver tls1-2
|
|
set banned-cipher SHA1 SHA256 SHA384
|
|
set ciphersuite TLS-AES-128-GCM-SHA256 TLS-AES-256-GCM-SHA384 TLS-CHACHA20-POLY1305-SHA256
|
|
set ssl-insert-empty-fragment enable
|
|
set https-redirect disable
|
|
set x-content-type-options enable
|
|
set ssl-client-renegotiation disable
|
|
set force-two-factor-auth disable
|
|
set servercert "Fortinet_Factory"
|
|
set algorithm high
|
|
set idle-timeout 300
|
|
set auth-timeout 28800
|
|
set login-attempt-limit 2
|
|
set login-block-time 60
|
|
set login-timeout 30
|
|
set dns-suffix ''
|
|
set dns-server1 0.0.0.0
|
|
set dns-server2 0.0.0.0
|
|
set wins-server1 0.0.0.0
|
|
set wins-server2 0.0.0.0
|
|
set ipv6-dns-server1 ::
|
|
set ipv6-dns-server2 ::
|
|
set ipv6-wins-server1 ::
|
|
set ipv6-wins-server2 ::
|
|
set url-obscuration disable
|
|
set http-compression disable
|
|
set http-only-cookie enable
|
|
set port 443
|
|
set port-precedence enable
|
|
set auto-tunnel-static-route enable
|
|
set header-x-forwarded-for add
|
|
set browser-language-detection enable
|
|
set dtls-tunnel enable
|
|
set check-referer disable
|
|
set http-request-header-timeout 20
|
|
set http-request-body-timeout 30
|
|
set auth-session-check-source-ip enable
|
|
set tunnel-connect-without-reauth disable
|
|
set hsts-include-subdomains disable
|
|
set transform-backward-slashes disable
|
|
set encode-2f-sequence disable
|
|
set encrypt-and-store-password disable
|
|
set client-sigalgs all
|
|
set dual-stack-mode disable
|
|
set tunnel-addr-assigned-method first-available
|
|
set saml-redirect-port 8020
|
|
set ztna-trusted-client disable
|
|
set server-hostname ''
|
|
set dtls-hello-timeout 10
|
|
set dtls-heartbeat-idle-timeout 3
|
|
set dtls-heartbeat-interval 3
|
|
set dtls-heartbeat-fail-count 3
|
|
set dtls-max-proto-ver dtls1-2
|
|
set dtls-min-proto-ver dtls1-0
|
|
end
|
|
config vpn ssl web user-group-bookmark
|
|
end
|
|
config vpn ssl web user-bookmark
|
|
end
|
|
config vpn ssl client
|
|
end
|
|
config voip profile
|
|
edit "default"
|
|
set comment "Default VoIP profile."
|
|
config sip
|
|
set status enable
|
|
set rtp enable
|
|
set nat-port-range 5117-65533
|
|
set open-register-pinhole enable
|
|
set open-contact-pinhole enable
|
|
set strict-register enable
|
|
set register-rate 0
|
|
set invite-rate 0
|
|
set max-dialogs 0
|
|
set max-line-length 998
|
|
set block-long-lines enable
|
|
set block-unknown enable
|
|
set call-keepalive 0
|
|
set block-ack disable
|
|
set block-bye disable
|
|
set block-cancel disable
|
|
set block-info disable
|
|
set block-invite disable
|
|
set block-message disable
|
|
set block-notify disable
|
|
set block-options disable
|
|
set block-prack disable
|
|
set block-publish disable
|
|
set block-refer disable
|
|
set block-register disable
|
|
set block-subscribe disable
|
|
set block-update disable
|
|
set register-contact-trace disable
|
|
set open-via-pinhole disable
|
|
set open-record-route-pinhole enable
|
|
set rfc2543-branch disable
|
|
set log-violations disable
|
|
set log-call-summary enable
|
|
set nat-trace enable
|
|
set subscribe-rate 0
|
|
set message-rate 0
|
|
set notify-rate 0
|
|
set refer-rate 0
|
|
set update-rate 0
|
|
set options-rate 0
|
|
set ack-rate 0
|
|
set prack-rate 0
|
|
set info-rate 0
|
|
set publish-rate 0
|
|
set bye-rate 0
|
|
set cancel-rate 0
|
|
set preserve-override disable
|
|
set no-sdp-fixup disable
|
|
set contact-fixup enable
|
|
set max-idle-dialogs 0
|
|
set block-geo-red-options disable
|
|
set hosted-nat-traversal disable
|
|
set hnt-restrict-source-ip disable
|
|
set max-body-length 0
|
|
set unknown-header pass
|
|
set malformed-request-line pass
|
|
set malformed-header-via pass
|
|
set malformed-header-from pass
|
|
set malformed-header-to pass
|
|
set malformed-header-call-id pass
|
|
set malformed-header-cseq pass
|
|
set malformed-header-rack pass
|
|
set malformed-header-rseq pass
|
|
set malformed-header-contact pass
|
|
set malformed-header-record-route pass
|
|
set malformed-header-route pass
|
|
set malformed-header-expires pass
|
|
set malformed-header-content-type pass
|
|
set malformed-header-content-length pass
|
|
set malformed-header-max-forwards pass
|
|
set malformed-header-allow pass
|
|
set malformed-header-p-asserted-identity pass
|
|
set malformed-header-sdp-v pass
|
|
set malformed-header-sdp-o pass
|
|
set malformed-header-sdp-s pass
|
|
set malformed-header-sdp-i pass
|
|
set malformed-header-sdp-c pass
|
|
set malformed-header-sdp-b pass
|
|
set malformed-header-sdp-z pass
|
|
set malformed-header-sdp-k pass
|
|
set malformed-header-sdp-a pass
|
|
set malformed-header-sdp-t pass
|
|
set malformed-header-sdp-r pass
|
|
set malformed-header-sdp-m pass
|
|
set provisional-invite-expiry-time 210
|
|
set ips-rtp enable
|
|
set ssl-mode off
|
|
end
|
|
config sccp
|
|
set status enable
|
|
set block-mcast disable
|
|
set verify-header disable
|
|
set log-call-summary disable
|
|
set log-violations disable
|
|
set max-calls 0
|
|
end
|
|
next
|
|
edit "strict"
|
|
set feature-set voipd
|
|
set comment ''
|
|
config sip
|
|
set status enable
|
|
set rtp enable
|
|
set nat-port-range 5117-65533
|
|
set open-register-pinhole enable
|
|
set open-contact-pinhole enable
|
|
set strict-register enable
|
|
set register-rate 0
|
|
set invite-rate 0
|
|
set max-dialogs 0
|
|
set max-line-length 998
|
|
set block-long-lines enable
|
|
set block-unknown enable
|
|
set call-keepalive 0
|
|
set block-ack disable
|
|
set block-bye disable
|
|
set block-cancel disable
|
|
set block-info disable
|
|
set block-invite disable
|
|
set block-message disable
|
|
set block-notify disable
|
|
set block-options disable
|
|
set block-prack disable
|
|
set block-publish disable
|
|
set block-refer disable
|
|
set block-register disable
|
|
set block-subscribe disable
|
|
set block-update disable
|
|
set register-contact-trace disable
|
|
set open-via-pinhole disable
|
|
set open-record-route-pinhole enable
|
|
set rfc2543-branch disable
|
|
set log-violations disable
|
|
set log-call-summary enable
|
|
set nat-trace enable
|
|
set subscribe-rate 0
|
|
set message-rate 0
|
|
set notify-rate 0
|
|
set refer-rate 0
|
|
set update-rate 0
|
|
set options-rate 0
|
|
set ack-rate 0
|
|
set prack-rate 0
|
|
set info-rate 0
|
|
set publish-rate 0
|
|
set bye-rate 0
|
|
set cancel-rate 0
|
|
set preserve-override disable
|
|
set no-sdp-fixup disable
|
|
set contact-fixup enable
|
|
set max-idle-dialogs 0
|
|
set block-geo-red-options disable
|
|
set hosted-nat-traversal disable
|
|
set hnt-restrict-source-ip disable
|
|
set max-body-length 0
|
|
set unknown-header pass
|
|
set malformed-request-line discard
|
|
set malformed-header-via discard
|
|
set malformed-header-from discard
|
|
set malformed-header-to discard
|
|
set malformed-header-call-id discard
|
|
set malformed-header-cseq discard
|
|
set malformed-header-rack discard
|
|
set malformed-header-rseq discard
|
|
set malformed-header-contact discard
|
|
set malformed-header-record-route discard
|
|
set malformed-header-route discard
|
|
set malformed-header-expires discard
|
|
set malformed-header-content-type discard
|
|
set malformed-header-content-length discard
|
|
set malformed-header-max-forwards discard
|
|
set malformed-header-allow discard
|
|
set malformed-header-p-asserted-identity discard
|
|
set malformed-header-sdp-v discard
|
|
set malformed-header-sdp-o discard
|
|
set malformed-header-sdp-s discard
|
|
set malformed-header-sdp-i discard
|
|
set malformed-header-sdp-c discard
|
|
set malformed-header-sdp-b discard
|
|
set malformed-header-sdp-z discard
|
|
set malformed-header-sdp-k discard
|
|
set malformed-header-sdp-a discard
|
|
set malformed-header-sdp-t discard
|
|
set malformed-header-sdp-r discard
|
|
set malformed-header-sdp-m discard
|
|
set provisional-invite-expiry-time 210
|
|
set ips-rtp enable
|
|
set ssl-mode off
|
|
end
|
|
config sccp
|
|
set status enable
|
|
set block-mcast disable
|
|
set verify-header disable
|
|
set log-call-summary disable
|
|
set log-violations disable
|
|
set max-calls 0
|
|
end
|
|
next
|
|
end
|
|
config system sdwan
|
|
set status disable
|
|
set load-balance-mode source-ip-based
|
|
set speedtest-bypass-routing disable
|
|
set duplication-max-num 2
|
|
set neighbor-hold-down disable
|
|
set neighbor-hold-down-time 0
|
|
set app-perf-log-period 0
|
|
set neighbor-hold-boot-time 0
|
|
set fail-detect disable
|
|
config zone
|
|
edit "virtual-wan-link"
|
|
set advpn-select disable
|
|
set service-sla-tie-break cfg-order
|
|
set minimum-sla-meet-members 1
|
|
next
|
|
end
|
|
config health-check
|
|
edit "Default_DNS"
|
|
set probe-packets enable
|
|
set addr-mode ipv4
|
|
set system-dns enable
|
|
set detect-mode active
|
|
set ha-priority 1
|
|
set dns-request-domain "www.example.com"
|
|
set dns-match-ip 0.0.0.0
|
|
set interval 1000
|
|
set probe-timeout 1000
|
|
set failtime 5
|
|
set recoverytime 10
|
|
set probe-count 30
|
|
set diffservcode 000000
|
|
set update-cascade-interface enable
|
|
set update-static-route enable
|
|
set embed-measured-health disable
|
|
set sla-id-redistribute 0
|
|
set sla-fail-log-period 0
|
|
set sla-pass-log-period 0
|
|
set threshold-warning-packetloss 0
|
|
set threshold-alert-packetloss 0
|
|
set threshold-warning-latency 0
|
|
set threshold-alert-latency 0
|
|
set threshold-warning-jitter 0
|
|
set threshold-alert-jitter 0
|
|
set vrf 0
|
|
set source 0.0.0.0
|
|
set mos-codec g711
|
|
unset class-id
|
|
config sla
|
|
edit 1
|
|
set link-cost-factor latency jitter packet-loss
|
|
set latency-threshold 250
|
|
set jitter-threshold 50
|
|
set packetloss-threshold 5
|
|
set priority-in-sla 0
|
|
set priority-out-sla 0
|
|
next
|
|
end
|
|
next
|
|
edit "Default_Office_365"
|
|
set probe-packets enable
|
|
set addr-mode ipv4
|
|
set server "www.office.com"
|
|
set detect-mode active
|
|
set protocol https
|
|
set port 0
|
|
set ha-priority 1
|
|
set http-get "/"
|
|
set http-agent "Chrome/ Safari/"
|
|
set http-match ''
|
|
set interval 120000
|
|
set probe-timeout 1000
|
|
set failtime 5
|
|
set recoverytime 10
|
|
set probe-count 30
|
|
set diffservcode 000000
|
|
set update-cascade-interface enable
|
|
set update-static-route enable
|
|
set embed-measured-health disable
|
|
set sla-id-redistribute 0
|
|
set sla-fail-log-period 0
|
|
set sla-pass-log-period 0
|
|
set threshold-warning-packetloss 0
|
|
set threshold-alert-packetloss 0
|
|
set threshold-warning-latency 0
|
|
set threshold-alert-latency 0
|
|
set threshold-warning-jitter 0
|
|
set threshold-alert-jitter 0
|
|
set vrf 0
|
|
set source 0.0.0.0
|
|
set mos-codec g711
|
|
unset class-id
|
|
config sla
|
|
edit 1
|
|
set link-cost-factor latency jitter packet-loss
|
|
set latency-threshold 250
|
|
set jitter-threshold 50
|
|
set packetloss-threshold 5
|
|
set priority-in-sla 0
|
|
set priority-out-sla 0
|
|
next
|
|
end
|
|
next
|
|
edit "Default_Gmail"
|
|
set probe-packets enable
|
|
set addr-mode ipv4
|
|
set server "gmail.com"
|
|
set detect-mode active
|
|
set protocol ping
|
|
set ha-priority 1
|
|
set interval 1000
|
|
set probe-timeout 1000
|
|
set failtime 5
|
|
set recoverytime 10
|
|
set probe-count 30
|
|
set diffservcode 000000
|
|
set update-cascade-interface enable
|
|
set update-static-route enable
|
|
set embed-measured-health disable
|
|
set sla-id-redistribute 0
|
|
set sla-fail-log-period 0
|
|
set sla-pass-log-period 0
|
|
set threshold-warning-packetloss 0
|
|
set threshold-alert-packetloss 0
|
|
set threshold-warning-latency 0
|
|
set threshold-alert-latency 0
|
|
set threshold-warning-jitter 0
|
|
set threshold-alert-jitter 0
|
|
set vrf 0
|
|
set source 0.0.0.0
|
|
set mos-codec g711
|
|
unset class-id
|
|
config sla
|
|
edit 1
|
|
set link-cost-factor latency jitter packet-loss
|
|
set latency-threshold 250
|
|
set jitter-threshold 50
|
|
set packetloss-threshold 2
|
|
set priority-in-sla 0
|
|
set priority-out-sla 0
|
|
next
|
|
end
|
|
next
|
|
edit "Default_Google Search"
|
|
set probe-packets enable
|
|
set addr-mode ipv4
|
|
set server "www.google.com"
|
|
set detect-mode active
|
|
set protocol https
|
|
set port 0
|
|
set ha-priority 1
|
|
set http-get "/"
|
|
set http-agent "Chrome/ Safari/"
|
|
set http-match ''
|
|
set interval 120000
|
|
set probe-timeout 1000
|
|
set failtime 5
|
|
set recoverytime 10
|
|
set probe-count 30
|
|
set diffservcode 000000
|
|
set update-cascade-interface enable
|
|
set update-static-route enable
|
|
set embed-measured-health disable
|
|
set sla-id-redistribute 0
|
|
set sla-fail-log-period 0
|
|
set sla-pass-log-period 0
|
|
set threshold-warning-packetloss 0
|
|
set threshold-alert-packetloss 0
|
|
set threshold-warning-latency 0
|
|
set threshold-alert-latency 0
|
|
set threshold-warning-jitter 0
|
|
set threshold-alert-jitter 0
|
|
set vrf 0
|
|
set source 0.0.0.0
|
|
set mos-codec g711
|
|
unset class-id
|
|
config sla
|
|
edit 1
|
|
set link-cost-factor latency jitter packet-loss
|
|
set latency-threshold 250
|
|
set jitter-threshold 50
|
|
set packetloss-threshold 5
|
|
set priority-in-sla 0
|
|
set priority-out-sla 0
|
|
next
|
|
end
|
|
next
|
|
edit "Default_FortiGuard"
|
|
set probe-packets enable
|
|
set addr-mode ipv4
|
|
set server "fortiguard.com"
|
|
set detect-mode active
|
|
set protocol https
|
|
set port 0
|
|
set ha-priority 1
|
|
set http-get "/"
|
|
set http-agent "Chrome/ Safari/"
|
|
set http-match ''
|
|
set interval 120000
|
|
set probe-timeout 1000
|
|
set failtime 5
|
|
set recoverytime 10
|
|
set probe-count 30
|
|
set diffservcode 000000
|
|
set update-cascade-interface enable
|
|
set update-static-route enable
|
|
set embed-measured-health disable
|
|
set sla-id-redistribute 0
|
|
set sla-fail-log-period 0
|
|
set sla-pass-log-period 0
|
|
set threshold-warning-packetloss 0
|
|
set threshold-alert-packetloss 0
|
|
set threshold-warning-latency 0
|
|
set threshold-alert-latency 0
|
|
set threshold-warning-jitter 0
|
|
set threshold-alert-jitter 0
|
|
set vrf 0
|
|
set source 0.0.0.0
|
|
set mos-codec g711
|
|
unset class-id
|
|
config sla
|
|
edit 1
|
|
set link-cost-factor latency jitter packet-loss
|
|
set latency-threshold 250
|
|
set jitter-threshold 50
|
|
set packetloss-threshold 5
|
|
set priority-in-sla 0
|
|
set priority-out-sla 0
|
|
next
|
|
end
|
|
next
|
|
end
|
|
end
|
|
config vpn ipsec fec
|
|
end
|
|
config vpn kmip-server
|
|
end
|
|
config vpn ipsec phase1
|
|
end
|
|
config vpn ipsec phase2
|
|
end
|
|
config vpn ipsec manualkey
|
|
end
|
|
config vpn ipsec concentrator
|
|
end
|
|
config vpn ipsec phase1-interface
|
|
end
|
|
config vpn ipsec phase2-interface
|
|
end
|
|
config vpn ipsec manualkey-interface
|
|
end
|
|
config vpn pptp
|
|
set status disable
|
|
end
|
|
config vpn l2tp
|
|
set status disable
|
|
set lcp-max-echo-fails 3
|
|
set hello-interval 60
|
|
end
|
|
config vpn ipsec forticlient
|
|
end
|
|
config system evpn
|
|
end
|
|
config dnsfilter domain-filter
|
|
end
|
|
config dnsfilter profile
|
|
edit "default"
|
|
set comment "Default dns filtering."
|
|
config domain-filter
|
|
unset domain-filter-table
|
|
end
|
|
config ftgd-dns
|
|
unset options
|
|
config filters
|
|
edit 1
|
|
set category 2
|
|
set action monitor
|
|
next
|
|
edit 2
|
|
set category 7
|
|
set action monitor
|
|
next
|
|
edit 3
|
|
set category 8
|
|
set action monitor
|
|
next
|
|
edit 4
|
|
set category 9
|
|
set action monitor
|
|
next
|
|
edit 5
|
|
set category 11
|
|
set action monitor
|
|
next
|
|
edit 6
|
|
set category 12
|
|
set action monitor
|
|
next
|
|
edit 7
|
|
set category 13
|
|
set action monitor
|
|
next
|
|
edit 8
|
|
set category 14
|
|
set action monitor
|
|
next
|
|
edit 9
|
|
set category 15
|
|
set action monitor
|
|
next
|
|
edit 10
|
|
set category 16
|
|
set action monitor
|
|
next
|
|
edit 11
|
|
set category 0
|
|
set action monitor
|
|
next
|
|
edit 12
|
|
set category 57
|
|
set action monitor
|
|
next
|
|
edit 13
|
|
set category 63
|
|
set action monitor
|
|
next
|
|
edit 14
|
|
set category 64
|
|
set action monitor
|
|
next
|
|
edit 15
|
|
set category 65
|
|
set action monitor
|
|
next
|
|
edit 16
|
|
set category 66
|
|
set action monitor
|
|
next
|
|
edit 17
|
|
set category 67
|
|
set action monitor
|
|
next
|
|
edit 18
|
|
set category 26
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 19
|
|
set category 61
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 20
|
|
set category 86
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 21
|
|
set category 88
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 22
|
|
set category 90
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 23
|
|
set category 91
|
|
set action block
|
|
set log enable
|
|
next
|
|
end
|
|
end
|
|
set log-all-domain disable
|
|
set sdns-ftgd-err-log enable
|
|
set sdns-domain-log enable
|
|
set block-action redirect
|
|
set block-botnet enable
|
|
set safe-search disable
|
|
set strip-ech enable
|
|
set redirect-portal 0.0.0.0
|
|
set redirect-portal6 ::
|
|
next
|
|
end
|
|
config system gre-tunnel
|
|
end
|
|
config system ipsec-aggregate
|
|
end
|
|
config system ipip-tunnel
|
|
end
|
|
config system mobile-tunnel
|
|
end
|
|
config system pppoe-interface
|
|
end
|
|
config system vxlan
|
|
end
|
|
config system geneve
|
|
end
|
|
config system virtual-wire-pair
|
|
end
|
|
config system dns-database
|
|
end
|
|
config system dns-server
|
|
end
|
|
config log custom-field
|
|
end
|
|
config antivirus settings
|
|
set machine-learning-detection enable
|
|
set use-extreme-db disable
|
|
set grayware enable
|
|
set override-timeout 0
|
|
set cache-infected-result enable
|
|
end
|
|
config antivirus quarantine
|
|
set agelimit 0
|
|
set maxfilesize 0
|
|
set quarantine-quota 0
|
|
unset drop-infected
|
|
set store-infected imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
|
|
unset drop-machine-learning
|
|
set store-machine-learning imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
|
|
set lowspace ovrw-old
|
|
set destination disk
|
|
end
|
|
config antivirus exempt-list
|
|
end
|
|
config ssh-filter profile
|
|
end
|
|
config antivirus profile
|
|
edit "g-default"
|
|
set comment "Scan files and block viruses."
|
|
set replacemsg-group ''
|
|
set feature-set flow
|
|
set mobile-malware-db enable
|
|
config http
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config ftp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config imap
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config pop3
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config smtp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config nntp
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config cifs
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config nac-quar
|
|
set infected none
|
|
set log disable
|
|
end
|
|
set outbreak-prevention-archive-scan disable
|
|
set external-blocklist-enable-all enable
|
|
set ems-threat-feed disable
|
|
set av-virus-log enable
|
|
set extended-log disable
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "Scan files and monitor viruses."
|
|
set replacemsg-group ''
|
|
set feature-set flow
|
|
set mobile-malware-db enable
|
|
config http
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config ftp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config imap
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config pop3
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config smtp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config nntp
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config cifs
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config nac-quar
|
|
set infected none
|
|
set log disable
|
|
end
|
|
set outbreak-prevention-archive-scan disable
|
|
set external-blocklist-enable-all enable
|
|
set ems-threat-feed disable
|
|
set av-virus-log enable
|
|
set extended-log disable
|
|
next
|
|
edit "g-wifi-default"
|
|
set comment "Default configuration for offloading WiFi traffic."
|
|
set replacemsg-group ''
|
|
set feature-set flow
|
|
set mobile-malware-db enable
|
|
config http
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config ftp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config imap
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config pop3
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config smtp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config nntp
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config cifs
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config nac-quar
|
|
set infected none
|
|
set log disable
|
|
end
|
|
set outbreak-prevention-archive-scan disable
|
|
set external-blocklist-enable-all enable
|
|
set ems-threat-feed disable
|
|
set av-virus-log enable
|
|
set extended-log disable
|
|
next
|
|
end
|
|
config file-filter profile
|
|
edit "g-default"
|
|
set comment "File type inspection."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
set log enable
|
|
set extended-log disable
|
|
set scan-archive-contents enable
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "File type inspection."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
set log enable
|
|
set extended-log disable
|
|
set scan-archive-contents enable
|
|
next
|
|
end
|
|
config webfilter profile
|
|
edit "g-default"
|
|
set comment "Default web filtering."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
unset options
|
|
set https-replacemsg enable
|
|
set web-flow-log-encoding utf-8
|
|
unset ovrd-perm
|
|
set post-action normal
|
|
config override
|
|
set ovrd-cookie deny
|
|
set ovrd-scope user
|
|
set profile-type list
|
|
set ovrd-dur-mode constant
|
|
set ovrd-dur 15m
|
|
end
|
|
config web
|
|
set bword-threshold 10
|
|
set blocklist disable
|
|
unset allowlist
|
|
unset safe-search
|
|
end
|
|
config ftgd-wf
|
|
unset options
|
|
unset ovrd
|
|
config filters
|
|
edit 1
|
|
set category 0
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 2
|
|
set category 2
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 3
|
|
set category 7
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 4
|
|
set category 8
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 5
|
|
set category 9
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 6
|
|
set category 11
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 7
|
|
set category 12
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 8
|
|
set category 13
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 9
|
|
set category 14
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 10
|
|
set category 15
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 11
|
|
set category 16
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 12
|
|
set category 26
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 13
|
|
set category 57
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 14
|
|
set category 61
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 15
|
|
set category 63
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 16
|
|
set category 64
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 17
|
|
set category 65
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 18
|
|
set category 66
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 19
|
|
set category 67
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 20
|
|
set category 86
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 21
|
|
set category 88
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 22
|
|
set category 90
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 23
|
|
set category 91
|
|
set action block
|
|
set log enable
|
|
next
|
|
end
|
|
set rate-javascript-urls enable
|
|
set rate-css-urls enable
|
|
set rate-crl-urls enable
|
|
end
|
|
set wisp disable
|
|
set log-all-url disable
|
|
set web-content-log enable
|
|
set web-filter-command-block-log enable
|
|
set web-filter-cookie-log enable
|
|
set web-url-log enable
|
|
set web-invalid-domain-log enable
|
|
set web-ftgd-err-log enable
|
|
set extended-log disable
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "Monitor web traffic."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
unset options
|
|
set https-replacemsg enable
|
|
set web-flow-log-encoding utf-8
|
|
unset ovrd-perm
|
|
set post-action normal
|
|
config override
|
|
set ovrd-cookie deny
|
|
set ovrd-scope user
|
|
set profile-type list
|
|
set ovrd-dur-mode constant
|
|
set ovrd-dur 15m
|
|
end
|
|
config web
|
|
set bword-threshold 10
|
|
set blocklist disable
|
|
unset allowlist
|
|
unset safe-search
|
|
end
|
|
config ftgd-wf
|
|
set options ftgd-disable
|
|
unset ovrd
|
|
config filters
|
|
edit 1
|
|
set category 0
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 2
|
|
set category 1
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 3
|
|
set category 2
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 4
|
|
set category 3
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 5
|
|
set category 4
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 6
|
|
set category 5
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 7
|
|
set category 6
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 8
|
|
set category 7
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 9
|
|
set category 8
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 10
|
|
set category 9
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 11
|
|
set category 11
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 12
|
|
set category 12
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 13
|
|
set category 13
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 14
|
|
set category 14
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 15
|
|
set category 15
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 16
|
|
set category 16
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 17
|
|
set category 17
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 18
|
|
set category 18
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 19
|
|
set category 19
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 20
|
|
set category 20
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 21
|
|
set category 23
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 22
|
|
set category 24
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 23
|
|
set category 25
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 24
|
|
set category 26
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 25
|
|
set category 28
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 26
|
|
set category 29
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 27
|
|
set category 30
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 28
|
|
set category 31
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 29
|
|
set category 33
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 30
|
|
set category 34
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 31
|
|
set category 35
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 32
|
|
set category 36
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 33
|
|
set category 37
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 34
|
|
set category 38
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 35
|
|
set category 39
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 36
|
|
set category 40
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 37
|
|
set category 41
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 38
|
|
set category 42
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 39
|
|
set category 43
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 40
|
|
set category 44
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 41
|
|
set category 46
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 42
|
|
set category 47
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 43
|
|
set category 48
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 44
|
|
set category 49
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 45
|
|
set category 50
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 46
|
|
set category 51
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 47
|
|
set category 52
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 48
|
|
set category 53
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 49
|
|
set category 54
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 50
|
|
set category 55
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 51
|
|
set category 56
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 52
|
|
set category 57
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 53
|
|
set category 58
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 54
|
|
set category 59
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 55
|
|
set category 61
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 56
|
|
set category 62
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 57
|
|
set category 63
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 58
|
|
set category 64
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 59
|
|
set category 65
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 60
|
|
set category 66
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 61
|
|
set category 67
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 62
|
|
set category 68
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 63
|
|
set category 69
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 64
|
|
set category 70
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 65
|
|
set category 71
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 66
|
|
set category 72
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 67
|
|
set category 75
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 68
|
|
set category 76
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 69
|
|
set category 77
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 70
|
|
set category 78
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 71
|
|
set category 79
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 72
|
|
set category 80
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 73
|
|
set category 81
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 74
|
|
set category 82
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 75
|
|
set category 83
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 76
|
|
set category 84
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 77
|
|
set category 85
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 78
|
|
set category 86
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 79
|
|
set category 87
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 80
|
|
set category 88
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 81
|
|
set category 89
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 82
|
|
set category 90
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 83
|
|
set category 91
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 84
|
|
set category 92
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 85
|
|
set category 93
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 86
|
|
set category 94
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 87
|
|
set category 95
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
end
|
|
set rate-javascript-urls enable
|
|
set rate-css-urls enable
|
|
set rate-crl-urls enable
|
|
end
|
|
set wisp disable
|
|
set log-all-url disable
|
|
set web-content-log enable
|
|
set web-filter-command-block-log enable
|
|
set web-filter-cookie-log enable
|
|
set web-url-log enable
|
|
set web-invalid-domain-log enable
|
|
set web-ftgd-err-log enable
|
|
set extended-log disable
|
|
next
|
|
edit "g-wifi-default"
|
|
set comment "Default configuration for offloading WiFi traffic."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
set options block-invalid-url
|
|
set https-replacemsg enable
|
|
set web-flow-log-encoding utf-8
|
|
unset ovrd-perm
|
|
set post-action normal
|
|
config override
|
|
set ovrd-cookie deny
|
|
set ovrd-scope user
|
|
set profile-type list
|
|
set ovrd-dur-mode constant
|
|
set ovrd-dur 15m
|
|
end
|
|
config web
|
|
set bword-threshold 10
|
|
set blocklist disable
|
|
unset allowlist
|
|
unset safe-search
|
|
end
|
|
config ftgd-wf
|
|
unset options
|
|
unset ovrd
|
|
config filters
|
|
edit 1
|
|
set category 0
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 2
|
|
set category 2
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 3
|
|
set category 7
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 4
|
|
set category 8
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 5
|
|
set category 9
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 6
|
|
set category 11
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 7
|
|
set category 12
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 8
|
|
set category 13
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 9
|
|
set category 14
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 10
|
|
set category 15
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 11
|
|
set category 16
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 12
|
|
set category 26
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 13
|
|
set category 57
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 14
|
|
set category 61
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 15
|
|
set category 63
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 16
|
|
set category 64
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 17
|
|
set category 65
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 18
|
|
set category 66
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 19
|
|
set category 67
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 20
|
|
set category 86
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 21
|
|
set category 88
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 22
|
|
set category 90
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 23
|
|
set category 91
|
|
set action block
|
|
set log enable
|
|
next
|
|
end
|
|
set rate-javascript-urls enable
|
|
set rate-css-urls enable
|
|
set rate-crl-urls enable
|
|
end
|
|
set wisp disable
|
|
set log-all-url disable
|
|
set web-content-log enable
|
|
set web-filter-command-block-log enable
|
|
set web-filter-cookie-log enable
|
|
set web-url-log enable
|
|
set web-invalid-domain-log enable
|
|
set web-ftgd-err-log enable
|
|
set extended-log disable
|
|
next
|
|
end
|
|
config webfilter override
|
|
end
|
|
config webfilter ftgd-local-rating
|
|
end
|
|
config webfilter search-engine
|
|
edit "g-baidu"
|
|
set hostname ".*\\.baidu\\.com"
|
|
set url "^\\/s?\\?"
|
|
set query "wd="
|
|
set safesearch disable
|
|
next
|
|
edit "g-baidu2"
|
|
set hostname ".*\\.baidu\\.com"
|
|
set url "^\\/(ns|q|m|i|v)\\?"
|
|
set query "word="
|
|
set safesearch disable
|
|
next
|
|
edit "g-baidu3"
|
|
set hostname "tieba\\.baidu\\.com"
|
|
set url "^\\/f\\?"
|
|
set query "kw="
|
|
set safesearch disable
|
|
next
|
|
edit "g-bing"
|
|
set hostname ".*\\.bing\\..*"
|
|
set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
|
|
set query "q="
|
|
set safesearch header
|
|
next
|
|
edit "g-google"
|
|
set hostname ".*\\.google\\..*"
|
|
set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
|
|
set query "q="
|
|
set safesearch url
|
|
set safesearch-str "&safe=active"
|
|
next
|
|
edit "g-google-translate-1"
|
|
set hostname "translate\\.google\\..*"
|
|
set url "^\\/translate"
|
|
set query "u="
|
|
set safesearch translate
|
|
set safesearch-str "regex::(?:\\?|&)u=([^&]+)::\\1"
|
|
next
|
|
edit "g-google-translate-2"
|
|
set hostname ".*\\.translate\\.goog"
|
|
set url "^\\/"
|
|
set query ''
|
|
set safesearch translate
|
|
set safesearch-str "case::google-translate"
|
|
next
|
|
edit "g-twitter"
|
|
set hostname "twitter\\.com"
|
|
set url "^\\/i\\/api\\/graphql\\/.*\\/UserByScreenName"
|
|
set query "variables="
|
|
set safesearch translate
|
|
set safesearch-str "regex::%22screen_name%22:%22([A-Za-z0-9_]{4,15})%22::twitter.com/\\1"
|
|
next
|
|
edit "g-vimeo"
|
|
set hostname ".*vimeo.*"
|
|
set url "^\\/search\\?"
|
|
set query "q="
|
|
set safesearch header
|
|
next
|
|
edit "g-yahoo"
|
|
set hostname ".*\\.yahoo\\..*"
|
|
set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
|
|
set query "p="
|
|
set safesearch url
|
|
set safesearch-str "&vm=r"
|
|
next
|
|
edit "g-yandex"
|
|
set hostname "yandex\\..*"
|
|
set url "^\\/((|yand|images\\/|video\\/)(search)|search\\/)\\?"
|
|
set query "text="
|
|
set safesearch url
|
|
set safesearch-str "&family=yes"
|
|
next
|
|
edit "g-youtube"
|
|
set hostname ".*youtube.*"
|
|
set url ''
|
|
set query ''
|
|
set safesearch header
|
|
next
|
|
edit "g-yt-channel"
|
|
set hostname ''
|
|
set url "www.youtube.com/channel"
|
|
set query ''
|
|
set safesearch yt-channel
|
|
next
|
|
edit "g-yt-pattern"
|
|
set hostname ''
|
|
set url "youtube.com/channel/"
|
|
set query ''
|
|
set safesearch yt-pattern
|
|
next
|
|
edit "g-yt-scan-1"
|
|
set hostname ''
|
|
set url "www.youtube.com/user/"
|
|
set query ''
|
|
set safesearch yt-scan
|
|
next
|
|
edit "g-yt-scan-2"
|
|
set hostname ''
|
|
set url "www.youtube.com/youtubei/v1/browse"
|
|
set query ''
|
|
set safesearch yt-scan
|
|
next
|
|
edit "g-yt-scan-3"
|
|
set hostname ''
|
|
set url "www.youtube.com/youtubei/v1/player"
|
|
set query ''
|
|
set safesearch yt-scan
|
|
next
|
|
edit "g-yt-scan-4"
|
|
set hostname ''
|
|
set url "www.youtube.com/youtubei/v1/navigator"
|
|
set query ''
|
|
set safesearch yt-scan
|
|
next
|
|
edit "yt-video"
|
|
set hostname ''
|
|
set url "www.youtube.com/watch"
|
|
set query ''
|
|
set safesearch yt-video
|
|
next
|
|
end
|
|
config emailfilter profile
|
|
edit "default"
|
|
set comment "Malware and phishing URL filtering."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
set spam-log enable
|
|
set spam-filtering disable
|
|
unset options
|
|
config imap
|
|
set log-all disable
|
|
end
|
|
config pop3
|
|
set log-all disable
|
|
end
|
|
config smtp
|
|
set log-all disable
|
|
end
|
|
config msn-hotmail
|
|
set log-all disable
|
|
end
|
|
config gmail
|
|
set log-all disable
|
|
end
|
|
set spam-bword-threshold 10
|
|
unset spam-bword-table
|
|
unset spam-bal-table
|
|
unset spam-mheader-table
|
|
unset spam-iptrust-table
|
|
next
|
|
edit "sniffer-profile"
|
|
set comment "Malware and phishing URL monitoring."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
set spam-log enable
|
|
set spam-filtering disable
|
|
unset options
|
|
config imap
|
|
set log-all disable
|
|
end
|
|
config pop3
|
|
set log-all disable
|
|
end
|
|
config smtp
|
|
set log-all disable
|
|
end
|
|
config msn-hotmail
|
|
set log-all disable
|
|
end
|
|
config gmail
|
|
set log-all disable
|
|
end
|
|
set spam-bword-threshold 10
|
|
unset spam-bword-table
|
|
unset spam-bal-table
|
|
unset spam-mheader-table
|
|
unset spam-iptrust-table
|
|
next
|
|
end
|
|
config virtual-patch profile
|
|
edit "g-default"
|
|
set comment ''
|
|
set severity info low medium high critical
|
|
set action block
|
|
set log enable
|
|
next
|
|
end
|
|
config wanopt settings
|
|
set host-id "default-id"
|
|
set tunnel-ssl-algorithm high
|
|
set auto-detect-algorithm simple
|
|
set tunnel-optimization balanced
|
|
end
|
|
config wanopt peer
|
|
end
|
|
config wanopt auth-group
|
|
end
|
|
config wanopt profile
|
|
edit "default"
|
|
set transparent enable
|
|
set comments "Default WANopt profile."
|
|
set auth-group ''
|
|
config http
|
|
set status disable
|
|
set secure-tunnel disable
|
|
set byte-caching enable
|
|
set ssl disable
|
|
set prefer-chunking fix
|
|
set protocol-opt protocol
|
|
set tunnel-sharing private
|
|
end
|
|
config cifs
|
|
set status disable
|
|
set secure-tunnel disable
|
|
set byte-caching enable
|
|
set prefer-chunking fix
|
|
set protocol-opt protocol
|
|
set tunnel-sharing private
|
|
end
|
|
config mapi
|
|
set status disable
|
|
set secure-tunnel disable
|
|
set byte-caching enable
|
|
set tunnel-sharing private
|
|
end
|
|
config ftp
|
|
set status disable
|
|
set secure-tunnel disable
|
|
set byte-caching enable
|
|
set prefer-chunking fix
|
|
set protocol-opt protocol
|
|
set tunnel-sharing private
|
|
end
|
|
config tcp
|
|
set status disable
|
|
end
|
|
next
|
|
end
|
|
config system speed-test-server
|
|
end
|
|
config log memory setting
|
|
set status enable
|
|
end
|
|
config log disk setting
|
|
set status disable
|
|
end
|
|
config log eventfilter
|
|
set event enable
|
|
set system enable
|
|
set vpn enable
|
|
set user enable
|
|
set router enable
|
|
set wireless-activity enable
|
|
set wan-opt enable
|
|
set endpoint enable
|
|
set ha enable
|
|
set security-rating enable
|
|
set fortiextender enable
|
|
set connector enable
|
|
set sdwan enable
|
|
set cifs enable
|
|
set switch-controller enable
|
|
set webproxy enable
|
|
end
|
|
config log memory filter
|
|
set severity information
|
|
set forward-traffic enable
|
|
set local-traffic enable
|
|
set multicast-traffic enable
|
|
set sniffer-traffic enable
|
|
set ztna-traffic enable
|
|
set anomaly enable
|
|
set voip enable
|
|
set gtp enable
|
|
set forti-switch enable
|
|
end
|
|
config log disk filter
|
|
set severity information
|
|
set forward-traffic enable
|
|
set local-traffic enable
|
|
set multicast-traffic enable
|
|
set sniffer-traffic enable
|
|
set ztna-traffic enable
|
|
set anomaly enable
|
|
set voip enable
|
|
set dlp-archive enable
|
|
set gtp enable
|
|
set forti-switch enable
|
|
end
|
|
config log fortiguard override-setting
|
|
set override disable
|
|
set access-config enable
|
|
end
|
|
config log tacacs+accounting setting
|
|
set status disable
|
|
set source-ip ''
|
|
set interface-select-method auto
|
|
end
|
|
config log tacacs+accounting2 setting
|
|
set status disable
|
|
set source-ip ''
|
|
set interface-select-method auto
|
|
end
|
|
config log tacacs+accounting3 setting
|
|
set status disable
|
|
set source-ip ''
|
|
set interface-select-method auto
|
|
end
|
|
config log tacacs+accounting filter
|
|
set login-audit enable
|
|
set config-change-audit enable
|
|
set cli-cmd-audit disable
|
|
end
|
|
config log tacacs+accounting2 filter
|
|
set login-audit enable
|
|
set config-change-audit enable
|
|
set cli-cmd-audit disable
|
|
end
|
|
config log tacacs+accounting3 filter
|
|
set login-audit enable
|
|
set config-change-audit enable
|
|
set cli-cmd-audit disable
|
|
end
|
|
config log null-device setting
|
|
set status disable
|
|
end
|
|
config log null-device filter
|
|
set severity information
|
|
set forward-traffic enable
|
|
set local-traffic enable
|
|
set multicast-traffic enable
|
|
set sniffer-traffic enable
|
|
set ztna-traffic enable
|
|
set anomaly enable
|
|
set voip enable
|
|
set gtp enable
|
|
set forti-switch enable
|
|
end
|
|
config log setting
|
|
set resolve-ip disable
|
|
set resolve-port enable
|
|
set log-user-in-upper disable
|
|
set fwpolicy-implicit-log disable
|
|
set fwpolicy6-implicit-log disable
|
|
set extended-log disable
|
|
set local-in-allow disable
|
|
set local-in-deny-unicast disable
|
|
set local-in-deny-broadcast disable
|
|
set local-out enable
|
|
set local-out-ioc-detection enable
|
|
set neighbor-event disable
|
|
set brief-traffic-format disable
|
|
set user-anonymize disable
|
|
set fortiview-weekly-data disable
|
|
set expolicy-implicit-log disable
|
|
set log-policy-comment disable
|
|
set faz-override disable
|
|
set syslog-override disable
|
|
set rest-api-set disable
|
|
set rest-api-get disable
|
|
set rest-api-performance disable
|
|
set long-live-session-stat enable
|
|
end
|
|
config log gui-display
|
|
set resolve-hosts enable
|
|
set resolve-apps enable
|
|
set fortiview-unscanned-apps disable
|
|
end
|
|
config system lldp network-policy
|
|
end
|
|
config system pcp-server
|
|
set status disable
|
|
end
|
|
config firewall schedule onetime
|
|
end
|
|
config firewall schedule recurring
|
|
edit "always"
|
|
set start 00:00
|
|
set end 00:00
|
|
set day sunday monday tuesday wednesday thursday friday saturday
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "none"
|
|
set start 00:00
|
|
set end 00:00
|
|
set day none
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "default-darrp-optimize"
|
|
set start 01:00
|
|
set end 01:30
|
|
set day sunday monday tuesday wednesday thursday friday saturday
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
end
|
|
config firewall schedule group
|
|
end
|
|
config firewall ippool
|
|
edit "Outside_Pool"
|
|
set type overload
|
|
set startip 198.36.24.240
|
|
set endip 198.36.24.241
|
|
set arp-reply enable
|
|
set arp-intf ''
|
|
set associated-interface ''
|
|
set comments ''
|
|
set nat64 disable
|
|
next
|
|
end
|
|
config firewall ippool6
|
|
end
|
|
config firewall ldb-monitor
|
|
end
|
|
config firewall vip
|
|
edit "VIP_Webosphere"
|
|
set id 0
|
|
set uuid cee90f74-9fbd-51ec-8812-57713fdf5603
|
|
set comment ''
|
|
set type static-nat
|
|
set extip 198.36.24.16
|
|
config quic
|
|
set max-idle-timeout 30000
|
|
set max-udp-payload-size 1500
|
|
set active-connection-id-limit 2
|
|
set ack-delay-exponent 3
|
|
set max-ack-delay 25
|
|
set max-datagram-frame-size 1500
|
|
set active-migration disable
|
|
set grease-quic-bit enable
|
|
end
|
|
set nat44 enable
|
|
set nat46 disable
|
|
set mappedip "10.1.48.117"
|
|
set extintf "port10"
|
|
set arp-reply enable
|
|
set nat-source-vip disable
|
|
set portforward disable
|
|
set gratuitous-arp-interval 0
|
|
set ssl-client-rekey-count 0
|
|
set color 0
|
|
next
|
|
end
|
|
config firewall vip6
|
|
end
|
|
config firewall vipgrp
|
|
end
|
|
config firewall vipgrp6
|
|
end
|
|
config firewall ssh local-key
|
|
edit "g-Fortinet_SSH_DSA1024"
|
|
set password ENC h061pu4PmNWZ+FrLsp3BHB4vTBdo+9lXQpZgd2+1kL4fp6UIy4B1yVUtLLQ6qln0MntTW4XCBLDklLfZMukwxIUZf9jP15KB690WWt+p/vJ93c99MI2ASRtKBUAURetmr/x2b1n3+BjqpsMzF4WglJ35lce3f/mJHpDaqh1bi4g+Kg7MW6Qvd/iDQCrGkDaXGYWT+FlmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCV7DL5b6
|
|
cQ4DFxLFfd9NBXAAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDho
|
|
KqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTq
|
|
a7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq
|
|
7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXk
|
|
jxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFR
|
|
XsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEe
|
|
P+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5
|
|
lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11G
|
|
wlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQAAAHgUeQzjFiceCe8Mfak
|
|
H97NypLIabuKsuXWYdK/YowIdC9ZVR0k2T28Zv+c3zNpLJfnm5pZnO4aX3VX98d5NlYarc
|
|
CuGS/xMjwxVuTo/FoJ5Pv3EUIvAO8i9JYPs+FGNkYQlbAQ+duxXUKVjGLBSID8zxQx/cz/
|
|
PAR1iwLkbXdJdO+NCgj81YIiwGG8YtSHHR0hYzf+Trb04p9sDwZWcBLBWEHDv7WW7ZH4t5
|
|
D8uGkNAlivP8VIdSYxtpMcGa52+LADwGh9/4nezEvcHRLogwc2pEQRGCNKdayXWBuYiplY
|
|
Yddz734+NQHkmyTZZ8UuoINM8fCfu8nu8MKGA0w1aFyBJMAMoHQMsPRdUNr9Jv/JeZcfht
|
|
N9cXibpgIzxC+DvnxUASnKbF+s5ry0L9KQWmZukfm9W4UMoBadgLRF7GwK0bgasacWiP+w
|
|
UPDXc5woeJgBWw2qOaC0Fq4tpoUndCni0IHrKwihZb0lqMBK1wTWSdXX1PDvAgD/dluttR
|
|
hoLJzECgbAT8hK6UYoCHbAFl854ZSCYbZE3ZqknMWMPrAx67VQkcfkoI+7vL4G60NdKPJ3
|
|
l9v1llo/eMY8StltYorKalr7PHu8cM1dpkvpfHTMJn1Ox78QXmbLP2kK57ChPm3s
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDhoKqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTqa7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXkjxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFRXsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEeP+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11GwlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQ="
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_ECDSA256"
|
|
set password ENC H3aaQF4g9Yxtrk+ShYS3e/fWBvOsIkUKN6llymZTBXKlv9P/znEtCVT6hnmKfcTc441sdXbSVcuzqelEg292kJ+t0cDtHMQXTipOqdygkiVjwtp7RDOPrAWOKIzmGTza66qzGua+13SrXYHaJ0cDMqrCFEthNxY3HXoHzxtq5M+rHDZwO+CtU159mBdo6Oaq/z+xNFlmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDWswKzHl
|
|
aPj5eXaLmQWZXVAAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
|
|
dHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvK
|
|
y7MHqF8ARHi1glc6RSoarryTUQuCIAAACg4SS+EPsp+ZqCTFN7GvtH9z9bU4OTN6G1Bfdv
|
|
vrru+xqPzixqYvUAvgqwvNnrtkq6NVCx5QANnxBGdnJNrUckZTw6f6KBUoVKF78fRBMYWe
|
|
JsOBJ1uJujShmxSiEGSyFYcXhCCq8Fy9goi1VpuAn3EXi8ymij6j+iqlU9+kIsbNTuZqd8
|
|
zolTGUvO8QIuzpzl2VK47Y8KnDwmXaEhwYPbPA==
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvKy7MHqF8ARHi1glc6RSoarryTUQuCI="
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_ECDSA384"
|
|
set password ENC 9JQ3Nh3B6tWpxYJ5Ejs08DtMbqLk1bc4ZbS9HeYQR/sSy2fWOTPKJIMy7cyZ1RHOCzTu8rCrgeqZLKEkyhavOeT3wXmRJi+8SfLHTy9SI6SJtfpyj8EW4XBjxvNXixKSM/Iqv3z6H6T7M4ekJ2GAX60Uh4xbtEL6AQmtqq3g6JIrneNeyl0wfaieD1KVXadMR5wZTVlmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDbSYBuM2
|
|
11IfFhYCRE5sRQAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
|
|
dHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMj
|
|
U5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXx
|
|
dgAAANCGkPrVLVn6hc/M4lCGoZ1nFz57gA+8Kzl0cAXL4UAJHZPOuNI6C137KbjNlxsGQc
|
|
YwFFKpDU23zcQyWbUkqydmggO+czct9o3kAU6WVK3RlGs9lhI6eeT7Z2FBRm0DISCXgi3c
|
|
JETaHXDDeMYB5WWDuNut2ex/qtWiv93xxm9JBgv113GdAYaD1+s1wsFWQgq40gOVFtLpJT
|
|
7ck+uCjfgkvj0u0EHgSCHCl/FYin5tH2mAS9yz1kKW2EsUzufEBU9roWaBgUuZszrWsX7T
|
|
Uzjs
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMjU5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXxdg=="
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_ECDSA521"
|
|
set password ENC CNFnlaXzJ3Rgr0infSmVkmmCwb0hd9iNBqN3kDNXV517sSVfh8B026JKWoM2wSf4EEVkOEdopTezDqN0DrwYWkhe+NcO+cMpA2juxk9gKXo1xfgXT2Cs+87s/liXY24mffmZJWmAPtbU59ABIRlsYfKK9+G6GfzXeV6RfPs0bL1a/yUUEpo9bLkwi39sSt94VqrSg1lmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBDVO8Ujp
|
|
OpeKLIgEatpDJnAAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
|
|
dHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdF
|
|
t5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+K
|
|
HPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RAAAAQCJDmDSUGShG163fq
|
|
XABvww6uZX6RKPV0hve3T9e8VwFWeqjKegGTEP3q4bhXErJ20Ur1oqyQh1a2rf95VXHkoL
|
|
W9dGf9c09ifXDYVHMtUto1M0S2T+szFRr0fnAtLsvmeUM5GUlB07Kin+VKmycHZiB1bF0z
|
|
vIKMBi3KLMXtAUevSvKyruI7YiKqD4CwSvULU73zoziGh0jhUNVpzBdK9pNZHdUMVtxTrX
|
|
a9gu13ZGVvPGyrRuDsvQMks6L7KIIKF0W0vRBY6AOvy3A2GNrLrdkHj2jy8fzcyZwWkt+b
|
|
azdh/FrGRZTDTro6CDeF92cjGixeU26B2se812bLw/U2It
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdFt5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+KHPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RA=="
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_ED25519"
|
|
set password ENC cj25agOsyL52uBzdm9wd+tUbiCfbQXJMIdIwHl72U5xOZnwJ067QExscgy/VUA+Aezp115c5unDjka9e51bJE11NDufDvfjTkMdvXQou/Bmn79f0x5Tlso4JwjdUIO6LUyg4WxMBIbT9bXRdFUzgaGugXrh5cDPRjqsAFYDG21Xyd2xBFvl2ngI/KxzHTDTXVneIhllmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAg8FF7ts
|
|
9O5tOD/3vfMgwHAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd
|
|
3JUEAvHnugjOGiXz5Puxg/8YfanOAAAAkBccPI9Dq/7BCMcTVUE9z4ybcOVMlI+53gfr+g
|
|
p67zVLKHPX96XSk/XQBKLjKJ6PSLl9UuEE4MP40LjlSH6U7DlQc3+Kbw8ijV0SbLgH3tV3
|
|
8sXLY4Q3xZCI9VROo82lN2NZfSBk90A5+SahMizkr/M25+OjcLWgkxmzz1t08sjfIt4ZsH
|
|
60nNsm7lppl/WZJw==
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd3JUEAvHnugjOGiXz5Puxg/8YfanO"
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_RSA2048"
|
|
set password ENC e8rVnYgLCZaF3OIBJYhAmXJcj9PHtpIfDglV3Z25AFqzYt2m3Oj2UFWz08b1UMiPjgtVhwBz/+emmw3nPWnZQhuUiscvCT9JR0BylCRGPPNNcWc75v8qsC3bbHMLNap2UU4HypmUX/81RZxiZxMiHmq4eGm7Lfi2sqLg0fs44MehGKJOI1j1hutsxljUn77qPzdU4FlmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBV/6oGox
|
|
s8r2NeX1aYozX/AAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhh
|
|
Q5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7
|
|
A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GK
|
|
hFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvC
|
|
HA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8z
|
|
OSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0vAAADwNY1Gj3rHBwaak
|
|
/XfAz6YK3kX+fEHOOzWTndUjw6DIoxsTMHZmi/LcesSRkvPMRyaNxuTO55as3pObXZGFqa
|
|
ZmMttSroXyNIiF8AdUCMkA1AZZqpD+S2FURxgLgVQdLFW4auM8wl6Ci55LGqnQYXDiJWSX
|
|
0yBEc1MuHmN0TH4JEW0kGAeWD8i5rCCD8i4J6thxMbtOBqBB5WDPcrBQHetw8cKWU5F2ee
|
|
2+SjVLKhoct25Uija7lsPAX3NXnTwfz9NK2j0jGZ34PVbUmfxfoV0ubBi76SasjBwfQ8DO
|
|
TV/buWY9I98HSV8271/HAW1WOSQ61XfgymKUQkeVH1Ybv4tz8wp9Kkzp+bX1tFtN1dSCwj
|
|
S4MpJKYsFLaFB2nlPiupaLtGk1bn4nKrlVQYfT679oo3vUKTfYcHPr6SDILBaM+EKL2AjU
|
|
2OEA6TlHZ4gZeo3gUgfg1Jgzt2OgG5SO79nlkRGvR1Gylc3XzaEMiN3WWhVqKy9V0ldPgO
|
|
kv3M+jlt2rJkmt4QtfASQftQKeVb7oiGNM0UM1hJnwVEGUCMpg53mcfjQ9hkB0fUYAVLz9
|
|
dgANa82ULxHi0HVGpfbqVBI6NdFJmw57bJoJljCfJQ+Wq5nRHkUawuuNXj7MOeGUBdxNug
|
|
qQ2sC9brktnF0TamT3WH8aRGC8B5Z1IQceoKlGHYLOnEDHUHtnQQACA1TD3XPeHHuy0U+x
|
|
5vMPAOX/ZR2DsFpvqF2FaRL17kMAoCxwzPUsjFq/Y5yu1My3f3XZjcXYa4Mg1MTqxnnzK8
|
|
QvKUbdmihaGyR/RWCfVsscE0IOZz3ETeGEGhEqJ5eGWeuAPZqki6I27JYLKkoZUQ8i8j/n
|
|
damYMauMsFEsJtg89urRF6KkH0NtrcXQYr4fPHYY0W/xMQkUesyarBh2n91D6RWYCt7Blp
|
|
7Yr15Ycc8cQ19ahNxCaQVZOH6/mkfJGVRWKJfhf1BtKD/ORoatbRflHde11dysy8BF1FxM
|
|
ZLnC2S2UcJxIDNP4tmSsSnpbfAGghSzNkAx3ibJ1ch+TkK61a3gCqW023qlT85bS21yii6
|
|
cBvcEA5qk37bJFMFD1/aazPMOrro0pI10i0ptssTEEpS310O9GHdUbM5djJEEb60pWQQK2
|
|
43G5JtJz1n5WCXacVPCq7otkhEQ+xf3Y8AXs54FGrgBrDC4FZsQLWgT49oLr8B6scDGRee
|
|
F3L1d65Jd4v0i2w7DFGKZBoZB5VvZpbgnwcQN41iWGdJp5c9/sEZd65vw9dFGIU+ql2lTl
|
|
5aoiXWbA==
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhhQ5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GKhFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvCHA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8zOSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0v"
|
|
set source built-in
|
|
next
|
|
end
|
|
config firewall ssh local-ca
|
|
edit "g-Fortinet_SSH_CA"
|
|
set password ENC IBHrwhuoDSSwQh5liHSJragfo2FRl0XVKGAUN/qDjXbSRLawAzz6ombst+c0H4sZ++a/aa62XBEJEl7oZk9HgMSLSizqokkV3jLMqoQ77fCht7T+q2dJrxRCU69evcq/OwupEGq6/+wUbafZbZ/cgqbhyJ/lyPWi8i6r9pA+29N51N+mOYBngTv1jtgK33D7wychoVlmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAZX89z8D
|
|
GkPICCVmUOqFHzAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAAC
|
|
NC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+U
|
|
ZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGP
|
|
E/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7A
|
|
TB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIa
|
|
Mk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9AAADwGnQQNm4H/LBQ9
|
|
Gr4hdGE5Aat0klop3XgTQRD8Z1YDr9ukmYdLJQF6o1f+eIAl8S2C+pgU8gPHWhJyGohG3A
|
|
SzK82bz602VrHPrDQoWS3judXppJ+A1NTxtwXXM7KmxZJyfxBkaTkgIljysEGbvJuGivGF
|
|
NU8kAwZBAgeK0JiuaI4DqQGoe0mYcaZmdHiXkD+5csUDGya5aJjlo75sbbP4A+f4SisAjp
|
|
J0myeXeb6XO1ihGbuVOk5bPWD00LPmYf/5ANCAyA2J/Df/5E4gdhpQc8aLAYf5kQLBiGgw
|
|
/Y4TGBWuMIgKtTxPku0mHZb3AZbKNfli6yT0nJguouUhI1rfkqHJOW4XlkESr8F9uEtZlm
|
|
POVsoCIGehjvUInBe7r40nQAb04LZ6GmWqZHX40fupFU4La4522c1o28r1qgu9h6mxq68i
|
|
wYIfaOxRQR0xKoHLV9UjcX7MDo2lMOl31hBL6wbm/SuvoOfbr3x5Ouf0aw1GA71IFMSfHn
|
|
coDAW3V7kF1ejFCFEkddzj/0zpZUXf+blCQPG5UIWmb4qjKCsrrzLHUyx/G3d0UHpTK0Ih
|
|
FZgzYUn5kX6ImlsHwOptqtoJYPeqVHZ+kK7pSSgz0M4IEmdBC1ABtaXe3uvl6KhkFlymFu
|
|
yrbWSCtyW227l3jwcQj3ZRosp2mqB37VZSvEhw9QQbfgfv7f0a5Jnhgbct5L4f66HhZfhU
|
|
Eb/L42SC4TkxPrl0ZSQ/UPOXSQUlHOGCIiVQT164rlGNDnOc7WrwtuZ+CpgrjdrRglCrsX
|
|
r4eOf/MjSGbXEjShqg2F+C75s90/ogXAB2q0Cyv1ykbB7c3ljmwtvC8P5XKhzdA2tV5YL9
|
|
4nLkzs3yQhQzszVGBtFonAGlVqz45evYGUpGULc7YUaUb5lJ52ypstknwJGxtHVzhCoppU
|
|
Jhuki0jbsOpoCOVHoVTpmShxdW62tStFEWTffSHQKJglOGXV65nb5REuZadBBI+BGEPv1N
|
|
lxICgxDdjH1nQle6g++odOcIGx3yxYCpCPnRXpO0iTmqMBC0MB+om7fx2fJLcDMrPmBflK
|
|
nBvGLdD0yxYnUzJieKyYkRmR2U+yVdLaqKA/Tk2l6W3ZYDqtnxjMsEGjFUyhF64KdRia6R
|
|
mCM9FbLZJ/F/CboBk/l1xk+yHK50bt5r8eUTbo82Sd5IzveQ57C0bR446AlW9hQuFHquZu
|
|
wbZ+sz590wvdYXi/AfdljEKuXrHEYncXYrYLtasQ0BQHAcE/hQBHSFrkI9qVicXRlCPaXP
|
|
pqdp+YAw==
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAACNC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+UZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGPE/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7ATB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIaMk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9"
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_CA_Untrusted"
|
|
set password ENC cB7+LiRoIjALqMKVb5mSKtY8py4ZWnF/FRyLopX1eAose/Mlv+1H5jiTfbRqPLBroiEvH16jRzLM30l3n/mUC+gOqD0zoYEpq2g8hKh+QasVjKMsSOpmCmjUR1HMMlsBYL1ZNgTSHWQHpEmUD7W3WckoZQEQxWuf7rEr523141tlvHCl/IOQ6yqAjDJrfJWKZpwiGllmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCQTdPzMa
|
|
0vRUCkbWP2fbZGAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9
|
|
RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lE
|
|
ZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eU
|
|
iw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFG
|
|
Xi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mv
|
|
NVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZlAAADwMYPhQ4qitkI6G
|
|
hq4Dfuzz6gmftmbuxj565Fztt4KA8I0LZ9ySrt4LtLdmQVOcQJ2SfmnA+1DtL4c9bEOLSx
|
|
zsEg1ooHPkruFcj2eJr2flQKYbLZLAe6Xn81wIO3qIPuAT0Fpb5vm9gzX8rirXNnHbo6sy
|
|
QXikdWDawL4rlqpRaecBKzcTSatgIz1OIv3TPm4JoJrObH10a8C3JEB/Y5f+/2P3fyi/PB
|
|
FVYl8VXiiNzzZhsJgFH64H8s2oK3ktD8of3u7zAmIj1NwT4f/81QY5I5Tiq2vsWJwv3yen
|
|
pRGf+dDVt1QMuSOF7RBPY6nFe9pr4OTeamO6mQ0DTFyssEd5yp5I+Omwzge+1WJuf9ldP2
|
|
wZRLoaNWNSVS6zUFtaNTFP8PKzRnWRl46dwS8R1hBcfMEtx+84TFKtgc71tH0/xDkHVboc
|
|
KVwPGbzyO6ESjNNaXJDdF/U4KEKYGa6kCSBU+fdg+2aKzr6yEM9rB27BBaqXa6Nxgc0oTK
|
|
w9BqZe23dP3wUmdX+HWkWXcHb+LHB2Z08h/fqgV91zJ9SM9bRGf6jh+sPL6Ifjcv1ymeRs
|
|
9uAbP/qDh+cRcF0/hKByY/zqnROlEgxSxGqakDLtEVDuKmG9eK2RjEBrHrLtdQJC7AbTMu
|
|
t6HUNp/9Cpwm5TB/jDb0etscB+h15FHGlXhsnXiDzDC2eUxpOELQCXWIbh8ONlRGl1ZmW2
|
|
rAMRWlAKxKwwUaNjJOxK4bqWkAFZG+9m9jYJKi4a1vOCgGNLsubLVY8WMMEAb3abbRgWaU
|
|
WIKp6PJR4ZSZTYuh9aJ3OneEy1DB9zURTV8cgh9UrALDwGT2GdjTHzKCFL+1UivpQ/gsSY
|
|
EeMdNmsLvxUSzmWF6btw/F8iX0tjflRkkHlicHvqe031yH9AEYpaHhSTg4wpLf7l4rvZRP
|
|
2/D/qL+ME91UAdG8vxGiIW+Urd9lCYD1+y013zRKBt9miPBzzX62LX9JXUvghfXPRacUXM
|
|
WgHjUBzcvKxUYeevh64FiDlnZ1omvlDlPYsfd67pyr0BWa8UwppdCRKAUYIb/ux2q7Ae5s
|
|
0hcVtBwKEvf/YLi8jdVWEYQKQLBaMj0hMLgNcZA8YVNUySpHe8bzm7FlmeSvPQD9t6Cpie
|
|
2jorGg+aR5MODJGKXIvAoLQ/IInwUS2NgwP+/vh74Tp5ryWTUE+svsrpQo6i8qZKCisngW
|
|
tvmxChpPCh54mbqvYlKAVs4MfO9ZZRV8NqIzU2FlL2STAmjRLMA+sr9HlPbXrXD6Xqf2VS
|
|
att5Ib/Q==
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lEZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eUiw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFGXi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mvNVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZl"
|
|
set source built-in
|
|
next
|
|
end
|
|
config firewall ssh setting
|
|
set caname "g-Fortinet_SSH_CA"
|
|
set untrusted-caname "g-Fortinet_SSH_CA_Untrusted"
|
|
set hostkey-rsa2048 "g-Fortinet_SSH_RSA2048"
|
|
set hostkey-dsa1024 "g-Fortinet_SSH_DSA1024"
|
|
set hostkey-ecdsa256 "g-Fortinet_SSH_ECDSA256"
|
|
set hostkey-ecdsa384 "g-Fortinet_SSH_ECDSA384"
|
|
set hostkey-ecdsa521 "g-Fortinet_SSH_ECDSA521"
|
|
set hostkey-ed25519 "g-Fortinet_SSH_ED25519"
|
|
set host-trusted-checking enable
|
|
end
|
|
config firewall ssh host-key
|
|
end
|
|
config firewall decrypted-traffic-mirror
|
|
end
|
|
config firewall access-proxy-virtual-host
|
|
end
|
|
config firewall access-proxy-ssh-client-cert
|
|
end
|
|
config firewall access-proxy
|
|
end
|
|
config firewall access-proxy6
|
|
end
|
|
config firewall ipmacbinding setting
|
|
set bindthroughfw disable
|
|
set bindtofw disable
|
|
end
|
|
config firewall ipmacbinding table
|
|
end
|
|
config firewall profile-protocol-options
|
|
edit "default"
|
|
set comment "All default services."
|
|
set replacemsg-group ''
|
|
set oversize-log disable
|
|
set switching-protocols-log disable
|
|
config http
|
|
set ports 80
|
|
set status enable
|
|
set inspect-all disable
|
|
set proxy-after-tcp-handshake disable
|
|
unset options
|
|
set comfort-interval 10
|
|
set comfort-amount 1
|
|
set range-block disable
|
|
set strip-x-forwarded-for disable
|
|
unset post-lang
|
|
set streaming-content-bypass enable
|
|
set switching-protocols bypass
|
|
set unknown-http-version reject
|
|
set tunnel-non-http enable
|
|
set h2c disable
|
|
set unknown-content-encoding block
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set stream-based-uncompressed-limit 0
|
|
set scan-bzip2 enable
|
|
set verify-dns-for-policy-matching enable
|
|
set block-page-status-code 403
|
|
set retry-count 0
|
|
set tcp-window-type auto-tuning
|
|
set ssl-offloaded no
|
|
set address-ip-rating enable
|
|
end
|
|
config ftp
|
|
set ports 21
|
|
set status enable
|
|
set inspect-all disable
|
|
set options splice
|
|
set comfort-interval 10
|
|
set comfort-amount 1
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set stream-based-uncompressed-limit 0
|
|
set scan-bzip2 enable
|
|
set tcp-window-type auto-tuning
|
|
set ssl-offloaded no
|
|
set explicit-ftp-tls disable
|
|
end
|
|
config imap
|
|
set ports 143
|
|
set status enable
|
|
set inspect-all disable
|
|
set proxy-after-tcp-handshake disable
|
|
set options fragmail
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set scan-bzip2 enable
|
|
set ssl-offloaded no
|
|
end
|
|
config mapi
|
|
set ports 135
|
|
set status enable
|
|
set options fragmail
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set scan-bzip2 enable
|
|
end
|
|
config pop3
|
|
set ports 110
|
|
set status enable
|
|
set inspect-all disable
|
|
set proxy-after-tcp-handshake disable
|
|
set options fragmail
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set scan-bzip2 enable
|
|
set ssl-offloaded no
|
|
end
|
|
config smtp
|
|
set ports 25
|
|
set status enable
|
|
set inspect-all disable
|
|
set proxy-after-tcp-handshake disable
|
|
set options fragmail splice
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set scan-bzip2 enable
|
|
set server-busy disable
|
|
set ssl-offloaded no
|
|
end
|
|
config nntp
|
|
set ports 119
|
|
set status enable
|
|
set inspect-all disable
|
|
set proxy-after-tcp-handshake disable
|
|
set options splice
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set scan-bzip2 enable
|
|
end
|
|
config ssh
|
|
unset options
|
|
set comfort-interval 10
|
|
set comfort-amount 1
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set stream-based-uncompressed-limit 0
|
|
set scan-bzip2 enable
|
|
set tcp-window-type auto-tuning
|
|
set ssl-offloaded no
|
|
end
|
|
config dns
|
|
set ports 53
|
|
set status enable
|
|
end
|
|
config cifs
|
|
set ports 445
|
|
set status enable
|
|
unset options
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set scan-bzip2 enable
|
|
set tcp-window-type auto-tuning
|
|
set server-credential-type none
|
|
end
|
|
config mail-signature
|
|
set status disable
|
|
set signature ''
|
|
end
|
|
set rpc-over-http disable
|
|
next
|
|
end
|
|
config firewall ssl-ssh-profile
|
|
edit "certificate-inspection"
|
|
set comment "Read-only SSL handshake inspection profile."
|
|
config ssl
|
|
set inspect-all disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
end
|
|
config https
|
|
set ports 443
|
|
set status certificate-inspection
|
|
set quic inspect
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
set sni-server-cert-check enable
|
|
set cert-probe-failure block
|
|
set encrypted-client-hello block
|
|
end
|
|
config ftps
|
|
set status disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config imaps
|
|
set status disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config pop3s
|
|
set status disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config smtps
|
|
set status disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config ssh
|
|
set ports 22
|
|
set status disable
|
|
set inspect-all disable
|
|
set unsupported-version bypass
|
|
set ssh-tun-policy-check disable
|
|
set ssh-algorithm compatible
|
|
end
|
|
config dot
|
|
set status disable
|
|
set quic inspect
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
set block-blocklisted-certificates enable
|
|
set caname "Fortinet_CA_SSL"
|
|
set ssl-anomaly-log enable
|
|
set ssl-negotiation-log enable
|
|
set ssl-server-cert-log disable
|
|
set ssl-handshake-log disable
|
|
next
|
|
edit "deep-inspection"
|
|
set comment "Read-only deep inspection profile."
|
|
config ssl
|
|
set inspect-all disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
end
|
|
config https
|
|
set ports 443
|
|
set status deep-inspection
|
|
set quic inspect
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
set sni-server-cert-check enable
|
|
set cert-probe-failure block
|
|
set min-allowed-ssl-version tls-1.1
|
|
end
|
|
config ftps
|
|
set ports 990
|
|
set status deep-inspection
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
set min-allowed-ssl-version tls-1.1
|
|
end
|
|
config imaps
|
|
set ports 993
|
|
set status deep-inspection
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config pop3s
|
|
set ports 995
|
|
set status deep-inspection
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config smtps
|
|
set ports 465
|
|
set status deep-inspection
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config ssh
|
|
set ports 22
|
|
set status disable
|
|
set inspect-all disable
|
|
set unsupported-version bypass
|
|
set ssh-tun-policy-check disable
|
|
set ssh-algorithm compatible
|
|
end
|
|
config dot
|
|
set status disable
|
|
set quic inspect
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
set allowlist disable
|
|
set block-blocklisted-certificates enable
|
|
config ssl-exempt
|
|
edit 1
|
|
set type fortiguard-category
|
|
set fortiguard-category 31
|
|
next
|
|
edit 2
|
|
set type fortiguard-category
|
|
set fortiguard-category 33
|
|
next
|
|
edit 3
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-adobe"
|
|
next
|
|
edit 4
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-Adobe Login"
|
|
next
|
|
edit 5
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-android"
|
|
next
|
|
edit 6
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-apple"
|
|
next
|
|
edit 7
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-appstore"
|
|
next
|
|
edit 8
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-auth.gfx.ms"
|
|
next
|
|
edit 9
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-citrix"
|
|
next
|
|
edit 10
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-dropbox.com"
|
|
next
|
|
edit 11
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-eease"
|
|
next
|
|
edit 12
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-firefox update server"
|
|
next
|
|
edit 13
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-fortinet"
|
|
next
|
|
edit 14
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-googleapis.com"
|
|
next
|
|
edit 15
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-drive"
|
|
next
|
|
edit 16
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-play2"
|
|
next
|
|
edit 17
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-play3"
|
|
next
|
|
edit 18
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-Gotomeeting"
|
|
next
|
|
edit 19
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-icloud"
|
|
next
|
|
edit 20
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-itunes"
|
|
next
|
|
edit 21
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-microsoft"
|
|
next
|
|
edit 22
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-skype"
|
|
next
|
|
edit 23
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-softwareupdate.vmware.com"
|
|
next
|
|
edit 24
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-verisign"
|
|
next
|
|
edit 25
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-Windows update 2"
|
|
next
|
|
edit 26
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-live.com"
|
|
next
|
|
edit 27
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-play"
|
|
next
|
|
edit 28
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-update.microsoft.com"
|
|
next
|
|
edit 29
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-swscan.apple.com"
|
|
next
|
|
edit 30
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-autoupdate.opera.com"
|
|
next
|
|
edit 31
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-cdn-apple"
|
|
next
|
|
edit 32
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-mzstatic-apple"
|
|
next
|
|
end
|
|
set server-cert-mode re-sign
|
|
set caname "Fortinet_CA_SSL"
|
|
set untrusted-caname "Fortinet_CA_Untrusted"
|
|
set ssl-exemption-ip-rating enable
|
|
set ssl-exemption-log disable
|
|
set ssl-anomaly-log enable
|
|
set ssl-negotiation-log enable
|
|
set ssl-server-cert-log disable
|
|
set ssl-handshake-log disable
|
|
set rpc-over-https disable
|
|
set mapi-over-https disable
|
|
set supported-alpn all
|
|
set use-ssl-server disable
|
|
next
|
|
edit "custom-deep-inspection"
|
|
set comment "Customizable deep inspection profile."
|
|
config ssl
|
|
set inspect-all disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
end
|
|
config https
|
|
set ports 443
|
|
set status deep-inspection
|
|
set quic inspect
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
set sni-server-cert-check enable
|
|
set cert-probe-failure block
|
|
set min-allowed-ssl-version tls-1.1
|
|
end
|
|
config ftps
|
|
set ports 990
|
|
set status deep-inspection
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
set min-allowed-ssl-version tls-1.1
|
|
end
|
|
config imaps
|
|
set ports 993
|
|
set status deep-inspection
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config pop3s
|
|
set ports 995
|
|
set status deep-inspection
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config smtps
|
|
set ports 465
|
|
set status deep-inspection
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config ssh
|
|
set ports 22
|
|
set status disable
|
|
set inspect-all disable
|
|
set unsupported-version bypass
|
|
set ssh-tun-policy-check disable
|
|
set ssh-algorithm compatible
|
|
end
|
|
config dot
|
|
set status disable
|
|
set quic inspect
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
set allowlist disable
|
|
set block-blocklisted-certificates enable
|
|
config ssl-exempt
|
|
edit 1
|
|
set type fortiguard-category
|
|
set fortiguard-category 31
|
|
next
|
|
edit 2
|
|
set type fortiguard-category
|
|
set fortiguard-category 33
|
|
next
|
|
edit 3
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-adobe"
|
|
next
|
|
edit 4
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-Adobe Login"
|
|
next
|
|
edit 5
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-android"
|
|
next
|
|
edit 6
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-apple"
|
|
next
|
|
edit 7
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-appstore"
|
|
next
|
|
edit 8
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-auth.gfx.ms"
|
|
next
|
|
edit 9
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-citrix"
|
|
next
|
|
edit 10
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-dropbox.com"
|
|
next
|
|
edit 11
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-eease"
|
|
next
|
|
edit 12
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-firefox update server"
|
|
next
|
|
edit 13
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-fortinet"
|
|
next
|
|
edit 14
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-googleapis.com"
|
|
next
|
|
edit 15
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-drive"
|
|
next
|
|
edit 16
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-play2"
|
|
next
|
|
edit 17
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-play3"
|
|
next
|
|
edit 18
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-Gotomeeting"
|
|
next
|
|
edit 19
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-icloud"
|
|
next
|
|
edit 20
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-itunes"
|
|
next
|
|
edit 21
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-microsoft"
|
|
next
|
|
edit 22
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-skype"
|
|
next
|
|
edit 23
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-softwareupdate.vmware.com"
|
|
next
|
|
edit 24
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-verisign"
|
|
next
|
|
edit 25
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-Windows update 2"
|
|
next
|
|
edit 26
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-live.com"
|
|
next
|
|
edit 27
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-play"
|
|
next
|
|
edit 28
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-update.microsoft.com"
|
|
next
|
|
edit 29
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-swscan.apple.com"
|
|
next
|
|
edit 30
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-autoupdate.opera.com"
|
|
next
|
|
edit 31
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-cdn-apple"
|
|
next
|
|
edit 32
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-mzstatic-apple"
|
|
next
|
|
end
|
|
set server-cert-mode re-sign
|
|
set caname "Fortinet_CA_SSL"
|
|
set untrusted-caname "Fortinet_CA_Untrusted"
|
|
set ssl-exemption-ip-rating enable
|
|
set ssl-exemption-log disable
|
|
set ssl-anomaly-log enable
|
|
set ssl-negotiation-log enable
|
|
set ssl-server-cert-log disable
|
|
set ssl-handshake-log disable
|
|
set rpc-over-https disable
|
|
set mapi-over-https disable
|
|
set supported-alpn all
|
|
set use-ssl-server disable
|
|
next
|
|
edit "no-inspection"
|
|
set comment "Read-only profile that does no inspection."
|
|
config ssl
|
|
set inspect-all disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
end
|
|
config https
|
|
set status disable
|
|
set quic bypass
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
set sni-server-cert-check enable
|
|
end
|
|
config ftps
|
|
set status disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config imaps
|
|
set status disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config pop3s
|
|
set status disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config smtps
|
|
set status disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config ssh
|
|
set ports 22
|
|
set status disable
|
|
set inspect-all disable
|
|
set unsupported-version bypass
|
|
set ssh-tun-policy-check disable
|
|
set ssh-algorithm compatible
|
|
end
|
|
config dot
|
|
set status disable
|
|
set quic bypass
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
set block-blocklisted-certificates enable
|
|
set caname "Fortinet_CA_SSL"
|
|
set ssl-anomaly-log enable
|
|
set ssl-negotiation-log enable
|
|
set ssl-server-cert-log disable
|
|
set ssl-handshake-log disable
|
|
next
|
|
end
|
|
config waf profile
|
|
edit "default"
|
|
set external disable
|
|
set extended-log disable
|
|
config signature
|
|
config main-class 100000000
|
|
set status disable
|
|
set action block
|
|
set log enable
|
|
set severity high
|
|
end
|
|
config main-class 20000000
|
|
set status disable
|
|
set action allow
|
|
set log enable
|
|
set severity medium
|
|
end
|
|
config main-class 30000000
|
|
set status enable
|
|
set action block
|
|
set log enable
|
|
set severity high
|
|
end
|
|
config main-class 40000000
|
|
set status disable
|
|
set action allow
|
|
set log enable
|
|
set severity medium
|
|
end
|
|
config main-class 50000000
|
|
set status enable
|
|
set action block
|
|
set log enable
|
|
set severity high
|
|
end
|
|
config main-class 60000000
|
|
set status disable
|
|
set action allow
|
|
set log enable
|
|
set severity medium
|
|
end
|
|
config main-class 70000000
|
|
set status enable
|
|
set action block
|
|
set log enable
|
|
set severity high
|
|
end
|
|
config main-class 80000000
|
|
set status enable
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config main-class 110000000
|
|
set status enable
|
|
set action allow
|
|
set log enable
|
|
set severity high
|
|
end
|
|
config main-class 90000000
|
|
set status enable
|
|
set action block
|
|
set log enable
|
|
set severity high
|
|
end
|
|
set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002
|
|
set credit-card-detection-threshold 3
|
|
end
|
|
config constraint
|
|
config header-length
|
|
set status enable
|
|
set length 8192
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config content-length
|
|
set status enable
|
|
set length 67108864
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config param-length
|
|
set status enable
|
|
set length 8192
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config line-length
|
|
set status enable
|
|
set length 1024
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config url-param-length
|
|
set status enable
|
|
set length 8192
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config version
|
|
set status disable
|
|
set action allow
|
|
set log enable
|
|
set severity medium
|
|
end
|
|
config method
|
|
set status disable
|
|
set action block
|
|
set log enable
|
|
set severity medium
|
|
end
|
|
config hostname
|
|
set status disable
|
|
set action block
|
|
set log enable
|
|
set severity medium
|
|
end
|
|
config malformed
|
|
set status disable
|
|
set action allow
|
|
set log enable
|
|
set severity medium
|
|
end
|
|
config max-cookie
|
|
set status enable
|
|
set max-cookie 16
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config max-header-line
|
|
set status enable
|
|
set max-header-line 32
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config max-url-param
|
|
set status enable
|
|
set max-url-param 16
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config max-range-segment
|
|
set status enable
|
|
set max-range-segment 5
|
|
set action allow
|
|
set log enable
|
|
set severity high
|
|
end
|
|
end
|
|
config method
|
|
set status disable
|
|
set log disable
|
|
set severity medium
|
|
unset default-allowed-methods
|
|
end
|
|
config address-list
|
|
set status disable
|
|
set blocked-log disable
|
|
set severity medium
|
|
end
|
|
set comment ''
|
|
next
|
|
end
|
|
config firewall ssl-server
|
|
end
|
|
config casb saas-application
|
|
end
|
|
config casb user-activity
|
|
end
|
|
config casb profile
|
|
edit "default"
|
|
set comment ''
|
|
next
|
|
end
|
|
config firewall profile-group
|
|
end
|
|
config firewall identity-based-route
|
|
end
|
|
config firewall auth-portal
|
|
set portal-addr ''
|
|
set portal-addr6 ''
|
|
set identity-based-route ''
|
|
set proxy-auth disable
|
|
end
|
|
config firewall policy
|
|
edit 3
|
|
set status enable
|
|
set name "Block_Countries_In"
|
|
set uuid d7dbce76-9fbf-51ec-ab77-fee1db8aeb26
|
|
set srcintf "Outside_Zone"
|
|
set dstintf "Inside_Zone"
|
|
set action deny
|
|
set ztna-status disable
|
|
set srcaddr "Geo_Block_Group"
|
|
set dstaddr "all"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set geoip-anycast disable
|
|
set geoip-match physical-location
|
|
set logtraffic disable
|
|
set logtraffic-start disable
|
|
set np-acceleration enable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set match-vip enable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments ''
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set send-deny-packet disable
|
|
next
|
|
edit 4
|
|
set status enable
|
|
set name "Block_Countries_Out"
|
|
set uuid f8b4eb14-9fbf-51ec-ed6e-96e27dc1b1c9
|
|
set srcintf "Inside_Zone"
|
|
set dstintf "Outside_Zone"
|
|
set action deny
|
|
set ztna-status disable
|
|
set srcaddr "all"
|
|
set dstaddr "Geo_Block_Group"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set geoip-anycast disable
|
|
set geoip-match physical-location
|
|
set logtraffic disable
|
|
set logtraffic-start disable
|
|
set np-acceleration enable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set match-vip enable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments ''
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set send-deny-packet disable
|
|
next
|
|
edit 2
|
|
set status enable
|
|
set name "Webosphere"
|
|
set uuid 0d8e5202-9fbe-51ec-0286-714f8e196589
|
|
set srcintf "Outside_Zone"
|
|
set dstintf "Inside_Zone"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "all"
|
|
set dstaddr "VIP_Webosphere"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "HTTP" "HTTPS"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "IPS_Test"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic utm
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments ''
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 1
|
|
set status enable
|
|
set name "Internet_Access"
|
|
set uuid bfdac172-9fbc-51ec-a83b-8104f6e36fd1
|
|
set srcintf "Inside_Zone"
|
|
set dstintf "Outside_Zone"
|
|
set action accept
|
|
set ztna-status disable
|
|
set srcaddr "IPv4-Private-All-RFC1918"
|
|
set dstaddr "all"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "g-default"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic utm
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat enable
|
|
set pcp-outbound disable
|
|
set pcp-inbound disable
|
|
set permit-any-host disable
|
|
set permit-stun-host disable
|
|
set fixedport disable
|
|
set port-preserve enable
|
|
set ippool enable
|
|
set poolname "Outside_Pool"
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments ''
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
end
|
|
config firewall shaping-policy
|
|
end
|
|
config firewall shaping-profile
|
|
end
|
|
config firewall local-in-policy
|
|
end
|
|
config firewall local-in-policy6
|
|
end
|
|
config firewall ttl-policy
|
|
end
|
|
config firewall proxy-policy
|
|
end
|
|
config firewall dnstranslation
|
|
end
|
|
config firewall multicast-policy
|
|
end
|
|
config firewall multicast-policy6
|
|
end
|
|
config firewall interface-policy
|
|
end
|
|
config firewall interface-policy6
|
|
end
|
|
config firewall DoS-policy
|
|
end
|
|
config firewall DoS-policy6
|
|
end
|
|
config firewall sniffer
|
|
end
|
|
config firewall on-demand-sniffer
|
|
end
|
|
config firewall acl
|
|
end
|
|
config firewall acl6
|
|
end
|
|
config firewall central-snat-map
|
|
end
|
|
config firewall ip-translation
|
|
end
|
|
config authentication scheme
|
|
end
|
|
config authentication rule
|
|
end
|
|
config authentication setting
|
|
set active-auth-scheme ''
|
|
set sso-auth-scheme ''
|
|
set update-time 0000-00-00 00:00:00
|
|
set persistent-cookie enable
|
|
set ip-auth-cookie disable
|
|
set cookie-max-age 480
|
|
set cookie-refresh-div 2
|
|
set captive-portal-type fqdn
|
|
set captive-portal ''
|
|
set captive-portal6 ''
|
|
set cert-auth disable
|
|
set captive-portal-port 7830
|
|
set auth-https enable
|
|
set captive-portal-ssl-port 7831
|
|
end
|
|
config system speed-test-schedule
|
|
end
|
|
config switch-controller switch-interface-tag
|
|
end
|
|
config switch-controller 802-1X-settings
|
|
set link-down-auth set-unauth
|
|
set reauth-period 60
|
|
set max-reauth-attempt 3
|
|
set tx-period 30
|
|
set mab-reauth disable
|
|
set mac-username-delimiter hyphen
|
|
set mac-password-delimiter hyphen
|
|
set mac-calling-station-delimiter hyphen
|
|
set mac-called-station-delimiter hyphen
|
|
set mac-case lowercase
|
|
end
|
|
config switch-controller security-policy 802-1X
|
|
edit "802-1X-policy-default"
|
|
set security-mode 802.1X
|
|
set user-group "SSO_Guest_Users"
|
|
set mac-auth-bypass disable
|
|
set open-auth disable
|
|
set eap-passthru enable
|
|
set eap-auto-untagged-vlans enable
|
|
set guest-vlan disable
|
|
set guest-auth-delay 30
|
|
set auth-fail-vlan disable
|
|
set framevid-apply enable
|
|
set radius-timeout-overwrite disable
|
|
set policy-type 802.1X
|
|
set authserver-timeout-vlan disable
|
|
set dacl disable
|
|
next
|
|
end
|
|
config switch-controller security-policy local-access
|
|
edit "default"
|
|
set mgmt-allowaccess https ping ssh
|
|
set internal-allowaccess https ping ssh
|
|
next
|
|
end
|
|
config switch-controller location
|
|
end
|
|
config switch-controller lldp-settings
|
|
set tx-hold 4
|
|
set tx-interval 30
|
|
set fast-start-interval 2
|
|
set management-interface internal
|
|
set device-detection enable
|
|
end
|
|
config switch-controller lldp-profile
|
|
edit "default"
|
|
set med-tlvs inventory-management network-policy location-identification
|
|
unset 802.1-tlvs
|
|
unset 802.3-tlvs
|
|
set auto-isl disable
|
|
config med-network-policy
|
|
edit "voice"
|
|
set status disable
|
|
next
|
|
edit "voice-signaling"
|
|
set status disable
|
|
next
|
|
edit "guest-voice"
|
|
set status disable
|
|
next
|
|
edit "guest-voice-signaling"
|
|
set status disable
|
|
next
|
|
edit "softphone-voice"
|
|
set status disable
|
|
next
|
|
edit "video-conferencing"
|
|
set status disable
|
|
next
|
|
edit "streaming-video"
|
|
set status disable
|
|
next
|
|
edit "video-signaling"
|
|
set status disable
|
|
next
|
|
end
|
|
config med-location-service
|
|
edit "coordinates"
|
|
set status disable
|
|
next
|
|
edit "address-civic"
|
|
set status disable
|
|
next
|
|
edit "elin-number"
|
|
set status disable
|
|
next
|
|
end
|
|
next
|
|
edit "default-auto-isl"
|
|
unset med-tlvs
|
|
unset 802.1-tlvs
|
|
unset 802.3-tlvs
|
|
set auto-isl enable
|
|
set auto-isl-hello-timer 3
|
|
set auto-isl-receive-timeout 60
|
|
set auto-isl-port-group 0
|
|
set auto-mclag-icl disable
|
|
set auto-isl-auth legacy
|
|
next
|
|
edit "default-auto-mclag-icl"
|
|
unset med-tlvs
|
|
unset 802.1-tlvs
|
|
unset 802.3-tlvs
|
|
set auto-isl enable
|
|
set auto-isl-hello-timer 3
|
|
set auto-isl-receive-timeout 60
|
|
set auto-isl-port-group 0
|
|
set auto-mclag-icl enable
|
|
set auto-isl-auth legacy
|
|
next
|
|
end
|
|
config switch-controller qos dot1p-map
|
|
edit "voice-dot1p"
|
|
set description ''
|
|
set egress-pri-tagging disable
|
|
set priority-0 queue-4
|
|
set priority-1 queue-4
|
|
set priority-2 queue-3
|
|
set priority-3 queue-2
|
|
set priority-4 queue-3
|
|
set priority-5 queue-1
|
|
set priority-6 queue-2
|
|
set priority-7 queue-2
|
|
next
|
|
end
|
|
config switch-controller qos ip-dscp-map
|
|
edit "voice-dscp"
|
|
set description ''
|
|
config map
|
|
edit "1"
|
|
set cos-queue 1
|
|
set value 46
|
|
next
|
|
edit "2"
|
|
set cos-queue 2
|
|
set value 24,26,48,56
|
|
next
|
|
edit "5"
|
|
set cos-queue 3
|
|
set value 34
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config switch-controller qos queue-policy
|
|
edit "default"
|
|
set schedule round-robin
|
|
set rate-by kbps
|
|
config cos-queue
|
|
edit "queue-0"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-1"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-2"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-3"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-4"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-5"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-6"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-7"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
end
|
|
next
|
|
edit "voice-egress"
|
|
set schedule weighted
|
|
set rate-by kbps
|
|
config cos-queue
|
|
edit "queue-0"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-1"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 0
|
|
next
|
|
edit "queue-2"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 6
|
|
next
|
|
edit "queue-3"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 37
|
|
next
|
|
edit "queue-4"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 12
|
|
next
|
|
edit "queue-5"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-6"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-7"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config switch-controller qos qos-policy
|
|
edit "default"
|
|
set default-cos 0
|
|
set trust-dot1p-map ''
|
|
set trust-ip-dscp-map ''
|
|
set queue-policy "default"
|
|
next
|
|
edit "voice-qos"
|
|
set default-cos 0
|
|
set trust-dot1p-map "voice-dot1p"
|
|
set trust-ip-dscp-map "voice-dscp"
|
|
set queue-policy "voice-egress"
|
|
next
|
|
end
|
|
config switch-controller storm-control-policy
|
|
edit "default"
|
|
set description "default storm control on all port"
|
|
set storm-control-mode global
|
|
next
|
|
edit "auto-config"
|
|
set description "storm control policy for fortilink-isl-icl port"
|
|
set storm-control-mode disabled
|
|
next
|
|
end
|
|
config switch-controller auto-config policy
|
|
edit "pse"
|
|
set qos-policy "default"
|
|
set storm-control-policy "auto-config"
|
|
set poe-status enable
|
|
set igmp-flood-report disable
|
|
set igmp-flood-traffic disable
|
|
next
|
|
edit "default"
|
|
set qos-policy "default"
|
|
set storm-control-policy "auto-config"
|
|
set poe-status enable
|
|
set igmp-flood-report disable
|
|
set igmp-flood-traffic disable
|
|
next
|
|
edit "default-icl"
|
|
set qos-policy "default"
|
|
set storm-control-policy "auto-config"
|
|
set poe-status disable
|
|
set igmp-flood-report enable
|
|
set igmp-flood-traffic enable
|
|
next
|
|
end
|
|
config switch-controller auto-config default
|
|
set fgt-policy "default"
|
|
set isl-policy "default"
|
|
set icl-policy "default-icl"
|
|
end
|
|
config switch-controller auto-config custom
|
|
end
|
|
config switch-controller initial-config template
|
|
edit "_default"
|
|
set vlanid 1
|
|
unset allowaccess
|
|
set dhcp-server disable
|
|
next
|
|
edit "quarantine"
|
|
set vlanid 4093
|
|
unset allowaccess
|
|
set auto-ip enable
|
|
set dhcp-server enable
|
|
next
|
|
edit "rspan"
|
|
set vlanid 4092
|
|
unset allowaccess
|
|
set auto-ip enable
|
|
set dhcp-server enable
|
|
next
|
|
edit "voice"
|
|
set vlanid 4091
|
|
unset allowaccess
|
|
set dhcp-server disable
|
|
next
|
|
edit "video"
|
|
set vlanid 4090
|
|
unset allowaccess
|
|
set dhcp-server disable
|
|
next
|
|
edit "onboarding"
|
|
set vlanid 4089
|
|
unset allowaccess
|
|
set dhcp-server disable
|
|
next
|
|
edit "nac_segment"
|
|
set vlanid 4088
|
|
unset allowaccess
|
|
set auto-ip enable
|
|
set dhcp-server enable
|
|
next
|
|
end
|
|
config switch-controller initial-config vlans
|
|
set default-vlan "_default"
|
|
set quarantine "quarantine"
|
|
set rspan "rspan"
|
|
set voice "voice"
|
|
set video "video"
|
|
set nac "onboarding"
|
|
set nac-segment "nac_segment"
|
|
end
|
|
config switch-controller switch-profile
|
|
edit "default"
|
|
set login-passwd-override disable
|
|
set login enable
|
|
set revision-backup-on-logout disable
|
|
set revision-backup-on-upgrade disable
|
|
next
|
|
end
|
|
config switch-controller custom-command
|
|
end
|
|
config switch-controller virtual-port-pool
|
|
end
|
|
config switch-controller ptp profile
|
|
edit "default"
|
|
set description ''
|
|
set mode transparent-e2e
|
|
next
|
|
end
|
|
config switch-controller ptp interface-policy
|
|
edit "default"
|
|
set description ''
|
|
set vlan ''
|
|
set vlan-pri 4
|
|
next
|
|
end
|
|
config switch-controller vlan-policy
|
|
end
|
|
config switch-controller acl ingress
|
|
end
|
|
config switch-controller acl group
|
|
end
|
|
config switch-controller dynamic-port-policy
|
|
end
|
|
config switch-controller managed-switch
|
|
end
|
|
config switch-controller switch-group
|
|
end
|
|
config switch-controller stp-settings
|
|
set name ''
|
|
set revision 0
|
|
set hello-time 2
|
|
set forward-time 15
|
|
set max-age 20
|
|
set max-hops 20
|
|
end
|
|
config switch-controller stp-instance
|
|
end
|
|
config switch-controller storm-control
|
|
set rate 500
|
|
set unknown-unicast disable
|
|
set unknown-multicast disable
|
|
set broadcast disable
|
|
end
|
|
config switch-controller global
|
|
set mac-aging-interval 300
|
|
set https-image-push enable
|
|
set vlan-optimization enable
|
|
set vlan-identity name
|
|
set mac-retention-period 24
|
|
set default-virtual-switch-vlan ''
|
|
set dhcp-server-access-list disable
|
|
set dhcp-option82-format ascii
|
|
set dhcp-option82-circuit-id intfname vlan mode
|
|
set dhcp-option82-remote-id mac
|
|
set dhcp-snoop-client-req drop-untrusted
|
|
set dhcp-snoop-client-db-exp 86400
|
|
set dhcp-snoop-db-per-port-learn-limit 64
|
|
set log-mac-limit-violations disable
|
|
set sn-dns-resolution enable
|
|
set mac-event-logging disable
|
|
set bounce-quarantined-link disable
|
|
set quarantine-mode by-vlan
|
|
set update-user-device mac-cache lldp dhcp-snooping l2-db l3-db
|
|
set fips-enforce enable
|
|
set firmware-provision-on-authorization disable
|
|
set switch-on-deauth no-op
|
|
end
|
|
config switch-controller switch-log
|
|
set status enable
|
|
set severity notification
|
|
end
|
|
config switch-controller igmp-snooping
|
|
set aging-time 300
|
|
set flood-unknown-multicast disable
|
|
set query-interval 125
|
|
end
|
|
config switch-controller sflow
|
|
set collector-ip 0.0.0.0
|
|
set collector-port 6343
|
|
end
|
|
config switch-controller network-monitor-settings
|
|
set network-monitoring disable
|
|
end
|
|
config switch-controller flow-tracking
|
|
set sample-mode perimeter
|
|
set sample-rate 512
|
|
set format netflow9
|
|
set level ip
|
|
set max-export-pkt-size 512
|
|
set template-export-period 5
|
|
set timeout-general 3600
|
|
set timeout-icmp 300
|
|
set timeout-max 604800
|
|
set timeout-tcp 3600
|
|
set timeout-tcp-fin 300
|
|
set timeout-tcp-rst 120
|
|
set timeout-udp 300
|
|
end
|
|
config switch-controller snmp-sysinfo
|
|
set status disable
|
|
set engine-id ''
|
|
set description ''
|
|
set contact-info ''
|
|
set location ''
|
|
end
|
|
config switch-controller snmp-trap-threshold
|
|
set trap-high-cpu-threshold 80
|
|
set trap-low-memory-threshold 80
|
|
set trap-log-full-threshold 90
|
|
end
|
|
config switch-controller snmp-community
|
|
end
|
|
config switch-controller snmp-user
|
|
end
|
|
config switch-controller traffic-sniffer
|
|
set mode erspan-auto
|
|
set erspan-ip 0.0.0.0
|
|
end
|
|
config switch-controller remote-log
|
|
edit "syslogd"
|
|
set status disable
|
|
next
|
|
edit "syslogd2"
|
|
set status disable
|
|
next
|
|
end
|
|
config switch-controller mac-policy
|
|
end
|
|
config wireless-controller setting
|
|
set account-id ''
|
|
set country US
|
|
set duplicate-ssid disable
|
|
set fapc-compatibility disable
|
|
set wfa-compatibility disable
|
|
set phishing-ssid-detect enable
|
|
set fake-ssid-action log
|
|
set device-weight 1
|
|
set device-holdoff 5
|
|
set device-idle 1440
|
|
set firmware-provision-on-authorization disable
|
|
set rolling-wtp-upgrade disable
|
|
set darrp-optimize 86400
|
|
set darrp-optimize-schedules "default-darrp-optimize"
|
|
end
|
|
config wireless-controller log
|
|
set status enable
|
|
set addrgrp-log notification
|
|
set ble-log notification
|
|
set clb-log notification
|
|
set dhcp-starv-log notification
|
|
set led-sched-log notification
|
|
set radio-event-log notification
|
|
set rogue-event-log notification
|
|
set sta-event-log notification
|
|
set sta-locate-log notification
|
|
set wids-log notification
|
|
set wtp-event-log notification
|
|
set wtp-fips-event-log notification
|
|
end
|
|
config wireless-controller apcfg-profile
|
|
end
|
|
config wireless-controller bonjour-profile
|
|
end
|
|
config wireless-controller arrp-profile
|
|
edit "arrp-default"
|
|
set comment ''
|
|
set selection-period 3600
|
|
set monitor-period 300
|
|
set weight-managed-ap 50
|
|
set weight-rogue-ap 10
|
|
set weight-noise-floor 40
|
|
set weight-channel-load 20
|
|
set weight-spectral-rssi 40
|
|
set weight-weather-channel 0
|
|
set weight-dfs-channel 0
|
|
set threshold-ap 250
|
|
set threshold-noise-floor "-85"
|
|
set threshold-channel-load 60
|
|
set threshold-spectral-rssi "-65"
|
|
set threshold-tx-retries 300
|
|
set threshold-rx-errors 50
|
|
set include-weather-channel enable
|
|
set include-dfs-channel enable
|
|
set override-darrp-optimize disable
|
|
next
|
|
end
|
|
config wireless-controller region
|
|
end
|
|
config wireless-controller vap-group
|
|
end
|
|
config wireless-controller wids-profile
|
|
edit "default"
|
|
set comment "Default WIDS profile."
|
|
set sensor-mode disable
|
|
set ap-scan enable
|
|
set ap-bgscan-period 600
|
|
set ap-bgscan-intv 1
|
|
set ap-bgscan-duration 20
|
|
set ap-bgscan-idle 0
|
|
set ap-bgscan-report-intv 30
|
|
set ap-fgscan-report-intv 15
|
|
set ap-scan-passive disable
|
|
set ap-scan-threshold "-90"
|
|
set wireless-bridge enable
|
|
set deauth-broadcast enable
|
|
set null-ssid-probe-resp enable
|
|
set long-duration-attack enable
|
|
set long-duration-thresh 8200
|
|
set invalid-mac-oui enable
|
|
set weak-wep-iv enable
|
|
set auth-frame-flood enable
|
|
set auth-flood-time 10
|
|
set auth-flood-thresh 30
|
|
set assoc-frame-flood enable
|
|
set assoc-flood-time 10
|
|
set assoc-flood-thresh 30
|
|
set spoofed-deauth enable
|
|
set asleap-attack enable
|
|
set eapol-start-flood enable
|
|
set eapol-start-thresh 10
|
|
set eapol-start-intv 1
|
|
set eapol-logoff-flood enable
|
|
set eapol-logoff-thresh 10
|
|
set eapol-logoff-intv 1
|
|
set eapol-succ-flood enable
|
|
set eapol-succ-thresh 10
|
|
set eapol-succ-intv 1
|
|
set eapol-fail-flood enable
|
|
set eapol-fail-thresh 10
|
|
set eapol-fail-intv 1
|
|
set eapol-pre-succ-flood enable
|
|
set eapol-pre-succ-thresh 10
|
|
set eapol-pre-succ-intv 1
|
|
set eapol-pre-fail-flood enable
|
|
set eapol-pre-fail-thresh 10
|
|
set eapol-pre-fail-intv 1
|
|
set deauth-unknown-src-thresh 10
|
|
next
|
|
edit "default-wids-apscan-enabled"
|
|
set comment ''
|
|
set sensor-mode disable
|
|
set ap-scan enable
|
|
set ap-bgscan-period 600
|
|
set ap-bgscan-intv 1
|
|
set ap-bgscan-duration 20
|
|
set ap-bgscan-idle 0
|
|
set ap-bgscan-report-intv 30
|
|
set ap-fgscan-report-intv 15
|
|
set ap-scan-passive disable
|
|
set ap-scan-threshold "-90"
|
|
set wireless-bridge disable
|
|
set deauth-broadcast disable
|
|
set null-ssid-probe-resp disable
|
|
set long-duration-attack disable
|
|
set long-duration-thresh 8200
|
|
set invalid-mac-oui disable
|
|
set weak-wep-iv disable
|
|
set auth-frame-flood disable
|
|
set assoc-frame-flood disable
|
|
set spoofed-deauth disable
|
|
set asleap-attack disable
|
|
set eapol-start-flood disable
|
|
set eapol-logoff-flood disable
|
|
set eapol-succ-flood disable
|
|
set eapol-fail-flood disable
|
|
set eapol-pre-succ-flood disable
|
|
set eapol-pre-fail-flood disable
|
|
set deauth-unknown-src-thresh 10
|
|
next
|
|
end
|
|
config wireless-controller ble-profile
|
|
edit "fortiap-discovery"
|
|
set comment ''
|
|
set advertising ibeacon eddystone-uid eddystone-url
|
|
set ibeacon-uuid "wtp-uuid"
|
|
set major-id 1000
|
|
set minor-id 2000
|
|
set eddystone-namespace "0102030405"
|
|
set eddystone-instance "abcdef"
|
|
set eddystone-url "http://www.fortinet.com"
|
|
set txpower 0
|
|
set beacon-interval 100
|
|
set ble-scanning disable
|
|
set scan-type active
|
|
set scan-threshold "-90"
|
|
next
|
|
end
|
|
config wireless-controller syslog-profile
|
|
end
|
|
config wireless-controller wtp-profile
|
|
end
|
|
config wireless-controller wtp
|
|
end
|
|
config wireless-controller wtp-group
|
|
end
|
|
config wireless-controller qos-profile
|
|
end
|
|
config wireless-controller wag-profile
|
|
end
|
|
config wireless-controller snmp
|
|
set engine-id ''
|
|
set contact-info ''
|
|
set trap-high-cpu-threshold 80
|
|
set trap-high-mem-threshold 80
|
|
end
|
|
config wireless-controller mpsk-profile
|
|
end
|
|
config wireless-controller nac-profile
|
|
end
|
|
config wireless-controller ssid-policy
|
|
end
|
|
config wireless-controller access-control-list
|
|
end
|
|
config wireless-controller ap-status
|
|
end
|
|
config user nac-policy
|
|
end
|
|
config extension-controller dataplan
|
|
end
|
|
config extension-controller extender-vap
|
|
end
|
|
config extension-controller extender-profile
|
|
end
|
|
config extension-controller extender
|
|
end
|
|
config extension-controller fortigate-profile
|
|
end
|
|
config extension-controller fortigate
|
|
end
|
|
config system ips
|
|
set signature-hold-time 0h
|
|
end
|
|
config endpoint-control settings
|
|
set override disable
|
|
end
|
|
config ips custom
|
|
end
|
|
config ips settings
|
|
set packet-log-history 1
|
|
set packet-log-post-attack 0
|
|
set ips-packet-quota 0
|
|
set proxy-inline-ips disable
|
|
end
|
|
config alertemail setting
|
|
set username ''
|
|
set mailto1 ''
|
|
set mailto2 ''
|
|
set mailto3 ''
|
|
set filter-mode category
|
|
set email-interval 5
|
|
set IPS-logs disable
|
|
set firewall-authentication-failure-logs disable
|
|
set IPsec-errors-logs disable
|
|
set PPP-errors-logs disable
|
|
set sslvpn-authentication-errors-logs disable
|
|
set antivirus-logs disable
|
|
set webfilter-logs disable
|
|
set configuration-changes-logs disable
|
|
set violation-traffic-logs disable
|
|
set admin-login-logs disable
|
|
set log-disk-usage-warning disable
|
|
set FSSO-disconnect-logs disable
|
|
set ssh-logs disable
|
|
set local-disk-usage 75
|
|
end
|
|
config router access-list
|
|
end
|
|
config router access-list6
|
|
end
|
|
config router aspath-list
|
|
end
|
|
config router prefix-list
|
|
end
|
|
config router prefix-list6
|
|
end
|
|
config router key-chain
|
|
end
|
|
config router community-list
|
|
end
|
|
config router extcommunity-list
|
|
end
|
|
config router route-map
|
|
end
|
|
config router rip
|
|
set default-information-originate disable
|
|
set default-metric 1
|
|
set max-out-metric 0
|
|
config redistribute "connected"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "static"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "ospf"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "bgp"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "isis"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
set update-timer 30
|
|
set timeout-timer 180
|
|
set garbage-timer 120
|
|
set version 2
|
|
end
|
|
config router ripng
|
|
set default-information-originate disable
|
|
set default-metric 1
|
|
set max-out-metric 0
|
|
config redistribute "connected"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "static"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "ospf"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "bgp"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "isis"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
set update-timer 30
|
|
set timeout-timer 180
|
|
set garbage-timer 120
|
|
end
|
|
config router static
|
|
end
|
|
config router policy
|
|
end
|
|
config router policy6
|
|
end
|
|
config router static6
|
|
end
|
|
config router ospf
|
|
set abr-type standard
|
|
set auto-cost-ref-bandwidth 1000
|
|
set distance-external 110
|
|
set distance-inter-area 110
|
|
set distance-intra-area 110
|
|
set database-overflow disable
|
|
set database-overflow-max-lsas 10000
|
|
set database-overflow-time-to-recover 300
|
|
set default-information-originate disable
|
|
set default-information-metric 10
|
|
set default-information-metric-type 2
|
|
set default-information-route-map ''
|
|
set default-metric 10
|
|
set distance 110
|
|
set rfc1583-compatible disable
|
|
set router-id 0.0.0.0
|
|
set spf-timers 5 10
|
|
set bfd disable
|
|
set log-neighbour-changes enable
|
|
set distribute-list-in ''
|
|
set distribute-route-map-in ''
|
|
set restart-mode none
|
|
config redistribute "connected"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
set tag 0
|
|
end
|
|
config redistribute "static"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
set tag 0
|
|
end
|
|
config redistribute "rip"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
set tag 0
|
|
end
|
|
config redistribute "bgp"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
set tag 0
|
|
end
|
|
config redistribute "isis"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
set tag 0
|
|
end
|
|
end
|
|
config router ospf6
|
|
set abr-type standard
|
|
set auto-cost-ref-bandwidth 1000
|
|
set default-information-originate disable
|
|
set log-neighbour-changes enable
|
|
set default-information-metric 10
|
|
set default-information-metric-type 2
|
|
set default-information-route-map ''
|
|
set default-metric 10
|
|
set router-id 0.0.0.0
|
|
set spf-timers 5 10
|
|
set bfd disable
|
|
set restart-mode none
|
|
config redistribute "connected"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
end
|
|
config redistribute "static"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
end
|
|
config redistribute "rip"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
end
|
|
config redistribute "bgp"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
end
|
|
config redistribute "isis"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
end
|
|
end
|
|
config router bgp
|
|
unset as
|
|
set keepalive-timer 60
|
|
set holdtime-timer 180
|
|
set always-compare-med disable
|
|
set bestpath-as-path-ignore disable
|
|
set bestpath-cmp-confed-aspath disable
|
|
set bestpath-cmp-routerid disable
|
|
set bestpath-med-confed disable
|
|
set bestpath-med-missing-as-worst disable
|
|
set client-to-client-reflection enable
|
|
set dampening disable
|
|
set deterministic-med disable
|
|
set ebgp-multipath disable
|
|
set ibgp-multipath disable
|
|
set enforce-first-as enable
|
|
set fast-external-failover enable
|
|
set log-neighbour-changes enable
|
|
set network-import-check enable
|
|
set ignore-optional-capability enable
|
|
set multipath-recursive-distance disable
|
|
set recursive-next-hop disable
|
|
set recursive-inherit-priority disable
|
|
set tag-resolve-mode disable
|
|
set cluster-id 0.0.0.0
|
|
set confederation-identifier 0
|
|
set default-local-preference 100
|
|
set scan-time 60
|
|
set distance-external 20
|
|
set distance-internal 200
|
|
set distance-local 200
|
|
set synchronization disable
|
|
set graceful-restart disable
|
|
set cross-family-conditional-adv disable
|
|
config redistribute "connected"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute "rip"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute "ospf"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute "static"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute "isis"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute6 "connected"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute6 "rip"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute6 "ospf"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute6 "static"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute6 "isis"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
end
|
|
config router isis
|
|
set is-type level-1-2
|
|
set adv-passive-only disable
|
|
set adv-passive-only6 disable
|
|
set auth-mode-l1 password
|
|
set auth-mode-l2 password
|
|
set auth-password-l1 ENC 4lMyRDI1F4LO+8hhdQU202b5gctoCCVzPSUwnk5K3NAeIjTxD2J08MgdhzHwn5XPVyGHPYQrAHpKqw2YsEPkSK2NQlm+ETtUc5ueVwglkh6CrQmCYV5lYY9Ezs6tK/7XgiMu2L6uTrzuaftByBbliwdljvWqaFyDEYCbQFKA/mGRPgOjOBTUVkRAV5JcY8Ze3QoVu1lmMjY3dkVA
|
|
set auth-password-l2 ENC Eekf9+GBgPTRb3sh4lNIoTZkA8DRp3QH+7mIlmwnfR92yXJQXzTNHiaPPYRPAvhP/ejl07ZPZa5Wa0FkwAvFFRYAQgF+lO1qJhxy+9yKXubwgWvirsXDhwJ83NqJZCMMv7/mU7g4r4ysuDQtOcKHfn6xM8HtzFraxUtbI251EY8g+LCJRkgmhfHM4nfMvjal9e+70FlmMjY3dkVA
|
|
set auth-sendonly-l1 disable
|
|
set auth-sendonly-l2 disable
|
|
set ignore-lsp-errors disable
|
|
set lsp-gen-interval-l1 30
|
|
set lsp-gen-interval-l2 30
|
|
set lsp-refresh-interval 900
|
|
set max-lsp-lifetime 1200
|
|
set spf-interval-exp-l1 500 50000
|
|
set spf-interval-exp-l2 500 50000
|
|
set dynamic-hostname disable
|
|
set adjacency-check disable
|
|
set adjacency-check6 disable
|
|
set overload-bit disable
|
|
unset overload-bit-suppress
|
|
set overload-bit-on-startup 0
|
|
set default-originate disable
|
|
set default-originate6 disable
|
|
set metric-style narrow
|
|
set redistribute-l1 disable
|
|
set redistribute-l2 disable
|
|
set redistribute6-l1 disable
|
|
set redistribute6-l2 disable
|
|
config redistribute "connected"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute "rip"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute "ospf"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute "bgp"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute "static"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute6 "connected"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute6 "rip"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute6 "ospf"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute6 "bgp"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute6 "static"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
end
|
|
config router multicast-flow
|
|
end
|
|
config router multicast
|
|
set route-limit 2147483647
|
|
set multicast-routing disable
|
|
config pim-sm-global
|
|
set message-interval 60
|
|
set join-prune-holdtime 210
|
|
set accept-register-list ''
|
|
set accept-source-list ''
|
|
set bsr-candidate disable
|
|
set bsr-allow-quick-refresh disable
|
|
set cisco-register-checksum disable
|
|
set cisco-crp-prefix disable
|
|
set cisco-ignore-rp-set-priority disable
|
|
set register-rp-reachability enable
|
|
set register-source disable
|
|
set register-supression 60
|
|
set null-register-retries 1
|
|
set rp-register-keepalive 185
|
|
set spt-threshold enable
|
|
set ssm disable
|
|
set register-rate-limit 0
|
|
set pim-use-sdwan disable
|
|
set spt-threshold-group ''
|
|
end
|
|
end
|
|
config router multicast6
|
|
set multicast-routing disable
|
|
config pim-sm-global
|
|
end
|
|
end
|
|
config router auth-path
|
|
end
|
|
config router setting
|
|
set show-filter ''
|
|
set hostname ''
|
|
end
|
|
config router bfd
|
|
end
|
|
config router bfd6
|
|
end
|
|
config system proxy-arp
|
|
end
|
|
config system link-monitor
|
|
end
|
|
config system wccp
|
|
end
|
|
config system dns64
|
|
set status disable
|
|
set dns64-prefix 64:ff9b::/96
|
|
set always-synthesize-aaaa-record enable
|
|
end
|
|
config system nd-proxy
|
|
set status disable
|
|
end
|
|
config system vne-tunnel
|
|
set status disable
|
|
end
|
|
end
|
|
|
|
config vdom
|
|
edit scsd
|
|
config wireless-controller hotspot20 anqp-venue-name
|
|
end
|
|
config wireless-controller hotspot20 anqp-venue-url
|
|
end
|
|
config wireless-controller hotspot20 anqp-network-auth-type
|
|
end
|
|
config wireless-controller hotspot20 anqp-roaming-consortium
|
|
end
|
|
config wireless-controller hotspot20 anqp-nai-realm
|
|
end
|
|
config wireless-controller hotspot20 anqp-3gpp-cellular
|
|
end
|
|
config wireless-controller hotspot20 anqp-ip-address-type
|
|
end
|
|
config wireless-controller hotspot20 h2qp-operator-name
|
|
end
|
|
config wireless-controller hotspot20 h2qp-wan-metric
|
|
end
|
|
config wireless-controller hotspot20 h2qp-conn-capability
|
|
end
|
|
config wireless-controller hotspot20 icon
|
|
end
|
|
config wireless-controller hotspot20 h2qp-osu-provider
|
|
end
|
|
config wireless-controller hotspot20 qos-map
|
|
end
|
|
config wireless-controller hotspot20 h2qp-advice-of-charge
|
|
end
|
|
config wireless-controller hotspot20 h2qp-osu-provider-nai
|
|
end
|
|
config wireless-controller hotspot20 h2qp-terms-and-conditions
|
|
end
|
|
config wireless-controller hotspot20 hs-profile
|
|
end
|
|
config wireless-controller vap
|
|
end
|
|
config system object-tagging
|
|
edit "default"
|
|
set address optional
|
|
set device optional
|
|
set interface optional
|
|
set multiple enable
|
|
set color 0
|
|
next
|
|
end
|
|
config switch-controller traffic-policy
|
|
edit "quarantine"
|
|
set description "Rate control for quarantined traffic"
|
|
set policer-status enable
|
|
set guaranteed-bandwidth 163840
|
|
set guaranteed-burst 8192
|
|
set maximum-burst 163840
|
|
set cos-queue 0
|
|
next
|
|
edit "sniffer"
|
|
set description "Rate control for sniffer mirrored traffic"
|
|
set policer-status enable
|
|
set guaranteed-bandwidth 50000
|
|
set guaranteed-burst 8192
|
|
set maximum-burst 163840
|
|
set cos-queue 0
|
|
next
|
|
end
|
|
config switch-controller fortilink-settings
|
|
end
|
|
config system stp
|
|
set switch-priority 32768
|
|
set hello-time 2
|
|
set forward-delay 15
|
|
set max-age 20
|
|
set max-hops 20
|
|
end
|
|
config system settings
|
|
set comments ''
|
|
set vdom-type traffic
|
|
set opmode nat
|
|
set policy-offload-level disable
|
|
set ngfw-mode profile-based
|
|
set http-external-dest fortiweb
|
|
set firewall-session-dirty check-all
|
|
set bfd disable
|
|
set utf8-spam-tagging enable
|
|
set wccp-cache-engine disable
|
|
set vpn-stats-log ipsec pptp l2tp ssl
|
|
set vpn-stats-period 600
|
|
set v4-ecmp-mode source-ip-based
|
|
set fw-session-hairpin disable
|
|
set prp-trailer-action disable
|
|
set snat-hairpin-traffic enable
|
|
set dhcp-proxy disable
|
|
set central-nat disable
|
|
set lldp-reception global
|
|
set lldp-transmission global
|
|
set link-down-access enable
|
|
set nat46-generate-ipv6-fragment-header disable
|
|
set nat46-force-ipv4-packet-forwarding disable
|
|
set nat64-force-ipv6-packet-forwarding enable
|
|
set detect-unknown-esp enable
|
|
set intree-ses-best-route disable
|
|
set auxiliary-session disable
|
|
set asymroute disable
|
|
set asymroute-icmp disable
|
|
set tcp-session-without-syn disable
|
|
set ses-denied-traffic disable
|
|
set ses-denied-multicast-traffic disable
|
|
set strict-src-check disable
|
|
set allow-linkdown-path disable
|
|
set asymroute6 disable
|
|
set asymroute6-icmp disable
|
|
set sctp-session-without-init disable
|
|
set sip-expectation disable
|
|
set sip-nat-trace enable
|
|
set h323-direct-model enable
|
|
set status enable
|
|
set sip-tcp-port 5060
|
|
set sip-udp-port 5060
|
|
set sip-ssl-port 5061
|
|
set sccp-port 2000
|
|
set multicast-forward enable
|
|
set multicast-ttl-notchange disable
|
|
set allow-subnet-overlap disable
|
|
set deny-tcp-with-icmp disable
|
|
set ecmp-max-paths 255
|
|
set discovered-device-timeout 28
|
|
set email-portal-check-dns enable
|
|
set default-voip-alg-mode proxy-based
|
|
set gui-proxy-inspection enable
|
|
set gui-icap disable
|
|
set gui-implicit-policy enable
|
|
set gui-dns-database disable
|
|
set gui-load-balance disable
|
|
set gui-multicast-policy disable
|
|
set gui-dos-policy enable
|
|
set gui-object-colors enable
|
|
set gui-route-tag-address-creation disable
|
|
set gui-voip-profile enable
|
|
set gui-ap-profile enable
|
|
set gui-security-profile-group disable
|
|
set gui-local-in-policy enable
|
|
set gui-wanopt-cache disable
|
|
set gui-explicit-proxy disable
|
|
set gui-dynamic-routing enable
|
|
set gui-sslvpn-personal-bookmarks disable
|
|
set gui-sslvpn-realms disable
|
|
set gui-policy-based-ipsec disable
|
|
set gui-threat-weight enable
|
|
set gui-spamfilter disable
|
|
set gui-file-filter disable
|
|
set gui-application-control enable
|
|
set gui-ips enable
|
|
set gui-dhcp-advanced enable
|
|
set gui-vpn enable
|
|
set gui-sslvpn enable
|
|
set gui-wireless-controller disable
|
|
set gui-advanced-wireless-features disable
|
|
set gui-switch-controller disable
|
|
set gui-fortiap-split-tunneling disable
|
|
set gui-webfilter-advanced disable
|
|
set gui-traffic-shaping enable
|
|
set gui-wan-load-balancing enable
|
|
set gui-antivirus enable
|
|
set gui-webfilter enable
|
|
set gui-videofilter enable
|
|
set gui-dnsfilter disable
|
|
set gui-waf-profile disable
|
|
set gui-dlp-profile disable
|
|
set gui-virtual-patch-profile disable
|
|
set gui-casb disable
|
|
set gui-fortiextender-controller disable
|
|
set gui-advanced-policy enable
|
|
set gui-allow-unnamed-policy enable
|
|
set gui-email-collection disable
|
|
set gui-multiple-interface-policy enable
|
|
set gui-policy-disclaimer disable
|
|
set gui-ztna enable
|
|
set gui-ot disable
|
|
set gui-dynamic-device-os-id disable
|
|
set location-id 0.0.0.0
|
|
set ike-session-resume disable
|
|
set ike-quick-crash-detect disable
|
|
set ike-dn-format with-space
|
|
set ike-port 500
|
|
set ike-tcp-port 4500
|
|
set ike-policy-route disable
|
|
set block-land-attack disable
|
|
set application-bandwidth-tracking disable
|
|
set fqdn-session-check disable
|
|
set ext-resource-session-check disable
|
|
set dyn-addr-session-check disable
|
|
set default-policy-expiry-days 30
|
|
set gui-enforce-change-summary require
|
|
set internet-service-database-cache disable
|
|
set internet-service-app-ctrl-size 32768
|
|
end
|
|
config system sit-tunnel
|
|
end
|
|
config system arp-table
|
|
end
|
|
config system ipv6-neighbor-cache
|
|
end
|
|
config system vdom-sflow
|
|
set vdom-sflow disable
|
|
end
|
|
config system vdom-netflow
|
|
set vdom-netflow disable
|
|
end
|
|
config system vdom-dns
|
|
set vdom-dns disable
|
|
set alt-primary 0.0.0.0
|
|
set alt-secondary 0.0.0.0
|
|
end
|
|
config system replacemsg-group
|
|
edit "default"
|
|
set comment "Default replacement message group."
|
|
set group-type default
|
|
next
|
|
end
|
|
config system session-ttl
|
|
set default 3600
|
|
end
|
|
config system dhcp server
|
|
end
|
|
config system dhcp6 server
|
|
end
|
|
config system zone
|
|
edit "outside"
|
|
set description ''
|
|
set intrazone allow
|
|
set interface "outside lag"
|
|
next
|
|
edit "inside"
|
|
set description ''
|
|
set intrazone allow
|
|
set interface "inside lag"
|
|
next
|
|
edit "city_phones"
|
|
set description ''
|
|
set intrazone allow
|
|
set interface "city_phones lag"
|
|
next
|
|
end
|
|
config firewall address
|
|
edit "EMS_ALL_UNKNOWN_CLIENTS"
|
|
set uuid 4bea81ee-c0f6-51f0-81c4-ac67b6340985
|
|
set type dynamic
|
|
set sub-type ems-tag
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set obj-tag ''
|
|
set obj-type ip
|
|
set tag-detection-level ''
|
|
set tag-type ''
|
|
next
|
|
edit "EMS_ALL_UNMANAGEABLE_CLIENTS"
|
|
set uuid 4bea23ac-c0f6-51f0-e19e-1a8b5f593de6
|
|
set type dynamic
|
|
set sub-type ems-tag
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set obj-tag ''
|
|
set obj-type ip
|
|
set tag-detection-level ''
|
|
set tag-type ''
|
|
next
|
|
edit "SSLVPN_TUNNEL_ADDR1"
|
|
set uuid e532a73a-7e12-51ec-eaa4-fd80b5cf2433
|
|
set type iprange
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set start-ip 10.212.134.200
|
|
set end-ip 10.212.134.210
|
|
next
|
|
edit "all"
|
|
set uuid e532ee52-7e12-51ec-f457-f1b91bcd9146
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 0.0.0.0 0.0.0.0
|
|
next
|
|
edit "FIREWALL_AUTH_PORTAL_ADDRESS"
|
|
set uuid e532f032-7e12-51ec-a170-071d2e837272
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 0.0.0.0 0.0.0.0
|
|
next
|
|
edit "FABRIC_DEVICE"
|
|
set uuid e532f1fe-7e12-51ec-353b-562e24322ae1
|
|
set type ipmask
|
|
set comment "IPv4 addresses of Fabric Devices."
|
|
set associated-interface ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set subnet 0.0.0.0 0.0.0.0
|
|
next
|
|
edit "SRIC_BOCES_Firewall"
|
|
set uuid 0a853836-7e13-51ec-9f24-1ba72d33daa1
|
|
set type ipmask
|
|
set comment "SRIC BOCES - Firewall"
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 170.161.52.25 255.255.255.255
|
|
next
|
|
edit "SRIC_BOCES_Server02"
|
|
set uuid 0a8557da-7e13-51ec-c417-494db0cf6355
|
|
set type ipmask
|
|
set comment "SRIC BOCES - Server"
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 170.161.52.27 255.255.255.255
|
|
next
|
|
edit "Barracuda_Internal"
|
|
set uuid 0a85b734-7e13-51ec-9de7-2551ebd23a14
|
|
set type ipmask
|
|
set comment "Barracuda Email Internal"
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.40.7 255.255.255.255
|
|
next
|
|
edit "Nimble_Inside_1"
|
|
set uuid 0a8af0dc-7e13-51ec-1959-4595795d53d5
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 192.168.1.98 255.255.255.255
|
|
next
|
|
edit "Nimble_Inside_2"
|
|
set uuid 0a8b01e4-7e13-51ec-4ace-cb7402c17ed2
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 192.168.1.1 255.255.255.255
|
|
next
|
|
edit "Nimble_Inside_4"
|
|
set uuid 0a8b121a-7e13-51ec-f811-fa2c900a5ef3
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 172.16.176.98 255.255.255.255
|
|
next
|
|
edit "Nimble_Support"
|
|
set uuid 0a8b21c4-7e13-51ec-1f49-e45d8e196f85
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 198.54.168.5 255.255.255.255
|
|
next
|
|
edit "ReverseProxy"
|
|
set uuid 0a8b6206-7e13-51ec-1d54-4698b6427447
|
|
set type ipmask
|
|
set comment "Reverseproxy.scsd.ad for ess.scsd.us"
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.126 255.255.255.255
|
|
next
|
|
edit "SafeSchools_01"
|
|
set uuid 0a8b91b8-7e13-51ec-0021-b15615764de2
|
|
set type ipmask
|
|
set comment "IP address for Safe Schools video training. Used to access LDAP authentication."
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 52.27.21.77 255.255.255.255
|
|
next
|
|
edit "SPD_20_DrKing"
|
|
set uuid 0a8db8c6-7e13-51ec-618d-9f2355f1dd27
|
|
set type ipmask
|
|
set comment "SPD Firewall STEAM at Dr King"
|
|
set associated-interface ''
|
|
set color 2
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.20.70.10 255.255.255.255
|
|
next
|
|
edit "SPD_21_Danforth"
|
|
set uuid 0a8dc690-7e13-51ec-ccba-6a8478ced467
|
|
set type ipmask
|
|
set comment "SPD Firewall Brighton Academy"
|
|
set associated-interface ''
|
|
set color 2
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.21.70.10 255.255.255.255
|
|
next
|
|
edit "SPD_25_Frazer"
|
|
set uuid 0a8df156-7e13-51ec-045b-3fe304ad3b91
|
|
set type ipmask
|
|
set comment "SPD Firewall Frazer"
|
|
set associated-interface ''
|
|
set color 2
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.25.70.10 255.255.255.255
|
|
next
|
|
edit "SPD_44_Seymour"
|
|
set uuid 0a8e0cfe-7e13-51ec-d1fb-acfa979014d2
|
|
set type ipmask
|
|
set comment "SPD Firewall Seymour"
|
|
set associated-interface ''
|
|
set color 2
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.44.70.10 255.255.255.255
|
|
next
|
|
edit "SPD_48_Beard"
|
|
set uuid 0a8e1afa-7e13-51ec-af98-ef8cf4f83c17
|
|
set type ipmask
|
|
set comment "SPD Firewall McCarthy at Beard"
|
|
set associated-interface ''
|
|
set color 2
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.48.70.10 255.255.255.255
|
|
next
|
|
edit "SPD_53_Blodgett"
|
|
set uuid 0a8e29aa-7e13-51ec-6147-dc5f14277b01
|
|
set type ipmask
|
|
set comment "SPD Firewall Syracuse STEM at Blodgett"
|
|
set associated-interface ''
|
|
set color 2
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.53.70.10 255.255.255.255
|
|
next
|
|
edit "SPD_56_SSC"
|
|
set uuid 0a8e38aa-7e13-51ec-f2ab-1fa2a023c91d
|
|
set type ipmask
|
|
set comment "SPD Firewall School Service Center"
|
|
set associated-interface ''
|
|
set color 2
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.56.70.10 255.255.255.255
|
|
next
|
|
edit "SPD_09_Grant"
|
|
set uuid 0a8e638e-7e13-51ec-62aa-068d4978c68b
|
|
set type ipmask
|
|
set comment "SPD Firewall Grant"
|
|
set associated-interface ''
|
|
set color 2
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.9.70.10 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_001"
|
|
set uuid 0a8e7f22-7e13-51ec-a464-6f0420570c82
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 103.117.232.198 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_002"
|
|
set uuid 0a8e8d32-7e13-51ec-3074-f960ad050544
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 103.122.33.58 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_003"
|
|
set uuid 0a8e9ad4-7e13-51ec-afe5-67736c5106fa
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 103.207.169.78 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_004"
|
|
set uuid 0a8eb636-7e13-51ec-db43-20f666350752
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 104.139.74.25 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_005"
|
|
set uuid 0a8fa2f8-7e13-51ec-3eb0-c8f0d55f02aa
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 107.173.6.251 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_006"
|
|
set uuid 0a8fb0ea-7e13-51ec-4632-351b0874f70b
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 107.175.69.34 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_007"
|
|
set uuid 0a8fbed2-7e13-51ec-485c-00d4dd86b39d
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 119.92.23.203 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_103"
|
|
set uuid 0a8fccc4-7e13-51ec-0b7c-a117a4176016
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 13.111.22.133 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_008"
|
|
set uuid 0a8fda7a-7e13-51ec-97e5-b0b3614af531
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 131.0.142.120 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_009"
|
|
set uuid 0a8fe90c-7e13-51ec-38b7-faece5683353
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 131.196.184.141 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_010"
|
|
set uuid 0a8ff80c-7e13-51ec-340a-6a18d7d1a6c7
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 138.121.24.78 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_011"
|
|
set uuid 0a9005ea-7e13-51ec-9bcb-754fff13b945
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 138.59.233.5 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_012"
|
|
set uuid 0a901436-7e13-51ec-f0ec-13032c6240e0
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 146.185.219.45 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_013"
|
|
set uuid 0a9021ec-7e13-51ec-9359-ba9fae941ad2
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 146.196.122.152 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_014"
|
|
set uuid 0a902fd4-7e13-51ec-e74f-37afbd7490b5
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 146.196.122.167 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_015"
|
|
set uuid 0a905982-7e13-51ec-74fe-54b2c8fb9e45
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 149.154.70.202 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_104"
|
|
set uuid 0a906774-7e13-51ec-d0a7-4d1fcb60531b
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 151.80.88.253 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_105"
|
|
set uuid 0a90755c-7e13-51ec-0351-7aa8ac28601d
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 152.89.245.207 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_106"
|
|
set uuid 0a908344-7e13-51ec-4977-ffb06b045e2b
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 152.89.245.212 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_016"
|
|
set uuid 0a90e5a0-7e13-51ec-a327-b3e7fc9e0063
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 158.69.85.206 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_107"
|
|
set uuid 0a9101a2-7e13-51ec-6314-5b36d2da2325
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 162.255.119.159 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_017"
|
|
set uuid 0a910f94-7e13-51ec-b24f-d92de452f198
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 163.121.188.3 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_108"
|
|
set uuid 0a911d9a-7e13-51ec-0fc4-073146a8cd43
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 164.132.138.130 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_018"
|
|
set uuid 0a912ba0-7e13-51ec-df44-e3422156f07e
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 164.132.216.41 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_019"
|
|
set uuid 0a91397e-7e13-51ec-5825-0c4d2091c040
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 168.227.229.112 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_020"
|
|
set uuid 0a91478e-7e13-51ec-a04f-22d125ed226a
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 170.78.99.190 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_021"
|
|
set uuid 0a915738-7e13-51ec-d12b-8b3569087f0e
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 170.84.78.186 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_109"
|
|
set uuid 0a91ab02-7e13-51ec-ed0a-9c0dada4669b
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 176.126.83.149 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_022"
|
|
set uuid 0a91ba66-7e13-51ec-a150-efd6ce3b3a4d
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 177.103.240.149 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_023"
|
|
set uuid 0a91c862-7e13-51ec-0920-a5db5958614b
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 177.107.51.162 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_024"
|
|
set uuid 0a91d6a4-7e13-51ec-d5cf-be7a38fbfd78
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 177.124.37.208 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_025"
|
|
set uuid 0a91e4b4-7e13-51ec-c87c-b09a8378aab9
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 177.36.5.7 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_026"
|
|
set uuid 0a91f2d8-7e13-51ec-48b9-d5924093bfd6
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 177.52.79.29 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_027"
|
|
set uuid 0a9200ac-7e13-51ec-4b9c-5d652a687afb
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 177.8.172.86 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_111"
|
|
set uuid 0a920eda-7e13-51ec-f326-8a96fc91c191
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 178.157.82.145 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_112"
|
|
set uuid 0a921cc2-7e13-51ec-9964-adad6b5564d5
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 178.157.82.80 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_028"
|
|
set uuid 0a922abe-7e13-51ec-81b7-f4de201968b9
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 179.189.241.254 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_029"
|
|
set uuid 0a9246b6-7e13-51ec-3da9-2b278d2b01f2
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 180.250.197.188 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_030"
|
|
set uuid 0a925494-7e13-51ec-267e-5c699c3edb7d
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 181.115.168.69 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_031"
|
|
set uuid 0a92629a-7e13-51ec-113c-a99e6938839e
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 181.129.140.140 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_032"
|
|
set uuid 0a9271ae-7e13-51ec-285f-555b92cb642f
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 181.129.49.98 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_033"
|
|
set uuid 0a927fc8-7e13-51ec-bccd-4613f95aba6f
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 181.129.93.226 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_034"
|
|
set uuid 0a928e46-7e13-51ec-c80a-8388ff4557bc
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 181.196.61.110 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_035"
|
|
set uuid 0a92c802-7e13-51ec-4528-4a094178f679
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 185.117.119.163 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_113"
|
|
set uuid 0a92d630-7e13-51ec-6806-adf2aca25360
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 185.117.73.76 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_114"
|
|
set uuid 0a92e422-7e13-51ec-3bd9-0e7e776e73f3
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 185.135.81.147 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_115"
|
|
set uuid 0a92f1ec-7e13-51ec-dd5d-271a7d518652
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 185.141.27.243 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_116"
|
|
set uuid 0a92ffb6-7e13-51ec-27a2-b84e6d0063f2
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 185.172.129.147 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_117"
|
|
set uuid 0a930d44-7e13-51ec-becf-7b8075e21034
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 185.175.156.13 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_118"
|
|
set uuid 0a931b18-7e13-51ec-6914-5d08d35511b9
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 185.180.198.141 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_119"
|
|
set uuid 0a932932-7e13-51ec-5bd3-6e5512188745
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 185.224.134.124 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_036"
|
|
set uuid 0a9336e8-7e13-51ec-02b7-0ce6191d1c92
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 185.251.39.9 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_037"
|
|
set uuid 0a935290-7e13-51ec-bcdd-dbeb3fe4be1e
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 185.43.6.87 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_120"
|
|
set uuid 0a936050-7e13-51ec-57c8-5d7f7c473e1f
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 185.65.202.115 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_038"
|
|
set uuid 0a936ef6-7e13-51ec-53cf-6f8bee9d091b
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 185.86.150.130 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_039"
|
|
set uuid 0a937f40-7e13-51ec-768b-11316deb4f35
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 186.138.152.228 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_040"
|
|
set uuid 0a938de6-7e13-51ec-0713-d769a21789e4
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 186.183.199.114 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_041"
|
|
set uuid 0a939c28-7e13-51ec-db40-11e72cff9a71
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 186.226.188.105 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_042"
|
|
set uuid 0a93aa10-7e13-51ec-fca1-298336b8cda6
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 186.42.186.202 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_043"
|
|
set uuid 0a93b7bc-7e13-51ec-28f0-9535e81c53cf
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 186.42.226.46 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_044"
|
|
set uuid 0a93c5a4-7e13-51ec-dc3f-4387c52f8f82
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 187.110.100.122 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_045"
|
|
set uuid 0a93d396-7e13-51ec-7fbe-8668df0be053
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 187.58.56.26 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_046"
|
|
set uuid 0a93e142-7e13-51ec-8e36-b87f5a5bc69c
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 189.80.134.122 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_047"
|
|
set uuid 0a93ef0c-7e13-51ec-706c-5b984f717f1d
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 190.13.160.19 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_048"
|
|
set uuid 0a93fcd6-7e13-51ec-01ad-67c5c6b915ff
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 190.152.4.210 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_049"
|
|
set uuid 0a940b04-7e13-51ec-a9c9-cc450331446c
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 190.154.203.218 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_122"
|
|
set uuid 0a9418c4-7e13-51ec-8596-a39159de5513
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 191.101.251.141 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_050"
|
|
set uuid 0a9426c0-7e13-51ec-1b29-e88b2ded8a30
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 191.101.251.146 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_051"
|
|
set uuid 0a9434bc-7e13-51ec-7144-5fee38e77f28
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 191.37.181.152 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_125"
|
|
set uuid 0a9451ae-7e13-51ec-c6da-aa2eaddc131a
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 193.187.172.99 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_126"
|
|
set uuid 0a946248-7e13-51ec-0c21-82d62c111d43
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 193.9.60.148 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_052"
|
|
set uuid 0a94708a-7e13-51ec-fe4a-64b3519c69b6
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 194.1.237.76 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_053"
|
|
set uuid 0a947e9a-7e13-51ec-d292-277281820589
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 195.123.212.139 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_054"
|
|
set uuid 0a948c82-7e13-51ec-0d2d-da25c4f27e6f
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 195.123.238.13 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_055"
|
|
set uuid 0a949aba-7e13-51ec-720e-e76d921c5a3a
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 195.123.243.167 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_056"
|
|
set uuid 0a94a8c0-7e13-51ec-be90-4ac6926ce00c
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 195.123.245.47 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_057"
|
|
set uuid 0a94b694-7e13-51ec-c4f9-7e04176ebae9
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 195.123.246.188 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_127"
|
|
set uuid 0a94c47c-7e13-51ec-820e-4898aeab9df1
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 195.161.114.191 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_128"
|
|
set uuid 0a94d28c-7e13-51ec-3e88-403ff19fe1e2
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 195.161.62.25 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_129"
|
|
set uuid 0a94e06a-7e13-51ec-b19b-2640c1e60743
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 198.23.208.16 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_130"
|
|
set uuid 0a9597e4-7e13-51ec-d8ab-92f359dc155e
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 198.46.190.37 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_131"
|
|
set uuid 0a95cf7a-7e13-51ec-5ea5-0e6e104b297d
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 200.35.56.81 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_058"
|
|
set uuid 0a95dda8-7e13-51ec-b6d7-4d21550fb09d
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 201.184.69.50 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_059"
|
|
set uuid 0a963974-7e13-51ec-d430-5ba664e2edf9
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 212.80.216.167 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_060"
|
|
set uuid 0a97000c-7e13-51ec-0547-279e6bbe4100
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 240.0.0.1 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_132"
|
|
set uuid 0a973e14-7e13-51ec-d233-959184440bf4
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 31.184.255.100 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_133"
|
|
set uuid 0a97a2f0-7e13-51ec-d681-069c63f3601c
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 36.66.115.180 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_061"
|
|
set uuid 0a97b100-7e13-51ec-d1e5-2f94f0f68259
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 36.89.85.103 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_062"
|
|
set uuid 0a97bf10-7e13-51ec-2db8-cb64a47c673d
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 37.18.30.99 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_063"
|
|
set uuid 0a97cd48-7e13-51ec-c85c-d8c8fd5a2d13
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 37.44.215.169 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_064"
|
|
set uuid 0a97db44-7e13-51ec-0d24-863276e8108c
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 45.127.222.53 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_065"
|
|
set uuid 0a97e968-7e13-51ec-aea1-45c8498ae1bb
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 45.160.145.102 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_066"
|
|
set uuid 0a97f840-7e13-51ec-62fd-9ca3e7af4a23
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 45.160.145.109 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_067"
|
|
set uuid 0a9807b8-7e13-51ec-b681-9bb550c18f31
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 45.160.145.179 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_068"
|
|
set uuid 0a981604-7e13-51ec-0333-60ac71a8bdee
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 45.160.145.18 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_069"
|
|
set uuid 0a98241e-7e13-51ec-93b9-072d9a7df302
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 45.160.145.203 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_070"
|
|
set uuid 0a98322e-7e13-51ec-c5fa-dc32507c198a
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 45.160.145.216 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_071"
|
|
set uuid 0a984052-7e13-51ec-0f63-cc272d94ea42
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 45.160.145.222 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_072"
|
|
set uuid 0a984e94-7e13-51ec-71ac-e3e2c9a118a8
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 45.160.145.53 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_073"
|
|
set uuid 0a985cae-7e13-51ec-33e8-58f8bb003e7c
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 45.160.145.58 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_074"
|
|
set uuid 0a986a96-7e13-51ec-681b-e245f7bb5fea
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 45.160.145.8 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_075"
|
|
set uuid 0a9878ba-7e13-51ec-6851-c48bd0f98c2e
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 45.230.176.158 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_076"
|
|
set uuid 0a9886e8-7e13-51ec-3ae5-0d9241c23652
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 45.67.228.192 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_077"
|
|
set uuid 0a9894bc-7e13-51ec-4141-a522fe9ba676
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 47.27.175.168 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_078"
|
|
set uuid 0a98a34e-7e13-51ec-c3e9-cb470fa1f89f
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 5.189.224.172 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_079"
|
|
set uuid 0a98b172-7e13-51ec-5d25-d716e47fe18e
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 5.253.63.106 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_080"
|
|
set uuid 0a98bfaa-7e13-51ec-dccb-cdc29f284588
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 5.4.5.4 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_081"
|
|
set uuid 0a997bc0-7e13-51ec-eb4a-00ddc2a55df3
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 64.44.51.108 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_082"
|
|
set uuid 0a9989a8-7e13-51ec-1fa6-3538770dbcb8
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 64.44.51.79 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_083"
|
|
set uuid 0a9a46ae-7e13-51ec-7d06-0c81c7eec79e
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 68.186.167.196 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_084"
|
|
set uuid 0a9a926c-7e13-51ec-4153-52249dd62fad
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 78.155.206.85 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_085"
|
|
set uuid 0a9aa086-7e13-51ec-9c17-55082a74ad1b
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 78.155.207.139 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_086"
|
|
set uuid 0a9ab17a-7e13-51ec-4cf7-ceeaab5354bc
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 80.173.224.81 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_087"
|
|
set uuid 0a9ac200-7e13-51ec-d5a6-6198c0c47dc8
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 81.177.22.238 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_088"
|
|
set uuid 0a9ad11e-7e13-51ec-2024-3bad38eaaf78
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 82.118.22.57 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_089"
|
|
set uuid 0a9ae014-7e13-51ec-8263-e579e0ecdb96
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 82.118.22.71 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_090"
|
|
set uuid 0a9aefbe-7e13-51ec-d922-2a65477ec45d
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 82.146.46.153 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_091"
|
|
set uuid 0a9afdc4-7e13-51ec-3795-03566758e41d
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 82.202.221.160 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_092"
|
|
set uuid 0a9b0bfc-7e13-51ec-b3c2-c16c03a5ea64
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 85.10.234.175 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_093"
|
|
set uuid 0a9b2862-7e13-51ec-066a-eb641b6d1674
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 87.246.7.228 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_094"
|
|
set uuid 0a9b6f0c-7e13-51ec-5bd2-f9f9bb5a1125
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 91.235.129.166 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_095"
|
|
set uuid 0a9b7cea-7e13-51ec-5b5a-8051653fd1e4
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 91.240.84.159 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_096"
|
|
set uuid 0a9b8afa-7e13-51ec-114f-66a82c988f08
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 91.240.85.19 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_097"
|
|
set uuid 0a9b99e6-7e13-51ec-90bf-683357404f31
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 92.223.105.86 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_098"
|
|
set uuid 0a9bb91c-7e13-51ec-d855-c5c614c7200b
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 92.38.160.64 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_099"
|
|
set uuid 0a9bc772-7e13-51ec-afa7-f494cfb93d2f
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 93.189.42.220 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_100"
|
|
set uuid 0a9be40a-7e13-51ec-c824-90d4aedb9623
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 96.36.253.146 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_101"
|
|
set uuid 0a9bf22e-7e13-51ec-22ac-7bc495d1c13c
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 97.87.160.98 255.255.255.255
|
|
next
|
|
edit "Internal_10.0.0.0_8"
|
|
set uuid 0a9c4a30-7e13-51ec-b0f3-f5056c9e9184
|
|
set type ipmask
|
|
set comment "Internal 10.0.0.0/8 Network"
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.0.0.0 255.0.0.0
|
|
next
|
|
edit "SCHC_Remote_Subnet_01"
|
|
set uuid 0a9c5872-7e13-51ec-71d1-e5d98bdf2744
|
|
set type ipmask
|
|
set comment "Syracuse Community Health Center Remote Subnet"
|
|
set associated-interface ''
|
|
set color 8
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.107.100.0 255.255.255.0
|
|
next
|
|
edit "SCHC_Remote_Subnet_02"
|
|
set uuid 0a9c66aa-7e13-51ec-0b13-f8cf0e1a41f3
|
|
set type ipmask
|
|
set comment "Syracuse Community Health Center Remote Subnet"
|
|
set associated-interface ''
|
|
set color 8
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.107.49.0 255.255.255.0
|
|
next
|
|
edit "SCHC_Remote_Subnet_03"
|
|
set uuid 0a9c74e2-7e13-51ec-998c-d99c0658868f
|
|
set type ipmask
|
|
set comment "Syracuse Community Health Center Remote Subnet"
|
|
set associated-interface ''
|
|
set color 8
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.107.50.0 255.255.255.0
|
|
next
|
|
edit "SCHC_15_HWSmith"
|
|
set uuid 0a9c840a-7e13-51ec-a07e-4b2db13ebcac
|
|
set type ipmask
|
|
set comment "Syracuse Community Health Center HW Smith Subnet"
|
|
set associated-interface ''
|
|
set color 8
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.15.107.0 255.255.255.0
|
|
next
|
|
edit "SCHC_20_DrKing"
|
|
set uuid 0a9c9508-7e13-51ec-8b83-42b6d74909c5
|
|
set type ipmask
|
|
set comment "Syracuse Community Health Center Dr King Subnet"
|
|
set associated-interface ''
|
|
set color 8
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.20.107.0 255.255.255.0
|
|
next
|
|
edit "SCHC_22_Delaware"
|
|
set uuid 0a9ca39a-7e13-51ec-0a9f-ebdd76525017
|
|
set type ipmask
|
|
set comment "Syracuse Community Health Center Delaware Subnet"
|
|
set associated-interface ''
|
|
set color 8
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.22.107.0 255.255.255.0
|
|
next
|
|
edit "SCHC_24_Franklin"
|
|
set uuid 0a9cbfc4-7e13-51ec-1414-285bfc2f24d2
|
|
set type ipmask
|
|
set comment "Syracuse Community Health Center Franklin Subnet"
|
|
set associated-interface ''
|
|
set color 8
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.24.107.0 255.255.255.0
|
|
next
|
|
edit "SCHC_03_PSLA"
|
|
set uuid 0a9d14b0-7e13-51ec-a58a-4f4d8285eabf
|
|
set type ipmask
|
|
set comment "Syracuse Community Health Center PSLA Subnet"
|
|
set associated-interface ''
|
|
set color 8
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.3.107.0 255.255.255.0
|
|
next
|
|
edit "SCHC_34_DrWeeks"
|
|
set uuid 0a9d2306-7e13-51ec-2fb7-1fb43e3e9fea
|
|
set type ipmask
|
|
set comment "Syracuse Community Health Center Dr Weeks Subnet"
|
|
set associated-interface ''
|
|
set color 8
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.34.107.0 255.255.255.0
|
|
next
|
|
edit "SCHC_53_Blodgett"
|
|
set uuid 0a9d6a5a-7e13-51ec-02c2-b236eac7f9b6
|
|
set type ipmask
|
|
set comment "Syracuse Community Health Center Blodgett Subnet"
|
|
set associated-interface ''
|
|
set color 8
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.53.107.0 255.255.255.0
|
|
next
|
|
edit "SCHC_09_Grant"
|
|
set uuid 0a9d79fa-7e13-51ec-d6db-70760e87134b
|
|
set type ipmask
|
|
set comment "Syracuse Community Health Center Grant Subnet"
|
|
set associated-interface ''
|
|
set color 8
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.9.107.0 255.255.255.0
|
|
next
|
|
edit "z_BlockSub_001"
|
|
set uuid 0a9da506-7e13-51ec-d201-bcacc5fd4927
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 103.139.219.0 255.255.255.0
|
|
next
|
|
edit "z_BlockSub_002"
|
|
set uuid 0a9e083e-7e13-51ec-f632-79c1d919a267
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 103.89.88.0 255.255.252.0
|
|
next
|
|
edit "z_BlockSub_003"
|
|
set uuid 0a9e245e-7e13-51ec-e050-c5ce7d115206
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 104.140.0.0 255.255.0.0
|
|
next
|
|
edit "z_BlockSub_004"
|
|
set uuid 0a9e3264-7e13-51ec-4fa7-e0148944d1f1
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 104.143.83.0 255.255.255.0
|
|
next
|
|
edit "z_BlockSub_005"
|
|
set uuid 0a9e4fce-7e13-51ec-d96b-83e0927bb63c
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 104.206.0.0 255.255.0.0
|
|
next
|
|
edit "z_BlockSub_006"
|
|
set uuid 0a9e8b92-7e13-51ec-7426-bf2faf9ea1ea
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 107.189.8.0 255.255.252.0
|
|
next
|
|
edit "z_BlockSub_007"
|
|
set uuid 0a9ea802-7e13-51ec-2165-2964d88cd90b
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 108.179.192.0 255.255.192.0
|
|
next
|
|
edit "z_BlockSub_008"
|
|
set uuid 0a9ed2aa-7e13-51ec-630e-083950577ac4
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 112.24.0.0 255.248.0.0
|
|
next
|
|
edit "z_BlockSub_009"
|
|
set uuid 0a9ee0d8-7e13-51ec-4047-1d147eff3a57
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 115.220.0.0 255.255.0.0
|
|
next
|
|
edit "z_BlockSub_010"
|
|
set uuid 0a9eef24-7e13-51ec-97f9-e2fb9c9f8fbf
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 120.52.0.0 255.255.0.0
|
|
next
|
|
edit "z_BlockSub_011"
|
|
set uuid 0a9efd48-7e13-51ec-61b2-d7da31183a31
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 120.55.0.0 255.255.0.0
|
|
next
|
|
edit "z_BlockSub_012"
|
|
set uuid 0a9f0bc6-7e13-51ec-8f8a-06a927c0e878
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 125.64.0.0 255.248.0.0
|
|
next
|
|
edit "z_BlockSub_013"
|
|
set uuid 0aa15fb6-7e13-51ec-2869-f8e52068f378
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 150.107.103.0 255.255.255.0
|
|
next
|
|
edit "z_BlockSub_014"
|
|
set uuid 0aa1dff4-7e13-51ec-8b1f-3408f33014b7
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 162.244.80.0 255.255.252.0
|
|
next
|
|
edit "z_BlockSub_015"
|
|
set uuid 0aa1eed6-7e13-51ec-9ec1-08bc55c60d31
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 162.247.72.0 255.255.252.0
|
|
next
|
|
edit "z_BlockSub_016"
|
|
set uuid 0aa2031c-7e13-51ec-7d95-815042a4b94f
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 162.255.116.0 255.255.252.0
|
|
next
|
|
edit "z_BlockSub_017"
|
|
set uuid 0aa267a8-7e13-51ec-64aa-1de64179c50a
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 170.130.184.0 255.255.252.0
|
|
next
|
|
edit "Internal_172.16.0.0_12"
|
|
set uuid 0aa291ba-7e13-51ec-463b-16725994902b
|
|
set type ipmask
|
|
set comment "Internal_172.16.0.0_12 Network"
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 172.16.0.0 255.240.0.0
|
|
next
|
|
edit "z_BlockSub_019"
|
|
set uuid 0aa29ff2-7e13-51ec-ae10-925183a8715f
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 172.246.0.0 255.255.0.0
|
|
next
|
|
edit "z_BlockSub_020"
|
|
set uuid 0aa2bc30-7e13-51ec-e90b-dcc4359e9e4e
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 177.0.0.0 255.0.0.0
|
|
next
|
|
edit "z_BlockSub_021"
|
|
set uuid 0aa2ca4a-7e13-51ec-0250-68b988254cbf
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 184.104.0.0 255.254.0.0
|
|
next
|
|
edit "Internal_192.168.0.0_16"
|
|
set uuid 0aa2f718-7e13-51ec-935b-eda3f5cd0b31
|
|
set type ipmask
|
|
set comment "Internal_192.168.0.0_16 Network"
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 192.168.0.0 255.255.0.0
|
|
next
|
|
edit "z_BlockSub_022"
|
|
set uuid 0aa3ed58-7e13-51ec-41e0-634ef66afbeb
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 198.108.0.0 255.252.0.0
|
|
next
|
|
edit "z_BlockSub_024"
|
|
set uuid 0aa49d84-7e13-51ec-072b-555484ca9908
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 199.249.230.0 255.255.255.0
|
|
next
|
|
edit "z_BlockSub_025"
|
|
set uuid 0aa4bb16-7e13-51ec-38c8-0ad9c21c95cb
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 199.59.240.0 255.255.252.0
|
|
next
|
|
edit "z_BlockSub_026"
|
|
set uuid 0aa626d6-7e13-51ec-4cfa-2e49c64f3ae1
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 202.28.0.0 255.254.0.0
|
|
next
|
|
edit "z_BlockSub_027"
|
|
set uuid 0aa7be10-7e13-51ec-90f8-cbd95276ba3e
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 209.141.32.0 255.255.224.0
|
|
next
|
|
edit "z_BlockSub_028"
|
|
set uuid 0aa7dbe8-7e13-51ec-62b4-5c63ed06e33f
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 209.53.0.0 255.255.0.0
|
|
next
|
|
edit "z_BlockSub_029"
|
|
set uuid 0aa824ae-7e13-51ec-7da2-a96772b87e50
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 217.0.0.0 255.0.0.0
|
|
next
|
|
edit "z_BlockSub_030"
|
|
set uuid 0aa8332c-7e13-51ec-0ef9-9c5d3dd281ac
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 218.102.96.0 255.255.224.0
|
|
next
|
|
edit "z_BlockSub_031"
|
|
set uuid 0aa841c8-7e13-51ec-7155-38a70fed7979
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 23.129.64.0 255.255.255.0
|
|
next
|
|
edit "z_BlockSub_032"
|
|
set uuid 0aa85046-7e13-51ec-9601-7811c6e985a0
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 23.227.128.0 255.255.224.0
|
|
next
|
|
edit "z_BlockSub_033"
|
|
set uuid 0aa87d78-7e13-51ec-69d2-7ff281286854
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 35.0.0.0 255.255.0.0
|
|
next
|
|
edit "z_BlockSub_034"
|
|
set uuid 0aa88c00-7e13-51ec-0e3b-bedcfc65f66e
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 38.39.24.0 255.255.248.0
|
|
next
|
|
edit "z_BlockSub_035"
|
|
set uuid 0aa8d5b6-7e13-51ec-ce55-1ff4a675adb0
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 45.224.0.0 255.240.0.0
|
|
next
|
|
edit "z_BlockSub_037"
|
|
set uuid 0aaba426-7e13-51ec-a663-289b5d3e7cb0
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 71.244.60.224 255.255.255.240
|
|
next
|
|
edit "z_BlockSub_038"
|
|
set uuid 0aabb204-7e13-51ec-deb0-55bb442c4f70
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 71.64.0.0 255.240.0.0
|
|
next
|
|
edit "z_BlockSub_039"
|
|
set uuid 0aac3026-7e13-51ec-be14-31177632301a
|
|
set type ipmask
|
|
set comment "Malicious Subnet"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 80.0.0.0 255.0.0.0
|
|
next
|
|
edit "nimble_Inside_3"
|
|
set uuid 0aaca718-7e13-51ec-f746-029225700508
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 172.16.175.98 255.255.255.255
|
|
next
|
|
edit "ntss-inside"
|
|
set uuid 0aacd620-7e13-51ec-9980-f4e16453c930
|
|
set type ipmask
|
|
set comment "NTSS"
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.48.68 255.255.255.255
|
|
next
|
|
edit "city_permited_subnet_1"
|
|
set uuid 0aadfece-7e13-51ec-e0e6-75786e1a72fb
|
|
set type ipmask
|
|
set comment "***Needs to be narrowed***"
|
|
set associated-interface ''
|
|
set color 28
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.0.0 255.255.0.0
|
|
next
|
|
edit "city_permited_subnet_3"
|
|
set uuid 0aae1d32-7e13-51ec-7cc4-d9967b2a27d5
|
|
set type ipmask
|
|
set comment "***Needs to be examined***"
|
|
set associated-interface ''
|
|
set color 28
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.50.0 255.255.255.0
|
|
next
|
|
edit "city_permited_subnet_4"
|
|
set uuid 0aae2ca0-7e13-51ec-46b6-fee9abfae129
|
|
set type ipmask
|
|
set comment "***Needs to be examined***"
|
|
set associated-interface ''
|
|
set color 28
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.150.0 255.255.255.0
|
|
next
|
|
edit "city_permited_subnet_5"
|
|
set uuid 0aae3bbe-7e13-51ec-2ff9-d2519e679e77
|
|
set type ipmask
|
|
set comment "***Needs to be examined***"
|
|
set associated-interface ''
|
|
set color 28
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.21.150.0 255.255.255.0
|
|
next
|
|
edit "city_permited_subnet_7"
|
|
set uuid 0aae5a22-7e13-51ec-1bc8-4e45084e783a
|
|
set type ipmask
|
|
set comment "***Needs to be examined***"
|
|
set associated-interface ''
|
|
set color 28
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.7.0 255.255.255.0
|
|
next
|
|
edit "City_Side_Subnet_1"
|
|
set uuid 0aae6922-7e13-51ec-8300-5b8f36afd5b5
|
|
set type ipmask
|
|
set comment "City\'s Subnet on their side"
|
|
set associated-interface ''
|
|
set color 28
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.250.0.0 255.255.0.0
|
|
next
|
|
edit "City_Side_CGR_01"
|
|
set uuid 0aae96c2-7e13-51ec-9c06-d34ccf3630a0
|
|
set type ipmask
|
|
set comment "City Lights CGR Subnet on City Side"
|
|
set associated-interface ''
|
|
set color 28
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.253.17.0 255.255.255.0
|
|
next
|
|
edit "City_Side_CGR_02"
|
|
set uuid 0aaea658-7e13-51ec-631a-97d36a01eb5f
|
|
set type ipmask
|
|
set comment "City Lights CGR Subnet on City Side"
|
|
set associated-interface ''
|
|
set color 28
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.253.18.0 255.255.255.0
|
|
next
|
|
edit "VPN-Range"
|
|
set uuid 0ab10790-7e13-51ec-7f17-ad4fde7906a9
|
|
set type iprange
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set start-ip 172.16.251.1
|
|
set end-ip 172.16.251.127
|
|
next
|
|
edit "SPD_Network"
|
|
set uuid 0ab119b0-7e13-51ec-257d-2cb06740df37
|
|
set type iprange
|
|
set comment "Syracuse Police Department Network Range"
|
|
set associated-interface ''
|
|
set color 2
|
|
set fabric-object disable
|
|
set start-ip 10.250.100.80
|
|
set end-ip 10.250.100.89
|
|
next
|
|
edit "FCTEMS_ALL_FORTICLOUD_SERVERS"
|
|
set uuid f5bafcaa-7e13-51ec-b0b3-fdb26ff0f168
|
|
set type dynamic
|
|
set sub-type ems-tag
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set obj-tag ''
|
|
set obj-type ip
|
|
set tag-detection-level ''
|
|
set tag-type ''
|
|
next
|
|
edit "Russia"
|
|
set uuid f7abba8c-996a-51ec-469c-ebb1a1f04d98
|
|
set type geography
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 7
|
|
set fabric-object disable
|
|
set country "RU"
|
|
next
|
|
edit "China"
|
|
set uuid 0c2898b8-996b-51ec-024d-93bfafa09b92
|
|
set type geography
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 6
|
|
set fabric-object disable
|
|
set country "CN"
|
|
next
|
|
edit "Iran"
|
|
set uuid 597d8d6c-9a2e-51ec-7d14-ea715cf8eb34
|
|
set type geography
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 6
|
|
set fabric-object disable
|
|
set country "IR"
|
|
next
|
|
edit "Belarus"
|
|
set uuid 41982634-9bce-51ec-7603-fe1807691741
|
|
set type geography
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 6
|
|
set fabric-object disable
|
|
set country "BY"
|
|
next
|
|
edit "North Korea"
|
|
set uuid dd05a5c8-9fdf-51ec-0cb2-9aa3eb6f5fd2
|
|
set type geography
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 6
|
|
set fabric-object disable
|
|
set country "KP"
|
|
next
|
|
edit "SSL_VPN_Range"
|
|
set uuid 4a55a1c4-a462-51ec-5ec8-dc6f9f0affaa
|
|
set type ipmask
|
|
set comment "Remote Access VPN IP Range"
|
|
set associated-interface "ssl.scsd"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.212.134.0 255.255.255.0
|
|
next
|
|
edit "United_States"
|
|
set uuid f0e62b0a-b99b-51ec-19b2-0c2803cfd88f
|
|
set type geography
|
|
set comment ''
|
|
set associated-interface "outside"
|
|
set color 0
|
|
set fabric-object disable
|
|
set country "US"
|
|
next
|
|
edit "SRIC_BOCES_Server01"
|
|
set uuid f7e1dbfc-c4c2-51ec-7127-11c5f7bdddff
|
|
set type ipmask
|
|
set comment "SRIC BOCES - Server"
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 170.161.72.15 255.255.255.255
|
|
next
|
|
edit "z_Ryuk_01"
|
|
set uuid 7a6252e8-d083-51ec-8345-e1455ab2c3ba
|
|
set type ipmask
|
|
set comment "Block IP from Ransomware Attack"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 177.103.240.149 255.255.255.255
|
|
next
|
|
edit "z_Ryuk_02"
|
|
set uuid a40c2bb4-d083-51ec-b323-ade0a55839db
|
|
set type ipmask
|
|
set comment "Block IP from Ransomware Attack"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 93.189.42.220 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_134"
|
|
set uuid 7006b162-718d-51ed-572a-70f08b7a8f51
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 138.68.50.218 255.255.255.255
|
|
next
|
|
edit "411App_WebPage"
|
|
set uuid b565c704-8158-51ed-a77b-25fb5818f605
|
|
set type fqdn
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set fqdn "411app.scsd.us"
|
|
set cache-ttl 0
|
|
next
|
|
edit "City_Side_Parks_Phone_Subnet"
|
|
set uuid 070f12c4-9c14-51ed-40d0-60abf190aa66
|
|
set type ipmask
|
|
set comment "City Parks & Rec Phones and SIP Trunk Subnet"
|
|
set associated-interface ''
|
|
set color 28
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.250.229.0 255.255.255.0
|
|
next
|
|
edit "Nigeria"
|
|
set uuid 6d8b4142-fbcf-51ed-ab34-cff482e7b308
|
|
set type geography
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 6
|
|
set fabric-object disable
|
|
set country "NG"
|
|
next
|
|
edit "Afghanistan"
|
|
set uuid 4ba1ca54-fedd-51ed-668b-74c0f8eb2c0f
|
|
set type geography
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 6
|
|
set fabric-object disable
|
|
set country "AF"
|
|
next
|
|
edit "Brazil"
|
|
set uuid e07d88ae-fee0-51ed-1a85-3243b8bb6f28
|
|
set type geography
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 6
|
|
set fabric-object disable
|
|
set country "BR"
|
|
next
|
|
edit "Columbia"
|
|
set uuid f7d09e06-fee0-51ed-ab95-bb983e02ab2d
|
|
set type geography
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 6
|
|
set fabric-object disable
|
|
set country "CO"
|
|
next
|
|
edit "India"
|
|
set uuid 80e7e05a-fee1-51ed-86c8-55b0bdfcde29
|
|
set type geography
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 6
|
|
set fabric-object disable
|
|
set country "IN"
|
|
next
|
|
edit "Indonesia"
|
|
set uuid 9b2c4bcc-fee1-51ed-0958-5f81481b17ca
|
|
set type geography
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 6
|
|
set fabric-object disable
|
|
set country "ID"
|
|
next
|
|
edit "Romania"
|
|
set uuid b3cdc296-fee1-51ed-1c4b-22194c9cc41e
|
|
set type geography
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 6
|
|
set fabric-object disable
|
|
set country "RO"
|
|
next
|
|
edit "Thailand"
|
|
set uuid cc6085aa-fee1-51ed-6938-e99720fc0e1d
|
|
set type geography
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 6
|
|
set fabric-object disable
|
|
set country "TH"
|
|
next
|
|
edit "Turkey"
|
|
set uuid dce3b672-fee1-51ed-28a9-22f266dccd3c
|
|
set type geography
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 6
|
|
set fabric-object disable
|
|
set country "TR"
|
|
next
|
|
edit "Vietnam"
|
|
set uuid f1445072-fee1-51ed-4d1d-ac333eb9b62e
|
|
set type geography
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 6
|
|
set fabric-object disable
|
|
set country "VN"
|
|
next
|
|
edit "SPD_22_Delaware"
|
|
set uuid 5d5f97ce-0a15-51ee-61e0-ba5413639bbe
|
|
set type ipmask
|
|
set comment "SPD Firewall Delaware"
|
|
set associated-interface ''
|
|
set color 2
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.22.70.10 255.255.255.255
|
|
next
|
|
edit "SPD_24_Franklin"
|
|
set uuid 9de19392-0a15-51ee-41c9-4a9b29c6ef8d
|
|
set type ipmask
|
|
set comment "SPD Firewall Franklin"
|
|
set associated-interface ''
|
|
set color 2
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.24.70.10 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_135"
|
|
set uuid 1c05a41e-7da4-51ee-aa5a-0bf5fffe914c
|
|
set type ipmask
|
|
set comment "Malicious IP Address"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 108.174.5.112 255.255.255.255
|
|
next
|
|
edit "SPD_Side_Genetec"
|
|
set uuid 7812ba2a-bacc-51ee-9526-57c74513772d
|
|
set type ipmask
|
|
set comment "Genetec Server Range on SPD Side"
|
|
set associated-interface "city_phones"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.211.21.16 255.255.255.240
|
|
next
|
|
edit "ST_External_1"
|
|
set uuid e163ed64-cb48-51ee-1912-d43d2f9d8a06
|
|
set type ipmask
|
|
set comment "SchoolTool IIS #3"
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 172.30.45.30 255.255.255.255
|
|
next
|
|
edit "ST_External_2"
|
|
set uuid fe500048-cb48-51ee-f69d-8c68dad3ef7c
|
|
set type ipmask
|
|
set comment "SchoolTool Reporting"
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 172.30.45.109 255.255.255.255
|
|
next
|
|
edit "ST_External_3"
|
|
set uuid 0fb8dfb2-cb49-51ee-46f0-4daba18e5ca0
|
|
set type ipmask
|
|
set comment "SchoolTool SQL"
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 172.30.45.25 255.255.255.255
|
|
next
|
|
edit "PrintOC-Outside"
|
|
set uuid a0f79ad4-dca3-51ee-ac6d-f7175b2033fa
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 1
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 198.36.26.119 255.255.255.255
|
|
next
|
|
edit "ST_External_4"
|
|
set uuid 5e2f106e-f748-51ee-4aac-94c43ef48ee4
|
|
set type ipmask
|
|
set comment "SchoolTool IIS #4"
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 172.30.45.35 255.255.255.255
|
|
next
|
|
edit "ST_External_5"
|
|
set uuid 7c0f5756-f748-51ee-1681-4e182cba3f56
|
|
set type ipmask
|
|
set comment "SchoolTool IIS #2"
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 172.30.45.84 255.255.255.255
|
|
next
|
|
edit "ST_External_6"
|
|
set uuid 935836c6-f748-51ee-bc6e-cb945108f3d0
|
|
set type ipmask
|
|
set comment "SchoolTool IIS #1"
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 172.30.45.107 255.255.255.255
|
|
next
|
|
edit "SchoolTool_External_Range"
|
|
set uuid 91990ea8-f8e4-51ee-d726-ec2b591fc828
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 172.30.44.0 255.255.254.0
|
|
next
|
|
edit "z_BlockIP_141"
|
|
set uuid 94a36b7e-0d53-51ef-13e3-5805428d2dbf
|
|
set type ipmask
|
|
set comment "now.gg"
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 18.238.49.122 255.255.255.255
|
|
next
|
|
edit "Webosphere_Inside"
|
|
set uuid 2e39b0de-3812-51ef-0a90-418dae660dd3
|
|
set type ipmask
|
|
set comment "SCSD Website"
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.48.117 255.255.255.255
|
|
next
|
|
edit "Day_Enterprise_Server"
|
|
set uuid 2e3a23a2-3812-51ef-98b7-ca00795bc304
|
|
set type ipmask
|
|
set comment "Day Automation"
|
|
set associated-interface "inside"
|
|
set color 10
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.40.108 255.255.255.255
|
|
next
|
|
edit "Day_VM_Server"
|
|
set uuid 2e3a9fda-3812-51ef-3be6-9f968517e7f7
|
|
set type ipmask
|
|
set comment "Day Automation"
|
|
set associated-interface "inside"
|
|
set color 10
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.40.173 255.255.255.255
|
|
next
|
|
edit "WebCRD"
|
|
set uuid 2e3b1a96-3812-51ef-1d34-0d079f65a239
|
|
set type ipmask
|
|
set comment "printshop.scsd.us"
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.48.96 255.255.255.255
|
|
next
|
|
edit "Security_01_NOC"
|
|
set uuid 2e3b8c42-3812-51ef-123c-196be61209dc
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.70.0 255.255.254.0
|
|
next
|
|
edit "Security_02_ITC"
|
|
set uuid 2e3bf42a-3812-51ef-4218-0f0adaa27d79
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.2.70.0 255.255.254.0
|
|
next
|
|
edit "Security_03_PSLA"
|
|
set uuid 2e3c5fe6-3812-51ef-b2bd-f7fe67161cb8
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.3.70.0 255.255.254.0
|
|
next
|
|
edit "Security_04_Nottingham"
|
|
set uuid 2e3ccb52-3812-51ef-f19b-682ad90f6cab
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.4.70.0 255.255.254.0
|
|
next
|
|
edit "Security_06_Henninger"
|
|
set uuid 2e3d35c4-3812-51ef-1bb5-f1a9b710debd
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.6.70.0 255.255.254.0
|
|
next
|
|
edit "Security_07_Corcoran"
|
|
set uuid 2e3da0b8-3812-51ef-6f4b-7fc09625840a
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.7.70.0 255.255.254.0
|
|
next
|
|
edit "Security_08_Clary"
|
|
set uuid 2e3e0d28-3812-51ef-452f-be72cc6c1031
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.8.70.0 255.255.254.0
|
|
next
|
|
edit "Security_09_Grant"
|
|
set uuid 2e3e760a-3812-51ef-e068-d52c1858db48
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.9.70.0 255.255.254.0
|
|
next
|
|
edit "Security_10_Levy"
|
|
set uuid 2e3eddfc-3812-51ef-4f29-a9de01078f75
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.10.70.0 255.255.254.0
|
|
next
|
|
edit "Security_13_Lincoln"
|
|
set uuid 2e3f492c-3812-51ef-1870-4fe13f2e12a3
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.13.70.0 255.255.254.0
|
|
next
|
|
edit "Security_14_Shea"
|
|
set uuid 2e3fb236-3812-51ef-dc25-d8f04ef0b6a0
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.14.70.0 255.255.254.0
|
|
next
|
|
edit "Security_15_HWSmith"
|
|
set uuid 2e402252-3812-51ef-d693-17e769649127
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.15.70.0 255.255.254.0
|
|
next
|
|
edit "Security_16_Bellevue"
|
|
set uuid 2e408c88-3812-51ef-d985-06958db619c9
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.16.70.0 255.255.254.0
|
|
next
|
|
edit "Security_20_DrKing"
|
|
set uuid 2e40f628-3812-51ef-d0f4-964eb7b5e28c
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.20.70.0 255.255.254.0
|
|
next
|
|
edit "Security_21_Danforth"
|
|
set uuid 2e41604a-3812-51ef-fba3-5fd84aa9bb27
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.21.70.0 255.255.254.0
|
|
next
|
|
edit "Security_22_Delaware"
|
|
set uuid 2e41cc7e-3812-51ef-efeb-04312bb2a1eb
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.22.70.0 255.255.254.0
|
|
next
|
|
edit "Security_23_Elmwood"
|
|
set uuid 2e4236dc-3812-51ef-7e00-47389ea40dff
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.23.70.0 255.255.254.0
|
|
next
|
|
edit "Security_24_Franklin"
|
|
set uuid 2e42a48c-3812-51ef-d6dd-39ed3b5d7b01
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.24.70.0 255.255.254.0
|
|
next
|
|
edit "Security_25_Frazer"
|
|
set uuid 2e430e22-3812-51ef-3c9c-7096a7e1d6b2
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.25.70.0 255.255.254.0
|
|
next
|
|
edit "Security_27_Elmcrest"
|
|
set uuid 2e437a60-3812-51ef-960e-f8fe9870a900
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.27.70.0 255.255.254.0
|
|
next
|
|
edit "Security_28_Latin"
|
|
set uuid 2e43e608-3812-51ef-fac9-797593c2500a
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.28.70.0 255.255.254.0
|
|
next
|
|
edit "Security_29_Huntington"
|
|
set uuid 2e4454b2-3812-51ef-3840-17cdf4f1a92c
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.29.70.0 255.255.254.0
|
|
next
|
|
edit "Security_30_SalemHyde"
|
|
set uuid 2e44c1c2-3812-51ef-f3a3-d7a783d71352
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.30.70.0 255.255.254.0
|
|
next
|
|
edit "Security_33_LeMoyne"
|
|
set uuid 2e452b9e-3812-51ef-7baf-ea2884cf8700
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.33.70.0 255.255.254.0
|
|
next
|
|
edit "Security_34_DrWeeks"
|
|
set uuid 2e459548-3812-51ef-7578-1aeba908118d
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.34.70.0 255.255.254.0
|
|
next
|
|
edit "Security_36_McKinley"
|
|
set uuid 2e460000-3812-51ef-8593-773d2753bb04
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.36.70.0 255.255.254.0
|
|
next
|
|
edit "Security_37_Meachem"
|
|
set uuid 2e466a40-3812-51ef-0b61-c16e1216ded8
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.37.70.0 255.255.254.0
|
|
next
|
|
edit "Security_40_Porter"
|
|
set uuid 2e46d598-3812-51ef-7793-f3e067198d9a
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.40.70.0 255.255.254.0
|
|
next
|
|
edit "Security_41_BOVA"
|
|
set uuid 2e473f24-3812-51ef-bb0c-d32b6497463a
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.41.70.0 255.255.254.0
|
|
next
|
|
edit "Security_42_Roberts"
|
|
set uuid 2e47a932-3812-51ef-66c0-d8b766ad51ee
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.42.70.0 255.255.254.0
|
|
next
|
|
edit "Security_44_Seymour"
|
|
set uuid 2e4812d2-3812-51ef-f4ed-a1483c8f6a63
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.44.70.0 255.255.254.0
|
|
next
|
|
edit "Security_45_EdSmith"
|
|
set uuid 2e487c68-3812-51ef-b81a-cd974e7efc5c
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.45.70.0 255.255.254.0
|
|
next
|
|
edit "Security_46_Phoenix"
|
|
set uuid 2e48e82e-3812-51ef-60eb-a9b2719fbaec
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.46.70.0 255.255.254.0
|
|
next
|
|
edit "Security_47_McCarthy"
|
|
set uuid 2e4953fe-3812-51ef-fbd2-7ce41bb97e0b
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.47.70.0 255.255.254.0
|
|
next
|
|
edit "Security_48_Beard"
|
|
set uuid 2e49bcea-3812-51ef-b048-eb00716913c2
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.48.70.0 255.255.254.0
|
|
next
|
|
edit "Security_49_VanDuyn"
|
|
set uuid 2e4a2734-3812-51ef-bf5e-0b623b270dc7
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.49.70.0 255.255.254.0
|
|
next
|
|
edit "Security_51_Webster"
|
|
set uuid 2e4a914c-3812-51ef-299b-02d6c7ecee86
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.51.70.0 255.255.254.0
|
|
next
|
|
edit "Security_53_Blodgett"
|
|
set uuid 2e4afc2c-3812-51ef-aeda-b356ecf7f6b4
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.53.70.0 255.255.254.0
|
|
next
|
|
edit "Security_54_JVC"
|
|
set uuid 2e4b6658-3812-51ef-c4a2-d4624e5b529b
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.54.70.0 255.255.254.0
|
|
next
|
|
edit "Security_55_CentralOffice"
|
|
set uuid 2e4bd570-3812-51ef-51ac-4f6a430d5bd3
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.55.70.0 255.255.254.0
|
|
next
|
|
edit "Security_56_SSC"
|
|
set uuid 2e4c3d4e-3812-51ef-c3f1-1f32b2c96221
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.56.70.0 255.255.254.0
|
|
next
|
|
edit "Security_57_Transportation"
|
|
set uuid 2e4ca9b4-3812-51ef-e5df-43e48b4a055b
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.57.70.0 255.255.254.0
|
|
next
|
|
edit "Security_60_PDC"
|
|
set uuid 2e4d119c-3812-51ef-7e54-0a6673d08df7
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.60.70.0 255.255.254.0
|
|
next
|
|
edit "Security_86_StLucy"
|
|
set uuid 2e4d7a74-3812-51ef-d951-bda817edf1b7
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 25
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.86.70.0 255.255.254.0
|
|
next
|
|
edit "psdevdb1"
|
|
set uuid 2e4de022-3812-51ef-6eb1-fb714a8b8a3f
|
|
set type ipmask
|
|
set comment "Peoplesoft"
|
|
set associated-interface "inside"
|
|
set color 20
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.136 255.255.255.255
|
|
next
|
|
edit "hypprodweb1"
|
|
set uuid 2e4e59da-3812-51ef-9149-6e005bac3437
|
|
set type ipmask
|
|
set comment "Hyperion"
|
|
set associated-interface "inside"
|
|
set color 22
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.84 255.255.255.255
|
|
next
|
|
edit "psprddb1"
|
|
set uuid 2e4ed05e-3812-51ef-5091-0bb71324dd53
|
|
set type ipmask
|
|
set comment "Peoplesoft"
|
|
set associated-interface "inside"
|
|
set color 20
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.138 255.255.255.255
|
|
next
|
|
edit "psqasdb1"
|
|
set uuid 2e4f47b4-3812-51ef-3ff1-1779368ab9dc
|
|
set type ipmask
|
|
set comment "Peoplesoft"
|
|
set associated-interface "inside"
|
|
set color 20
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.137 255.255.255.255
|
|
next
|
|
edit "psdevfin"
|
|
set uuid 2e4fbece-3812-51ef-5994-dade1d0ff5b7
|
|
set type ipmask
|
|
set comment "Peoplesoft"
|
|
set associated-interface "inside"
|
|
set color 20
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.122 255.255.255.255
|
|
next
|
|
edit "psdevhcm"
|
|
set uuid 2e50367e-3812-51ef-5e52-aadc6c2618af
|
|
set type ipmask
|
|
set comment "Peoplesoft"
|
|
set associated-interface "inside"
|
|
set color 20
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.125 255.255.255.255
|
|
next
|
|
edit "psprdess"
|
|
set uuid 2e50ada2-3812-51ef-5b75-14efafbaff20
|
|
set type ipmask
|
|
set comment "Peoplesoft"
|
|
set associated-interface "inside"
|
|
set color 20
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.200 255.255.255.255
|
|
next
|
|
edit "psprdfin"
|
|
set uuid 2e5124e4-3812-51ef-3c9f-7a6e9d7671dc
|
|
set type ipmask
|
|
set comment "Peoplesoft"
|
|
set associated-interface "inside"
|
|
set color 20
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.120 255.255.255.255
|
|
next
|
|
edit "psprdhcm"
|
|
set uuid 2e519c26-3812-51ef-dbd1-bc7cd8b4640f
|
|
set type ipmask
|
|
set comment "Peoplesoft"
|
|
set associated-interface "inside"
|
|
set color 20
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.123 255.255.255.255
|
|
next
|
|
edit "psprdrpx"
|
|
set uuid 2e5214b2-3812-51ef-cfd6-5d98c1c81a18
|
|
set type ipmask
|
|
set comment "Peoplesoft"
|
|
set associated-interface "inside"
|
|
set color 20
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.201 255.255.255.255
|
|
next
|
|
edit "psqasfin"
|
|
set uuid 2e528ece-3812-51ef-f39d-813404cc90c6
|
|
set type ipmask
|
|
set comment "Peoplesoft"
|
|
set associated-interface "inside"
|
|
set color 20
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.121 255.255.255.255
|
|
next
|
|
edit "psqashcm"
|
|
set uuid 2e53061a-3812-51ef-7c41-8f6d25c4ca26
|
|
set type ipmask
|
|
set comment "Peoplesoft"
|
|
set associated-interface "inside"
|
|
set color 20
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.124 255.255.255.255
|
|
next
|
|
edit "pstools"
|
|
set uuid 2e537dde-3812-51ef-7794-fba7fd170422
|
|
set type ipmask
|
|
set comment "Peoplesoft"
|
|
set associated-interface "inside"
|
|
set color 20
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.130 255.255.255.255
|
|
next
|
|
edit "hypprodweb2"
|
|
set uuid 2e53f6f6-3812-51ef-77a9-df6d255ec88a
|
|
set type ipmask
|
|
set comment "Hyperion"
|
|
set associated-interface "inside"
|
|
set color 22
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.85 255.255.255.255
|
|
next
|
|
edit "hypprodess"
|
|
set uuid 2e546e10-3812-51ef-9210-5ffc3f576e14
|
|
set type ipmask
|
|
set comment "Hyperion"
|
|
set associated-interface "inside"
|
|
set color 22
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.83 255.255.255.255
|
|
next
|
|
edit "hypprodwin7"
|
|
set uuid 2e54e7c8-3812-51ef-cbeb-b300c98992d4
|
|
set type ipmask
|
|
set comment "Hyperion"
|
|
set associated-interface "inside"
|
|
set color 22
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.86 255.255.255.255
|
|
next
|
|
edit "psnagus"
|
|
set uuid 2e55d5d4-3812-51ef-e4cf-0652f68b0363
|
|
set type ipmask
|
|
set comment "Peoplesoft"
|
|
set associated-interface "inside"
|
|
set color 20
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.131 255.255.255.255
|
|
next
|
|
edit "psupgfin"
|
|
set uuid 2e564fe6-3812-51ef-98e6-fa41a9ac2c37
|
|
set type ipmask
|
|
set comment "Peoplesoft"
|
|
set associated-interface "inside"
|
|
set color 20
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.150 255.255.255.255
|
|
next
|
|
edit "psupghcm"
|
|
set uuid 2e56c908-3812-51ef-96d7-715ba38493ed
|
|
set type ipmask
|
|
set comment "Peoplesoft"
|
|
set associated-interface "inside"
|
|
set color 20
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.151 255.255.255.255
|
|
next
|
|
edit "hypdeveb"
|
|
set uuid 2e5741f8-3812-51ef-990f-955316f81064
|
|
set type ipmask
|
|
set comment "Hyperion"
|
|
set associated-interface "inside"
|
|
set color 22
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.50 255.255.255.255
|
|
next
|
|
edit "hypdevw1"
|
|
set uuid 2e57bb6a-3812-51ef-2cc2-e3819c0b4717
|
|
set type ipmask
|
|
set comment "Hyperion"
|
|
set associated-interface "inside"
|
|
set color 22
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.51 255.255.255.255
|
|
next
|
|
edit "hypdevw3"
|
|
set uuid 2e58343c-3812-51ef-deb3-e6ac61ae4732
|
|
set type ipmask
|
|
set comment "Hyperion"
|
|
set associated-interface "inside"
|
|
set color 22
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.59 255.255.255.255
|
|
next
|
|
edit "hypprdeb"
|
|
set uuid 2e58acd2-3812-51ef-d169-355a6a12dae5
|
|
set type ipmask
|
|
set comment "Hyperion"
|
|
set associated-interface "inside"
|
|
set color 22
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.53 255.255.255.255
|
|
next
|
|
edit "hypprdw1"
|
|
set uuid 2e59248c-3812-51ef-acf0-d684d4ab99f0
|
|
set type ipmask
|
|
set comment "Hyperion"
|
|
set associated-interface "inside"
|
|
set color 22
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.54 255.255.255.255
|
|
next
|
|
edit "hypprdw2"
|
|
set uuid 2e599c50-3812-51ef-e6c2-ceddbe66d6c7
|
|
set type ipmask
|
|
set comment "Hyperion"
|
|
set associated-interface "inside"
|
|
set color 22
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.55 255.255.255.255
|
|
next
|
|
edit "hypqaeb"
|
|
set uuid 2e5a14f0-3812-51ef-e85b-801a55858873
|
|
set type ipmask
|
|
set comment "Hyperion"
|
|
set associated-interface "inside"
|
|
set color 22
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.56 255.255.255.255
|
|
next
|
|
edit "hypqaw1"
|
|
set uuid 2e5a8ef8-3812-51ef-014b-4c3cac480b1b
|
|
set type ipmask
|
|
set comment "Hyperion"
|
|
set associated-interface "inside"
|
|
set color 22
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.57 255.255.255.255
|
|
next
|
|
edit "hypqaw2"
|
|
set uuid 2e5b0694-3812-51ef-798c-7bc63cc8e340
|
|
set type ipmask
|
|
set comment "Hyperion"
|
|
set associated-interface "inside"
|
|
set color 22
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.58 255.255.255.255
|
|
next
|
|
edit "Nighttime_Inside"
|
|
set uuid 2e5b8222-3812-51ef-94a7-96006969bb11
|
|
set type ipmask
|
|
set comment "Nighttime sends backups"
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.40.191 255.255.255.255
|
|
next
|
|
edit "411app"
|
|
set uuid 2e5bf3a6-3812-51ef-a114-396893680a5e
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.40.216 255.255.255.255
|
|
next
|
|
edit "411sql"
|
|
set uuid 2e5c4e00-3812-51ef-f180-bb36d41da284
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.40.225 255.255.255.255
|
|
next
|
|
edit "DocHolliday"
|
|
set uuid 2e5ca954-3812-51ef-2c03-522988a5c39d
|
|
set type ipmask
|
|
set comment "WebCRD Server"
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.48.78 255.255.255.255
|
|
next
|
|
edit "Day_Continuum_Server"
|
|
set uuid 2e5d1af6-3812-51ef-6816-2d136d63430c
|
|
set type ipmask
|
|
set comment "Day Automation"
|
|
set associated-interface "inside"
|
|
set color 10
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.40.188 255.255.255.255
|
|
next
|
|
edit "Genetec"
|
|
set uuid 2e5d949a-3812-51ef-407b-6187d0785301
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.70.30 255.255.255.255
|
|
next
|
|
edit "DC01_A"
|
|
set uuid 2e5ded50-3812-51ef-d0c4-fef62bc79a80
|
|
set type ipmask
|
|
set comment "Domain Controller for DNS and LDAP"
|
|
set associated-interface "inside"
|
|
set color 14
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.40.10 255.255.255.255
|
|
next
|
|
edit "DC01_B"
|
|
set uuid 2e5e6ef6-3812-51ef-5037-1eb8074e6ba1
|
|
set type ipmask
|
|
set comment "Domain Controller for DNS and LDAP"
|
|
set associated-interface "inside"
|
|
set color 14
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.40.95 255.255.255.255
|
|
next
|
|
edit "DC01_C"
|
|
set uuid 2e5ef0d8-3812-51ef-648b-2bff2ce1781b
|
|
set type ipmask
|
|
set comment "Domain Controller for DNS and LDAP"
|
|
set associated-interface "inside"
|
|
set color 14
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.48.120 255.255.255.255
|
|
next
|
|
edit "HVDC02"
|
|
set uuid 2e5f727e-3812-51ef-caba-3c4cae318ffe
|
|
set type ipmask
|
|
set comment "Domain Controller for DNS and LDAP"
|
|
set associated-interface "inside"
|
|
set color 14
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.21.48.10 255.255.255.255
|
|
next
|
|
edit "HVDC03_A"
|
|
set uuid 2e5ff726-3812-51ef-e135-1ea4a2e02941
|
|
set type ipmask
|
|
set comment "Domain Controller for DNS and LDAP"
|
|
set associated-interface "inside"
|
|
set color 14
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.48.95 255.255.255.255
|
|
next
|
|
edit "HVDC03_B"
|
|
set uuid 2e6078c2-3812-51ef-6edb-89b964cdf564
|
|
set type ipmask
|
|
set comment "Domain Controller for DNS and LDAP"
|
|
set associated-interface "inside"
|
|
set color 14
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.48.10 255.255.255.255
|
|
next
|
|
edit "Tim PC"
|
|
set uuid 2e614496-3812-51ef-85a0-9e389e54366a
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.7.137 255.255.255.255
|
|
next
|
|
edit "CGR_16_Bellevue"
|
|
set uuid 2e61a2d8-3812-51ef-1f9d-aed76078eb1a
|
|
set type ipmask
|
|
set comment "City Lights CGR - 16_Bellevue"
|
|
set associated-interface "inside"
|
|
set color 28
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.16.233.11 255.255.255.255
|
|
next
|
|
edit "CGR_55_CentralOffice"
|
|
set uuid 2e622c80-3812-51ef-d3f3-56d779628a78
|
|
set type ipmask
|
|
set comment "City Lights CGR - 55_Central Offices"
|
|
set associated-interface "inside"
|
|
set color 28
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.55.233.11 255.255.255.255
|
|
next
|
|
edit "CGR_45_EdSmith"
|
|
set uuid 2e62b3b2-3812-51ef-8619-73e434821b49
|
|
set type ipmask
|
|
set comment "City Lights CGR - 45_EdSmith"
|
|
set associated-interface "inside"
|
|
set color 28
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.45.233.11 255.255.255.255
|
|
next
|
|
edit "CGR_23_Elmwood"
|
|
set uuid 2e6336a2-3812-51ef-1ed3-c83cbb8c6430
|
|
set type ipmask
|
|
set comment "City Lights CGR - 23_Elmwood"
|
|
set associated-interface "inside"
|
|
set color 28
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.23.233.11 255.255.255.255
|
|
next
|
|
edit "CGR_24_Franklin"
|
|
set uuid 2e63b9d8-3812-51ef-b2b0-64d7747a79ad
|
|
set type ipmask
|
|
set comment "City Lights CGR - 24_Franklin"
|
|
set associated-interface "inside"
|
|
set color 28
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.24.233.11 255.255.255.255
|
|
next
|
|
edit "CGR_29_Huntington"
|
|
set uuid 2e643f48-3812-51ef-2731-080a39e51b76
|
|
set type ipmask
|
|
set comment "City Lights CGR - 29_Huntington"
|
|
set associated-interface "inside"
|
|
set color 28
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.29.233.11 255.255.255.255
|
|
next
|
|
edit "CGR_15_HWSmith"
|
|
set uuid 2e64c3e6-3812-51ef-97c7-7f955a7eaf39
|
|
set type ipmask
|
|
set comment "City Lights CGR - 15_HWSmith"
|
|
set associated-interface "inside"
|
|
set color 28
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.15.233.11 255.255.255.255
|
|
next
|
|
edit "CGR_48_Beard"
|
|
set uuid 2e6546c2-3812-51ef-d158-8dda08100f51
|
|
set type ipmask
|
|
set comment "City Lights CGR - 48_Beard"
|
|
set associated-interface "inside"
|
|
set color 28
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.48.233.11 255.255.255.255
|
|
next
|
|
edit "CGR_36_McKinley"
|
|
set uuid 2e65ca52-3812-51ef-18b9-69eedbd15983
|
|
set type ipmask
|
|
set comment "City Lights CGR - 36_McKinley"
|
|
set associated-interface "inside"
|
|
set color 28
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.36.233.11 255.255.255.255
|
|
next
|
|
edit "CGR_37_Meachem"
|
|
set uuid 2e664de2-3812-51ef-f01b-1fa3b6b71280
|
|
set type ipmask
|
|
set comment "City Lights CGR - 37_Meachem"
|
|
set associated-interface "inside"
|
|
set color 28
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.37.233.11 255.255.255.255
|
|
next
|
|
edit "CGR_40_Porter"
|
|
set uuid 2e66d1ea-3812-51ef-bf14-bfa158784723
|
|
set type ipmask
|
|
set comment "City Lights CGR - 40_Porter"
|
|
set associated-interface "inside"
|
|
set color 28
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.40.233.11 255.255.255.255
|
|
next
|
|
edit "CGR_30_SalemHyde"
|
|
set uuid 2e675642-3812-51ef-9b61-6882408843cb
|
|
set type ipmask
|
|
set comment "City Lights CGR - 30_SalemHyde"
|
|
set associated-interface "inside"
|
|
set color 28
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.30.233.11 255.255.255.255
|
|
next
|
|
edit "CGR_44_Seymour"
|
|
set uuid 2e67dca2-3812-51ef-f408-37f72e66ea29
|
|
set type ipmask
|
|
set comment "City Lights CGR - 44_Seymour"
|
|
set associated-interface "inside"
|
|
set color 28
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.44.233.11 255.255.255.255
|
|
next
|
|
edit "CGR_49_VanDuyn"
|
|
set uuid 2e686064-3812-51ef-ad9e-1b98d30e1e08
|
|
set type ipmask
|
|
set comment "City Lights CGR - 49_VanDuyn"
|
|
set associated-interface "inside"
|
|
set color 28
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.49.233.11 255.255.255.255
|
|
next
|
|
edit "CGR_51_Webster"
|
|
set uuid 2e68e41c-3812-51ef-0c16-696ccedc62c8
|
|
set type ipmask
|
|
set comment "City Lights CGR - 51_Webster"
|
|
set associated-interface "inside"
|
|
set color 28
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.51.233.11 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_000"
|
|
set uuid 2e6a5bc6-3812-51ef-d792-e7c7ce024bd7
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 103.117.232.199 255.255.255.255
|
|
next
|
|
edit "hypdevw2"
|
|
set uuid 2e6ac5fc-3812-51ef-61ea-1b3941426666
|
|
set type ipmask
|
|
set comment "Hyperion"
|
|
set associated-interface "inside"
|
|
set color 22
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.52 255.255.255.255
|
|
next
|
|
edit "Access_Control_01_NOC"
|
|
set uuid 2e6b45e0-3812-51ef-c686-97daa5222233
|
|
set type ipmask
|
|
set comment "01_NOC_Access_Control"
|
|
set associated-interface "inside"
|
|
set color 29
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.72.0 255.255.255.0
|
|
next
|
|
edit "Access_Control_02_ITC"
|
|
set uuid 2e6bc7f4-3812-51ef-e362-cdb493e5b8b5
|
|
set type ipmask
|
|
set comment "02_ITC_Access_Control"
|
|
set associated-interface "inside"
|
|
set color 29
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.2.72.0 255.255.255.0
|
|
next
|
|
edit "Access_Control_03_PSLA"
|
|
set uuid 2e6c49ea-3812-51ef-5b68-f380d5f9754d
|
|
set type ipmask
|
|
set comment "Access Control PSLA at Fowler"
|
|
set associated-interface "inside"
|
|
set color 29
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.3.72.0 255.255.255.0
|
|
next
|
|
edit "Access_Control_04_Nottingham"
|
|
set uuid 2e6cd248-3812-51ef-f3bc-0052c1e495f0
|
|
set type ipmask
|
|
set comment "Access Control Nottingham"
|
|
set associated-interface "inside"
|
|
set color 29
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.4.72.0 255.255.255.0
|
|
next
|
|
edit "Access_Control_06_Henninger"
|
|
set uuid 2e6d5a6a-3812-51ef-76bd-af366b59b33a
|
|
set type ipmask
|
|
set comment "Access Control Henninger"
|
|
set associated-interface "inside"
|
|
set color 29
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.6.72.0 255.255.255.0
|
|
next
|
|
edit "Access_Control_07_Corcoran"
|
|
set uuid 2e6de0c0-3812-51ef-1887-13f7b83496d0
|
|
set type ipmask
|
|
set comment "Access Control Corcoran"
|
|
set associated-interface "inside"
|
|
set color 29
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.7.72.0 255.255.255.0
|
|
next
|
|
edit "Access_Control_08_Clary"
|
|
set uuid 2e6e63e2-3812-51ef-4c88-72223f592c5d
|
|
set type ipmask
|
|
set comment "Access Control Clary"
|
|
set associated-interface "inside"
|
|
set color 29
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.8.72.0 255.255.255.0
|
|
next
|
|
edit "Access_Control_09_Grant"
|
|
set uuid 2e6ee61e-3812-51ef-525f-732f6ef2c376
|
|
set type ipmask
|
|
set comment "Access Control Grant"
|
|
set associated-interface "inside"
|
|
set color 29
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.9.72.0 255.255.255.0
|
|
next
|
|
edit "Access_Control_10_Levy"
|
|
set uuid 2e6f6b16-3812-51ef-6711-f2c7300c56bd
|
|
set type ipmask
|
|
set comment "Access Control Levy"
|
|
set associated-interface "inside"
|
|
set color 29
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.10.72.0 255.255.255.0
|
|
next
|
|
edit "Access_Control_40_Porter"
|
|
set uuid 2e6fedf2-3812-51ef-12bc-90c91dc77219
|
|
set type ipmask
|
|
set comment "Access Control Porter"
|
|
set associated-interface "inside"
|
|
set color 29
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.40.72.0 255.255.255.0
|
|
next
|
|
edit "PeopleTools"
|
|
set uuid 2e706d72-3812-51ef-bdb3-aaf48ad72387
|
|
set type ipmask
|
|
set comment "Peoplesoft"
|
|
set associated-interface "inside"
|
|
set color 20
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.100 255.255.255.255
|
|
next
|
|
edit "psupgfin2"
|
|
set uuid 2e715d7c-3812-51ef-f7d4-7bff580c2701
|
|
set type ipmask
|
|
set comment "Peoplesoft"
|
|
set associated-interface "inside"
|
|
set color 20
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.117 255.255.255.255
|
|
next
|
|
edit "psupghcm2"
|
|
set uuid 2e71d8e2-3812-51ef-251a-1f1670a20bba
|
|
set type ipmask
|
|
set comment "Peoplesoft"
|
|
set associated-interface "inside"
|
|
set color 20
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.116 255.255.255.255
|
|
next
|
|
edit "pum_a"
|
|
set uuid 2e725114-3812-51ef-8ff8-d68259b63c4f
|
|
set type ipmask
|
|
set comment "Peoplesoft"
|
|
set associated-interface "inside"
|
|
set color 20
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.111 255.255.255.255
|
|
next
|
|
edit "pum_b"
|
|
set uuid 2e72c9a0-3812-51ef-cf04-6971eee5d46a
|
|
set type ipmask
|
|
set comment "Peoplesoft"
|
|
set associated-interface "inside"
|
|
set color 20
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.18.112 255.255.255.255
|
|
next
|
|
edit "SMTP_Office365_a"
|
|
set uuid 2e7387aa-3812-51ef-ef37-3f7e9704f71c
|
|
set type ipmask
|
|
set comment "Microsoft to Barracuda Archivers"
|
|
set associated-interface "outside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 104.47.0.0 255.255.128.0
|
|
next
|
|
edit "SMTP_Office365_b"
|
|
set uuid 2e74019e-3812-51ef-4354-8a438c54cafc
|
|
set type ipmask
|
|
set comment "Microsoft to Barracuda Archivers"
|
|
set associated-interface "outside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 40.92.0.0 255.254.0.0
|
|
next
|
|
edit "SMTP_Office365_c"
|
|
set uuid 2e7479da-3812-51ef-e686-2e2c26262564
|
|
set type ipmask
|
|
set comment "Microsoft to Barracuda Archivers"
|
|
set associated-interface "outside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 40.107.0.0 255.255.0.0
|
|
next
|
|
edit "SMTP_Office365_d"
|
|
set uuid 2e74f1d0-3812-51ef-0469-bd9d6a3d5870
|
|
set type ipmask
|
|
set comment "Microsoft to Barracuda Archivers"
|
|
set associated-interface "outside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 52.100.0.0 255.252.0.0
|
|
next
|
|
edit "City_Side_VoIP_30"
|
|
set uuid 2e75e252-3812-51ef-58bf-c049447f60ec
|
|
set type ipmask
|
|
set comment "City Side VoIP"
|
|
set associated-interface "city_phones"
|
|
set color 28
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.250.30.0 255.255.255.0
|
|
next
|
|
edit "City_Side_VoIP_56"
|
|
set uuid 2e767488-3812-51ef-5e78-8b95bdcfd038
|
|
set type ipmask
|
|
set comment "City Side VoIP"
|
|
set associated-interface "city_phones"
|
|
set color 28
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.250.56.0 255.255.255.0
|
|
next
|
|
edit "City_Side_VoIP_61"
|
|
set uuid 2e7705ec-3812-51ef-7ec4-7bfa0a233031
|
|
set type ipmask
|
|
set comment "City Side VoIP"
|
|
set associated-interface "city_phones"
|
|
set color 28
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.250.61.0 255.255.255.0
|
|
next
|
|
edit "City_Side_VoIP_62"
|
|
set uuid 2e77982c-3812-51ef-2390-2a90da7a147c
|
|
set type ipmask
|
|
set comment "City Side VoIP"
|
|
set associated-interface "city_phones"
|
|
set color 28
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.250.62.0 255.255.255.0
|
|
next
|
|
edit "City_Side_VoIP_63"
|
|
set uuid 2e782b0c-3812-51ef-9607-aab4541a7a4f
|
|
set type ipmask
|
|
set comment "City Side VoIP"
|
|
set associated-interface "city_phones"
|
|
set color 28
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.250.63.0 255.255.255.0
|
|
next
|
|
edit "City_Side_VoIP_64"
|
|
set uuid 2e78c0ee-3812-51ef-7575-b1d643b4e1e3
|
|
set type ipmask
|
|
set comment "City Side VoIP"
|
|
set associated-interface "city_phones"
|
|
set color 28
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.250.64.0 255.255.255.0
|
|
next
|
|
edit "City_Side_VoIP_65"
|
|
set uuid 2e7951e4-3812-51ef-a483-cefb159e4ed9
|
|
set type ipmask
|
|
set comment "City Side VoIP"
|
|
set associated-interface "city_phones"
|
|
set color 28
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.250.65.0 255.255.255.0
|
|
next
|
|
edit "City_Side_VoIP_66"
|
|
set uuid 2e79e3ac-3812-51ef-2382-ee82da6df09c
|
|
set type ipmask
|
|
set comment "City Side VoIP"
|
|
set associated-interface "city_phones"
|
|
set color 28
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.250.66.0 255.255.255.0
|
|
next
|
|
edit "City_Side_VoIP_67"
|
|
set uuid 2e7a7498-3812-51ef-47a0-77e6c80a37f0
|
|
set type ipmask
|
|
set comment "City Side VoIP"
|
|
set associated-interface "city_phones"
|
|
set color 28
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.250.67.0 255.255.255.0
|
|
next
|
|
edit "City_Side_VoIP_68"
|
|
set uuid 2e7b0ed0-3812-51ef-236d-d8d0e67db7c3
|
|
set type ipmask
|
|
set comment "City Side VoIP"
|
|
set associated-interface "city_phones"
|
|
set color 28
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.250.68.0 255.255.255.0
|
|
next
|
|
edit "City_Side_VoIP_72"
|
|
set uuid 2e7ba0de-3812-51ef-ad4b-e4816cfae8eb
|
|
set type ipmask
|
|
set comment "City Side VoIP"
|
|
set associated-interface "city_phones"
|
|
set color 28
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.250.72.0 255.255.255.0
|
|
next
|
|
edit "City_Side_VoIP_74"
|
|
set uuid 2e7c31ac-3812-51ef-d321-515bdc528759
|
|
set type ipmask
|
|
set comment "City Side VoIP"
|
|
set associated-interface "city_phones"
|
|
set color 28
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.250.74.0 255.255.255.0
|
|
next
|
|
edit "City_Side_VoIP_75"
|
|
set uuid 2e7cd09e-3812-51ef-f73c-3736aae85e1d
|
|
set type ipmask
|
|
set comment "City Side VoIP"
|
|
set associated-interface "city_phones"
|
|
set color 28
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.250.75.0 255.255.255.0
|
|
next
|
|
edit "City_Side_VoIP_76"
|
|
set uuid 2e7d66bc-3812-51ef-4435-0dd0a77e41d4
|
|
set type ipmask
|
|
set comment "City Side VoIP"
|
|
set associated-interface "city_phones"
|
|
set color 28
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.250.76.0 255.255.255.0
|
|
next
|
|
edit "City_Side_VoIP_77"
|
|
set uuid 2e7dfaa0-3812-51ef-1dcc-ac90ff8926e2
|
|
set type ipmask
|
|
set comment "City Side VoIP - Includes DPW Router"
|
|
set associated-interface "city_phones"
|
|
set color 28
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.250.77.0 255.255.255.0
|
|
next
|
|
edit "City_Side_VoIP_88"
|
|
set uuid 2e7e9d20-3812-51ef-a121-e17d044527ab
|
|
set type ipmask
|
|
set comment "City Side VoIP"
|
|
set associated-interface "city_phones"
|
|
set color 28
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.250.88.0 255.255.255.0
|
|
next
|
|
edit "City_Side_VoIP_132"
|
|
set uuid 2e824e0c-3812-51ef-f898-e663bcc71d4d
|
|
set type ipmask
|
|
set comment "City Side VoIP"
|
|
set associated-interface "city_phones"
|
|
set color 28
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.250.132.0 255.255.255.0
|
|
next
|
|
edit "City_Side_VoIP_1_Park_Place_A"
|
|
set uuid 2e82eb6e-3812-51ef-28df-f089494b8399
|
|
set type ipmask
|
|
set comment "City Side VoIP"
|
|
set associated-interface "city_phones"
|
|
set color 28
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.249.0.44 255.255.255.255
|
|
next
|
|
edit "CUCM_BRIGHTON"
|
|
set uuid 2e84266e-3812-51ef-7fbc-1b9b90bf7194
|
|
set type ipmask
|
|
set comment "SCSD Cisco Call Managers"
|
|
set associated-interface "inside"
|
|
set color 5
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.21.150.0 255.255.255.0
|
|
next
|
|
edit "CUCM_ITC_NOC"
|
|
set uuid 2e84a602-3812-51ef-1f08-b0824da72239
|
|
set type ipmask
|
|
set comment "SCSD Cisco Call Managers"
|
|
set associated-interface "inside"
|
|
set color 5
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.150.0 255.255.255.0
|
|
next
|
|
edit "City_Side_VoIP_1_Park_Place_B"
|
|
set uuid 2e852c3a-3812-51ef-5972-e8a0b63c2239
|
|
set type ipmask
|
|
set comment "City Side VoIP"
|
|
set associated-interface "city_phones"
|
|
set color 28
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.235.40.0 255.255.248.0
|
|
next
|
|
edit "City_Side_VoIP_Router_A"
|
|
set uuid 2e85c0be-3812-51ef-4fde-59fdeaf89e37
|
|
set type ipmask
|
|
set comment "City Side VoIP Router"
|
|
set associated-interface "city_phones"
|
|
set color 28
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.250.51.21 255.255.255.255
|
|
next
|
|
edit "City_Side_VoIP_Router_B"
|
|
set uuid 2e8658b2-3812-51ef-1bc1-a384901e859e
|
|
set type ipmask
|
|
set comment "City Side VoIP Router"
|
|
set associated-interface "city_phones"
|
|
set color 28
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.250.51.23 255.255.255.255
|
|
next
|
|
edit "SPD_Side_A"
|
|
set uuid 2e86ed36-3812-51ef-bc52-99bc1c0d3116
|
|
set type ipmask
|
|
set comment "SPD Side Firewall"
|
|
set associated-interface "city_phones"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.250.100.80 255.255.255.248
|
|
next
|
|
edit "SPD_Side_B"
|
|
set uuid 2e877e4a-3812-51ef-bee7-291cc3a2ffc2
|
|
set type ipmask
|
|
set comment "SPD Side Firewall"
|
|
set associated-interface "city_phones"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.250.100.88 255.255.255.254
|
|
next
|
|
edit "County_Network"
|
|
set uuid 2e88108a-3812-51ef-cd0f-4d778254e364
|
|
set type ipmask
|
|
set comment "Onondaga County Purchasing Department"
|
|
set associated-interface "city_phones"
|
|
set color 0
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.250.100.90 255.255.255.255
|
|
next
|
|
edit "City_Side_VoIP_Water_DPW_Recorder"
|
|
set uuid 2e88a766-3812-51ef-02f0-7201a3ca1654
|
|
set type ipmask
|
|
set comment "City Side VoIP"
|
|
set associated-interface "city_phones"
|
|
set color 28
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.249.0.46 255.255.255.255
|
|
next
|
|
edit "Microsoft 1"
|
|
set uuid 2e8937da-3812-51ef-b1d2-ca37982a8931
|
|
set type ipmask
|
|
set comment "Located in India"
|
|
set associated-interface "outside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 13.71.55.58 255.255.255.255
|
|
next
|
|
edit "NVR-NOC"
|
|
set uuid 2e8b1f00-3812-51ef-c77d-2c26f6c4ec72
|
|
set type ipmask
|
|
set comment "NVR ITC Data Center"
|
|
set associated-interface "inside"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.1.70.38 255.255.255.255
|
|
next
|
|
edit "NVR-FAILOVER"
|
|
set uuid 2e8baf10-3812-51ef-8b00-96ee8c525b78
|
|
set type ipmask
|
|
set comment "NVR ITC Data Center"
|
|
set associated-interface "inside"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.1.70.27 255.255.255.255
|
|
next
|
|
edit "NVR-RING1-CLAR"
|
|
set uuid 2e8c402e-3812-51ef-031a-918838096acc
|
|
set type ipmask
|
|
set comment "NVR Clary MDF"
|
|
set associated-interface "inside"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.8.70.11 255.255.255.255
|
|
next
|
|
edit "NVR-RING1-CLAR2"
|
|
set uuid 2e8ccdbe-3812-51ef-01d4-64b342dd0863
|
|
set type ipmask
|
|
set comment "NVR Clary MDF"
|
|
set associated-interface "inside"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.8.70.14 255.255.255.255
|
|
next
|
|
edit "NVR-RING1-CORC"
|
|
set uuid 2e8d5b4e-3812-51ef-4bce-463e1972710d
|
|
set type ipmask
|
|
set comment "NVR Corcoran MDF"
|
|
set associated-interface "inside"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.7.70.11 255.255.255.255
|
|
next
|
|
edit "NVR-RING1-CORC2"
|
|
set uuid 2e8de9ec-3812-51ef-707c-e5b7a3e71805
|
|
set type ipmask
|
|
set comment "NVR Corcoran MDF"
|
|
set associated-interface "inside"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.7.70.14 255.255.255.255
|
|
next
|
|
edit "NVR-RING2-DANF"
|
|
set uuid 2e8e77d6-3812-51ef-c33f-d198b590fd67
|
|
set type ipmask
|
|
set comment "NVR Danforth MDF"
|
|
set associated-interface "inside"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.21.70.11 255.255.255.255
|
|
next
|
|
edit "NVR-RING2-DANF2"
|
|
set uuid 2e8f06e2-3812-51ef-6d49-fa55f583384e
|
|
set type ipmask
|
|
set comment "NVR Danforth MDF"
|
|
set associated-interface "inside"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.21.70.14 255.255.255.255
|
|
next
|
|
edit "NVR-RING3-PSLA"
|
|
set uuid 2e8f9594-3812-51ef-6d7c-ae678fe27db1
|
|
set type ipmask
|
|
set comment "NVR PSLA MDF"
|
|
set associated-interface "inside"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.3.70.11 255.255.255.255
|
|
next
|
|
edit "NVR-RING3-PSLA2"
|
|
set uuid 2e902220-3812-51ef-058c-f3733759fcab
|
|
set type ipmask
|
|
set comment "NVR PSLA MDF"
|
|
set associated-interface "inside"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.3.70.14 255.255.255.255
|
|
next
|
|
edit "NVR-RING4-BLOD"
|
|
set uuid 2e90af56-3812-51ef-cced-171e6c20b418
|
|
set type ipmask
|
|
set comment "NVR Blodgett MDF"
|
|
set associated-interface "inside"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.53.70.11 255.255.255.255
|
|
next
|
|
edit "NVR-RING4-FRAZ"
|
|
set uuid 2e913d90-3812-51ef-c0ea-fcbcd4d6898e
|
|
set type ipmask
|
|
set comment "NVR Frazier MDF"
|
|
set associated-interface "inside"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.25.70.11 255.255.255.255
|
|
next
|
|
edit "NVR-RING5-CENT"
|
|
set uuid 2e91cb84-3812-51ef-22a2-955a2f9a33ce
|
|
set type ipmask
|
|
set comment "NVR Central Offices MDF"
|
|
set associated-interface "inside"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.55.70.11 255.255.255.255
|
|
next
|
|
edit "NVR-RING6-EDSM"
|
|
set uuid 2e925e32-3812-51ef-67f9-0d97f42396ed
|
|
set type ipmask
|
|
set comment "NVR Ed Smith MDF"
|
|
set associated-interface "inside"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.45.70.11 255.255.255.255
|
|
next
|
|
edit "NVR-RING6-HWSM"
|
|
set uuid 2e92edfc-3812-51ef-112a-22daa18f37c5
|
|
set type ipmask
|
|
set comment "NVR HW Smith MDF"
|
|
set associated-interface "inside"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.15.70.11 255.255.255.255
|
|
next
|
|
edit "NVR-RING6-HWSM2"
|
|
set uuid 2e938046-3812-51ef-299c-2a23949e8924
|
|
set type ipmask
|
|
set comment "NVR HW Smith MDF"
|
|
set associated-interface "inside"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.15.70.14 255.255.255.255
|
|
next
|
|
edit "NVR-RING6-NOTT"
|
|
set uuid 2e940fb6-3812-51ef-fd41-139f79b2b442
|
|
set type ipmask
|
|
set comment "NVR Nottingham MDF"
|
|
set associated-interface "inside"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.4.70.11 255.255.255.255
|
|
next
|
|
edit "NVR-RING7-BELL"
|
|
set uuid 2e94a002-3812-51ef-0538-0864ebf47db1
|
|
set type ipmask
|
|
set comment "NVR Bellevue MDF"
|
|
set associated-interface "inside"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.16.70.11 255.255.255.255
|
|
next
|
|
edit "NVR-RING7-GRAN"
|
|
set uuid 2e952ffe-3812-51ef-6ce3-589ebc24e5aa
|
|
set type ipmask
|
|
set comment "NVR Grant 2nd Floor IDF"
|
|
set associated-interface "inside"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.9.70.11 255.255.255.255
|
|
next
|
|
edit "NVR-RING7-GRAN2"
|
|
set uuid 2e95c428-3812-51ef-d63b-377d7622dc5c
|
|
set type ipmask
|
|
set comment "NVR Grant 2nd Floor IDF"
|
|
set associated-interface "inside"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.9.70.14 255.255.255.255
|
|
next
|
|
edit "NVR-RING8-HENN"
|
|
set uuid 2e965596-3812-51ef-413b-89dc595f4cff
|
|
set type ipmask
|
|
set comment "NVR Henninger MDF"
|
|
set associated-interface "inside"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.6.70.11 255.255.255.255
|
|
next
|
|
edit "NVR-RING8-HENN2"
|
|
set uuid 2e96e5f6-3812-51ef-8a91-7ace2a3cf879
|
|
set type ipmask
|
|
set comment "NVR Henninger MDF"
|
|
set associated-interface "inside"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.6.70.14 255.255.255.255
|
|
next
|
|
edit "NVR-RING8-HUNT"
|
|
set uuid 2e977804-3812-51ef-13ec-3ce3a7d8527c
|
|
set type ipmask
|
|
set comment "NVR Huntington MDF"
|
|
set associated-interface "inside"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.29.70.11 255.255.255.255
|
|
next
|
|
edit "Genetec-Dir"
|
|
set uuid 2e98a224-3812-51ef-3d97-373a03eb6782
|
|
set type ipmask
|
|
set comment "Genetec Directory"
|
|
set associated-interface "inside"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.1.70.141 255.255.255.255
|
|
next
|
|
edit "Genetec-DirBU"
|
|
set uuid 2e9931a8-3812-51ef-f5a6-c411ca6a996d
|
|
set type ipmask
|
|
set comment "Genetec Directory Backup"
|
|
set associated-interface "inside"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.1.70.22 255.255.255.255
|
|
next
|
|
edit "Genetec-Media"
|
|
set uuid 2e99c46a-3812-51ef-61be-9ee216810db9
|
|
set type ipmask
|
|
set comment "Genetec Media Server"
|
|
set associated-interface "inside"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.1.70.143 255.255.255.255
|
|
next
|
|
edit "Genetec-MRouter"
|
|
set uuid 2e9a53c6-3812-51ef-7c4d-7cd90c655325
|
|
set type ipmask
|
|
set comment "Genetec Media Server"
|
|
set associated-interface "inside"
|
|
set color 2
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.1.70.145 255.255.255.255
|
|
next
|
|
edit "MS_Teams_External_A"
|
|
set uuid 2e9aed04-3812-51ef-0136-7ba1f35d0eeb
|
|
set type ipmask
|
|
set comment "MS Teams for SBC"
|
|
set associated-interface "outside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 13.107.64.0 255.255.192.0
|
|
next
|
|
edit "MS_Teams_External_B"
|
|
set uuid 2e9b6018-3812-51ef-c328-260f6a644bac
|
|
set type ipmask
|
|
set comment "MS Teams for SBC"
|
|
set associated-interface "outside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 52.112.0.0 255.252.0.0
|
|
next
|
|
edit "SBC-NOC"
|
|
set uuid 2e9bcbfc-3812-51ef-38e5-74d95f48b935
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.1.150.21 255.255.255.255
|
|
next
|
|
edit "SBC-DAN"
|
|
set uuid 2e9c3830-3812-51ef-4c60-7db18a7653cf
|
|
set type ipmask
|
|
set comment "Moved to Brighton Academy 09FEB2024"
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.1.150.22 255.255.255.255
|
|
next
|
|
edit "DataTools"
|
|
set uuid 2e9cc674-3812-51ef-defd-d24f4e74d72f
|
|
set type ipmask
|
|
set comment "ODBC Connection to ST DB"
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.1.48.67 255.255.255.255
|
|
next
|
|
edit "ST_Internal_2"
|
|
set uuid 2e9d4bc6-3812-51ef-094f-c611eced0efa
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.1.40.191 255.255.255.255
|
|
next
|
|
edit "Tableau"
|
|
set uuid 2ea0f60e-3812-51ef-370d-a3bc1770ec83
|
|
set type ipmask
|
|
set comment "ODBC connections to ST DB"
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.48.61 255.255.255.255
|
|
next
|
|
edit "21JumpSt"
|
|
set uuid 2ea168be-3812-51ef-db8c-4f2bc50e9d12
|
|
set type ipmask
|
|
set comment "Jumpbox for SchoolTool"
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.48.128 255.255.255.255
|
|
next
|
|
edit "Fileserver03"
|
|
set uuid 2ea1db5a-3812-51ef-5b80-afbfd3e511a3
|
|
set type ipmask
|
|
set comment "Cloud ST to write SMB Here"
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.48.97 255.255.255.255
|
|
next
|
|
edit "SchoolTool webjs"
|
|
set uuid 3f911952-63a1-51ef-055d-a8bb6cdce37e
|
|
set type ipmask
|
|
set comment "SchoolTool"
|
|
set associated-interface "inside"
|
|
set color 18
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.40.102 255.255.255.255
|
|
next
|
|
edit "Safeschools_02"
|
|
set uuid 777359ae-8faa-51ef-2f8f-4f76e1654996
|
|
set type ipmask
|
|
set comment "IP address for Safe Schools video training. Used to access LDAP authentication."
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 18.219.244.165 255.255.255.255
|
|
next
|
|
edit "Server_40"
|
|
set uuid dd2d842c-9202-51ef-e573-d3a5b9382b0a
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.40.0 255.255.255.0
|
|
next
|
|
edit "Server_48"
|
|
set uuid ee0acae8-9202-51ef-cc94-0172e12879ff
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.48.0 255.255.255.0
|
|
next
|
|
edit "Test_10.10.1.20"
|
|
set uuid 52b4b918-a761-51ef-0e97-8258e27acae4
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.10.1.20 255.255.255.255
|
|
next
|
|
edit "AW_inbound.us002-prod.arcticwolf.net"
|
|
set uuid ac339358-b89e-51ef-9652-3f49525d9caa
|
|
set type iprange
|
|
set comment "Arctic Wolf"
|
|
set associated-interface "outside"
|
|
set color 0
|
|
set fabric-object disable
|
|
set start-ip 3.145.238.128
|
|
set end-ip 3.145.238.159
|
|
next
|
|
edit "AW_device-activation.us-global-prod.arcticwolf.net"
|
|
set uuid de129e78-b89e-51ef-09cf-d9c639a159f2
|
|
set type iprange
|
|
set comment "Arctic Wolf"
|
|
set associated-interface "outside"
|
|
set color 0
|
|
set fabric-object disable
|
|
set start-ip 35.84.197.208
|
|
set end-ip 35.84.197.228
|
|
next
|
|
edit "AW_drs.us-global-prod.arcticwolf.net"
|
|
set uuid 05491eae-b89f-51ef-d4a6-28f59982bfd3
|
|
set type iprange
|
|
set comment "Arctic Wolf"
|
|
set associated-interface "outside"
|
|
set color 0
|
|
set fabric-object disable
|
|
set start-ip 44.239.235.232
|
|
set end-ip 44.239.235.239
|
|
next
|
|
edit "AW_auth.arcticwolf.com"
|
|
set uuid 2c2ce9ec-b89f-51ef-caa8-f54744732c4a
|
|
set type fqdn
|
|
set comment "Arctic Wolf"
|
|
set associated-interface "outside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set fqdn "auth.arcticwolf.com"
|
|
set cache-ttl 0
|
|
next
|
|
edit "AW_Scanner_MerryChristmas"
|
|
set uuid 2d70cf84-c142-51ef-24fe-a71259b9d091
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.40.222 255.255.255.255
|
|
next
|
|
edit "DPS_local_subnet_1"
|
|
set uuid 1872df9a-0031-51f0-fff1-2f495ac5a299
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 0.0.0.0 0.0.0.0
|
|
next
|
|
edit "DPS_remote_subnet_1"
|
|
set uuid 1875f7ac-0031-51f0-9045-63b87b789405
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 0.0.0.0 0.0.0.0
|
|
next
|
|
edit "Schroeder _CT_NOC_CVM"
|
|
set uuid 254d5e0a-108c-51f0-dfeb-a62486678a88
|
|
set type ipmask
|
|
set comment "Nutanix CVM"
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.40.181 255.255.255.255
|
|
next
|
|
edit "Pigpen_CT_NOC_CVM"
|
|
set uuid 6fa1cf36-108c-51f0-3fcf-358ad088c599
|
|
set type ipmask
|
|
set comment "Nutanix CVM"
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.101.180.26 255.255.255.255
|
|
next
|
|
edit "RedBaron_CT_NOC_CVM"
|
|
set uuid 934e4f40-108c-51f0-391f-e78de4d94e80
|
|
set type ipmask
|
|
set comment "Nutanix CVM"
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.101.180.27 255.255.255.255
|
|
next
|
|
edit "Sally_CT_NOC_CVM"
|
|
set uuid a831d95e-108c-51f0-155b-2f6e5780d286
|
|
set type ipmask
|
|
set comment "Nutanix CVM"
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.101.180.29 255.255.255.255
|
|
next
|
|
edit "Patty_CT_NOC_CVM"
|
|
set uuid bd9813da-108c-51f0-7114-bf7598e28c78
|
|
set type ipmask
|
|
set comment "Nutanix CVM"
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.101.180.30 255.255.255.255
|
|
next
|
|
edit "Nutanix_Support1"
|
|
set uuid 4fae5c16-108d-51f0-6e40-311b1a74a075
|
|
set type fqdn
|
|
set comment ''
|
|
set associated-interface "outside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set fqdn "nsc01.nutanix.net"
|
|
set cache-ttl 0
|
|
next
|
|
edit "Nutanix_Support2"
|
|
set uuid 6120f3f0-108d-51f0-5630-197da97dc590
|
|
set type fqdn
|
|
set comment ''
|
|
set associated-interface "outside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set fqdn "nsc02.nutanix.net"
|
|
set cache-ttl 0
|
|
next
|
|
edit "z_BlockIP_138"
|
|
set uuid 58423e20-13de-51f0-cc56-a934e8e4ba17
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 172.86.91.155 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_139"
|
|
set uuid 7cd8879e-13de-51f0-709e-21f1d1ba5fc2
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 103.35.189.221 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_140"
|
|
set uuid 95657290-13de-51f0-e7da-09b7938391c8
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 94.131.101.15 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_142"
|
|
set uuid efabc0b8-146c-51f0-a02b-f597c1b43b4e
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 103.35.189.104 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_143"
|
|
set uuid 046daeb2-146d-51f0-7d98-622be44b9b60
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 172.86.112.56 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_144"
|
|
set uuid 1af72b86-146d-51f0-9cb8-2b6595e3acc8
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 194.116.173.199 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_145"
|
|
set uuid 2f795822-146d-51f0-6612-b046db3e5f87
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 172.86.84.61 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_146"
|
|
set uuid 487077ca-146d-51f0-3740-5075e4d52ccc
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 103.35.188.34 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_147"
|
|
set uuid 5d713d80-146d-51f0-0f64-f5c6c4406f37
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 74.119.194.18 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_148"
|
|
set uuid 7453f038-146d-51f0-f9ec-496161d3e5da
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 141.98.168.11 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_149"
|
|
set uuid 8e83d9be-146d-51f0-4050-36e1f57c4395
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 103.35.188.74 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_150"
|
|
set uuid b57bd490-146d-51f0-cc95-f2ffd9228010
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 5.180.24.94 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_151"
|
|
set uuid f1c6c9f0-146d-51f0-3a97-96506f18b483
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 141.98.168.14 255.255.255.255
|
|
next
|
|
edit "z_BlockIP_"
|
|
set uuid 085d1296-146e-51f0-ba96-01b5a721554c
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 45.150.65.206 255.255.255.255
|
|
next
|
|
edit "z_BlockRange_01"
|
|
set uuid 8231582a-146e-51f0-dfa1-c1d13529cd9e
|
|
set type iprange
|
|
set comment ''
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set fabric-object disable
|
|
set start-ip 103.35.188.0
|
|
set end-ip 103.35.189.255
|
|
next
|
|
edit "z_BlockRange_02"
|
|
set uuid 14d4694c-146f-51f0-55c7-d87753f474c2
|
|
set type iprange
|
|
set comment ''
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set fabric-object disable
|
|
set start-ip 172.86.84.0
|
|
set end-ip 172.86.84.255
|
|
next
|
|
edit "z_BlockRange_03"
|
|
set uuid 71037f82-146f-51f0-0bba-151f28bb65cb
|
|
set type iprange
|
|
set comment ''
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set fabric-object disable
|
|
set start-ip 194.116.173.0
|
|
set end-ip 194.116.173.255
|
|
next
|
|
edit "z_BlockSub_040"
|
|
set uuid 1ad02664-1470-51f0-b041-d7042e3fac13
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 74.119.194.0 255.255.255.0
|
|
next
|
|
edit "z_BlockSub_041"
|
|
set uuid 2d280994-1470-51f0-91f2-7a6ba071f4d3
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 141.98.168.0 255.255.255.0
|
|
next
|
|
edit "z_BlockSub_042"
|
|
set uuid 3e9c1cec-1470-51f0-1bf9-4166e7829b7a
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 5.180.24.0 255.255.255.0
|
|
next
|
|
edit "ITC_Cafe_POS"
|
|
set uuid 7148484e-1eb8-51f0-93f0-89e1e17b8459
|
|
set type ipmask
|
|
set comment "Point of Sale"
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.2.4.125 255.255.255.255
|
|
next
|
|
edit "Clary_POS"
|
|
set uuid aa69572e-1f78-51f0-8e55-990ffcc20c10
|
|
set type ipmask
|
|
set comment "Point of Sale"
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.8.1.47 255.255.255.255
|
|
next
|
|
edit "Porter_POS"
|
|
set uuid bc8ffcd2-1f78-51f0-f64f-f1c4fe4ff0d8
|
|
set type ipmask
|
|
set comment "Point of Sale"
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.40.1.69 255.255.255.255
|
|
next
|
|
edit "AW_Scanner _HappyHalloween"
|
|
set uuid 9fb2fdb4-2b60-51f0-8a8f-4471a0b9504d
|
|
set type ipmask
|
|
set comment "Scanner for Servers Only"
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.40.211 255.255.255.255
|
|
next
|
|
edit "AW_Scanner_HappyNewYear"
|
|
set uuid ccc13e06-37d6-51f0-90fa-b431bbedeb9b
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.40.23 255.255.255.255
|
|
next
|
|
edit "AW_Scanner_DiaDeLosMuertos"
|
|
set uuid e5b1284a-37d6-51f0-bdda-03d8b5eafabe
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.40.223 255.255.255.255
|
|
next
|
|
edit "AW_Scanner_LaborDay"
|
|
set uuid 2c3cebc8-37d7-51f0-9b22-a2d152101c85
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.40.241 255.255.255.255
|
|
next
|
|
edit "RAP_10.67.0.0/16"
|
|
set uuid 4e13b516-56ad-51f0-e3fa-4c5a809bb62b
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "RAP"
|
|
set color 0
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.67.0.0 255.255.0.0
|
|
next
|
|
edit "RAP-MGMT"
|
|
set uuid f774e6e6-5b69-51f0-39da-abc1cff227c7
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 192.168.67.0 255.255.255.0
|
|
next
|
|
edit "Sys-Net-Admins"
|
|
set uuid 80075770-5c35-51f0-bcdc-56db865aaadb
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.1.6.0 255.255.255.0
|
|
next
|
|
edit "Elastic"
|
|
set uuid 51f90cec-73c4-51f0-b8ea-111a26d3685a
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.1.48.121 255.255.255.255
|
|
next
|
|
edit "DPS_10.46.0.0/16"
|
|
set uuid 44a6e67a-a391-51f0-5e80-df4e3e70b7b5
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.46.0.0 255.255.0.0
|
|
next
|
|
edit "DPS_Mgmt"
|
|
set uuid 71dd8dd8-a391-51f0-a4af-42b2e4c6d5a4
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 192.168.46.0 255.255.255.0
|
|
next
|
|
edit "DPS_192.168.146.0/24"
|
|
set uuid f4443f7e-a391-51f0-64c9-bc053e765462
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 192.168.146.0 255.255.255.0
|
|
next
|
|
edit "z_BlockIP_152"
|
|
set uuid 70bb7f80-af41-51f0-89b1-395ec50108c0
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface "outside"
|
|
set color 6
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 107.172.59.44 255.255.255.255
|
|
next
|
|
edit "IoT - Core"
|
|
set uuid 794d7a4e-b66d-51f0-856c-345c4cc55a4e
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 10.1.30.0 255.255.254.0
|
|
next
|
|
edit "ipad_test"
|
|
set uuid 73505be0-bfee-51f0-17ab-22462d561c48
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 10.14.112.94 255.255.255.255
|
|
next
|
|
edit "RAPpublic"
|
|
set uuid c46a336e-c194-51f0-051b-e4a8a3961884
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 24.105.188.54 255.255.255.255
|
|
next
|
|
edit "RAP-FW-Inside"
|
|
set uuid 0bce9996-c93f-51f0-5b1f-02a514ce4115
|
|
set type ipmask
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set allow-routing enable
|
|
set fabric-object disable
|
|
set subnet 192.168.167.0 255.255.255.0
|
|
next
|
|
edit "NOCTI"
|
|
set uuid b7df5fbc-d9b7-51f0-db17-b0bca9275187
|
|
set type fqdn
|
|
set comment ''
|
|
set associated-interface "outside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set fqdn "nocti.org"
|
|
set cache-ttl 0
|
|
next
|
|
edit "Shea_Secure_Wireless"
|
|
set uuid 22496ec8-d9b9-51f0-a91b-730ed00e33ee
|
|
set type iprange
|
|
set comment "Test nocti.org"
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set fabric-object disable
|
|
set start-ip 10.14.112.11
|
|
set end-ip 10.14.127.254
|
|
next
|
|
edit "Shea_VLAN_6"
|
|
set uuid 5a9f6098-d9b9-51f0-6b06-b985fc030564
|
|
set type iprange
|
|
set comment "Test nocti.org"
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set fabric-object disable
|
|
set start-ip 10.1.6.20
|
|
set end-ip 10.1.6.254
|
|
next
|
|
edit "Corcoran_VLAN_20"
|
|
set uuid 36d514aa-d9d7-51f0-65fd-26ea431f097e
|
|
set type iprange
|
|
set comment ''
|
|
set associated-interface "inside"
|
|
set color 0
|
|
set fabric-object disable
|
|
set start-ip 10.7.1.20
|
|
set end-ip 10.7.7.254
|
|
next
|
|
edit "Corcoran_Secure_Wireless"
|
|
set uuid 634b666a-d9d7-51f0-73b2-a7f99abadf8d
|
|
set type iprange
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set start-ip 10.7.112.11
|
|
set end-ip 10.7.127.254
|
|
next
|
|
edit "Oracle Cloud IP"
|
|
set uuid 75421a04-f227-51f0-cbc3-5ab2211b2086
|
|
set type ipmask
|
|
set comment "Oracle Cloud IP\'s"
|
|
set associated-interface "outside"
|
|
set color 0
|
|
set allow-routing disable
|
|
set fabric-object disable
|
|
set subnet 147.154.0.0 255.255.192.0
|
|
next
|
|
end
|
|
config firewall multicast-address
|
|
edit "all_hosts"
|
|
set type multicastrange
|
|
set start-ip 224.0.0.1
|
|
set end-ip 224.0.0.1
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
next
|
|
edit "all_routers"
|
|
set type multicastrange
|
|
set start-ip 224.0.0.2
|
|
set end-ip 224.0.0.2
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
next
|
|
edit "Bonjour"
|
|
set type multicastrange
|
|
set start-ip 224.0.0.251
|
|
set end-ip 224.0.0.251
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
next
|
|
edit "EIGRP"
|
|
set type multicastrange
|
|
set start-ip 224.0.0.10
|
|
set end-ip 224.0.0.10
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
next
|
|
edit "OSPF"
|
|
set type multicastrange
|
|
set start-ip 224.0.0.5
|
|
set end-ip 224.0.0.6
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
next
|
|
edit "all"
|
|
set type multicastrange
|
|
set start-ip 224.0.0.0
|
|
set end-ip 239.255.255.255
|
|
set comment ''
|
|
set associated-interface ''
|
|
set color 0
|
|
next
|
|
end
|
|
config firewall address6-template
|
|
end
|
|
config firewall address6
|
|
edit "all"
|
|
set uuid e52cf0d8-7e12-51ec-1275-31d4022ee116
|
|
set type ipprefix
|
|
set ip6 ::/0
|
|
set color 0
|
|
set comment ''
|
|
set fabric-object disable
|
|
next
|
|
edit "none"
|
|
set uuid e52cf880-7e12-51ec-b41d-7762f92296f5
|
|
set type ipprefix
|
|
set ip6 ::/128
|
|
set color 0
|
|
set comment ''
|
|
set fabric-object disable
|
|
next
|
|
edit "SSLVPN_TUNNEL_IPv6_ADDR1"
|
|
set uuid e532aa50-7e12-51ec-b590-d170cf3f3cae
|
|
set type ipprefix
|
|
set ip6 fdff:ffff::/120
|
|
set color 0
|
|
set comment ''
|
|
set fabric-object disable
|
|
next
|
|
end
|
|
config firewall multicast-address6
|
|
edit "all"
|
|
set ip6 ff00::/8
|
|
set comment ''
|
|
set color 0
|
|
next
|
|
end
|
|
config system ipv6-tunnel
|
|
end
|
|
config firewall addrgrp
|
|
edit "IPv4-Private-All-RFC1918"
|
|
set type default
|
|
set category default
|
|
set uuid 4bbed1ae-7e13-51ec-2177-83c901c98655
|
|
set member "Internal_10.0.0.0_8" "Internal_172.16.0.0_12" "Internal_192.168.0.0_16"
|
|
set comment ''
|
|
set exclude disable
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "SCHC_Local_Subnets_Group"
|
|
set type default
|
|
set category default
|
|
set uuid 4bd0f942-7e13-51ec-a7f5-127312ca3ffb
|
|
set member "SCHC_03_PSLA" "SCHC_09_Grant" "SCHC_15_HWSmith" "SCHC_20_DrKing" "SCHC_22_Delaware" "SCHC_24_Franklin" "SCHC_34_DrWeeks" "SCHC_53_Blodgett"
|
|
set comment ''
|
|
set exclude disable
|
|
set color 8
|
|
set fabric-object disable
|
|
next
|
|
edit "SCHC_Remote_Subnets_Group"
|
|
set type default
|
|
set category default
|
|
set uuid 4bd1573e-7e13-51ec-41d2-798b0b4dc1b4
|
|
set member "SCHC_Remote_Subnet_02" "SCHC_Remote_Subnet_01" "SCHC_Remote_Subnet_03"
|
|
set comment "Syracuse Community Health Center Remote Subnets Group"
|
|
set exclude disable
|
|
set color 8
|
|
set fabric-object disable
|
|
next
|
|
edit "Country Block"
|
|
set type default
|
|
set category default
|
|
set uuid b8e577b0-996b-51ec-2488-38d9ac0d4594
|
|
set member "China" "Russia" "Iran" "Belarus" "North Korea" "Nigeria" "Afghanistan" "Brazil" "Columbia" "India" "Indonesia" "Romania" "Thailand" "Turkey" "Vietnam"
|
|
set comment ''
|
|
set exclude disable
|
|
set color 6
|
|
set fabric-object disable
|
|
next
|
|
edit "City_Side_VoIP_Park_Place_Group"
|
|
set type default
|
|
set category default
|
|
set uuid c478eae8-103f-51ee-dbce-9ac9740ebb59
|
|
set allow-routing enable
|
|
set member "City_Side_VoIP_1_Park_Place_A" "City_Side_VoIP_1_Park_Place_B"
|
|
set comment ''
|
|
set color 28
|
|
set fabric-object disable
|
|
next
|
|
edit "SchoolTool_Cloud_Internal"
|
|
set type default
|
|
set category default
|
|
set uuid e8f4f95c-11fb-51ef-0f50-e994ff62b405
|
|
set member "21JumpSt" "DataTools" "Fileserver03" "Nighttime_Inside" "Tableau" "DC01_A" "DC01_B" "DC01_C" "HVDC02" "HVDC03_A" "HVDC03_B" "DocHolliday" "SchoolTool webjs" "Elastic"
|
|
set comment "Access for SchoolTool Cloud"
|
|
set exclude disable
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "Nimble_Inside_Grp"
|
|
set type default
|
|
set category default
|
|
set uuid aa292e2c-3812-51ef-c510-a4adc16d7de2
|
|
set member "Nimble_Inside_4" "Nimble_Inside_2" "Nimble_Inside_1" "nimble_Inside_3"
|
|
set comment ''
|
|
set exclude disable
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "SRICBOCES-OUTSIDE"
|
|
set type default
|
|
set category default
|
|
set uuid aa29ac62-3812-51ef-0eaa-eef60c6adc0a
|
|
set member "SRIC_BOCES_Server02" "SRIC_BOCES_Firewall" "SRIC_BOCES_Server01"
|
|
set comment "Eastern Suffolk BOCES"
|
|
set exclude disable
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "SPD_Firewalls_Our_Side"
|
|
set type default
|
|
set category default
|
|
set uuid aa2c7802-3812-51ef-a555-2e23aa32adb6
|
|
set member "SPD_09_Grant" "SPD_48_Beard" "SPD_56_SSC" "SPD_21_Danforth" "SPD_25_Frazer" "SPD_53_Blodgett" "SPD_20_DrKing" "SPD_44_Seymour" "SPD_22_Delaware" "SPD_24_Franklin"
|
|
set comment "SPD firewalls on our internal network."
|
|
set exclude disable
|
|
set color 2
|
|
set fabric-object disable
|
|
next
|
|
edit "City_Permited_Subnets_Group"
|
|
set type default
|
|
set category default
|
|
set uuid aa2d8ea4-3812-51ef-34dd-45fea29eb110
|
|
set member "city_permited_subnet_4" "city_permited_subnet_1" "city_permited_subnet_5" "city_permited_subnet_3" "city_permited_subnet_7"
|
|
set comment "Subnets City is allowed to on our side"
|
|
set exclude disable
|
|
set color 28
|
|
set fabric-object disable
|
|
next
|
|
edit "City_Subnets_Group"
|
|
set type default
|
|
set category default
|
|
set uuid aa2e5bae-3812-51ef-80f7-04846a6eb832
|
|
set member "City_Side_Subnet_1" "City_Side_CGR_01" "City_Side_CGR_02" "City_Side_VoIP_Water_DPW_Recorder"
|
|
set comment "City subnets on their side"
|
|
set exclude disable
|
|
set color 28
|
|
set fabric-object disable
|
|
next
|
|
edit "Day_Server_Group"
|
|
set type default
|
|
set category default
|
|
set uuid aa32f010-3812-51ef-5fa0-cf356abb1823
|
|
set member "Day_Enterprise_Server" "Day_VM_Server" "Day_Continuum_Server"
|
|
set comment ''
|
|
set exclude disable
|
|
set color 10
|
|
set fabric-object disable
|
|
next
|
|
edit "Security_VLAN_70_Group"
|
|
set type default
|
|
set category default
|
|
set uuid aa337134-3812-51ef-73dd-5f02711c5574
|
|
set member "Security_01_NOC" "Security_02_ITC" "Security_03_PSLA" "Security_04_Nottingham" "Security_06_Henninger" "Security_07_Corcoran" "Security_08_Clary" "Security_09_Grant" "Security_10_Levy" "Security_13_Lincoln" "Security_14_Shea" "Security_15_HWSmith" "Security_16_Bellevue" "Security_20_DrKing" "Security_21_Danforth" "Security_22_Delaware" "Security_23_Elmwood" "Security_24_Franklin" "Security_25_Frazer" "Security_27_Elmcrest" "Security_28_Latin" "Security_29_Huntington" "Security_30_SalemHyde" "Security_33_LeMoyne" "Security_34_DrWeeks" "Security_36_McKinley" "Security_37_Meachem" "Security_40_Porter" "Security_41_BOVA" "Security_42_Roberts" "Security_44_Seymour" "Security_45_EdSmith" "Security_46_Phoenix" "Security_47_McCarthy" "Security_48_Beard" "Security_49_VanDuyn" "Security_51_Webster" "Security_53_Blodgett" "Security_54_JVC" "Security_55_CentralOffice" "Security_56_SSC" "Security_57_Transportation" "Security_60_PDC" "Security_86_StLucy"
|
|
set comment ''
|
|
set exclude disable
|
|
set color 25
|
|
set fabric-object disable
|
|
next
|
|
edit "Peoplesoft_RDP_Group"
|
|
set type default
|
|
set category default
|
|
set uuid aa391c2e-3812-51ef-aac6-a9c2c240f250
|
|
set member "psdevfin" "psdevhcm" "psprdess" "psprdfin" "psprdhcm" "psprdrpx" "psqasfin" "psqashcm" "pstools" "psnagus" "psupgfin" "psupghcm" "PeopleTools" "psdevdb1" "psprddb1" "psqasdb1" "psupgfin2" "psupghcm2" "pum_a" "pum_b"
|
|
set comment ''
|
|
set exclude disable
|
|
set color 20
|
|
set fabric-object disable
|
|
next
|
|
edit "Hyperion_Server_Group"
|
|
set type default
|
|
set category default
|
|
set uuid aa3b0188-3812-51ef-2304-b0a83ac1d228
|
|
set member "hypprodess" "hypprodweb1" "hypprodweb2" "hypprodwin7" "hypdeveb" "hypdevw1" "hypdevw3" "hypprdeb" "hypprdw1" "hypprdw2" "hypqaeb" "hypqaw1" "hypqaw2" "hypdevw2"
|
|
set comment ''
|
|
set exclude disable
|
|
set color 22
|
|
set fabric-object disable
|
|
next
|
|
edit "Peoplesoft_SSH_Group"
|
|
set type default
|
|
set category default
|
|
set uuid aa3c572c-3812-51ef-ccf5-4737d40135d2
|
|
set member "psdevdb1" "psprddb1" "psqasdb1"
|
|
set comment ''
|
|
set exclude disable
|
|
set color 21
|
|
set fabric-object disable
|
|
next
|
|
edit "Safeschools_Group"
|
|
set type default
|
|
set category default
|
|
set uuid aa3cbc76-3812-51ef-91fc-34f3eee1d46d
|
|
set member "SafeSchools_01" "Safeschools_02"
|
|
set comment ''
|
|
set exclude disable
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "411_Group"
|
|
set type default
|
|
set category default
|
|
set uuid aa3d105e-3812-51ef-5de4-066c1e7b3896
|
|
set member "411app" "411sql" "411App_WebPage"
|
|
set comment ''
|
|
set exclude disable
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "Domain_Controller_Group"
|
|
set type default
|
|
set category default
|
|
set uuid aa3d77c4-3812-51ef-6a6e-a5b7cfcf0fb9
|
|
set member "DC01_A" "DC01_B" "DC01_C" "HVDC02" "HVDC03_A" "HVDC03_B"
|
|
set comment ''
|
|
set exclude disable
|
|
set color 14
|
|
set fabric-object disable
|
|
next
|
|
edit "City_CGRs_Group"
|
|
set type default
|
|
set category default
|
|
set uuid aa3e1c06-3812-51ef-ffb7-683d5074b203
|
|
set member "CGR_16_Bellevue" "CGR_55_CentralOffice" "CGR_45_EdSmith" "CGR_23_Elmwood" "CGR_24_Franklin" "CGR_29_Huntington" "CGR_15_HWSmith" "CGR_48_Beard" "CGR_36_McKinley" "CGR_37_Meachem" "CGR_40_Porter" "CGR_30_SalemHyde" "CGR_44_Seymour" "CGR_49_VanDuyn" "CGR_51_Webster"
|
|
set comment "City CGRs on our side"
|
|
set exclude disable
|
|
set color 28
|
|
set fabric-object disable
|
|
next
|
|
edit "Block_List_Group"
|
|
set type default
|
|
set category default
|
|
set uuid aa418db4-3812-51ef-0dbd-c632fab294fa
|
|
set member "z_BlockIP_001" "z_BlockIP_002" "z_BlockIP_003" "z_BlockIP_004" "z_BlockIP_005" "z_BlockIP_006" "z_BlockIP_008" "z_BlockIP_009" "z_BlockIP_010" "z_BlockIP_011" "z_BlockIP_012" "z_BlockIP_013" "z_BlockIP_014" "z_BlockIP_015" "z_BlockIP_016" "z_BlockIP_017" "z_BlockIP_018" "z_BlockIP_019" "z_BlockIP_020" "z_BlockIP_021" "z_BlockIP_022" "z_BlockIP_024" "z_BlockIP_025" "z_BlockIP_026" "z_BlockIP_027" "z_BlockIP_028" "z_BlockIP_030" "z_BlockIP_031" "z_BlockIP_032" "z_BlockIP_033" "z_BlockIP_034" "z_BlockIP_035" "z_BlockIP_036" "z_BlockIP_037" "z_BlockIP_038" "z_BlockIP_039" "z_BlockIP_040" "z_BlockIP_041" "z_BlockIP_042" "z_BlockIP_043" "z_BlockIP_044" "z_BlockIP_045" "z_BlockIP_046" "z_BlockIP_047" "z_BlockIP_048" "z_BlockIP_052" "z_BlockIP_053" "z_BlockIP_054" "z_BlockIP_055" "z_BlockIP_056" "z_BlockIP_057" "z_BlockIP_058" "z_BlockIP_059" "z_BlockIP_060" "z_BlockIP_061" "z_BlockIP_062" "z_BlockIP_063" "z_BlockIP_064" "z_BlockIP_065" "z_BlockIP_066" "z_BlockIP_067" "z_BlockIP_068" "z_BlockIP_069" "z_BlockIP_070" "z_BlockIP_071" "z_BlockIP_072" "z_BlockIP_073" "z_BlockIP_074" "z_BlockIP_075" "z_BlockIP_076" "z_BlockIP_077" "z_BlockIP_078" "z_BlockIP_079" "z_BlockIP_080" "z_BlockIP_081" "z_BlockIP_082" "z_BlockIP_083" "z_BlockIP_084" "z_BlockIP_085" "z_BlockIP_086" "z_BlockIP_087" "z_BlockIP_088" "z_BlockIP_089" "z_BlockIP_090" "z_BlockIP_091" "z_BlockIP_092" "z_BlockIP_093" "z_BlockIP_094" "z_BlockIP_095" "z_BlockIP_096" "z_BlockIP_097" "z_BlockIP_098" "z_BlockIP_099" "z_BlockIP_100" "z_BlockIP_101" "z_BlockIP_007" "z_BlockIP_049" "z_BlockIP_050" "z_BlockIP_051" "z_BlockIP_103" "z_BlockIP_104" "z_BlockIP_105" "z_BlockIP_106" "z_BlockIP_107" "z_BlockIP_108" "z_BlockIP_109" "z_BlockIP_111" "z_BlockIP_112" "z_BlockIP_113" "z_BlockIP_114" "z_BlockIP_115" "z_BlockIP_116" "z_BlockIP_117" "z_BlockIP_118" "z_BlockIP_119" "z_BlockIP_120" "z_BlockIP_122" "z_BlockIP_125" "z_BlockIP_126" "z_BlockIP_127" "z_BlockIP_128" "z_BlockIP_129" "z_BlockIP_130" "z_BlockIP_131" "z_BlockIP_132" "z_BlockIP_133" "z_BlockSub_001" "z_BlockSub_002" "z_BlockSub_003" "z_BlockSub_004" "z_BlockSub_005" "z_BlockSub_006" "z_BlockSub_007" "z_BlockSub_008" "z_BlockSub_009" "z_BlockSub_010" "z_BlockSub_011" "z_BlockSub_012" "z_BlockSub_013" "z_BlockSub_014" "z_BlockSub_015" "z_BlockSub_016" "z_BlockSub_017" "z_BlockSub_019" "z_BlockSub_020" "z_BlockSub_021" "z_BlockSub_022" "z_BlockSub_024" "z_BlockSub_025" "z_BlockSub_026" "z_BlockSub_027" "z_BlockSub_028" "z_BlockSub_030" "z_BlockSub_031" "z_BlockSub_032" "z_BlockSub_033" "z_BlockSub_034" "z_BlockSub_035" "z_BlockSub_037" "z_BlockSub_038" "z_BlockSub_039" "z_Ryuk_01" "z_Ryuk_02" "z_BlockIP_023" "z_BlockIP_029" "z_BlockIP_134" "z_BlockIP_135" "z_BlockIP_000" "z_BlockIP_138" "z_BlockIP_139" "z_BlockIP_140" "z_BlockIP_141" "z_BlockIP_142" "z_BlockIP_143" "z_BlockIP_144" "z_BlockIP_145" "z_BlockIP_146" "z_BlockIP_147" "z_BlockIP_148" "z_BlockIP_149" "z_BlockIP_150" "z_BlockRange_01" "z_BlockRange_02" "z_BlockRange_03" "z_BlockSub_040" "z_BlockSub_041" "z_BlockSub_042" "z_BlockIP_152"
|
|
set comment "IPs and Subnets to be blocked as Malicious"
|
|
set exclude disable
|
|
set color 6
|
|
set fabric-object disable
|
|
next
|
|
edit "City_Side_CGR_Group"
|
|
set type default
|
|
set category default
|
|
set uuid aa686434-3812-51ef-7899-4b9bccb37ebf
|
|
set allow-routing enable
|
|
set member "City_Side_CGR_01" "City_Side_CGR_02"
|
|
set comment "City Lights CGR Subnets on their side."
|
|
set color 28
|
|
set fabric-object disable
|
|
next
|
|
edit "Access_Control_VLAN_72_Group"
|
|
set type default
|
|
set category default
|
|
set uuid aa68f926-3812-51ef-89a0-b97518058f99
|
|
set member "Access_Control_40_Porter" "Access_Control_01_NOC" "Access_Control_02_ITC" "Access_Control_03_PSLA" "Access_Control_04_Nottingham" "Access_Control_06_Henninger" "Access_Control_07_Corcoran" "Access_Control_08_Clary" "Access_Control_09_Grant" "Access_Control_10_Levy"
|
|
set comment ''
|
|
set exclude disable
|
|
set color 25
|
|
set fabric-object disable
|
|
next
|
|
edit "SMTP_Office365_Group"
|
|
set type default
|
|
set category default
|
|
set uuid aa6a399e-3812-51ef-acbb-6c6309b27822
|
|
set member "SMTP_Office365_a" "SMTP_Office365_b" "SMTP_Office365_c" "SMTP_Office365_d"
|
|
set comment "Microsoft to Barracuda Archivers"
|
|
set exclude disable
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "City_Side_VoIP_Group"
|
|
set type default
|
|
set category default
|
|
set uuid aa6adb24-3812-51ef-571f-95a97db26ef6
|
|
set allow-routing enable
|
|
set member "City_Side_VoIP_30" "City_Side_VoIP_56" "City_Side_VoIP_61" "City_Side_VoIP_62" "City_Side_VoIP_63" "City_Side_VoIP_64" "City_Side_VoIP_65" "City_Side_VoIP_66" "City_Side_VoIP_67" "City_Side_VoIP_68" "City_Side_VoIP_72" "City_Side_VoIP_74" "City_Side_VoIP_75" "City_Side_VoIP_76" "City_Side_VoIP_77" "City_Side_VoIP_88" "City_Side_VoIP_132" "City_Side_VoIP_1_Park_Place_A" "City_Side_VoIP_1_Park_Place_B" "City_Side_VoIP_Router_A" "City_Side_VoIP_Router_B"
|
|
set comment "City VoIP Group - except Parks and Water Recorder"
|
|
set color 28
|
|
set fabric-object disable
|
|
next
|
|
edit "SPD_Side_Firewall_Group"
|
|
set type default
|
|
set category default
|
|
set uuid aa6d9634-3812-51ef-6a32-4cf9774f0418
|
|
set allow-routing enable
|
|
set member "SPD_Side_A" "SPD_Side_B"
|
|
set comment "IP Range of SPD Side Firewalls"
|
|
set color 2
|
|
set fabric-object disable
|
|
next
|
|
edit "Country Allow"
|
|
set type default
|
|
set category default
|
|
set uuid aa6f1d7e-3812-51ef-e339-c0bde8205826
|
|
set member "Microsoft 1"
|
|
set comment ''
|
|
set exclude disable
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "Peoplesoft_Audit_Group"
|
|
set type default
|
|
set category default
|
|
set uuid aa6f6504-3812-51ef-8624-ff5d573953d9
|
|
set member "psdevfin" "psdevhcm" "psprdfin" "psprdhcm" "psqasfin" "psqashcm"
|
|
set comment "Group allowed for PS Auditors"
|
|
set exclude disable
|
|
set color 20
|
|
set fabric-object disable
|
|
next
|
|
edit "Genetec_Inside_Group"
|
|
set type default
|
|
set category default
|
|
set uuid aa700f9a-3812-51ef-0b35-4e734284056a
|
|
set allow-routing enable
|
|
set member "NVR-NOC" "NVR-FAILOVER" "NVR-RING1-CLAR" "NVR-RING1-CLAR2" "NVR-RING1-CORC" "NVR-RING1-CORC2" "NVR-RING2-DANF" "NVR-RING2-DANF2" "NVR-RING3-PSLA" "NVR-RING3-PSLA2" "NVR-RING4-BLOD" "NVR-RING4-FRAZ" "NVR-RING5-CENT" "NVR-RING6-EDSM" "NVR-RING6-HWSM" "NVR-RING6-HWSM2" "NVR-RING6-NOTT" "NVR-RING7-BELL" "NVR-RING7-GRAN" "NVR-RING7-GRAN2" "NVR-RING8-HENN" "NVR-RING8-HENN2" "NVR-RING8-HUNT" "Genetec-Dir" "Genetec-DirBU" "Genetec-Media" "Genetec-MRouter"
|
|
set comment "District NVRs and Genetec Servers for SPD Federation"
|
|
set color 2
|
|
set fabric-object disable
|
|
next
|
|
edit "MS_Teams_External_Group"
|
|
set type default
|
|
set category default
|
|
set uuid aa735ca4-3812-51ef-7d47-0f749ac8c71e
|
|
set member "MS_Teams_External_A" "MS_Teams_External_B"
|
|
set comment ''
|
|
set exclude disable
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "SchoolTool_AWS_Internal"
|
|
set type default
|
|
set category default
|
|
set uuid aa73bee2-3812-51ef-edf2-99e1febb065d
|
|
set allow-routing enable
|
|
set member "DataTools" "ST_Internal_2"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "SchoolTool_AWS_External"
|
|
set type default
|
|
set category default
|
|
set uuid aa742c2e-3812-51ef-0138-94244ea9e863
|
|
set allow-routing enable
|
|
set member "ST_External_4" "ST_External_5" "ST_External_6" "ST_External_1" "ST_External_2" "ST_External_3"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "HighStreet_Local"
|
|
set type default
|
|
set category default
|
|
set uuid 78ada470-9200-51ef-09f9-010e8400e8c6
|
|
set member "DataTools" "Nighttime_Inside"
|
|
set comment "Internal IPs for Highstreet Tunnel"
|
|
set exclude disable
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "DPS_local"
|
|
set type default
|
|
set category default
|
|
set uuid 18747224-0031-51f0-ab1a-753462a66a8a
|
|
set allow-routing enable
|
|
set member "DPS_local_subnet_1"
|
|
set comment "VPN: DPS (Created by VPN wizard)"
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "DPS_remote"
|
|
set type default
|
|
set category default
|
|
set uuid 1877201e-0031-51f0-c53a-c65db3b7cf04
|
|
set allow-routing enable
|
|
set member "DPS_remote_subnet_1"
|
|
set comment "VPN: DPS (Created by VPN wizard)"
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "Nutanix_CVM"
|
|
set type default
|
|
set category default
|
|
set uuid 04b90a30-108d-51f0-5083-ae8f26a6df27
|
|
set member "Patty_CT_NOC_CVM" "Pigpen_CT_NOC_CVM" "RedBaron_CT_NOC_CVM" "Sally_CT_NOC_CVM" "Schroeder _CT_NOC_CVM"
|
|
set comment "Nutanix CVM"
|
|
set exclude disable
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "Nutanix_Remote_Support"
|
|
set type default
|
|
set category default
|
|
set uuid 8af52872-108d-51f0-388f-2074e203d032
|
|
set member "Nutanix_Support1" "Nutanix_Support2"
|
|
set comment "Nutanix Remote Support Web addresses"
|
|
set exclude disable
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "POS_Machines"
|
|
set type default
|
|
set category default
|
|
set uuid cd4af3b0-1f78-51f0-8c6f-c35b55c719b6
|
|
set member "Clary_POS" "ITC_Cafe_POS" "Porter_POS"
|
|
set comment "Point of Sale Machines"
|
|
set exclude disable
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "NOCTI_Inside"
|
|
set type default
|
|
set category default
|
|
set uuid a52ed74c-d9b9-51f0-fa3e-a4ae8a6d5056
|
|
set member "Shea_Secure_Wireless" "Shea_VLAN_6" "Corcoran_VLAN_20" "Corcoran_Secure_Wireless"
|
|
set comment ''
|
|
set exclude disable
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
end
|
|
config firewall addrgrp6
|
|
end
|
|
config firewall wildcard-fqdn custom
|
|
edit "g-Adobe Login"
|
|
set uuid b5c2c426-7e12-51ec-c8c7-42a0753234df
|
|
set wildcard-fqdn "*.adobelogin.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-Gotomeeting"
|
|
set uuid b5c2d1dc-7e12-51ec-0033-c7d538e5fdef
|
|
set wildcard-fqdn "*.gotomeeting.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-Windows update 2"
|
|
set uuid b5c2d93e-7e12-51ec-1050-7b6ae64065ac
|
|
set wildcard-fqdn "*.windowsupdate.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-adobe"
|
|
set uuid b5c2c30e-7e12-51ec-1da6-1db9bca6406e
|
|
set wildcard-fqdn "*.adobe.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-android"
|
|
set uuid b5c2c520-7e12-51ec-66f1-404afb0dad1a
|
|
set wildcard-fqdn "*.android.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-apple"
|
|
set uuid b5c2c61a-7e12-51ec-b2cc-2b03b1ad8ac0
|
|
set wildcard-fqdn "*.apple.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-appstore"
|
|
set uuid b5c2c714-7e12-51ec-072f-a8d60b6da6c9
|
|
set wildcard-fqdn "*.appstore.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-auth.gfx.ms"
|
|
set uuid b5c2c80e-7e12-51ec-3653-8016dcbc28a4
|
|
set wildcard-fqdn "*.auth.gfx.ms"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-autoupdate.opera.com"
|
|
set uuid b5c2de52-7e12-51ec-9c10-927947a6ab3a
|
|
set wildcard-fqdn "*autoupdate.opera.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-cdn-apple"
|
|
set uuid 4fcf159e-7cda-51ed-d7ef-7d1c0f82091c
|
|
set wildcard-fqdn "*.cdn-apple.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-citrix"
|
|
set uuid b5c2c908-7e12-51ec-01b1-b38ce4989cbb
|
|
set wildcard-fqdn "*.citrixonline.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-dropbox.com"
|
|
set uuid b5c2ca02-7e12-51ec-43dc-489077effa44
|
|
set wildcard-fqdn "*.dropbox.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-eease"
|
|
set uuid b5c2cafc-7e12-51ec-0777-7e7243cc25fe
|
|
set wildcard-fqdn "*.eease.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-firefox update server"
|
|
set uuid b5c2cbf6-7e12-51ec-d213-27b68033a384
|
|
set wildcard-fqdn "aus*.mozilla.org"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-fortinet"
|
|
set uuid b5c2ccf0-7e12-51ec-0b36-46ab64c1ba89
|
|
set wildcard-fqdn "*.fortinet.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-google-drive"
|
|
set uuid b5c2cee4-7e12-51ec-9ea0-220ca0ebde0f
|
|
set wildcard-fqdn "*drive.google.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-google-play"
|
|
set uuid b5c2db46-7e12-51ec-efc3-be1c278ba621
|
|
set wildcard-fqdn "*play.google.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-google-play2"
|
|
set uuid b5c2cfde-7e12-51ec-3f42-4089eb70f096
|
|
set wildcard-fqdn "*.ggpht.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-google-play3"
|
|
set uuid b5c2d0d8-7e12-51ec-b5df-6cd900ac767d
|
|
set wildcard-fqdn "*.books.google.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-googleapis.com"
|
|
set uuid b5c2cdea-7e12-51ec-c49f-497c9a8f0cc4
|
|
set wildcard-fqdn "*.googleapis.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-icloud"
|
|
set uuid b5c2d344-7e12-51ec-c8c1-97b23449d39e
|
|
set wildcard-fqdn "*.icloud.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-itunes"
|
|
set uuid b5c2d452-7e12-51ec-d0f4-1605cffaa5b0
|
|
set wildcard-fqdn "*itunes.apple.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-live.com"
|
|
set uuid b5c2da42-7e12-51ec-980b-fefb8446bc74
|
|
set wildcard-fqdn "*.live.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-microsoft"
|
|
set uuid b5c2d54c-7e12-51ec-66f6-895f67d8072d
|
|
set wildcard-fqdn "*.microsoft.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-mzstatic-apple"
|
|
set uuid 4fcf1652-7cda-51ed-df9f-4d198b596ae5
|
|
set wildcard-fqdn "*.mzstatic.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-skype"
|
|
set uuid b5c2d646-7e12-51ec-2218-dc4a982afb68
|
|
set wildcard-fqdn "*.messenger.live.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-softwareupdate.vmware.com"
|
|
set uuid b5c2d740-7e12-51ec-15f8-f8ef25f4ea30
|
|
set wildcard-fqdn "*.softwareupdate.vmware.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-swscan.apple.com"
|
|
set uuid b5c2dd44-7e12-51ec-5fa2-8d51ab678ea9
|
|
set wildcard-fqdn "*swscan.apple.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-update.microsoft.com"
|
|
set uuid b5c2dc40-7e12-51ec-7df9-3371c69c0ffb
|
|
set wildcard-fqdn "*update.microsoft.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "g-verisign"
|
|
set uuid b5c2d83a-7e12-51ec-e82e-ffa878b96855
|
|
set wildcard-fqdn "*.verisign.com"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "YouTube"
|
|
set uuid 91c47920-ca34-51ec-0617-1271440b944a
|
|
set wildcard-fqdn "*youtube.com*"
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
end
|
|
config firewall wildcard-fqdn group
|
|
end
|
|
config firewall traffic-class
|
|
end
|
|
config firewall service category
|
|
edit "General"
|
|
set comment "General services."
|
|
set fabric-object disable
|
|
next
|
|
edit "Web Access"
|
|
set comment "Web access."
|
|
set fabric-object disable
|
|
next
|
|
edit "File Access"
|
|
set comment "File access."
|
|
set fabric-object disable
|
|
next
|
|
edit "Email"
|
|
set comment "Email services."
|
|
set fabric-object disable
|
|
next
|
|
edit "Network Services"
|
|
set comment "Network services."
|
|
set fabric-object disable
|
|
next
|
|
edit "Authentication"
|
|
set comment "Authentication service."
|
|
set fabric-object disable
|
|
next
|
|
edit "Remote Access"
|
|
set comment "Remote access."
|
|
set fabric-object disable
|
|
next
|
|
edit "Tunneling"
|
|
set comment "Tunneling service."
|
|
set fabric-object disable
|
|
next
|
|
edit "VoIP, Messaging & Other Applications"
|
|
set comment "VoIP, messaging, and other applications."
|
|
set fabric-object disable
|
|
next
|
|
edit "Web Proxy"
|
|
set comment "Explicit web proxy."
|
|
set fabric-object disable
|
|
next
|
|
end
|
|
config firewall service custom
|
|
edit "ALL"
|
|
set uuid 8b91433e-c0f9-51f0-d815-b351f2139bf0
|
|
set proxy disable
|
|
set category "General"
|
|
set protocol IP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set protocol-number 0
|
|
next
|
|
edit "FTP"
|
|
set uuid 8b914460-c0f9-51f0-3dc4-43aaafcb3d26
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol IP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set protocol-number 22
|
|
next
|
|
edit "FTP_GET"
|
|
set uuid 8b914532-c0f9-51f0-8140-eaef3ce8112b
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 21
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "FTP_PUT"
|
|
set uuid 8b9145fa-c0f9-51f0-cf69-5f693eca039c
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 21
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "DNS"
|
|
set uuid 97290d26-c0f9-51f0-069d-1c2e348ab517
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 53
|
|
set udp-portrange 53
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "HTTP"
|
|
set uuid 97291172-c0f9-51f0-c9bb-7c94e6411f9e
|
|
set proxy disable
|
|
set category "Web Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 80
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "HTTPS"
|
|
set uuid 972914e2-c0f9-51f0-6438-7ba28f777406
|
|
set proxy disable
|
|
set category "Web Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 443
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "IMAP"
|
|
set uuid 97291848-c0f9-51f0-ef57-e14ceb980aba
|
|
set proxy disable
|
|
set category "Email"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 143
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "IMAPS"
|
|
set uuid 97291ba4-c0f9-51f0-228a-ae294018fe4b
|
|
set proxy disable
|
|
set category "Email"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 993
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "LDAP"
|
|
set uuid 97291ef6-c0f9-51f0-0b9f-550b35abb193
|
|
set proxy disable
|
|
set category "Authentication"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 389
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "DCE-RPC"
|
|
set uuid 9729223e-c0f9-51f0-0890-84e6c592010c
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 135
|
|
set udp-portrange 135
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "POP3"
|
|
set uuid 972925e0-c0f9-51f0-153a-e686a95378b9
|
|
set proxy disable
|
|
set category "Email"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 110
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "POP3S"
|
|
set uuid 97292928-c0f9-51f0-5149-b8dd8c1c2784
|
|
set proxy disable
|
|
set category "Email"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 995
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SAMBA"
|
|
set uuid 97292c66-c0f9-51f0-b0ab-b9c1017649eb
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 139
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SMTP"
|
|
set uuid 97292fae-c0f9-51f0-eabc-36594ea46346
|
|
set proxy disable
|
|
set category "Email"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 25
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SMTPS"
|
|
set uuid 972933b4-c0f9-51f0-6166-d72d8d9f371d
|
|
set proxy disable
|
|
set category "Email"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 465
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "KERBEROS"
|
|
set uuid 972938fa-c0f9-51f0-02e7-71672c232645
|
|
set proxy disable
|
|
set category "Authentication"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 88 464
|
|
set udp-portrange 88 464
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "LDAP_UDP"
|
|
set uuid 97293cb0-c0f9-51f0-2872-9365e6c4f677
|
|
set proxy disable
|
|
set category "Authentication"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 389
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SMB"
|
|
set uuid 9729400c-c0f9-51f0-49ca-8bed026179eb
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 445
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "ALL_TCP"
|
|
set uuid 972950b0-c0f9-51f0-d0aa-c0da2bf415d9
|
|
set proxy disable
|
|
set category "General"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1-65535
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "ALL_UDP"
|
|
set uuid 9729542a-c0f9-51f0-75b8-5b95c8ce8f22
|
|
set proxy disable
|
|
set category "General"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 1-65535
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "ALL_ICMP"
|
|
set uuid 97295786-c0f9-51f0-aa38-f8d01c55a4aa
|
|
set proxy disable
|
|
set category "General"
|
|
set protocol ICMP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
unset icmptype
|
|
next
|
|
edit "ALL_ICMP6"
|
|
set uuid 97295b14-c0f9-51f0-5220-5992500fdb5f
|
|
set proxy disable
|
|
set category "General"
|
|
set protocol ICMP6
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
unset icmptype
|
|
next
|
|
edit "GRE"
|
|
set uuid 97295ea2-c0f9-51f0-2301-c02e324830c5
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol IP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set protocol-number 47
|
|
next
|
|
edit "AH"
|
|
set uuid 97296230-c0f9-51f0-7e08-94790f64baa3
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol IP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set protocol-number 51
|
|
next
|
|
edit "ESP"
|
|
set uuid 972965c8-c0f9-51f0-811e-3c00ec7a9655
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol IP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set protocol-number 50
|
|
next
|
|
edit "AOL"
|
|
set uuid 9729694c-c0f9-51f0-2098-b0fc0cde9878
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 5190-5194
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "BGP"
|
|
set uuid 97296c1c-c0f9-51f0-200b-eca62f44a707
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 179
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "DHCP"
|
|
set uuid 97296f6e-c0f9-51f0-9c3f-ff33a5a8bcf4
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 67-68
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "FINGER"
|
|
set uuid 972972ca-c0f9-51f0-1154-c2157a472daf
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 79
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "GOPHER"
|
|
set uuid 97297590-c0f9-51f0-03b8-f6c37d53038e
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 70
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "H323"
|
|
set uuid 972978ec-c0f9-51f0-2763-ef9dd3f11ce1
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1720 1503
|
|
set udp-portrange 1719
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "IKE"
|
|
set uuid 97297cc0-c0f9-51f0-cee8-edd286503ef3
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 500 4500
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "Internet-Locator-Service"
|
|
set uuid 9729801c-c0f9-51f0-78f0-fe77bc49ad4d
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 389
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "IRC"
|
|
set uuid 972982e2-c0f9-51f0-544f-36a475da6127
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 6660-6669
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "L2TP"
|
|
set uuid 97298652-c0f9-51f0-4823-ceec3fbd7cb9
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1701
|
|
set udp-portrange 1701
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "NetMeeting"
|
|
set uuid 972989ea-c0f9-51f0-9e9b-5b1358089d89
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1720
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "NFS"
|
|
set uuid 97298ca6-c0f9-51f0-ee4f-e66f806b8562
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 111 2049
|
|
set udp-portrange 111 2049
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "NNTP"
|
|
set uuid 97299048-c0f9-51f0-553a-0317759524a1
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 119
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "NTP"
|
|
set uuid 972992fa-c0f9-51f0-2c81-e5582a8d1d29
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 123
|
|
set udp-portrange 123
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "OSPF"
|
|
set uuid 972996a6-c0f9-51f0-af0c-a8155a80486c
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol IP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set protocol-number 89
|
|
next
|
|
edit "PC-Anywhere"
|
|
set uuid 97299a34-c0f9-51f0-ef70-840374cf2a78
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 5631
|
|
set udp-portrange 5632
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "PING"
|
|
set uuid 97299dd6-c0f9-51f0-778a-e36519b5af0f
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol ICMP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set icmptype 8
|
|
unset icmpcode
|
|
next
|
|
edit "TIMESTAMP"
|
|
set uuid 9729a1b4-c0f9-51f0-51d6-a533bd0d997b
|
|
set proxy disable
|
|
set category ''
|
|
set protocol ICMP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set icmptype 13
|
|
unset icmpcode
|
|
next
|
|
edit "INFO_REQUEST"
|
|
set uuid 9729a506-c0f9-51f0-a072-f472db9cbfc0
|
|
set proxy disable
|
|
set category ''
|
|
set protocol ICMP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set icmptype 15
|
|
unset icmpcode
|
|
next
|
|
edit "INFO_ADDRESS"
|
|
set uuid 9729a84e-c0f9-51f0-a094-77e24c799462
|
|
set proxy disable
|
|
set category ''
|
|
set protocol ICMP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set icmptype 17
|
|
unset icmpcode
|
|
next
|
|
edit "ONC-RPC"
|
|
set uuid 9729aba0-c0f9-51f0-6976-c784c63bd6e7
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 111
|
|
set udp-portrange 111
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "PPTP"
|
|
set uuid 9729afec-c0f9-51f0-27ae-52d05e5a58cd
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1723
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "QUAKE"
|
|
set uuid 9729b460-c0f9-51f0-00fb-dced14d16243
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 26000 27000 27910 27960
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RAUDIO"
|
|
set uuid 9729b73a-c0f9-51f0-70f0-71e9337ebd15
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 7070
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "REXEC"
|
|
set uuid 9729ba00-c0f9-51f0-7ef9-85ef644d05be
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 512
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RIP"
|
|
set uuid 9729bcc6-c0f9-51f0-26b5-cd6b8518f36c
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 520
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RLOGIN"
|
|
set uuid 9729c022-c0f9-51f0-c5c2-e2b3376f38a4
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 513:512-1023
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RSH"
|
|
set uuid 9729c2e8-c0f9-51f0-401f-7f07423d12f0
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 514:512-1023
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SCCP"
|
|
set uuid 9729c5b8-c0f9-51f0-fd9b-c592e61731c6
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 2000
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SIP"
|
|
set uuid 9729c914-c0f9-51f0-7d6f-33a77cfba02d
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 5060
|
|
set udp-portrange 5060
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SIP-MSNmessenger"
|
|
set uuid 9729ccc0-c0f9-51f0-9158-f78f3a3ff200
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1863
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SNMP"
|
|
set uuid 9729d01c-c0f9-51f0-5fda-4273ce13798a
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 161-162
|
|
set udp-portrange 161-162
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SSH"
|
|
set uuid 9729d3c8-c0f9-51f0-9db4-42a5aae40edb
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 22
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SYSLOG"
|
|
set uuid 9729d71a-c0f9-51f0-4a2d-b7e4a1614314
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 514
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TALK"
|
|
set uuid 9729da62-c0f9-51f0-a043-8247b39e307a
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 517-518
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TELNET"
|
|
set uuid 9729dd46-c0f9-51f0-7d33-23942885497f
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 23
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TFTP"
|
|
set uuid 9729e08e-c0f9-51f0-6b1a-88a02668cddd
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 69
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "MGCP"
|
|
set uuid 9729e48a-c0f9-51f0-1030-e0d1ddc4a6cc
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 2427 2727
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "UUCP"
|
|
set uuid 9729e76e-c0f9-51f0-0335-8cd99d8f11bc
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 540
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "VDOLIVE"
|
|
set uuid 9729ea34-c0f9-51f0-0c1c-6cf868ecd83b
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 7000-7010
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "WAIS"
|
|
set uuid 9729ed04-c0f9-51f0-5525-1f4fb68f8b32
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 210
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "WINFRAME"
|
|
set uuid 9729efc0-c0f9-51f0-bab3-31175ceff85f
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1494 2598
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "X-WINDOWS"
|
|
set uuid 9729f286-c0f9-51f0-8c57-a81d2fd95477
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 6000-6063
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "PING6"
|
|
set uuid 9729f5e2-c0f9-51f0-6c64-735b0ec2a431
|
|
set proxy disable
|
|
set category ''
|
|
set protocol ICMP6
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set icmptype 128
|
|
unset icmpcode
|
|
next
|
|
edit "MS-SQL"
|
|
set uuid 9729f93e-c0f9-51f0-31d0-27b547db006b
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1433 1434
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "MYSQL"
|
|
set uuid 9729fcae-c0f9-51f0-dca4-ffaa9c41c5a8
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 3306
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RDP"
|
|
set uuid 972a0000-c0f9-51f0-abf4-103d85fd4b14
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 3389
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "VNC"
|
|
set uuid 972a0352-c0f9-51f0-7787-578f2bf96a54
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 5900
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "DHCP6"
|
|
set uuid 972a069a-c0f9-51f0-0cc8-12315d677e0a
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 546 547
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SQUID"
|
|
set uuid 972a09ec-c0f9-51f0-4c4b-c48974e31d52
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 3128
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SOCKS"
|
|
set uuid 972a0d3e-c0f9-51f0-b05c-b2f46420bf9e
|
|
set proxy disable
|
|
set category "Tunneling"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1080
|
|
set udp-portrange 1080
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "WINS"
|
|
set uuid 972a10e0-c0f9-51f0-2868-14b36408e24f
|
|
set proxy disable
|
|
set category "Remote Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1512
|
|
set udp-portrange 1512
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RADIUS"
|
|
set uuid 972a146e-c0f9-51f0-9852-37a54d294c9c
|
|
set proxy disable
|
|
set category "Authentication"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 1812 1813
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RADIUS-OLD"
|
|
set uuid 972a1a18-c0f9-51f0-4347-ea7679e73a2e
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 1645 1646
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "CVSPSERVER"
|
|
set uuid 972a1d4c-c0f9-51f0-99ee-1c2d3c0dd72a
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 2401
|
|
set udp-portrange 2401
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "AFS3"
|
|
set uuid 972a2058-c0f9-51f0-fa85-a4f997081959
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 7000-7009
|
|
set udp-portrange 7000-7009
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TRACEROUTE"
|
|
set uuid 972a2436-c0f9-51f0-e1dc-ed1acfb602db
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 33434-33535
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "RTSP"
|
|
set uuid 972a2792-c0f9-51f0-a82c-851ba0355ed3
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 554 7070 8554
|
|
set udp-portrange 554
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "MMS"
|
|
set uuid 972a2b48-c0f9-51f0-b9fb-6c573cd3c331
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1755
|
|
set udp-portrange 1024-5000
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "NONE"
|
|
set uuid 972a2e5e-c0f9-51f0-adb4-38b92a71f785
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 0
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "webproxy"
|
|
set uuid 8b9135d8-c0f9-51f0-d1cd-95a7ff5b53e3
|
|
set proxy enable
|
|
set category "Web Proxy"
|
|
set protocol ALL
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set app-service-type disable
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 0-65535:0-65535
|
|
next
|
|
edit "TCP-109"
|
|
set uuid 972a378c-c0f9-51f0-3537-9523868f3883
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 109
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-1433"
|
|
set uuid 972a3a7a-c0f9-51f0-fd27-c9aef915db26
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1433
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-15000-19999"
|
|
set uuid 972a3d40-c0f9-51f0-d1a3-3121583f0c81
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 15000-19999
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-1521"
|
|
set uuid 972a4010-c0f9-51f0-746f-a4cdf8eeb6e0
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1521
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-1859"
|
|
set uuid 972a42f4-c0f9-51f0-ba53-4ac9c6e0fb96
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1859
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-1935"
|
|
set uuid 972a45b0-c0f9-51f0-409e-1cc33a91025f
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 1935
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-20"
|
|
set uuid 972a4880-c0f9-51f0-d267-5a270cb96bb3
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 20
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-2195"
|
|
set uuid 972a4b46-c0f9-51f0-cf55-cc30de167e90
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 2195
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-2196"
|
|
set uuid 972a4e02-c0f9-51f0-dcf0-609984c81e6e
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 2196
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-2525"
|
|
set uuid 972a53c0-c0f9-51f0-aac9-9c86077de422
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 2525
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-3268"
|
|
set uuid 972a56cc-c0f9-51f0-7f93-3397bae8ba00
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 3268
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-3269"
|
|
set uuid 972a5992-c0f9-51f0-4000-b522aad58531
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 3269
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-3520"
|
|
set uuid 972a5c4e-c0f9-51f0-ee61-1f4631121922
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 3520
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-389"
|
|
set uuid 972a5f0a-c0f9-51f0-9397-ec1d3ba651fc
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 389
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-49152-65535"
|
|
set uuid 972a61d0-c0f9-51f0-d0e1-c3ab92f413a5
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 49152-65535
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-5001"
|
|
set uuid 972a64a0-c0f9-51f0-328d-ca270a17b2ee
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 5001
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-5060"
|
|
set uuid 972a6770-c0f9-51f0-87cf-7b9033989776
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 5060
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-5061"
|
|
set uuid 972a6a2c-c0f9-51f0-085e-b499d4d1045d
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 5061
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-5120"
|
|
set uuid 972a6ce8-c0f9-51f0-9fe9-5801089074c7
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 5120
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-5122-5127"
|
|
set uuid 972a6fae-c0f9-51f0-bcf9-4f0876ded88d
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 5122-5127
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-587"
|
|
set uuid 972a7274-c0f9-51f0-5ee7-c40ee260bf8a
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 587
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-5901"
|
|
set uuid 972a7544-c0f9-51f0-ad70-e37f6dea30c8
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 5901
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-5937"
|
|
set uuid 972a7800-c0f9-51f0-955a-1d7c8de0cc60
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 5937
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-623"
|
|
set uuid 972a7abc-c0f9-51f0-b4c7-6b3ddb2ce9e6
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 623
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-636"
|
|
set uuid 972a7d78-c0f9-51f0-3333-f6d5de214994
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 636
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-6502-6510"
|
|
set uuid 972a80f2-c0f9-51f0-cf30-594e9f8cd65f
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 6502-6510
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-7578"
|
|
set uuid 972a85ca-c0f9-51f0-21ae-3b833e2b1986
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 7578
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-7582"
|
|
set uuid 972a8890-c0f9-51f0-b870-23b6032ff3db
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 7582
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-8000"
|
|
set uuid 972a8b4c-c0f9-51f0-329d-98f339a69825
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 8000
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-8080"
|
|
set uuid 972a8e08-c0f9-51f0-7321-9a2971d1b536
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 8080
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-8082"
|
|
set uuid 972a90ba-c0f9-51f0-24b4-0f33f025afe0
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 8082
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-809"
|
|
set uuid 972a9376-c0f9-51f0-2ec7-b1787fa9fd83
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 809
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "UDP-110"
|
|
set uuid 972a963c-c0f9-51f0-3c7c-fefa97084291
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 110
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "UDP-143"
|
|
set uuid 972a98f8-c0f9-51f0-7c83-42e32788bb79
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 143
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "UDP-1433"
|
|
set uuid 972a9baa-c0f9-51f0-7d3d-000d6e127164
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 1433
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "UDP-25"
|
|
set uuid 972a9e66-c0f9-51f0-785e-e4b5dab8e168
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 25
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "UDP-2525"
|
|
set uuid 972aa122-c0f9-51f0-4901-28053c72430c
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 2525
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "UDP-3389"
|
|
set uuid 972aa3e8-c0f9-51f0-1741-b18a9474d49f
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 3389
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "UDP-3478"
|
|
set uuid 972aa6a4-c0f9-51f0-66cd-ed496218e05f
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 3478
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "UDP-443"
|
|
set uuid 972aa956-c0f9-51f0-9a28-278113f638de
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 443
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "UDP-465"
|
|
set uuid 972aac12-c0f9-51f0-803b-b40258c82ed4
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 465
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "UDP-50000-52399"
|
|
set uuid 972aaed8-c0f9-51f0-69df-ca544c22612e
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 50000-52399
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "UDP-5001"
|
|
set uuid 972ab1b2-c0f9-51f0-c4a0-6efcf6b07096
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 5001
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "UDP-587"
|
|
set uuid 972ab46e-c0f9-51f0-d206-8c9ef784b22f
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 587
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "UDP-60000-61799"
|
|
set uuid 972ab72a-c0f9-51f0-be27-18002b4eebd2
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 60000-61799
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "UDP-623"
|
|
set uuid 972ab9e6-c0f9-51f0-f6b8-4b6a21195f75
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 623
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "UDP-80"
|
|
set uuid 972abca2-c0f9-51f0-1e7e-a42eea6a8b9f
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 80
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "UDP-993"
|
|
set uuid 972abf68-c0f9-51f0-4b10-3b3803ac7774
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 993
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "UDP-995"
|
|
set uuid 972ac224-c0f9-51f0-021e-a6d8f3aaaaeb
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 995
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "UDP-SRC-1025-65535-DST-3544"
|
|
set uuid 972ac4e0-c0f9-51f0-4bd3-ccc8d38e4a23
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 3544:1025-65535
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "UDP-SRC-3544-DST-1025-65535"
|
|
set uuid 972ac7b0-c0f9-51f0-2ab1-69ccfbc830f2
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 1025-65535:3544
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "IP-27"
|
|
set uuid 972aca80-c0f9-51f0-f101-e5e6ef1aa4c1
|
|
set proxy disable
|
|
set category ''
|
|
set protocol IP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set protocol-number 27
|
|
next
|
|
edit "IP-4"
|
|
set uuid 972acd8c-c0f9-51f0-66f3-71905fdca849
|
|
set proxy disable
|
|
set category ''
|
|
set protocol IP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set protocol-number 4
|
|
next
|
|
edit "IP-41"
|
|
set uuid 972ad084-c0f9-51f0-fbf6-2f0a0bcd1186
|
|
set proxy disable
|
|
set category ''
|
|
set protocol IP
|
|
set helper auto
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set protocol-number 41
|
|
next
|
|
edit "Webosphere_Data"
|
|
set uuid 972ad372-c0f9-51f0-7c6b-79a0cce0bf1a
|
|
set proxy disable
|
|
set category "File Access"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 41000-41500
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-9000-9100"
|
|
set uuid 972ad6f6-c0f9-51f0-c619-05f76af3472b
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 9000-9100
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP_UDP-18443"
|
|
set uuid 972ad9bc-c0f9-51f0-0dcd-46f300c70a6c
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment "VDI desktop"
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 18443
|
|
set udp-portrange 18443
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-19000"
|
|
set uuid 972adf0c-c0f9-51f0-912f-ab857dd3d4e4
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 19000
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP_UDP-8100"
|
|
set uuid 972ae20e-c0f9-51f0-d629-253eaeceefc9
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 8100
|
|
set udp-portrange 8100
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP 5500"
|
|
set uuid 972ae51a-c0f9-51f0-f906-1302ec900867
|
|
set proxy disable
|
|
set category "General"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment "SPD Genetec Federation"
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 5500
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP 4502"
|
|
set uuid 972ae8f8-c0f9-51f0-ffea-60a748a30c71
|
|
set proxy disable
|
|
set category "General"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment "SPD Genetec Federation"
|
|
set color 2
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 4502
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "Genetec Federation"
|
|
set uuid 972aed1c-c0f9-51f0-f887-a49f143eea87
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment "SPD Genetec Federation"
|
|
set color 2
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 5500 4502 554 560 960 5004
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "SBC-UDP-Range"
|
|
set uuid 972af14a-c0f9-51f0-acf9-ba2d4f490d97
|
|
set proxy disable
|
|
set category "Network Services"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment "For SBC"
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
unset tcp-portrange
|
|
set udp-portrange 3478-3481
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "Zoom UDP Ports"
|
|
set uuid 972af53c-c0f9-51f0-7b95-b1b913361a98
|
|
set proxy disable
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment "Firewall rules for Zoom Phone"
|
|
set color 2
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn "static.zdassets.com"
|
|
unset tcp-portrange
|
|
set udp-portrange 20000-64000:390 20000-64000:5091 49152-65535:8801-8810 49152-65535:3478 49152-65535:3479
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-8443"
|
|
set uuid 972afabe-c0f9-51f0-f4bb-ab64782dfb5a
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 8443
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
edit "TCP-8013"
|
|
set uuid cca13b6c-c10e-51f0-e695-c39f961803ac
|
|
set proxy disable
|
|
set category ''
|
|
set protocol TCP/UDP/SCTP
|
|
set helper auto
|
|
set check-reset-range default
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
set iprange 0.0.0.0
|
|
set fqdn ''
|
|
set tcp-portrange 8013
|
|
unset udp-portrange
|
|
unset sctp-portrange
|
|
set tcp-halfclose-timer 0
|
|
set tcp-halfopen-timer 0
|
|
set tcp-timewait-timer 0
|
|
set tcp-rst-timer 0
|
|
set udp-idle-timer 0
|
|
set session-ttl 0
|
|
next
|
|
end
|
|
config firewall service group
|
|
edit "Email Access"
|
|
set uuid 8b914758-c0f9-51f0-52c0-babc82ab9266
|
|
set proxy disable
|
|
set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "Web Access"
|
|
set uuid 8b914e24-c0f9-51f0-7360-bed56767670e
|
|
set proxy disable
|
|
set member "DNS" "HTTP" "HTTPS"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "Windows AD"
|
|
set uuid 8b9151d0-c0f9-51f0-fc02-f826fec7145c
|
|
set proxy disable
|
|
set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "Exchange Server"
|
|
set uuid 8b915770-c0f9-51f0-16d4-bece05b54b62
|
|
set proxy disable
|
|
set member "DCE-RPC" "DNS" "HTTPS"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "ContentKeeper-IPMI-Ports_tcp_3520_2"
|
|
set uuid 972b1ab2-c0f9-51f0-0b0b-44d200e4e51c
|
|
set proxy disable
|
|
set member "TCP-3520"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "ContentKeeper-IPMI-Ports_tcp_5120_3"
|
|
set uuid 972b2052-c0f9-51f0-1e2d-359707094f02
|
|
set proxy disable
|
|
set member "TCP-5120"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "ContentKeeper-IPMI-Ports_tcp_5122_5127_4"
|
|
set uuid 972b252a-c0f9-51f0-f9ce-322ea5dd346c
|
|
set proxy disable
|
|
set member "TCP-5122-5127"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "ContentKeeper-IPMI-Ports_tcp_5900_5"
|
|
set uuid 972b2a66-c0f9-51f0-d85b-8f3320a9456f
|
|
set proxy disable
|
|
set member "VNC"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "ContentKeeper-IPMI-Ports_tcp_5901_6"
|
|
set uuid 972b2f16-c0f9-51f0-3d26-d905a15b86bb
|
|
set proxy disable
|
|
set member "TCP-5901"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "ContentKeeper-IPMI-Ports_tcp_623_7"
|
|
set uuid 972b3434-c0f9-51f0-1e48-8e2043be56bb
|
|
set proxy disable
|
|
set member "TCP-623"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "ContentKeeper-IPMI-Ports_tcp_7578_8"
|
|
set uuid 972b38ee-c0f9-51f0-a76a-a67b4328d361
|
|
set proxy disable
|
|
set member "TCP-7578"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "ContentKeeper-IPMI-Ports_tcp_7582_9"
|
|
set uuid 972b3e16-c0f9-51f0-981b-e187be493da3
|
|
set proxy disable
|
|
set member "TCP-7582"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "ContentKeeper-IPMI-Ports_tcp_www_10"
|
|
set uuid 972b42d0-c0f9-51f0-5f5f-c6e93ba521e2
|
|
set proxy disable
|
|
set member "HTTP"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "ContentKeeper-Mobility_tcp_8080_2"
|
|
set uuid 972b4870-c0f9-51f0-b7e7-f41721f87707
|
|
set proxy disable
|
|
set member "TCP-8080"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "ContentKeeper-Mobility_tcp_993_3"
|
|
set uuid 972b4d34-c0f9-51f0-7519-620883966390
|
|
set proxy disable
|
|
set member "IMAPS"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "ContentKeeper_UDP_4500"
|
|
set uuid 972b5252-c0f9-51f0-e936-7b7f2d409865
|
|
set proxy disable
|
|
set member "IKE"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "ContentKeeper_UDP_500"
|
|
set uuid 972b5856-c0f9-51f0-3b31-4e7ce2439bc5
|
|
set proxy disable
|
|
set member "IKE"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "Day-Server_tcp_6502_6510_2"
|
|
set uuid 972b5f5e-c0f9-51f0-fcbf-2f4b58364da5
|
|
set proxy disable
|
|
set member "TCP-6502-6510"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "Oracle-SQL_tcp_sqlnet_2"
|
|
set uuid 972b640e-c0f9-51f0-2e1e-875e5246770a
|
|
set proxy disable
|
|
set member "TCP-1521"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "POP-2"
|
|
set uuid 972b6936-c0f9-51f0-8350-ac5e199e2154
|
|
set proxy disable
|
|
set member "TCP-109"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "POP-3"
|
|
set uuid 972b6dd2-c0f9-51f0-1e48-c9bb439f1548
|
|
set proxy disable
|
|
set member "POP3"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "ContentKeeper-IPMI-Ports_tcp_https_11"
|
|
set uuid 972b72e6-c0f9-51f0-245f-ff5c0f937dd3
|
|
set proxy disable
|
|
set member "HTTPS"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "ContentKeeper-MGMT-Ports_tcp_https_2"
|
|
set uuid 972b77a0-c0f9-51f0-b1e6-a449f91c984d
|
|
set proxy disable
|
|
set member "HTTPS"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "ContentKeeper-MGMT-Ports_tcp_ssh_3"
|
|
set uuid 972b7cc8-c0f9-51f0-2029-2ad0400c671d
|
|
set proxy disable
|
|
set member "SSH"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "ContentKeeper-Mobility_tcp_https_4"
|
|
set uuid 972b816e-c0f9-51f0-a262-73ac5a91666f
|
|
set proxy disable
|
|
set member "HTTPS"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "Airwatch_Services_Group"
|
|
set uuid 972b86a0-c0f9-51f0-02fb-bde8300aeecc
|
|
set proxy disable
|
|
set member "HTTP" "HTTPS" "Internet-Locator-Service" "SMTP" "SMTPS" "TCP-1433" "TCP-2195" "TCP-2196" "TCP-3268" "TCP-3269" "TCP-636"
|
|
set comment "Air watch service group"
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "ContentKeeper-IPMI-Ports"
|
|
set uuid 972b91c2-c0f9-51f0-be4d-244743b304d5
|
|
set proxy disable
|
|
set member "ContentKeeper-IPMI-Ports_tcp_3520_2" "ContentKeeper-IPMI-Ports_tcp_5120_3" "ContentKeeper-IPMI-Ports_tcp_5122_5127_4" "ContentKeeper-IPMI-Ports_tcp_5900_5" "ContentKeeper-IPMI-Ports_tcp_5901_6" "ContentKeeper-IPMI-Ports_tcp_623_7" "ContentKeeper-IPMI-Ports_tcp_7578_8" "ContentKeeper-IPMI-Ports_tcp_7582_9" "ContentKeeper-IPMI-Ports_tcp_www_10" "ContentKeeper-IPMI-Ports_tcp_https_11"
|
|
set comment "Content Keeper IPMI Ports"
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "Email_Services_Group"
|
|
set uuid 972b9cf8-c0f9-51f0-9bb4-a69dca943aea
|
|
set proxy disable
|
|
set member "HTTP" "HTTPS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS" "TCP-2525" "TCP-587" "UDP-110" "UDP-143" "UDP-25" "UDP-2525" "UDP-465" "UDP-587" "UDP-993" "UDP-995"
|
|
set comment ''
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "CK_Mobile_Services_Group"
|
|
set uuid 972baad6-c0f9-51f0-aa90-bcaa4cebc6d6
|
|
set proxy disable
|
|
set member "HTTPS" "IMAPS" "TCP-8080" "IKE"
|
|
set comment ''
|
|
set color 19
|
|
set fabric-object disable
|
|
next
|
|
edit "CK_Support_Services_Group"
|
|
set uuid 972bb09e-c0f9-51f0-2d26-0ee9881a390e
|
|
set proxy disable
|
|
set member "HTTP" "HTTPS" "SSH" "TCP-3520" "TCP-5120" "TCP-5122-5127" "TCP-5901" "TCP-623" "TCP-7578" "TCP-7582" "VNC"
|
|
set comment ''
|
|
set color 19
|
|
set fabric-object disable
|
|
next
|
|
end
|
|
config firewall internet-service-group
|
|
edit "Microsoft_ISDB_Both"
|
|
set comment ''
|
|
set direction both
|
|
set member "Microsoft-Azure" "Microsoft-Azure.AD" "Microsoft-Azure.Data.Factory" "Microsoft-Azure.Monitor" "Microsoft-Azure.Power.BI" "Microsoft-Azure.SQL" "Microsoft-Azure.Virtual.Desktop" "Microsoft-Dynamics" "Microsoft-Office365.Published" "Microsoft-Office365.Published.Allow" "Microsoft-Office365.Published.Optimize" "Microsoft-Office365.Published.USGOV" "Microsoft-Outlook" "Microsoft-Skype_Teams" "Microsoft-Teams.Published.Worldwide.Allow" "Microsoft-Teams.Published.Worldwide.Optimize" "Microsoft-WNS"
|
|
next
|
|
edit "Microsoft_ISDB_Destination"
|
|
set comment ''
|
|
set direction destination
|
|
set member "Microsoft-DNS" "Microsoft-FTP" "Microsoft-ICMP" "Microsoft-Inbound_Email" "Microsoft-Intune" "Microsoft-Microsoft.Update" "Microsoft-NetBIOS.Name.Service" "Microsoft-NetBIOS.Session.Service" "Microsoft-NTP" "Microsoft-Office365" "Microsoft-Other" "Microsoft-Outbound_Email" "Microsoft-RTMP" "Microsoft-SSH" "Microsoft-Web"
|
|
next
|
|
end
|
|
config firewall internet-service-extension
|
|
end
|
|
config firewall internet-service-custom
|
|
end
|
|
config firewall internet-service-custom-group
|
|
end
|
|
config firewall network-service-dynamic
|
|
end
|
|
config system external-resource
|
|
end
|
|
config vpn certificate ca
|
|
end
|
|
config vpn certificate remote
|
|
edit "REMOTE_Cert_2"
|
|
set remote "-----BEGIN CERTIFICATE-----
|
|
MIIC8DCCAdigAwIBAgIQV7cBJRgkyKtNQWP0X4bEgTANBgkqhkiG9w0BAQsFADA0
|
|
MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZp
|
|
Y2F0ZTAeFw0yNDAyMDkxNzI4NDdaFw0yNzAyMDkxNzI4NDdaMDQxMjAwBgNVBAMT
|
|
KU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjAN
|
|
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4wZ6Ksep4BC7Yn1/Rhwh5qAKVgg3
|
|
cZew/4sqvDhu0uyUq7+9+P6Q69ZbB3FNcAQy7E1sknsR0xmLJnHcGjPm3v+tkEqN
|
|
4s9TR7WJObdvwyJDUxDq5gAfb0AifvBegyCVVDFwtOXaEkPrZNKDtIOPg0/yIXQx
|
|
v21m0cY7hwKF0QQ+gq5qWD93C8qoC6dSj4V/Os1AweORsB/6l7Hrb1i0PP5evtDT
|
|
2QYMYORRG55sdwmmvy+H/qwuArH/2FWVUJ37B3EdWn+tXldijK7QYJyyvUtWhwXm
|
|
7j7MnguDsIACNoyneB+PWzzH0XmaAI2YABkVqK6+4NzZac6CDjlvPLxvQQIDAQAB
|
|
MA0GCSqGSIb3DQEBCwUAA4IBAQAITRfPbWnIVPbdwOXZzI6y1EsvwZYQcE5Qcx5l
|
|
1+DCQBNmRqpYxCdLDSyt6YicD6PMFV3H4kNk7v3UmE4Cmkgg2r6G84F6StqpHLSP
|
|
A8rIMmLoqroxsKbe0jDkUpWzTyynZG4ZJfRsd7ayMi9T90Twa4o2xFRsF6E4BFh4
|
|
yfCKuss3AHbIXndlQf18Sge6AH171C3yUX39+hMH4OfTJkJ+H0xQ6tw+AfWG3DBG
|
|
+Hgj/pk6puKbnQXfjigBdlqYklwIwbxs0AjPty4Mm+9N06zf2vXDjypSD1AiIW6E
|
|
rN9aZiizMJXvJ5rIXOJlhJJjj+nD2lOkIaw2NSjtSkZSs/fP
|
|
-----END CERTIFICATE-----"
|
|
set range vdom
|
|
set source user
|
|
next
|
|
end
|
|
config vpn certificate local
|
|
edit "Fortinet_CA_SSL"
|
|
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_CA_Untrusted"
|
|
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_GUI_Server"
|
|
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_RSA1024"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_RSA2048"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_RSA4096"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_DSA1024"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_DSA2048"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_ECDSA256"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_ECDSA384"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_ECDSA521"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_ED25519"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Fortinet_SSL_ED448"
|
|
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
|
|
unset private-key
|
|
unset certificate
|
|
set range global
|
|
set source factory
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "Star Cert Expire 4-24"
|
|
set password ENC Z3whVPxf4MFG9GME+Dkr5r95N8tGniWENoe5gPxDBbEvZCAiJcjVwUT2VvQx9WP8oUmqukbwYcXSvdqeYbzxoVR08JmqZsHmsOKzHo7t6PK3tAfYpUKR5TZB7jySnH55CgzvmoiBMa8CLMS2shFqB5sKQH+6E4zOjSapcsOIQ0HJ8wmbxArTVVPFwymwS741MPAYYFlmMjY3dkVA
|
|
set comments ''
|
|
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
MIIFJDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQEu8wBfpXWzIvwTKP
|
|
EWsbgQICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQI+ctw4vM5C+AEggTI
|
|
yYzPzkAG+NkWZz7FUH6KAK8mZFF7HnvWZxt7b83cJyWM6k81MwbxtSj6XbLnylXD
|
|
txunH/ooDKYUKnYd/DdW5HqHuNYV5Te7wCUoZfNCtQaahi1yDboNch084Ao5dzOY
|
|
2Y1XrtDbal685eRmapcBY98cWOZu+jGH1IR+qlXvyXLAeCelfi2neGOrU1kYFpdC
|
|
G3WxFoFwtQFfuhOPOrWijW7KMBPh5kfxUwRV7LXZ2vbUdBGNneJ9+ycEBHM1CQrx
|
|
3rzXzKPihNUmSxMWkEHVBCMn2OglumzO8NIoOJAliUyhWlqjeqJu199ph4gqhvCW
|
|
IQDxIM2UKHLgjgXXprsgACNk5E1CVoygpgrcdCiva5UpwyiwADf377FNyeZfjktG
|
|
NwpC5JQaCJPVXA/1hlh806JarGfzwV7aIWdMl8y3bisAzqM0J1wAdOcxEmtcjg+g
|
|
qPEyBBKlGMPulq5xfS5NbYRouLg2YtJeXFm0P7fOO8sbVmo1bW6bcwMZgJ3Zx/KU
|
|
DdL9r6L5NAfTjpRpmbd26QGfmiiwCkXyexQtdb4rR1ESDn0GzC+91wU9PPE8RA2e
|
|
N8MbPLOXxvLMEFI2eOspvdmwEmH3UYAiDU4BMhbA96wiaL95+ZrqaHzwareK0E4b
|
|
u1xp7aHmYb449qoDXWCV80VIkMaFHeUV1GXwXLk6qDv+YW3n8oD0nTQwo0068qbt
|
|
9MQcI0K2uCToLCbxtskroyMM0NXNnKTpduOJhm0mNkm5JNlkXodmlDqwjyxHe2pm
|
|
8BpYlBohyoFp2LXJv4r2JYJYMSra1Msc85N+xCjNVcVlRrRq3USmzTIkoTykiV5C
|
|
KBcmYuSG+gVvC+gWInyxLCf4j1iXi3ZKm0zfGT/of83J/mShAiitMv9OUGYJmyIu
|
|
6gn7JoWCzbGb5pIxkWkVPnR7HMTvbG9W+r4nZxlOr7WZzoIEj37Xyq+FY/MH/dxd
|
|
KygedTOHdk4/EZ5f0pnLds2NH+Y+2rl0mo4xpAlvqRQ/0ct85lKqSXRqFnR27ugB
|
|
5Zp/7KJvLW/ABGWLGsmqbm2DXK97lWTZc/6ib2Up4BSuArrXlUsSdzbG1fLvO1uY
|
|
f7jfpm9nLNrD0hpuVvvuCGwlZTN9YQ1+FlO6cS01r6Vqno2PmvCCoAxPG1MbTI3h
|
|
kB0k3r0NRheb9qYTalTx+gwsp2aVCCOaXRwntLKsuQ1MuLDefvo8ty4fSbFR/xyS
|
|
VxVLoRW7L4QNzUtmZeyhwlad8ZA1sPkljkdabHH4N4tMe/aWj0QOvM1mc0ZQqZFM
|
|
G8N9xt2Jmo1qwvNwXotpgnEtMXBBkCP6wGWWxO7Ol/aJpcH1vLBkALngfmOiLNIO
|
|
yeIcdr7kp/Qx6zu5DP2NMpcGUumU/6wGtd/CcvPpVTnd2JLQqAnyonRx+QKQv9Ao
|
|
zfHA2D8Kp4l0neQVa+xIsnfqfjAOBqpvgyt4lhcMme9C++uLebtpnMkH851jGp1d
|
|
xd8TYBP3WptvubsMkNsd+zbZIED5tcYnCcrADHz6yqy3IaL+k29s/QmcmeQDfV3M
|
|
QvGANLYdYUb3cW4ji2YpQB0PBvfNm9/tceANW47motIqQXPdTWvo6PQ650tpXNHt
|
|
gFFcmsP6WfPDZMeASOdBN8atPJ39gFRt
|
|
-----END ENCRYPTED PRIVATE KEY-----"
|
|
set certificate "-----BEGIN CERTIFICATE-----
|
|
MIIG3jCCBcagAwIBAgIQBkygNqmaAydvr/1eZIzsFjANBgkqhkiG9w0BAQsFADBZ
|
|
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypE
|
|
aWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjMw
|
|
MzIyMDAwMDAwWhcNMjQwNDAyMjM1OTU5WjBvMQswCQYDVQQGEwJVUzERMA8GA1UE
|
|
CBMITmV3IFlvcmsxETAPBgNVBAcTCFN5cmFjdXNlMSYwJAYDVQQKEx1TeXJhY3Vz
|
|
ZSBDaXR5IFNjaG9vbCBEaXN0cmljdDESMBAGA1UEAwwJKi5zY3NkLnVzMIIBIjAN
|
|
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwyzN6qnwFYTN5h7unveT3vCYHcbn
|
|
yrovwH1MYGNS8l/C6UOpU43UojHSzdklCRzhQWMzwrJqbGHhKUgCugDDJ6TUGsWO
|
|
KMox7/+xqhWYiAxex+sLfadUig6JgLZEvJQOFT8HQP0FNxwgHIzy7LFOXUEQRt1n
|
|
JO049X+yZg11FE4kGzKZQSzPuJy/KIh55tig+sMo51e37YpK9qnx/x7MsGjwXvGK
|
|
JGifG6VSJOviut+uVNxSuefXAYAHLxTZ4LQ5nVzjIOlPQoxZgxfZkj6dplQLXDE0
|
|
whXK7TaPGL6WSmaEGIg5C2mIxMPymaISghuQIINGQsywKqMClEhR8V3eMwIDAQAB
|
|
o4IDijCCA4YwHwYDVR0jBBgwFoAUdIWAwGbH3zfez70pN6oDHb7tzRcwHQYDVR0O
|
|
BBYEFPeSzw2sCNFgYQPercSi9KIznqgdMB0GA1UdEQQWMBSCCSouc2NzZC51c4IH
|
|
c2NzZC51czAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
|
|
AQUFBwMCMIGfBgNVHR8EgZcwgZQwSKBGoESGQmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0
|
|
LmNvbS9EaWdpQ2VydEdsb2JhbEcyVExTUlNBU0hBMjU2MjAyMENBMS0xLmNybDBI
|
|
oEagRIZCaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsRzJU
|
|
TFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkw
|
|
JwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzCBhwYIKwYB
|
|
BQUHAQEEezB5MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20w
|
|
UQYIKwYBBQUHMAKGRWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2Vy
|
|
dEdsb2JhbEcyVExTUlNBU0hBMjU2MjAyMENBMS0xLmNydDAJBgNVHRMEAjAAMIIB
|
|
fQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdQDuzdBk1dsazsVct520zROiModGfLzs
|
|
3sNRSFlGcR+1mwAAAYcJ3nn5AAAEAwBGMEQCIH55K36zsYtpJs1YQkdxFXRTWpDC
|
|
NABjpEHQtvEL2KG9AiAgaDXY/QuJTUuJ9xtV5u8YiK04wPO6v1wM+oPkm/hEFwB1
|
|
AHPZnokbTJZ4oCB9R53mssYc0FFecRkqjGuAEHrBd3K1AAABhwneekgAAAQDAEYw
|
|
RAIgVL4VSfUWqo8Qf/c6Z+Wit4TDCQ7cB94A3lJkqBsPGd8CIBlvUZ1XAfClnh/C
|
|
wjKDK0fafVOb3H89G8iI2TLO8C8JAHcASLDja9qmRzQP5WoC+p0w6xxSActW3SyB
|
|
2bu/qznYhHMAAAGHCd56HAAABAMASDBGAiEAvp1Q11dD5sKNIsk2Uy6M3o4Kpxg2
|
|
XZcwh6fnbcI7rOICIQC27p7LOeQjP+n3EwRp5hi+zfP5x/v79psDqUJCqnzpnjAN
|
|
BgkqhkiG9w0BAQsFAAOCAQEAl/4QUf47tVSZONXQcGl0CJY4eU1IIxKAAE5XS1nr
|
|
fvDgBcI2rFG4Jn43ghzkbmSPw22RBucXd6qgfJICg/WTQ1EsGunwejP2GdfZ/ITa
|
|
3GDyrqdMkSpPFZS9CeXHcwFHi1K2UHrq5ghD6aKvX4dtJIFTWWFOaJrb+g9qyJy9
|
|
sMhFRziGc36r1lRGNx2HiBvq1hqIELbO5uooHIEUq6eZVUknk/zX3vH9vhJdguzQ
|
|
BNwP6wAdtj1tPBmjFV3qMjrZtgPyl+p1r4WCqyml6j8P5mUlWgtsCLo4oId++lL+
|
|
UrU6RSClqgz4I6f0rJZ21YK2JWlVSRuJoCVOpezPzqqP3g==
|
|
-----END CERTIFICATE-----"
|
|
set range vdom
|
|
set source user
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "StartCert-Expire042025"
|
|
set password ENC jyJxw7JalcpiwrTI7mXdEppwKlRNyqFKQvuTs8lgOVQDs9nOwYacRjtwNt8MO1qIK813I2R4HjBFqoaQWVXAd17/jhFtCRlxpxmatCWl/4W/dGdB7Ty4Hcxi/EQP2nURVV+poKl5F9Mei2dXekoQsvFw8gnKUlQTzC8nJnptAbr1rAu/nF6bj8OzzhR4f/+P++bqjFlmMjY3dkVA
|
|
set comments ''
|
|
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
MIIFJDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQqIr+9od/z5WzgWFg
|
|
chcsSgICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQI+wxEg1XTSboEggTI
|
|
qS6FDx7b48fZRvEBbudlPgJXLRgOGDXtng2kGpmJndlmevqydQgz9RMOh9xwJACX
|
|
WJkPsYxV+fT9K/qvwXQpuNsX+wY58mHN10OIFRpnmX2QUAWxRRv9S7PffSDvXKMF
|
|
vPiUmITLTbfOlq3NDiImowMSwI6c66p1avpo6lHwLpbzHjmBHxiCQ2qE93LrkdRL
|
|
N+HLaLuSEnexB3/Pyh1mycB6a0/XXbvl3MPFy7x2OiGhylC8J41DZYf12+qTDgxe
|
|
oFUwmyXwv5fxRoMxInHDOXec9+OehD43E5QC99xxZbXYjTNnqyqyUcMSuCAGcmcC
|
|
jiSTWM/h2VtYyb98GqnI5RuOGTYuefbTSEP8I4WxJwlgULG2UZQy+aYitQhTEnQX
|
|
W3vxBgz+Gi1x82kQ8b9B9TyMRfqH3oPbBDlibmTuko4XcTyZNQ1sLcqjuhHwvN3b
|
|
TGd6fB8KQJeToNSK+P8zVYnC6MeIQPi8X+1WCsRPIq5V6moTtqD4u2aeo4eaaGUM
|
|
dPVv5FB9/ElG7J8DVtTFKPoQM8hzqX+hFOyTpKxYej4wFCtRFn8oSeH+p4/0RZXj
|
|
WsKkN2sHDvIFoAvheSkAvgfs78Mdyns4FqHw9RtIBrTGvRmAhYy01H72cHEB6UlL
|
|
KSBzNMtIopu3ZFxtKjAolKoGvMSM1WRwPbIxGhpjTDjNX+oJSnz1MC5Pa4mEhtcO
|
|
LuP0cZ04jvNQhVVo9hCjNmoh9gBdeFs8vGM7I/CjTJrHKlS7kG4rvyOyeiEX0q9b
|
|
ywiU03l/aAEKpcGU/8q5micieV2gsPsZAWLcWbnuXOnJ/ZazED+Im9SNVtpAWw5H
|
|
EhohS9xsdmQ80qW4iOhy1L+ZwQ2GQPGQYXKeQHLyqwzz74q1ejmYtbLqf7w+lMsU
|
|
YIzDkj9m4vMHKHlbD4fuMTaf/0uVVmiHbrvahQaewhAjswj1iU0ddPJAzI56SXqT
|
|
nQn238q8jTaiGOWLzCbyfR9YS1LQW8FaMGI7f4g0g7wx3GNtCP4ZGmUgVM9hPbrd
|
|
2hnNW/tISFZxCj9ya32p8yMR+4QgaoE9EgSB16r5zeO69JfToQ7BwSSqkR+ONQ/8
|
|
okrlyJc4njgR+CvRy3tL/9/09uCaFm41NF9woO71FoEO9fnPBmILvBmxWWgi89rw
|
|
BtIsxWt7wXz+IiNtSVhz4amMTJzjXDATPWGCHZLL0TC3Aiz2CjJoXoMKRnINLSyA
|
|
sgAzTfFcK1uCaGHsjwqSNM8E39WLj6DrGHBCEgpBk3jfQ3UNE3WdCgtxdT1lUxFp
|
|
Yqw2+NLzTBsYkO5U+zvpGTg1VqeRVcwU9GgeUikMMoJthaGwBHuRHUvQ+8M/hf1M
|
|
bhtitM7b62afxgikBqw6UR2UZ61l5KEnpjRrKTAFmD2Im9cFqg8TJ2gCGYw06GLV
|
|
uzuNAZVWGKSVq6YNYaZc7A+0RkA/QUKkQg0mQ+s1URueN9op5d1/4iN/JSsKwwA6
|
|
hHw7rr/j30ms8Tt/ooZyv681O9iaeVp5VR27Cq0OQMxt1U5WmPzoJbQ9pT+klV2H
|
|
oLs49q/o/yaiF6zPhuSPTbJWUAa8Ek+2ilW+AHrXrq+/jA5AA50NmfS6mBQsNTe9
|
|
kbBm6pk4OQTIbwgqoes74/kdY0MmtqvU
|
|
-----END ENCRYPTED PRIVATE KEY-----"
|
|
set certificate "-----BEGIN CERTIFICATE-----
|
|
MIIG4jCCBcqgAwIBAgIQDzJ753SaEbPwC2TYhqhgzzANBgkqhkiG9w0BAQsFADBZ
|
|
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypE
|
|
aWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjQw
|
|
NDAxMDAwMDAwWhcNMjUwNDA0MjM1OTU5WjBvMQswCQYDVQQGEwJVUzERMA8GA1UE
|
|
CBMITmV3IFlvcmsxETAPBgNVBAcTCFN5cmFjdXNlMSYwJAYDVQQKEx1TeXJhY3Vz
|
|
ZSBDaXR5IFNjaG9vbCBEaXN0cmljdDESMBAGA1UEAwwJKi5zY3NkLnVzMIIBIjAN
|
|
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+HVfutRSccIQwsqEE+s02bTscFy
|
|
flgp/jvqOX+Kgv8SK60K+nRXFNl82cC0HXBYUPSCTtvmXj/mTVew4eX+zGFXTUxk
|
|
3rCIWByTKh4bFQb7uVk0TpqT3RKCnQ3YWdKGYrM4FkxVx4royioW3IFKVKqeowS5
|
|
BQvl3u2xtw4+VJ9TwDXR7tiiCEHGor8Y2P3DOEs4MqrhRLjeCFCMp6mF/mTkp7d6
|
|
JIwvtYTkZ6YrbdZ58MHFzzwZRt5NPxlWg7xyi0lmiCnw2RcEA3r9mmMHcCQrC7id
|
|
3GAdTjaJ81mHnxY2b8yiysaHjaO1MTeDAWRc1XupSOghXunmJk6v1LShFwIDAQAB
|
|
o4IDjjCCA4owHwYDVR0jBBgwFoAUdIWAwGbH3zfez70pN6oDHb7tzRcwHQYDVR0O
|
|
BBYEFJQQH8YDCXs0QPOtYp9lE6BCT0wJMB0GA1UdEQQWMBSCCSouc2NzZC51c4IH
|
|
c2NzZC51czA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRw
|
|
Oi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
|
|
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBnwYDVR0fBIGXMIGUMEigRqBEhkJodHRw
|
|
Oi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxHMlRMU1JTQVNIQTI1
|
|
NjIwMjBDQTEtMS5jcmwwSKBGoESGQmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9E
|
|
aWdpQ2VydEdsb2JhbEcyVExTUlNBU0hBMjU2MjAyMENBMS0xLmNybDCBhwYIKwYB
|
|
BQUHAQEEezB5MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20w
|
|
UQYIKwYBBQUHMAKGRWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2Vy
|
|
dEdsb2JhbEcyVExTUlNBU0hBMjU2MjAyMENBMS0xLmNydDAMBgNVHRMBAf8EAjAA
|
|
MIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdwBOdaMnXJoQwzhbbNTfP1LrHfDg
|
|
jhuNacCx+mSxYpo53wAAAY6XVFePAAAEAwBIMEYCIQCc+xSNwzXetTtvOPCJx1JU
|
|
M4iWpsp0DLtg1rlvqrD08AIhANTznGg0ThlDqySyPljqziQR6dT1dsZSpxX8l63+
|
|
EnPhAHUAfVkeEuF4KnscYWd8Xv340IdcFKBOlZ65Ay/ZDowuebgAAAGOl1RX0AAA
|
|
BAMARjBEAiBXdIyvEB6QMac+52GoUnsasIezhpaptfUF3whQz+ZAKQIgEI0Ac3mb
|
|
3SnXTJ9mgrIGnCORMntNEeuIP5Usr2VzNdIAdgDm0jFjQHeMwRBBBtdxuc7B0kD2
|
|
loSG+7qHMh39HjeOUAAAAY6XVFfeAAAEAwBHMEUCIQCSw1D2KKcbgN5JBvbSUUNH
|
|
k405DDKKSCiikV8iDVsQRgIgaKA4XiJwS4ANGdRCb59DvO3W+tE5gbJqpJ+GM5tm
|
|
ZwAwDQYJKoZIhvcNAQELBQADggEBACCmDXWJXOO/W2p3mLeKh3ASS7HjXoSrxrrC
|
|
DhpPeYLY6IeOgZ/YswemPl3zXhNwKzD9dDgagnShy+DvnIdCHxKZV05q50OmADFl
|
|
0LMh83Y46QJiJ15m1kL5vQM/gGlc4ZpN9PfOJQaotaLNYfVIatW+1gpr8yUCreIO
|
|
SOlFKpjC5EsU/mMZsFxN7d2k1IUpNjlimSShkVYcZhJUG5lKBs9R7sSSvIeA6CHW
|
|
YkZwsmfv+q3EI9HX4ULuOFo0GfXjdbUR4kRE2EoLk+0prTGuR4pVQI0psfBbaj3K
|
|
5yKXZASmPsxLukdMfZH90zyej7K2KPnPza/P2PubGx7U0snfo7Q=
|
|
-----END CERTIFICATE-----"
|
|
set range vdom
|
|
set source user
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
edit "StarCert-Expire03202026"
|
|
set password ENC f04u7nTsB7Rhx1FIaXdyu2MPSqxiO9KaLTLA3QBsbfthTvCLYKI7Cq07tp8PqTwd9Skyocw+GRtKs/9TPL5RMHUoqn9vwzkUWqwgErHNVoR6gtnkDUDC7MXsBLhWHk+O4c5o5JplKl1mE9pfrppWVXBBit9b/z7MWGJOBmoXRw8nPTYuzMbGXotz03NNjZPsVCwj9VlmMjY3dkVA
|
|
set comments ''
|
|
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
MIIFJDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQbZLhdCPx1abnj0G0
|
|
F+dDlAICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIHb4rIG9G478EggTI
|
|
YhxnUvmQkDeA6BDBlweSZGRn/pBeUXMcgHVRSTqttWt7lxFNz3VJTqn1CtU34VHP
|
|
xphiOm6N3/Q5wy6vT5sQowT1U+0S6nnTYTmUiQVzmLjDVlaQUfJOBnUVeiL8H8F5
|
|
R2+GHXZ1f9LNnguXldhGmze8C7b0nborGkmLw5JMKGxHfTRtajatn5aZwvOqTnHR
|
|
na6m5YKRvmKXUNX0LaS14RAnXUYjlfnqwEF6biTDI0nLOQLbgDRfY1fg0xsM3Rek
|
|
rPQ+lPK9afVl7fsE/v5vb1vTO44mKrkbX4w0fD4engjfHvOGSeNWHfBjIvDTpCJB
|
|
t4fKRmYzsuyMS0CueMscQo8ynbgzBLY+ihj273w4T2I/21oqwPD/03rkiAOeXft3
|
|
gXQmCKEb57XHGPGJiRGYbMlMMQGgjqARpQXkRIw04ULmsTfVxYaQgHEFXgxOT/n6
|
|
UxsTfJXORJNb1NnQAwp79cqBQONHmaoAFYsonadTjrZCWSkz+FUIniMfLYvFXJ/y
|
|
h+lZfZEKgnzGjGDhQSxIPe7BfQvjbZi+wtRqGQbyMIYqKPG2Bb8y/qUuP1JEQoBl
|
|
KZ1XNtcv3wVRVuLQYJnYzpDdJ5YjK7D5U2aVXMSs4B6iCcLNQNVi8auePEto+jUk
|
|
ESYj9bmA9Uh6wIDG2PBMVTmj5nGfn7kt9TMSKQueBDsHD2esOyQ07aNfBlPpwso7
|
|
gAwblqHeJQL/PiHKqkBzM9tIAQs/tFkIwWDz4HYncb8LtoOEcxjF1j3W/LjTmSwk
|
|
harX6sjB5beNPD7BJF3z+iC1Eher+n5riABUIeYWtqwnEAaUhFPCDW4FekOkXwO9
|
|
3eSEf4HMWkYhYzTCMUMBhp1UilJi2YagaENRfjqsJpVLylamhTpkD1BHXMy7snjr
|
|
m76uCMBaYbbsCvleoZH3G8RwVm0xtuObRq0EYZF4XIeVwOL6cWbkvc5QgVDwbyu4
|
|
QQJnj3woVXtpEOsVpzmAJrEm5HTPKSEGBXSq0jsmUC5/h4BPac946PR06IFLO/oF
|
|
Ysivj6ZDSpwuFj0zftK7+NPp+8JGjp/VlrpEcTB8ezNvCYJpS5O9AqNdKLM8V/wI
|
|
4gbB99cY6JF2TZ1rjNYD/ZfMkSIzSI096eTLdXtIE1voOB4X0oocUptjie04xblC
|
|
vufg94KBDKVlxNJYUeDDVyxKlcqEOzq+L1qF5LQ6d6Ms0lWusSVbANGwG+ceAbPp
|
|
PWhNz+PojDCAeUhJLJ1nLikKaoS/aDfNu+8tX8bQajsa4z2gxGFeLFATr8rqDmPd
|
|
x86g4o8ue2r+XzWfmV0ykkQWGQmJ7ojW1xXnFFf2SxKRLDJhj+Yjg++KkaPyjWuZ
|
|
u8t5ujKzIUfh+Oikw+sXnqyDvspFC3qEnIEwhXMXEwfMZ0CnWljBlh3kS5MkTQai
|
|
o6T6TQaJ4FMz5n5/VUqDAuesxiz2tv5A8BaJfvxfllVsOmn03PO8GyqiWSmccPDm
|
|
ahLkwoAoEGe57zn0gzy4iO1UsjPT6njHQvTKcW4tmw7tnd2q7/5lf/Y4Zghxb/sD
|
|
sm3Ul21Icr8pPS/Sov7+lIFjpWq8lXM3TYLweYTJFS/nGDoQu9q+FJwUmqeIwlT+
|
|
1eM/OKtNy3tgQVbE9bGU9xF6lLcIeNBC
|
|
-----END ENCRYPTED PRIVATE KEY-----"
|
|
set certificate "-----BEGIN CERTIFICATE-----
|
|
MIIG2jCCBcKgAwIBAgIQBEdfHQ5i8A9R/h7gVSxl4zANBgkqhkiG9w0BAQsFADBZ
|
|
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypE
|
|
aWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjUw
|
|
MzIxMDAwMDAwWhcNMjYwMzIwMjM1OTU5WjBvMQswCQYDVQQGEwJVUzERMA8GA1UE
|
|
CBMITmV3IFlvcmsxETAPBgNVBAcTCFN5cmFjdXNlMSYwJAYDVQQKEx1TeXJhY3Vz
|
|
ZSBDaXR5IFNjaG9vbCBEaXN0cmljdDESMBAGA1UEAwwJKi5zY3NkLnVzMIIBIjAN
|
|
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4dcPhj5rvQaIBSxUDzBr8KxwKw7
|
|
8EDAmOM6q9e7qo5IKWFigoYYuhp7yGVzxL7MKeHQM4Lj7wCApZJgTPynvW6tj7Tk
|
|
hMAfdYELB1KE9pOJnZsVipuS+bRRc3bGBMW47HFggNKu30oiIsaRY0lBVu6/R01B
|
|
TmSG8+Nvq8S4+RqsGLmp3H6L4JqMvnCoMl6jeVTUkEJziAp0aHVr8+BFszpmavUo
|
|
jA7epe8kofY9o5bxhKsZus18rYoAgV4MPhk6f6NCWowyMYABa9ciBtmxGhxFCnju
|
|
3ED68exn2q7nJSA7Rx/DixYfvwwjxTKHhxlDbojw+6LCJQKN8knvFOFyVwIDAQAB
|
|
o4IDhjCCA4IwHwYDVR0jBBgwFoAUdIWAwGbH3zfez70pN6oDHb7tzRcwHQYDVR0O
|
|
BBYEFDjz+efeVgFKxI6a15vnMMte60znMBQGA1UdEQQNMAuCCSouc2NzZC51czA+
|
|
BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRp
|
|
Z2ljZXJ0LmNvbS9DUFMwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
|
|
BwMBBggrBgEFBQcDAjCBnwYDVR0fBIGXMIGUMEigRqBEhkJodHRwOi8vY3JsMy5k
|
|
aWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxHMlRMU1JTQVNIQTI1NjIwMjBDQTEt
|
|
MS5jcmwwSKBGoESGQmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEds
|
|
b2JhbEcyVExTUlNBU0hBMjU2MjAyMENBMS0xLmNybDCBhwYIKwYBBQUHAQEEezB5
|
|
MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wUQYIKwYBBQUH
|
|
MAKGRWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbEcy
|
|
VExTUlNBU0hBMjU2MjAyMENBMS0xLmNydDAMBgNVHRMBAf8EAjAAMIIBfwYKKwYB
|
|
BAHWeQIEAgSCAW8EggFrAWkAdQAOV5S8866pPjMbLJkHs/eQ35vCPXEyJd0hqSWs
|
|
YcVOIQAAAZW5bcSoAAAEAwBGMEQCICyM3piBJwJgAawHNzKV/ZXrnoe0AdAeD7t6
|
|
BSCaTIuVAiBIDIkZ95sMOPdzP+VUA3umHGkqn2jMcV6gvISSHcyqEQB3AGQRxGyk
|
|
EuyniRyiAi4AvKtPKAfUHjUnq+r+1QPJfc3wAAABlbltxN0AAAQDAEgwRgIhAJyk
|
|
XDU85LqooegQSH2tu2sfKNOcsYgAy1aD8sKfsRvAAiEA92hsc8WYijQAALbtJ9DM
|
|
pe4XjMHj9CrzeFKSL2+GcpMAdwDLOPcViXyEoURfW8Hd+8lu8ppZzUcKaQWFsMsU
|
|
wxRY5wAAAZW5bcTvAAAEAwBIMEYCIQDDMPALNiQLIxhh/Uid+0jyWIsZmTCuoH9R
|
|
C1TVojs5QgIhAJsvEygigzHRdQSsNwYs2LApdFaGkbiAfrRvrC15Nbu3MA0GCSqG
|
|
SIb3DQEBCwUAA4IBAQCa8zDuxeUlkvxq1/8WNSGBP18Q9p6JkoyW1tLb209Bqsnk
|
|
a8LpTQRWy6GfnM8Fgn5P6d/JjxtdXgVfAWoQi95mc/PL9RrhQsf43UWfMQXQyk/j
|
|
d0Y6AreSLGHaNYh7NRogZQ1WhAJtyPYR2BkSve2LqywBcLvfWWdqoJsmsJ/TnIdX
|
|
QjZlInO1DdZocw2hWK7ahE5DDV5JIiUqCYKUdUce66tvnhiiS7QRsm8ZMo3HePTl
|
|
glOKnVPlyTcEMuj9RZ3Iyl0qC1BkprUkasqWXwWJN1kZzEFkGMA1jqeRPeu1XVjF
|
|
QgYEdGedMPX6WOCfiCmU2q5BfcjO9j58XC9iQYyI
|
|
-----END CERTIFICATE-----"
|
|
set range vdom
|
|
set source user
|
|
set source-ip 0.0.0.0
|
|
set ike-localid-type asn1dn
|
|
set enroll-protocol none
|
|
next
|
|
end
|
|
config vpn certificate crl
|
|
end
|
|
config vpn certificate ocsp-server
|
|
end
|
|
config vpn certificate setting
|
|
set ocsp-status disable
|
|
set ocsp-option server
|
|
set proxy ''
|
|
set source-ip ''
|
|
set ocsp-default-server ''
|
|
set interface-select-method auto
|
|
set check-ca-cert enable
|
|
set check-ca-chain disable
|
|
set subject-match substring
|
|
set subject-set subset
|
|
set cn-match substring
|
|
set cn-allow-multi enable
|
|
config crl-verification
|
|
set expiry ignore
|
|
set leaf-crl-absence ignore
|
|
set chain-crl-absence ignore
|
|
end
|
|
set strict-ocsp-check disable
|
|
set ssl-min-proto-version default
|
|
set cmp-save-extra-certs disable
|
|
set cmp-key-usage-checking enable
|
|
set cert-expire-warning 14
|
|
set certname-rsa1024 "Fortinet_SSL_RSA1024"
|
|
set certname-rsa2048 "Fortinet_SSL_RSA2048"
|
|
set certname-rsa4096 "Fortinet_SSL_RSA4096"
|
|
set certname-dsa1024 "Fortinet_SSL_DSA1024"
|
|
set certname-dsa2048 "Fortinet_SSL_DSA2048"
|
|
set certname-ecdsa256 "Fortinet_SSL_ECDSA256"
|
|
set certname-ecdsa384 "Fortinet_SSL_ECDSA384"
|
|
set certname-ecdsa521 "Fortinet_SSL_ECDSA521"
|
|
set certname-ed25519 "Fortinet_SSL_ED25519"
|
|
set certname-ed448 "Fortinet_SSL_ED448"
|
|
end
|
|
config webfilter ftgd-local-cat
|
|
edit "custom1"
|
|
set status enable
|
|
set id 140
|
|
next
|
|
edit "custom2"
|
|
set status enable
|
|
set id 141
|
|
next
|
|
end
|
|
config ips sensor
|
|
edit "g-default"
|
|
set comment "Prevent critical attacks."
|
|
set replacemsg-group ''
|
|
set block-malicious-url disable
|
|
set scan-botnet-connections disable
|
|
set extended-log disable
|
|
config entries
|
|
edit 1
|
|
set location all
|
|
set severity medium high critical
|
|
set protocol all
|
|
set os all
|
|
set application all
|
|
set default-action all
|
|
set default-status all
|
|
unset last-modified
|
|
set status default
|
|
set log enable
|
|
set log-packet disable
|
|
set log-attack-context disable
|
|
set action default
|
|
set quarantine none
|
|
next
|
|
end
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "Monitor IPS attacks."
|
|
set replacemsg-group ''
|
|
set block-malicious-url disable
|
|
set scan-botnet-connections disable
|
|
set extended-log disable
|
|
config entries
|
|
edit 1
|
|
set location all
|
|
set severity medium high critical
|
|
set protocol all
|
|
set os all
|
|
set application all
|
|
set default-action all
|
|
set default-status all
|
|
unset last-modified
|
|
set status default
|
|
set log enable
|
|
set log-packet disable
|
|
set log-attack-context disable
|
|
set action default
|
|
set quarantine none
|
|
next
|
|
end
|
|
next
|
|
edit "g-wifi-default"
|
|
set comment "Default configuration for offloading WiFi traffic."
|
|
set replacemsg-group ''
|
|
set block-malicious-url disable
|
|
set scan-botnet-connections disable
|
|
set extended-log disable
|
|
config entries
|
|
edit 1
|
|
set location all
|
|
set severity medium high critical
|
|
set protocol all
|
|
set os all
|
|
set application all
|
|
set default-action all
|
|
set default-status all
|
|
unset last-modified
|
|
set status default
|
|
set log enable
|
|
set log-packet disable
|
|
set log-attack-context disable
|
|
set action default
|
|
set quarantine none
|
|
next
|
|
end
|
|
next
|
|
edit "Incoming_IPS"
|
|
set comment ''
|
|
set replacemsg-group ''
|
|
set block-malicious-url enable
|
|
set scan-botnet-connections disable
|
|
set extended-log disable
|
|
config entries
|
|
edit 1
|
|
set location server
|
|
set severity medium high critical
|
|
set protocol all
|
|
set os all
|
|
set application all
|
|
set default-action all
|
|
set default-status all
|
|
unset last-modified
|
|
set status default
|
|
set log enable
|
|
set log-packet disable
|
|
set log-attack-context disable
|
|
set action block
|
|
set quarantine none
|
|
next
|
|
end
|
|
next
|
|
edit "Outgoing_IPS"
|
|
set comment ''
|
|
set replacemsg-group ''
|
|
set block-malicious-url enable
|
|
set scan-botnet-connections block
|
|
set extended-log disable
|
|
config entries
|
|
edit 1
|
|
set location client
|
|
set severity medium high critical
|
|
set protocol all
|
|
set os all
|
|
set application all
|
|
set default-action all
|
|
set default-status all
|
|
unset last-modified
|
|
set status default
|
|
set log enable
|
|
set log-packet disable
|
|
set log-attack-context disable
|
|
set action default
|
|
set quarantine none
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config sctp-filter profile
|
|
end
|
|
config diameter-filter profile
|
|
end
|
|
config firewall shaper traffic-shaper
|
|
edit "high-priority"
|
|
set guaranteed-bandwidth 0
|
|
set maximum-bandwidth 1048576
|
|
set bandwidth-unit kbps
|
|
set priority high
|
|
set per-policy enable
|
|
set diffserv disable
|
|
set cos-marking disable
|
|
set overhead 0
|
|
next
|
|
edit "medium-priority"
|
|
set guaranteed-bandwidth 0
|
|
set maximum-bandwidth 1048576
|
|
set bandwidth-unit kbps
|
|
set priority medium
|
|
set per-policy enable
|
|
set diffserv disable
|
|
set cos-marking disable
|
|
set overhead 0
|
|
next
|
|
edit "low-priority"
|
|
set guaranteed-bandwidth 0
|
|
set maximum-bandwidth 1048576
|
|
set bandwidth-unit kbps
|
|
set priority low
|
|
set per-policy enable
|
|
set diffserv disable
|
|
set cos-marking disable
|
|
set overhead 0
|
|
next
|
|
edit "guarantee-100kbps"
|
|
set guaranteed-bandwidth 100
|
|
set maximum-bandwidth 1048576
|
|
set bandwidth-unit kbps
|
|
set priority high
|
|
set per-policy enable
|
|
set diffserv disable
|
|
set cos-marking disable
|
|
set overhead 0
|
|
next
|
|
edit "shared-1M-pipe"
|
|
set guaranteed-bandwidth 0
|
|
set maximum-bandwidth 1024
|
|
set bandwidth-unit kbps
|
|
set priority high
|
|
set per-policy disable
|
|
set diffserv disable
|
|
set cos-marking disable
|
|
set overhead 0
|
|
next
|
|
end
|
|
config firewall shaper per-ip-shaper
|
|
end
|
|
config firewall proxy-address
|
|
edit "IPv4-address"
|
|
set uuid 2a35d328-c0f6-51f0-70a1-f58dfccd36b8
|
|
set type host-regex
|
|
set host-regex "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}$"
|
|
set referrer disable
|
|
set case-sensitivity disable
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
edit "IPv6-address"
|
|
set uuid 2a35d440-c0f6-51f0-0010-6ce2dd483d5b
|
|
set type host-regex
|
|
set host-regex "^\\[(([0-9a-f]{0,4}:){1,7}[0-9a-f]{1,4})\\]$"
|
|
set referrer disable
|
|
set case-sensitivity disable
|
|
set color 0
|
|
set comment ''
|
|
next
|
|
end
|
|
config firewall proxy-addrgrp
|
|
end
|
|
config web-proxy profile
|
|
end
|
|
config web-proxy global
|
|
set ssl-cert "Fortinet_Factory"
|
|
set ssl-ca-cert "Fortinet_CA_SSL"
|
|
set fast-policy-match enable
|
|
set ldap-user-cache disable
|
|
set proxy-fqdn "default.fqdn"
|
|
set max-request-length 8
|
|
set max-message-length 32
|
|
set strict-web-check disable
|
|
set forward-proxy-auth disable
|
|
set forward-server-affinity-timeout 30
|
|
set max-waf-body-cache-length 1
|
|
set webproxy-profile ''
|
|
set learn-client-ip disable
|
|
set policy-category-deep-inspect enable
|
|
set log-policy-pending disable
|
|
set log-forward-server disable
|
|
set log-app-id disable
|
|
set proxy-transparent-cert-inspection disable
|
|
set request-obs-fold keep
|
|
end
|
|
config web-proxy explicit
|
|
set status disable
|
|
set secure-web-proxy disable
|
|
set http-connection-mode static
|
|
set ipv6-status disable
|
|
set strict-guest disable
|
|
set https-replacement-message enable
|
|
set ssl-algorithm low
|
|
end
|
|
config web-proxy forward-server
|
|
end
|
|
config web-proxy forward-server-group
|
|
end
|
|
config web-proxy debug-url
|
|
end
|
|
config web-proxy wisp
|
|
end
|
|
config wanopt webcache
|
|
set max-object-size 512000
|
|
set neg-resp-time 0
|
|
set fresh-factor 100
|
|
set max-ttl 7200
|
|
set min-ttl 5
|
|
set default-ttl 1440
|
|
set ignore-ims disable
|
|
set ignore-conditional disable
|
|
set ignore-pnc disable
|
|
set ignore-ie-reload enable
|
|
set cache-expired disable
|
|
set cache-cookie disable
|
|
set reval-pnc disable
|
|
set always-revalidate disable
|
|
set cache-by-default disable
|
|
set host-validate disable
|
|
set external disable
|
|
end
|
|
config ftp-proxy explicit
|
|
set status disable
|
|
set ssl disable
|
|
end
|
|
config web-proxy fast-fallback
|
|
end
|
|
config web-proxy url-match
|
|
end
|
|
config application custom
|
|
end
|
|
config application list
|
|
edit "g-default"
|
|
set comment "Monitor all applications."
|
|
set replacemsg-group ''
|
|
set extended-log disable
|
|
set other-application-action pass
|
|
set app-replacemsg enable
|
|
set other-application-log disable
|
|
set enforce-default-app-port disable
|
|
set force-inclusion-ssl-di-sigs disable
|
|
set unknown-application-action pass
|
|
set unknown-application-log disable
|
|
unset p2p-block-list
|
|
set deep-app-inspection enable
|
|
set options allow-dns
|
|
config entries
|
|
edit 1
|
|
set protocols all
|
|
set vendor all
|
|
set technology all
|
|
set behavior all
|
|
set popularity 1 2 3 4 5
|
|
set action pass
|
|
set log enable
|
|
set log-packet disable
|
|
set session-ttl 0
|
|
set shaper ''
|
|
set shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set quarantine none
|
|
next
|
|
end
|
|
set control-default-network-services disable
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "Monitor all applications."
|
|
set replacemsg-group ''
|
|
set extended-log disable
|
|
set other-application-action pass
|
|
set app-replacemsg enable
|
|
set other-application-log disable
|
|
set enforce-default-app-port disable
|
|
set force-inclusion-ssl-di-sigs disable
|
|
set unknown-application-action pass
|
|
set unknown-application-log disable
|
|
unset p2p-block-list
|
|
set deep-app-inspection enable
|
|
unset options
|
|
config entries
|
|
edit 1
|
|
set protocols all
|
|
set vendor all
|
|
set technology all
|
|
set behavior all
|
|
set popularity 1 2 3 4 5
|
|
set action pass
|
|
set log enable
|
|
set log-packet disable
|
|
set session-ttl 0
|
|
set shaper ''
|
|
set shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set quarantine none
|
|
next
|
|
end
|
|
set control-default-network-services disable
|
|
next
|
|
edit "g-wifi-default"
|
|
set comment "Default configuration for offloading WiFi traffic."
|
|
set replacemsg-group ''
|
|
set extended-log disable
|
|
set other-application-action pass
|
|
set app-replacemsg enable
|
|
set other-application-log disable
|
|
set enforce-default-app-port disable
|
|
set force-inclusion-ssl-di-sigs disable
|
|
set unknown-application-action pass
|
|
set unknown-application-log disable
|
|
unset p2p-block-list
|
|
set deep-app-inspection disable
|
|
set options allow-dns
|
|
config entries
|
|
edit 1
|
|
set protocols all
|
|
set vendor all
|
|
set technology all
|
|
set behavior all
|
|
set popularity 1 2 3 4 5
|
|
set action pass
|
|
set log disable
|
|
set log-packet disable
|
|
set session-ttl 0
|
|
set shaper ''
|
|
set shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set quarantine none
|
|
next
|
|
end
|
|
set control-default-network-services disable
|
|
next
|
|
edit "App_Ctrl_1"
|
|
set comment ''
|
|
set replacemsg-group ''
|
|
set extended-log disable
|
|
set other-application-action pass
|
|
set app-replacemsg enable
|
|
set other-application-log enable
|
|
set enforce-default-app-port disable
|
|
set force-inclusion-ssl-di-sigs disable
|
|
set unknown-application-action pass
|
|
set unknown-application-log enable
|
|
unset p2p-block-list
|
|
set deep-app-inspection enable
|
|
set options allow-dns
|
|
config entries
|
|
edit 1
|
|
set application 43541 48977 48976 47822
|
|
set action pass
|
|
set log disable
|
|
set log-packet disable
|
|
set rate-count 0
|
|
set session-ttl 0
|
|
set shaper ''
|
|
set shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set quarantine none
|
|
next
|
|
edit 2
|
|
set application 17405
|
|
set action pass
|
|
set log disable
|
|
set log-packet disable
|
|
set rate-count 0
|
|
set session-ttl 0
|
|
set shaper ''
|
|
set shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set quarantine none
|
|
next
|
|
edit 3
|
|
set application 39243 42662 16171 25953 38547 16270
|
|
set action pass
|
|
set log disable
|
|
set log-packet disable
|
|
set rate-count 0
|
|
set session-ttl 0
|
|
set shaper ''
|
|
set shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set quarantine none
|
|
next
|
|
edit 4
|
|
set category 2 6
|
|
set protocols all
|
|
set vendor all
|
|
set technology all
|
|
set behavior all
|
|
set popularity 1 2 3 4 5
|
|
set action block
|
|
set log enable
|
|
set log-packet disable
|
|
set session-ttl 0
|
|
set quarantine none
|
|
next
|
|
edit 5
|
|
set category 25
|
|
set protocols all
|
|
set vendor all
|
|
set technology all
|
|
set behavior all
|
|
set popularity 1 2 3 4 5
|
|
set action pass
|
|
set log disable
|
|
set log-packet disable
|
|
set session-ttl 0
|
|
set shaper ''
|
|
set shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set quarantine none
|
|
next
|
|
end
|
|
set control-default-network-services disable
|
|
next
|
|
edit "IoT"
|
|
set comment ''
|
|
set replacemsg-group ''
|
|
set extended-log disable
|
|
set other-application-action pass
|
|
set app-replacemsg enable
|
|
set other-application-log enable
|
|
set enforce-default-app-port disable
|
|
set force-inclusion-ssl-di-sigs disable
|
|
set unknown-application-action pass
|
|
set unknown-application-log disable
|
|
unset p2p-block-list
|
|
set deep-app-inspection enable
|
|
set options allow-dns
|
|
config entries
|
|
edit 1
|
|
set application 17244
|
|
set action pass
|
|
set log disable
|
|
set log-packet disable
|
|
set rate-count 0
|
|
set session-ttl 0
|
|
set shaper ''
|
|
set shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set quarantine none
|
|
next
|
|
edit 2
|
|
set category 2 6
|
|
set protocols all
|
|
set vendor all
|
|
set technology all
|
|
set behavior all
|
|
set popularity 1 2 3 4 5
|
|
set action block
|
|
set log enable
|
|
set log-packet disable
|
|
set session-ttl 0
|
|
set quarantine none
|
|
next
|
|
end
|
|
set control-default-network-services disable
|
|
next
|
|
end
|
|
config application group
|
|
end
|
|
config dlp data-type
|
|
edit "g-credit-card"
|
|
set pattern "\\b([2-6]{1}\\d{3})[- ]?(\\d{4})[- ]?(\\d{2})[- ]?(\\d{2})[- ]?(\\d{2,4})\\b"
|
|
set verify "builtin)credit-card"
|
|
set verify2 ''
|
|
set match-around ''
|
|
set look-back 20
|
|
set look-ahead 1
|
|
set transform "\\b\\1[- ]?\\2[- ]?\\3[- ]?\\4[- ]?\\5\\b"
|
|
set verify-transformed-pattern disable
|
|
set comment ''
|
|
next
|
|
edit "g-edm-keyword"
|
|
set pattern ".+"
|
|
set verify ''
|
|
set match-around ''
|
|
set transform "/\\b\\0\\b/i"
|
|
set comment ''
|
|
next
|
|
edit "g-hex"
|
|
set pattern "built-in"
|
|
set verify ''
|
|
set match-around ''
|
|
set transform ''
|
|
set comment ''
|
|
next
|
|
edit "g-keyword"
|
|
set pattern "built-in"
|
|
set verify ''
|
|
set match-around ''
|
|
set transform ''
|
|
set comment ''
|
|
next
|
|
edit "g-mip-label"
|
|
set pattern "^[[:xdigit:]]{8}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{12}$"
|
|
set verify ''
|
|
set match-around ''
|
|
set transform "built-in"
|
|
set comment ''
|
|
next
|
|
edit "g-regex"
|
|
set pattern "built-in"
|
|
set verify ''
|
|
set match-around ''
|
|
set transform ''
|
|
set comment ''
|
|
next
|
|
edit "g-ssn-us"
|
|
set pattern "\\b(\\d{3})-(\\d{2})-(\\d{4})\\b"
|
|
set verify "(?<!-)\\b(?!666|000|9\\d{2})\\d{3}-(?!00)\\d{2}-(?!0{4})\\d{4}\\b(?!-)"
|
|
set verify2 ''
|
|
set match-around ''
|
|
set look-back 12
|
|
set look-ahead 1
|
|
set transform "\\b\\1-\\2-\\3\\b"
|
|
set verify-transformed-pattern disable
|
|
set comment ''
|
|
next
|
|
end
|
|
config dlp dictionary
|
|
end
|
|
config dlp exact-data-match
|
|
end
|
|
config dlp sensor
|
|
end
|
|
config dlp filepattern
|
|
edit 1
|
|
set name "builtin-patterns"
|
|
set comment ''
|
|
config entries
|
|
edit "*.bat"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.com"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.dll"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.doc"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.exe"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.gz"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.hta"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.ppt"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.rar"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.scr"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.tar"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.tgz"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.vb?"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.wps"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.xl?"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.zip"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.pif"
|
|
set filter-type pattern
|
|
next
|
|
edit "*.cpl"
|
|
set filter-type pattern
|
|
next
|
|
end
|
|
next
|
|
edit 2
|
|
set name "all_executables"
|
|
set comment ''
|
|
config entries
|
|
edit "bat"
|
|
set filter-type type
|
|
set file-type bat
|
|
next
|
|
edit "exe"
|
|
set filter-type type
|
|
set file-type exe
|
|
next
|
|
edit "elf"
|
|
set filter-type type
|
|
set file-type elf
|
|
next
|
|
edit "hta"
|
|
set filter-type type
|
|
set file-type hta
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config dlp sensitivity
|
|
edit "Private"
|
|
next
|
|
edit "Critical"
|
|
next
|
|
edit "Warning"
|
|
next
|
|
end
|
|
config dlp fp-doc-source
|
|
end
|
|
config dlp profile
|
|
edit "g-default"
|
|
set comment "Default profile."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
set dlp-log enable
|
|
set extended-log disable
|
|
set nac-quar-log disable
|
|
unset full-archive-proto
|
|
unset summary-proto
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "Log a summary of email and web traffic."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
set dlp-log enable
|
|
set extended-log disable
|
|
set nac-quar-log disable
|
|
unset full-archive-proto
|
|
set summary-proto smtp pop3 imap http-get http-post
|
|
next
|
|
end
|
|
config webfilter content
|
|
end
|
|
config webfilter content-header
|
|
end
|
|
config webfilter urlfilter
|
|
end
|
|
config videofilter youtube-key
|
|
end
|
|
config videofilter keyword
|
|
end
|
|
config videofilter profile
|
|
end
|
|
config webfilter ips-urlfilter-setting
|
|
set device ''
|
|
set distance 1
|
|
set gateway 0.0.0.0
|
|
set geo-filter ''
|
|
end
|
|
config webfilter ips-urlfilter-setting6
|
|
set device ''
|
|
set distance 1
|
|
set gateway6 ::
|
|
set geo-filter ''
|
|
end
|
|
config emailfilter bword
|
|
end
|
|
config emailfilter block-allow-list
|
|
end
|
|
config emailfilter mheader
|
|
end
|
|
config emailfilter dnsbl
|
|
end
|
|
config emailfilter iptrust
|
|
end
|
|
config log threat-weight
|
|
set status enable
|
|
config level
|
|
set low 5
|
|
set medium 10
|
|
set high 30
|
|
set critical 50
|
|
end
|
|
set blocked-connection high
|
|
set failed-connection low
|
|
set url-block-detected high
|
|
set botnet-connection-detected critical
|
|
config malware
|
|
set virus-infected critical
|
|
set inline-block critical
|
|
set file-blocked low
|
|
set command-blocked disable
|
|
set oversized disable
|
|
set virus-scan-error high
|
|
set switch-proto disable
|
|
set mimefragmented disable
|
|
set virus-file-type-executable medium
|
|
set virus-outbreak-prevention critical
|
|
set content-disarm medium
|
|
set malware-list medium
|
|
set ems-threat-feed medium
|
|
set fsa-malicious critical
|
|
set fsa-high-risk high
|
|
set fsa-medium-risk medium
|
|
end
|
|
config ips
|
|
set info-severity disable
|
|
set low-severity low
|
|
set medium-severity medium
|
|
set high-severity high
|
|
set critical-severity critical
|
|
end
|
|
config web
|
|
edit 1
|
|
set category 26
|
|
set level high
|
|
next
|
|
edit 2
|
|
set category 61
|
|
set level high
|
|
next
|
|
edit 3
|
|
set category 86
|
|
set level high
|
|
next
|
|
edit 4
|
|
set category 1
|
|
set level medium
|
|
next
|
|
edit 5
|
|
set category 3
|
|
set level medium
|
|
next
|
|
edit 6
|
|
set category 4
|
|
set level medium
|
|
next
|
|
edit 7
|
|
set category 5
|
|
set level medium
|
|
next
|
|
edit 8
|
|
set category 6
|
|
set level medium
|
|
next
|
|
edit 9
|
|
set category 12
|
|
set level medium
|
|
next
|
|
edit 10
|
|
set category 59
|
|
set level medium
|
|
next
|
|
edit 11
|
|
set category 62
|
|
set level medium
|
|
next
|
|
edit 12
|
|
set category 83
|
|
set level medium
|
|
next
|
|
edit 13
|
|
set category 72
|
|
set level low
|
|
next
|
|
edit 14
|
|
set category 14
|
|
set level low
|
|
next
|
|
edit 15
|
|
set category 96
|
|
set level medium
|
|
next
|
|
end
|
|
config application
|
|
edit 1
|
|
set category 2
|
|
set level low
|
|
next
|
|
edit 2
|
|
set category 6
|
|
set level medium
|
|
next
|
|
end
|
|
end
|
|
config icap server
|
|
end
|
|
config icap server-group
|
|
end
|
|
config icap profile
|
|
edit "default"
|
|
set replacemsg-group ''
|
|
set comment ''
|
|
set request disable
|
|
set response disable
|
|
unset file-transfer
|
|
set streaming-content-bypass disable
|
|
set 204-response disable
|
|
set preview disable
|
|
set methods delete get head options post put trace connect other
|
|
set icap-block-log disable
|
|
set chunk-encap disable
|
|
unset extension-feature
|
|
set timeout 30
|
|
config icap-headers
|
|
edit 1
|
|
set name "X-Authenticated-User"
|
|
set content "$user"
|
|
set base64-encoding disable
|
|
next
|
|
edit 2
|
|
set name "X-Authenticated-Groups"
|
|
set content "$local_grp"
|
|
set base64-encoding disable
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config system network-visibility
|
|
set destination-visibility enable
|
|
set source-location enable
|
|
set destination-hostname-visibility enable
|
|
set hostname-ttl 86400
|
|
set hostname-limit 5000
|
|
set destination-location enable
|
|
end
|
|
config user peer
|
|
end
|
|
config user peergrp
|
|
end
|
|
config vpn qkd
|
|
end
|
|
config user certificate
|
|
end
|
|
config user radius
|
|
end
|
|
config user tacacs+
|
|
end
|
|
config user exchange
|
|
end
|
|
config user ldap
|
|
edit "HVDC03.scsd.ad"
|
|
set server "10.1.48.95"
|
|
set secondary-server ''
|
|
set tertiary-server ''
|
|
set status-ttl 300
|
|
set source-ip ''
|
|
set source-port 0
|
|
set cnid "sAMAccountName"
|
|
set dn "dc=scsd,dc=ad"
|
|
set type regular
|
|
set two-factor disable
|
|
set username "fortinet ldap"
|
|
set password ENC SjHtveea+LAB2HgAYveC9kts5TlTkp3w0ESxUalvmHAk95X5ffILxaJsSvGENGWwITrj0+/R2Nom1obg9jIWza8mg7hADcYmEo+IRHupjafSByosGYOgKjnBukMwK4++FemIIT7LSW3aJ9kgvnfipyTCD9oDqtL5TNySHd5q/0cOO8gxxTyE3a6liWhwPXA+x1oEhllmMjY3dkVA
|
|
set group-member-check user-attr
|
|
set group-search-base ''
|
|
set group-filter ''
|
|
set secure disable
|
|
set port 389
|
|
set password-expiry-warning disable
|
|
set password-renewal disable
|
|
set member-attr "memberOf"
|
|
set account-key-processing same
|
|
set account-key-cert-field othername
|
|
set account-key-filter "(&(userPrincipalName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))"
|
|
unset search-type
|
|
set obtain-user-info enable
|
|
set user-info-exchange-server ''
|
|
set interface-select-method auto
|
|
set antiphish disable
|
|
next
|
|
edit "HVDC02.scsd.ad"
|
|
set server "10.21.48.10"
|
|
set secondary-server ''
|
|
set tertiary-server ''
|
|
set status-ttl 300
|
|
set source-ip ''
|
|
set source-port 0
|
|
set cnid "sAMAccountName"
|
|
set dn "dc=scsd,dc=ad"
|
|
set type regular
|
|
set two-factor disable
|
|
set username "fortinet ldap"
|
|
set password ENC ItJSETRiioXlSHf6/1KFDKYKvNQj6N4zEVmBnRidrcQaBY46aYZyEJU9S+Xx6Hi2hddcBrMgooTkzMq1Cu3NW0fAeBNfKGlpYIEeXJXkoZh0qT49dNcRb5MEEEiiexRntbH3NiVQLCzXr7FYsxsDfwrkBu6aql49rYx556VSQe96zVhSpVyHn/FbdYP7IA/ZsS6SbVlmMjY3dkVA
|
|
set group-member-check user-attr
|
|
set group-search-base ''
|
|
set group-filter ''
|
|
set secure disable
|
|
set port 389
|
|
set password-expiry-warning disable
|
|
set password-renewal disable
|
|
set member-attr "memberOf"
|
|
set account-key-processing same
|
|
set account-key-cert-field othername
|
|
set account-key-filter "(&(userPrincipalName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))"
|
|
unset search-type
|
|
set obtain-user-info enable
|
|
set user-info-exchange-server ''
|
|
set interface-select-method auto
|
|
set antiphish disable
|
|
next
|
|
edit "DC01.scsd.ad"
|
|
set server "10.1.40.10"
|
|
set secondary-server ''
|
|
set tertiary-server ''
|
|
set status-ttl 300
|
|
set source-ip ''
|
|
set source-port 0
|
|
set cnid "sAMAccountName"
|
|
set dn "dc=scsd,dc=ad"
|
|
set type regular
|
|
set two-factor disable
|
|
set username "fortinet ldap"
|
|
set password ENC 073ZT8etKF2rT5szTqOwxzDg/EWmGPrMjWufZtcG3bKcAyEUW3MGbyehzrW2/ARxLlWxBpwCqWto6Kpi+g8+kJeJDgeJCNi5R2j0IFkOb1WII7+y7HT4wQMg0mlGqx725KOCVsCtwQ9B+6jqB9SBOytULQRlW4P0E98tv0hZyYb47B/udsiqGMgWTRIEkriDst3o3FlmMjY3dkVA
|
|
set group-member-check user-attr
|
|
set group-search-base ''
|
|
set group-filter ''
|
|
set secure disable
|
|
set port 389
|
|
set password-expiry-warning disable
|
|
set password-renewal disable
|
|
set member-attr "memberOf"
|
|
set account-key-processing same
|
|
set account-key-cert-field othername
|
|
set account-key-filter "(&(userPrincipalName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))"
|
|
unset search-type
|
|
set obtain-user-info enable
|
|
set user-info-exchange-server ''
|
|
set interface-select-method auto
|
|
set antiphish disable
|
|
next
|
|
end
|
|
config user krb-keytab
|
|
end
|
|
config user domain-controller
|
|
end
|
|
config user pop3
|
|
end
|
|
config user saml
|
|
edit "azure"
|
|
set cert "StarCert-Expire03202026"
|
|
set entity-id "https://vpn.scsd.us:10443/remote/saml/metadata"
|
|
set single-sign-on-url "https://vpn.scsd.us:10443/remote/saml/login"
|
|
set single-logout-url "https://vpn.scsd.us:10443/remote/saml/logout"
|
|
set idp-entity-id "https://sts.windows.net/46bdfafa-75e0-4634-9a6b-43b9574e6f0a/"
|
|
set idp-single-sign-on-url "https://login.microsoftonline.com/46bdfafa-75e0-4634-9a6b-43b9574e6f0a/saml2"
|
|
set idp-single-logout-url "https://login.microsoftonline.com/46bdfafa-75e0-4634-9a6b-43b9574e6f0a/saml2"
|
|
set idp-cert "REMOTE_Cert_2"
|
|
set user-name "username"
|
|
set group-name "group"
|
|
set digest-method sha256
|
|
set limit-relaystate disable
|
|
set clock-tolerance 15
|
|
set adfs-claim disable
|
|
set reauth disable
|
|
next
|
|
edit "scsd_user_sso"
|
|
set cert "StarCert-Expire03202026"
|
|
set entity-id "https://vpn.scsd.us:10443/remote/saml/metadata"
|
|
set single-sign-on-url "https://vpn.scsd.us:10443/remote/saml/login"
|
|
set single-logout-url "https://vpn.scsd.us:10443/remote/saml/logout"
|
|
set idp-entity-id "https://sts.windows.net/5021feae-da5a-4d27-8d9d-4927b39324c7/"
|
|
set idp-single-sign-on-url "https://login.microsoftonline.com/5021feae-da5a-4d27-8d9d-4927b39324c7/saml2"
|
|
set idp-single-logout-url "https://login.microsoftonline.com/5021feae-da5a-4d27-8d9d-4927b39324c7/saml2"
|
|
set idp-cert "REMOTE_Cert_2"
|
|
set user-name "username"
|
|
set group-name "group"
|
|
set digest-method sha256
|
|
set limit-relaystate disable
|
|
set clock-tolerance 15
|
|
set adfs-claim disable
|
|
set reauth disable
|
|
next
|
|
edit "scsd_user2_sso"
|
|
set cert "StarCert-Expire03202026"
|
|
set entity-id "https://vpn.scsd.us:10443/remote/saml/metadata/"
|
|
set single-sign-on-url "https://vpn.scsd.us:10443/remote/saml/login"
|
|
set single-logout-url "https://vpn.scsd.us:10443/remote/saml/logout"
|
|
set idp-entity-id "https://sts.windows.net/ac4a0b00-0f87-48ae-8d66-1a74019ca4ec/"
|
|
set idp-single-sign-on-url "https://login.microsoftonline.com/ac4a0b00-0f87-48ae-8d66-1a74019ca4ec/saml2"
|
|
set idp-single-logout-url "https://login.microsoftonline.com/ac4a0b00-0f87-48ae-8d66-1a74019ca4ec/saml2"
|
|
set idp-cert "REMOTE_Cert_2"
|
|
set user-name "username"
|
|
set group-name "group"
|
|
set digest-method sha256
|
|
set limit-relaystate disable
|
|
set clock-tolerance 15
|
|
set adfs-claim disable
|
|
set reauth disable
|
|
next
|
|
end
|
|
config user external-identity-provider
|
|
end
|
|
config user fsso
|
|
edit "Orion"
|
|
set type default
|
|
set server "10.1.48.37"
|
|
set port 8000
|
|
set password ENC hZh2+shaKkij0ZIWmau+SRCF9M9xYxbbcb158Vkw3ChebKOCYPDYTmVs3jvnoAOJQ0x5Kyctv5hXSx0NoQmhqSZaDtENvsk93kAaZJhCHJuIxtZx2ooYpzDZAJ4plbe2/wtTi5BZrzpwSkGRJqvqBN+rccSKy9LB3UB5WUfgkKtADAro2WOUfLhwT2d8EyUSkXqts1lmMjY3dkVA
|
|
set server2 ''
|
|
set port2 8000
|
|
set password2 ENC 3o5c91YL9UkTvOeE6DmapfKQha1kOYst4rnqUwmveVilU5ZQKqwb6qpz5u9QB1RNRNvSya6NYl2scb2bE/DOugIOcehd9IdVsa7EtseFbIwvjzwm4ClT1KpnebVniwE77Yg6Vhz5dTLSYJMhF5xwaGqaj1pI5ScPZcm6o7XGtkQlhyT2P2UE1n0fBw/IXVqrbXB2Q1lmMjY3dkVA
|
|
set server3 ''
|
|
set port3 8000
|
|
set password3 ENC UlUjwuJ1I8fNLMqzHfLwSNNANsfr228cOmyZrx0Q9of1MVeedFTgrFSBu8dHcg0rs8pQgsAjH63fwa6Pe0syngbYqZoLFXnt4tBBuJSnXReeqguAPF+TwgKXWdTBrQphzit8s6BOcNprOpo6vkB7O+WR+VbS/35d1NvsSACrRXEKGmzUnVr8eOo8Wz+4tdZNPSj9IFlmMjY3dkVA
|
|
set server4 ''
|
|
set port4 8000
|
|
set password4 ENC BMTc6Nrzgt4y9k73whYkUugn3eZ3qOWn6Yxs4LYD36FUcQyzYcAFoG3iVydD0QGTdb7eVZFnLcc827jmcUOvfhkMWlvujqfdiC/qgKotNk0mB0ltl9j8RA3es7RyCZYyg4UORRUsqNRKpaMeyK2sgxdJr4ButTbPuOIEsHEcQhU6Sfqzf5SmwNt+4/VTTdqfH58uL1lmMjY3dkVA
|
|
set server5 ''
|
|
set port5 8000
|
|
set password5 ENC AtGzLohcZ5Vwgc2I7ZIT7bGvyNq5vUjhncxueByBS+2M6C06DLK6c7DeVuhyPU7Ti3Ur/fGF59uUBAdDsC4IyT43U69ufBzooVElw9JjPh77cgFmgmor/cjekHIvd71dsFimDP2J0DAJnX6vYI/KDVYO/hsx1MDWdRnFd4CcTzdZ5rcqwlvCRSMG7jIAZo4YoIi4nVlmMjY3dkVA
|
|
set logon-timeout 5
|
|
set ldap-server ''
|
|
set group-poll-interval 0
|
|
set user-info-server ''
|
|
set ssl disable
|
|
set source-ip 0.0.0.0
|
|
set source-ip6 ::
|
|
set interface-select-method auto
|
|
next
|
|
end
|
|
config user adgrp
|
|
edit "CN=ST_STU_7-12GRADE,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SERVER_LOCAL_ADMIN_DOC,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SERVER_LOCAL_ADMIN_ACCESS411,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SERVER_LOCAL_ADMIN_WEBCRD,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=VPN_FORTINET,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_AE_BLDG_SECY,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_AE_SUPP_CENSUS,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_AE_BLDG_TEACH,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_AE_BLDG_COUNSELOR,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_AE_BLDG_ADMIN,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=GPO-ACCESSIBILITYALLOW-STUDENT,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SERVER_LOCAL_ADMIN_DISTRICTWEBSITE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_ACCOUNTING_FTP_UPLOAD_TO_ALLOVUE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=WINDOWS_UPGRADE_AVAILABLE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P03_AV173538,OU=P03_FOWLER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CONFIGMGR REMOTE CONTROL USERS,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=T02_254_5518A,OU=P01_ITC,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=T02_254_6518A,OU=P01_ITC,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=T04_LIBWRKRM_5518A,OU=P04_NOTTINGHAM,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=AZURE_MFA_ENABLED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PSTOOLS_DEVELOPER,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FORTINETRO,OU=SECURITYGROUPS-MISC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FORTINETADMINS,OU=SECURITYGROUPS-MISC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=T57_110_330AC,OU=P57_TRANSPORTATION,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=OSA-TECH-COMPUTERS,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=T42_LIBRARY_4518A,OU=P42_ROBERTS,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_ELMS_UNLIMITED,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_ELMS_WORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_ELMS_EXTENDEDWORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_DW_PREK_WORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_DEPT_FAMENG,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HYPERACCESS,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_PSLA_FIELDDOOR_EXTENDEDWORKDAY_LIMITED,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_PSLA_WORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_PSLA_EXTENDEDWORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_PSLA_UNLIMITED,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SOFTWAREUPDATES_SERVER_EXCLUDE_CUA,OU=SERVERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FIREFOX,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SCCM_TECHS,OU=SECURITYGROUPS-MISC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SERVER_LOCAL_ADMIN_DAYAUTOMATION,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_CORCORAN_WORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_CORCORAN_EXTENDEDWORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_CORCORAN_UNLIMITED,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_NOTTINGHAM_WORKDAY_M,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_DW_ALL_HIGH_EXTENDEDWORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_DW_ALL_MIDDLE_EXTENDEDWORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_DW_ALL_K8_EXTENDEDWORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_DW_ALL_ELEMENTARY_EXTENDEDWORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_ALL_HIGH_SCHOOLS_M_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_DW_ALL_HIGH_WORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_DW_ALL_MIDDLE_WORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_DW_ALL_K8_WORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_DW_ALL_ELEMENTARY_WORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_HENNINGER_ELEVATOR,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DW-ADOBE-LICENSEONLY,OU=NEW ADOBE GROUPS - TEMP,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DW-ADOBE-AFTEREFFECTS,OU=NEW ADOBE GROUPS - TEMP,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DW-ADOBE-INDESIGNCC,OU=NEW ADOBE GROUPS - TEMP,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DW-ADOBE-ILLUSTRATORCC,OU=NEW ADOBE GROUPS - TEMP,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DW-ADOBE-PREMIEREPROCC,OU=NEW ADOBE GROUPS - TEMP,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DW-ADOBE-PHOTOSHOPCC,OU=NEW ADOBE GROUPS - TEMP,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DW-ADOBE-ACROBATCC,OU=NEW ADOBE GROUPS - TEMP,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=LICENSING_STAFF_A3_CONFERENCECALLING,OU=LICENSING,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_BRIGHTON_EXTENDEDWORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_BRIGHTON_WORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_BRIGHTON_UNLIMITED,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_HENNINGER_UNLIMITED,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_HENNINGER_EXTENDEDWORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_CLARY_UNLIMITED,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_CLARY_WORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_ITC_OSA_NOC_UNLIMITED,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_HENNINGER_WORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_CLARY_EXTENDEDWORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_ITC_OSA_UNLIMITED,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_SUPP_USERDEFSCREEN-REGIST,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_DW_EXTENDEDWORKDAY_M,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_DW_UNLIMITED_M,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_DW_WORKDAY_M,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_STLUCY_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_SUPP_SUMR-CENSUS,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_STLUCY_UNLIMITED,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_STLUCY_WORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_STLUCY_EXTENDEDWORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_WEEKLY_REPORTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_ACCOUNTABILITY_ARCHIVE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_DW_EXTENDEDWORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=WACOMTABLET,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=RAPTORTECH,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_SUPP_PROG-CIP,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=LICENSING_O365_SERVICEMAILBOXES_A1_EMAIL_M,OU=LICENSING,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PSTOOLS_CACHE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ARC_ADVENTURES,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=GPO-CONFIGMGRSTARTUP,OU=SECURITYGROUPS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_NOTTINGHAM_UNLIMITED,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_NOTTINGHAM_EXTENDEDWORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_NOTTINGHAM_WORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_SYRSTEMATBLODGETT_UNLIMITED,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_SYRSTEMATBLODGETT_EXTENDEDWORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_SYRSTEMATBLODGETT_WORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_HUNTINGTON_UNLIMITED,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_HUNTINGTON_EXTENDEDWORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_HUNTINGTON_WORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_EDSMITH_UNLIMITED,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_EDSMITH_EXTENDEDWORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_EDSMITH_WORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_FRAZER_UNLIMITED,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_FRAZER_EXTENDEDWORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_FRAZER_WORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_BELLEVUE_WORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_BELLEVUE_UNLIMITED,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_BELLEVUE_EXTENDEDWORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CBT-QUESTAR_SECURE_BROWSER,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_GRANT_UNLIMITED,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_GRANT_EXTENDEDWORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_GRANT_WORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_SKYWALKER_REPORTS_RW,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_SUPP_ADDRESS-EDIT,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_NOND_COUNSGUID_VO,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_DW_ITTECH_TEMPADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=WABBITEMU,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_DW_VIEW_EXPORT,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_BLDG_VIEWONLY,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_DW_UNLIMITED,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_DW_WORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_FRANKLIN_UNLIMITED,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_FRANKLIN_EXTENDEDWORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_CENTRALOFFICES_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_DW_ADMINS,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_SUPP_OSA-DELETE,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_AC_FRANKLIN_WORKDAY,OU=ACCESS-CONTROL,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SYSTEMADMINS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_DW_IK_PROV,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SOFTWAREUPDATES_SERVER_PROD_HIGHRISK,OU=SERVERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SOFTWAREUPDATES_SERVER_PROD_MEDRISK,OU=SERVERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SOFTWAREUPDATES_SERVER_PROD_LOWRISK,OU=SERVERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_TRANSPORTATION_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_DW_CEDARPATH_DISTADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_PDC_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_SCHOOLSC_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_LEVY_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_HEARINGOFF_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_CO_SUPER_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_CENTRALREG_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_BOVA_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_WEBSTER_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_VANDUYN_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_SYRSTEMATBLODGETT_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_SYRLATIN_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_STEAMATKING_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_SEYMOUR_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_SALEMHYDE_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_ROBERTS_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_PSLA_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_PFLA_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_PORTER_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_OASIS_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_NOTTINGHAM_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_MEACHEM_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_MCKINLEYBRIGHTON_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_MCCARTHYATBEARD_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_LINCOLN_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_LEMOYNE_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_ITC_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_HUNTINGTON_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_HENNINGER_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_HWSMITH_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_GRANT_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_FRAZER_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_FRANKLIN_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_ELMS_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_ELMCREST_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_EDSMITH_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_DRWEEKS_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_DELAWAREPRIMARY_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_CORCORAN_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_CLARY_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_BRIGHTON_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_BELLEVUE_BLDGADMIN,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SERVER_REMOTEDESKTOP_SECURITY,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_DW_DPS,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_DW_ITSYSADM,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_CAM_DW_ITTECH,OU=SECURITY-CAMERAS,OU=SECURITYGROUPS-GENETEC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SERVER_LOCAL_ADMIN_SECURITY,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=LICENSING_O365_STAFF_PROJECTPLAN_M,OU=LICENSING,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_SUPP_SUMR-SCHEDULING,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_SUPP_SUMR-SECY,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_SUPP_SUMR-ADMIN,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SOFTWAREUPDATES_SERVER_PILOT,OU=SERVERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=L02_NURSE_XM1246,OU=P01_ITC,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=O365GROUPSCREATORS,OU=SECURITYGROUPS-MISC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=LICENSING_O365_OUTSIDE_ACCOUNTS_A1_EMAIL_M,OU=LICENSING,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=VDI_POOLUSERS-BASIC-STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_OSA_PROJOFFICE-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_OSA_PROJOFFICE-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=LICENSING_O365_STAFF_A3_OUTLOOK_M,OU=LICENSING,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_SUPP_OSA-ASSESSMENT,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_HYPPRODESS_ORACLE_READ,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SYRPRINT2TEST,OU=PAPERCUT_GROUPS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FTP_ACCESS_MRROBOT,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=TAC_AW,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_STUDENTSOW,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_SUPP_LOCKERMAINT,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PSOFT_QAS_HCM_PSOFT_WRITE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PSOFT_QAS_FIN_SCSD_WRITE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PSOFT_QAS_FIN_PSOFT_WRITE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SECURITY ADMINISTRATOR,OU=MICROSOFT EXCHANGE SECURITY GROUPS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SECURITY READER,OU=MICROSOFT EXCHANGE SECURITY GROUPS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ADMINS_SERVER_BTPROS,OU=IT ENGINEER,OU=OUTSIDE ACCOUNTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_COMMUNICATIONS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=MICROSOFT-OFFICE-365-STUDENTS,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=MICROSOFT-OFFICE-365-FACULTY_W_VISIO,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=VEXOS_UTILITY,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=VEXCODE_IQ_BLOCKS,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=T28_LIBLAB_3508A,OU=P28_HUGHES,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_SUPP_MEDICAL_VO,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PAPERCUT_OA,OU=PAPERCUT_GROUPS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=MICROSOFT-OFFICE-365-FACULTY,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=MICROSOFT-OFFICE-2019,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=REIMAGEAVAILABLE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_SUPP_USERDEFSCREEN-NATAMER,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=VISUALIZER,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_SUPP_AFTERSCHOOLPROG,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=T45__LIBRARY_5508A,OU=P45_EDSMITH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_NOND_UPKADMIN,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SYSTEM MANAGED ACCOUNTS GROUP,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ENTERPRISE KEY ADMINS,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=KEY ADMINS,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STORAGE REPLICA ADMINISTRATORS,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PSLA_FS_OBERNESSER_STUDENTS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_SUPP_COUNSELING,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P06_AV186149,OU=P06_HENNINGER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=COR_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CRC_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PSB_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STA_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=COR_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CRC_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PCC_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STA_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FDS_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PSB_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=OSA_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=BOV_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=145_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=321_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=321_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=086_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=086_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=074_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=076_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=071_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=048_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=048_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=067_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=023_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=023_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P20_AV185472,OU=P20_DRKING,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CONTENTSUBMITTERS,OU=MICROSOFT EXCHANGE SECURITY GROUPS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P29_AV186148,OU=P29_HUNTINGTON,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_353,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_320,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_321,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_SUPP_ATTENDANCEREPORTS,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P25_AV177223,OU=P25_FRAZER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=OAE_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=OAE_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DNSUPDATEPROXY,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DWCC-ILLUSTRATOR-ITC,OU=CC-DISTRICT WIDE LICENSING,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PPN_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PPN_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PSLA_FS_TEACHERS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P06_AV60285,OU=P06_HENNINGER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P04_AV181129,OU=P04_NOTTINGHAM,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P21_AV185049,OU=P21_DANFORTH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_BLDG_SENTRY,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=RAP_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=320_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=353_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=RAP_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=353_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_BLDG_BIC,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=320_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P60_AV160649,OU=P60_PDC,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV187766,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=008_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_049,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_051,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_015,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_008,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_036,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_034,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_040,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_030,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_037,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_646,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_364,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_016,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_054,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_009,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_042,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_027,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_044,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_045,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_608,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_029,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_033,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_322,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_048,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_328,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_013,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_363,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_303,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_025,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_024,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_001,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_006,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_007,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STU_BLDG_004,OU=SECURITYGROUPS-BUILDINGS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=353_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=OAE_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=321_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=320_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=042_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_NOND_BASE,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_ACCESS411_RAWDATA,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=VENDOR,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=042_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=033_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=TRP_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=042_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=033_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=TRP_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_SUPP_DISCIPLINE,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=007_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_DEPT_CO-STUSPPTSVCS,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=VOIP ADMIN,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=048_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P08_AV156574,OU=P08_CLARY,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_SUPP_OSA-SECURITY-FACULTY,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SERVER_LOCAL_ADMIN_SIERRA-CEDAR,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=001_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=036_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=036_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=054_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=054_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_STSHARE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=045_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DESKTOP_LOCAL_ADMIN,OU=SECURITYGROUPS-MISC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=045_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=055_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P42_AV154000,OU=P42_ROBERTS,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=UPK_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P42_AV182145,OU=P42_ROBERTS,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_SUPP_ATTENDANCE,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=UPK_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=015_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=AUTOCAD,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=364_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=364_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=015_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=030_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=009_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=007_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=030_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=004_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=363_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=009_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=007_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=044_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=MCB_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PDC_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=055_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=MCB_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=363_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=044_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=004_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PDC_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=066_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=013_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=328_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=303_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=051_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=029_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=027_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=008_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=040_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=303_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=021_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=008_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DWD_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=037_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=006_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SSC_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=024_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=034_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=025_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=040_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=328_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=049_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=024_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=016_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=006_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=049_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=322_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=025_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=034_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=037_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DWD_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=016_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=051_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=322_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=027_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=029_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=013_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=021_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P25_AVF112924,OU=P25_FRAZER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=020_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=020_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_DOCUWARE_HRIMPORT,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_DEPT_TRANSPORTATION,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_BLDG_SOCIALWKR,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=022_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=022_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P04_AV186330,OU=P04_NOTTINGHAM,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_BLDG_TEACH,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_BLDG_THERAPIST,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=NETFLIX,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV162164,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_DEPT_OSA-VIEWONLY,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_DEPT_AD,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_DEPT_CO-VIEWONLY,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=TAC_VAS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DHCP ADMINISTRATORS,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_SPECPROG-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=LOGMEIN,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_GALAXY,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_TECHSHARE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV172975,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV182116,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P23_AV182633,OU=P23_ELMWOOD,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_O365_RFP,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_SUPP_CENSUS,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV159233,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P06_AV167598,OU=P06_HENNINGER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P13_AV187108,OU=P13_LINCOLN,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_DEPT_CO-SPED,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=TEXASINSTRUMENTS_SMARTVIEWEMULATOR,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_SUPP_REPORTBUILDER,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV187221,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P42_AV173190,OU=P42_ROBERTS,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P53_AV173387,OU=P53_BLODGETT,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HR ADMINS,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DWCC-ACROBAT-PSLA,OU=CC-DISTRICT WIDE LICENSING,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_BLDG_SECY_MSHS,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_BLDG_LMS,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P03_AV158791,OU=P03_FOWLER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_SPECPROG-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_DEPT_CO-ENL,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_DOCUWARE_IMPORT,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_BLDG_SECY_ES,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_SUPP_CUSTOMEXPORT,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_SUPP_COURSECAT,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CONTENTKEEPER_CLIENT,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_DEPT_HEALTHSVC,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P29_AV207634,OU=P29_HUNTINGTON,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P27_AVF112148,OU=P27_ELMCREST,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P21_AV186579,OU=P21_DANFORTH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P09_AV999972,OU=P09_GRANT,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P07_AV173353,OU=P07_CORCORAN,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P06_AV60282,OU=P06_HENNINGER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P04_AV158802,OU=P04_NOTTINGHAM,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P03_AV176680,OU=P03_FOWLER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P03_AV181448,OU=P03_FOWLER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P60_AV999973,OU=P60_PDC,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P60_AV999974,OU=P60_PDC,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P60_AV180435,OU=P60_PDC,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P60_AV999975,OU=P60_PDC,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P60_AV160634,OU=P60_PDC,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P60_AV167669,OU=P60_PDC,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P60_AV166757,OU=P60_PDC,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P57_AV182176,OU=P57_TRANSPORTATION,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV181526,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SVR_RDP_ORIONAPP,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SVR_ADM_ORIONAPP,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P57_AV182175,OU=P57_TRANSPORTATION,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P57_AV999976,OU=P57_TRANSPORTATION,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P57_AV185793,OU=P57_TRANSPORTATION,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P57_AV999977,OU=P57_TRANSPORTATION,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV181527,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV194203,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV187107,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV184840,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV172974,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV172973,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV159234,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV157310,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV154074,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV59543,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV59464,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV157308,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV99978,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV60782,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV99979,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV99980,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV60237,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV185794,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV185795,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV184924,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV167897,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AV161742,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AVF113661,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AVF113325,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_AVF113290,OU=P55_CENTRALOFFICE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P54_AV182284,OU=P54_JOHNSONCENTER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P54_AV173200,OU=P54_JOHNSONCENTER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P54_AV173201,OU=P54_JOHNSONCENTER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P54_AVF113184,OU=P54_JOHNSONCENTER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P54_AV166815,OU=P54_JOHNSONCENTER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P54_AV181707,OU=P54_JOHNSONCENTER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P53_AV181445,OU=P53_BLODGETT,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P53_AV187724,OU=P53_BLODGETT,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P53_AV186333,OU=P53_BLODGETT,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P53_AV181446,OU=P53_BLODGETT,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P53_AV181447,OU=P53_BLODGETT,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P53_AV999981,OU=P53_BLODGETT,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P51_AV185051,OU=P51_WEBSTER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P51_AV186150,OU=P51_WEBSTER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P51_AV184214,OU=P51_WEBSTER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P51_AV187819,OU=P51_WEBSTER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P51_AV182632,OU=P51_WEBSTER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P48_AV59590,OU=P48_BEARD,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P48_AV188136,OU=P48_BEARD,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P48_AV177471,OU=P48_BEARD,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P47_AV178262,OU=P47_MCCARTHY,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P47_AV181441,OU=P47_MCCARTHY,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P47_AV177611,OU=P47_MCCARTHY,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=INVENTOR,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DWCC-INDESIGN-CO,OU=CC-DISTRICT WIDE LICENSING,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DWCC-ILLUSTRATOR-CO,OU=CC-DISTRICT WIDE LICENSING,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PAPERCUT_ALLACCESS,OU=PAPERCUT_GROUPS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DWCC-PREMIEREPRO-CO,OU=CC-DISTRICT WIDE LICENSING,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DWCC-PHOTOSHOP-CO,OU=CC-DISTRICT WIDE LICENSING,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_DEPT_CO-UPK,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P29_AV161795,OU=P29_HUNTINGTON,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_DEPT_OSA,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P42_AV173188,OU=P42_ROBERTS,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=LICENSING_O365_STAFF_A3_TEAMS_M,OU=LICENSING,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DNSADMINS,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P30_AV208551,OU=P30_SALEMHYDE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_BLDG_ADMIN,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P60_AV187905,OU=P60_PDC,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_SUPP_SCHEDULING,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P60_AV188240,OU=P60_PDC,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_BLDG_COUNSELOR,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_DEPT_CRC,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P45_AV999982,OU=P45_EDSMITH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=T02_LIBRARY_5518A,OU=P01_ITC,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=TAC_SU,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CONSULTANTS_IKSYSTEMS,OU=APPLICATION SUPPORT,OU=OUTSIDE ACCOUNTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=TAC_RO,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=TAC_FT,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=OSA_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DWCC-PREMIEREPRO-PSLA,OU=CC-DISTRICT WIDE LICENSING,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DWCC-PHOTOSHOP-PSLA,OU=CC-DISTRICT WIDE LICENSING,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_CURR_ELA_ONENOTE_EARLYLIT_CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_CURR_ELA_ONENOTE_WRITING_CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_R_CONFIRMINTERVIEWS,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ROBERTS_RM105_LAB_LEX_MS510,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CBT-QUESTAR_SECURE_BROWSER-LEGACY,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P02_OFFICE,OU=P02_ITC,OU=PAPERCUT_GROUPS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ROBERTS LAB RM305 LEX E460DN,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=006_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DWCC-PREMIEREPRO-ITC,OU=CC-DISTRICT WIDE LICENSING,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P02_GENERAL,OU=P02_ITC,OU=PAPERCUT_GROUPS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=TAC_NA,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P47_AV173386,OU=P47_MCCARTHY,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P27_AV182713,OU=P27_ELMCREST,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P27_AV182744,OU=P27_ELMCREST,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P06_AV168199,OU=P06_HENNINGER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=LICENSING_O365_STAFF_A3_BASE_M,OU=LICENSING,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DWCC-INDESIGN-ITC,OU=CC-DISTRICT WIDE LICENSING,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DWCC-PHOTOSHOP-ITC,OU=CC-DISTRICT WIDE LICENSING,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P34_AV186000,OU=P34_DRWEEKS,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=LICENSING_O365_OUTSIDE_ACCOUNTS_A1PLUS_M,OU=LICENSING,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=LICENSING_O365_STUDENTS_A3_BASE_M,OU=LICENSING,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=LICENSING_O365_STUDENTS_A3_EMAIL_M,OU=LICENSING,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ACVPN,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P42_AV999984,OU=P42_ROBERTS,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P21_AVF110804,OU=P21_DANFORTH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P07_AV168337,OU=P07_CORCORAN,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P42_AVF110817,OU=P42_ROBERTS,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=REVIT,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P29_AV175376,OU=P29_HUNTINGTON,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=001_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P04_AV174854,OU=P04_NOTTINGHAM,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P60_AV60781,OU=P60_PDC,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ST_DEPT_OSA-SUPERUSER,OU=SECURITYGROUPS-SCHOOLTOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P13_AV182115,OU=P13_LINCOLN,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P10_AVF113324,OU=P10_LEVY,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=TECHINFO,OU=DISTRIBUTIONGROUPS,OU=EMAILSPECIALOBJECTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P03_AV58838,OU=P03_FOWLER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P03_AV60902,OU=P03_FOWLER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P03_AV186167,OU=P03_FOWLER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P03_AV186295,OU=P03_FOWLER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P03_AV185800,OU=P03_FOWLER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P03_AV167896,OU=P03_FOWLER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P03_AV182628,OU=P03_FOWLER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P03_AV161880,OU=P03_FOWLER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P01_AV188406,OU=P01_ITC,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_GENERAL,OU=P55_CENTRAL_OFFICE,OU=PAPERCUT_GROUPS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P45_AV185043,OU=P45_EDSMITH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P45_AV179205,OU=P45_EDSMITH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P45_AV175487,OU=P45_EDSMITH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P45_AV175378,OU=P45_EDSMITH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P45_AV173295,OU=P45_EDSMITH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P45_AV171335,OU=P45_EDSMITH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P45_AV60464,OU=P45_EDSMITH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P45_AV60366,OU=P45_EDSMITH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P45_AV167365,OU=P45_EDSMITH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P45_AV179663,OU=P45_EDSMITH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P45_AV169970,OU=P45_EDSMITH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P45_AV185053,OU=P45_EDSMITH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P44_AV181440,OU=P44_SEYMORE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P44_AV157367,OU=P44_SEYMORE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P42_AV181438,OU=P42_ROBERTS,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P42_AV175377,OU=P42_ROBERTS,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P42_AV173189,OU=P42_ROBERTS,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P42_AV173191,OU=P42_ROBERTS,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P42_AV160638,OU=P42_ROBERTS,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P42_AVF112234,OU=P42_ROBERTS,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P42_AV999985,OU=P42_ROBERTS,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P42_AV60766,OU=P42_ROBERTS,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P40_AV184766,OU=P40_PORTER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P40_AV59212,OU=P40_PORTER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P40_AV60455,OU=P40_PORTER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P37_AV180434,OU=P37_MEACHEM,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P37_AVF153596,OU=P37_MEACHEM,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P37_AV60449,OU=P37_MEACHEM,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P37_AV999989,OU=P37_MEACHEM,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P37_AV186433,OU=P37_MEACHEM,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P36_AV181436,OU=P36_MCKINLEY,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P36_AV180433,OU=P36_MCKINLEY,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P36_AV169615,OU=P36_MCKINLEY,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P36_AV159702,OU=P36_MCKINLEY,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P34_AV181443,OU=P34_DRWEEKS,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P33_AV181439,OU=P33_LEMOYNE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P33_AV186425,OU=P33_LEMOYNE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P33_AV60901,OU=P33_LEMOYNE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P30_AV185042,OU=P30_SALEMHYDE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P30_AV185077,OU=P30_SALEMHYDE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P30_AV168198,OU=P30_SALEMHYDE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P30_AV167484,OU=P30_SALEMHYDE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P30_AV158255,OU=P30_SALEMHYDE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P30_AV155019,OU=P30_SALEMHYDE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P30_AV154486,OU=P30_SALEMHYDE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P29_AV999990,OU=P29_HUNTINGTON,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P29_AV186165,OU=P29_HUNTINGTON,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P29_AV172795,OU=P29_HUNTINGTON,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P29_AV155296,OU=P29_HUNTINGTON,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P29_AV153482,OU=P29_HUNTINGTON,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P29_AV60360,OU=P29_HUNTINGTON,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P29_AV59199,OU=P29_HUNTINGTON,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P29_AV161797,OU=P29_HUNTINGTON,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P28_AV999991,OU=P28_HUGHES,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P24_AV999993,OU=P24_FRANKLIN,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P24_AV999992,OU=P24_FRANKLIN,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P28_AV59251,OU=P28_HUGHES,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P28_AV59250,OU=P28_HUGHES,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P28_AV185050,OU=P28_HUGHES,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P28_AV187225,OU=P28_HUGHES,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P28_AV157335,OU=P28_HUGHES,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P28_AV157685,OU=P28_HUGHES,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P28_AV176029,OU=P28_HUGHES,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PRINTER_INSTALLERS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P25_AV180432,OU=P25_FRAZER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P25_AV182634,OU=P25_FRAZER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P25_AV182631,OU=P25_FRAZER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P25_AV175375,OU=P25_FRAZER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P25_AV60679,OU=P25_FRAZER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P24_AV188211,OU=P24_FRANKLIN,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P24_AV60459,OU=P24_FRANKLIN,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P22_AV185044,OU=P22_DELAWARE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P22_AV181122,OU=P22_DELAWARE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P22_AV156012,OU=P22_DELAWARE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P22_AV156004,OU=P22_DELAWARE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P22_AV156011,OU=P22_DELAWARE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P22_AVF112928,OU=P22_DELAWARE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P22_AV60454,OU=P22_DELAWARE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P22_AV60677,OU=P22_DELAWARE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P22_AV60262,OU=P22_DELAWARE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P21_AV58848,OU=P21_DANFORTH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P21_AV187899,OU=P21_DANFORTH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P21_AV179828,OU=P21_DANFORTH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P21_AV179827,OU=P21_DANFORTH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P21_AV175371,OU=P21_DANFORTH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P21_AV167730,OU=P21_DANFORTH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P21_AV60457,OU=P21_DANFORTH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P21_AV161799,OU=P21_DANFORTH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_DATA_REPOSITORY,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P01_AV186576,OU=P01_ITC,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P20_AV185048,OU=P20_DRKING,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P20_AVF113182,OU=P20_DRKING,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P20_AV60453,OU=P20_DRKING,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P20_AV60361,OU=P20_DRKING,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P20_AV160689,OU=P20_DRKING,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P15_AV182443,OU=P15_HWSMITH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P15_AV175379,OU=P15_HWSMITH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P15_AVF113323,OU=P15_HWSMITH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P15_AV60269,OU=P15_HWSMITH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P15_AV60981,OU=P15_HWSMITH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P15_AV188285,OU=P15_HWSMITH,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P13_AV999994,OU=P13_LINCOLN,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P13_AV185041,OU=P13_LINCOLN,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P13_AV187109,OU=P13_LINCOLN,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P13_AV155295,OU=P13_LINCOLN,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P13_AV182113,OU=P13_LINCOLN,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P09_AV182766,OU=P09_GRANT,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=OSA-TESTGROUP,OU=CC-DISTRICT WIDE LICENSING,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DWCC-PHOTOSHOP-FRANKLIN,OU=CC-DISTRICT WIDE LICENSING,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P01_AV999999,OU=P01_ITC,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P09_AV175372,OU=P09_GRANT,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P09_AV168195,OU=P09_GRANT,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P09_AVF112510,OU=P09_GRANT,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P09_AV160456,OU=P09_GRANT,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P07_AV158790,OU=P07_CORCORAN,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P07_AVF111593,OU=P07_CORCORAN,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P07_AV181442,OU=P07_CORCORAN,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P07_AV182421,OU=P07_CORCORAN,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P07_AV182332,OU=P07_CORCORAN,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P07_AV174527,OU=P07_CORCORAN,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P07_AV174526,OU=P07_CORCORAN,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P07_AVF112837,OU=P07_CORCORAN,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P07_AV176678,OU=P07_CORCORAN,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P08_AVF110802,OU=P08_CLARY,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P08_AV182458,OU=P08_CLARY,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P08_AV187111,OU=P08_CLARY,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P08_AV181065,OU=P08_CLARY,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P08_AV175370,OU=P08_CLARY,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P08_AV173541,OU=P08_CLARY,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P06_AVF111591,OU=P06_HENNINGER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P06_AV188551,OU=P06_HENNINGER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P06_AV167694,OU=P06_HENNINGER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P06_AV175743,OU=P06_HENNINGER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P06_AV173199,OU=P06_HENNINGER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P06_AV172940,OU=P06_HENNINGER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P06_AV999995,OU=P06_HENNINGER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P06_AV60768,OU=P06_HENNINGER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P06_AV60284,OU=P06_HENNINGER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P06_AV60287,OU=P06_HENNINGER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P06_AV162742,OU=P06_HENNINGER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P06_AV162747,OU=P06_HENNINGER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P06_AV186166,OU=P06_HENNINGER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P06_AV176642,OU=P06_HENNINGER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P06_AV182629,OU=P06_HENNINGER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P06_AV185076,OU=P06_HENNINGER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P04_AVF111587,OU=P04_NOTTINGHAM,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P04_AVF111588,OU=P04_NOTTINGHAM,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P04_AV187898,OU=P04_NOTTINGHAM,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P04_AV185046,OU=P04_NOTTINGHAM,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P04_AV174855,OU=P04_NOTTINGHAM,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P04_AV174856,OU=P04_NOTTINGHAM,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P04_AV174853,OU=P04_NOTTINGHAM,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P04_AV186161,OU=P04_NOTTINGHAM,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P04_AV168197,OU=P04_NOTTINGHAM,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P04_AV999996,OU=P04_NOTTINGHAM,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P04_AV166046,OU=P04_NOTTINGHAM,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P04_AVF113493,OU=P04_NOTTINGHAM,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P04_AV60771,OU=P04_NOTTINGHAM,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P04_AV59205,OU=P04_NOTTINGHAM,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P04_AV999997,OU=P04_NOTTINGHAM,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P04_AV176679,OU=P04_NOTTINGHAM,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P03_AV184768,OU=P03_FOWLER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P03_AV181074,OU=P03_FOWLER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P03_AV173539,OU=P03_FOWLER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P03_AV173540,OU=P03_FOWLER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P03_AV181288,OU=P03_FOWLER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P03_AV181286,OU=P03_FOWLER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P03_AV181123,OU=P03_FOWLER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P03_AV181121,OU=P03_FOWLER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P03_AV181124,OU=P03_FOWLER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P03_AV181125,OU=P03_FOWLER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P03_AV175744,OU=P03_FOWLER,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P01_AVF111595,OU=P01_ITC,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P01_AVF110812,OU=P01_ITC,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P01_AV181437,OU=P01_ITC,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P01_AV185473,OU=P01_ITC,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P01_AV60949,OU=P01_ITC,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P01_AVF113443,OU=P01_ITC,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P01_AV187266,OU=P01_ITC,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P01_AV160660,OU=P01_ITC,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P01_AV182322,OU=P01_ITC,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P01_AV999998,OU=P01_ITC,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_HR_EDEFFECT-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DWCC-ACROBAT-ITC,OU=CC-DISTRICT WIDE LICENSING,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_HR_EMPLOY-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_HR-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_HR_EMPSVCS-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_HR_ESS-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_OPS_TRANSP-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_HR_STAFFRLTN-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_HR_VPI-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_HR_RECRUIT-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_HR_CALL-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DWCC-INDESIGN-WESTSIDE,OU=CC-DISTRICT WIDE LICENSING,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DWCC-INDESIGN-PSLA,OU=CC-DISTRICT WIDE LICENSING,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DWCC-ILLUSTRATOR-WESTSIDE,OU=CC-DISTRICT WIDE LICENSING,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DWCC-ILLUSTRATOR-PSLA,OU=CC-DISTRICT WIDE LICENSING,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DWCC-AFTEREFFECTS-ITC,OU=CC-DISTRICT WIDE LICENSING,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DWCC-PREMIEREPRO-WESTSIDE,OU=CC-DISTRICT WIDE LICENSING,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DWCC-PHOTOSHOP-WESTSIDE,OU=CC-DISTRICT WIDE LICENSING,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DWCC-ACROBAT-CO,OU=CC-DISTRICT WIDE LICENSING,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_211_6508A,OU=P55_CENTRAL_OFFICE,OU=PAPERCUT_GROUPS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=052_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_HS_HENN-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=VDI_POOLUSERS-PLTW-STU,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_OSA_DATA-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=VDI_HORIZONCLIENT,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_HR_RISKMGT-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=OPERATIONS,OU=DISTRIBUTIONGROUPS,OU=EMAILSPECIALOBJECTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_HR_BENE-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=VDI_POOLUSERS-PLTW-STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_106_307,OU=P55_CENTRAL_OFFICE,OU=PAPERCUT_GROUPS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DWCC-ACROBAT-OSA,OU=CC-DISTRICT WIDE LICENSING,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=028_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=028_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SCSDAPCALERTS,OU=DISTRIBUTIONGROUPS,OU=EMAILSPECIALOBJECTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_EC-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_MS_HWSM-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P55_103_3005AC,OU=P55_CENTRAL_OFFICE,OU=PAPERCUT_GROUPS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_COUNTY_STAFF,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=VCENTER_ADMINS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_COR_CORE,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_EFRT,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=052_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=010_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=010_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=003_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=003_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_EC-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=034_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_FIN_PURCH-READ,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=COR_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_OPS_FOODSVCS-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_CURR_SPED-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_FIN_BUDGET-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_CURR_ENL-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_OPS_TRANSP-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_CURR_SCITECH-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_HR_ESS-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_HR_HEALTHSVCS-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_COMM-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_PD-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_CURR_LIB-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_SALEM-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_FIN_ACCTPAY-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_CURR_LIB-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_MS_CLARY-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_HS_PSLA-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_DRKING-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_COMM-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_MS_ROBERTS-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_VAND-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_STUSPPRT_SCHPSYCH-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_MONTLEMOYNE-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_MS_WSA-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_HR_HEALTHSVCS-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_SYRLAT-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_HS_CORC-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_OSA_CRC-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_HS-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_MS_DANF-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_STUSPPRT-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_HS_HENN-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_DELES-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_OSA_TEST-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_FIN_ACCTPAY-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_HR_RISKMGT-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_HR_RECRUIT-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_CURR_ART-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_OPS_SCHSCRTY-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_AP_MCCARTHY-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_FIN-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_HR_CALL-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_FIN_PURCH-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_FIN_PAY-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_CURR_ENL-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_OSA_REFORM-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_CURR-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_CURR-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_OSA_CRC-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_CURR_CTE-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_AP_JVC-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_DRWEEKS-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_OSA_TEST-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_COUNS-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_OSA-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_SEYM-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_OSA_REFORM-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_CURR_MATH-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_FIN_BUDGET-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_HS_NOTT-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_HUGHES-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_CURR_SCITECH-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_HR_EDEFFECT-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_HR_STAFFRLTN-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_OSA_TECH-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_CURR_ELA-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_OSA_TECH-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_HR-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_HR_EMPLOY-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_LEMOYNE-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_AP-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_HR_VPI-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_CURR_ART-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_MEACH-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_OPS_FOODSVCS-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_FIN_PAY-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_CURR_ELA-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_FRANK-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_DELPRI-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_MS_GRANT-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_CURR_SOCST-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_BELL-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_OSA_DATA-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_STUSPPRT_PZONE-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_PD-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_FIN_PURCH-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_OPS_FACIL-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_CURR_MATH-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_MCKBR-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_CURR_CTE-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_MS_FRAZ-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_MS_EDSM-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_HR_BENE-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_CURR_PEHEAFAC-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_OPS-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_MS_ELMS-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_MS-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_AP_ELMCREST-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_ATH-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_MS_HUNT-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_MS_HWSM-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_WEB-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_STUSPPRT_STUBEHAVIOR-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_CURR_SOCST-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_HS_ITC-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_HR_EMPSVCS-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_CURR_PEHEAFAC-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_MS_LINC-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_PORT-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_AP_CORE-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_FIN-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_STUSPPRT_MENTAL-EDIT,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_7_CORCORAN,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_6_HENNINGER,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ALL_PAPERCUT_USERS,OU=PAPERCUT_GROUPS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_24_FRANKLIN,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_33_LEMOYNE,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_54_JVC,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_364_WSA,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_49_VAN DUYN,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_48_BEARD,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=P01_OSA_3005AC,OU=PAPERCUT_GROUPS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_42_ROBERTS,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_15_H.W. SMITH,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_44_SEYMOUR,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_328_SYR LATIN,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_13_LINCOLN,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_51_WEBSTER,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_30_SALEM,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_40_PORTER,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_8_CLARY,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_37_MEACHEM,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_20_KING,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_16_BELLEVUE,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_303_PSLA,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_1_ITC,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_21_DANFORTH,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_36_MCKINLEY-BRIGHTON,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_9_GRANT,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_322_DELAWARE,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_CURR_SPED-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_34_WEEKS,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_29_HUNTINGTON,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_363_ELMS,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_27_ELMCREST,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_45_ED SMITH,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_4_NOTTINGHAM,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_25_FRAZER,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_OPS_FACIL-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_OPS-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_HUGHES-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_MCKBR-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_SALEM-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_SYRLAT-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_HS_CORC-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_MS_CLARY-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_MS_HUNT-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_MS_ROBERTS-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_MS_WSA-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_MS-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PCC_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_STUSPPRT_STUBEHAVIOR-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_STUSPPRT_SCHPSYCH-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_STUSPPRT_PZONE-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_STUSPPRT_MENTAL-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_STUSPPRT-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_OSA-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_DEPT_OPS_SCHSCRTY-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_REQ_SHARE_10_LEVY,OU=COUNTYREQUSITIONS,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FMP_CONT_ADMINUSERS,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SERVER_LOCAL_ADMIN_SCHOOLTOOL,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FMP_ARCH_READONLY,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_SCANNING,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PRINT_TOSHIBA_VIRT_USER,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=TEMPNETFLIX,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ERIC_TEST,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FMP_CONT_ENTRYEDIT,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_RAPSHARE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FMP_CONT_READONLY,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FMP_CONT_EDIT,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PERS3,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FMP_CLIENT_ADMINUSERS,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_COUNS-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_TL_ATH-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_MS_LINC-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_MS_GRANT-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_MS_FRAZ-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_MS_ELMS-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_MS_EDSM-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_MS_DANF-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_HS_PSLA-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_HS_NOTT-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_HS_ITC-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_HS-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_WEB-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_VAND-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_SEYM-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_PORT-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_MONTLEMOYNE-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_MEACH-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_LEMOYNE-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_FRANK-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_DRWEEKS-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_DRKING-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_DELPRI-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_DELES-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES_BELL-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_ES-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_AP_MCCARTHY-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_AP_JVC-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_AP_ELMCREST-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_AP_CORE-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPO_SCH_AP-CONTRIBUTE,OU=SECURITYGROUPS-SHAREPOINTONLINE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FMP_ADMINGRPRAP,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=BT_PROS_TEST,OU=IT ENGINEER,OU=OUTSIDE ACCOUNTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FMP_FULLACCESS,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FMP_CLIENT_EDIT,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=GPO-ALLOWRUNAS,OU=SECURITYGROUPS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FMP_CLIENT_READONLY,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FMP_CLIENT_ENTRYEDIT,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CLEVER_SHORTCUTS,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_SCHOOLTOOL4FTP,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DWCC-LICENSEONLY,OU=CC-DISTRICT WIDE LICENSING,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_TB_HR_STAFF,OU=SECURITYGROUPS-DEPARTMENT,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PAPERCUTADMINS,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=TECH_PRINT_USERS,OU=TEST,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_OPSDOCS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=YOUTUBE,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_VANDUYN,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_JVC,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ESCHOLAR EDM SVC ACCT NOTIFICATIONS,OU=DISTRIBUTIONGROUPS,OU=EMAILSPECIALOBJECTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FUSION360,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_MCCARTHY,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=IOSCAN,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=015_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_SCSD_DIRECTORS,OU=SECURITYGROUPS-POSITIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_BELLEVUE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_GEOSHARE_STUDENTS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_DANFORTH,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CORCORAN_RM_B5_PLTW_LEX_C748DE,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=IZO_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=IZO_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_ELMCREST,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_DRWEEKS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_SCSD_SUPER_CHIEFS,OU=SECURITYGROUPS-POSITIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_SCSD_PRINCIPALS,OU=SECURITYGROUPS-POSITIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_SCSD_ASSISTANTSUP,OU=SECURITYGROUPS-POSITIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=MICROSOFT-ONEDRIVE-CLIENT,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEC_SCSD_BOE,OU=SECURITYGROUPS-POSITIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=LASLINKS,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_WESTSIDE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_DELAWARE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_MSAP,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_HRMS_RO,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=TABLEAUDESKTOP,OU=SECURITYGROUPS-MISC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_WSLC_TEACHERSHARE_CONF_RW,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_WSLC_TEACHERSHARE_CONF_RO,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_TELEFORM_APPS_RO,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_WSLC_TEACHERSHARE_RW,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_WXO_DEV,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_ACCOUNTING_SHAREPOINT,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HRTAWXOPOSTPROCESSING,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=MSOL_AD_SYNC_RICHCOEXISTENCE,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_FOWLER,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPHERE2,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=POWERSETTINGS-NOSLEEP,OU=SECURITYGROUPS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=POWERSETTINGS-NONE,OU=SECURITYGROUPS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_PSLA,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=TABLEAU_WIN7,OU=SECURITYGROUPS-MISC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_APPR_RO,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HUNTINGTON_TOSHIBA_GROUP_MULTI,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_TEACHSCAPE_RO,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=VPN_ACCESS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=OSA_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_BENEFITS_ARCHIVE_RO,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CORCORAN_ROOM_A204_LEX_T644,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_ESCHOLAR,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_BENEFITS_ARCHIVE_RW,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CORCORAN_ROOM_A328_TOSHIBA,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=003_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PAYROLLACCOUNTING,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_CONTRACTS_VIEW,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_ALL_PREK,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_GEOCLASS_TEACHER,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ROBERTS_LIBRARY_TOSHIBA_COPIER,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CC-DREAMWEAVER-ITC,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PSOFT_QAS_HCM_OUT_READ_DELETE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ROBOTC,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PSOFT_QAS_HCM_SCSD_WRITE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=BEARD_PARPRINTER,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=BLENDER,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CC-AUDITION-ITC,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_FACILITIES,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DANFORTH_RM_301 _TOSHIBA,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DANFORTH_LIBRARY_TOSHIBA MFP,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=KODU,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PSOFT_QAS_HCM_IN_WRITE_DELETE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=NOTT_TEACHERS_ROOM_TOSHIBA_COPIER,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PRT_ITC-OSA_STAFF,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=EASYTEACH_FIX,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_PORTER,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=001_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_FINSRSTAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PSLA_FS_MAZZAFERRO_STUDENTS,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PRT_ITC-OSA_CAO_SECURE,OU=PRINTER_DEPLOYMENT,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEYMOUR_ROOM_215A_TOSHIBA_456,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_GRANT,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=COMMVAULT ADMINS,OU=SECURITYGROUPS-MISC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_HENNINGER,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_LEMOYNE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_HUNTINGTON,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_WEBSTER,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_CLARY,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_HWSMITH,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_LATIN,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_BEARD,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_DRKING,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_CORCORAN,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_SALEMHYDE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_ITC,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_ROBERTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_PREK_RW,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_SEYMOUR,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_FRANKLIN,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_FRAZER,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_MEACHEM,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MEDICAL_ADMINS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_ELMS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_PREK_RO,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_HUGHES,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_MCKINLEY,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_NOTTINGHAM,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_EDSMITH,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SMARTVIEW,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MED_LINCOLN,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HYPERION_CONSULTANTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=VAN DUYN_LAB_RM203_TOSHIBA_COPIER,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PSALEVEL3FIN,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PSALEVEL3HR,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PSALEVEL2FIN,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_SUMMERSCHOOLS,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=UPK_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=TRP_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STA_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SSC_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=RAP_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PSB_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PPN_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PDC_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=MCB_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=IZO_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HEO_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FDS_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DWD_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CRC_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=902_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=840_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=839_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=821_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=364_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=363_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=345_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=328_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=322_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=303_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=298_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=275_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=240_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=145_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=140_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=095_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=090_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=089_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=086_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=080_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=076_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=074_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=072_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=071_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=067_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=066_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=055_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=054_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=052_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=051_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=049_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=045_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=044_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=040_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=037_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=036_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=033_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=030_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=029_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=028_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=027_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=025_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=024_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=023_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=022_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=021_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=020_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=016_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=013_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=010_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=009_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=004_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=BOV_EXCEPTION,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SSC_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PCC_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HEO_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FDS_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=BOV_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=902_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=840_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=839_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=821_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=345_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=298_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=275_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=240_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=145_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=140_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=095_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=090_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=089_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=080_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=076_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=074_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=072_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=071_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=067_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=066_FACULTY,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HEO_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=902_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=840_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=839_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=821_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=345_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=298_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=275_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=240_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=140_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=095_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=090_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=089_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=080_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=072_STAFF,OU=SECURITYGROUPS-LOCATIONBASED,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_AST_CONSULTANTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CC-AFTEREFFECTS-ITC,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_HYPERION,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HUGHES_LIBRARY_AV59250_LEX_T644,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PSALEVEL4HR,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PSOFT_PRD_FIN_PSOFTCUSTOM_READ,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=GOPRO,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PSALEVEL2HR,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CC-INDESIGN-ITC,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PSOFT_PRD_HCM_PSOFTCUSTOM_READ,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CC-ILLUSTRATOR-ITC,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PSATICKETENTRY,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CC-PHOTOSHOP-ITC,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CC-PREMIEREPRO-ITC,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_TELEFORM_INSTALLS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CISCOCALLMANAGERBILLINGRECIPIENTS,OU=SERVICEACCOUNTS,OU=UNITY,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=BRIDGEDESIGNER,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=NETSUPPORT STUDENT,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_R_CRCADMIN,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HYPERION,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DWCC-ACROBAT-MISC,OU=CC-DISTRICT WIDE LICENSING,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CC-PSLA,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PSALEVEL4FIN,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=NOTT_GUIDANCE_TOSHIBA_COPIER,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PSOFT_PRD_FIN_PSOFT_READ,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_TM_STAFF_RELATIONS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_TEST_ACCESS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=KITE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_R_CLERICALSTAFF,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_R_VIEWONLY,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PSOFT_PRD_FIN_PSOFTCUSTOM_WRITE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PSOFT_PSTOOLS_DEVELOPERS_WRITE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=REMOTEDESKTOP_OSA,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PSOFT_PRD_HCM_IN_WRITE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PSOFT_PRD_FIN_OUT_READ,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_SCSD_UPK,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_VANDUYN,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=MCKINLEY_ALL_WORKROOM_TOSHIBA_COPIERS,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_GRANT,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_DRKING,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=GRANT_LIB_237_366_PRINTERS,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_CLARY,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=NOTT_MAINOFFICE_TOSHIBA_COPIER,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PSOFT_DEV_FIN_PSOFT_WRITE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_EDSMITH,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_SYRACUSE_LATIN,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_SALEMHYDE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=VANDUYN_MAIN_OFFICE_TOSHIBA_PRINTER,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=BLENDEDLEARNING,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CORCORAN_RM_B111_TOSHIBA_COPIER,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PSOFT_PRD_HCM_OUT_READ,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PSOFT_PRD_HCM_PSOFT_READ,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DANFORTH_MAIN_OFFICE_COLOR_TOSHIBA_MFP,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_TEAM_ACADEMICS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=MCKINLEY_LIBRARY_LEX_MX310,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PSOFT_DEV_HCM_PSOFT_WRITE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DATADRIVENCLASSROOM_EXAMSCANNER,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PSOFT_PRD_FIN_IN_WRITE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_SPECIALED_WRITE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CLARY_MAIN_OFFICE_COLOR_TOSHIBA_MFP,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CLARY_GUIDANCE_OFFICE_TOSHIBA_COPIER,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_R_ELL,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HW_SMITH_ALL_TOSHIBAS_EXCEPTMAINOFFICE,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PSOFT_DEV_HCM_SCSD_WRITE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PSOFT_DEV_FIN_SCSD_WRITE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ENSEMBLE_PSLAMATH,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=MEACHEM_MAIN_OFFICE_TOSHIBA_COPIER,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=EMAIL_STUDENTINFOUPDATES_ACCESS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PSOFT_PRD_HCM_PSOFTCUSTOM_WRITE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SCRATCH,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CORCORAN_MAIN_OFFICE_LEX_C748DE,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=COPIER_6_FOWLER_RM141A,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_ITC,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_DRKING,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_SALEMHYDE,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CORCORAN_LIBRARY_LEX_MS510,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_VANDUYN,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_ALL,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=VAN DUYN_TEACHERS_WORKROOM_TOSHIBA_COPIERS,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DATAANALYSTS,OU=SECURITYGROUPS-MISC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_TALENT_MANAGEMENT_FULL_CONTROL,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=MICROSOFT-PHOTOSTORY3,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_DISCP_DROPBOX,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_SECURITY_DEPT,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=REMOTEASSISTANCEUSERS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=MEACHEM_LIBRARY_LEX_E260DN,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HW_SMITH_ROOM_A12_TOSHIBAS,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CORCORAN_MAIN_OFFICE_COLOR_TOSHIBA_MFP,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PSLA_RM202_LAB_LEX_MS510,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_NOTT,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_LEMOYNE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_FRANKLIN,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_BELLEVUE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_MSAP_HOMEBOUND,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_TRANSPORTATION,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_PORTER,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_DRWEEKS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_LINCOLN,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_HUGHES,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FOWLER_ALL_PRINTERS_X32,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_SEYMOUR,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ROBERTS_RM250_AV182145_LEX_C748,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PSLA_MAIN_OFFICE_COLOR_TOSHIBA_MFP,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_HUNTINGTON,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_OSA_DATA_SHARES_WRITE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=EMAIL_STATUS_CHECK,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_ELMS,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_STDAN_HEADSTART,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_DANFORTH,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_PORTER,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_TALENT_MANAGMENT,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_WEBSTER,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=NOTT_QUAD1_PRINTER,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_R_MEDICALREGISTRATIONSTAFF,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_ELMS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_ROBERTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FACEBOOK,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=LINKEDIN,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_HWSMITH,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_FRAZER,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_DELAWARE_PRIMARY,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_BEARD_PREK,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_TELEFORM_APPS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ELMS_MAIN_OFFICE_AV178262_C748DE,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_SYRLATIN,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_SPED,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_MEACHEM,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_R_CRCDADMIN,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_R_SUPPORTPROGRAMS,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_MCKINLEY,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=NOTT_QUAD2_PRINTER,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DRWEEKS_ALL_TOSHIBA COPIERS,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FRANKLIN_ROOM_208_TOSHIBA_457,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_WESTSIDE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=RECORDSUSERS,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PAYROLL,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DANFORTH_COPYROOM135_TOSHIBA,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DRKING_MAINOFFICE_TOSHIBA_COPIER,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PINTEREST,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=MICROSOFT-MOVIEMAKER,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=LEMOYNE TOSHIBA COPIERS,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SMARTBOARDSOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HUGHES_TOSHIBA_COPIERS,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_BELLEVUE,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ELMS_ROOM176_LEXMARK,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=INSTAGRAM,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_PTECH,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_MCKINBRIGHTON,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=NOTT_LIBRARY_TOSHIBA_COPIER,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_ITC,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FOWLER_PRINTER_9,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=AUDACITY,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HENNINGER_LIBRARY_TOSHIBA,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DANFORTH_MAIN_OFFICE_LEX_MS510,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FOWLER_RM105_LAB_LEX_E450,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_ROBERTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ITC_LIBRARY_TOSHIBA_COPIER,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_HEALTH_SERVICES,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_ROBERTS,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=NOTT_QUAD3_PRINTER,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SERVER_ACCESS_TELECOMM,OU=SECURITYGROUPS-MISC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_DANFORTH,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_SEYMOUR,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_MERRICK_HEADSTART,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=NOTT_QUAD4_PRINTER,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=GOOGLE CHROME,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_GRANT_CATHCHAR,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PSAFULLACCESS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_EDSMITH_SUMNER,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_CORC,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_DELAWARE,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_R_REGISTRATIONSTAFF,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FOWLER_ALL_PRINTERS_X64,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_PSLA,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_R_PRE_KSTAFF,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=LOGGERPRO,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_R_BLDGADMINS,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=GOOGLEEARTH-PLUGIN,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SOCIAL MEDIA ADULTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=VISITOR_ADMINS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_CABHORSE_SALVARMY,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_BENEFITS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_MANOS,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_ELMS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_PTECH,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PSLA_RM203_LAB_LEX_MS510,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_JOWONIO,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_CLARY,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DANFORTH_LIBRARY_LEX_MS510,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_FRANKLIN,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=MCKINLEY_LAB_RM134_LEX_MX310,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_WORKCOMP,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=GOOGLEEARTH,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_HEARING,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_ADMINS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_ERWINNURSERY,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_EDULOG_ELT_RO,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_WESTSIDE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ERS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_R_VIEWALL,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_LEMOYNE,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HENN-ADOBEDESIGNPREMIUM,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_SUMNER_HEADSTART,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_MEACHEM,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FOWLER_PRINTER_10,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_BOARD_RECS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_POMPEII_CATHCHAR,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_FRAZER,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_PSLA,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_HUNTINGTON,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_STUDENT_SUPPORT_SERVICES,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_VINCENTHOUSE,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_ATONEMENT,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=INSPIRATION9,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_LEARNASGROW,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_NOTT_NRSTEM,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_R_SUPERADMIN,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CLARY_TEACHERS_ROOM_TOSHIBA_COPIERS,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_HWSMITH,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CISCOWORKS,OU=DISTRIBUTIONGROUPS,OU=EMAILSPECIALOBJECTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_CORC_IB,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_STBRIGID_HEADSTART,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_ELMCREST_SMALLWONDERS,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_HUNTINGTONFAMCTR,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_TM_HS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_GRANT,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_HAWLEY_CATHCHAR,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_DRWEEKS,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=AFTERSCHOOL,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_WEBSTER,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_R_ADMIN,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_PARKSIDE_ARCOFONONDAGA,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_PARKST_CATHCHAR,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_HENN_HCP,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DANFORTH_GUIDANCE_OFFICE_LEX_MX310,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ROBERTS_RM273_LEX_MS510,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=IT DEPT,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HUGHES_COLOR_LEX_C935,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=NOTT_CAREER_LAB_HPLJ2420,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_HUNTINGTON,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CLARY_TEACHERS_RM8_PRINTERS,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_R_HSCOUNSELORS,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_EDSMITH,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CO_PHYS_ED_TOSHIBA_STUDIO305,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_SLORESULTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FOWLER_RM250_TOSHIBA_COPIER,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ESL-SHARE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FOWLER_COSMETOLOGY_LEX_C748DE,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REGENTS_SUMMER_RO,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_HWSMITH,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_EDULOG_ELT,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REGENTS_SUMMER,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_P_HENN,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_R_MSCOUNSELORS,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_FRAZER,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_LINCOLN,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_SLORESULTS_RO,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_MSAP,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CLARY_RM71_LEXE260,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=BOVAIMAGES,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SC_R_ADMIND,OU=SECURITYGROUPS-SMARTCHOICE,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CHANGE_PW,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ROOM_A12_TOSHIBAS,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_PARKSIDEPK,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_NOTTINGHAM,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_HENNINGER,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_FOWLER,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_DELAWARE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_CORCORAN,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_SS_BUILDING_MEN,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CLASSMATES,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ASK.FM,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=TAGGED,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=MEETME,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=MEETUP,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=VINE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=VK,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=TUMBLR,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=BEARD_PRE_K_OFFICE_TOSHIBA,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CORCORAN_GUIDANCE_TOSHIBA_COPIER,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CORCORAN_RM118A_LEX_MS510,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PERS2,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PLTW-LOCAL,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ABSLTTR,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=TELECOM_TECHS,OU=SECURITYGROUPS-MISC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SYNREVOICEUSERS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PSOFT_ACCESS_ADMINS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HRSTAFF,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HRTASUPLOOKUP,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SOLOSUITE6PLUS,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PS_OSA,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=TWITTER,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=MCKINLEY_MAIN_OFFICE_TOSHIBA_COPIER,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HRMSPMVIEW,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SR_WUFOO_REGISTRATION,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PLTW-MACHINES,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=BASICSTAMP,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ESCHOOLPLUS ADMINS,OU=ESCHOOL USERS,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HATS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PURCHASING,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DRKING_ROOMB115_TOSHIBA_COPIER,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_ACCOUNTING,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ITC-LABS,OU=001 - CENTRAL TECH,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HRTAFAPPROVAL,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=NUTRIKIDS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_FISCAL,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DELAWARE_LAPTOP_CARTS_X131,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_GRANTS_READ,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_EARLYCHILDHOOD,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_CONTRACTS_RECEIVING,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE__OSA_ADS,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SR_WUFOO_LATIN_SCHOOL,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SEON,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PAYFTP,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_IB,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SR_WUFOO_DATA,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CLARY_MAIN_OFFICE_LEX_C748DE,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=NAUGHTY,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=NOTT_ALL_QUAD_PRINTERS,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_NOTTINGHAM_STEM,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ROBERTS_RM324_LEX_MS510,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPECIAL_ED_REG,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_CENTRAL_REGISTRATION,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=MCKINLEY_MAIN_OFFICE_LEX_MS510,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DRKING_WORKROOM_TOSHIBA_COPIER,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_ESL_APPLICANTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DANFORTH_RM324_STEM_LAB_LEX_C748DE,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FINANCE MAILBOX PERMISSIONS GROUP,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=MINITAB17,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CISCOACSADMIN,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ROBERTS_RM140_LEX_MS510,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CLARY_TEACHERS_ROOM_LEX_T644,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CORCORAN_LIBRARY_TOSHIBA_COPIER,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CPS,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_AS400-ARCHIVE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SCCMFULLADMIN,OU=SECURITYGROUPS-MISC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=TMTEAM,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CLARY_LIBRARY_LEX_MS510,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_GRANTS_FULL,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=NOTT-PRODUCTIONPREMIUM,OU=ADOBE SOFTWARE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_OSA_DATA_SHARES,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=EINSTRUCTION_WORKSPACE,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DANFORTH_MAINOFFICE_LEX_C748DE,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HOOTSUITE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FLICKR,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SR_WUFOO_SUMMER,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CLARY_RM70_E460DN,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=BEARD_MAINOFFICE_TOSHIBA,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ENSEMBLEUSERS,OU=SERVICE ACCOUNTS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_REG_HENNINGER_HEALTH_CAREERS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=GOOGLE SKETCHUP,OU=SCCM SOFTWARE INSTALL GROUPS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_EDULOG_DYN,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=NOTT_MAINOFFICE_LEX_MS510,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=NOTT_GW15_TOSHIBA_COPIER,OU=SCCM PRINTER INSTALLS,OU=BUILDINGS,OU=WORKSTATIONS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=BOVASCAN,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CISCOCALLMGRALERT,OU=SERVICEACCOUNTS,OU=UNITY,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=POLICE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_DATAWAREHOUSE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=COGNOS AUTHORS,OU=ESCHOOL USERS,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SYSTEM GALAXY,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=COGNOS ADMINS,OU=ESCHOOL USERS,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_NOTICEOFCLAIMS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=NOBARBYPASS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=UNADDRESSEDMESSAGES31F2136C,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SYSTEMEVENTMESSAGES4F1A2404,OU=GROUPS,OU=UNITY,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ACCOUNTING DEPARTMENT,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CERTSVC_DCOM_ACCESS,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CISCOEMERGENCYRESPONDERADMINS,OU=SERVICEACCOUNTS,OU=UNITY,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ESCHOOLPLUS,OU=ESCHOOL USERS,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=EXCHANGE ENTERPRISE SERVERS,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PASSWORDPROPDENY,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HRTICKETWXO,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HRTAWXOSEARCH,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HRTICKETHRMS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HRTAHRADMINS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=EXCHANGE INSTALL DOMAIN SERVERS,CN=MICROSOFT EXCHANGE SYSTEM OBJECTS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HRTAWXOPAYROLLSTAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_SPECIALPROGRAMS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HRMSPM,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HRTICKETAPPLICATION,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PSFINACCT,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HRTAWXOFISCAL,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HRTAHRMSSEARCH,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_SUPERINTENDENT,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PROGRAMMERS,OU=SECURITYGROUPS-MISC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HRTAWXOPAYROLLADMIN,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=NVISION USERS,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=LMS-LOCAL,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HEALTHOFFICECO,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=NEWEMPENTRYAPP,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PRINTSHOP,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ALLSUBSCRIBERS20FB0106,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=IBM PEOPLESOFT,OU=IBM,OU=VENDORS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_GUIDANCECOUNSELORS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HRTASTAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_OSA_ACCOUNTABILITY,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_PERS1,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=OPERATIONS DOCUWARE,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=BYPASS CONTENT FILTERING,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=STAFF ID CARDS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=RECORD,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPS SYSTEM ADMINS,OU=ESCHOOL USERS,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HRTAWXOSUPERVISOR,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PSOFT ADMINS,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPECEDSCAN,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_CONTRACTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HRTAFISCAL,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=WESTSIDE STUDENTS,OU=STUDENTS,OU=WSLC USERS,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DELAWARE.SBITBEHAVIORTEAM,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=RISK MANAGEMENT,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CHILDREN,OU=STUDENTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=MAILBOXMGMT,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_LMS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ADULTS,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=TRANS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=IT,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=EXAMGEN,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ALLSUBSCRIBERS4F1A2404,OU=GROUPS,OU=UNITY,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=IBM SHAREPOINT USERS,OU=IBM,OU=VENDORS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DHCP USERS,OU=SERVICE ACCOUNTS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SENIOR STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=EDULOGUSERS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PTSD,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=LOCAL ADMINISTRATOR CAPABILITY ON THEIR COMPUTER,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=BENEFITS DEPARTMENT,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SG_BUDGET DEPARTMENT,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ALLSUBSCRIBERS31F2136C,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ALANY,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SPI SYSTEM ADMINS,OU=ESCHOOL USERS,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SHARE_QDLS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=WEBSMS,OU=ESCHOOL USERS,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=TECHS,OU=SECURITYGROUPS-MISC,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=WEBSMS ADMINS,OU=ESCHOOL USERS,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=FINSTAFF,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=UNADDRESSEDMESSAGES20FB0106,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=TTK,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ADMIN LIST MANAGERS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=UNITYVOICEMAILONLYUSERS,OU=GROUPS,OU=UNITY,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SYSTEMEVENTMESSAGES31F2136C,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=UNITYADMINEMAILGROUP,OU=SERVICEACCOUNTS,OU=UNITY,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SYSTEMEVENTMESSAGES20FB0106,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HEALTHYSHOTS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=UNADDRESSEDMESSAGES4F1A2404,OU=GROUPS,OU=UNITY,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ACS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SAY_YES,OU=STAFF,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HELPSERVICESGROUP,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=IIS_WPG,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=WIRELESS,OU=SERVICE ACCOUNTS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=UNITYEXCHANGEADMINS,OU=SERVICEACCOUNTS,OU=UNITY,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=GOOGLE PLUS,OU=SCSDUSERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=EXCHANGE DOMAIN SERVERS,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=TERMINAL SERVER LICENSE SERVERS,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=IIS_IUSRS,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DOMAIN ADMINS,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ADMINISTRATORS,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ENTERPRISE ADMINS,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=GUESTS,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=BACKUP OPERATORS,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=REMOTE DESKTOP USERS,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CERTIFICATE SERVICE DCOM ACCESS,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DOMAIN COMPUTERS,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SERVER OPERATORS,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ACCOUNT OPERATORS,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PRE-WINDOWS 2000 COMPATIBLE ACCESS,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DENIED RODC PASSWORD REPLICATION GROUP,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=WINDOWS AUTHORIZATION ACCESS GROUP,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=REMOTE MANAGEMENT USERS,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=GROUP POLICY CREATOR OWNERS,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SCHEMA ADMINS,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CERT PUBLISHERS,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PROTECTED USERS,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ACCESS CONTROL ASSISTANCE OPERATORS,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CLONEABLE DOMAIN CONTROLLERS,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HYPER-V ADMINISTRATORS,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=RDS MANAGEMENT SERVERS,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=RDS ENDPOINT SERVERS,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=RDS REMOTE ACCESS SERVERS,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=READ-ONLY DOMAIN CONTROLLERS,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DOMAIN CONTROLLERS,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=REPLICATOR,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PRINT OPERATORS,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=RAS AND IAS SERVERS,OU=SERVICE ACCOUNTS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PERFORMANCE LOG USERS,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ENTERPRISE READ-ONLY DOMAIN CONTROLLERS,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=EVENT LOG READERS,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ALLOWED RODC PASSWORD REPLICATION GROUP,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=CRYPTOGRAPHIC OPERATORS,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DOMAIN GUESTS,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DISTRIBUTED COM USERS,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DOMAIN USERS,CN=USERS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=USERS,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=INCOMING FOREST TRUST BUILDERS,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PERFORMANCE MONITOR USERS,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=NETWORK CONFIGURATION OPERATORS,CN=BUILTIN,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=EXCHANGE IMPORT EXPORT AND DELETE,OU=MICROSOFT EXCHANGE SECURITY GROUPS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DISCOVERY MANAGEMENT,OU=MICROSOFT EXCHANGE SECURITY GROUPS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=SERVER MANAGEMENT,OU=MICROSOFT EXCHANGE SECURITY GROUPS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=DELEGATED SETUP,OU=MICROSOFT EXCHANGE SECURITY GROUPS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HYGIENE MANAGEMENT,OU=MICROSOFT EXCHANGE SECURITY GROUPS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=COMPLIANCE MANAGEMENT,OU=MICROSOFT EXCHANGE SECURITY GROUPS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=MANAGED AVAILABILITY SERVERS,OU=MICROSOFT EXCHANGE SECURITY GROUPS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=EXCHANGE WINDOWS PERMISSIONS,OU=MICROSOFT EXCHANGE SECURITY GROUPS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=ORGANIZATION MANAGEMENT,OU=MICROSOFT EXCHANGE SECURITY GROUPS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=RECIPIENT MANAGEMENT,OU=MICROSOFT EXCHANGE SECURITY GROUPS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=VIEW-ONLY ORGANIZATION MANAGEMENT,OU=MICROSOFT EXCHANGE SECURITY GROUPS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=PUBLIC FOLDER MANAGEMENT,OU=MICROSOFT EXCHANGE SECURITY GROUPS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=UM MANAGEMENT,OU=MICROSOFT EXCHANGE SECURITY GROUPS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=HELP DESK,OU=MICROSOFT EXCHANGE SECURITY GROUPS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=RECORDS MANAGEMENT,OU=MICROSOFT EXCHANGE SECURITY GROUPS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=EXCHANGE TRUSTED SUBSYSTEM,OU=MICROSOFT EXCHANGE SECURITY GROUPS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=EXCHANGELEGACYINTEROP,OU=MICROSOFT EXCHANGE SECURITY GROUPS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=EXCHANGE PUBLIC FOLDER ADMINISTRATORS,OU=MICROSOFT EXCHANGE SECURITY GROUPS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=EXCHANGE VIEW-ONLY ADMINISTRATORS,OU=MICROSOFT EXCHANGE SECURITY GROUPS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=EXCHANGE RECIPIENT ADMINISTRATORS,OU=MICROSOFT EXCHANGE SECURITY GROUPS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=EXCHANGE ORGANIZATION ADMINISTRATORS,OU=MICROSOFT EXCHANGE SECURITY GROUPS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
edit "CN=EXCHANGE SERVERS,OU=MICROSOFT EXCHANGE SECURITY GROUPS,DC=SCSD,DC=AD"
|
|
set server-name "Orion"
|
|
next
|
|
end
|
|
config user fsso-polling
|
|
end
|
|
config user fortitoken
|
|
end
|
|
config user password-policy
|
|
end
|
|
config user local
|
|
edit "jorge-mike"
|
|
set status enable
|
|
set type password
|
|
set two-factor disable
|
|
set email-to ''
|
|
set sms-server fortiguard
|
|
set sms-phone ''
|
|
set passwd-policy ''
|
|
set passwd-time 2025-10-02 19:14:17
|
|
set authtimeout 0
|
|
set auth-concurrent-override disable
|
|
set ppk-secret ENC 3bi/bjmLH1jNhziM7g0uzlJgmQlbRY4RDxJGwmyRwOu38F9+ffjr6jckmBhExBiljJbF2GSVvTA6Fgc5E9Sav6UaY7JbBH9kNa+I6ltEPnojuVLuhZWLFeo5mq2fKbMNDtQ/mY+zqlbjkMrwAcK+hwqe4sPtKUfevjenDv5dRiTMEPyAxd+2Gq6j9R6xGbSxYNmIOFlmMjY3dkVA
|
|
set ppk-identity ''
|
|
set qkd-profile ''
|
|
set passwd ENC 7u1Or8xd3+8ylE0VW8UEquHGioV5ikEkPrlPVNFE+1FS6pJr5P/QuwPjEdXNFrrkEN/ogIEM50ENggR2eTdYyAbzrXae09655dsg4EPgR7ZnhDuZR9EtG5MueRZ4vyeEhdot1RXQfoi7prUjHUtVaftKPhAffGgRBijlKPQY6Z4CCHTgzmh2TiN7f85eEcRL4VinbVlmMjY3dkVA
|
|
next
|
|
end
|
|
config user setting
|
|
set auth-type http https ftp telnet
|
|
set auth-cert "Fortinet_Factory"
|
|
set auth-ca-cert ''
|
|
set auth-secure-http disable
|
|
set auth-http-basic disable
|
|
set auth-ssl-allow-renegotiation disable
|
|
set auth-src-mac enable
|
|
set auth-on-demand implicitly
|
|
set auth-timeout 5
|
|
set auth-timeout-type idle-timeout
|
|
set auth-portal-timeout 3
|
|
set radius-ses-timeout-act hard-timeout
|
|
set auth-blackout-time 0
|
|
set auth-invalid-max 5
|
|
set auth-lockout-threshold 3
|
|
set auth-lockout-duration 0
|
|
set per-policy-disclaimer disable
|
|
set auth-ssl-min-proto-version default
|
|
unset auth-ssl-max-proto-version
|
|
set auth-ssl-sigalgs all
|
|
set default-user-password-policy ''
|
|
end
|
|
config user quarantine
|
|
set quarantine enable
|
|
set traffic-policy ''
|
|
set firewall-groups ''
|
|
end
|
|
config user group
|
|
edit "SSO_Guest_Users"
|
|
set authtimeout 0
|
|
set http-digest-realm ''
|
|
next
|
|
edit "SSL_VPN_Full_Access"
|
|
set group-type firewall
|
|
set authtimeout 0
|
|
set auth-concurrent-override disable
|
|
set http-digest-realm ''
|
|
set member "HVDC02.scsd.ad" "DC01.scsd.ad" "HVDC03.scsd.ad"
|
|
config match
|
|
edit 1
|
|
set server-name "DC01.scsd.ad"
|
|
set group-name "CN=VPN_Fortinet,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
edit 2
|
|
set server-name "HVDC02.scsd.ad"
|
|
set group-name "CN=VPN_Fortinet,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
edit 3
|
|
set server-name "HVDC03.scsd.ad"
|
|
set group-name "CN=VPN_Fortinet,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
end
|
|
next
|
|
edit "VPN_Web_Servers_Group"
|
|
set group-type firewall
|
|
set authtimeout 0
|
|
set auth-concurrent-override disable
|
|
set http-digest-realm ''
|
|
set member "HVDC02.scsd.ad" "DC01.scsd.ad" "HVDC03.scsd.ad"
|
|
config match
|
|
edit 1
|
|
set server-name "DC01.scsd.ad"
|
|
set group-name "CN=Server_Local_Admin_DistrictWebsite,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
edit 2
|
|
set server-name "HVDC02.scsd.ad"
|
|
set group-name "CN=Server_Local_Admin_DistrictWebsite,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
edit 3
|
|
set server-name "HVDC03.scsd.ad"
|
|
set group-name "CN=Server_Local_Admin_DistrictWebsite,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
end
|
|
next
|
|
edit "VPN_SchoolTool_Group"
|
|
set group-type firewall
|
|
set authtimeout 0
|
|
set auth-concurrent-override disable
|
|
set http-digest-realm ''
|
|
set member "HVDC02.scsd.ad" "DC01.scsd.ad" "HVDC03.scsd.ad"
|
|
config match
|
|
edit 1
|
|
set server-name "DC01.scsd.ad"
|
|
set group-name "CN=Server_Local_Admin_SchoolTool,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
edit 2
|
|
set server-name "HVDC02.scsd.ad"
|
|
set group-name "CN=Server_Local_Admin_SchoolTool,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
edit 3
|
|
set server-name "HVDC03.scsd.ad"
|
|
set group-name "CN=Server_Local_Admin_SchoolTool,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
end
|
|
next
|
|
edit "VPN_DayAuto_Group"
|
|
set group-type firewall
|
|
set authtimeout 0
|
|
set auth-concurrent-override disable
|
|
set http-digest-realm ''
|
|
set member "HVDC02.scsd.ad" "DC01.scsd.ad" "HVDC03.scsd.ad"
|
|
config match
|
|
edit 1
|
|
set server-name "DC01.scsd.ad"
|
|
set group-name "CN=Server_Local_Admin_DayAutomation,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
edit 2
|
|
set server-name "HVDC02.scsd.ad"
|
|
set group-name "CN=Server_Local_Admin_DayAutomation,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
edit 3
|
|
set server-name "HVDC03.scsd.ad"
|
|
set group-name "CN=Server_Local_Admin_DayAutomation,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
end
|
|
next
|
|
edit "VPN_Security_Group"
|
|
set group-type firewall
|
|
set authtimeout 0
|
|
set auth-concurrent-override disable
|
|
set http-digest-realm ''
|
|
set member "HVDC02.scsd.ad" "DC01.scsd.ad" "HVDC03.scsd.ad"
|
|
config match
|
|
edit 1
|
|
set server-name "DC01.scsd.ad"
|
|
set group-name "CN=Server_Local_Admin_Security,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
edit 2
|
|
set server-name "HVDC02.scsd.ad"
|
|
set group-name "CN=Server_Local_Admin_Security,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
edit 3
|
|
set server-name "HVDC03.scsd.ad"
|
|
set group-name "CN=Server_Local_Admin_Security,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
end
|
|
next
|
|
edit "VPN_Hyperion_Group"
|
|
set group-type firewall
|
|
set authtimeout 0
|
|
set auth-concurrent-override disable
|
|
set http-digest-realm ''
|
|
set member "HVDC02.scsd.ad" "DC01.scsd.ad" "HVDC03.scsd.ad"
|
|
config match
|
|
edit 1
|
|
set server-name "DC01.scsd.ad"
|
|
set group-name "CN=VPN_Hyperion,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
edit 2
|
|
set server-name "HVDC02.scsd.ad"
|
|
set group-name "CN=VPN_Hyperion,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
edit 3
|
|
set server-name "HVDC03.scsd.ad"
|
|
set group-name "CN=VPN_Hyperion,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
end
|
|
next
|
|
edit "VPN_Peoplesoft_Group"
|
|
set group-type firewall
|
|
set authtimeout 0
|
|
set auth-concurrent-override disable
|
|
set http-digest-realm ''
|
|
set member "HVDC02.scsd.ad" "DC01.scsd.ad" "HVDC03.scsd.ad"
|
|
config match
|
|
edit 1
|
|
set server-name "DC01.scsd.ad"
|
|
set group-name "CN=VPN_Peoplesoft,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
edit 2
|
|
set server-name "HVDC02.scsd.ad"
|
|
set group-name "CN=VPN_Peoplesoft,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
edit 3
|
|
set server-name "HVDC03.scsd.ad"
|
|
set group-name "CN=VPN_Peoplesoft,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
end
|
|
next
|
|
edit "VPN_WebCRD_Group"
|
|
set group-type firewall
|
|
set authtimeout 0
|
|
set auth-concurrent-override disable
|
|
set http-digest-realm ''
|
|
set member "HVDC02.scsd.ad" "DC01.scsd.ad" "HVDC03.scsd.ad"
|
|
config match
|
|
edit 1
|
|
set server-name "DC01.scsd.ad"
|
|
set group-name "CN=Server_Local_Admin_WebCRD,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
edit 2
|
|
set server-name "HVDC02.scsd.ad"
|
|
set group-name "CN=Server_Local_Admin_WebCRD,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
edit 3
|
|
set server-name "HVDC03.scsd.ad"
|
|
set group-name "CN=Server_Local_Admin_WebCRD,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
end
|
|
next
|
|
edit "VPN_Access411_Group"
|
|
set group-type firewall
|
|
set authtimeout 0
|
|
set auth-concurrent-override disable
|
|
set http-digest-realm ''
|
|
set member "HVDC02.scsd.ad" "HVDC03.scsd.ad" "DC01.scsd.ad"
|
|
config match
|
|
edit 1
|
|
set server-name "DC01.scsd.ad"
|
|
set group-name "CN=VPN_Access_Access411,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
edit 2
|
|
set server-name "HVDC02.scsd.ad"
|
|
set group-name "CN=VPN_Access_Access411,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
edit 3
|
|
set server-name "HVDC03.scsd.ad"
|
|
set group-name "CN=VPN_Access_Access411,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
end
|
|
next
|
|
edit "VPN_DocHolliday_Group"
|
|
set group-type firewall
|
|
set authtimeout 0
|
|
set auth-concurrent-override disable
|
|
set http-digest-realm ''
|
|
set member "HVDC02.scsd.ad" "DC01.scsd.ad" "HVDC03.scsd.ad"
|
|
config match
|
|
edit 1
|
|
set server-name "DC01.scsd.ad"
|
|
set group-name "CN=Server_Local_Admin_Doc,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
edit 2
|
|
set server-name "HVDC02.scsd.ad"
|
|
set group-name "CN=Server_Local_Admin_Doc,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
edit 3
|
|
set server-name "HVDC03.scsd.ad"
|
|
set group-name "CN=Server_Local_Admin_Doc,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
end
|
|
next
|
|
edit "VPN_Access_Control_Group"
|
|
set group-type firewall
|
|
set authtimeout 0
|
|
set auth-concurrent-override disable
|
|
set http-digest-realm ''
|
|
set member "HVDC02.scsd.ad" "DC01.scsd.ad" "HVDC03.scsd.ad"
|
|
config match
|
|
edit 1
|
|
set server-name "DC01.scsd.ad"
|
|
set group-name "CN=Server_Local_Admin_Security,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
edit 2
|
|
set server-name "HVDC02.scsd.ad"
|
|
set group-name "CN=Server_Local_Admin_Security,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
edit 3
|
|
set server-name "HVDC03.scsd.ad"
|
|
set group-name "CN=Server_Local_Admin_Security,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
end
|
|
next
|
|
edit "VPN_Auditor_Group"
|
|
set group-type firewall
|
|
set authtimeout 0
|
|
set auth-concurrent-override disable
|
|
set http-digest-realm ''
|
|
set member "HVDC02.scsd.ad" "HVDC03.scsd.ad" "DC01.scsd.ad"
|
|
config match
|
|
edit 1
|
|
set server-name "DC01.scsd.ad"
|
|
set group-name "CN=VPN_Auditors,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
edit 2
|
|
set server-name "HVDC02.scsd.ad"
|
|
set group-name "CN=VPN_Auditors,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
edit 3
|
|
set server-name "HVDC03.scsd.ad"
|
|
set group-name "CN=VPN_Auditors,OU=SCSDUsers,DC=scsd,DC=ad"
|
|
next
|
|
end
|
|
next
|
|
edit "FortiGateAccess"
|
|
set group-type firewall
|
|
set authtimeout 0
|
|
set auth-concurrent-override disable
|
|
set http-digest-realm ''
|
|
set member "azure" "jorge-mike"
|
|
config match
|
|
edit 1
|
|
set server-name "azure"
|
|
set group-name "5021feae-da5a-4d27-8d9d-4927b39324c7"
|
|
next
|
|
end
|
|
next
|
|
edit "SSL_VPN_SCSD_USER"
|
|
set group-type firewall
|
|
set authtimeout 0
|
|
set auth-concurrent-override disable
|
|
set http-digest-realm ''
|
|
set member "scsd_user_sso"
|
|
next
|
|
edit "SSL_VPN_SCSD_USER2"
|
|
set group-type firewall
|
|
set authtimeout 0
|
|
set auth-concurrent-override disable
|
|
set http-digest-realm ''
|
|
set member "scsd_user2_sso"
|
|
config match
|
|
edit 1
|
|
set server-name "scsd_user2_sso"
|
|
set group-name "ac4a0b00-0f87-48ae-8d66-1a74019ca4ec"
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config user security-exempt-list
|
|
end
|
|
config vpn ssl web realm
|
|
end
|
|
config vpn ssl web host-check-software
|
|
edit "FortiClient-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "1A0271D5-3D4F-46DB-0C2C-AB37BA90D9F7"
|
|
next
|
|
edit "FortiClient-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
|
|
next
|
|
edit "FortiClient-AV-Vista"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
|
|
next
|
|
edit "FortiClient-FW-Vista"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
|
|
next
|
|
edit "FortiClient5-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "5EEDDB8C-C27A-6714-3657-DBD811D1F1B7"
|
|
next
|
|
edit "AVG-Internet-Security-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
|
|
next
|
|
edit "AVG-Internet-Security-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "8DECF618-9569-4340-B34A-D78D28969B66"
|
|
next
|
|
edit "AVG-Internet-Security-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
|
|
next
|
|
edit "AVG-Internet-Security-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
|
|
next
|
|
edit "CA-Anti-Virus"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
|
|
next
|
|
edit "CA-Internet-Security-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
|
|
next
|
|
edit "CA-Internet-Security-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
|
|
next
|
|
edit "CA-Internet-Security-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
|
|
next
|
|
edit "CA-Internet-Security-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
|
|
next
|
|
edit "CA-Personal-Firewall"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
|
|
next
|
|
edit "F-Secure-Internet-Security-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
|
|
next
|
|
edit "F-Secure-Internet-Security-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "D4747503-0346-49EB-9262-997542F79BF4"
|
|
next
|
|
edit "F-Secure-Internet-Security-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "15414183-282E-D62C-CA37-EF24860A2F17"
|
|
next
|
|
edit "F-Secure-Internet-Security-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
|
|
next
|
|
edit "Kaspersky-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
|
|
next
|
|
edit "Kaspersky-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
|
|
next
|
|
edit "Kaspersky-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
|
|
next
|
|
edit "Kaspersky-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
|
|
next
|
|
edit "McAfee-Internet-Security-Suite-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
|
|
next
|
|
edit "McAfee-Internet-Security-Suite-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
|
|
next
|
|
edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
|
|
next
|
|
edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
|
|
next
|
|
edit "McAfee-Virus-Scan-Enterprise"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
|
|
next
|
|
edit "Norton-360-2.0-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
|
|
next
|
|
edit "Norton-360-2.0-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
|
|
next
|
|
edit "Norton-360-3.0-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
|
|
next
|
|
edit "Norton-360-3.0-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
|
|
next
|
|
edit "Norton-Internet-Security-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
|
|
next
|
|
edit "Norton-Internet-Security-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
|
|
next
|
|
edit "Norton-Internet-Security-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
|
|
next
|
|
edit "Norton-Internet-Security-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
|
|
next
|
|
edit "Symantec-Endpoint-Protection-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
|
|
next
|
|
edit "Symantec-Endpoint-Protection-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
|
|
next
|
|
edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
|
|
next
|
|
edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
|
|
next
|
|
edit "Panda-Antivirus+Firewall-2008-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
|
|
next
|
|
edit "Panda-Antivirus+Firewall-2008-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
|
|
next
|
|
edit "Panda-Internet-Security-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
|
|
next
|
|
edit "Panda-Internet-Security-2006~2007-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
|
|
next
|
|
edit "Panda-Internet-Security-2008~2009-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
|
|
next
|
|
edit "Sophos-Anti-Virus"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
|
|
next
|
|
edit "Sophos-Enpoint-Secuirty-and-Control-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
|
|
next
|
|
edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
|
|
next
|
|
edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
|
|
next
|
|
edit "Trend-Micro-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
|
|
next
|
|
edit "Trend-Micro-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
|
|
next
|
|
edit "Trend-Micro-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
|
|
next
|
|
edit "Trend-Micro-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
|
|
next
|
|
edit "ZoneAlarm-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
|
|
next
|
|
edit "ZoneAlarm-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
|
|
next
|
|
edit "ZoneAlarm-AV-Vista-Win7"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
|
|
next
|
|
edit "ZoneAlarm-FW-Vista-Win7"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
|
|
next
|
|
edit "ESET-Smart-Security-AV"
|
|
set os-type windows
|
|
set type av
|
|
set version ''
|
|
set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
|
|
next
|
|
edit "ESET-Smart-Security-FW"
|
|
set os-type windows
|
|
set type fw
|
|
set version ''
|
|
set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
|
|
next
|
|
end
|
|
config vpn ssl web portal
|
|
edit "full-access"
|
|
set tunnel-mode enable
|
|
set ipv6-tunnel-mode enable
|
|
set web-mode enable
|
|
set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
|
|
set limit-user-logins disable
|
|
set forticlient-download enable
|
|
set ip-mode range
|
|
set auto-connect disable
|
|
set keep-alive disable
|
|
set save-password disable
|
|
set ip-pools "SSLVPN_TUNNEL_ADDR1"
|
|
set split-tunneling enable
|
|
set split-tunneling-routing-negate disable
|
|
set dns-server1 0.0.0.0
|
|
set dns-server2 0.0.0.0
|
|
set dns-suffix ''
|
|
set wins-server1 0.0.0.0
|
|
set wins-server2 0.0.0.0
|
|
set dhcp-ra-giaddr 0.0.0.0
|
|
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
|
|
set ipv6-split-tunneling enable
|
|
set ipv6-split-tunneling-routing-negate disable
|
|
set ipv6-dns-server1 ::
|
|
set ipv6-dns-server2 ::
|
|
set ipv6-wins-server1 ::
|
|
set ipv6-wins-server2 ::
|
|
set dhcp6-ra-linkaddr ::
|
|
set client-src-range disable
|
|
set landing-page-mode disable
|
|
set display-bookmark enable
|
|
set user-bookmark enable
|
|
set default-protocol web
|
|
set user-group-bookmark enable
|
|
config bookmark-group
|
|
edit "gui-bookmarks"
|
|
next
|
|
end
|
|
set display-connection-tools enable
|
|
set display-history enable
|
|
set focus-bookmark disable
|
|
set display-status enable
|
|
set rewrite-ip-uri-ui disable
|
|
set heading "SSL-VPN Portal"
|
|
set redir-url ''
|
|
set theme security-fabric
|
|
set smb-ntlmv1-auth disable
|
|
set smb-min-version smbv2
|
|
set smb-max-version smbv3
|
|
set use-sdwan disable
|
|
set clipboard enable
|
|
set default-window-width 1024
|
|
set default-window-height 768
|
|
set host-check none
|
|
set mac-addr-check disable
|
|
set os-check disable
|
|
set forticlient-download-method direct
|
|
set customize-forticlient-download-url enable
|
|
set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent"
|
|
set macos-forticlient-download-url ''
|
|
set hide-sso-credential enable
|
|
next
|
|
edit "web-access"
|
|
set tunnel-mode disable
|
|
set ipv6-tunnel-mode disable
|
|
set web-mode enable
|
|
set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
|
|
set limit-user-logins disable
|
|
set forticlient-download enable
|
|
set dns-suffix ''
|
|
set landing-page-mode disable
|
|
set display-bookmark enable
|
|
set user-bookmark enable
|
|
set default-protocol web
|
|
set user-group-bookmark enable
|
|
set display-connection-tools enable
|
|
set display-history enable
|
|
set focus-bookmark disable
|
|
set display-status enable
|
|
set rewrite-ip-uri-ui disable
|
|
set heading "SSL-VPN Portal"
|
|
set redir-url ''
|
|
set theme security-fabric
|
|
set smb-ntlmv1-auth disable
|
|
set smb-min-version smbv2
|
|
set smb-max-version smbv3
|
|
set use-sdwan disable
|
|
set clipboard enable
|
|
set default-window-width 1024
|
|
set default-window-height 768
|
|
set forticlient-download-method direct
|
|
set customize-forticlient-download-url disable
|
|
set hide-sso-credential enable
|
|
next
|
|
edit "tunnel-access"
|
|
set tunnel-mode enable
|
|
set ipv6-tunnel-mode enable
|
|
set web-mode disable
|
|
set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
|
|
set limit-user-logins disable
|
|
set forticlient-download enable
|
|
set ip-mode range
|
|
set auto-connect disable
|
|
set keep-alive disable
|
|
set save-password disable
|
|
set ip-pools "SSLVPN_TUNNEL_ADDR1"
|
|
set split-tunneling enable
|
|
set split-tunneling-routing-negate disable
|
|
set dns-server1 0.0.0.0
|
|
set dns-server2 0.0.0.0
|
|
set dns-suffix ''
|
|
set wins-server1 0.0.0.0
|
|
set wins-server2 0.0.0.0
|
|
set dhcp-ra-giaddr 0.0.0.0
|
|
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
|
|
set ipv6-split-tunneling enable
|
|
set ipv6-split-tunneling-routing-negate disable
|
|
set ipv6-dns-server1 ::
|
|
set ipv6-dns-server2 ::
|
|
set ipv6-wins-server1 ::
|
|
set ipv6-wins-server2 ::
|
|
set dhcp6-ra-linkaddr ::
|
|
set client-src-range disable
|
|
set host-check none
|
|
set mac-addr-check disable
|
|
set os-check disable
|
|
set forticlient-download-method direct
|
|
set customize-forticlient-download-url disable
|
|
next
|
|
edit "SCSD_VPN_FULL_Portal"
|
|
set tunnel-mode enable
|
|
set ipv6-tunnel-mode disable
|
|
set web-mode enable
|
|
set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
|
|
set limit-user-logins disable
|
|
set forticlient-download enable
|
|
set ip-mode range
|
|
set auto-connect disable
|
|
set keep-alive disable
|
|
set save-password disable
|
|
set ip-pools "SSL_VPN_Range"
|
|
set split-tunneling enable
|
|
set split-tunneling-routing-negate disable
|
|
set split-tunneling-routing-address "IPv4-Private-All-RFC1918"
|
|
set dns-server1 0.0.0.0
|
|
set dns-server2 0.0.0.0
|
|
set dns-suffix ''
|
|
set wins-server1 0.0.0.0
|
|
set wins-server2 0.0.0.0
|
|
set dhcp-ra-giaddr 0.0.0.0
|
|
set client-src-range disable
|
|
set landing-page-mode disable
|
|
set display-bookmark enable
|
|
set user-bookmark enable
|
|
set default-protocol web
|
|
set user-group-bookmark enable
|
|
config bookmark-group
|
|
edit "gui-bookmarks"
|
|
next
|
|
end
|
|
set display-connection-tools enable
|
|
set display-history enable
|
|
set focus-bookmark disable
|
|
set display-status enable
|
|
set rewrite-ip-uri-ui disable
|
|
set heading "SSL-VPN Portal"
|
|
set redir-url ''
|
|
set theme security-fabric
|
|
set smb-ntlmv1-auth disable
|
|
set smb-min-version smbv2
|
|
set smb-max-version smbv3
|
|
set use-sdwan disable
|
|
set clipboard enable
|
|
set default-window-width 1024
|
|
set default-window-height 768
|
|
set host-check none
|
|
set mac-addr-check disable
|
|
set os-check disable
|
|
set forticlient-download-method direct
|
|
set customize-forticlient-download-url enable
|
|
set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent"
|
|
set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent"
|
|
set hide-sso-credential enable
|
|
next
|
|
edit "SchoolTool_Portal"
|
|
set tunnel-mode enable
|
|
set ipv6-tunnel-mode disable
|
|
set web-mode enable
|
|
set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
|
|
set limit-user-logins disable
|
|
set forticlient-download disable
|
|
set ip-mode range
|
|
set auto-connect disable
|
|
set keep-alive disable
|
|
set save-password disable
|
|
set ip-pools "SSL_VPN_Range"
|
|
set split-tunneling enable
|
|
set split-tunneling-routing-negate disable
|
|
set split-tunneling-routing-address "Internal_10.0.0.0_8"
|
|
set dns-server1 0.0.0.0
|
|
set dns-server2 0.0.0.0
|
|
set dns-suffix ''
|
|
set wins-server1 0.0.0.0
|
|
set wins-server2 0.0.0.0
|
|
set dhcp-ra-giaddr 0.0.0.0
|
|
set client-src-range disable
|
|
set landing-page-mode disable
|
|
set display-bookmark enable
|
|
set user-bookmark disable
|
|
set default-protocol web
|
|
set user-group-bookmark enable
|
|
config bookmark-group
|
|
edit "gui-bookmarks"
|
|
config bookmarks
|
|
edit "Obiwan_RDP"
|
|
set apptype rdp
|
|
set description ''
|
|
set host "10.1.48.202"
|
|
set keyboard-layout en-us
|
|
set security any
|
|
set send-preconnection-id disable
|
|
set load-balancing-info ''
|
|
set restricted-admin disable
|
|
set port 3389
|
|
set color-depth 16
|
|
set sso auto
|
|
set sso-credential sslvpn-login
|
|
set sso-credential-sent-once disable
|
|
set width 0
|
|
set height 0
|
|
next
|
|
edit "HanSolo_RDP"
|
|
set apptype rdp
|
|
set description ''
|
|
set host "10.1.48.201"
|
|
set keyboard-layout en-us
|
|
set security any
|
|
set send-preconnection-id disable
|
|
set load-balancing-info ''
|
|
set restricted-admin disable
|
|
set port 3389
|
|
set color-depth 16
|
|
set sso auto
|
|
set sso-credential sslvpn-login
|
|
set sso-credential-sent-once disable
|
|
set width 0
|
|
set height 0
|
|
next
|
|
edit "C3PO_RDP"
|
|
set apptype rdp
|
|
set description ''
|
|
set host "10.1.48.133"
|
|
set keyboard-layout en-us
|
|
set security any
|
|
set send-preconnection-id disable
|
|
set load-balancing-info ''
|
|
set restricted-admin disable
|
|
set port 3389
|
|
set color-depth 16
|
|
set sso auto
|
|
set sso-credential sslvpn-login
|
|
set sso-credential-sent-once disable
|
|
set width 0
|
|
set height 0
|
|
next
|
|
edit "Chewbacca_RDP"
|
|
set apptype rdp
|
|
set description ''
|
|
set host "10.1.48.129"
|
|
set keyboard-layout en-us
|
|
set security any
|
|
set send-preconnection-id disable
|
|
set load-balancing-info ''
|
|
set restricted-admin disable
|
|
set port 3389
|
|
set color-depth 16
|
|
set sso auto
|
|
set sso-credential sslvpn-login
|
|
set sso-credential-sent-once disable
|
|
set width 0
|
|
set height 0
|
|
next
|
|
edit "Skywalker_RDP"
|
|
set apptype rdp
|
|
set description ''
|
|
set host "10.1.48.63"
|
|
set keyboard-layout en-us
|
|
set security any
|
|
set send-preconnection-id disable
|
|
set load-balancing-info ''
|
|
set restricted-admin disable
|
|
set port 3389
|
|
set color-depth 16
|
|
set sso auto
|
|
set sso-credential sslvpn-login
|
|
set sso-credential-sent-once disable
|
|
set width 0
|
|
set height 0
|
|
next
|
|
edit "Yoda_RDP"
|
|
set apptype rdp
|
|
set description ''
|
|
set host "10.1.48.103"
|
|
set keyboard-layout en-us
|
|
set security any
|
|
set send-preconnection-id disable
|
|
set load-balancing-info ''
|
|
set restricted-admin disable
|
|
set port 3389
|
|
set color-depth 16
|
|
set sso auto
|
|
set sso-credential sslvpn-login
|
|
set sso-credential-sent-once disable
|
|
set width 0
|
|
set height 0
|
|
next
|
|
edit "MANDO_RDP"
|
|
set apptype rdp
|
|
set description ''
|
|
set host "10.1.40.72"
|
|
set keyboard-layout en-us
|
|
set security any
|
|
set send-preconnection-id disable
|
|
set load-balancing-info ''
|
|
set restricted-admin disable
|
|
set port 3389
|
|
set color-depth 16
|
|
set sso auto
|
|
set sso-credential sslvpn-login
|
|
set sso-credential-sent-once disable
|
|
set width 0
|
|
set height 0
|
|
next
|
|
edit "GROGU_RDP"
|
|
set apptype rdp
|
|
set description ''
|
|
set host "10.1.40.224"
|
|
set keyboard-layout en-us
|
|
set security any
|
|
set send-preconnection-id disable
|
|
set load-balancing-info ''
|
|
set restricted-admin disable
|
|
set port 3389
|
|
set color-depth 16
|
|
set sso auto
|
|
set sso-credential sslvpn-login
|
|
set sso-credential-sent-once disable
|
|
set width 0
|
|
set height 0
|
|
next
|
|
end
|
|
next
|
|
end
|
|
set display-connection-tools disable
|
|
set display-history disable
|
|
set focus-bookmark disable
|
|
set display-status enable
|
|
set rewrite-ip-uri-ui disable
|
|
set heading "SCSD SchoolTool VPN"
|
|
set redir-url ''
|
|
set theme security-fabric
|
|
set smb-ntlmv1-auth disable
|
|
set smb-min-version smbv2
|
|
set smb-max-version smbv3
|
|
set use-sdwan disable
|
|
set clipboard enable
|
|
set default-window-width 1024
|
|
set default-window-height 768
|
|
set host-check none
|
|
set mac-addr-check disable
|
|
set os-check disable
|
|
set forticlient-download-method direct
|
|
set hide-sso-credential enable
|
|
next
|
|
edit "Website_Server_Portal"
|
|
set tunnel-mode enable
|
|
set ipv6-tunnel-mode disable
|
|
set web-mode enable
|
|
set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
|
|
set limit-user-logins disable
|
|
set forticlient-download enable
|
|
set ip-mode range
|
|
set auto-connect disable
|
|
set keep-alive disable
|
|
set save-password disable
|
|
set ip-pools "SSL_VPN_Range"
|
|
set split-tunneling enable
|
|
set split-tunneling-routing-negate disable
|
|
set split-tunneling-routing-address "Internal_10.0.0.0_8"
|
|
set dns-server1 0.0.0.0
|
|
set dns-server2 0.0.0.0
|
|
set dns-suffix ''
|
|
set wins-server1 0.0.0.0
|
|
set wins-server2 0.0.0.0
|
|
set dhcp-ra-giaddr 0.0.0.0
|
|
set client-src-range disable
|
|
set landing-page-mode disable
|
|
set display-bookmark enable
|
|
set user-bookmark disable
|
|
set default-protocol web
|
|
set user-group-bookmark enable
|
|
config bookmark-group
|
|
edit "gui-bookmarks"
|
|
config bookmarks
|
|
edit "Webosphere_RDP"
|
|
set apptype rdp
|
|
set description ''
|
|
set host "10.1.48.117"
|
|
set keyboard-layout en-us
|
|
set security any
|
|
set send-preconnection-id disable
|
|
set load-balancing-info ''
|
|
set restricted-admin disable
|
|
set port 3389
|
|
set color-depth 16
|
|
set sso auto
|
|
set sso-credential sslvpn-login
|
|
set sso-credential-sent-once disable
|
|
set width 0
|
|
set height 0
|
|
next
|
|
edit "Webosphere_FTP"
|
|
set apptype ftp
|
|
set description ''
|
|
set folder "10.1.48.117"
|
|
set sso auto
|
|
set sso-credential sslvpn-login
|
|
set sso-credential-sent-once disable
|
|
next
|
|
end
|
|
next
|
|
end
|
|
set display-connection-tools disable
|
|
set display-history disable
|
|
set focus-bookmark disable
|
|
set display-status disable
|
|
set rewrite-ip-uri-ui disable
|
|
set heading "SCSD Website VPN Portal"
|
|
set redir-url ''
|
|
set theme mariner
|
|
set smb-ntlmv1-auth disable
|
|
set smb-min-version smbv2
|
|
set smb-max-version smbv3
|
|
set use-sdwan disable
|
|
set clipboard enable
|
|
set default-window-width 1024
|
|
set default-window-height 768
|
|
set host-check none
|
|
set mac-addr-check disable
|
|
set os-check disable
|
|
set forticlient-download-method direct
|
|
set customize-forticlient-download-url enable
|
|
set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent"
|
|
set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent"
|
|
set hide-sso-credential enable
|
|
next
|
|
edit "DayAutomation_Portal"
|
|
set tunnel-mode enable
|
|
set ipv6-tunnel-mode disable
|
|
set web-mode enable
|
|
set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
|
|
set limit-user-logins disable
|
|
set forticlient-download enable
|
|
set ip-mode range
|
|
set auto-connect disable
|
|
set keep-alive disable
|
|
set save-password disable
|
|
set ip-pools "SSL_VPN_Range"
|
|
set split-tunneling enable
|
|
set split-tunneling-routing-negate disable
|
|
set split-tunneling-routing-address "Internal_10.0.0.0_8"
|
|
set dns-server1 0.0.0.0
|
|
set dns-server2 0.0.0.0
|
|
set dns-suffix ''
|
|
set wins-server1 0.0.0.0
|
|
set wins-server2 0.0.0.0
|
|
set dhcp-ra-giaddr 0.0.0.0
|
|
set client-src-range disable
|
|
set landing-page-mode disable
|
|
set display-bookmark enable
|
|
set user-bookmark enable
|
|
set default-protocol web
|
|
set user-group-bookmark enable
|
|
config bookmark-group
|
|
edit "gui-bookmarks"
|
|
config bookmarks
|
|
edit "Day_Enterprise_Server"
|
|
set apptype rdp
|
|
set description ''
|
|
set host "10.1.40.108"
|
|
set keyboard-layout en-us
|
|
set security any
|
|
set send-preconnection-id disable
|
|
set load-balancing-info ''
|
|
set restricted-admin disable
|
|
set port 3389
|
|
set color-depth 16
|
|
set sso auto
|
|
set sso-credential sslvpn-login
|
|
set sso-credential-sent-once disable
|
|
set width 0
|
|
set height 0
|
|
next
|
|
edit "Day_VM_Server"
|
|
set apptype rdp
|
|
set description ''
|
|
set host "10.1.40.173"
|
|
set keyboard-layout en-us
|
|
set security any
|
|
set send-preconnection-id disable
|
|
set load-balancing-info ''
|
|
set restricted-admin disable
|
|
set port 3389
|
|
set color-depth 16
|
|
set sso auto
|
|
set sso-credential sslvpn-login
|
|
set sso-credential-sent-once disable
|
|
set width 0
|
|
set height 0
|
|
next
|
|
edit "Day_Continuum_Server"
|
|
set apptype rdp
|
|
set description ''
|
|
set host "10.1.40.188"
|
|
set keyboard-layout en-us
|
|
set security any
|
|
set send-preconnection-id disable
|
|
set load-balancing-info ''
|
|
set restricted-admin disable
|
|
set port 3389
|
|
set color-depth 16
|
|
set sso auto
|
|
set sso-credential sslvpn-login
|
|
set sso-credential-sent-once disable
|
|
set width 0
|
|
set height 0
|
|
next
|
|
end
|
|
next
|
|
end
|
|
set display-connection-tools disable
|
|
set display-history disable
|
|
set focus-bookmark disable
|
|
set display-status disable
|
|
set rewrite-ip-uri-ui disable
|
|
set heading "SCSD Day Automation VPN Portal"
|
|
set redir-url ''
|
|
set theme melongene
|
|
set smb-ntlmv1-auth disable
|
|
set smb-min-version smbv2
|
|
set smb-max-version smbv3
|
|
set use-sdwan disable
|
|
set clipboard enable
|
|
set default-window-width 1024
|
|
set default-window-height 768
|
|
set host-check none
|
|
set mac-addr-check disable
|
|
set os-check disable
|
|
set forticlient-download-method direct
|
|
set customize-forticlient-download-url enable
|
|
set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent"
|
|
set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent"
|
|
set hide-sso-credential enable
|
|
next
|
|
edit "Security_Portal"
|
|
set tunnel-mode enable
|
|
set ipv6-tunnel-mode disable
|
|
set web-mode enable
|
|
set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
|
|
set limit-user-logins disable
|
|
set forticlient-download enable
|
|
set ip-mode range
|
|
set auto-connect disable
|
|
set keep-alive disable
|
|
set save-password disable
|
|
set ip-pools "SSL_VPN_Range"
|
|
set split-tunneling enable
|
|
set split-tunneling-routing-negate disable
|
|
set split-tunneling-routing-address "Internal_10.0.0.0_8"
|
|
set dns-server1 0.0.0.0
|
|
set dns-server2 0.0.0.0
|
|
set dns-suffix ''
|
|
set wins-server1 0.0.0.0
|
|
set wins-server2 0.0.0.0
|
|
set dhcp-ra-giaddr 0.0.0.0
|
|
set client-src-range disable
|
|
set landing-page-mode disable
|
|
set display-bookmark enable
|
|
set user-bookmark enable
|
|
set default-protocol web
|
|
set user-group-bookmark enable
|
|
config bookmark-group
|
|
edit "gui-bookmarks"
|
|
next
|
|
end
|
|
set display-connection-tools enable
|
|
set display-history disable
|
|
set focus-bookmark disable
|
|
set display-status disable
|
|
set rewrite-ip-uri-ui disable
|
|
set heading "SCSD Security VPN Portal"
|
|
set redir-url ''
|
|
set theme mariner
|
|
set smb-ntlmv1-auth disable
|
|
set smb-min-version smbv2
|
|
set smb-max-version smbv3
|
|
set use-sdwan disable
|
|
set clipboard enable
|
|
set default-window-width 1024
|
|
set default-window-height 768
|
|
set host-check none
|
|
set mac-addr-check disable
|
|
set os-check disable
|
|
set forticlient-download-method direct
|
|
set customize-forticlient-download-url enable
|
|
set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent"
|
|
set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent"
|
|
set hide-sso-credential enable
|
|
next
|
|
edit "Hyperion_Portal"
|
|
set tunnel-mode enable
|
|
set ipv6-tunnel-mode disable
|
|
set web-mode enable
|
|
set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
|
|
set limit-user-logins disable
|
|
set forticlient-download enable
|
|
set ip-mode range
|
|
set auto-connect disable
|
|
set keep-alive disable
|
|
set save-password disable
|
|
set ip-pools "SSL_VPN_Range"
|
|
set split-tunneling enable
|
|
set split-tunneling-routing-negate disable
|
|
set split-tunneling-routing-address "Internal_10.0.0.0_8"
|
|
set dns-server1 0.0.0.0
|
|
set dns-server2 0.0.0.0
|
|
set dns-suffix ''
|
|
set wins-server1 0.0.0.0
|
|
set wins-server2 0.0.0.0
|
|
set dhcp-ra-giaddr 0.0.0.0
|
|
set client-src-range disable
|
|
set landing-page-mode disable
|
|
set display-bookmark enable
|
|
set user-bookmark enable
|
|
set default-protocol web
|
|
set user-group-bookmark enable
|
|
config bookmark-group
|
|
edit "gui-bookmarks"
|
|
next
|
|
end
|
|
set display-connection-tools enable
|
|
set display-history disable
|
|
set focus-bookmark disable
|
|
set display-status disable
|
|
set rewrite-ip-uri-ui disable
|
|
set heading "SCSD_Hyperion_VPN_Portal"
|
|
set redir-url ''
|
|
set theme security-fabric
|
|
set smb-ntlmv1-auth disable
|
|
set smb-min-version smbv2
|
|
set smb-max-version smbv3
|
|
set use-sdwan disable
|
|
set clipboard enable
|
|
set default-window-width 1024
|
|
set default-window-height 768
|
|
set host-check none
|
|
set mac-addr-check disable
|
|
set os-check disable
|
|
set forticlient-download-method direct
|
|
set customize-forticlient-download-url enable
|
|
set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent"
|
|
set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent"
|
|
set hide-sso-credential enable
|
|
next
|
|
edit "Peoplesoft_Portal"
|
|
set tunnel-mode enable
|
|
set ipv6-tunnel-mode disable
|
|
set web-mode enable
|
|
set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
|
|
set limit-user-logins disable
|
|
set forticlient-download enable
|
|
set ip-mode range
|
|
set auto-connect disable
|
|
set keep-alive disable
|
|
set save-password disable
|
|
set ip-pools "SSL_VPN_Range"
|
|
set split-tunneling enable
|
|
set split-tunneling-routing-negate disable
|
|
set split-tunneling-routing-address "Internal_10.0.0.0_8"
|
|
set dns-server1 0.0.0.0
|
|
set dns-server2 0.0.0.0
|
|
set dns-suffix ''
|
|
set wins-server1 0.0.0.0
|
|
set wins-server2 0.0.0.0
|
|
set dhcp-ra-giaddr 0.0.0.0
|
|
set client-src-range disable
|
|
set landing-page-mode disable
|
|
set display-bookmark enable
|
|
set user-bookmark enable
|
|
set default-protocol web
|
|
set user-group-bookmark enable
|
|
config bookmark-group
|
|
edit "gui-bookmarks"
|
|
next
|
|
end
|
|
set display-connection-tools enable
|
|
set display-history disable
|
|
set focus-bookmark disable
|
|
set display-status disable
|
|
set rewrite-ip-uri-ui disable
|
|
set heading "SCSD_Peoplesoft_VPN_Portal"
|
|
set redir-url ''
|
|
set theme security-fabric
|
|
set smb-ntlmv1-auth disable
|
|
set smb-min-version smbv2
|
|
set smb-max-version smbv3
|
|
set use-sdwan disable
|
|
set clipboard enable
|
|
set default-window-width 1024
|
|
set default-window-height 768
|
|
set host-check none
|
|
set mac-addr-check disable
|
|
set os-check disable
|
|
set forticlient-download-method direct
|
|
set customize-forticlient-download-url enable
|
|
set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent"
|
|
set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent"
|
|
set hide-sso-credential enable
|
|
next
|
|
edit "WebCRD_Portal"
|
|
set tunnel-mode enable
|
|
set ipv6-tunnel-mode disable
|
|
set web-mode enable
|
|
set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
|
|
set limit-user-logins disable
|
|
set forticlient-download enable
|
|
set ip-mode range
|
|
set auto-connect disable
|
|
set keep-alive disable
|
|
set save-password disable
|
|
set ip-pools "SSL_VPN_Range"
|
|
set split-tunneling enable
|
|
set split-tunneling-routing-negate disable
|
|
set split-tunneling-routing-address "Internal_10.0.0.0_8"
|
|
set dns-server1 0.0.0.0
|
|
set dns-server2 0.0.0.0
|
|
set dns-suffix ''
|
|
set wins-server1 0.0.0.0
|
|
set wins-server2 0.0.0.0
|
|
set dhcp-ra-giaddr 0.0.0.0
|
|
set client-src-range disable
|
|
set landing-page-mode disable
|
|
set display-bookmark enable
|
|
set user-bookmark enable
|
|
set default-protocol web
|
|
set user-group-bookmark enable
|
|
config bookmark-group
|
|
edit "gui-bookmarks"
|
|
next
|
|
end
|
|
set display-connection-tools enable
|
|
set display-history disable
|
|
set focus-bookmark disable
|
|
set display-status disable
|
|
set rewrite-ip-uri-ui disable
|
|
set heading "SCSD_WebCRD_VPN_Portal"
|
|
set redir-url ''
|
|
set theme security-fabric
|
|
set smb-ntlmv1-auth disable
|
|
set smb-min-version smbv2
|
|
set smb-max-version smbv3
|
|
set use-sdwan disable
|
|
set clipboard enable
|
|
set default-window-width 1024
|
|
set default-window-height 768
|
|
set host-check none
|
|
set mac-addr-check disable
|
|
set os-check disable
|
|
set forticlient-download-method direct
|
|
set customize-forticlient-download-url enable
|
|
set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent"
|
|
set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent"
|
|
set hide-sso-credential enable
|
|
next
|
|
edit "Access411_Portal"
|
|
set tunnel-mode enable
|
|
set ipv6-tunnel-mode disable
|
|
set web-mode enable
|
|
set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
|
|
set limit-user-logins disable
|
|
set forticlient-download disable
|
|
set ip-mode range
|
|
set auto-connect disable
|
|
set keep-alive disable
|
|
set save-password disable
|
|
set ip-pools "SSL_VPN_Range"
|
|
set split-tunneling enable
|
|
set split-tunneling-routing-negate disable
|
|
set split-tunneling-routing-address "Internal_10.0.0.0_8"
|
|
set dns-server1 0.0.0.0
|
|
set dns-server2 0.0.0.0
|
|
set dns-suffix ''
|
|
set wins-server1 0.0.0.0
|
|
set wins-server2 0.0.0.0
|
|
set dhcp-ra-giaddr 0.0.0.0
|
|
set client-src-range disable
|
|
set landing-page-mode disable
|
|
set display-bookmark enable
|
|
set user-bookmark disable
|
|
set default-protocol web
|
|
set user-group-bookmark enable
|
|
config bookmark-group
|
|
edit "gui-bookmarks"
|
|
config bookmarks
|
|
edit "411app"
|
|
set apptype rdp
|
|
set description ''
|
|
set host "10.1.40.216"
|
|
set keyboard-layout en-us
|
|
set security any
|
|
set send-preconnection-id disable
|
|
set load-balancing-info ''
|
|
set restricted-admin disable
|
|
set port 3389
|
|
set color-depth 16
|
|
set sso auto
|
|
set sso-credential sslvpn-login
|
|
set sso-credential-sent-once disable
|
|
set width 0
|
|
set height 0
|
|
next
|
|
edit "411sql"
|
|
set apptype rdp
|
|
set description ''
|
|
set host "10.1.40.225"
|
|
set keyboard-layout en-us
|
|
set security any
|
|
set send-preconnection-id disable
|
|
set load-balancing-info ''
|
|
set restricted-admin disable
|
|
set port 3389
|
|
set color-depth 16
|
|
set sso auto
|
|
set sso-credential sslvpn-login
|
|
set sso-credential-sent-once disable
|
|
set width 0
|
|
set height 0
|
|
next
|
|
edit "411app HomePage"
|
|
set apptype web
|
|
set description ''
|
|
set url "https://411app.scsd.us"
|
|
set sso disable
|
|
next
|
|
end
|
|
next
|
|
end
|
|
set display-connection-tools disable
|
|
set display-history disable
|
|
set focus-bookmark disable
|
|
set display-status disable
|
|
set rewrite-ip-uri-ui disable
|
|
set heading "SCSD Access411 VPN Portal"
|
|
set redir-url ''
|
|
set theme security-fabric
|
|
set smb-ntlmv1-auth disable
|
|
set smb-min-version smbv2
|
|
set smb-max-version smbv3
|
|
set use-sdwan disable
|
|
set clipboard enable
|
|
set default-window-width 1024
|
|
set default-window-height 768
|
|
set host-check none
|
|
set mac-addr-check disable
|
|
set os-check disable
|
|
set forticlient-download-method direct
|
|
set hide-sso-credential enable
|
|
next
|
|
edit "DocHolliday_Portal"
|
|
set tunnel-mode enable
|
|
set ipv6-tunnel-mode disable
|
|
set web-mode enable
|
|
set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
|
|
set limit-user-logins disable
|
|
set forticlient-download enable
|
|
set ip-mode range
|
|
set auto-connect disable
|
|
set keep-alive disable
|
|
set save-password disable
|
|
set ip-pools "SSL_VPN_Range"
|
|
set split-tunneling enable
|
|
set split-tunneling-routing-negate disable
|
|
set split-tunneling-routing-address "Internal_10.0.0.0_8"
|
|
set dns-server1 0.0.0.0
|
|
set dns-server2 0.0.0.0
|
|
set dns-suffix ''
|
|
set wins-server1 0.0.0.0
|
|
set wins-server2 0.0.0.0
|
|
set dhcp-ra-giaddr 0.0.0.0
|
|
set client-src-range disable
|
|
set landing-page-mode disable
|
|
set display-bookmark enable
|
|
set user-bookmark enable
|
|
set default-protocol web
|
|
set user-group-bookmark enable
|
|
config bookmark-group
|
|
edit "gui-bookmarks"
|
|
next
|
|
end
|
|
set display-connection-tools enable
|
|
set display-history disable
|
|
set focus-bookmark disable
|
|
set display-status disable
|
|
set rewrite-ip-uri-ui disable
|
|
set heading "SCSD DocHolliday Portal"
|
|
set redir-url ''
|
|
set theme security-fabric
|
|
set smb-ntlmv1-auth disable
|
|
set smb-min-version smbv2
|
|
set smb-max-version smbv3
|
|
set use-sdwan disable
|
|
set clipboard enable
|
|
set default-window-width 1024
|
|
set default-window-height 768
|
|
set host-check none
|
|
set mac-addr-check disable
|
|
set os-check disable
|
|
set forticlient-download-method direct
|
|
set customize-forticlient-download-url enable
|
|
set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent"
|
|
set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent"
|
|
set hide-sso-credential enable
|
|
next
|
|
edit "AccessControl_Portal"
|
|
set tunnel-mode enable
|
|
set ipv6-tunnel-mode disable
|
|
set web-mode enable
|
|
set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
|
|
set limit-user-logins disable
|
|
set forticlient-download enable
|
|
set ip-mode range
|
|
set auto-connect disable
|
|
set keep-alive disable
|
|
set save-password disable
|
|
set ip-pools "SSL_VPN_Range"
|
|
set split-tunneling enable
|
|
set split-tunneling-routing-negate disable
|
|
set split-tunneling-routing-address "Internal_10.0.0.0_8"
|
|
set dns-server1 0.0.0.0
|
|
set dns-server2 0.0.0.0
|
|
set dns-suffix ''
|
|
set wins-server1 0.0.0.0
|
|
set wins-server2 0.0.0.0
|
|
set dhcp-ra-giaddr 0.0.0.0
|
|
set client-src-range disable
|
|
set landing-page-mode disable
|
|
set display-bookmark enable
|
|
set user-bookmark enable
|
|
set default-protocol web
|
|
set user-group-bookmark enable
|
|
config bookmark-group
|
|
edit "gui-bookmarks"
|
|
next
|
|
end
|
|
set display-connection-tools enable
|
|
set display-history disable
|
|
set focus-bookmark disable
|
|
set display-status disable
|
|
set rewrite-ip-uri-ui disable
|
|
set heading "SCSD Access Control VPN Portal"
|
|
set redir-url ''
|
|
set theme security-fabric
|
|
set smb-ntlmv1-auth disable
|
|
set smb-min-version smbv2
|
|
set smb-max-version smbv3
|
|
set use-sdwan disable
|
|
set clipboard enable
|
|
set default-window-width 1024
|
|
set default-window-height 768
|
|
set host-check none
|
|
set mac-addr-check disable
|
|
set os-check disable
|
|
set forticlient-download-method direct
|
|
set customize-forticlient-download-url enable
|
|
set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent"
|
|
set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent"
|
|
set hide-sso-credential enable
|
|
next
|
|
edit "Auditor_Portal"
|
|
set tunnel-mode enable
|
|
set ipv6-tunnel-mode disable
|
|
set web-mode enable
|
|
set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
|
|
set limit-user-logins disable
|
|
set forticlient-download disable
|
|
set ip-mode range
|
|
set auto-connect disable
|
|
set keep-alive disable
|
|
set save-password disable
|
|
set ip-pools "SSL_VPN_Range"
|
|
set split-tunneling enable
|
|
set split-tunneling-routing-negate disable
|
|
set split-tunneling-routing-address "Internal_10.0.0.0_8"
|
|
set dns-server1 0.0.0.0
|
|
set dns-server2 0.0.0.0
|
|
set dns-suffix ''
|
|
set wins-server1 0.0.0.0
|
|
set wins-server2 0.0.0.0
|
|
set dhcp-ra-giaddr 0.0.0.0
|
|
set client-src-range disable
|
|
set landing-page-mode disable
|
|
set display-bookmark enable
|
|
set user-bookmark enable
|
|
set default-protocol web
|
|
set user-group-bookmark enable
|
|
config bookmark-group
|
|
edit "gui-bookmarks"
|
|
config bookmarks
|
|
edit "Finance"
|
|
set apptype web
|
|
set description ''
|
|
set url "http://psprdfin.scsd.ad/psp/FPRD/"
|
|
set sso disable
|
|
next
|
|
edit "HR"
|
|
set apptype web
|
|
set description ''
|
|
set url "http://psprdhcm.scsd.ad/psp/HPRD"
|
|
set sso disable
|
|
next
|
|
end
|
|
next
|
|
end
|
|
set display-connection-tools enable
|
|
set display-history enable
|
|
set focus-bookmark disable
|
|
set display-status enable
|
|
set rewrite-ip-uri-ui disable
|
|
set heading "SSL-VPN Portal"
|
|
set redir-url ''
|
|
set theme security-fabric
|
|
set smb-ntlmv1-auth disable
|
|
set smb-min-version smbv2
|
|
set smb-max-version smbv3
|
|
set use-sdwan disable
|
|
set clipboard disable
|
|
set default-window-width 1024
|
|
set default-window-height 768
|
|
set host-check none
|
|
set mac-addr-check disable
|
|
set os-check disable
|
|
set forticlient-download-method direct
|
|
set hide-sso-credential enable
|
|
next
|
|
edit "Azure_Test_Portal"
|
|
set tunnel-mode enable
|
|
set ipv6-tunnel-mode disable
|
|
set web-mode enable
|
|
set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
|
|
set limit-user-logins disable
|
|
set forticlient-download enable
|
|
set ip-mode range
|
|
set auto-connect disable
|
|
set keep-alive disable
|
|
set save-password disable
|
|
set ip-pools "SSL_VPN_Range"
|
|
set split-tunneling enable
|
|
set split-tunneling-routing-negate disable
|
|
set split-tunneling-routing-address "Internal_10.0.0.0_8" "IPv4-Private-All-RFC1918"
|
|
set dns-server1 0.0.0.0
|
|
set dns-server2 0.0.0.0
|
|
set dns-suffix ''
|
|
set wins-server1 0.0.0.0
|
|
set wins-server2 0.0.0.0
|
|
set dhcp-ra-giaddr 0.0.0.0
|
|
set client-src-range disable
|
|
set landing-page-mode disable
|
|
set display-bookmark enable
|
|
set user-bookmark enable
|
|
set default-protocol web
|
|
set user-group-bookmark enable
|
|
config bookmark-group
|
|
edit "gui-bookmarks"
|
|
next
|
|
end
|
|
set display-connection-tools enable
|
|
set display-history enable
|
|
set focus-bookmark disable
|
|
set display-status enable
|
|
set rewrite-ip-uri-ui disable
|
|
set heading "Azure-VPN Portal"
|
|
set redir-url ''
|
|
set theme security-fabric
|
|
set smb-ntlmv1-auth disable
|
|
set smb-min-version smbv2
|
|
set smb-max-version smbv3
|
|
set use-sdwan disable
|
|
set clipboard enable
|
|
set default-window-width 1024
|
|
set default-window-height 768
|
|
set host-check none
|
|
set mac-addr-check disable
|
|
set os-check disable
|
|
set forticlient-download-method direct
|
|
set customize-forticlient-download-url disable
|
|
set hide-sso-credential enable
|
|
next
|
|
edit "SCSD_USER_PORTAL"
|
|
set tunnel-mode enable
|
|
set ipv6-tunnel-mode disable
|
|
set web-mode enable
|
|
set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
|
|
set limit-user-logins disable
|
|
set forticlient-download disable
|
|
set ip-mode range
|
|
set auto-connect disable
|
|
set keep-alive disable
|
|
set save-password disable
|
|
set ip-pools "SSL_VPN_Range"
|
|
set split-tunneling enable
|
|
set split-tunneling-routing-negate disable
|
|
set split-tunneling-routing-address "Internal_10.0.0.0_8" "IPv4-Private-All-RFC1918"
|
|
set dns-server1 0.0.0.0
|
|
set dns-server2 0.0.0.0
|
|
set dns-suffix ''
|
|
set wins-server1 0.0.0.0
|
|
set wins-server2 0.0.0.0
|
|
set dhcp-ra-giaddr 0.0.0.0
|
|
set client-src-range disable
|
|
set landing-page-mode disable
|
|
set display-bookmark enable
|
|
set user-bookmark enable
|
|
set default-protocol web
|
|
set user-group-bookmark enable
|
|
config bookmark-group
|
|
edit "gui-bookmarks"
|
|
next
|
|
end
|
|
set display-connection-tools enable
|
|
set display-history enable
|
|
set focus-bookmark disable
|
|
set display-status enable
|
|
set rewrite-ip-uri-ui disable
|
|
set heading "SCSD-USER-PORTAL"
|
|
set redir-url ''
|
|
set theme security-fabric
|
|
set smb-ntlmv1-auth disable
|
|
set smb-min-version smbv2
|
|
set smb-max-version smbv3
|
|
set use-sdwan disable
|
|
set clipboard enable
|
|
set default-window-width 1024
|
|
set default-window-height 768
|
|
set host-check none
|
|
set mac-addr-check disable
|
|
set os-check disable
|
|
set forticlient-download-method direct
|
|
set hide-sso-credential enable
|
|
next
|
|
end
|
|
config vpn ssl settings
|
|
set status enable
|
|
set reqclientcert disable
|
|
set ssl-max-proto-ver tls1-3
|
|
set ssl-min-proto-ver tls1-2
|
|
set banned-cipher SHA1 SHA256 SHA384
|
|
set ciphersuite TLS-AES-128-GCM-SHA256 TLS-AES-256-GCM-SHA384 TLS-CHACHA20-POLY1305-SHA256
|
|
set ssl-insert-empty-fragment enable
|
|
set https-redirect disable
|
|
set x-content-type-options enable
|
|
set ssl-client-renegotiation disable
|
|
set force-two-factor-auth disable
|
|
set servercert "StarCert-Expire03202026"
|
|
set algorithm high
|
|
set idle-timeout 3600
|
|
set auth-timeout 36000
|
|
set login-attempt-limit 2
|
|
set login-block-time 60
|
|
set login-timeout 180
|
|
set tunnel-ip-pools "SSL_VPN_Range"
|
|
set dns-suffix ''
|
|
set dns-server1 10.1.40.10
|
|
set dns-server2 10.21.48.10
|
|
set wins-server1 0.0.0.0
|
|
set wins-server2 0.0.0.0
|
|
set ipv6-dns-server1 ::
|
|
set ipv6-dns-server2 ::
|
|
set ipv6-wins-server1 ::
|
|
set ipv6-wins-server2 ::
|
|
set url-obscuration disable
|
|
set http-compression disable
|
|
set http-only-cookie enable
|
|
set port 10443
|
|
set port-precedence enable
|
|
set auto-tunnel-static-route enable
|
|
set header-x-forwarded-for add
|
|
set source-interface "outside"
|
|
set source-address "all"
|
|
set source-address-negate disable
|
|
set source-address6 "all"
|
|
set source-address6-negate disable
|
|
set default-portal "tunnel-access"
|
|
config authentication-rule
|
|
edit 1
|
|
set groups "SSL_VPN_Full_Access"
|
|
set portal "SCSD_VPN_FULL_Portal"
|
|
set realm ''
|
|
set client-cert disable
|
|
set cipher high
|
|
set auth any
|
|
next
|
|
edit 2
|
|
set groups "VPN_SchoolTool_Group"
|
|
set portal "SchoolTool_Portal"
|
|
set realm ''
|
|
set client-cert disable
|
|
set cipher high
|
|
set auth any
|
|
next
|
|
edit 4
|
|
set groups "VPN_Web_Servers_Group"
|
|
set portal "Website_Server_Portal"
|
|
set realm ''
|
|
set client-cert disable
|
|
set cipher high
|
|
set auth any
|
|
next
|
|
edit 5
|
|
set groups "VPN_DayAuto_Group"
|
|
set portal "DayAutomation_Portal"
|
|
set realm ''
|
|
set client-cert disable
|
|
set cipher high
|
|
set auth any
|
|
next
|
|
edit 6
|
|
set groups "VPN_Security_Group"
|
|
set portal "Security_Portal"
|
|
set realm ''
|
|
set client-cert disable
|
|
set cipher high
|
|
set auth any
|
|
next
|
|
edit 7
|
|
set groups "VPN_Hyperion_Group"
|
|
set portal "Hyperion_Portal"
|
|
set realm ''
|
|
set client-cert disable
|
|
set cipher high
|
|
set auth any
|
|
next
|
|
edit 8
|
|
set groups "VPN_Peoplesoft_Group"
|
|
set portal "Peoplesoft_Portal"
|
|
set realm ''
|
|
set client-cert disable
|
|
set cipher high
|
|
set auth any
|
|
next
|
|
edit 9
|
|
set groups "VPN_WebCRD_Group"
|
|
set portal "WebCRD_Portal"
|
|
set realm ''
|
|
set client-cert disable
|
|
set cipher high
|
|
set auth any
|
|
next
|
|
edit 10
|
|
set groups "VPN_Access411_Group"
|
|
set portal "Access411_Portal"
|
|
set realm ''
|
|
set client-cert disable
|
|
set cipher high
|
|
set auth any
|
|
next
|
|
edit 11
|
|
set groups "VPN_DocHolliday_Group"
|
|
set portal "DocHolliday_Portal"
|
|
set realm ''
|
|
set client-cert disable
|
|
set cipher high
|
|
set auth any
|
|
next
|
|
edit 12
|
|
set groups "VPN_Access_Control_Group"
|
|
set portal "AccessControl_Portal"
|
|
set realm ''
|
|
set client-cert disable
|
|
set cipher high
|
|
set auth any
|
|
next
|
|
edit 13
|
|
set groups "VPN_Auditor_Group"
|
|
set portal "Auditor_Portal"
|
|
set realm ''
|
|
set client-cert disable
|
|
set cipher high
|
|
set auth any
|
|
next
|
|
edit 14
|
|
set groups "FortiGateAccess"
|
|
set portal "Azure_Test_Portal"
|
|
set realm ''
|
|
set client-cert disable
|
|
set cipher high
|
|
set auth any
|
|
next
|
|
edit 15
|
|
set groups "SSL_VPN_SCSD_USER"
|
|
set portal "SCSD_USER_PORTAL"
|
|
set realm ''
|
|
set client-cert disable
|
|
set cipher high
|
|
set auth any
|
|
next
|
|
edit 16
|
|
set groups "SSL_VPN_SCSD_USER2"
|
|
set portal "SCSD_USER_PORTAL"
|
|
set realm ''
|
|
set client-cert disable
|
|
set cipher high
|
|
set auth any
|
|
next
|
|
end
|
|
set browser-language-detection enable
|
|
set dtls-tunnel enable
|
|
set check-referer disable
|
|
set http-request-header-timeout 60
|
|
set http-request-body-timeout 60
|
|
set auth-session-check-source-ip enable
|
|
set tunnel-connect-without-reauth disable
|
|
set hsts-include-subdomains disable
|
|
set transform-backward-slashes disable
|
|
set encode-2f-sequence disable
|
|
set encrypt-and-store-password disable
|
|
set client-sigalgs all
|
|
set dual-stack-mode disable
|
|
set tunnel-addr-assigned-method first-available
|
|
set saml-redirect-port 8020
|
|
set ztna-trusted-client disable
|
|
set server-hostname ''
|
|
set dtls-hello-timeout 10
|
|
set dtls-heartbeat-idle-timeout 3
|
|
set dtls-heartbeat-interval 3
|
|
set dtls-heartbeat-fail-count 3
|
|
set dtls-max-proto-ver dtls1-2
|
|
set dtls-min-proto-ver dtls1-0
|
|
end
|
|
config vpn ssl web user-group-bookmark
|
|
end
|
|
config vpn ssl web user-bookmark
|
|
edit "vpn_user1#SSL_VPN_Full_Access"
|
|
set custom-lang ''
|
|
next
|
|
edit "tmarri81#SSL_VPN_Full_Access"
|
|
set custom-lang ''
|
|
config bookmarks
|
|
edit "TimMac_FTP"
|
|
set apptype ftp
|
|
set description ''
|
|
set folder "10.1.7.110"
|
|
set sso disable
|
|
next
|
|
edit "My_PC"
|
|
set apptype rdp
|
|
set description ''
|
|
set host "10.1.7.137"
|
|
set keyboard-layout en-us
|
|
set security any
|
|
set send-preconnection-id disable
|
|
set load-balancing-info ''
|
|
set restricted-admin disable
|
|
set port 3389
|
|
set color-depth 16
|
|
set sso auto
|
|
set sso-credential sslvpn-login
|
|
set sso-credential-sent-once disable
|
|
set width 0
|
|
set height 0
|
|
next
|
|
edit "My Mac"
|
|
set apptype vnc
|
|
set description ''
|
|
set host "10.1.7.110"
|
|
set port 5900
|
|
set logon-user "tmarris"
|
|
set logon-password ENC I9f4Fy9ILqkphH3wXbw59T9ZpXyc0o1PcCjjErtvp8DVZ+3BoGMpNrqW+TtI5BYPknuRZ+niT/xSffHg1vkkaaZZkLbX8FdCaY3CnyQuw2jOa0C+BvHtr0bsfAND3y+UBSWHBuECh3hAQ51SNiSKCpLFVyy82fD9Vml/SAlUDZvwrEEZeV5t+JnnOnvqrqxwfENzMFlmMjY3dkVA
|
|
set color-depth 16
|
|
set vnc-keyboard-layout default
|
|
next
|
|
end
|
|
next
|
|
edit "tmarri81.admin#VPN_SchoolTool_Group"
|
|
set custom-lang ''
|
|
next
|
|
edit "dteacher#VPN_PrintServer_Group"
|
|
set custom-lang ''
|
|
next
|
|
edit "gdaniels.admin#VPN_PrintServer_Group"
|
|
set custom-lang ''
|
|
next
|
|
edit "gdaniels#SSL_VPN_Full_Access"
|
|
set custom-lang ''
|
|
next
|
|
edit "tmarri81.admin#SSL_VPN_Full_Access"
|
|
set custom-lang ''
|
|
config bookmarks
|
|
edit "MrRobot_FTP"
|
|
set apptype ftp
|
|
set description ''
|
|
set folder "10.1.40.101"
|
|
set sso auto
|
|
set sso-credential sslvpn-login
|
|
set sso-credential-sent-once disable
|
|
next
|
|
edit "Obiwan_RDP"
|
|
set apptype rdp
|
|
set description ''
|
|
set host "10.1.48.202"
|
|
set keyboard-layout en-us
|
|
set security any
|
|
set send-preconnection-id disable
|
|
set load-balancing-info ''
|
|
set restricted-admin disable
|
|
set port 3389
|
|
set color-depth 16
|
|
set sso auto
|
|
set sso-credential sslvpn-login
|
|
set sso-credential-sent-once disable
|
|
set width 0
|
|
set height 0
|
|
next
|
|
end
|
|
next
|
|
edit "tmarri81.la#SSL_VPN_Full_Access"
|
|
set custom-lang ''
|
|
config bookmarks
|
|
edit "MrRobot_FTP"
|
|
set apptype ftp
|
|
set description ''
|
|
set folder "10.1.40.101"
|
|
set sso auto
|
|
set sso-credential sslvpn-login
|
|
set sso-credential-sent-once disable
|
|
next
|
|
end
|
|
next
|
|
edit "hrice.oa#SSL_VPN_Full_Access"
|
|
set custom-lang ''
|
|
next
|
|
edit "tmarri81#VPN_Security_Group"
|
|
set custom-lang ''
|
|
next
|
|
edit "timoon67#SSL_VPN_Full_Access"
|
|
set custom-lang ''
|
|
next
|
|
edit "tmarri81.la#VPN_Hyperion_Group"
|
|
set custom-lang ''
|
|
next
|
|
edit "tmarri81.la#VPN_Peoplesoft_Group"
|
|
set custom-lang ''
|
|
next
|
|
edit "tmarri81.la#VPN_WebCRD_Group"
|
|
set custom-lang ''
|
|
next
|
|
edit "webcrdsupport#VPN_WebCRD_Group"
|
|
set custom-lang ''
|
|
next
|
|
edit "tmarri81.la#VPN_DocHolliday_Group"
|
|
set custom-lang ''
|
|
next
|
|
edit "mnichols.oa#VPN_DayAuto_Group"
|
|
set custom-lang ''
|
|
next
|
|
edit "ddunn.oa#VPN_DayAuto_Group"
|
|
set custom-lang ''
|
|
next
|
|
edit "jgriffin.oa#VPN_DayAuto_Group"
|
|
set custom-lang ''
|
|
next
|
|
edit "swalts49#SSL_VPN_Full_Access"
|
|
set custom-lang ''
|
|
next
|
|
edit "Bstrohm_admin#SSL_VPN_Full_Access"
|
|
set custom-lang ''
|
|
next
|
|
edit "jgumpert#VPN_Peoplesoft_Group"
|
|
set custom-lang ''
|
|
next
|
|
edit "gedelstein#VPN_DayAuto_Group"
|
|
set custom-lang ''
|
|
next
|
|
edit "tmarri81.la#VPN_DayAuto_Group"
|
|
set custom-lang ''
|
|
next
|
|
edit "wlakie.oa#VPN_DayAuto_Group"
|
|
set custom-lang ''
|
|
next
|
|
edit "Katapult.oa#VPN_DocHolliday_Group"
|
|
set custom-lang ''
|
|
next
|
|
edit "aolEVA60#SSL_VPN_Full_Access"
|
|
set custom-lang ''
|
|
next
|
|
edit "aoleva60#SSL_VPN_Full_Access"
|
|
set custom-lang ''
|
|
next
|
|
edit "hebuck02#SSL_VPN_Full_Access"
|
|
set custom-lang ''
|
|
next
|
|
edit "kcampion.oa#VPN_DayAuto_Group"
|
|
set custom-lang ''
|
|
next
|
|
edit "jchapman.oa#VPN_Hyperion_Group"
|
|
set custom-lang ''
|
|
next
|
|
edit "btrzaskos.oa#VPN_DayAuto_Group"
|
|
set custom-lang ''
|
|
next
|
|
edit "ysun.oa#VPN_Hyperion_Group"
|
|
set custom-lang ''
|
|
next
|
|
edit "sreddy.OA#VPN_Hyperion_Group"
|
|
set custom-lang ''
|
|
next
|
|
edit "bstrohm_admin#SSL_VPN_Full_Access"
|
|
set custom-lang ''
|
|
next
|
|
edit "navd.oa#VPN_Peoplesoft_Group"
|
|
set custom-lang ''
|
|
config bookmarks
|
|
edit "SCSD PS DEV"
|
|
set apptype web
|
|
set description ''
|
|
set url "http://psdevhcm.scsd.ad/psp/HDEV/?cmd=login&languageCd=ENG&"
|
|
set sso disable
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config vpn ssl client
|
|
end
|
|
config voip profile
|
|
edit "default"
|
|
set comment "Default VoIP profile."
|
|
config sip
|
|
set status enable
|
|
set rtp enable
|
|
set nat-port-range 5117-65533
|
|
set open-register-pinhole enable
|
|
set open-contact-pinhole enable
|
|
set strict-register enable
|
|
set register-rate 0
|
|
set invite-rate 0
|
|
set max-dialogs 0
|
|
set max-line-length 998
|
|
set block-long-lines enable
|
|
set block-unknown enable
|
|
set call-keepalive 0
|
|
set block-ack disable
|
|
set block-bye disable
|
|
set block-cancel disable
|
|
set block-info disable
|
|
set block-invite disable
|
|
set block-message disable
|
|
set block-notify disable
|
|
set block-options disable
|
|
set block-prack disable
|
|
set block-publish disable
|
|
set block-refer disable
|
|
set block-register disable
|
|
set block-subscribe disable
|
|
set block-update disable
|
|
set register-contact-trace disable
|
|
set open-via-pinhole disable
|
|
set open-record-route-pinhole enable
|
|
set rfc2543-branch disable
|
|
set log-violations disable
|
|
set log-call-summary enable
|
|
set nat-trace enable
|
|
set subscribe-rate 0
|
|
set message-rate 0
|
|
set notify-rate 0
|
|
set refer-rate 0
|
|
set update-rate 0
|
|
set options-rate 0
|
|
set ack-rate 0
|
|
set prack-rate 0
|
|
set info-rate 0
|
|
set publish-rate 0
|
|
set bye-rate 0
|
|
set cancel-rate 0
|
|
set preserve-override disable
|
|
set no-sdp-fixup disable
|
|
set contact-fixup enable
|
|
set max-idle-dialogs 0
|
|
set block-geo-red-options disable
|
|
set hosted-nat-traversal disable
|
|
set hnt-restrict-source-ip disable
|
|
set max-body-length 0
|
|
set unknown-header pass
|
|
set malformed-request-line pass
|
|
set malformed-header-via pass
|
|
set malformed-header-from pass
|
|
set malformed-header-to pass
|
|
set malformed-header-call-id pass
|
|
set malformed-header-cseq pass
|
|
set malformed-header-rack pass
|
|
set malformed-header-rseq pass
|
|
set malformed-header-contact pass
|
|
set malformed-header-record-route pass
|
|
set malformed-header-route pass
|
|
set malformed-header-expires pass
|
|
set malformed-header-content-type pass
|
|
set malformed-header-content-length pass
|
|
set malformed-header-max-forwards pass
|
|
set malformed-header-allow pass
|
|
set malformed-header-p-asserted-identity pass
|
|
set malformed-header-sdp-v pass
|
|
set malformed-header-sdp-o pass
|
|
set malformed-header-sdp-s pass
|
|
set malformed-header-sdp-i pass
|
|
set malformed-header-sdp-c pass
|
|
set malformed-header-sdp-b pass
|
|
set malformed-header-sdp-z pass
|
|
set malformed-header-sdp-k pass
|
|
set malformed-header-sdp-a pass
|
|
set malformed-header-sdp-t pass
|
|
set malformed-header-sdp-r pass
|
|
set malformed-header-sdp-m pass
|
|
set provisional-invite-expiry-time 210
|
|
set ips-rtp enable
|
|
set ssl-mode off
|
|
end
|
|
config sccp
|
|
set status enable
|
|
set block-mcast disable
|
|
set verify-header disable
|
|
set log-call-summary disable
|
|
set log-violations disable
|
|
set max-calls 0
|
|
end
|
|
next
|
|
edit "strict"
|
|
set feature-set voipd
|
|
set comment ''
|
|
config sip
|
|
set status enable
|
|
set rtp enable
|
|
set nat-port-range 5117-65533
|
|
set open-register-pinhole enable
|
|
set open-contact-pinhole enable
|
|
set strict-register enable
|
|
set register-rate 0
|
|
set invite-rate 0
|
|
set max-dialogs 0
|
|
set max-line-length 998
|
|
set block-long-lines enable
|
|
set block-unknown enable
|
|
set call-keepalive 0
|
|
set block-ack disable
|
|
set block-bye disable
|
|
set block-cancel disable
|
|
set block-info disable
|
|
set block-invite disable
|
|
set block-message disable
|
|
set block-notify disable
|
|
set block-options disable
|
|
set block-prack disable
|
|
set block-publish disable
|
|
set block-refer disable
|
|
set block-register disable
|
|
set block-subscribe disable
|
|
set block-update disable
|
|
set register-contact-trace disable
|
|
set open-via-pinhole disable
|
|
set open-record-route-pinhole enable
|
|
set rfc2543-branch disable
|
|
set log-violations disable
|
|
set log-call-summary enable
|
|
set nat-trace enable
|
|
set subscribe-rate 0
|
|
set message-rate 0
|
|
set notify-rate 0
|
|
set refer-rate 0
|
|
set update-rate 0
|
|
set options-rate 0
|
|
set ack-rate 0
|
|
set prack-rate 0
|
|
set info-rate 0
|
|
set publish-rate 0
|
|
set bye-rate 0
|
|
set cancel-rate 0
|
|
set preserve-override disable
|
|
set no-sdp-fixup disable
|
|
set contact-fixup enable
|
|
set max-idle-dialogs 0
|
|
set block-geo-red-options disable
|
|
set hosted-nat-traversal disable
|
|
set hnt-restrict-source-ip disable
|
|
set max-body-length 0
|
|
set unknown-header pass
|
|
set malformed-request-line discard
|
|
set malformed-header-via discard
|
|
set malformed-header-from discard
|
|
set malformed-header-to discard
|
|
set malformed-header-call-id discard
|
|
set malformed-header-cseq discard
|
|
set malformed-header-rack discard
|
|
set malformed-header-rseq discard
|
|
set malformed-header-contact discard
|
|
set malformed-header-record-route discard
|
|
set malformed-header-route discard
|
|
set malformed-header-expires discard
|
|
set malformed-header-content-type discard
|
|
set malformed-header-content-length discard
|
|
set malformed-header-max-forwards discard
|
|
set malformed-header-allow discard
|
|
set malformed-header-p-asserted-identity discard
|
|
set malformed-header-sdp-v discard
|
|
set malformed-header-sdp-o discard
|
|
set malformed-header-sdp-s discard
|
|
set malformed-header-sdp-i discard
|
|
set malformed-header-sdp-c discard
|
|
set malformed-header-sdp-b discard
|
|
set malformed-header-sdp-z discard
|
|
set malformed-header-sdp-k discard
|
|
set malformed-header-sdp-a discard
|
|
set malformed-header-sdp-t discard
|
|
set malformed-header-sdp-r discard
|
|
set malformed-header-sdp-m discard
|
|
set provisional-invite-expiry-time 210
|
|
set ips-rtp enable
|
|
set ssl-mode off
|
|
end
|
|
config sccp
|
|
set status enable
|
|
set block-mcast disable
|
|
set verify-header disable
|
|
set log-call-summary disable
|
|
set log-violations disable
|
|
set max-calls 0
|
|
end
|
|
next
|
|
edit "parks_sip"
|
|
set feature-set voipd
|
|
set comment "VoIP Profile for Parks SIP"
|
|
config sip
|
|
set status enable
|
|
set rtp enable
|
|
set nat-port-range 5117-65533
|
|
set open-register-pinhole enable
|
|
set open-contact-pinhole enable
|
|
set strict-register enable
|
|
set register-rate 0
|
|
set invite-rate 0
|
|
set max-dialogs 0
|
|
set max-line-length 998
|
|
set block-long-lines enable
|
|
set block-unknown enable
|
|
set call-keepalive 0
|
|
set block-ack disable
|
|
set block-bye disable
|
|
set block-cancel disable
|
|
set block-info disable
|
|
set block-invite disable
|
|
set block-message disable
|
|
set block-notify disable
|
|
set block-options disable
|
|
set block-prack disable
|
|
set block-publish disable
|
|
set block-refer disable
|
|
set block-register disable
|
|
set block-subscribe disable
|
|
set block-update disable
|
|
set register-contact-trace disable
|
|
set open-via-pinhole disable
|
|
set open-record-route-pinhole enable
|
|
set rfc2543-branch disable
|
|
set log-violations disable
|
|
set log-call-summary enable
|
|
set nat-trace enable
|
|
set subscribe-rate 0
|
|
set message-rate 0
|
|
set notify-rate 0
|
|
set refer-rate 0
|
|
set update-rate 0
|
|
set options-rate 0
|
|
set ack-rate 0
|
|
set prack-rate 0
|
|
set info-rate 0
|
|
set publish-rate 0
|
|
set bye-rate 0
|
|
set cancel-rate 0
|
|
set preserve-override disable
|
|
set no-sdp-fixup disable
|
|
set contact-fixup enable
|
|
set max-idle-dialogs 0
|
|
set block-geo-red-options disable
|
|
set hosted-nat-traversal disable
|
|
set hnt-restrict-source-ip disable
|
|
set max-body-length 0
|
|
set unknown-header pass
|
|
set malformed-request-line pass
|
|
set malformed-header-via pass
|
|
set malformed-header-from pass
|
|
set malformed-header-to pass
|
|
set malformed-header-call-id pass
|
|
set malformed-header-cseq pass
|
|
set malformed-header-rack pass
|
|
set malformed-header-rseq pass
|
|
set malformed-header-contact pass
|
|
set malformed-header-record-route pass
|
|
set malformed-header-route pass
|
|
set malformed-header-expires pass
|
|
set malformed-header-content-type pass
|
|
set malformed-header-content-length pass
|
|
set malformed-header-max-forwards pass
|
|
set malformed-header-allow pass
|
|
set malformed-header-p-asserted-identity pass
|
|
set malformed-header-sdp-v pass
|
|
set malformed-header-sdp-o pass
|
|
set malformed-header-sdp-s pass
|
|
set malformed-header-sdp-i pass
|
|
set malformed-header-sdp-c pass
|
|
set malformed-header-sdp-b pass
|
|
set malformed-header-sdp-z pass
|
|
set malformed-header-sdp-k pass
|
|
set malformed-header-sdp-a pass
|
|
set malformed-header-sdp-t pass
|
|
set malformed-header-sdp-r pass
|
|
set malformed-header-sdp-m pass
|
|
set provisional-invite-expiry-time 210
|
|
set ips-rtp enable
|
|
set ssl-mode off
|
|
end
|
|
config sccp
|
|
set status enable
|
|
set block-mcast disable
|
|
set verify-header disable
|
|
set log-call-summary disable
|
|
set log-violations disable
|
|
set max-calls 0
|
|
end
|
|
next
|
|
end
|
|
config system sdwan
|
|
set status disable
|
|
set load-balance-mode source-ip-based
|
|
set speedtest-bypass-routing disable
|
|
set duplication-max-num 2
|
|
set neighbor-hold-down disable
|
|
set neighbor-hold-down-time 0
|
|
set app-perf-log-period 0
|
|
set neighbor-hold-boot-time 0
|
|
set fail-detect disable
|
|
config zone
|
|
edit "virtual-wan-link"
|
|
set advpn-select disable
|
|
set service-sla-tie-break cfg-order
|
|
set minimum-sla-meet-members 1
|
|
next
|
|
end
|
|
config health-check
|
|
edit "Default_DNS"
|
|
set probe-packets enable
|
|
set addr-mode ipv4
|
|
set system-dns enable
|
|
set detect-mode active
|
|
set ha-priority 1
|
|
set dns-request-domain "www.example.com"
|
|
set dns-match-ip 0.0.0.0
|
|
set interval 1000
|
|
set probe-timeout 1000
|
|
set failtime 5
|
|
set recoverytime 10
|
|
set probe-count 30
|
|
set diffservcode 000000
|
|
set update-cascade-interface enable
|
|
set update-static-route enable
|
|
set embed-measured-health disable
|
|
set sla-id-redistribute 0
|
|
set sla-fail-log-period 0
|
|
set sla-pass-log-period 0
|
|
set threshold-warning-packetloss 0
|
|
set threshold-alert-packetloss 0
|
|
set threshold-warning-latency 0
|
|
set threshold-alert-latency 0
|
|
set threshold-warning-jitter 0
|
|
set threshold-alert-jitter 0
|
|
set vrf 0
|
|
set source 0.0.0.0
|
|
set mos-codec g711
|
|
unset class-id
|
|
config sla
|
|
edit 1
|
|
set link-cost-factor latency jitter packet-loss
|
|
set latency-threshold 250
|
|
set jitter-threshold 50
|
|
set packetloss-threshold 5
|
|
set priority-in-sla 0
|
|
set priority-out-sla 0
|
|
next
|
|
end
|
|
next
|
|
edit "Default_Office_365"
|
|
set probe-packets enable
|
|
set addr-mode ipv4
|
|
set server "www.office.com"
|
|
set detect-mode active
|
|
set protocol https
|
|
set port 0
|
|
set ha-priority 1
|
|
set http-get "/"
|
|
set http-agent "Chrome/ Safari/"
|
|
set http-match ''
|
|
set interval 120000
|
|
set probe-timeout 1000
|
|
set failtime 5
|
|
set recoverytime 10
|
|
set probe-count 30
|
|
set diffservcode 000000
|
|
set update-cascade-interface enable
|
|
set update-static-route enable
|
|
set embed-measured-health disable
|
|
set sla-id-redistribute 0
|
|
set sla-fail-log-period 0
|
|
set sla-pass-log-period 0
|
|
set threshold-warning-packetloss 0
|
|
set threshold-alert-packetloss 0
|
|
set threshold-warning-latency 0
|
|
set threshold-alert-latency 0
|
|
set threshold-warning-jitter 0
|
|
set threshold-alert-jitter 0
|
|
set vrf 0
|
|
set source 0.0.0.0
|
|
set mos-codec g711
|
|
unset class-id
|
|
config sla
|
|
edit 1
|
|
set link-cost-factor latency jitter packet-loss
|
|
set latency-threshold 250
|
|
set jitter-threshold 50
|
|
set packetloss-threshold 5
|
|
set priority-in-sla 0
|
|
set priority-out-sla 0
|
|
next
|
|
end
|
|
next
|
|
edit "Default_Gmail"
|
|
set probe-packets enable
|
|
set addr-mode ipv4
|
|
set server "gmail.com"
|
|
set detect-mode active
|
|
set protocol ping
|
|
set ha-priority 1
|
|
set interval 1000
|
|
set probe-timeout 1000
|
|
set failtime 5
|
|
set recoverytime 10
|
|
set probe-count 30
|
|
set diffservcode 000000
|
|
set update-cascade-interface enable
|
|
set update-static-route enable
|
|
set embed-measured-health disable
|
|
set sla-id-redistribute 0
|
|
set sla-fail-log-period 0
|
|
set sla-pass-log-period 0
|
|
set threshold-warning-packetloss 0
|
|
set threshold-alert-packetloss 0
|
|
set threshold-warning-latency 0
|
|
set threshold-alert-latency 0
|
|
set threshold-warning-jitter 0
|
|
set threshold-alert-jitter 0
|
|
set vrf 0
|
|
set source 0.0.0.0
|
|
set mos-codec g711
|
|
unset class-id
|
|
config sla
|
|
edit 1
|
|
set link-cost-factor latency jitter packet-loss
|
|
set latency-threshold 250
|
|
set jitter-threshold 50
|
|
set packetloss-threshold 2
|
|
set priority-in-sla 0
|
|
set priority-out-sla 0
|
|
next
|
|
end
|
|
next
|
|
edit "Default_Google Search"
|
|
set probe-packets enable
|
|
set addr-mode ipv4
|
|
set server "www.google.com"
|
|
set detect-mode active
|
|
set protocol https
|
|
set port 0
|
|
set ha-priority 1
|
|
set http-get "/"
|
|
set http-agent "Chrome/ Safari/"
|
|
set http-match ''
|
|
set interval 120000
|
|
set probe-timeout 1000
|
|
set failtime 5
|
|
set recoverytime 10
|
|
set probe-count 30
|
|
set diffservcode 000000
|
|
set update-cascade-interface enable
|
|
set update-static-route enable
|
|
set embed-measured-health disable
|
|
set sla-id-redistribute 0
|
|
set sla-fail-log-period 0
|
|
set sla-pass-log-period 0
|
|
set threshold-warning-packetloss 0
|
|
set threshold-alert-packetloss 0
|
|
set threshold-warning-latency 0
|
|
set threshold-alert-latency 0
|
|
set threshold-warning-jitter 0
|
|
set threshold-alert-jitter 0
|
|
set vrf 0
|
|
set source 0.0.0.0
|
|
set mos-codec g711
|
|
unset class-id
|
|
config sla
|
|
edit 1
|
|
set link-cost-factor latency jitter packet-loss
|
|
set latency-threshold 250
|
|
set jitter-threshold 50
|
|
set packetloss-threshold 5
|
|
set priority-in-sla 0
|
|
set priority-out-sla 0
|
|
next
|
|
end
|
|
next
|
|
edit "Default_FortiGuard"
|
|
set probe-packets enable
|
|
set addr-mode ipv4
|
|
set server "fortiguard.com"
|
|
set detect-mode active
|
|
set protocol https
|
|
set port 0
|
|
set ha-priority 1
|
|
set http-get "/"
|
|
set http-agent "Chrome/ Safari/"
|
|
set http-match ''
|
|
set interval 120000
|
|
set probe-timeout 1000
|
|
set failtime 5
|
|
set recoverytime 10
|
|
set probe-count 30
|
|
set diffservcode 000000
|
|
set update-cascade-interface enable
|
|
set update-static-route enable
|
|
set embed-measured-health disable
|
|
set sla-id-redistribute 0
|
|
set sla-fail-log-period 0
|
|
set sla-pass-log-period 0
|
|
set threshold-warning-packetloss 0
|
|
set threshold-alert-packetloss 0
|
|
set threshold-warning-latency 0
|
|
set threshold-alert-latency 0
|
|
set threshold-warning-jitter 0
|
|
set threshold-alert-jitter 0
|
|
set vrf 0
|
|
set source 0.0.0.0
|
|
set mos-codec g711
|
|
unset class-id
|
|
config sla
|
|
edit 1
|
|
set link-cost-factor latency jitter packet-loss
|
|
set latency-threshold 250
|
|
set jitter-threshold 50
|
|
set packetloss-threshold 5
|
|
set priority-in-sla 0
|
|
set priority-out-sla 0
|
|
next
|
|
end
|
|
next
|
|
end
|
|
end
|
|
config vpn ipsec fec
|
|
end
|
|
config vpn kmip-server
|
|
end
|
|
config vpn ipsec phase1
|
|
end
|
|
config vpn ipsec phase2
|
|
end
|
|
config vpn ipsec manualkey
|
|
end
|
|
config vpn ipsec concentrator
|
|
end
|
|
config vpn ipsec phase1-interface
|
|
edit "SRIC_BOCES"
|
|
set type static
|
|
set interface "outside lag"
|
|
set ip-version 4
|
|
set ike-version 2
|
|
set local-gw 0.0.0.0
|
|
set keylife 86400
|
|
set authmethod psk
|
|
unset authmethod-remote
|
|
set peertype any
|
|
set monitor-min 0
|
|
set net-device disable
|
|
set passive-mode disable
|
|
set exchange-interface-ip disable
|
|
set aggregate-member disable
|
|
set packet-redistribution disable
|
|
set mode-cfg disable
|
|
set proposal aes256-sha256
|
|
set localid ''
|
|
set localid-type auto
|
|
set auto-negotiate enable
|
|
set negotiate-timeout 30
|
|
set fragmentation enable
|
|
set ip-fragmentation post-encapsulation
|
|
set dpd on-demand
|
|
set comments ''
|
|
set npu-offload enable
|
|
set dhgrp 14
|
|
set suite-b disable
|
|
set eap disable
|
|
set ppk disable
|
|
set wizard-type custom
|
|
set reauth disable
|
|
set idle-timeout disable
|
|
set ha-sync-esp-seqno enable
|
|
set fgsp-sync disable
|
|
set inbound-dscp-copy disable
|
|
set auto-discovery-sender disable
|
|
set auto-discovery-receiver disable
|
|
set auto-discovery-forwarder disable
|
|
set encapsulation none
|
|
set nattraversal disable
|
|
set esn disable
|
|
set fragmentation-mtu 1200
|
|
set childless-ike disable
|
|
set rekey enable
|
|
set fec-egress disable
|
|
set fec-ingress disable
|
|
set network-overlay disable
|
|
set dev-id-notification disable
|
|
set link-cost 0
|
|
set kms ''
|
|
set exchange-fgt-device-id disable
|
|
set ems-sn-check disable
|
|
set qkd disable
|
|
set qkd-profile ''
|
|
set transport udp
|
|
set remote-gw 170.161.52.25
|
|
set add-gw-route disable
|
|
set psksecret ENC d918+O2M8xrNIr44BT8GwN07n/DvUTOSqqzT1x952ugLZbviXIx/PSizNU8SyFPzeugkap0+n9dvkeQvTFM0oNjaz4jy/IOdK70WXmWwjbt+hQ11qUMa8cQPhFPm/LlM3SMiAdzMTQQeYs42JotVvBfRW4KGJnp+D2pD3Pg43Jv5epxcm8oMkuL0aKrli9IcGzOzgllmMjY3dkVA
|
|
set dpd-retrycount 3
|
|
set dpd-retryinterval 20
|
|
next
|
|
edit "vpn-042e9903"
|
|
set type static
|
|
set interface "outside lag"
|
|
set ip-version 4
|
|
set ike-version 2
|
|
set local-gw 198.36.24.5
|
|
set keylife 28800
|
|
set authmethod psk
|
|
unset authmethod-remote
|
|
set peertype any
|
|
set monitor-min 0
|
|
set net-device disable
|
|
set passive-mode disable
|
|
set exchange-interface-ip disable
|
|
set aggregate-member disable
|
|
set packet-redistribution disable
|
|
set mode-cfg disable
|
|
set proposal aes256-sha256
|
|
set localid ''
|
|
set localid-type auto
|
|
set auto-negotiate enable
|
|
set negotiate-timeout 30
|
|
set fragmentation enable
|
|
set ip-fragmentation post-encapsulation
|
|
set dpd on-demand
|
|
set comments ''
|
|
set npu-offload enable
|
|
set dhgrp 19
|
|
set suite-b disable
|
|
set eap disable
|
|
set ppk disable
|
|
set wizard-type custom
|
|
set reauth disable
|
|
set idle-timeout disable
|
|
set ha-sync-esp-seqno enable
|
|
set fgsp-sync disable
|
|
set inbound-dscp-copy disable
|
|
set auto-discovery-sender disable
|
|
set auto-discovery-receiver disable
|
|
set auto-discovery-forwarder disable
|
|
set encapsulation none
|
|
set nattraversal enable
|
|
set esn disable
|
|
set fragmentation-mtu 1200
|
|
set childless-ike disable
|
|
set rekey enable
|
|
set fec-egress disable
|
|
set fec-ingress disable
|
|
set network-overlay disable
|
|
set dev-id-notification disable
|
|
set link-cost 0
|
|
set kms ''
|
|
set exchange-fgt-device-id disable
|
|
set ems-sn-check disable
|
|
set qkd disable
|
|
set qkd-profile ''
|
|
set transport udp
|
|
set remote-gw 52.61.115.188
|
|
set add-gw-route disable
|
|
set psksecret ENC LRuvvChes2jHU2mBB6C9W5soXKTc2rFgvpTMS6qJ0APGFcnJZQNOp60YyENt2GvO4HZ+H1vlhIOVO3rtm91uHaJGHGSy0SIxjk4rowpB/HTT8oJeZSJ2Ews7FKw4Jvs2CBjr1QdEQ44S2FUP3dr2y5DXTYN5oBm+cjzbw4Kd6v6U1ORYdAZC4eKQ2oExNce5sRJeDVlmMjY3dkVA
|
|
set keepalive 10
|
|
set dpd-retrycount 3
|
|
set dpd-retryinterval 30
|
|
next
|
|
edit "SCHC"
|
|
set type static
|
|
set interface "outside lag"
|
|
set ip-version 4
|
|
set ike-version 2
|
|
set local-gw 0.0.0.0
|
|
set keylife 86400
|
|
set authmethod psk
|
|
unset authmethod-remote
|
|
set peertype any
|
|
set monitor-min 0
|
|
set net-device disable
|
|
set passive-mode disable
|
|
set exchange-interface-ip disable
|
|
set aggregate-member disable
|
|
set packet-redistribution disable
|
|
set mode-cfg disable
|
|
set proposal aes256-sha256
|
|
set localid ''
|
|
set localid-type auto
|
|
set auto-negotiate enable
|
|
set negotiate-timeout 30
|
|
set fragmentation enable
|
|
set ip-fragmentation post-encapsulation
|
|
set dpd on-demand
|
|
set comments ''
|
|
set npu-offload enable
|
|
set dhgrp 14 5
|
|
set suite-b disable
|
|
set eap disable
|
|
set ppk disable
|
|
set wizard-type custom
|
|
set reauth disable
|
|
set idle-timeout disable
|
|
set ha-sync-esp-seqno enable
|
|
set fgsp-sync disable
|
|
set inbound-dscp-copy disable
|
|
set auto-discovery-sender disable
|
|
set auto-discovery-receiver disable
|
|
set auto-discovery-forwarder disable
|
|
set encapsulation none
|
|
set nattraversal enable
|
|
set esn disable
|
|
set fragmentation-mtu 1200
|
|
set childless-ike disable
|
|
set rekey enable
|
|
set fec-egress disable
|
|
set fec-ingress disable
|
|
set network-overlay disable
|
|
set dev-id-notification disable
|
|
set link-cost 0
|
|
set kms ''
|
|
set exchange-fgt-device-id disable
|
|
set ems-sn-check disable
|
|
set qkd disable
|
|
set qkd-profile ''
|
|
set transport udp
|
|
set remote-gw 209.217.202.173
|
|
set add-gw-route disable
|
|
set psksecret ENC L0+Z/CdSbRWZO8JuAfWYttsL3B/IcHVpShVl5KRVpKdTwDj+THfMFCpuBYHbEgkf06lfXE6I+WPyx5fhH+strnisJa2Z+PACbpd8ODUXEIiAJkBHIlh19OpWWvavv5fK5B2+2Clv/oaJ1G60iWdW6RASrJMvPcJO2KMdlIncLhH8cqmAqQD4U2ODJFlOA3tO2ytr9VlmMjY3dkVA
|
|
set keepalive 10
|
|
set dpd-retrycount 3
|
|
set dpd-retryinterval 20
|
|
next
|
|
edit "vpn-0fc50345"
|
|
set type static
|
|
set interface "outside lag"
|
|
set ip-version 4
|
|
set ike-version 1
|
|
set local-gw 198.36.24.5
|
|
set keylife 28800
|
|
set authmethod psk
|
|
set mode main
|
|
set peertype any
|
|
set monitor-min 0
|
|
set net-device disable
|
|
set passive-mode disable
|
|
set exchange-interface-ip disable
|
|
set aggregate-member disable
|
|
set packet-redistribution disable
|
|
set mode-cfg disable
|
|
set proposal aes128-sha1
|
|
set localid ''
|
|
set localid-type auto
|
|
set auto-negotiate enable
|
|
set negotiate-timeout 30
|
|
set fragmentation enable
|
|
set ip-fragmentation post-encapsulation
|
|
set dpd on-demand
|
|
set comments "SchoolTool Tunnel"
|
|
set npu-offload enable
|
|
set dhgrp 2
|
|
set suite-b disable
|
|
set wizard-type custom
|
|
set xauthtype disable
|
|
set mesh-selector-type disable
|
|
set idle-timeout disable
|
|
set ha-sync-esp-seqno enable
|
|
set fgsp-sync disable
|
|
set inbound-dscp-copy disable
|
|
set auto-discovery-sender disable
|
|
set auto-discovery-receiver disable
|
|
set auto-discovery-forwarder disable
|
|
set encapsulation none
|
|
set nattraversal enable
|
|
set esn disable
|
|
set rekey enable
|
|
set fec-egress disable
|
|
set fec-ingress disable
|
|
set link-cost 0
|
|
set exchange-fgt-device-id disable
|
|
set ems-sn-check disable
|
|
set qkd disable
|
|
set qkd-profile ''
|
|
set remote-gw 34.194.174.170
|
|
set add-gw-route disable
|
|
set psksecret ENC txVJlSvK/aoe3UGi3JTby/gUXaSoRMboolzmamWEOf9eS2a6ox269LW//jcr13Tx3+9Mg5m8OvmL+XLd4ZbXnIegFlkscE2xs6NcU2eFIiLmW8YorGtZBzbyLcjfpsGBUnJadyMR4Wg44Cyktw1AeLByEOQ97Pdi2lrDhYP3cwJ/4exmsTZm7umAmoSn9OZTpV23FFlmMjY3dkVA
|
|
set keepalive 10
|
|
set dpd-retrycount 3
|
|
set dpd-retryinterval 20
|
|
next
|
|
edit "vpn-0403e61"
|
|
set type static
|
|
set interface "outside lag"
|
|
set ip-version 4
|
|
set ike-version 2
|
|
set local-gw 198.36.24.5
|
|
set keylife 28800
|
|
set authmethod psk
|
|
unset authmethod-remote
|
|
set peertype any
|
|
set monitor-min 0
|
|
set net-device disable
|
|
set passive-mode disable
|
|
set exchange-interface-ip disable
|
|
set aggregate-member disable
|
|
set packet-redistribution disable
|
|
set mode-cfg disable
|
|
set proposal aes256-sha256
|
|
set localid ''
|
|
set localid-type auto
|
|
set auto-negotiate enable
|
|
set negotiate-timeout 30
|
|
set fragmentation enable
|
|
set ip-fragmentation post-encapsulation
|
|
set dpd on-demand
|
|
set comments "eScholar Tunnel"
|
|
set npu-offload enable
|
|
set dhgrp 19
|
|
set suite-b disable
|
|
set eap disable
|
|
set ppk disable
|
|
set wizard-type custom
|
|
set reauth disable
|
|
set idle-timeout disable
|
|
set ha-sync-esp-seqno enable
|
|
set fgsp-sync disable
|
|
set inbound-dscp-copy disable
|
|
set auto-discovery-sender disable
|
|
set auto-discovery-receiver disable
|
|
set auto-discovery-forwarder disable
|
|
set encapsulation none
|
|
set nattraversal enable
|
|
set esn disable
|
|
set fragmentation-mtu 1200
|
|
set childless-ike disable
|
|
set rekey enable
|
|
set fec-egress disable
|
|
set fec-ingress disable
|
|
set network-overlay disable
|
|
set dev-id-notification disable
|
|
set link-cost 0
|
|
set kms ''
|
|
set exchange-fgt-device-id disable
|
|
set ems-sn-check disable
|
|
set qkd disable
|
|
set qkd-profile ''
|
|
set transport udp
|
|
set remote-gw 44.216.12.227
|
|
set add-gw-route disable
|
|
set psksecret ENC qZiClbFwSE3ztTqJFMVirPL9MCpveu+QHSZgXpVADgZ6i0uHEtGltfMUUvJnNGJo0EvIvawR8ghr7WNZrUZ9Lfp0h0FsdnyLir5aRgpAwBPFcTXKuUW1ZrHLPz7aRGFdAuySVWLxZXUfnpf1juVgU93GNHs1+Ct5IY50Bz1OSfJ6J/dyQ87zrmH+l7w5lWtVeukc+1lmMjY3dkVA
|
|
set keepalive 10
|
|
set dpd-retrycount 3
|
|
set dpd-retryinterval 30
|
|
next
|
|
edit "Highstreet"
|
|
set type static
|
|
set interface "outside lag"
|
|
set ip-version 4
|
|
set ike-version 2
|
|
set local-gw 198.36.24.5
|
|
set keylife 28800
|
|
set authmethod psk
|
|
unset authmethod-remote
|
|
set peertype any
|
|
set monitor-min 0
|
|
set net-device disable
|
|
set passive-mode disable
|
|
set exchange-interface-ip disable
|
|
set aggregate-member disable
|
|
set packet-redistribution disable
|
|
set mode-cfg disable
|
|
set proposal aes128-sha1
|
|
set localid ''
|
|
set localid-type auto
|
|
set auto-negotiate enable
|
|
set negotiate-timeout 30
|
|
set fragmentation enable
|
|
set ip-fragmentation post-encapsulation
|
|
set dpd on-demand
|
|
set comments ''
|
|
set npu-offload enable
|
|
set dhgrp 2
|
|
set suite-b disable
|
|
set eap disable
|
|
set ppk disable
|
|
set wizard-type custom
|
|
set reauth disable
|
|
set idle-timeout disable
|
|
set ha-sync-esp-seqno enable
|
|
set fgsp-sync disable
|
|
set inbound-dscp-copy disable
|
|
set auto-discovery-sender disable
|
|
set auto-discovery-receiver disable
|
|
set auto-discovery-forwarder disable
|
|
set encapsulation none
|
|
set nattraversal disable
|
|
set esn disable
|
|
set fragmentation-mtu 1200
|
|
set childless-ike disable
|
|
set rekey enable
|
|
set fec-egress disable
|
|
set fec-ingress disable
|
|
set network-overlay disable
|
|
set dev-id-notification disable
|
|
set link-cost 0
|
|
set kms ''
|
|
set exchange-fgt-device-id disable
|
|
set ems-sn-check disable
|
|
set qkd disable
|
|
set qkd-profile ''
|
|
set transport udp
|
|
set remote-gw 3.20.191.182
|
|
set add-gw-route disable
|
|
set psksecret ENC Z1nHv43wLdfLfJtCVFbmzq0dOzb2DQxGYaC/GxIMutkjHsZyyfqyFwCZXpWUenD6thQiQpjTnhuORy6hs+MSrTbrBxuQQxJJSOs7ehihZtKrEcYWREi3qkxagPSoleEgMtqEWGCjVT8rzDqvCK1H0VbhZeZG1cJu12lJbFGFNYrJo/5Mzj/+ljHZV1A7/DpG4vB1x1lmMjY3dkVA
|
|
set dpd-retrycount 3
|
|
set dpd-retryinterval 20
|
|
next
|
|
edit "Highstreet_2"
|
|
set type static
|
|
set interface "outside lag"
|
|
set ip-version 4
|
|
set ike-version 2
|
|
set local-gw 0.0.0.0
|
|
set keylife 28800
|
|
set authmethod psk
|
|
unset authmethod-remote
|
|
set peertype any
|
|
set monitor-min 0
|
|
set net-device disable
|
|
set passive-mode disable
|
|
set exchange-interface-ip disable
|
|
set aggregate-member disable
|
|
set packet-redistribution disable
|
|
set mode-cfg disable
|
|
set proposal aes128-sha1
|
|
set localid ''
|
|
set localid-type auto
|
|
set auto-negotiate enable
|
|
set negotiate-timeout 30
|
|
set fragmentation enable
|
|
set ip-fragmentation post-encapsulation
|
|
set dpd on-demand
|
|
set comments ''
|
|
set npu-offload enable
|
|
set dhgrp 2
|
|
set suite-b disable
|
|
set eap disable
|
|
set ppk disable
|
|
set wizard-type custom
|
|
set reauth disable
|
|
set idle-timeout disable
|
|
set ha-sync-esp-seqno enable
|
|
set fgsp-sync disable
|
|
set inbound-dscp-copy disable
|
|
set auto-discovery-sender disable
|
|
set auto-discovery-receiver disable
|
|
set auto-discovery-forwarder disable
|
|
set encapsulation none
|
|
set nattraversal disable
|
|
set esn disable
|
|
set fragmentation-mtu 1200
|
|
set childless-ike disable
|
|
set rekey enable
|
|
set fec-egress disable
|
|
set fec-ingress disable
|
|
set network-overlay disable
|
|
set dev-id-notification disable
|
|
set link-cost 0
|
|
set kms ''
|
|
set exchange-fgt-device-id disable
|
|
set ems-sn-check disable
|
|
set qkd disable
|
|
set qkd-profile ''
|
|
set transport udp
|
|
set remote-gw 3.146.135.243
|
|
set add-gw-route disable
|
|
set psksecret ENC XzbZFk5Y3RBbtxDqZyG3fCz+tPeVsbxsr6vDJEHIlTEfY+xkvZ7VWeEHJEsp3qBV4Wx2QXBTlKcEl+GcdmctE/2lTETl+UYudBRgCwP+IEVwTaJjwnOSBTewn9J9zOJEeRgR0j1nEL4uTA+ADOGwulIh0djDEn159R9th/klm3UHyKloRHQOzLtJ+3jSe0WpzOSENVlmMjY3dkVA
|
|
set dpd-retrycount 3
|
|
set dpd-retryinterval 20
|
|
next
|
|
edit "DPS"
|
|
set type static
|
|
set interface "outside lag"
|
|
set ip-version 4
|
|
set ike-version 2
|
|
set local-gw 0.0.0.0
|
|
set keylife 86400
|
|
set authmethod psk
|
|
unset authmethod-remote
|
|
set peertype any
|
|
set monitor-min 0
|
|
set net-device disable
|
|
set passive-mode disable
|
|
set exchange-interface-ip disable
|
|
set aggregate-member disable
|
|
set packet-redistribution disable
|
|
set mode-cfg disable
|
|
set proposal aes256-sha256
|
|
set localid ''
|
|
set localid-type auto
|
|
set auto-negotiate enable
|
|
set negotiate-timeout 30
|
|
set fragmentation enable
|
|
set ip-fragmentation post-encapsulation
|
|
set dpd on-demand
|
|
set comments "VPN: DPS"
|
|
set npu-offload enable
|
|
set dhgrp 14 5
|
|
set suite-b disable
|
|
set eap disable
|
|
set ppk disable
|
|
set wizard-type custom
|
|
set reauth disable
|
|
set idle-timeout disable
|
|
set ha-sync-esp-seqno enable
|
|
set fgsp-sync disable
|
|
set inbound-dscp-copy disable
|
|
set auto-discovery-sender disable
|
|
set auto-discovery-receiver disable
|
|
set auto-discovery-forwarder disable
|
|
set encapsulation none
|
|
set nattraversal enable
|
|
set esn disable
|
|
set fragmentation-mtu 1200
|
|
set childless-ike disable
|
|
set rekey enable
|
|
set fec-egress disable
|
|
set fec-ingress disable
|
|
set network-overlay disable
|
|
set dev-id-notification disable
|
|
set link-cost 0
|
|
set kms ''
|
|
set exchange-fgt-device-id disable
|
|
set ems-sn-check disable
|
|
set qkd disable
|
|
set qkd-profile ''
|
|
set transport udp
|
|
set remote-gw 24.39.213.214
|
|
set add-gw-route disable
|
|
set psksecret ENC wKdn8dnKcqTO/wjj/KORZ4xQS8it7eJCQXYHWFN3zrw1HZ41F8G3cszMTy2W9+nScdeoRGsz7VeNy9v9XNCSoR6bzGgr9DEODtKpYvid0Tcc/kk6WQhlGyp5l+suTmt/l/ZiDQqYbhDSx9yPpspHtBUZPx4wKOVQ1ct6ghglY11RObis5jtql3H4ueRzfEJbM6ytXVlmMjY3dkVA
|
|
set keepalive 10
|
|
set dpd-retrycount 3
|
|
set dpd-retryinterval 20
|
|
next
|
|
edit "RAP"
|
|
set type static
|
|
set interface "outside lag"
|
|
set ip-version 4
|
|
set ike-version 2
|
|
set local-gw 0.0.0.0
|
|
set keylife 86400
|
|
set authmethod psk
|
|
unset authmethod-remote
|
|
set peertype any
|
|
set monitor-min 0
|
|
set net-device disable
|
|
set passive-mode disable
|
|
set exchange-interface-ip disable
|
|
set aggregate-member disable
|
|
set packet-redistribution disable
|
|
set mode-cfg disable
|
|
set proposal aes256-sha256
|
|
set localid ''
|
|
set localid-type auto
|
|
set auto-negotiate enable
|
|
set negotiate-timeout 30
|
|
set fragmentation enable
|
|
set ip-fragmentation post-encapsulation
|
|
set dpd on-demand
|
|
set comments "SCSD->RAP"
|
|
set npu-offload enable
|
|
set dhgrp 14 5
|
|
set suite-b disable
|
|
set eap disable
|
|
set ppk disable
|
|
set wizard-type custom
|
|
set reauth disable
|
|
set idle-timeout disable
|
|
set ha-sync-esp-seqno enable
|
|
set fgsp-sync disable
|
|
set inbound-dscp-copy disable
|
|
set auto-discovery-sender disable
|
|
set auto-discovery-receiver disable
|
|
set auto-discovery-forwarder disable
|
|
set encapsulation none
|
|
set nattraversal disable
|
|
set esn disable
|
|
set fragmentation-mtu 1200
|
|
set childless-ike disable
|
|
set rekey enable
|
|
set fec-egress disable
|
|
set fec-ingress disable
|
|
set network-overlay disable
|
|
set dev-id-notification disable
|
|
set link-cost 0
|
|
set kms ''
|
|
set exchange-fgt-device-id disable
|
|
set ems-sn-check disable
|
|
set qkd disable
|
|
set qkd-profile ''
|
|
set transport udp-fallback-tcp
|
|
set fortinet-esp disable
|
|
set fallback-tcp-threshold 15
|
|
set remote-gw 24.105.188.54
|
|
set add-gw-route disable
|
|
set psksecret ENC 4RQNsdQEyWoM7/0Kt+TipteNACoeLorScv3Jq6MRwjNFpsCi+2ponw668lRci/RHI6HmOwH4he5rrqZnFQaASW/16aIspgXG1NhAiObZ9ZqdH4JI1RSlElLheNRSwOw9ZDFGOJxXPY1E+BRAv/nW8EeLc3fIRpDs5y2mVcqr1rG8eRvaAU+jsnMUsrnimI6Ycq8na1lmMjY3dkVA
|
|
set dpd-retrycount 3
|
|
set dpd-retryinterval 20
|
|
next
|
|
end
|
|
config vpn ipsec phase2-interface
|
|
edit "SRIC_BOCES"
|
|
set phase1name "SRIC_BOCES"
|
|
set proposal aes256-sha256
|
|
set pfs enable
|
|
set ipv4-df disable
|
|
set dhgrp 14
|
|
set replay enable
|
|
set auto-negotiate enable
|
|
set inbound-dscp-copy phase1
|
|
set auto-discovery-sender phase1
|
|
set auto-discovery-forwarder phase1
|
|
set keylife-type seconds
|
|
set encapsulation tunnel-mode
|
|
set comments ''
|
|
set initiator-ts-narrow disable
|
|
set diffserv disable
|
|
set protocol 0
|
|
set src-addr-type ip
|
|
set src-port 0
|
|
set dst-addr-type ip
|
|
set dst-port 0
|
|
set keylifeseconds 28800
|
|
set src-start-ip 198.36.24.68
|
|
set dst-start-ip 170.161.52.27
|
|
next
|
|
edit "vpn-042e9903"
|
|
set phase1name "vpn-042e9903"
|
|
set proposal aes256-sha256
|
|
set pfs enable
|
|
set ipv4-df disable
|
|
set dhgrp 16
|
|
set replay enable
|
|
set auto-negotiate enable
|
|
set inbound-dscp-copy phase1
|
|
set auto-discovery-sender phase1
|
|
set auto-discovery-forwarder phase1
|
|
set keylife-type seconds
|
|
set encapsulation tunnel-mode
|
|
set comments ''
|
|
set initiator-ts-narrow disable
|
|
set diffserv disable
|
|
set protocol 0
|
|
set src-addr-type subnet
|
|
set src-port 0
|
|
set dst-addr-type subnet
|
|
set dst-port 0
|
|
set keylifeseconds 3600
|
|
set src-subnet 10.1.48.0 255.255.255.0
|
|
set dst-subnet 10.222.0.0 255.255.0.0
|
|
next
|
|
edit "SCHC"
|
|
set phase1name "SCHC"
|
|
set proposal aes256-sha256
|
|
set pfs enable
|
|
set ipv4-df disable
|
|
set dhgrp 14
|
|
set replay enable
|
|
set keepalive disable
|
|
set auto-negotiate disable
|
|
set inbound-dscp-copy phase1
|
|
set auto-discovery-sender phase1
|
|
set auto-discovery-forwarder phase1
|
|
set keylife-type seconds
|
|
set encapsulation tunnel-mode
|
|
set comments ''
|
|
set initiator-ts-narrow disable
|
|
set diffserv disable
|
|
set protocol 0
|
|
set src-addr-type name
|
|
set src-port 0
|
|
set dst-addr-type name
|
|
set dst-port 0
|
|
set keylifeseconds 28800
|
|
set src-name "SCHC_Local_Subnets_Group"
|
|
set dst-name "SCHC_Remote_Subnets_Group"
|
|
next
|
|
edit "vpn-0fc50345"
|
|
set phase1name "vpn-0fc50345"
|
|
set proposal aes128-sha1
|
|
set pfs enable
|
|
set ipv4-df disable
|
|
set dhgrp 2
|
|
set replay enable
|
|
set auto-negotiate enable
|
|
set inbound-dscp-copy phase1
|
|
set auto-discovery-sender phase1
|
|
set auto-discovery-forwarder phase1
|
|
set keylife-type seconds
|
|
set encapsulation tunnel-mode
|
|
set comments ''
|
|
set diffserv disable
|
|
set protocol 0
|
|
set src-addr-type name
|
|
set src-port 0
|
|
set dst-addr-type name
|
|
set dst-port 0
|
|
set keylifeseconds 3600
|
|
set src-name "SchoolTool_Cloud_Internal"
|
|
set dst-name "SchoolTool_External_Range"
|
|
next
|
|
edit "vpn-0403e61"
|
|
set phase1name "vpn-0403e61"
|
|
set proposal aes256-sha256
|
|
set pfs enable
|
|
set ipv4-df disable
|
|
set dhgrp 16
|
|
set replay enable
|
|
set auto-negotiate enable
|
|
set inbound-dscp-copy phase1
|
|
set auto-discovery-sender phase1
|
|
set auto-discovery-forwarder phase1
|
|
set keylife-type seconds
|
|
set encapsulation tunnel-mode
|
|
set comments ''
|
|
set initiator-ts-narrow disable
|
|
set diffserv disable
|
|
set protocol 0
|
|
set src-addr-type subnet
|
|
set src-port 0
|
|
set dst-addr-type subnet
|
|
set dst-port 0
|
|
set keylifeseconds 3600
|
|
set src-subnet 10.1.48.0 255.255.255.0
|
|
set dst-subnet 10.11.0.0 255.255.240.0
|
|
next
|
|
edit "Highstreet"
|
|
set phase1name "Highstreet"
|
|
set proposal aes128-sha1
|
|
set pfs enable
|
|
set ipv4-df disable
|
|
set dhgrp 2
|
|
set replay enable
|
|
set auto-negotiate enable
|
|
set inbound-dscp-copy phase1
|
|
set auto-discovery-sender phase1
|
|
set auto-discovery-forwarder phase1
|
|
set keylife-type seconds
|
|
set encapsulation tunnel-mode
|
|
set comments ''
|
|
set initiator-ts-narrow disable
|
|
set diffserv disable
|
|
set protocol 0
|
|
set src-addr-type subnet
|
|
set src-port 0
|
|
set dst-addr-type subnet
|
|
set dst-port 0
|
|
set keylifeseconds 3600
|
|
set src-subnet 10.1.0.0 255.255.192.0
|
|
set dst-subnet 10.51.62.0 255.255.255.0
|
|
next
|
|
edit "Highstreet_2"
|
|
set phase1name "Highstreet_2"
|
|
set proposal aes128-sha1
|
|
set pfs enable
|
|
set ipv4-df disable
|
|
set dhgrp 2
|
|
set replay enable
|
|
set auto-negotiate enable
|
|
set inbound-dscp-copy phase1
|
|
set auto-discovery-sender phase1
|
|
set auto-discovery-forwarder phase1
|
|
set keylife-type seconds
|
|
set encapsulation tunnel-mode
|
|
set comments ''
|
|
set initiator-ts-narrow disable
|
|
set diffserv disable
|
|
set protocol 0
|
|
set src-addr-type subnet
|
|
set src-port 0
|
|
set dst-addr-type subnet
|
|
set dst-port 0
|
|
set keylifeseconds 3600
|
|
set src-subnet 10.1.0.0 255.255.0.0
|
|
set dst-subnet 10.51.62.32 255.255.255.240
|
|
next
|
|
edit "DPS"
|
|
set phase1name "DPS"
|
|
set proposal aes256-sha256
|
|
set pfs enable
|
|
set ipv4-df disable
|
|
set dhgrp 14 5
|
|
set replay enable
|
|
set keepalive disable
|
|
set auto-negotiate disable
|
|
set inbound-dscp-copy phase1
|
|
set auto-discovery-sender phase1
|
|
set auto-discovery-forwarder phase1
|
|
set keylife-type seconds
|
|
set encapsulation tunnel-mode
|
|
set comments "VPN: DPS"
|
|
set initiator-ts-narrow disable
|
|
set diffserv disable
|
|
set protocol 0
|
|
set src-addr-type subnet
|
|
set src-port 0
|
|
set dst-addr-type subnet
|
|
set dst-port 0
|
|
set keylifeseconds 43200
|
|
set src-subnet 0.0.0.0 0.0.0.0
|
|
set dst-subnet 0.0.0.0 0.0.0.0
|
|
next
|
|
edit "RAP"
|
|
set phase1name "RAP"
|
|
set proposal aes256-sha256
|
|
set pfs enable
|
|
set ipv4-df disable
|
|
set dhgrp 14 5
|
|
set replay enable
|
|
set keepalive disable
|
|
set auto-negotiate disable
|
|
set inbound-dscp-copy phase1
|
|
set auto-discovery-sender phase1
|
|
set auto-discovery-forwarder phase1
|
|
set keylife-type seconds
|
|
set encapsulation tunnel-mode
|
|
set comments ''
|
|
set initiator-ts-narrow disable
|
|
set diffserv disable
|
|
set protocol 0
|
|
set src-addr-type subnet
|
|
set src-port 0
|
|
set dst-addr-type subnet
|
|
set dst-port 0
|
|
set keylifeseconds 43200
|
|
set src-subnet 0.0.0.0 0.0.0.0
|
|
set dst-subnet 0.0.0.0 0.0.0.0
|
|
next
|
|
end
|
|
config vpn ipsec manualkey-interface
|
|
end
|
|
config vpn pptp
|
|
set status disable
|
|
end
|
|
config vpn l2tp
|
|
set status disable
|
|
set lcp-max-echo-fails 3
|
|
set hello-interval 60
|
|
end
|
|
config vpn ipsec forticlient
|
|
end
|
|
config system evpn
|
|
end
|
|
config dnsfilter domain-filter
|
|
end
|
|
config dnsfilter profile
|
|
edit "default"
|
|
set comment "Default dns filtering."
|
|
config domain-filter
|
|
unset domain-filter-table
|
|
end
|
|
config ftgd-dns
|
|
unset options
|
|
config filters
|
|
edit 1
|
|
set category 2
|
|
set action monitor
|
|
next
|
|
edit 2
|
|
set category 7
|
|
set action monitor
|
|
next
|
|
edit 3
|
|
set category 8
|
|
set action monitor
|
|
next
|
|
edit 4
|
|
set category 9
|
|
set action monitor
|
|
next
|
|
edit 5
|
|
set category 11
|
|
set action monitor
|
|
next
|
|
edit 6
|
|
set category 12
|
|
set action monitor
|
|
next
|
|
edit 7
|
|
set category 13
|
|
set action monitor
|
|
next
|
|
edit 8
|
|
set category 14
|
|
set action monitor
|
|
next
|
|
edit 9
|
|
set category 15
|
|
set action monitor
|
|
next
|
|
edit 10
|
|
set category 16
|
|
set action monitor
|
|
next
|
|
edit 11
|
|
set category 0
|
|
set action monitor
|
|
next
|
|
edit 12
|
|
set category 57
|
|
set action monitor
|
|
next
|
|
edit 13
|
|
set category 63
|
|
set action monitor
|
|
next
|
|
edit 14
|
|
set category 64
|
|
set action monitor
|
|
next
|
|
edit 15
|
|
set category 65
|
|
set action monitor
|
|
next
|
|
edit 16
|
|
set category 66
|
|
set action monitor
|
|
next
|
|
edit 17
|
|
set category 67
|
|
set action monitor
|
|
next
|
|
edit 18
|
|
set category 26
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 19
|
|
set category 61
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 20
|
|
set category 86
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 21
|
|
set category 88
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 22
|
|
set category 90
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 23
|
|
set category 91
|
|
set action block
|
|
set log enable
|
|
next
|
|
end
|
|
end
|
|
set log-all-domain disable
|
|
set sdns-ftgd-err-log enable
|
|
set sdns-domain-log enable
|
|
set block-action redirect
|
|
set block-botnet enable
|
|
set safe-search disable
|
|
set strip-ech enable
|
|
set redirect-portal 0.0.0.0
|
|
set redirect-portal6 ::
|
|
next
|
|
edit "DNS_Profile"
|
|
set comment "Default dns filtering."
|
|
config domain-filter
|
|
unset domain-filter-table
|
|
end
|
|
config ftgd-dns
|
|
set options error-allow
|
|
config filters
|
|
edit 1
|
|
set category 12
|
|
set action monitor
|
|
next
|
|
edit 2
|
|
set category 2
|
|
set action monitor
|
|
next
|
|
edit 3
|
|
set category 7
|
|
set action monitor
|
|
next
|
|
edit 4
|
|
set category 8
|
|
set action monitor
|
|
next
|
|
edit 5
|
|
set category 9
|
|
set action monitor
|
|
next
|
|
edit 6
|
|
set category 11
|
|
set action monitor
|
|
next
|
|
edit 7
|
|
set category 13
|
|
set action monitor
|
|
next
|
|
edit 8
|
|
set category 14
|
|
set action monitor
|
|
next
|
|
edit 9
|
|
set category 15
|
|
set action monitor
|
|
next
|
|
edit 10
|
|
set category 16
|
|
set action monitor
|
|
next
|
|
edit 11
|
|
set category 57
|
|
set action monitor
|
|
next
|
|
edit 12
|
|
set category 63
|
|
set action monitor
|
|
next
|
|
edit 13
|
|
set category 64
|
|
set action monitor
|
|
next
|
|
edit 14
|
|
set category 65
|
|
set action monitor
|
|
next
|
|
edit 15
|
|
set category 66
|
|
set action monitor
|
|
next
|
|
edit 16
|
|
set category 67
|
|
set action monitor
|
|
next
|
|
edit 17
|
|
set category 26
|
|
set action monitor
|
|
next
|
|
edit 18
|
|
set category 61
|
|
set action monitor
|
|
next
|
|
edit 19
|
|
set category 86
|
|
set action monitor
|
|
next
|
|
edit 20
|
|
set category 88
|
|
set action monitor
|
|
next
|
|
edit 21
|
|
set category 90
|
|
set action monitor
|
|
next
|
|
edit 22
|
|
set category 91
|
|
set action monitor
|
|
next
|
|
edit 23
|
|
set category 0
|
|
set action monitor
|
|
next
|
|
end
|
|
end
|
|
set log-all-domain disable
|
|
set sdns-ftgd-err-log enable
|
|
set sdns-domain-log enable
|
|
set block-action redirect
|
|
set block-botnet disable
|
|
set safe-search disable
|
|
set strip-ech enable
|
|
set redirect-portal 0.0.0.0
|
|
set redirect-portal6 ::
|
|
next
|
|
end
|
|
config system gre-tunnel
|
|
end
|
|
config system ipsec-aggregate
|
|
end
|
|
config system ipip-tunnel
|
|
end
|
|
config system mobile-tunnel
|
|
end
|
|
config system pppoe-interface
|
|
end
|
|
config system vxlan
|
|
end
|
|
config system geneve
|
|
end
|
|
config system virtual-wire-pair
|
|
end
|
|
config system dns-database
|
|
end
|
|
config system dns-server
|
|
end
|
|
config log custom-field
|
|
end
|
|
config antivirus settings
|
|
set machine-learning-detection enable
|
|
set use-extreme-db disable
|
|
set grayware enable
|
|
set override-timeout 0
|
|
set cache-infected-result enable
|
|
end
|
|
config antivirus quarantine
|
|
set agelimit 0
|
|
set maxfilesize 0
|
|
set quarantine-quota 0
|
|
unset drop-infected
|
|
set store-infected imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
|
|
unset drop-machine-learning
|
|
set store-machine-learning imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
|
|
set lowspace ovrw-old
|
|
set destination disk
|
|
end
|
|
config antivirus exempt-list
|
|
end
|
|
config ssh-filter profile
|
|
end
|
|
config antivirus profile
|
|
edit "g-default"
|
|
set comment "Scan files and block viruses."
|
|
set replacemsg-group ''
|
|
set feature-set flow
|
|
set mobile-malware-db enable
|
|
config http
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config ftp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config imap
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config pop3
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config smtp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config nntp
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config cifs
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config nac-quar
|
|
set infected none
|
|
set log disable
|
|
end
|
|
set outbreak-prevention-archive-scan disable
|
|
set external-blocklist-enable-all enable
|
|
set ems-threat-feed disable
|
|
set av-virus-log enable
|
|
set extended-log disable
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "Scan files and monitor viruses."
|
|
set replacemsg-group ''
|
|
set feature-set flow
|
|
set mobile-malware-db enable
|
|
config http
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config ftp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config imap
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config pop3
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config smtp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config nntp
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config cifs
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config nac-quar
|
|
set infected none
|
|
set log disable
|
|
end
|
|
set outbreak-prevention-archive-scan disable
|
|
set external-blocklist-enable-all enable
|
|
set ems-threat-feed disable
|
|
set av-virus-log enable
|
|
set extended-log disable
|
|
next
|
|
edit "g-wifi-default"
|
|
set comment "Default configuration for offloading WiFi traffic."
|
|
set replacemsg-group ''
|
|
set feature-set flow
|
|
set mobile-malware-db enable
|
|
config http
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config ftp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config imap
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config pop3
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config smtp
|
|
set av-scan block
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
set executables virus
|
|
end
|
|
config nntp
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config cifs
|
|
set av-scan disable
|
|
set outbreak-prevention disable
|
|
set external-blocklist disable
|
|
set quarantine disable
|
|
unset archive-block
|
|
unset archive-log
|
|
set emulator enable
|
|
end
|
|
config nac-quar
|
|
set infected none
|
|
set log disable
|
|
end
|
|
set outbreak-prevention-archive-scan disable
|
|
set external-blocklist-enable-all enable
|
|
set ems-threat-feed disable
|
|
set av-virus-log enable
|
|
set extended-log disable
|
|
next
|
|
end
|
|
config file-filter profile
|
|
edit "g-default"
|
|
set comment "File type inspection."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
set log enable
|
|
set extended-log disable
|
|
set scan-archive-contents enable
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "File type inspection."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
set log enable
|
|
set extended-log disable
|
|
set scan-archive-contents enable
|
|
next
|
|
end
|
|
config webfilter profile
|
|
edit "g-default"
|
|
set comment "Default web filtering."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
unset options
|
|
set https-replacemsg enable
|
|
set web-flow-log-encoding utf-8
|
|
unset ovrd-perm
|
|
set post-action normal
|
|
config override
|
|
set ovrd-cookie deny
|
|
set ovrd-scope user
|
|
set profile-type list
|
|
set ovrd-dur-mode constant
|
|
set ovrd-dur 15m
|
|
end
|
|
config web
|
|
set bword-threshold 10
|
|
set blocklist disable
|
|
unset allowlist
|
|
unset safe-search
|
|
end
|
|
config ftgd-wf
|
|
unset options
|
|
unset ovrd
|
|
config filters
|
|
edit 1
|
|
set category 0
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 2
|
|
set category 2
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 3
|
|
set category 7
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 4
|
|
set category 8
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 5
|
|
set category 9
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 6
|
|
set category 11
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 7
|
|
set category 12
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 8
|
|
set category 13
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 9
|
|
set category 14
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 10
|
|
set category 15
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 11
|
|
set category 16
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 12
|
|
set category 26
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 13
|
|
set category 57
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 14
|
|
set category 61
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 15
|
|
set category 63
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 16
|
|
set category 64
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 17
|
|
set category 65
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 18
|
|
set category 66
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 19
|
|
set category 67
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 20
|
|
set category 86
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 21
|
|
set category 88
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 22
|
|
set category 90
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 23
|
|
set category 91
|
|
set action block
|
|
set log enable
|
|
next
|
|
end
|
|
set rate-javascript-urls enable
|
|
set rate-css-urls enable
|
|
set rate-crl-urls enable
|
|
end
|
|
set wisp disable
|
|
set log-all-url disable
|
|
set web-content-log enable
|
|
set web-filter-command-block-log enable
|
|
set web-filter-cookie-log enable
|
|
set web-url-log enable
|
|
set web-invalid-domain-log enable
|
|
set web-ftgd-err-log enable
|
|
set extended-log disable
|
|
next
|
|
edit "g-sniffer-profile"
|
|
set comment "Monitor web traffic."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
unset options
|
|
set https-replacemsg enable
|
|
set web-flow-log-encoding utf-8
|
|
unset ovrd-perm
|
|
set post-action normal
|
|
config override
|
|
set ovrd-cookie deny
|
|
set ovrd-scope user
|
|
set profile-type list
|
|
set ovrd-dur-mode constant
|
|
set ovrd-dur 15m
|
|
end
|
|
config web
|
|
set bword-threshold 10
|
|
set blocklist disable
|
|
unset allowlist
|
|
unset safe-search
|
|
end
|
|
config ftgd-wf
|
|
set options ftgd-disable
|
|
unset ovrd
|
|
config filters
|
|
edit 1
|
|
set category 0
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 2
|
|
set category 1
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 3
|
|
set category 2
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 4
|
|
set category 3
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 5
|
|
set category 4
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 6
|
|
set category 5
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 7
|
|
set category 6
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 8
|
|
set category 7
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 9
|
|
set category 8
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 10
|
|
set category 9
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 11
|
|
set category 11
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 12
|
|
set category 12
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 13
|
|
set category 13
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 14
|
|
set category 14
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 15
|
|
set category 15
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 16
|
|
set category 16
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 17
|
|
set category 17
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 18
|
|
set category 18
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 19
|
|
set category 19
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 20
|
|
set category 20
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 21
|
|
set category 23
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 22
|
|
set category 24
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 23
|
|
set category 25
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 24
|
|
set category 26
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 25
|
|
set category 28
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 26
|
|
set category 29
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 27
|
|
set category 30
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 28
|
|
set category 31
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 29
|
|
set category 33
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 30
|
|
set category 34
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 31
|
|
set category 35
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 32
|
|
set category 36
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 33
|
|
set category 37
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 34
|
|
set category 38
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 35
|
|
set category 39
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 36
|
|
set category 40
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 37
|
|
set category 41
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 38
|
|
set category 42
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 39
|
|
set category 43
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 40
|
|
set category 44
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 41
|
|
set category 46
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 42
|
|
set category 47
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 43
|
|
set category 48
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 44
|
|
set category 49
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 45
|
|
set category 50
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 46
|
|
set category 51
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 47
|
|
set category 52
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 48
|
|
set category 53
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 49
|
|
set category 54
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 50
|
|
set category 55
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 51
|
|
set category 56
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 52
|
|
set category 57
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 53
|
|
set category 58
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 54
|
|
set category 59
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 55
|
|
set category 61
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 56
|
|
set category 62
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 57
|
|
set category 63
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 58
|
|
set category 64
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 59
|
|
set category 65
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 60
|
|
set category 66
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 61
|
|
set category 67
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 62
|
|
set category 68
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 63
|
|
set category 69
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 64
|
|
set category 70
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 65
|
|
set category 71
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 66
|
|
set category 72
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 67
|
|
set category 75
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 68
|
|
set category 76
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 69
|
|
set category 77
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 70
|
|
set category 78
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 71
|
|
set category 79
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 72
|
|
set category 80
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 73
|
|
set category 81
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 74
|
|
set category 82
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 75
|
|
set category 83
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 76
|
|
set category 84
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 77
|
|
set category 85
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 78
|
|
set category 86
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 79
|
|
set category 87
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 80
|
|
set category 88
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 81
|
|
set category 89
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 82
|
|
set category 90
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 83
|
|
set category 91
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 84
|
|
set category 92
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 85
|
|
set category 93
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 86
|
|
set category 94
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 87
|
|
set category 95
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
end
|
|
set rate-javascript-urls enable
|
|
set rate-css-urls enable
|
|
set rate-crl-urls enable
|
|
end
|
|
set wisp disable
|
|
set log-all-url disable
|
|
set web-content-log enable
|
|
set web-filter-command-block-log enable
|
|
set web-filter-cookie-log enable
|
|
set web-url-log enable
|
|
set web-invalid-domain-log enable
|
|
set web-ftgd-err-log enable
|
|
set extended-log disable
|
|
next
|
|
edit "g-wifi-default"
|
|
set comment "Default configuration for offloading WiFi traffic."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
set options block-invalid-url
|
|
set https-replacemsg enable
|
|
set web-flow-log-encoding utf-8
|
|
unset ovrd-perm
|
|
set post-action normal
|
|
config override
|
|
set ovrd-cookie deny
|
|
set ovrd-scope user
|
|
set profile-type list
|
|
set ovrd-dur-mode constant
|
|
set ovrd-dur 15m
|
|
end
|
|
config web
|
|
set bword-threshold 10
|
|
set blocklist disable
|
|
unset allowlist
|
|
unset safe-search
|
|
end
|
|
config ftgd-wf
|
|
unset options
|
|
unset ovrd
|
|
config filters
|
|
edit 1
|
|
set category 0
|
|
set action monitor
|
|
set log enable
|
|
next
|
|
edit 2
|
|
set category 2
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 3
|
|
set category 7
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 4
|
|
set category 8
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 5
|
|
set category 9
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 6
|
|
set category 11
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 7
|
|
set category 12
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 8
|
|
set category 13
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 9
|
|
set category 14
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 10
|
|
set category 15
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 11
|
|
set category 16
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 12
|
|
set category 26
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 13
|
|
set category 57
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 14
|
|
set category 61
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 15
|
|
set category 63
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 16
|
|
set category 64
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 17
|
|
set category 65
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 18
|
|
set category 66
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 19
|
|
set category 67
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 20
|
|
set category 86
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 21
|
|
set category 88
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 22
|
|
set category 90
|
|
set action block
|
|
set log enable
|
|
next
|
|
edit 23
|
|
set category 91
|
|
set action block
|
|
set log enable
|
|
next
|
|
end
|
|
set rate-javascript-urls enable
|
|
set rate-css-urls enable
|
|
set rate-crl-urls enable
|
|
end
|
|
set wisp disable
|
|
set log-all-url disable
|
|
set web-content-log enable
|
|
set web-filter-command-block-log enable
|
|
set web-filter-cookie-log enable
|
|
set web-url-log enable
|
|
set web-invalid-domain-log enable
|
|
set web-ftgd-err-log enable
|
|
set extended-log disable
|
|
next
|
|
end
|
|
config webfilter override
|
|
end
|
|
config webfilter ftgd-local-rating
|
|
end
|
|
config webfilter search-engine
|
|
edit "g-baidu"
|
|
set hostname ".*\\.baidu\\.com"
|
|
set url "^\\/s?\\?"
|
|
set query "wd="
|
|
set safesearch disable
|
|
next
|
|
edit "g-baidu2"
|
|
set hostname ".*\\.baidu\\.com"
|
|
set url "^\\/(ns|q|m|i|v)\\?"
|
|
set query "word="
|
|
set safesearch disable
|
|
next
|
|
edit "g-baidu3"
|
|
set hostname "tieba\\.baidu\\.com"
|
|
set url "^\\/f\\?"
|
|
set query "kw="
|
|
set safesearch disable
|
|
next
|
|
edit "g-bing"
|
|
set hostname ".*\\.bing\\..*"
|
|
set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
|
|
set query "q="
|
|
set safesearch header
|
|
next
|
|
edit "g-google"
|
|
set hostname ".*\\.google\\..*"
|
|
set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
|
|
set query "q="
|
|
set safesearch url
|
|
set safesearch-str "&safe=active"
|
|
next
|
|
edit "g-google-translate-1"
|
|
set hostname "translate\\.google\\..*"
|
|
set url "^\\/translate"
|
|
set query "u="
|
|
set safesearch translate
|
|
set safesearch-str "regex::(?:\\?|&)u=([^&]+)::\\1"
|
|
next
|
|
edit "g-google-translate-2"
|
|
set hostname ".*\\.translate\\.goog"
|
|
set url "^\\/"
|
|
set query ''
|
|
set safesearch translate
|
|
set safesearch-str "case::google-translate"
|
|
next
|
|
edit "g-twitter"
|
|
set hostname "twitter\\.com"
|
|
set url "^\\/i\\/api\\/graphql\\/.*\\/UserByScreenName"
|
|
set query "variables="
|
|
set safesearch translate
|
|
set safesearch-str "regex::%22screen_name%22:%22([A-Za-z0-9_]{4,15})%22::twitter.com/\\1"
|
|
next
|
|
edit "g-vimeo"
|
|
set hostname ".*vimeo.*"
|
|
set url "^\\/search\\?"
|
|
set query "q="
|
|
set safesearch header
|
|
next
|
|
edit "g-yahoo"
|
|
set hostname ".*\\.yahoo\\..*"
|
|
set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
|
|
set query "p="
|
|
set safesearch url
|
|
set safesearch-str "&vm=r"
|
|
next
|
|
edit "g-yandex"
|
|
set hostname "yandex\\..*"
|
|
set url "^\\/((|yand|images\\/|video\\/)(search)|search\\/)\\?"
|
|
set query "text="
|
|
set safesearch url
|
|
set safesearch-str "&family=yes"
|
|
next
|
|
edit "g-youtube"
|
|
set hostname ".*youtube.*"
|
|
set url ''
|
|
set query ''
|
|
set safesearch header
|
|
next
|
|
edit "g-yt-channel"
|
|
set hostname ''
|
|
set url "www.youtube.com/channel"
|
|
set query ''
|
|
set safesearch yt-channel
|
|
next
|
|
edit "g-yt-pattern"
|
|
set hostname ''
|
|
set url "youtube.com/channel/"
|
|
set query ''
|
|
set safesearch yt-pattern
|
|
next
|
|
edit "g-yt-scan-1"
|
|
set hostname ''
|
|
set url "www.youtube.com/user/"
|
|
set query ''
|
|
set safesearch yt-scan
|
|
next
|
|
edit "g-yt-scan-2"
|
|
set hostname ''
|
|
set url "www.youtube.com/youtubei/v1/browse"
|
|
set query ''
|
|
set safesearch yt-scan
|
|
next
|
|
edit "g-yt-scan-3"
|
|
set hostname ''
|
|
set url "www.youtube.com/youtubei/v1/player"
|
|
set query ''
|
|
set safesearch yt-scan
|
|
next
|
|
edit "g-yt-scan-4"
|
|
set hostname ''
|
|
set url "www.youtube.com/youtubei/v1/navigator"
|
|
set query ''
|
|
set safesearch yt-scan
|
|
next
|
|
edit "yt-video"
|
|
set hostname ''
|
|
set url "www.youtube.com/watch"
|
|
set query ''
|
|
set safesearch yt-video
|
|
next
|
|
end
|
|
config emailfilter profile
|
|
edit "default"
|
|
set comment "Malware and phishing URL filtering."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
set spam-log enable
|
|
set spam-filtering disable
|
|
unset options
|
|
config imap
|
|
set log-all disable
|
|
end
|
|
config pop3
|
|
set log-all disable
|
|
end
|
|
config smtp
|
|
set log-all disable
|
|
end
|
|
config msn-hotmail
|
|
set log-all disable
|
|
end
|
|
config gmail
|
|
set log-all disable
|
|
end
|
|
set spam-bword-threshold 10
|
|
unset spam-bword-table
|
|
unset spam-bal-table
|
|
unset spam-mheader-table
|
|
unset spam-iptrust-table
|
|
next
|
|
edit "sniffer-profile"
|
|
set comment "Malware and phishing URL monitoring."
|
|
set feature-set flow
|
|
set replacemsg-group ''
|
|
set spam-log enable
|
|
set spam-filtering disable
|
|
unset options
|
|
config imap
|
|
set log-all disable
|
|
end
|
|
config pop3
|
|
set log-all disable
|
|
end
|
|
config smtp
|
|
set log-all disable
|
|
end
|
|
config msn-hotmail
|
|
set log-all disable
|
|
end
|
|
config gmail
|
|
set log-all disable
|
|
end
|
|
set spam-bword-threshold 10
|
|
unset spam-bword-table
|
|
unset spam-bal-table
|
|
unset spam-mheader-table
|
|
unset spam-iptrust-table
|
|
next
|
|
end
|
|
config virtual-patch profile
|
|
edit "g-default"
|
|
set comment ''
|
|
set severity info low medium high critical
|
|
set action block
|
|
set log enable
|
|
next
|
|
end
|
|
config wanopt settings
|
|
set host-id "default-id"
|
|
set tunnel-ssl-algorithm high
|
|
set auto-detect-algorithm simple
|
|
set tunnel-optimization balanced
|
|
end
|
|
config wanopt peer
|
|
end
|
|
config wanopt auth-group
|
|
end
|
|
config wanopt profile
|
|
edit "default"
|
|
set transparent enable
|
|
set comments "Default WANopt profile."
|
|
set auth-group ''
|
|
config http
|
|
set status disable
|
|
set secure-tunnel disable
|
|
set byte-caching enable
|
|
set ssl disable
|
|
set prefer-chunking fix
|
|
set protocol-opt protocol
|
|
set tunnel-sharing private
|
|
end
|
|
config cifs
|
|
set status disable
|
|
set secure-tunnel disable
|
|
set byte-caching enable
|
|
set prefer-chunking fix
|
|
set protocol-opt protocol
|
|
set tunnel-sharing private
|
|
end
|
|
config mapi
|
|
set status disable
|
|
set secure-tunnel disable
|
|
set byte-caching enable
|
|
set tunnel-sharing private
|
|
end
|
|
config ftp
|
|
set status disable
|
|
set secure-tunnel disable
|
|
set byte-caching enable
|
|
set prefer-chunking fix
|
|
set protocol-opt protocol
|
|
set tunnel-sharing private
|
|
end
|
|
config tcp
|
|
set status disable
|
|
end
|
|
next
|
|
end
|
|
config system speed-test-server
|
|
end
|
|
config log memory setting
|
|
set status enable
|
|
end
|
|
config log disk setting
|
|
set status disable
|
|
end
|
|
config log eventfilter
|
|
set event enable
|
|
set system enable
|
|
set vpn enable
|
|
set user enable
|
|
set router enable
|
|
set wireless-activity enable
|
|
set wan-opt enable
|
|
set endpoint enable
|
|
set ha enable
|
|
set security-rating enable
|
|
set fortiextender enable
|
|
set connector enable
|
|
set sdwan enable
|
|
set cifs enable
|
|
set switch-controller enable
|
|
set webproxy enable
|
|
end
|
|
config log memory filter
|
|
set severity information
|
|
set forward-traffic enable
|
|
set local-traffic enable
|
|
set multicast-traffic enable
|
|
set sniffer-traffic enable
|
|
set ztna-traffic enable
|
|
set anomaly enable
|
|
set voip enable
|
|
set gtp enable
|
|
set forti-switch enable
|
|
end
|
|
config log disk filter
|
|
set severity information
|
|
set forward-traffic enable
|
|
set local-traffic enable
|
|
set multicast-traffic enable
|
|
set sniffer-traffic enable
|
|
set ztna-traffic enable
|
|
set anomaly enable
|
|
set voip enable
|
|
set dlp-archive enable
|
|
set gtp enable
|
|
set forti-switch enable
|
|
end
|
|
config log fortiguard override-setting
|
|
set override disable
|
|
set access-config enable
|
|
end
|
|
config log tacacs+accounting setting
|
|
set status disable
|
|
set source-ip ''
|
|
set interface-select-method auto
|
|
end
|
|
config log tacacs+accounting2 setting
|
|
set status disable
|
|
set source-ip ''
|
|
set interface-select-method auto
|
|
end
|
|
config log tacacs+accounting3 setting
|
|
set status disable
|
|
set source-ip ''
|
|
set interface-select-method auto
|
|
end
|
|
config log tacacs+accounting filter
|
|
set login-audit enable
|
|
set config-change-audit enable
|
|
set cli-cmd-audit disable
|
|
end
|
|
config log tacacs+accounting2 filter
|
|
set login-audit enable
|
|
set config-change-audit enable
|
|
set cli-cmd-audit disable
|
|
end
|
|
config log tacacs+accounting3 filter
|
|
set login-audit enable
|
|
set config-change-audit enable
|
|
set cli-cmd-audit disable
|
|
end
|
|
config log null-device setting
|
|
set status disable
|
|
end
|
|
config log null-device filter
|
|
set severity information
|
|
set forward-traffic enable
|
|
set local-traffic enable
|
|
set multicast-traffic enable
|
|
set sniffer-traffic enable
|
|
set ztna-traffic enable
|
|
set anomaly enable
|
|
set voip enable
|
|
set gtp enable
|
|
set forti-switch enable
|
|
end
|
|
config log setting
|
|
set resolve-ip disable
|
|
set resolve-port enable
|
|
set log-user-in-upper disable
|
|
set fwpolicy-implicit-log disable
|
|
set fwpolicy6-implicit-log disable
|
|
set extended-log disable
|
|
set local-in-allow enable
|
|
set local-in-deny-unicast enable
|
|
set local-in-deny-broadcast enable
|
|
set local-out enable
|
|
set local-out-ioc-detection enable
|
|
set neighbor-event disable
|
|
set brief-traffic-format disable
|
|
set user-anonymize disable
|
|
set fortiview-weekly-data disable
|
|
set expolicy-implicit-log disable
|
|
set log-policy-comment disable
|
|
set faz-override disable
|
|
set syslog-override disable
|
|
set rest-api-set disable
|
|
set rest-api-get disable
|
|
set rest-api-performance disable
|
|
set long-live-session-stat enable
|
|
end
|
|
config log gui-display
|
|
set resolve-hosts enable
|
|
set resolve-apps enable
|
|
set fortiview-unscanned-apps disable
|
|
end
|
|
config system lldp network-policy
|
|
end
|
|
config system pcp-server
|
|
set status disable
|
|
end
|
|
config firewall schedule onetime
|
|
end
|
|
config firewall schedule recurring
|
|
edit "always"
|
|
set start 00:00
|
|
set end 00:00
|
|
set day sunday monday tuesday wednesday thursday friday saturday
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "none"
|
|
set start 00:00
|
|
set end 00:00
|
|
set day none
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
edit "default-darrp-optimize"
|
|
set start 01:00
|
|
set end 01:30
|
|
set day sunday monday tuesday wednesday thursday friday saturday
|
|
set color 0
|
|
set fabric-object disable
|
|
next
|
|
end
|
|
config firewall schedule group
|
|
end
|
|
config firewall ippool
|
|
edit "ippool-198.36.23.251"
|
|
set type overload
|
|
set startip 198.36.23.251
|
|
set endip 198.36.23.251
|
|
set arp-reply enable
|
|
set arp-intf ''
|
|
set associated-interface ''
|
|
set comments ''
|
|
set nat64 disable
|
|
next
|
|
edit "ippool-198.36.23.252"
|
|
set type overload
|
|
set startip 198.36.23.252
|
|
set endip 198.36.23.252
|
|
set arp-reply enable
|
|
set arp-intf ''
|
|
set associated-interface ''
|
|
set comments ''
|
|
set nat64 disable
|
|
next
|
|
edit "ippool-198.36.23.253"
|
|
set type overload
|
|
set startip 198.36.23.253
|
|
set endip 198.36.23.253
|
|
set arp-reply enable
|
|
set arp-intf ''
|
|
set associated-interface ''
|
|
set comments ''
|
|
set nat64 disable
|
|
next
|
|
edit "ippool-198.36.23.254"
|
|
set type overload
|
|
set startip 198.36.23.254
|
|
set endip 198.36.23.254
|
|
set arp-reply enable
|
|
set arp-intf ''
|
|
set associated-interface ''
|
|
set comments ''
|
|
set nat64 disable
|
|
next
|
|
edit "NTSS_Outside"
|
|
set type overload
|
|
set startip 198.36.24.68
|
|
set endip 198.36.24.68
|
|
set arp-reply enable
|
|
set arp-intf ''
|
|
set associated-interface ''
|
|
set comments ''
|
|
set nat64 disable
|
|
next
|
|
edit "Nighttime_Outside"
|
|
set type overload
|
|
set startip 198.36.24.191
|
|
set endip 198.36.24.191
|
|
set arp-reply enable
|
|
set arp-intf ''
|
|
set associated-interface ''
|
|
set comments ''
|
|
set nat64 disable
|
|
next
|
|
edit "MailOut_Outside"
|
|
set type overload
|
|
set startip 198.36.22.227
|
|
set endip 198.36.22.227
|
|
set arp-reply enable
|
|
set arp-intf ''
|
|
set associated-interface ''
|
|
set comments ''
|
|
set nat64 disable
|
|
next
|
|
edit "SBC-NOC-Outside"
|
|
set type overload
|
|
set startip 198.36.26.37
|
|
set endip 198.36.26.37
|
|
set arp-reply enable
|
|
set arp-intf ''
|
|
set associated-interface ''
|
|
set comments ''
|
|
set nat64 disable
|
|
next
|
|
edit "SBC-DAN-Outside"
|
|
set type overload
|
|
set startip 198.36.26.38
|
|
set endip 198.36.26.38
|
|
set arp-reply enable
|
|
set arp-intf ''
|
|
set associated-interface ''
|
|
set comments ''
|
|
set nat64 disable
|
|
next
|
|
end
|
|
config firewall ippool6
|
|
end
|
|
config firewall ldb-monitor
|
|
end
|
|
config firewall vip
|
|
edit "vip-ntss"
|
|
set id 0
|
|
set uuid 019d266e-8aea-51ec-5a6d-3ce1e812fbc7
|
|
set comment "SRIC BOCES Tunnel
|
|
170.161.52.27 (SRIC Server) - This is the source address needed for the tunnel
|
|
170.161.52.25 (SRIC Firewall)
|
|
description Eastern Suffolk BOCES access to NTSS.scsd.ad"
|
|
set type static-nat
|
|
set src-filter "170.161.52.27-170.161.52.27"
|
|
set src-vip-filter disable
|
|
set extip 198.36.24.68
|
|
config quic
|
|
set max-idle-timeout 30000
|
|
set max-udp-payload-size 1500
|
|
set active-connection-id-limit 2
|
|
set ack-delay-exponent 3
|
|
set max-ack-delay 25
|
|
set max-datagram-frame-size 1500
|
|
set active-migration disable
|
|
set grease-quic-bit enable
|
|
end
|
|
set nat44 enable
|
|
set nat46 disable
|
|
set mappedip "10.1.48.68"
|
|
set extintf "SRIC_BOCES"
|
|
set arp-reply enable
|
|
set nat-source-vip enable
|
|
set portforward disable
|
|
set gratuitous-arp-interval 0
|
|
set srcintf-filter "outside lag"
|
|
set ssl-client-rekey-count 0
|
|
set color 0
|
|
next
|
|
edit "vip-scsdess"
|
|
set id 0
|
|
set uuid 4cc237c2-3814-51ef-0f22-8f9cbd1f5422
|
|
set comment "ESS"
|
|
set type static-nat
|
|
set extip 198.36.24.100
|
|
config quic
|
|
set max-idle-timeout 30000
|
|
set max-udp-payload-size 1500
|
|
set active-connection-id-limit 2
|
|
set ack-delay-exponent 3
|
|
set max-ack-delay 25
|
|
set max-datagram-frame-size 1500
|
|
set active-migration disable
|
|
set grease-quic-bit enable
|
|
end
|
|
set nat44 enable
|
|
set nat46 disable
|
|
set mappedip "10.1.140.14"
|
|
set extintf "outside lag"
|
|
set arp-reply enable
|
|
set nat-source-vip enable
|
|
set portforward disable
|
|
set gratuitous-arp-interval 0
|
|
set srcintf-filter "outside lag"
|
|
set ssl-client-rekey-count 0
|
|
set color 0
|
|
next
|
|
edit "vip-applecaching"
|
|
set id 0
|
|
set uuid 4cc32e34-3814-51ef-54ec-fece8f0e63ff
|
|
set comment "Apple caching server for managing Apple device updates"
|
|
set type static-nat
|
|
set extip 198.36.24.57
|
|
config quic
|
|
set max-idle-timeout 30000
|
|
set max-udp-payload-size 1500
|
|
set active-connection-id-limit 2
|
|
set ack-delay-exponent 3
|
|
set max-ack-delay 25
|
|
set max-datagram-frame-size 1500
|
|
set active-migration disable
|
|
set grease-quic-bit enable
|
|
end
|
|
set nat44 enable
|
|
set nat46 disable
|
|
set mappedip "10.1.40.107"
|
|
set extintf "outside lag"
|
|
set arp-reply enable
|
|
set nat-source-vip enable
|
|
set portforward disable
|
|
set gratuitous-arp-interval 0
|
|
set srcintf-filter "outside lag"
|
|
set ssl-client-rekey-count 0
|
|
set color 0
|
|
next
|
|
edit "vip-DC01"
|
|
set id 0
|
|
set uuid 4cc42b40-3814-51ef-cbf3-ca98747ea836
|
|
set comment "Domain Controller for LDAP"
|
|
set type static-nat
|
|
set extip 198.36.25.45
|
|
config quic
|
|
set max-idle-timeout 30000
|
|
set max-udp-payload-size 1500
|
|
set active-connection-id-limit 2
|
|
set ack-delay-exponent 3
|
|
set max-ack-delay 25
|
|
set max-datagram-frame-size 1500
|
|
set active-migration disable
|
|
set grease-quic-bit enable
|
|
end
|
|
set nat44 enable
|
|
set nat46 disable
|
|
set mappedip "10.1.40.95"
|
|
set extintf "outside lag"
|
|
set arp-reply enable
|
|
set nat-source-vip enable
|
|
set portforward disable
|
|
set gratuitous-arp-interval 0
|
|
set srcintf-filter "outside lag"
|
|
set ssl-client-rekey-count 0
|
|
set color 14
|
|
next
|
|
edit "vip-tableau"
|
|
set id 0
|
|
set uuid 4cc52bc6-3814-51ef-cf97-1d0d949ddbfa
|
|
set comment "Tableau"
|
|
set type static-nat
|
|
set extip 198.36.24.61
|
|
config quic
|
|
set max-idle-timeout 30000
|
|
set max-udp-payload-size 1500
|
|
set active-connection-id-limit 2
|
|
set ack-delay-exponent 3
|
|
set max-ack-delay 25
|
|
set max-datagram-frame-size 1500
|
|
set active-migration disable
|
|
set grease-quic-bit enable
|
|
end
|
|
set nat44 enable
|
|
set nat46 disable
|
|
set mappedip "10.1.140.12"
|
|
set extintf "outside lag"
|
|
set arp-reply enable
|
|
set nat-source-vip enable
|
|
set portforward disable
|
|
set gratuitous-arp-interval 0
|
|
set srcintf-filter "outside lag"
|
|
set ssl-client-rekey-count 0
|
|
set color 0
|
|
next
|
|
edit "vip-ns1"
|
|
set id 0
|
|
set uuid 4cc618ce-3814-51ef-c89b-024f2f4a81a1
|
|
set comment "DNS External"
|
|
set type static-nat
|
|
set extip 198.36.22.245
|
|
config quic
|
|
set max-idle-timeout 30000
|
|
set max-udp-payload-size 1500
|
|
set active-connection-id-limit 2
|
|
set ack-delay-exponent 3
|
|
set max-ack-delay 25
|
|
set max-datagram-frame-size 1500
|
|
set active-migration disable
|
|
set grease-quic-bit enable
|
|
end
|
|
set nat44 enable
|
|
set nat46 disable
|
|
set mappedip "10.1.48.45"
|
|
set extintf "outside lag"
|
|
set arp-reply enable
|
|
set nat-source-vip enable
|
|
set portforward disable
|
|
set gratuitous-arp-interval 0
|
|
set srcintf-filter "outside lag"
|
|
set ssl-client-rekey-count 0
|
|
set color 0
|
|
next
|
|
edit "vip-ns2"
|
|
set id 0
|
|
set uuid 4cc706b2-3814-51ef-18c4-e5899f7e11f9
|
|
set comment "DNS External"
|
|
set type static-nat
|
|
set extip 198.36.22.19
|
|
config quic
|
|
set max-idle-timeout 30000
|
|
set max-udp-payload-size 1500
|
|
set active-connection-id-limit 2
|
|
set ack-delay-exponent 3
|
|
set max-ack-delay 25
|
|
set max-datagram-frame-size 1500
|
|
set active-migration disable
|
|
set grease-quic-bit enable
|
|
end
|
|
set nat44 enable
|
|
set nat46 disable
|
|
set mappedip "10.1.40.41"
|
|
set extintf "outside lag"
|
|
set arp-reply enable
|
|
set nat-source-vip enable
|
|
set portforward disable
|
|
set gratuitous-arp-interval 0
|
|
set srcintf-filter "outside lag"
|
|
set ssl-client-rekey-count 0
|
|
set color 0
|
|
next
|
|
edit "vip-webhelpdesk"
|
|
set id 0
|
|
set uuid 4cc7f892-3814-51ef-7018-37ffd3853699
|
|
set comment "Web Help Desk"
|
|
set type static-nat
|
|
set extip 198.36.25.20
|
|
config quic
|
|
set max-idle-timeout 30000
|
|
set max-udp-payload-size 1500
|
|
set active-connection-id-limit 2
|
|
set ack-delay-exponent 3
|
|
set max-ack-delay 25
|
|
set max-datagram-frame-size 1500
|
|
set active-migration disable
|
|
set grease-quic-bit enable
|
|
end
|
|
set nat44 enable
|
|
set nat46 disable
|
|
set mappedip "10.1.140.6"
|
|
set extintf "outside lag"
|
|
set arp-reply enable
|
|
set nat-source-vip enable
|
|
set portforward disable
|
|
set gratuitous-arp-interval 0
|
|
set ssl-client-rekey-count 0
|
|
set color 0
|
|
next
|
|
edit "vip-Airwatchapp"
|
|
set id 0
|
|
set uuid 4cc8cf60-3814-51ef-1af9-2acefc11dd3d
|
|
set comment "Airwatch (Workspace One) MDM"
|
|
set type static-nat
|
|
set extip 198.36.24.56
|
|
config quic
|
|
set max-idle-timeout 30000
|
|
set max-udp-payload-size 1500
|
|
set active-connection-id-limit 2
|
|
set ack-delay-exponent 3
|
|
set max-ack-delay 25
|
|
set max-datagram-frame-size 1500
|
|
set active-migration disable
|
|
set grease-quic-bit enable
|
|
end
|
|
set nat44 enable
|
|
set nat46 disable
|
|
set mappedip "10.1.140.9"
|
|
set extintf "outside lag"
|
|
set arp-reply enable
|
|
set nat-source-vip enable
|
|
set portforward disable
|
|
set gratuitous-arp-interval 0
|
|
set srcintf-filter "outside lag"
|
|
set ssl-client-rekey-count 0
|
|
set color 0
|
|
next
|
|
edit "vip-Webosphere"
|
|
set id 0
|
|
set uuid 4cc9ccbc-3814-51ef-91cd-a46609fda116
|
|
set comment "SCSD Website"
|
|
set type static-nat
|
|
set extip 198.36.24.16
|
|
config quic
|
|
set max-idle-timeout 30000
|
|
set max-udp-payload-size 1500
|
|
set active-connection-id-limit 2
|
|
set ack-delay-exponent 3
|
|
set max-ack-delay 25
|
|
set max-datagram-frame-size 1500
|
|
set active-migration disable
|
|
set grease-quic-bit enable
|
|
end
|
|
set nat44 enable
|
|
set nat46 disable
|
|
set mappedip "10.1.140.11"
|
|
set extintf "outside lag"
|
|
set arp-reply enable
|
|
set nat-source-vip enable
|
|
set portforward disable
|
|
set gratuitous-arp-interval 0
|
|
set srcintf-filter "outside lag"
|
|
set ssl-client-rekey-count 0
|
|
set color 0
|
|
next
|
|
edit "vip-Neutrons"
|
|
set id 0
|
|
set uuid 4ccddf5a-3814-51ef-3e3d-ff4174850fb8
|
|
set comment "Address Lookup"
|
|
set type static-nat
|
|
set extip 198.36.24.210
|
|
config quic
|
|
set max-idle-timeout 30000
|
|
set max-udp-payload-size 1500
|
|
set active-connection-id-limit 2
|
|
set ack-delay-exponent 3
|
|
set max-ack-delay 25
|
|
set max-datagram-frame-size 1500
|
|
set active-migration disable
|
|
set grease-quic-bit enable
|
|
end
|
|
set nat44 enable
|
|
set nat46 disable
|
|
set mappedip "10.1.40.210"
|
|
set extintf "outside lag"
|
|
set arp-reply enable
|
|
set nat-source-vip enable
|
|
set portforward disable
|
|
set gratuitous-arp-interval 0
|
|
set ssl-client-rekey-count 0
|
|
set color 0
|
|
next
|
|
edit "vip-Barracuda-Archive-2"
|
|
set id 0
|
|
set uuid 4ccec60e-3814-51ef-cc48-1f1992586cfc
|
|
set comment "Barracuda Email"
|
|
set type static-nat
|
|
set extip 198.36.22.229
|
|
config quic
|
|
set max-idle-timeout 30000
|
|
set max-udp-payload-size 1500
|
|
set active-connection-id-limit 2
|
|
set ack-delay-exponent 3
|
|
set max-ack-delay 25
|
|
set max-datagram-frame-size 1500
|
|
set active-migration disable
|
|
set grease-quic-bit enable
|
|
end
|
|
set nat44 enable
|
|
set nat46 disable
|
|
set mappedip "10.1.40.17"
|
|
set extintf "outside lag"
|
|
set arp-reply enable
|
|
set nat-source-vip enable
|
|
set portforward disable
|
|
set gratuitous-arp-interval 0
|
|
set srcintf-filter "outside lag"
|
|
set ssl-client-rekey-count 0
|
|
set color 0
|
|
next
|
|
edit "vip-Barracuda-Archive-1"
|
|
set id 0
|
|
set uuid 4ccfca7c-3814-51ef-5463-b9aabcab7272
|
|
set comment "Barracuda Email"
|
|
set type static-nat
|
|
set extip 198.36.22.228
|
|
config quic
|
|
set max-idle-timeout 30000
|
|
set max-udp-payload-size 1500
|
|
set active-connection-id-limit 2
|
|
set ack-delay-exponent 3
|
|
set max-ack-delay 25
|
|
set max-datagram-frame-size 1500
|
|
set active-migration disable
|
|
set grease-quic-bit enable
|
|
end
|
|
set nat44 enable
|
|
set nat46 disable
|
|
set mappedip "10.1.40.16"
|
|
set extintf "outside lag"
|
|
set arp-reply enable
|
|
set nat-source-vip enable
|
|
set portforward disable
|
|
set gratuitous-arp-interval 0
|
|
set srcintf-filter "outside lag"
|
|
set ssl-client-rekey-count 0
|
|
set color 0
|
|
next
|
|
edit "vip-hybrid-email"
|
|
set id 0
|
|
set uuid 4cd2bade-3814-51ef-b000-fcd64653853f
|
|
set comment "Email"
|
|
set type static-nat
|
|
set extip 198.36.22.143
|
|
config quic
|
|
set max-idle-timeout 30000
|
|
set max-udp-payload-size 1500
|
|
set active-connection-id-limit 2
|
|
set ack-delay-exponent 3
|
|
set max-ack-delay 25
|
|
set max-datagram-frame-size 1500
|
|
set active-migration disable
|
|
set grease-quic-bit enable
|
|
end
|
|
set nat44 enable
|
|
set nat46 disable
|
|
set mappedip "10.1.48.49"
|
|
set extintf "outside lag"
|
|
set arp-reply enable
|
|
set nat-source-vip disable
|
|
set portforward disable
|
|
set gratuitous-arp-interval 0
|
|
set ssl-client-rekey-count 0
|
|
set color 0
|
|
next
|
|
edit "vip-sbc-noc"
|
|
set id 0
|
|
set uuid 4cd3887e-3814-51ef-dd48-07aa68d5f442
|
|
set comment "Ribbon ITC NOC"
|
|
set type static-nat
|
|
set extip 198.36.26.37
|
|
config quic
|
|
set max-idle-timeout 30000
|
|
set max-udp-payload-size 1500
|
|
set active-connection-id-limit 2
|
|
set ack-delay-exponent 3
|
|
set max-ack-delay 25
|
|
set max-datagram-frame-size 1500
|
|
set active-migration disable
|
|
set grease-quic-bit enable
|
|
end
|
|
set nat44 enable
|
|
set nat46 disable
|
|
set mappedip "10.1.150.21"
|
|
set extintf "outside lag"
|
|
set arp-reply enable
|
|
set nat-source-vip disable
|
|
set portforward disable
|
|
set gratuitous-arp-interval 0
|
|
set ssl-client-rekey-count 0
|
|
set color 0
|
|
next
|
|
edit "vip-sbc-dan"
|
|
set id 0
|
|
set uuid 4cd45ae2-3814-51ef-0822-d90db6ed1249
|
|
set comment "Ribbon Shea-NOC"
|
|
set type static-nat
|
|
set extip 198.36.26.38
|
|
config quic
|
|
set max-idle-timeout 30000
|
|
set max-udp-payload-size 1500
|
|
set active-connection-id-limit 2
|
|
set ack-delay-exponent 3
|
|
set max-ack-delay 25
|
|
set max-datagram-frame-size 1500
|
|
set active-migration disable
|
|
set grease-quic-bit enable
|
|
end
|
|
set nat44 enable
|
|
set nat46 disable
|
|
set mappedip "10.1.150.22"
|
|
set extintf "outside lag"
|
|
set arp-reply enable
|
|
set nat-source-vip disable
|
|
set portforward disable
|
|
set gratuitous-arp-interval 0
|
|
set ssl-client-rekey-count 0
|
|
set color 0
|
|
next
|
|
edit "vip-PrintOC"
|
|
set id 0
|
|
set uuid 4cd61d78-3814-51ef-8af3-e31c8d493648
|
|
set comment "Oracle Printer"
|
|
set type static-nat
|
|
set extip 198.36.26.119
|
|
config quic
|
|
set max-idle-timeout 30000
|
|
set max-udp-payload-size 1500
|
|
set active-connection-id-limit 2
|
|
set ack-delay-exponent 3
|
|
set max-ack-delay 25
|
|
set max-datagram-frame-size 1500
|
|
set active-migration disable
|
|
set grease-quic-bit enable
|
|
end
|
|
set nat44 enable
|
|
set nat46 disable
|
|
set mappedip "10.1.40.219"
|
|
set extintf "outside lag"
|
|
set arp-reply enable
|
|
set nat-source-vip disable
|
|
set portforward disable
|
|
set gratuitous-arp-interval 0
|
|
set ssl-client-rekey-count 0
|
|
set color 0
|
|
next
|
|
edit "vip-EMS"
|
|
set id 0
|
|
set uuid 14ab8176-bcb3-51ef-1b1c-bed2b8e8c1c7
|
|
set comment "FortiClient EMS"
|
|
set type static-nat
|
|
set extip 198.36.24.202
|
|
config quic
|
|
set max-idle-timeout 30000
|
|
set max-udp-payload-size 1500
|
|
set active-connection-id-limit 2
|
|
set ack-delay-exponent 3
|
|
set max-ack-delay 25
|
|
set max-datagram-frame-size 1500
|
|
set active-migration disable
|
|
set grease-quic-bit enable
|
|
end
|
|
set nat44 enable
|
|
set nat46 disable
|
|
set mappedip "10.1.40.22"
|
|
set extintf "outside lag"
|
|
set arp-reply enable
|
|
set nat-source-vip disable
|
|
set portforward disable
|
|
set gratuitous-arp-interval 0
|
|
set ssl-client-rekey-count 0
|
|
set color 0
|
|
next
|
|
end
|
|
config firewall vip6
|
|
end
|
|
config firewall vipgrp
|
|
edit "vip-grp-barracuda_Archivers"
|
|
set uuid 78e4ebf6-3814-51ef-da75-f835efea27dd
|
|
set interface "outside lag"
|
|
set color 0
|
|
set comments ''
|
|
set member "vip-Barracuda-Archive-1" "vip-Barracuda-Archive-2"
|
|
next
|
|
end
|
|
config firewall vipgrp6
|
|
end
|
|
config firewall ssh local-key
|
|
edit "g-Fortinet_SSH_DSA1024"
|
|
set password ENC ELUs8iwQQLkncjr4Qs/fyoOrPeKDLeu4qZSEAS1ThpKos1CO6qO2BKWCrh6IIy9acOAf+/9M6eVFuJSQFrxl/NsaENceVv2pB3dKbJ8C6h6fHxzunDx2ctm0pm1TgSk3++bsMnOvRojl+NKfkoitNjwY+bxjQnTr3jF51fPG3RxbwdfAGE6t4X3bC4yqCedc2KNvjllmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCV7DL5b6
|
|
cQ4DFxLFfd9NBXAAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDho
|
|
KqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTq
|
|
a7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq
|
|
7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXk
|
|
jxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFR
|
|
XsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEe
|
|
P+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5
|
|
lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11G
|
|
wlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQAAAHgUeQzjFiceCe8Mfak
|
|
H97NypLIabuKsuXWYdK/YowIdC9ZVR0k2T28Zv+c3zNpLJfnm5pZnO4aX3VX98d5NlYarc
|
|
CuGS/xMjwxVuTo/FoJ5Pv3EUIvAO8i9JYPs+FGNkYQlbAQ+duxXUKVjGLBSID8zxQx/cz/
|
|
PAR1iwLkbXdJdO+NCgj81YIiwGG8YtSHHR0hYzf+Trb04p9sDwZWcBLBWEHDv7WW7ZH4t5
|
|
D8uGkNAlivP8VIdSYxtpMcGa52+LADwGh9/4nezEvcHRLogwc2pEQRGCNKdayXWBuYiplY
|
|
Yddz734+NQHkmyTZZ8UuoINM8fCfu8nu8MKGA0w1aFyBJMAMoHQMsPRdUNr9Jv/JeZcfht
|
|
N9cXibpgIzxC+DvnxUASnKbF+s5ry0L9KQWmZukfm9W4UMoBadgLRF7GwK0bgasacWiP+w
|
|
UPDXc5woeJgBWw2qOaC0Fq4tpoUndCni0IHrKwihZb0lqMBK1wTWSdXX1PDvAgD/dluttR
|
|
hoLJzECgbAT8hK6UYoCHbAFl854ZSCYbZE3ZqknMWMPrAx67VQkcfkoI+7vL4G60NdKPJ3
|
|
l9v1llo/eMY8StltYorKalr7PHu8cM1dpkvpfHTMJn1Ox78QXmbLP2kK57ChPm3s
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAMlbbf4IhF0Mh2eRvDhoKqePrDh946N1KbbbOWbHWOeBVolyr5KCTbfgv6f0a3VW8ATXZH9OMz0uYjTTQII3rp1XTqa7a3TzdPoTM9bO27PDLTp07LqM1kRSps/8oSsZ4h/kGu3fuke/MfTiAn7hAfdJYcANGbDq7tfTXlPaY3VhAAAAFQD/+3WBsGEG6BjC2UUehkA3aDAFmwAAAIBeIcQedn7rLkV2N27gXkjxfrbW6FMwfiEoJC6mZ0NvSuOqzOcrAzsnAydVy38cIlTdGwXhoHA5Jd2Cr0gV2p1R1WFRXsBWpNqDorVNCdimLM16NBAcwjVjarpNuk3egjdAhdbGsnDxHH54XCdIP3FyyTuh2ljDEeP+bc6eQJGxPgAAAIEAjK1lJYaCHrAZhcWJIITih4QFsQ8XZeKzp40YIjzXVf27HBCFHVz5lEv4MtiFxhDKur0lO+2uHOLY+0xsgfM0fe7S/cAKRx/5UZkCmU5s6CkvZjIEPDZ4tvn11GwlULTcjyZ2uwCo8Xd7QjnOUs8YNsRSO8hzWO5aB9aZ7OEDhiQ="
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_ECDSA256"
|
|
set password ENC PV7GFAErF6K/hy/1drQhK4PkK9afz1Dhp+FWGnPK9myUmI8yhPExjgtvrCtRC5mWMy4/TUC1IPe9XzdDH7tA+cp873FuZ36uihmb7S5kBy/ZlhOAeR/A4KdoP7D2p5cBkYhU1YhP3j2BeYpfbf2kuAVzimvqtHIK0ZVTleXdrdFXsJnJ1HbR5tXkFs5U/KXK+2GXMVlmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDWswKzHl
|
|
aPj5eXaLmQWZXVAAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
|
|
dHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvK
|
|
y7MHqF8ARHi1glc6RSoarryTUQuCIAAACg4SS+EPsp+ZqCTFN7GvtH9z9bU4OTN6G1Bfdv
|
|
vrru+xqPzixqYvUAvgqwvNnrtkq6NVCx5QANnxBGdnJNrUckZTw6f6KBUoVKF78fRBMYWe
|
|
JsOBJ1uJujShmxSiEGSyFYcXhCCq8Fy9goi1VpuAn3EXi8ymij6j+iqlU9+kIsbNTuZqd8
|
|
zolTGUvO8QIuzpzl2VK47Y8KnDwmXaEhwYPbPA==
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMQSAUWeMnwS2TQbQWW3h890GnmzeJSwIq2rEIew+gyij4UMAjpsRmztvKy7MHqF8ARHi1glc6RSoarryTUQuCI="
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_ECDSA384"
|
|
set password ENC eOtHiVgl4M5wxImekw7k5Fm501+Ak3xJWP+PnvH0rlqvK+GTUwbcsUydAiao0Oks1jphxK8KhERRFvt+mY0XR+K/IFG+NXCs3hZmT8NqmwKDhzG+eHlemGohLyDxEF4OmNbtIiIHPOMgye/MBajyT4c2KYr3yjSTZQQqV/Yfyrzy8w6YyYSwm31QJgVAWhh7hntKjFlmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDbSYBuM2
|
|
11IfFhYCRE5sRQAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
|
|
dHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMj
|
|
U5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXx
|
|
dgAAANCGkPrVLVn6hc/M4lCGoZ1nFz57gA+8Kzl0cAXL4UAJHZPOuNI6C137KbjNlxsGQc
|
|
YwFFKpDU23zcQyWbUkqydmggO+czct9o3kAU6WVK3RlGs9lhI6eeT7Z2FBRm0DISCXgi3c
|
|
JETaHXDDeMYB5WWDuNut2ex/qtWiv93xxm9JBgv113GdAYaD1+s1wsFWQgq40gOVFtLpJT
|
|
7ck+uCjfgkvj0u0EHgSCHCl/FYin5tH2mAS9yz1kKW2EsUzufEBU9roWaBgUuZszrWsX7T
|
|
Uzjs
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEYsR4/2sjh+OMgxpEBi/72jNVXnBwUHpkOneWiESbnCoIWvKp8h0RjNMjU5Tj5yP6txNtuAIt8NVvUcVhj9ZtIOWAsA7bDDRZGYv+/80R4N7Z0OnShs9iuYSb0+FQXxdg=="
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_ECDSA521"
|
|
set password ENC f2S1R/670WXrH0bnjNxKnhaeCjtLpCEjjhFiqerK4gVUo/4ysKRaSngQMG6ytQu80ZvBFPhpLGEmZ9b9k62KDf0I1BShFxBHg4Mq2R7HvsL6fUzGg7vTSrpsuRJQvVfi2e8acmzOzR3SF/dp/O/BdUjmm6gNozHjmOr4XhGKyZrfByEwGgSE90v8mVlXT0ViJRUe11lmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBDVO8Ujp
|
|
OpeKLIgEatpDJnAAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
|
|
dHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdF
|
|
t5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+K
|
|
HPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RAAAAQCJDmDSUGShG163fq
|
|
XABvww6uZX6RKPV0hve3T9e8VwFWeqjKegGTEP3q4bhXErJ20Ur1oqyQh1a2rf95VXHkoL
|
|
W9dGf9c09ifXDYVHMtUto1M0S2T+szFRr0fnAtLsvmeUM5GUlB07Kin+VKmycHZiB1bF0z
|
|
vIKMBi3KLMXtAUevSvKyruI7YiKqD4CwSvULU73zoziGh0jhUNVpzBdK9pNZHdUMVtxTrX
|
|
a9gu13ZGVvPGyrRuDsvQMks6L7KIIKF0W0vRBY6AOvy3A2GNrLrdkHj2jy8fzcyZwWkt+b
|
|
azdh/FrGRZTDTro6CDeF92cjGixeU26B2se812bLw/U2It
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBACaKKuE8V8VNj3xOI4Cz0NpoN8KJMJWRxuLPTYtMBFzACZdDsfmQdZQdFt5J++GxB6Y6XgNd5eg4/W0YU1z35BJ6QEuCMrZli2/4vtPy8DPeRMR2hpHOC/BuqnEER+KHPehHHl1Du644EQUmgPailxPEBDJKJcA8PgrFsN5h0iHx4C6RA=="
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_ED25519"
|
|
set password ENC hxljaSxiJWnKCWXUWIs5vVsmmm4NsKURhHYnE8HWNNHFH8sQ96L1FbpmtROwRcI+pM/BoeY15bZhzugbSdq1r48hGfnaOPkvYTrXpaWpsgRgnjqLmOupEWZQDgm3p0GigQqslfjX9VClEDwQe5gGrtfbLi+hEXNpfBhPev9SQfnohjfr1kDU+hyi89gFZikXLe4HDllmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAg8FF7ts
|
|
9O5tOD/3vfMgwHAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd
|
|
3JUEAvHnugjOGiXz5Puxg/8YfanOAAAAkBccPI9Dq/7BCMcTVUE9z4ybcOVMlI+53gfr+g
|
|
p67zVLKHPX96XSk/XQBKLjKJ6PSLl9UuEE4MP40LjlSH6U7DlQc3+Kbw8ijV0SbLgH3tV3
|
|
8sXLY4Q3xZCI9VROo82lN2NZfSBk90A5+SahMizkr/M25+OjcLWgkxmzz1t08sjfIt4ZsH
|
|
60nNsm7lppl/WZJw==
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHEZ/PIMBDv6gqd3JUEAvHnugjOGiXz5Puxg/8YfanO"
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_RSA2048"
|
|
set password ENC m13/50FxgoH11WAUkJQkeLF9oXCvgSzaXMfUI+AGZNDTqipUFTXrxunGMVTp2SB9FxeHX7k/jcZiuMP704ajy8nLfy9IlPCteuKckiCr28oS2MXY714rZsmmBDFO1oRKSByvj9sPKmHqSwVjrGK5DF/anMG4RCIN5LUDjhyf7bO6Jp/H1LPs9ofTqAsLJ0q03z8COFlmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBV/6oGox
|
|
s8r2NeX1aYozX/AAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhh
|
|
Q5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7
|
|
A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GK
|
|
hFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvC
|
|
HA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8z
|
|
OSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0vAAADwNY1Gj3rHBwaak
|
|
/XfAz6YK3kX+fEHOOzWTndUjw6DIoxsTMHZmi/LcesSRkvPMRyaNxuTO55as3pObXZGFqa
|
|
ZmMttSroXyNIiF8AdUCMkA1AZZqpD+S2FURxgLgVQdLFW4auM8wl6Ci55LGqnQYXDiJWSX
|
|
0yBEc1MuHmN0TH4JEW0kGAeWD8i5rCCD8i4J6thxMbtOBqBB5WDPcrBQHetw8cKWU5F2ee
|
|
2+SjVLKhoct25Uija7lsPAX3NXnTwfz9NK2j0jGZ34PVbUmfxfoV0ubBi76SasjBwfQ8DO
|
|
TV/buWY9I98HSV8271/HAW1WOSQ61XfgymKUQkeVH1Ybv4tz8wp9Kkzp+bX1tFtN1dSCwj
|
|
S4MpJKYsFLaFB2nlPiupaLtGk1bn4nKrlVQYfT679oo3vUKTfYcHPr6SDILBaM+EKL2AjU
|
|
2OEA6TlHZ4gZeo3gUgfg1Jgzt2OgG5SO79nlkRGvR1Gylc3XzaEMiN3WWhVqKy9V0ldPgO
|
|
kv3M+jlt2rJkmt4QtfASQftQKeVb7oiGNM0UM1hJnwVEGUCMpg53mcfjQ9hkB0fUYAVLz9
|
|
dgANa82ULxHi0HVGpfbqVBI6NdFJmw57bJoJljCfJQ+Wq5nRHkUawuuNXj7MOeGUBdxNug
|
|
qQ2sC9brktnF0TamT3WH8aRGC8B5Z1IQceoKlGHYLOnEDHUHtnQQACA1TD3XPeHHuy0U+x
|
|
5vMPAOX/ZR2DsFpvqF2FaRL17kMAoCxwzPUsjFq/Y5yu1My3f3XZjcXYa4Mg1MTqxnnzK8
|
|
QvKUbdmihaGyR/RWCfVsscE0IOZz3ETeGEGhEqJ5eGWeuAPZqki6I27JYLKkoZUQ8i8j/n
|
|
damYMauMsFEsJtg89urRF6KkH0NtrcXQYr4fPHYY0W/xMQkUesyarBh2n91D6RWYCt7Blp
|
|
7Yr15Ycc8cQ19ahNxCaQVZOH6/mkfJGVRWKJfhf1BtKD/ORoatbRflHde11dysy8BF1FxM
|
|
ZLnC2S2UcJxIDNP4tmSsSnpbfAGghSzNkAx3ibJ1ch+TkK61a3gCqW023qlT85bS21yii6
|
|
cBvcEA5qk37bJFMFD1/aazPMOrro0pI10i0ptssTEEpS310O9GHdUbM5djJEEb60pWQQK2
|
|
43G5JtJz1n5WCXacVPCq7otkhEQ+xf3Y8AXs54FGrgBrDC4FZsQLWgT49oLr8B6scDGRee
|
|
F3L1d65Jd4v0i2w7DFGKZBoZB5VvZpbgnwcQN41iWGdJp5c9/sEZd65vw9dFGIU+ql2lTl
|
|
5aoiXWbA==
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6yuGwlJhhQ5ooqzfMY+4le85cWCqHdzonf4BkYtV2p0GGpmKUo0kpnQ0EbmEWRmAiPN8J6BJyHvpcv7A0a68OyTLXULSEopL0c0rrdqeK3p3oxVRn6oLbwqQvVmBZCGr+Mtak0Djw7ZM7yKMky5GKhFlZj7dZFLrzth2nQmReu93F+HkSF8iOpaqna/sTvPVqN/WLVC1CaB+Qcb6AsyMmLsTsvCHA1336eWq3M3hU14tsO5S8uDls2pfD2NaZx8VXr+00OvGSOqqZdY8cukv+xJ5IdRe2ui8zOSbh5m5OFc2DdfZ+PpQ9nU+DEDBpCSir/ovPDmsTtvqX2VClGn0v"
|
|
set source built-in
|
|
next
|
|
end
|
|
config firewall ssh local-ca
|
|
edit "g-Fortinet_SSH_CA"
|
|
set password ENC qdmZT+wegNWCYPoXDVSXQm5jl/xl3ixXZm3fI61euYKoQIiTE5bqWj+KGi8oc1SWUG3uLbLlI1ANGUQblMG2y5OEMSJOI0B+jErXZhYb4cwvqKxXvb+j6XpnYr5GF5NBXD2WZOPM5tlmM6IDVPDI/32bPRn6oPsdYxoD1+XbsnIntRruwAQ8xLWKPl82y6ItYPIux1lmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAZX89z8D
|
|
GkPICCVmUOqFHzAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAAC
|
|
NC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+U
|
|
ZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGP
|
|
E/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7A
|
|
TB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIa
|
|
Mk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9AAADwGnQQNm4H/LBQ9
|
|
Gr4hdGE5Aat0klop3XgTQRD8Z1YDr9ukmYdLJQF6o1f+eIAl8S2C+pgU8gPHWhJyGohG3A
|
|
SzK82bz602VrHPrDQoWS3judXppJ+A1NTxtwXXM7KmxZJyfxBkaTkgIljysEGbvJuGivGF
|
|
NU8kAwZBAgeK0JiuaI4DqQGoe0mYcaZmdHiXkD+5csUDGya5aJjlo75sbbP4A+f4SisAjp
|
|
J0myeXeb6XO1ihGbuVOk5bPWD00LPmYf/5ANCAyA2J/Df/5E4gdhpQc8aLAYf5kQLBiGgw
|
|
/Y4TGBWuMIgKtTxPku0mHZb3AZbKNfli6yT0nJguouUhI1rfkqHJOW4XlkESr8F9uEtZlm
|
|
POVsoCIGehjvUInBe7r40nQAb04LZ6GmWqZHX40fupFU4La4522c1o28r1qgu9h6mxq68i
|
|
wYIfaOxRQR0xKoHLV9UjcX7MDo2lMOl31hBL6wbm/SuvoOfbr3x5Ouf0aw1GA71IFMSfHn
|
|
coDAW3V7kF1ejFCFEkddzj/0zpZUXf+blCQPG5UIWmb4qjKCsrrzLHUyx/G3d0UHpTK0Ih
|
|
FZgzYUn5kX6ImlsHwOptqtoJYPeqVHZ+kK7pSSgz0M4IEmdBC1ABtaXe3uvl6KhkFlymFu
|
|
yrbWSCtyW227l3jwcQj3ZRosp2mqB37VZSvEhw9QQbfgfv7f0a5Jnhgbct5L4f66HhZfhU
|
|
Eb/L42SC4TkxPrl0ZSQ/UPOXSQUlHOGCIiVQT164rlGNDnOc7WrwtuZ+CpgrjdrRglCrsX
|
|
r4eOf/MjSGbXEjShqg2F+C75s90/ogXAB2q0Cyv1ykbB7c3ljmwtvC8P5XKhzdA2tV5YL9
|
|
4nLkzs3yQhQzszVGBtFonAGlVqz45evYGUpGULc7YUaUb5lJ52ypstknwJGxtHVzhCoppU
|
|
Jhuki0jbsOpoCOVHoVTpmShxdW62tStFEWTffSHQKJglOGXV65nb5REuZadBBI+BGEPv1N
|
|
lxICgxDdjH1nQle6g++odOcIGx3yxYCpCPnRXpO0iTmqMBC0MB+om7fx2fJLcDMrPmBflK
|
|
nBvGLdD0yxYnUzJieKyYkRmR2U+yVdLaqKA/Tk2l6W3ZYDqtnxjMsEGjFUyhF64KdRia6R
|
|
mCM9FbLZJ/F/CboBk/l1xk+yHK50bt5r8eUTbo82Sd5IzveQ57C0bR446AlW9hQuFHquZu
|
|
wbZ+sz590wvdYXi/AfdljEKuXrHEYncXYrYLtasQ0BQHAcE/hQBHSFrkI9qVicXRlCPaXP
|
|
pqdp+YAw==
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFNnS0wAACNC7cmBTwevE7FFFZPhHXFDgx7O22zzpcKONRKhLz+8Y4ux808lIz580foslhpIMeoEKX+UZpI93sBxVJZnZtVJgLf6rxjuWMFKDss1+PtXEz5uct3gPK95d/TWd+HzhGEz47PeFQizGPE/hMl+XxJ8UEyPqlBO/Wh5+C8Sy4SU+wngUmaLgBDeA09x4it2ZZsa/oofRaXaPrAJLU7ATB7reUBNnUR/mml1k6FYfx0CJ2JxR1gx3r/fSRadZj807gGNfiSbcYNxNyy/XQ5n+0BsIaMk342Zpr4ijnwM5qzrA45aHB3ZxAvx+xVdTrQkyfiJ6nZWI+CKQ9"
|
|
set source built-in
|
|
next
|
|
edit "g-Fortinet_SSH_CA_Untrusted"
|
|
set password ENC 6P1TpOKNYz9UnSd1RwyvoloRj8eb8MhvsHGdGux1YBg7jIpQ8XH9kMNuZqQuLGvvXpIZMb4gvyWdjjYkPR5wTkrMfius/ffFOEsY/gmnYYWdiGCJSSw+tJVqoKFXZS6t3XDcjxv1Geh8kRf5eS24KcpOh9T57KDsbSOXATuFYUE/LcwI1WhZFzvJWd6sQc7zMU9InllmMjY3dkVA
|
|
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCQTdPzMa
|
|
0vRUCkbWP2fbZGAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9
|
|
RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lE
|
|
ZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eU
|
|
iw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFG
|
|
Xi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mv
|
|
NVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZlAAADwMYPhQ4qitkI6G
|
|
hq4Dfuzz6gmftmbuxj565Fztt4KA8I0LZ9ySrt4LtLdmQVOcQJ2SfmnA+1DtL4c9bEOLSx
|
|
zsEg1ooHPkruFcj2eJr2flQKYbLZLAe6Xn81wIO3qIPuAT0Fpb5vm9gzX8rirXNnHbo6sy
|
|
QXikdWDawL4rlqpRaecBKzcTSatgIz1OIv3TPm4JoJrObH10a8C3JEB/Y5f+/2P3fyi/PB
|
|
FVYl8VXiiNzzZhsJgFH64H8s2oK3ktD8of3u7zAmIj1NwT4f/81QY5I5Tiq2vsWJwv3yen
|
|
pRGf+dDVt1QMuSOF7RBPY6nFe9pr4OTeamO6mQ0DTFyssEd5yp5I+Omwzge+1WJuf9ldP2
|
|
wZRLoaNWNSVS6zUFtaNTFP8PKzRnWRl46dwS8R1hBcfMEtx+84TFKtgc71tH0/xDkHVboc
|
|
KVwPGbzyO6ESjNNaXJDdF/U4KEKYGa6kCSBU+fdg+2aKzr6yEM9rB27BBaqXa6Nxgc0oTK
|
|
w9BqZe23dP3wUmdX+HWkWXcHb+LHB2Z08h/fqgV91zJ9SM9bRGf6jh+sPL6Ifjcv1ymeRs
|
|
9uAbP/qDh+cRcF0/hKByY/zqnROlEgxSxGqakDLtEVDuKmG9eK2RjEBrHrLtdQJC7AbTMu
|
|
t6HUNp/9Cpwm5TB/jDb0etscB+h15FHGlXhsnXiDzDC2eUxpOELQCXWIbh8ONlRGl1ZmW2
|
|
rAMRWlAKxKwwUaNjJOxK4bqWkAFZG+9m9jYJKi4a1vOCgGNLsubLVY8WMMEAb3abbRgWaU
|
|
WIKp6PJR4ZSZTYuh9aJ3OneEy1DB9zURTV8cgh9UrALDwGT2GdjTHzKCFL+1UivpQ/gsSY
|
|
EeMdNmsLvxUSzmWF6btw/F8iX0tjflRkkHlicHvqe031yH9AEYpaHhSTg4wpLf7l4rvZRP
|
|
2/D/qL+ME91UAdG8vxGiIW+Urd9lCYD1+y013zRKBt9miPBzzX62LX9JXUvghfXPRacUXM
|
|
WgHjUBzcvKxUYeevh64FiDlnZ1omvlDlPYsfd67pyr0BWa8UwppdCRKAUYIb/ux2q7Ae5s
|
|
0hcVtBwKEvf/YLi8jdVWEYQKQLBaMj0hMLgNcZA8YVNUySpHe8bzm7FlmeSvPQD9t6Cpie
|
|
2jorGg+aR5MODJGKXIvAoLQ/IInwUS2NgwP+/vh74Tp5ryWTUE+svsrpQo6i8qZKCisngW
|
|
tvmxChpPCh54mbqvYlKAVs4MfO9ZZRV8NqIzU2FlL2STAmjRLMA+sr9HlPbXrXD6Xqf2VS
|
|
att5Ib/Q==
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
"
|
|
set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAkdHRAAn9RFuj2QchmT42CoWPCms0batL22xzsj2QMSujfcXCEQHjWx/gY+jZyGw2nAOFrzr8IVS5lEZKMiF89/zydMxQjr1MTelfPuYo855TZF4DELCK3O/zWwGLIgSboQft2RfZkSJFBb8NM4eUiw9CxJLUawWeYkGTslFv3gqh6HbZuw2WUx5pqmU7UibkOgp0eWHejkf031O+X49yZr3uFGXi/bd6oNNfHIdeSS8RJNC+4N2NUrB4NX87pM1TOLmZ9tAMlGJKX05UL4rli2UnIXkhP6mvNVdObU6Vk/dHf31QCWuLNSbH2nydYNs6JcQnoybJnzq6EggViAZl"
|
|
set source built-in
|
|
next
|
|
end
|
|
config firewall ssh setting
|
|
set caname "g-Fortinet_SSH_CA"
|
|
set untrusted-caname "g-Fortinet_SSH_CA_Untrusted"
|
|
set hostkey-rsa2048 "g-Fortinet_SSH_RSA2048"
|
|
set hostkey-dsa1024 "g-Fortinet_SSH_DSA1024"
|
|
set hostkey-ecdsa256 "g-Fortinet_SSH_ECDSA256"
|
|
set hostkey-ecdsa384 "g-Fortinet_SSH_ECDSA384"
|
|
set hostkey-ecdsa521 "g-Fortinet_SSH_ECDSA521"
|
|
set hostkey-ed25519 "g-Fortinet_SSH_ED25519"
|
|
set host-trusted-checking enable
|
|
end
|
|
config firewall ssh host-key
|
|
end
|
|
config firewall decrypted-traffic-mirror
|
|
end
|
|
config firewall access-proxy-virtual-host
|
|
end
|
|
config firewall access-proxy-ssh-client-cert
|
|
end
|
|
config firewall access-proxy
|
|
end
|
|
config firewall access-proxy6
|
|
end
|
|
config firewall ipmacbinding setting
|
|
set bindthroughfw disable
|
|
set bindtofw disable
|
|
end
|
|
config firewall ipmacbinding table
|
|
end
|
|
config firewall profile-protocol-options
|
|
edit "default"
|
|
set comment "All default services."
|
|
set replacemsg-group ''
|
|
set oversize-log disable
|
|
set switching-protocols-log disable
|
|
config http
|
|
set ports 80
|
|
set status enable
|
|
set inspect-all disable
|
|
set proxy-after-tcp-handshake disable
|
|
unset options
|
|
set comfort-interval 10
|
|
set comfort-amount 1
|
|
set range-block disable
|
|
set strip-x-forwarded-for disable
|
|
unset post-lang
|
|
set streaming-content-bypass enable
|
|
set switching-protocols bypass
|
|
set unknown-http-version reject
|
|
set tunnel-non-http enable
|
|
set h2c disable
|
|
set unknown-content-encoding block
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set stream-based-uncompressed-limit 0
|
|
set scan-bzip2 enable
|
|
set verify-dns-for-policy-matching enable
|
|
set block-page-status-code 403
|
|
set retry-count 0
|
|
set tcp-window-type auto-tuning
|
|
set ssl-offloaded no
|
|
set address-ip-rating enable
|
|
end
|
|
config ftp
|
|
set ports 21
|
|
set status enable
|
|
set inspect-all disable
|
|
set options splice
|
|
set comfort-interval 10
|
|
set comfort-amount 1
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set stream-based-uncompressed-limit 0
|
|
set scan-bzip2 enable
|
|
set tcp-window-type auto-tuning
|
|
set ssl-offloaded no
|
|
set explicit-ftp-tls disable
|
|
end
|
|
config imap
|
|
set ports 143
|
|
set status enable
|
|
set inspect-all disable
|
|
set proxy-after-tcp-handshake disable
|
|
set options fragmail
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set scan-bzip2 enable
|
|
set ssl-offloaded no
|
|
end
|
|
config mapi
|
|
set ports 135
|
|
set status enable
|
|
set options fragmail
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set scan-bzip2 enable
|
|
end
|
|
config pop3
|
|
set ports 110
|
|
set status enable
|
|
set inspect-all disable
|
|
set proxy-after-tcp-handshake disable
|
|
set options fragmail
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set scan-bzip2 enable
|
|
set ssl-offloaded no
|
|
end
|
|
config smtp
|
|
set ports 25
|
|
set status enable
|
|
set inspect-all disable
|
|
set proxy-after-tcp-handshake disable
|
|
set options fragmail splice
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set scan-bzip2 enable
|
|
set server-busy disable
|
|
set ssl-offloaded no
|
|
end
|
|
config nntp
|
|
set ports 119
|
|
set status enable
|
|
set inspect-all disable
|
|
set proxy-after-tcp-handshake disable
|
|
set options splice
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set scan-bzip2 enable
|
|
end
|
|
config ssh
|
|
unset options
|
|
set comfort-interval 10
|
|
set comfort-amount 1
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set stream-based-uncompressed-limit 0
|
|
set scan-bzip2 enable
|
|
set tcp-window-type auto-tuning
|
|
set ssl-offloaded no
|
|
end
|
|
config dns
|
|
set ports 53
|
|
set status enable
|
|
end
|
|
config cifs
|
|
set ports 445
|
|
set status enable
|
|
unset options
|
|
set oversize-limit 10
|
|
set uncompressed-oversize-limit 10
|
|
set uncompressed-nest-limit 12
|
|
set scan-bzip2 enable
|
|
set tcp-window-type auto-tuning
|
|
set server-credential-type none
|
|
end
|
|
config mail-signature
|
|
set status disable
|
|
set signature ''
|
|
end
|
|
set rpc-over-http disable
|
|
next
|
|
end
|
|
config firewall ssl-ssh-profile
|
|
edit "certificate-inspection"
|
|
set comment "Read-only SSL handshake inspection profile."
|
|
config ssl
|
|
set inspect-all disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
end
|
|
config https
|
|
set ports 443
|
|
set status certificate-inspection
|
|
set quic inspect
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
set sni-server-cert-check enable
|
|
set cert-probe-failure block
|
|
set encrypted-client-hello block
|
|
end
|
|
config ftps
|
|
set status disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config imaps
|
|
set status disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config pop3s
|
|
set status disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config smtps
|
|
set status disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config ssh
|
|
set ports 22
|
|
set status disable
|
|
set inspect-all disable
|
|
set unsupported-version bypass
|
|
set ssh-tun-policy-check disable
|
|
set ssh-algorithm compatible
|
|
end
|
|
config dot
|
|
set status disable
|
|
set quic inspect
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
set block-blocklisted-certificates enable
|
|
set caname "Fortinet_CA_SSL"
|
|
set ssl-anomaly-log enable
|
|
set ssl-negotiation-log enable
|
|
set ssl-server-cert-log disable
|
|
set ssl-handshake-log disable
|
|
next
|
|
edit "deep-inspection"
|
|
set comment "Read-only deep inspection profile."
|
|
config ssl
|
|
set inspect-all disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
end
|
|
config https
|
|
set ports 443
|
|
set status deep-inspection
|
|
set quic inspect
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
set sni-server-cert-check enable
|
|
set cert-probe-failure block
|
|
set min-allowed-ssl-version tls-1.1
|
|
end
|
|
config ftps
|
|
set ports 990
|
|
set status deep-inspection
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
set min-allowed-ssl-version tls-1.1
|
|
end
|
|
config imaps
|
|
set ports 993
|
|
set status deep-inspection
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config pop3s
|
|
set ports 995
|
|
set status deep-inspection
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config smtps
|
|
set ports 465
|
|
set status deep-inspection
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config ssh
|
|
set ports 22
|
|
set status disable
|
|
set inspect-all disable
|
|
set unsupported-version bypass
|
|
set ssh-tun-policy-check disable
|
|
set ssh-algorithm compatible
|
|
end
|
|
config dot
|
|
set status disable
|
|
set quic inspect
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
set allowlist disable
|
|
set block-blocklisted-certificates enable
|
|
config ssl-exempt
|
|
edit 1
|
|
set type fortiguard-category
|
|
set fortiguard-category 31
|
|
next
|
|
edit 2
|
|
set type fortiguard-category
|
|
set fortiguard-category 33
|
|
next
|
|
edit 3
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-adobe"
|
|
next
|
|
edit 4
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-Adobe Login"
|
|
next
|
|
edit 5
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-android"
|
|
next
|
|
edit 6
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-apple"
|
|
next
|
|
edit 7
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-appstore"
|
|
next
|
|
edit 8
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-auth.gfx.ms"
|
|
next
|
|
edit 9
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-citrix"
|
|
next
|
|
edit 10
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-dropbox.com"
|
|
next
|
|
edit 11
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-eease"
|
|
next
|
|
edit 12
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-firefox update server"
|
|
next
|
|
edit 13
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-fortinet"
|
|
next
|
|
edit 14
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-googleapis.com"
|
|
next
|
|
edit 15
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-drive"
|
|
next
|
|
edit 16
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-play2"
|
|
next
|
|
edit 17
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-play3"
|
|
next
|
|
edit 18
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-Gotomeeting"
|
|
next
|
|
edit 19
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-icloud"
|
|
next
|
|
edit 20
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-itunes"
|
|
next
|
|
edit 21
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-microsoft"
|
|
next
|
|
edit 22
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-skype"
|
|
next
|
|
edit 23
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-softwareupdate.vmware.com"
|
|
next
|
|
edit 24
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-verisign"
|
|
next
|
|
edit 25
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-Windows update 2"
|
|
next
|
|
edit 26
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-live.com"
|
|
next
|
|
edit 27
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-play"
|
|
next
|
|
edit 28
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-update.microsoft.com"
|
|
next
|
|
edit 29
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-swscan.apple.com"
|
|
next
|
|
edit 30
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-autoupdate.opera.com"
|
|
next
|
|
edit 31
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-cdn-apple"
|
|
next
|
|
edit 32
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-mzstatic-apple"
|
|
next
|
|
end
|
|
set server-cert-mode re-sign
|
|
set caname "Fortinet_CA_SSL"
|
|
set untrusted-caname "Fortinet_CA_Untrusted"
|
|
set ssl-exemption-ip-rating enable
|
|
set ssl-exemption-log disable
|
|
set ssl-anomaly-log enable
|
|
set ssl-negotiation-log enable
|
|
set ssl-server-cert-log disable
|
|
set ssl-handshake-log disable
|
|
set rpc-over-https disable
|
|
set mapi-over-https disable
|
|
set supported-alpn all
|
|
set use-ssl-server disable
|
|
next
|
|
edit "custom-deep-inspection"
|
|
set comment "Customizable deep inspection profile."
|
|
config ssl
|
|
set inspect-all disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
end
|
|
config https
|
|
set ports 443
|
|
set status deep-inspection
|
|
set quic inspect
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
set sni-server-cert-check enable
|
|
set cert-probe-failure block
|
|
set min-allowed-ssl-version tls-1.1
|
|
end
|
|
config ftps
|
|
set ports 990
|
|
set status deep-inspection
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
set min-allowed-ssl-version tls-1.1
|
|
end
|
|
config imaps
|
|
set ports 993
|
|
set status deep-inspection
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config pop3s
|
|
set ports 995
|
|
set status deep-inspection
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config smtps
|
|
set ports 465
|
|
set status deep-inspection
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config ssh
|
|
set ports 22
|
|
set status disable
|
|
set inspect-all disable
|
|
set unsupported-version bypass
|
|
set ssh-tun-policy-check disable
|
|
set ssh-algorithm compatible
|
|
end
|
|
config dot
|
|
set status disable
|
|
set quic inspect
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
set allowlist disable
|
|
set block-blocklisted-certificates enable
|
|
config ssl-exempt
|
|
edit 1
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-adobe"
|
|
next
|
|
edit 2
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-Adobe Login"
|
|
next
|
|
edit 3
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-android"
|
|
next
|
|
edit 4
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-apple"
|
|
next
|
|
edit 5
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-appstore"
|
|
next
|
|
edit 6
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-auth.gfx.ms"
|
|
next
|
|
edit 7
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-autoupdate.opera.com"
|
|
next
|
|
edit 8
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-citrix"
|
|
next
|
|
edit 9
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-dropbox.com"
|
|
next
|
|
edit 10
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-eease"
|
|
next
|
|
edit 11
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-firefox update server"
|
|
next
|
|
edit 12
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-fortinet"
|
|
next
|
|
edit 13
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-drive"
|
|
next
|
|
edit 14
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-play"
|
|
next
|
|
edit 15
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-play2"
|
|
next
|
|
edit 16
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-play3"
|
|
next
|
|
edit 17
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-googleapis.com"
|
|
next
|
|
edit 18
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-Gotomeeting"
|
|
next
|
|
edit 19
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-icloud"
|
|
next
|
|
edit 20
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-itunes"
|
|
next
|
|
edit 21
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-live.com"
|
|
next
|
|
edit 22
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-microsoft"
|
|
next
|
|
edit 23
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-skype"
|
|
next
|
|
edit 24
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-softwareupdate.vmware.com"
|
|
next
|
|
edit 25
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-swscan.apple.com"
|
|
next
|
|
edit 26
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-update.microsoft.com"
|
|
next
|
|
edit 27
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-verisign"
|
|
next
|
|
edit 28
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-Windows update 2"
|
|
next
|
|
edit 29
|
|
set type fortiguard-category
|
|
set fortiguard-category 31
|
|
next
|
|
edit 30
|
|
set type fortiguard-category
|
|
set fortiguard-category 33
|
|
next
|
|
edit 31
|
|
set type fortiguard-category
|
|
set fortiguard-category 25
|
|
next
|
|
edit 32
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-cdn-apple"
|
|
next
|
|
edit 33
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-mzstatic-apple"
|
|
next
|
|
end
|
|
set server-cert-mode re-sign
|
|
set caname "Fortinet_CA_SSL"
|
|
set untrusted-caname "Fortinet_CA_Untrusted"
|
|
set ssl-exemption-ip-rating enable
|
|
set ssl-exemption-log disable
|
|
set ssl-anomaly-log enable
|
|
set ssl-negotiation-log enable
|
|
set ssl-server-cert-log disable
|
|
set ssl-handshake-log disable
|
|
set rpc-over-https disable
|
|
set mapi-over-https disable
|
|
set supported-alpn all
|
|
set use-ssl-server disable
|
|
next
|
|
edit "no-inspection"
|
|
set comment "Read-only profile that does no inspection."
|
|
config ssl
|
|
set inspect-all disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
end
|
|
config https
|
|
set status disable
|
|
set quic bypass
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
set sni-server-cert-check enable
|
|
end
|
|
config ftps
|
|
set status disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config imaps
|
|
set status disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config pop3s
|
|
set status disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config smtps
|
|
set status disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config ssh
|
|
set ports 22
|
|
set status disable
|
|
set inspect-all disable
|
|
set unsupported-version bypass
|
|
set ssh-tun-policy-check disable
|
|
set ssh-algorithm compatible
|
|
end
|
|
config dot
|
|
set status disable
|
|
set quic bypass
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
set block-blocklisted-certificates enable
|
|
set caname "Fortinet_CA_SSL"
|
|
set ssl-anomaly-log enable
|
|
set ssl-negotiation-log enable
|
|
set ssl-server-cert-log disable
|
|
set ssl-handshake-log disable
|
|
next
|
|
edit "custom-cert-inspection"
|
|
set comment "Read-only SSL handshake inspection profile."
|
|
config ssl
|
|
set inspect-all disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
end
|
|
config https
|
|
set ports 443
|
|
set status certificate-inspection
|
|
set quic inspect
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
set sni-server-cert-check enable
|
|
set cert-probe-failure block
|
|
set encrypted-client-hello block
|
|
end
|
|
config ftps
|
|
set status disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config imaps
|
|
set status disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config pop3s
|
|
set status disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config smtps
|
|
set status disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config ssh
|
|
set ports 22
|
|
set status disable
|
|
set inspect-all disable
|
|
set unsupported-version bypass
|
|
set ssh-tun-policy-check disable
|
|
set ssh-algorithm compatible
|
|
end
|
|
config dot
|
|
set status disable
|
|
set quic inspect
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
set block-blocklisted-certificates enable
|
|
set caname "Fortinet_CA_SSL"
|
|
set ssl-anomaly-log enable
|
|
set ssl-negotiation-log enable
|
|
set ssl-server-cert-log disable
|
|
set ssl-handshake-log disable
|
|
next
|
|
edit "SCSD custom-deep-inspection"
|
|
set comment "Customizable deep inspection profile."
|
|
config ssl
|
|
set inspect-all disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
end
|
|
config https
|
|
set ports 443
|
|
set status deep-inspection
|
|
set quic inspect
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
set sni-server-cert-check enable
|
|
set cert-probe-failure block
|
|
set min-allowed-ssl-version tls-1.1
|
|
end
|
|
config ftps
|
|
set ports 990
|
|
set status deep-inspection
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
set min-allowed-ssl-version tls-1.1
|
|
end
|
|
config imaps
|
|
set ports 993
|
|
set status deep-inspection
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config pop3s
|
|
set ports 995
|
|
set status deep-inspection
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config smtps
|
|
set ports 465
|
|
set status deep-inspection
|
|
set proxy-after-tcp-handshake disable
|
|
set client-certificate inspect
|
|
set unsupported-ssl-version allow
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
config ssh
|
|
set ports 22
|
|
set status disable
|
|
set inspect-all disable
|
|
set unsupported-version bypass
|
|
set ssh-tun-policy-check disable
|
|
set ssh-algorithm compatible
|
|
end
|
|
config dot
|
|
set status disable
|
|
set quic inspect
|
|
set client-certificate bypass
|
|
set unsupported-ssl-version block
|
|
set unsupported-ssl-cipher allow
|
|
set unsupported-ssl-negotiation allow
|
|
set expired-server-cert block
|
|
set revoked-server-cert block
|
|
set untrusted-server-cert allow
|
|
set cert-validation-timeout allow
|
|
set cert-validation-failure block
|
|
end
|
|
set allowlist disable
|
|
set block-blocklisted-certificates enable
|
|
config ssl-exempt
|
|
edit 1
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-adobe"
|
|
next
|
|
edit 2
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-Adobe Login"
|
|
next
|
|
edit 3
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-android"
|
|
next
|
|
edit 4
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-apple"
|
|
next
|
|
edit 5
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-appstore"
|
|
next
|
|
edit 6
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-auth.gfx.ms"
|
|
next
|
|
edit 7
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-autoupdate.opera.com"
|
|
next
|
|
edit 8
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-citrix"
|
|
next
|
|
edit 9
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-dropbox.com"
|
|
next
|
|
edit 10
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-eease"
|
|
next
|
|
edit 11
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-firefox update server"
|
|
next
|
|
edit 12
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-fortinet"
|
|
next
|
|
edit 13
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-drive"
|
|
next
|
|
edit 14
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-play"
|
|
next
|
|
edit 15
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-play2"
|
|
next
|
|
edit 16
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-google-play3"
|
|
next
|
|
edit 17
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-googleapis.com"
|
|
next
|
|
edit 18
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-Gotomeeting"
|
|
next
|
|
edit 19
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-icloud"
|
|
next
|
|
edit 20
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-itunes"
|
|
next
|
|
edit 21
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-live.com"
|
|
next
|
|
edit 22
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-microsoft"
|
|
next
|
|
edit 23
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-skype"
|
|
next
|
|
edit 24
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-softwareupdate.vmware.com"
|
|
next
|
|
edit 25
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-swscan.apple.com"
|
|
next
|
|
edit 26
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-update.microsoft.com"
|
|
next
|
|
edit 27
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-verisign"
|
|
next
|
|
edit 28
|
|
set type wildcard-fqdn
|
|
set wildcard-fqdn "g-Windows update 2"
|
|
next
|
|
edit 29
|
|
set type fortiguard-category
|
|
set fortiguard-category 31
|
|
next
|
|
edit 30
|
|
set type fortiguard-category
|
|
set fortiguard-category 33
|
|
next
|
|
edit 31
|
|
set type fortiguard-category
|
|
set fortiguard-category 25
|
|
next
|
|
end
|
|
set server-cert-mode re-sign
|
|
set caname "Fortinet_CA_SSL"
|
|
set untrusted-caname "Fortinet_CA_Untrusted"
|
|
set ssl-exemption-ip-rating enable
|
|
set ssl-exemption-log disable
|
|
set ssl-anomaly-log enable
|
|
set ssl-negotiation-log enable
|
|
set ssl-server-cert-log disable
|
|
set ssl-handshake-log disable
|
|
set rpc-over-https disable
|
|
set mapi-over-https disable
|
|
set supported-alpn all
|
|
set use-ssl-server disable
|
|
next
|
|
end
|
|
config waf profile
|
|
edit "default"
|
|
set external disable
|
|
set extended-log disable
|
|
config signature
|
|
config main-class 100000000
|
|
set status disable
|
|
set action block
|
|
set log enable
|
|
set severity high
|
|
end
|
|
config main-class 20000000
|
|
set status disable
|
|
set action allow
|
|
set log enable
|
|
set severity medium
|
|
end
|
|
config main-class 30000000
|
|
set status enable
|
|
set action block
|
|
set log enable
|
|
set severity high
|
|
end
|
|
config main-class 40000000
|
|
set status disable
|
|
set action allow
|
|
set log enable
|
|
set severity medium
|
|
end
|
|
config main-class 50000000
|
|
set status enable
|
|
set action block
|
|
set log enable
|
|
set severity high
|
|
end
|
|
config main-class 60000000
|
|
set status disable
|
|
set action allow
|
|
set log enable
|
|
set severity medium
|
|
end
|
|
config main-class 70000000
|
|
set status enable
|
|
set action block
|
|
set log enable
|
|
set severity high
|
|
end
|
|
config main-class 80000000
|
|
set status enable
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config main-class 110000000
|
|
set status enable
|
|
set action allow
|
|
set log enable
|
|
set severity high
|
|
end
|
|
config main-class 90000000
|
|
set status enable
|
|
set action block
|
|
set log enable
|
|
set severity high
|
|
end
|
|
set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002
|
|
set credit-card-detection-threshold 3
|
|
end
|
|
config constraint
|
|
config header-length
|
|
set status enable
|
|
set length 8192
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config content-length
|
|
set status enable
|
|
set length 67108864
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config param-length
|
|
set status enable
|
|
set length 8192
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config line-length
|
|
set status enable
|
|
set length 1024
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config url-param-length
|
|
set status enable
|
|
set length 8192
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config version
|
|
set status disable
|
|
set action allow
|
|
set log enable
|
|
set severity medium
|
|
end
|
|
config method
|
|
set status disable
|
|
set action block
|
|
set log enable
|
|
set severity medium
|
|
end
|
|
config hostname
|
|
set status disable
|
|
set action block
|
|
set log enable
|
|
set severity medium
|
|
end
|
|
config malformed
|
|
set status disable
|
|
set action allow
|
|
set log enable
|
|
set severity medium
|
|
end
|
|
config max-cookie
|
|
set status enable
|
|
set max-cookie 16
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config max-header-line
|
|
set status enable
|
|
set max-header-line 32
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config max-url-param
|
|
set status enable
|
|
set max-url-param 16
|
|
set action allow
|
|
set log enable
|
|
set severity low
|
|
end
|
|
config max-range-segment
|
|
set status enable
|
|
set max-range-segment 5
|
|
set action allow
|
|
set log enable
|
|
set severity high
|
|
end
|
|
end
|
|
config method
|
|
set status disable
|
|
set log disable
|
|
set severity medium
|
|
unset default-allowed-methods
|
|
end
|
|
config address-list
|
|
set status disable
|
|
set blocked-log disable
|
|
set severity medium
|
|
end
|
|
set comment ''
|
|
next
|
|
end
|
|
config firewall ssl-server
|
|
end
|
|
config casb saas-application
|
|
end
|
|
config casb user-activity
|
|
end
|
|
config casb profile
|
|
edit "default"
|
|
set comment ''
|
|
next
|
|
end
|
|
config firewall profile-group
|
|
end
|
|
config firewall identity-based-route
|
|
end
|
|
config firewall auth-portal
|
|
set portal-addr ''
|
|
set portal-addr6 ''
|
|
set identity-based-route ''
|
|
set proxy-auth disable
|
|
end
|
|
config firewall policy
|
|
edit 89
|
|
set status disable
|
|
set name "Country Allow In->Out"
|
|
set uuid 05771906-3813-51ef-9ae4-5b1b9f3b263b
|
|
set srcintf "inside"
|
|
set dstintf "outside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "all"
|
|
set dstaddr "Country Allow"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "HTTPS"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "g-default"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic utm
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments ''
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 90
|
|
set status disable
|
|
set name "Country Allow Out->In"
|
|
set uuid 1e43f706-3813-51ef-b6bc-56506e6e3955
|
|
set srcintf "outside"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "Country Allow"
|
|
set dstaddr "all"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "HTTPS"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "g-default"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic utm
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments " (Copy of NVIDEA_LICENSING) (Reverse of NVIDEA_LICENSING)"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 107
|
|
set status disable
|
|
set name "NOCTI In->Out"
|
|
set uuid d3d9d38a-d9b9-51f0-7be3-c41f10630784
|
|
set srcintf "inside"
|
|
set dstintf "outside"
|
|
set action accept
|
|
set ztna-status disable
|
|
set srcaddr "NOCTI_Inside"
|
|
set dstaddr "NOCTI"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "HTTP" "HTTPS"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status disable
|
|
set inspection-mode flow
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "no-inspection"
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat enable
|
|
set pcp-outbound disable
|
|
set pcp-inbound disable
|
|
set permit-any-host disable
|
|
set permit-stun-host disable
|
|
set fixedport disable
|
|
set port-preserve enable
|
|
set ippool disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Allow nocti.org"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 121
|
|
set status disable
|
|
set name "NOCTI Out->In"
|
|
set uuid 73a15794-d9ba-51f0-b3ff-a11dfaf6bf75
|
|
set srcintf "outside"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "NOCTI"
|
|
set dstaddr "NOCTI_Inside"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "HTTP" "HTTPS"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status disable
|
|
set inspection-mode flow
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "no-inspection"
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Allow nocti.org (Reverse of NOCTI_In->Out) (Copy of )"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 109
|
|
set status enable
|
|
set name "Block Countries Out -> In"
|
|
set uuid 1e46053c-3813-51ef-a099-ee00ad8666fc
|
|
set srcintf "outside"
|
|
set dstintf "inside"
|
|
set action deny
|
|
set ztna-status disable
|
|
set srcaddr "Country Block"
|
|
set dstaddr "all"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set geoip-anycast disable
|
|
set geoip-match physical-location
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set np-acceleration enable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set match-vip enable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Block specific countries"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set send-deny-packet disable
|
|
next
|
|
edit 110
|
|
set status enable
|
|
set name "Block Countries In -> Out"
|
|
set uuid 1e4783d0-3813-51ef-c29f-57c919281f23
|
|
set srcintf "inside"
|
|
set dstintf "outside"
|
|
set action deny
|
|
set ztna-status disable
|
|
set srcaddr "all"
|
|
set dstaddr "Country Block"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set geoip-anycast disable
|
|
set geoip-match physical-location
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set np-acceleration enable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set match-vip enable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Block specific countries"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set send-deny-packet disable
|
|
next
|
|
edit 10020
|
|
set status enable
|
|
set name "Deny_List_In"
|
|
set uuid 1e493afe-3813-51ef-31cc-c7c59e4d9320
|
|
set srcintf "outside"
|
|
set dstintf "inside"
|
|
set action deny
|
|
set ztna-status disable
|
|
set srcaddr "Block_List_Group"
|
|
set dstaddr "all"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set np-acceleration enable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set match-vip enable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Block Known Attachers"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set send-deny-packet disable
|
|
next
|
|
edit 10022
|
|
set status enable
|
|
set name "Deny_List_Out"
|
|
set uuid 1e4d29ca-3813-51ef-9c3a-2b6c867c6ef9
|
|
set srcintf "inside"
|
|
set dstintf "outside"
|
|
set action deny
|
|
set ztna-status disable
|
|
set srcaddr "all"
|
|
set dstaddr "Block_List_Group"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set np-acceleration enable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set match-vip enable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Block Known Attachers"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set send-deny-packet disable
|
|
next
|
|
edit 112
|
|
set status enable
|
|
set name "SSL_VPN_FULL"
|
|
set uuid 1e5363e4-3813-51ef-ed9e-10d784be3c77
|
|
set srcintf "ssl.scsd"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "SSL_VPN_Range"
|
|
set dstaddr "IPv4-Private-All-RFC1918"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set ntlm disable
|
|
set groups "SSL_VPN_Full_Access" "FortiGateAccess"
|
|
set auth-path disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Remote Access VPN - Full Access"
|
|
set auth-cert ''
|
|
set auth-redirect-addr ''
|
|
set identity-based-route ''
|
|
set block-notification disable
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set redirect-url ''
|
|
next
|
|
edit 59
|
|
set status enable
|
|
set name "VPN_Security_VLAN_70"
|
|
set uuid 1e559150-3813-51ef-fb50-64b54c81411a
|
|
set srcintf "ssl.scsd"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "SSL_VPN_Range"
|
|
set dstaddr "Security_VLAN_70_Group"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set ntlm disable
|
|
set groups "VPN_Security_Group"
|
|
set auth-path disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Remote Access VPN - Security VLAN 70"
|
|
set auth-cert ''
|
|
set auth-redirect-addr ''
|
|
set identity-based-route ''
|
|
set block-notification disable
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set redirect-url ''
|
|
next
|
|
edit 78
|
|
set status enable
|
|
set name "VPN_Access_Control_VLAN_72"
|
|
set uuid 1e589026-3813-51ef-e0b9-2cd69f4e1347
|
|
set srcintf "ssl.scsd"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "SSL_VPN_Range"
|
|
set dstaddr "Access_Control_VLAN_72_Group"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set ntlm disable
|
|
set groups "VPN_Access_Control_Group"
|
|
set auth-path disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Remote Access VPN - Access Control VLAN 72"
|
|
set auth-cert ''
|
|
set auth-redirect-addr ''
|
|
set identity-based-route ''
|
|
set block-notification disable
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set redirect-url ''
|
|
next
|
|
edit 63
|
|
set status enable
|
|
set name "VPN_Hyperion_Servers"
|
|
set uuid 1e5af000-3813-51ef-0521-99dbeebf21a6
|
|
set srcintf "ssl.scsd"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "SSL_VPN_Range"
|
|
set dstaddr "Hyperion_Server_Group"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "RDP" "UDP-3389" "HTTP" "HTTPS" "TCP-19000"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set ntlm disable
|
|
set groups "VPN_Hyperion_Group"
|
|
set auth-path disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Remote Access VPN - Hyperion Servers"
|
|
set auth-cert ''
|
|
set auth-redirect-addr ''
|
|
set identity-based-route ''
|
|
set block-notification disable
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set redirect-url ''
|
|
next
|
|
edit 57
|
|
set status enable
|
|
set name "VPN_Website_Server"
|
|
set uuid 1e5d760e-3813-51ef-992d-b1002a280d18
|
|
set srcintf "ssl.scsd"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "SSL_VPN_Range"
|
|
set dstaddr "Webosphere_Inside"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "RDP" "UDP-3389" "FTP" "FTP_GET" "FTP_PUT" "TFTP" "Webosphere_Data" "HTTP" "HTTPS"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set ntlm disable
|
|
set groups "VPN_Web_Servers_Group"
|
|
set auth-path disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Remote Access VPN - SCSD Website"
|
|
set auth-cert ''
|
|
set auth-redirect-addr ''
|
|
set identity-based-route ''
|
|
set block-notification disable
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set redirect-url ''
|
|
next
|
|
edit 58
|
|
set status enable
|
|
set name "VPN_DayAutomation_Servers"
|
|
set uuid 1e5fd476-3813-51ef-9dc2-dcf2d76f7fc9
|
|
set srcintf "ssl.scsd"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "SSL_VPN_Range"
|
|
set dstaddr "Day_Server_Group"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "RDP" "UDP-3389" "HTTPS" "TCP-6502-6510"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set ntlm disable
|
|
set groups "VPN_DayAuto_Group"
|
|
set auth-path disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Remote Access VPN - Day Automation Servers"
|
|
set auth-cert ''
|
|
set auth-redirect-addr ''
|
|
set identity-based-route ''
|
|
set block-notification disable
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set redirect-url ''
|
|
next
|
|
edit 80
|
|
set status enable
|
|
set name "VPN_Auditors"
|
|
set uuid 1e622596-3813-51ef-dafa-742edb3c77c9
|
|
set srcintf "ssl.scsd"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "SSL_VPN_Range"
|
|
set dstaddr "psprdfin" "psprdhcm"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "HTTP" "HTTPS" "UDP-3389"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set ntlm disable
|
|
set groups "VPN_Auditor_Group"
|
|
set auth-path disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Remote Access VPN - Auditors"
|
|
set auth-cert ''
|
|
set auth-redirect-addr ''
|
|
set identity-based-route ''
|
|
set block-notification disable
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set redirect-url ''
|
|
next
|
|
edit 66
|
|
set status enable
|
|
set name "VPN_WebCRD_Server"
|
|
set uuid 1e66bbec-3813-51ef-6224-b4486eb2d0fd
|
|
set srcintf "ssl.scsd"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "SSL_VPN_Range"
|
|
set dstaddr "WebCRD"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "HTTPS" "SSH"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set ntlm disable
|
|
set groups "VPN_WebCRD_Group"
|
|
set auth-path disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Remote Access VPN - webCRD"
|
|
set auth-cert ''
|
|
set auth-redirect-addr ''
|
|
set identity-based-route ''
|
|
set block-notification disable
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set redirect-url ''
|
|
next
|
|
edit 69
|
|
set status enable
|
|
set name "VPN_DocHolliday"
|
|
set uuid 1e68d99a-3813-51ef-f506-85c179825d09
|
|
set srcintf "ssl.scsd"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "SSL_VPN_Range"
|
|
set dstaddr "DocHolliday"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "RDP" "UDP-3389" "SMB" "HTTP" "HTTPS" "PING"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set ntlm disable
|
|
set groups "VPN_DocHolliday_Group"
|
|
set auth-path disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Remote Access VPN - DocHolliday for Katapult User"
|
|
set auth-cert ''
|
|
set auth-redirect-addr ''
|
|
set identity-based-route ''
|
|
set block-notification disable
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set redirect-url ''
|
|
next
|
|
edit 105
|
|
set status enable
|
|
set name "DNS_FOR_SSL_VPN"
|
|
set uuid cba12b4a-b660-51f0-96eb-7251706c8087
|
|
set srcintf "ssl.scsd"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "SSL_VPN_Range"
|
|
set dstaddr "Domain_Controller_Group"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "DNS"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set ntlm disable
|
|
set groups "VPN_DocHolliday_Group"
|
|
set auth-path disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Remote Access VPN - DocHolliday for Katapult User (Copy of VPN_DocHolliday)"
|
|
set auth-cert ''
|
|
set auth-redirect-addr ''
|
|
set identity-based-route ''
|
|
set block-notification disable
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set redirect-url ''
|
|
next
|
|
edit 120
|
|
set status enable
|
|
set name "VPN411-Web-Portal"
|
|
set uuid f7898382-c566-51f0-4476-dc6d9bcb9737
|
|
set srcintf "ssl.scsd"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set ztna-status disable
|
|
set srcaddr "all"
|
|
set dstaddr "411app" "411sql"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "RDP" "Web Access"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status disable
|
|
set inspection-mode flow
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "no-inspection"
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat enable
|
|
set pcp-outbound disable
|
|
set pcp-inbound disable
|
|
set permit-any-host disable
|
|
set permit-stun-host disable
|
|
set fixedport disable
|
|
set port-preserve disable
|
|
set ippool disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set ntlm disable
|
|
set groups "VPN_Access411_Group"
|
|
set auth-path disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments ''
|
|
set auth-cert ''
|
|
set auth-redirect-addr ''
|
|
set identity-based-route ''
|
|
set block-notification disable
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set redirect-url ''
|
|
next
|
|
edit 68
|
|
set status enable
|
|
set name "VPN_Access411_Servers"
|
|
set uuid 1e6b1a0c-3813-51ef-fc38-aa2d138e683f
|
|
set srcintf "ssl.scsd"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "SSL_VPN_Range"
|
|
set dstaddr "411_Group"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "RDP" "UDP-3389" "HTTP" "HTTPS"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set ntlm disable
|
|
set groups "VPN_Access411_Group"
|
|
set auth-path disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Remote Access VPN - Access411 RDP"
|
|
set auth-cert ''
|
|
set auth-redirect-addr ''
|
|
set identity-based-route ''
|
|
set block-notification disable
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set redirect-url ''
|
|
next
|
|
edit 91
|
|
set status enable
|
|
set name "VPN_Peoplesoft_Audit"
|
|
set uuid 1e6d5baa-3813-51ef-d2bf-10a73778218f
|
|
set srcintf "ssl.scsd"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "SSL_VPN_Range"
|
|
set dstaddr "Peoplesoft_Audit_Group"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "HTTP" "HTTPS" "TCP_UDP-8100"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set ntlm disable
|
|
set groups "VPN_Peoplesoft_Group"
|
|
set auth-path disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Remote Access VPN - Peoplesoft Auditors"
|
|
set auth-cert ''
|
|
set auth-redirect-addr ''
|
|
set identity-based-route ''
|
|
set block-notification disable
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set redirect-url ''
|
|
next
|
|
edit 64
|
|
set status enable
|
|
set name "VPN_Peoplesoft_RDP"
|
|
set uuid 1e6fbbfc-3813-51ef-6daf-b4c34aa0e0d9
|
|
set srcintf "ssl.scsd"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "SSL_VPN_Range"
|
|
set dstaddr "Peoplesoft_RDP_Group"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "RDP" "UDP-3389"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set ntlm disable
|
|
set groups "VPN_Peoplesoft_Group"
|
|
set auth-path disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Remote Access VPN - Peoplesoft RDP"
|
|
set auth-cert ''
|
|
set auth-redirect-addr ''
|
|
set identity-based-route ''
|
|
set block-notification disable
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set redirect-url ''
|
|
next
|
|
edit 65
|
|
set status enable
|
|
set name "VPN_Peoplesoft_SSH"
|
|
set uuid 1e725740-3813-51ef-6fff-a75b3554ba2b
|
|
set srcintf "ssl.scsd"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "SSL_VPN_Range"
|
|
set dstaddr "Peoplesoft_SSH_Group"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "SSH"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set ntlm disable
|
|
set groups "VPN_Peoplesoft_Group"
|
|
set auth-path disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Remote Access VPN - Peoplesoft SSH"
|
|
set auth-cert ''
|
|
set auth-redirect-addr ''
|
|
set identity-based-route ''
|
|
set block-notification disable
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
set redirect-url ''
|
|
next
|
|
edit 10009
|
|
set status enable
|
|
set name "Nimble_Sup_Out"
|
|
set uuid 1e77a52e-3813-51ef-8c30-560acbd80bf3
|
|
set srcintf "inside"
|
|
set dstintf "outside"
|
|
set action accept
|
|
set ztna-status disable
|
|
set srcaddr "Nimble_Inside_Grp"
|
|
set dstaddr "Nimble_Support"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat enable
|
|
set pcp-outbound disable
|
|
set pcp-inbound disable
|
|
set permit-any-host disable
|
|
set permit-stun-host disable
|
|
set fixedport disable
|
|
set port-preserve enable
|
|
set ippool enable
|
|
set poolname "ippool-198.36.23.251" "ippool-198.36.23.253" "ippool-198.36.23.254" "ippool-198.36.23.252"
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Nimble Support"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 10010
|
|
set status enable
|
|
set name "Nimble_Sup_In"
|
|
set uuid 1e79f5e0-3813-51ef-d2db-d7b36bd66919
|
|
set srcintf "outside"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "Nimble_Support"
|
|
set dstaddr "Nimble_Inside_Grp"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Nimble Support"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 10026
|
|
set status enable
|
|
set name "Barracuda In->Out"
|
|
set uuid 1e85b04c-3813-51ef-6bf7-3a31d600c61d
|
|
set srcintf "inside"
|
|
set dstintf "outside"
|
|
set action accept
|
|
set ztna-status disable
|
|
set srcaddr "Barracuda_Internal"
|
|
set dstaddr "all"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "SMTP" "SMTPS"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat enable
|
|
set pcp-outbound disable
|
|
set pcp-inbound disable
|
|
set permit-any-host disable
|
|
set permit-stun-host disable
|
|
set fixedport disable
|
|
set port-preserve enable
|
|
set ippool enable
|
|
set poolname "MailOut_Outside"
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Barracuda Internal Email"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 67
|
|
set status enable
|
|
set name "Nighttime In->Out"
|
|
set uuid 1e9170d0-3813-51ef-9616-0feaa296fbcf
|
|
set srcintf "inside"
|
|
set dstintf "outside"
|
|
set action accept
|
|
set ztna-status disable
|
|
set srcaddr "Nighttime_Inside"
|
|
set dstaddr "all"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "FTP" "SSH" "TFTP"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat enable
|
|
set pcp-outbound disable
|
|
set pcp-inbound disable
|
|
set permit-any-host disable
|
|
set permit-stun-host disable
|
|
set fixedport disable
|
|
set port-preserve enable
|
|
set ippool enable
|
|
set poolname "Nighttime_Outside"
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Forces nighttime to use specific external IP"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 10070
|
|
set status enable
|
|
set name "Reverse_Proxy"
|
|
set uuid 1ea33266-3813-51ef-99ab-bce3f219ac75
|
|
set srcintf "outside"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "United_States"
|
|
set dstaddr "ReverseProxy"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "HTTPS"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set geoip-anycast disable
|
|
set geoip-match physical-location
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Need to examine - Reverse Proxy"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 94
|
|
set status enable
|
|
set name "SBC_NOC_In->Out"
|
|
set uuid 1eaae63c-3813-51ef-331a-6873c1713df5
|
|
set srcintf "inside"
|
|
set dstintf "outside"
|
|
set action accept
|
|
set ztna-status disable
|
|
set srcaddr "SBC-NOC"
|
|
set dstaddr "MS_Teams_External_Group"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Outgoing_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat enable
|
|
set pcp-outbound disable
|
|
set pcp-inbound disable
|
|
set permit-any-host disable
|
|
set permit-stun-host disable
|
|
set fixedport disable
|
|
set port-preserve enable
|
|
set ippool enable
|
|
set poolname "SBC-NOC-Outside"
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "SBC Ribbon"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 100
|
|
set status enable
|
|
set name "SBC_DAN_In->Out"
|
|
set uuid 1ead08cc-3813-51ef-54d4-e5349e6869af
|
|
set srcintf "inside"
|
|
set dstintf "outside"
|
|
set action accept
|
|
set ztna-status disable
|
|
set srcaddr "SBC-DAN"
|
|
set dstaddr "MS_Teams_External_Group"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Outgoing_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat enable
|
|
set pcp-outbound disable
|
|
set pcp-inbound disable
|
|
set permit-any-host disable
|
|
set permit-stun-host disable
|
|
set fixedport disable
|
|
set port-preserve enable
|
|
set ippool enable
|
|
set poolname "SBC-DAN-Outside"
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "SBC Ribbon"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 10046
|
|
set status enable
|
|
set name "SRIC_BOCES_Allow"
|
|
set uuid 1eaf29ae-3813-51ef-6f21-ac90af29aaa7
|
|
set srcintf "SRIC_BOCES"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "SRICBOCES-OUTSIDE"
|
|
set dstaddr "vip-ntss"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL_ICMP" "HTTP" "HTTPS" "TCP-1521" "TCP-9000-9100"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Site to Site VPN - SRIC BOCES NTSS"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 10174
|
|
set status enable
|
|
set name "NTSS In->Out"
|
|
set uuid 1eb15832-3813-51ef-d5ba-d3f89d1ebe57
|
|
set srcintf "inside"
|
|
set dstintf "SRIC_BOCES"
|
|
set action accept
|
|
set ztna-status disable
|
|
set srcaddr "ntss-inside"
|
|
set dstaddr "SRICBOCES-OUTSIDE"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat enable
|
|
set pcp-outbound disable
|
|
set pcp-inbound disable
|
|
set permit-any-host disable
|
|
set permit-stun-host disable
|
|
set fixedport disable
|
|
set port-preserve enable
|
|
set ippool enable
|
|
set poolname "NTSS_Outside"
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Site to Site VPN - SRIC BOCES NTSS"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 72
|
|
set status enable
|
|
set name "SCHC_In->Out"
|
|
set uuid 1eb3b500-3813-51ef-8d25-e84757b6e80f
|
|
set srcintf "inside"
|
|
set dstintf "SCHC"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "SCHC_Local_Subnets_Group"
|
|
set dstaddr "SCHC_Remote_Subnets_Group"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "g-default"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Site to Site VPN - SCHC"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 73
|
|
set status enable
|
|
set name "SCHC_Out->In"
|
|
set uuid 1eb5e37a-3813-51ef-0d54-a0f86f9c413d
|
|
set srcintf "SCHC"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "SCHC_Remote_Subnets_Group"
|
|
set dstaddr "SCHC_Local_Subnets_Group"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "g-default"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Site to Site VPN - SCHC"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 102
|
|
set status enable
|
|
set name "eScholar In->Out"
|
|
set uuid ee1a30d4-615e-51ef-2b32-6e61482f80f4
|
|
set srcintf "inside"
|
|
set dstintf "vpn-0403e61"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "all"
|
|
set dstaddr "all"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Site to Site VPN - AWS eScholar"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 108
|
|
set status disable
|
|
set name "eScholar Out->In"
|
|
set uuid 3f39ba48-8d5b-51ef-a5d4-56bbe4a36ed5
|
|
set srcintf "vpn-0403e61"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "all"
|
|
set dstaddr "all"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Site to Site VPN - AWS eScholar"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 101
|
|
set status enable
|
|
set name "testing highstreet"
|
|
set uuid f827dd26-da5b-51ef-87ba-f81639e668c9
|
|
set srcintf "inside"
|
|
set dstintf "Highstreet"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "all"
|
|
set dstaddr "all"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status disable
|
|
set inspection-mode flow
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Site to Site VPN - Highstreet (Copy of Highstreet_Tunnel_In->Out)"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 111
|
|
set status enable
|
|
set name "Highstreet_Tunnel_In->Out"
|
|
set uuid 7814df68-9202-51ef-0bbd-c924fa190f40
|
|
set srcintf "inside"
|
|
set dstintf "Highstreet"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "Server_40" "Server_48"
|
|
set dstaddr "all"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Site to Site VPN - Highstreet"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 113
|
|
set status enable
|
|
set name "Highstreet_2_Tunnel_In->Out"
|
|
set uuid 02c82414-9553-51ef-5d42-ebdfea1cb3e0
|
|
set srcintf "inside"
|
|
set dstintf "Highstreet_2"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "Server_40" "Server_48"
|
|
set dstaddr "all"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "VPN - Highstreet 2"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 61
|
|
set status enable
|
|
set name "AWS_VPN_In->Out"
|
|
set uuid 1eb80808-3813-51ef-57e9-eba2d42f35c6
|
|
set srcintf "inside"
|
|
set dstintf "vpn-042e9903"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "all"
|
|
set dstaddr "all"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Site to Site VPN - AWS"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 96
|
|
set status enable
|
|
set name "SchoolTool_AWS_In->Out"
|
|
set uuid 1eba0392-3813-51ef-da4b-c7f8b6d4754f
|
|
set srcintf "inside"
|
|
set dstintf "vpn-0fc50345"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "all"
|
|
set dstaddr "all"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "SchoolTool Tunnel In -> Out"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 97
|
|
set status enable
|
|
set name "SchoolTool_AWS_Out->In"
|
|
set uuid 1ebc057a-3813-51ef-5e4e-7fbfad04b371
|
|
set srcintf "vpn-0fc50345"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "all"
|
|
set dstaddr "all"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Reverse of SchoolTool_AWS_In->Out"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 62
|
|
set status disable
|
|
set name "Test Cert Decrypt"
|
|
set uuid 1ebdf772-3813-51ef-d34b-3956a214ee8c
|
|
set srcintf "inside"
|
|
set dstintf "outside"
|
|
set action accept
|
|
set ztna-status disable
|
|
set srcaddr "Tim PC"
|
|
set dstaddr "all"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "SCSD custom-deep-inspection"
|
|
set av-profile "g-default"
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list "App_Ctrl_1"
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat enable
|
|
set pcp-outbound disable
|
|
set pcp-inbound disable
|
|
set permit-any-host disable
|
|
set permit-stun-host disable
|
|
set fixedport disable
|
|
set port-preserve enable
|
|
set ippool enable
|
|
set poolname "ippool-198.36.23.251" "ippool-198.36.23.253" "ippool-198.36.23.254" "ippool-198.36.23.252"
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 1400
|
|
set tcp-mss-receiver 1400
|
|
set comments "Internet Access (Copy of Internet Access)"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set decrypted-traffic-mirror ''
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 98
|
|
set status enable
|
|
set name "AW_Scanner_Allow"
|
|
set uuid 5385d71e-c142-51ef-d666-e78958f9556b
|
|
set srcintf "inside"
|
|
set dstintf "outside"
|
|
set action accept
|
|
set ztna-status disable
|
|
set srcaddr "AW_Scanner_MerryChristmas" "AW_Scanner _HappyHalloween" "AW_Scanner_DiaDeLosMuertos" "AW_Scanner_HappyNewYear" "AW_Scanner_LaborDay"
|
|
set dstaddr "AW_device-activation.us-global-prod.arcticwolf.net" "AW_drs.us-global-prod.arcticwolf.net" "AW_inbound.us002-prod.arcticwolf.net"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status disable
|
|
set inspection-mode flow
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "no-inspection"
|
|
set logtraffic utm
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat enable
|
|
set pcp-outbound disable
|
|
set pcp-inbound disable
|
|
set permit-any-host disable
|
|
set permit-stun-host disable
|
|
set fixedport disable
|
|
set port-preserve enable
|
|
set ippool disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments ''
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 116
|
|
set status enable
|
|
set name "POS Test"
|
|
set uuid a1e4afc0-1eb7-51f0-4ebd-d1105cd4ed77
|
|
set srcintf "inside"
|
|
set dstintf "outside"
|
|
set action accept
|
|
set ztna-status disable
|
|
set srcaddr "POS_Machines"
|
|
set dstaddr "all"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status disable
|
|
set inspection-mode flow
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "no-inspection"
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat enable
|
|
set pcp-outbound disable
|
|
set pcp-inbound disable
|
|
set permit-any-host disable
|
|
set permit-stun-host disable
|
|
set fixedport disable
|
|
set port-preserve enable
|
|
set ippool enable
|
|
set poolname "ippool-198.36.23.251" "ippool-198.36.23.253" "ippool-198.36.23.254" "ippool-198.36.23.252"
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 1400
|
|
set tcp-mss-receiver 1400
|
|
set comments "Test Point of Sale"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 119
|
|
set status enable
|
|
set name "IoT>Open VPN"
|
|
set uuid ff3f1cfc-b66d-51f0-e853-77cbf609a9f5
|
|
set srcintf "inside"
|
|
set dstintf "outside"
|
|
set action accept
|
|
set ztna-status disable
|
|
set srcaddr "IoT - Core"
|
|
set dstaddr "all"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile "g-default"
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Outgoing_IPS"
|
|
set application-list "IoT"
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat enable
|
|
set pcp-outbound disable
|
|
set pcp-inbound disable
|
|
set permit-any-host disable
|
|
set permit-stun-host disable
|
|
set fixedport disable
|
|
set port-preserve enable
|
|
set ippool enable
|
|
set poolname "ippool-198.36.23.251"
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments ''
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 106
|
|
set status enable
|
|
set name "Internet Access"
|
|
set uuid a07c4df0-7eb0-51ec-6ebd-522652ce242b
|
|
set srcintf "inside" "RAP"
|
|
set dstintf "outside"
|
|
set action accept
|
|
set ztna-status disable
|
|
set srcaddr "IPv4-Private-All-RFC1918" "VPN-Range"
|
|
set dstaddr "all"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile "g-default"
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Outgoing_IPS"
|
|
set application-list "App_Ctrl_1"
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat enable
|
|
set pcp-outbound disable
|
|
set pcp-inbound disable
|
|
set permit-any-host disable
|
|
set permit-stun-host disable
|
|
set fixedport disable
|
|
set port-preserve enable
|
|
set ippool enable
|
|
set poolname "ippool-198.36.23.251" "ippool-198.36.23.253" "ippool-198.36.23.254" "ippool-198.36.23.252"
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 1400
|
|
set tcp-mss-receiver 1400
|
|
set comments "Internet Access"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 71
|
|
set status enable
|
|
set name "County->Peoplesoft"
|
|
set uuid 1ec347ae-3813-51ef-1efd-957736793cf0
|
|
set srcintf "city_phones"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "County_Network"
|
|
set dstaddr "psprdfin"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "HTTP" "HTTPS"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status disable
|
|
set inspection-mode flow
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments ''
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 82
|
|
set status enable
|
|
set name "Peoplesoft -> County"
|
|
set uuid 1ec4d6c8-3813-51ef-ac28-17b59421f677
|
|
set srcintf "inside"
|
|
set dstintf "city_phones"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "psprdfin"
|
|
set dstaddr "County_Network"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "HTTP" "HTTPS"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status disable
|
|
set inspection-mode flow
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments " (Copy of County->Peoplesoft) (Reverse of County->Peoplesoft)"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 81
|
|
set status enable
|
|
set name "County -> DNS"
|
|
set uuid 1ec69580-3813-51ef-70aa-d0c556abef94
|
|
set srcintf "city_phones"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "County_Network"
|
|
set dstaddr "Domain_Controller_Group"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "DNS"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status disable
|
|
set inspection-mode flow
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments " (Copy of County->Peoplesoft)"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 76
|
|
set status enable
|
|
set name "City_CGRs_Out->In"
|
|
set uuid 1ec85960-3813-51ef-bbd7-2a8905689144
|
|
set srcintf "city_phones"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "City_Side_CGR_01" "City_Side_CGR_02"
|
|
set dstaddr "City_CGRs_Group"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ESP" "IKE" "PING" "SSH"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status disable
|
|
set inspection-mode flow
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "City Lights - CGR - Allow Ping and SSH from City-Side Subnets"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 77
|
|
set status enable
|
|
set name "City_CGRs_In->Out"
|
|
set uuid 1eca734e-3813-51ef-87b1-5ee84780d2e3
|
|
set srcintf "inside"
|
|
set dstintf "city_phones"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "City_CGRs_Group"
|
|
set dstaddr "City_Side_CGR_01" "City_Side_CGR_02"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ESP" "IKE" "PING" "SSH"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status disable
|
|
set inspection-mode flow
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Allow City Lights CGR to City Side Subnets"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 85
|
|
set status enable
|
|
set name "City_VoIP_Out->In"
|
|
set uuid 1ecc7ec8-3813-51ef-b6b3-ce34580ba6e8
|
|
set srcintf "city_phones"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "City_Side_VoIP_Group"
|
|
set dstaddr "CUCM_BRIGHTON" "CUCM_ITC_NOC"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status disable
|
|
set inspection-mode flow
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "no-inspection"
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "City Allowed Networks From them to Us (Copy of City_Phones_Out->In)"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 86
|
|
set status enable
|
|
set name "City_VoIP_In->Out"
|
|
set uuid 1ece4596-3813-51ef-e6fc-e121d064849b
|
|
set srcintf "inside"
|
|
set dstintf "city_phones"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "CUCM_BRIGHTON" "CUCM_ITC_NOC"
|
|
set dstaddr "City_Side_VoIP_Group"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status disable
|
|
set inspection-mode flow
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "no-inspection"
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "City Allowed Networks From them to Us (Copy of City_Phones_Out->In) (Copy of City_VoIP_Out->In) (Reverse of City_VoIP_Out->In)"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 84
|
|
set status enable
|
|
set name "City_Water_DPW_Recorder_Out->In"
|
|
set uuid 1ed02d2a-3813-51ef-b5b5-5d483ed50082
|
|
set srcintf "city_phones"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "City_Side_VoIP_Water_DPW_Recorder"
|
|
set dstaddr "CUCM_BRIGHTON" "CUCM_ITC_NOC"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status disable
|
|
set inspection-mode proxy
|
|
set http-policy-redirect disable
|
|
set ssh-policy-redirect disable
|
|
set webproxy-profile ''
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "no-inspection"
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload disable
|
|
set np-acceleration disable
|
|
set wanopt disable
|
|
set webcache disable
|
|
set webproxy-forward-server ''
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "City Allowed Networks From them to Us (Copy of City_Phones_Out->In) (Copy of City_Parks_Phones_Out->In)"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 88
|
|
set status enable
|
|
set name "City_Water_DPW_Recorder_In->Out"
|
|
set uuid 1ed1fa06-3813-51ef-b94f-4fc985cecc67
|
|
set srcintf "inside"
|
|
set dstintf "city_phones"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "CUCM_BRIGHTON" "CUCM_ITC_NOC"
|
|
set dstaddr "City_Side_VoIP_Water_DPW_Recorder"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status disable
|
|
set inspection-mode proxy
|
|
set http-policy-redirect disable
|
|
set ssh-policy-redirect disable
|
|
set webproxy-profile ''
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "no-inspection"
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload disable
|
|
set np-acceleration disable
|
|
set wanopt disable
|
|
set webcache disable
|
|
set webproxy-forward-server ''
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "City Allowed Networks From them to Us (Copy of City_Phones_Out->In) (Copy of City_Parks_Phones_Out->In) (Copy of City_Water_DPW_Recorder_Out->In) (Reverse of City_Water_DPW_Recorder_Out->In)"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 60
|
|
set status enable
|
|
set name "City_Parks_Phones_Out->In"
|
|
set uuid 1ed3ebc2-3813-51ef-1e7f-278d09aa39e5
|
|
set srcintf "city_phones"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "City_Side_Parks_Phone_Subnet" "City_Side_VoIP_Water_DPW_Recorder"
|
|
set dstaddr "CUCM_BRIGHTON" "CUCM_ITC_NOC"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status disable
|
|
set inspection-mode proxy
|
|
set http-policy-redirect disable
|
|
set ssh-policy-redirect disable
|
|
set webproxy-profile ''
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "no-inspection"
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload disable
|
|
set np-acceleration disable
|
|
set wanopt disable
|
|
set webcache disable
|
|
set webproxy-forward-server ''
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "City Allowed Networks From them to Us (Copy of City_Phones_Out->In)"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 79
|
|
set status enable
|
|
set name "City_Parks_Phones_In->Out"
|
|
set uuid 1ed5bfc4-3813-51ef-1ec9-12e8ee90dbee
|
|
set srcintf "inside"
|
|
set dstintf "city_phones"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "CUCM_BRIGHTON" "CUCM_ITC_NOC"
|
|
set dstaddr "City_Side_Parks_Phone_Subnet" "City_Side_VoIP_Water_DPW_Recorder"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status disable
|
|
set inspection-mode proxy
|
|
set http-policy-redirect disable
|
|
set ssh-policy-redirect disable
|
|
set webproxy-profile ''
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "no-inspection"
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set wanopt disable
|
|
set webcache disable
|
|
set webproxy-forward-server ''
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "City Allowed Networks From Us to Them (Copy of City_Phones_In->Out)"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 70
|
|
set status disable
|
|
set name "Block SPD DNS ACCESS"
|
|
set uuid 1ed761e4-3813-51ef-854c-443e75bbd182
|
|
set srcintf "city_phones"
|
|
set dstintf "inside"
|
|
set action deny
|
|
set ztna-status disable
|
|
set srcaddr "SPD_Network"
|
|
set dstaddr "all"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "DNS"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set logtraffic disable
|
|
set logtraffic-start disable
|
|
set np-acceleration enable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set match-vip disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Deny SPD DNS"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set send-deny-packet disable
|
|
next
|
|
edit 55
|
|
set status enable
|
|
set name "SPD_Out->In"
|
|
set uuid 1ed88ccc-3813-51ef-ce40-66f91cac1e76
|
|
set srcintf "city_phones"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "SPD_Network"
|
|
set dstaddr "SPD_Firewalls_Our_Side"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ESP" "IKE" "SNMP" "SSH" "ALL_ICMP" "HTTPS" "HTTP"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status disable
|
|
set inspection-mode flow
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "SPD Access"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 87
|
|
set status enable
|
|
set name "SPD_In->Out"
|
|
set uuid 1eda7712-3813-51ef-3c63-e2ec1558101f
|
|
set srcintf "inside"
|
|
set dstintf "city_phones"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "SPD_Firewalls_Our_Side"
|
|
set dstaddr "SPD_Network"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ESP" "IKE" "SNMP" "SSH" "ALL_ICMP" "HTTPS" "HTTP"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status disable
|
|
set inspection-mode flow
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "SPD Access (Copy of SPD_Out->In) (Reverse of SPD_Out->In)"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 83
|
|
set status enable
|
|
set name "SPD_ Genetec_Out->In"
|
|
set uuid 1edc7242-3813-51ef-7f2c-b3136231a789
|
|
set srcintf "city_phones"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "SPD_Side_Genetec"
|
|
set dstaddr "Genetec_Inside_Group"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "Genetec Federation"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status disable
|
|
set inspection-mode flow
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "SPD Access for Genetec Federation"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 92
|
|
set status enable
|
|
set name "SPD_ Genetec_In->Out"
|
|
set uuid 1edea1ac-3813-51ef-57bb-512cdbf9dd3f
|
|
set srcintf "inside"
|
|
set dstintf "city_phones"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "Genetec_Inside_Group"
|
|
set dstaddr "SPD_Side_Genetec"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "Genetec Federation"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status disable
|
|
set inspection-mode flow
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "SPD Access for Genetec Federation"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 54
|
|
set status enable
|
|
set name "City_Phones_Out->In"
|
|
set uuid 1ee0c5ae-3813-51ef-cd42-b18ff9cc744e
|
|
set srcintf "city_phones"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "City_Subnets_Group"
|
|
set dstaddr "City_Permited_Subnets_Group"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status disable
|
|
set inspection-mode flow
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "no-inspection"
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "City Allowed Networks From them to Us"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 75
|
|
set status enable
|
|
set name "City_Phones_In->Out"
|
|
set uuid 1ee253a6-3813-51ef-2f01-6a3bba8948c4
|
|
set srcintf "inside"
|
|
set dstintf "city_phones"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "City_Permited_Subnets_Group"
|
|
set dstaddr "City_Subnets_Group"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status disable
|
|
set inspection-mode flow
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "no-inspection"
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "City Allowed Networks From Us to Them"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 10024
|
|
set status enable
|
|
set name "Email_Hybrid_Allow"
|
|
set uuid 81a5da3e-3814-51ef-1983-581a79abcbe4
|
|
set srcintf "outside"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "all"
|
|
set dstaddr "vip-hybrid-email"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "HTTP" "HTTPS" "SMTP" "SMTPS"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Hybrid Email - Robert Johnson"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 10027
|
|
set status enable
|
|
set name "Barracuda_Archivers"
|
|
set uuid 81a9ac68-3814-51ef-197d-0a3afe0e87fd
|
|
set srcintf "outside"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set dstaddr "vip-grp-barracuda_Archivers"
|
|
set internet-service disable
|
|
set internet-service-src enable
|
|
set internet-service-src-group "Microsoft_ISDB_Both"
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "HTTP" "HTTPS" "SMTP" "SMTPS"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Barracuda Archivers from Microsoft"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set internet-service-src-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 115
|
|
set status enable
|
|
set name "Nutanix_Remote_Support"
|
|
set uuid 1900c2ca-108e-51f0-95ec-850dcb4dec46
|
|
set srcintf "inside"
|
|
set dstintf "outside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "Nutanix_CVM"
|
|
set dstaddr "Nutanix_Remote_Support"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "HTTP" "HTTPS"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status disable
|
|
set inspection-mode flow
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "no-inspection"
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments ''
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 10076
|
|
set status disable
|
|
set name "Apple_Cache"
|
|
set uuid 81ab9d98-3814-51ef-b8cb-8f477b83a491
|
|
set srcintf "outside"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "all"
|
|
set dstaddr "vip-applecaching"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL_TCP"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Apple Caching Server Access"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 10094
|
|
set status enable
|
|
set name "DNS_ns1"
|
|
set uuid 81ad75dc-3814-51ef-f09d-c2b8f787df67
|
|
set srcintf "outside"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "all"
|
|
set dstaddr "vip-ns1"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "DNS"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "DNS - External"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 10092
|
|
set status enable
|
|
set name "DNS_ns2"
|
|
set uuid 81af4632-3814-51ef-448f-03cf7baa0fcd
|
|
set srcintf "outside"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "all"
|
|
set dstaddr "vip-ns2"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "DNS"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "DNS - External"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 10108
|
|
set status enable
|
|
set name "LDAP_Access"
|
|
set uuid 81b1158e-3814-51ef-e736-4ff0961ed5e0
|
|
set srcintf "outside"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "Safeschools_Group"
|
|
set dstaddr "vip-DC01"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "LDAP" "LDAP_UDP" "TCP-636"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "LDAP"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 10130
|
|
set status enable
|
|
set name "Airwatch"
|
|
set uuid 81b4f8d4-3814-51ef-470c-24615314b6bd
|
|
set srcintf "outside"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "all"
|
|
set dstaddr "vip-Airwatchapp"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "Airwatch_Services_Group"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Airwatch Access"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 10054
|
|
set status enable
|
|
set name "SCSD_Website"
|
|
set uuid 81b6d604-3814-51ef-6668-0efb18da8bc4
|
|
set srcintf "outside"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "United_States"
|
|
set dstaddr "vip-Webosphere"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "HTTP" "HTTPS"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set geoip-anycast disable
|
|
set geoip-match physical-location
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Website - scsd.us"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 10138
|
|
set status enable
|
|
set name "WebHelpDesk"
|
|
set uuid 81b8bcbc-3814-51ef-3a27-c1f21f5d717f
|
|
set srcintf "outside"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "United_States"
|
|
set dstaddr "vip-webhelpdesk"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "HTTPS"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set geoip-anycast disable
|
|
set geoip-match physical-location
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Webpage - helpdesk.scsd.us"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 117
|
|
set status enable
|
|
set name "RAP>Inside>DCs"
|
|
set uuid fd182646-56ad-51f0-29cf-aeb9b387ba3b
|
|
set srcintf "RAP"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "RAP_10.67.0.0/16" "RAP-MGMT"
|
|
set dstaddr "all"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile "g-default"
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list "App_Ctrl_1"
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments ''
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 10150
|
|
set status enable
|
|
set name "Tableau"
|
|
set uuid 81ba96fe-3814-51ef-6921-9f35497b8f80
|
|
set srcintf "outside"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "United_States"
|
|
set dstaddr "vip-tableau"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "HTTP" "HTTPS"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set geoip-anycast disable
|
|
set geoip-match physical-location
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Webpage - tableau.scsd.us"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 99
|
|
set status enable
|
|
set name "PrintOC"
|
|
set uuid 81c226ee-3814-51ef-987c-d26a0604f4f0
|
|
set srcintf "outside"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "United_States"
|
|
set dstaddr "vip-PrintOC"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "HTTPS"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set geoip-anycast disable
|
|
set geoip-match physical-location
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Oracle Web Printer"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 122
|
|
set status enable
|
|
set name "Print-OC_SFTP"
|
|
set uuid eed95dc4-f21c-51f0-847a-e5c011f0b4dc
|
|
set srcintf "outside"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "Oracle Cloud IP"
|
|
set dstaddr "vip-PrintOC"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "SSH"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Oracle Web Printer (Copy of PrintOC) (Copy of )"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 10184
|
|
set status enable
|
|
set name "ESS"
|
|
set uuid 81c5a1b6-3814-51ef-5bd9-deeadac2e8b2
|
|
set srcintf "outside"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "United_States"
|
|
set dstaddr "vip-scsdess"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "HTTP" "HTTPS"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set geoip-anycast disable
|
|
set geoip-match physical-location
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Employee Self Service"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 10182
|
|
set status enable
|
|
set name "Address_Lookup"
|
|
set uuid 81c77f5e-3814-51ef-24cf-937273f467c6
|
|
set srcintf "outside"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "United_States"
|
|
set dstaddr "vip-Neutrons"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "HTTPS"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set geoip-anycast disable
|
|
set geoip-match physical-location
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "Address Lookup for parents"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 93
|
|
set status enable
|
|
set name "SBC_Ribbon_Out->In"
|
|
set uuid 81c9586a-3814-51ef-76b4-4b2f00d4ef7b
|
|
set srcintf "outside"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "MS_Teams_External_Group"
|
|
set dstaddr "vip-sbc-noc" "vip-sbc-dan"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "SBC Ribbon"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 114
|
|
set status enable
|
|
set name "EMS_Out->In"
|
|
set uuid 57ea5a20-bcb3-51ef-3a9b-8209a3aa0052
|
|
set srcintf "outside"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "all"
|
|
set dstaddr "vip-EMS"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "HTTP" "HTTPS" "TCP-8443" "TCP-8013"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile ''
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list ''
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments "SBC Ribbon (Copy of SBC_Ribbon_Out->In)"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 118
|
|
set status enable
|
|
set name "Servers->RAP"
|
|
set uuid a7519eb8-5b67-51f0-81ee-bcd251f393c6
|
|
set srcintf "inside"
|
|
set dstintf "RAP"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "all"
|
|
set dstaddr "RAP_10.67.0.0/16" "RAP-MGMT" "RAP-FW-Inside"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status enable
|
|
set inspection-mode flow
|
|
set profile-type single
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "certificate-inspection"
|
|
set av-profile "g-default"
|
|
set webfilter-profile ''
|
|
set dnsfilter-profile ''
|
|
set emailfilter-profile ''
|
|
set dlp-profile ''
|
|
set file-filter-profile ''
|
|
set ips-sensor "Incoming_IPS"
|
|
set application-list "App_Ctrl_1"
|
|
set voip-profile ''
|
|
set ips-voip-filter ''
|
|
set sctp-filter-profile ''
|
|
set diameter-filter-profile ''
|
|
set virtual-patch-profile ''
|
|
set logtraffic all
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments " (Copy of RAP>Inside>DCs) (Reverse of RAP>Inside>DCs)"
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 95
|
|
set status enable
|
|
set name "SCSD -> DPS"
|
|
set uuid a19c7908-a391-51f0-832c-2db07d1b76ba
|
|
set srcintf "inside"
|
|
set dstintf "DPS"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "all"
|
|
set dstaddr "DPS_10.46.0.0/16" "DPS_Mgmt" "DPS_192.168.146.0/24"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status disable
|
|
set inspection-mode flow
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "no-inspection"
|
|
set logtraffic utm
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments ''
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 103
|
|
set status enable
|
|
set name "DPS-> SCSD"
|
|
set uuid 86078cfe-a392-51f0-c08c-e8a016eaf556
|
|
set srcintf "DPS"
|
|
set dstintf "inside"
|
|
set action accept
|
|
set nat64 disable
|
|
set nat46 disable
|
|
set ztna-status disable
|
|
set srcaddr "DPS_10.46.0.0/16" "DPS_192.168.146.0/24" "DPS_Mgmt"
|
|
set dstaddr "all"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status disable
|
|
set inspection-mode flow
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "no-inspection"
|
|
set logtraffic utm
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat disable
|
|
set pcp-inbound disable
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments ''
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
edit 104
|
|
set status enable
|
|
set name "DPS-> Outside"
|
|
set uuid 0545722a-a397-51f0-e7c5-fe7e645b19b6
|
|
set srcintf "DPS"
|
|
set dstintf "outside"
|
|
set action accept
|
|
set ztna-status disable
|
|
set srcaddr "DPS_10.46.0.0/16"
|
|
set dstaddr "all"
|
|
set internet-service disable
|
|
set internet-service-src disable
|
|
unset reputation-minimum
|
|
set internet-service6 disable
|
|
set internet-service6-src disable
|
|
unset reputation-minimum6
|
|
set rtp-nat disable
|
|
set schedule "always"
|
|
set schedule-timeout disable
|
|
set policy-expiry disable
|
|
set service "ALL"
|
|
set tos-mask 0x00
|
|
set anti-replay enable
|
|
set dynamic-shaping disable
|
|
set passive-wan-health-measurement disable
|
|
set utm-status disable
|
|
set inspection-mode flow
|
|
set profile-protocol-options "default"
|
|
set ssl-ssh-profile "no-inspection"
|
|
set logtraffic utm
|
|
set logtraffic-start disable
|
|
set capture-packet disable
|
|
set auto-asic-offload enable
|
|
set np-acceleration enable
|
|
set nat enable
|
|
set pcp-outbound disable
|
|
set pcp-inbound disable
|
|
set permit-any-host disable
|
|
set permit-stun-host disable
|
|
set fixedport disable
|
|
set port-preserve enable
|
|
set ippool enable
|
|
set poolname "ippool-198.36.23.253"
|
|
set session-ttl 0
|
|
set vlan-cos-fwd 255
|
|
set vlan-cos-rev 255
|
|
set fec disable
|
|
set wccp disable
|
|
set disclaimer disable
|
|
set email-collect disable
|
|
set natip 0.0.0.0 0.0.0.0
|
|
set diffserv-copy disable
|
|
set diffserv-forward disable
|
|
set diffserv-reverse disable
|
|
set tcp-mss-sender 0
|
|
set tcp-mss-receiver 0
|
|
set comments ''
|
|
set block-notification disable
|
|
set replacemsg-override-group ''
|
|
set srcaddr-negate disable
|
|
set srcaddr6-negate disable
|
|
set dstaddr-negate disable
|
|
set dstaddr6-negate disable
|
|
set service-negate disable
|
|
set timeout-send-rst disable
|
|
set captive-portal-exempt disable
|
|
set dsri disable
|
|
set radius-mac-auth-bypass disable
|
|
set delay-tcp-npu-session disable
|
|
unset vlan-filter
|
|
set traffic-shaper ''
|
|
set traffic-shaper-reverse ''
|
|
set per-ip-shaper ''
|
|
next
|
|
end
|
|
config firewall shaping-policy
|
|
end
|
|
config firewall shaping-profile
|
|
end
|
|
config firewall local-in-policy
|
|
end
|
|
config firewall local-in-policy6
|
|
end
|
|
config firewall ttl-policy
|
|
end
|
|
config firewall proxy-policy
|
|
end
|
|
config firewall dnstranslation
|
|
end
|
|
config firewall multicast-policy
|
|
end
|
|
config firewall multicast-policy6
|
|
end
|
|
config firewall interface-policy
|
|
end
|
|
config firewall interface-policy6
|
|
end
|
|
config firewall DoS-policy
|
|
edit 1
|
|
set status enable
|
|
set name "Country_Block_DOS"
|
|
set comments "Thresholds set to 1 to block all traffic from specific countries."
|
|
set interface "outside"
|
|
set srcaddr "Country Block"
|
|
set dstaddr "all"
|
|
set service "ALL"
|
|
config anomaly
|
|
edit "tcp_syn_flood"
|
|
set status enable
|
|
set log disable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 1
|
|
next
|
|
edit "tcp_port_scan"
|
|
set status enable
|
|
set log disable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 1
|
|
next
|
|
edit "tcp_src_session"
|
|
set status enable
|
|
set log disable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 1
|
|
next
|
|
edit "tcp_dst_session"
|
|
set status enable
|
|
set log disable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 1
|
|
next
|
|
edit "udp_flood"
|
|
set status enable
|
|
set log disable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 1
|
|
next
|
|
edit "udp_scan"
|
|
set status enable
|
|
set log disable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 1
|
|
next
|
|
edit "udp_src_session"
|
|
set status enable
|
|
set log disable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 1
|
|
next
|
|
edit "udp_dst_session"
|
|
set status enable
|
|
set log disable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 1
|
|
next
|
|
edit "icmp_flood"
|
|
set status enable
|
|
set log disable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 1
|
|
next
|
|
edit "icmp_sweep"
|
|
set status enable
|
|
set log disable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 1
|
|
next
|
|
edit "icmp_src_session"
|
|
set status enable
|
|
set log disable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 1
|
|
next
|
|
edit "icmp_dst_session"
|
|
set status enable
|
|
set log disable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 1
|
|
next
|
|
edit "ip_src_session"
|
|
set status enable
|
|
set log disable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 1
|
|
next
|
|
edit "ip_dst_session"
|
|
set status enable
|
|
set log disable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 1
|
|
next
|
|
edit "sctp_flood"
|
|
set status enable
|
|
set log disable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 1
|
|
next
|
|
edit "sctp_scan"
|
|
set status enable
|
|
set log disable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 1
|
|
next
|
|
edit "sctp_src_session"
|
|
set status enable
|
|
set log disable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 1
|
|
next
|
|
edit "sctp_dst_session"
|
|
set status enable
|
|
set log disable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 1
|
|
next
|
|
end
|
|
next
|
|
edit 3
|
|
set status enable
|
|
set name "Zoom-bypass"
|
|
set comments ''
|
|
set interface "outside"
|
|
set srcaddr "all"
|
|
set dstaddr "all"
|
|
set service "Zoom UDP Ports"
|
|
config anomaly
|
|
edit "tcp_syn_flood"
|
|
set status disable
|
|
set log disable
|
|
set action pass
|
|
set quarantine none
|
|
set threshold 2000
|
|
next
|
|
edit "tcp_port_scan"
|
|
set status disable
|
|
set log disable
|
|
set action pass
|
|
set quarantine none
|
|
set threshold 1000
|
|
next
|
|
edit "tcp_src_session"
|
|
set status disable
|
|
set log disable
|
|
set action pass
|
|
set quarantine none
|
|
set threshold 5000
|
|
next
|
|
edit "tcp_dst_session"
|
|
set status disable
|
|
set log disable
|
|
set action pass
|
|
set quarantine none
|
|
set threshold 5000
|
|
next
|
|
edit "udp_flood"
|
|
set status enable
|
|
set log enable
|
|
set action pass
|
|
set quarantine none
|
|
set threshold 2000
|
|
next
|
|
edit "udp_scan"
|
|
set status disable
|
|
set log disable
|
|
set action pass
|
|
set quarantine none
|
|
set threshold 2000
|
|
next
|
|
edit "udp_src_session"
|
|
set status disable
|
|
set log disable
|
|
set action pass
|
|
set quarantine none
|
|
set threshold 5000
|
|
next
|
|
edit "udp_dst_session"
|
|
set status disable
|
|
set log disable
|
|
set action pass
|
|
set quarantine none
|
|
set threshold 5000
|
|
next
|
|
edit "icmp_flood"
|
|
set status disable
|
|
set log disable
|
|
set action pass
|
|
set quarantine none
|
|
set threshold 250
|
|
next
|
|
edit "icmp_sweep"
|
|
set status disable
|
|
set log disable
|
|
set action pass
|
|
set quarantine none
|
|
set threshold 100
|
|
next
|
|
edit "icmp_src_session"
|
|
set status disable
|
|
set log disable
|
|
set action pass
|
|
set quarantine none
|
|
set threshold 300
|
|
next
|
|
edit "icmp_dst_session"
|
|
set status disable
|
|
set log disable
|
|
set action pass
|
|
set quarantine none
|
|
set threshold 1000
|
|
next
|
|
edit "ip_src_session"
|
|
set status disable
|
|
set log disable
|
|
set action pass
|
|
set quarantine none
|
|
set threshold 5000
|
|
next
|
|
edit "ip_dst_session"
|
|
set status disable
|
|
set log disable
|
|
set action pass
|
|
set quarantine none
|
|
set threshold 5000
|
|
next
|
|
edit "sctp_flood"
|
|
set status disable
|
|
set log disable
|
|
set action pass
|
|
set quarantine none
|
|
set threshold 2000
|
|
next
|
|
edit "sctp_scan"
|
|
set status disable
|
|
set log disable
|
|
set action pass
|
|
set quarantine none
|
|
set threshold 1000
|
|
next
|
|
edit "sctp_src_session"
|
|
set status disable
|
|
set log disable
|
|
set action pass
|
|
set quarantine none
|
|
set threshold 5000
|
|
next
|
|
edit "sctp_dst_session"
|
|
set status disable
|
|
set log disable
|
|
set action pass
|
|
set quarantine none
|
|
set threshold 5000
|
|
next
|
|
end
|
|
next
|
|
edit 2
|
|
set status enable
|
|
set name "DoS_Default"
|
|
set comments ''
|
|
set interface "outside"
|
|
set srcaddr "all"
|
|
set dstaddr "all"
|
|
set service "ALL"
|
|
config anomaly
|
|
edit "tcp_syn_flood"
|
|
set status enable
|
|
set log enable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 2000
|
|
next
|
|
edit "tcp_port_scan"
|
|
set status enable
|
|
set log enable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 1000
|
|
next
|
|
edit "tcp_src_session"
|
|
set status enable
|
|
set log enable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 5000
|
|
next
|
|
edit "tcp_dst_session"
|
|
set status enable
|
|
set log enable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 5000
|
|
next
|
|
edit "udp_flood"
|
|
set status enable
|
|
set log enable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 20000
|
|
next
|
|
edit "udp_scan"
|
|
set status enable
|
|
set log enable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 2000
|
|
next
|
|
edit "udp_src_session"
|
|
set status enable
|
|
set log enable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 5000
|
|
next
|
|
edit "udp_dst_session"
|
|
set status enable
|
|
set log enable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 5000
|
|
next
|
|
edit "icmp_flood"
|
|
set status enable
|
|
set log enable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 250
|
|
next
|
|
edit "icmp_sweep"
|
|
set status enable
|
|
set log enable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 100
|
|
next
|
|
edit "icmp_src_session"
|
|
set status enable
|
|
set log enable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 300
|
|
next
|
|
edit "icmp_dst_session"
|
|
set status enable
|
|
set log enable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 1000
|
|
next
|
|
edit "ip_src_session"
|
|
set status enable
|
|
set log enable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 5000
|
|
next
|
|
edit "ip_dst_session"
|
|
set status enable
|
|
set log enable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 5000
|
|
next
|
|
edit "sctp_flood"
|
|
set status enable
|
|
set log enable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 2000
|
|
next
|
|
edit "sctp_scan"
|
|
set status enable
|
|
set log enable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 1000
|
|
next
|
|
edit "sctp_src_session"
|
|
set status enable
|
|
set log enable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 5000
|
|
next
|
|
edit "sctp_dst_session"
|
|
set status enable
|
|
set log enable
|
|
set action block
|
|
set quarantine none
|
|
set threshold 5000
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config firewall DoS-policy6
|
|
end
|
|
config firewall sniffer
|
|
edit 8
|
|
set uuid 36fa8310-c0f6-51f0-af3f-cf024bc5cd86
|
|
set status enable
|
|
set logtraffic utm
|
|
set ipv6 disable
|
|
set non-ip disable
|
|
set interface "vpn-0fc50345"
|
|
set host "172.30.45.35"
|
|
set port "3389"
|
|
set protocol ''
|
|
set vlan ''
|
|
set dsri disable
|
|
next
|
|
edit 4
|
|
set uuid 36fa8db0-c0f6-51f0-6346-78d55fc36abd
|
|
set status enable
|
|
set logtraffic utm
|
|
set ipv6 disable
|
|
set non-ip disable
|
|
set interface "city_phones lag"
|
|
set host "10.250.229.0/24"
|
|
set port ''
|
|
set protocol ''
|
|
set vlan ''
|
|
set dsri disable
|
|
next
|
|
edit 6
|
|
set uuid 36fa97e2-c0f6-51f0-1f91-602bb9d08d10
|
|
set status enable
|
|
set logtraffic utm
|
|
set ipv6 disable
|
|
set non-ip disable
|
|
set interface "city_phones lag"
|
|
set host "10.1.150.20"
|
|
set port "8445"
|
|
set protocol ''
|
|
set vlan ''
|
|
set dsri disable
|
|
next
|
|
edit 5
|
|
set uuid 36faa2f0-c0f6-51f0-d0a3-a5b6aa82d820
|
|
set status enable
|
|
set logtraffic utm
|
|
set ipv6 disable
|
|
set non-ip disable
|
|
set interface "vpn-0403e61"
|
|
set host ''
|
|
set port ''
|
|
set protocol ''
|
|
set vlan ''
|
|
set dsri disable
|
|
next
|
|
edit 7
|
|
set uuid 36faa958-c0f6-51f0-f06c-44f6e557b95a
|
|
set status enable
|
|
set logtraffic utm
|
|
set ipv6 disable
|
|
set non-ip disable
|
|
set interface "outside lag"
|
|
set host "3.20.191.182"
|
|
set port ''
|
|
set protocol ''
|
|
set vlan ''
|
|
set dsri disable
|
|
next
|
|
edit 9
|
|
set uuid 36fab1f0-c0f6-51f0-a43f-71f4623d82eb
|
|
set status enable
|
|
set logtraffic utm
|
|
set ipv6 disable
|
|
set non-ip disable
|
|
set interface "Highstreet"
|
|
set host ''
|
|
set port ''
|
|
set protocol ''
|
|
set vlan ''
|
|
set dsri disable
|
|
next
|
|
edit 10
|
|
set uuid 36fab84e-c0f6-51f0-515c-1e42d3f07a15
|
|
set status enable
|
|
set logtraffic utm
|
|
set ipv6 disable
|
|
set non-ip disable
|
|
set interface "inside lag"
|
|
set host "192.168.79.2"
|
|
set port ''
|
|
set protocol ''
|
|
set vlan ''
|
|
set dsri disable
|
|
next
|
|
edit 11
|
|
set uuid 36fac0c8-c0f6-51f0-e9e7-ad190564024f
|
|
set status enable
|
|
set logtraffic utm
|
|
set ipv6 disable
|
|
set non-ip disable
|
|
set interface "inside lag"
|
|
set host "10.46.1.1"
|
|
set port ''
|
|
set protocol ''
|
|
set vlan ''
|
|
set dsri disable
|
|
next
|
|
edit 12
|
|
set uuid 36fac938-c0f6-51f0-3e0a-9e48923f6653
|
|
set status enable
|
|
set logtraffic utm
|
|
set ipv6 disable
|
|
set non-ip disable
|
|
set interface "DPS"
|
|
set host "10.46.1.1"
|
|
set port ''
|
|
set protocol ''
|
|
set vlan ''
|
|
set dsri disable
|
|
next
|
|
edit 13
|
|
set uuid 36fad0c2-c0f6-51f0-cc14-10d54ecdbbb9
|
|
set status enable
|
|
set logtraffic utm
|
|
set ipv6 disable
|
|
set non-ip disable
|
|
set interface "port17"
|
|
set host "192.168.146.5"
|
|
set port ''
|
|
set protocol ''
|
|
set vlan ''
|
|
set dsri disable
|
|
next
|
|
edit 14
|
|
set uuid 36fadb9e-c0f6-51f0-dd8e-fdcc0d853ca2
|
|
set status enable
|
|
set logtraffic utm
|
|
set ipv6 disable
|
|
set non-ip disable
|
|
set interface "port19"
|
|
set host "192.168.146.5"
|
|
set port ''
|
|
set protocol ''
|
|
set vlan ''
|
|
set dsri disable
|
|
next
|
|
edit 15
|
|
set uuid 36fae666-c0f6-51f0-dc3f-12317d604f06
|
|
set status enable
|
|
set logtraffic utm
|
|
set ipv6 disable
|
|
set non-ip disable
|
|
set interface "RAP"
|
|
set host "192.168.79.2"
|
|
set port ''
|
|
set protocol ''
|
|
set vlan ''
|
|
set dsri disable
|
|
next
|
|
edit 16
|
|
set uuid 36faeeae-c0f6-51f0-9ee8-abe6590ce728
|
|
set status enable
|
|
set logtraffic utm
|
|
set ipv6 disable
|
|
set non-ip disable
|
|
set interface "city_phones lag"
|
|
set host ''
|
|
set port ''
|
|
set protocol ''
|
|
set vlan ''
|
|
set dsri disable
|
|
next
|
|
end
|
|
config firewall on-demand-sniffer
|
|
edit "outside lag_scsd"
|
|
set interface "outside lag"
|
|
set max-packet-count 100
|
|
set hosts "24.105.188.54"
|
|
set protocols 17
|
|
set non-ip-packet disable
|
|
set advanced-filter ''
|
|
next
|
|
end
|
|
config firewall acl
|
|
end
|
|
config firewall acl6
|
|
end
|
|
config firewall central-snat-map
|
|
end
|
|
config firewall ip-translation
|
|
end
|
|
config authentication scheme
|
|
end
|
|
config authentication rule
|
|
end
|
|
config authentication setting
|
|
set active-auth-scheme ''
|
|
set sso-auth-scheme ''
|
|
set update-time 0000-00-00 00:00:00
|
|
set persistent-cookie enable
|
|
set ip-auth-cookie disable
|
|
set cookie-max-age 480
|
|
set cookie-refresh-div 2
|
|
set captive-portal-type fqdn
|
|
set captive-portal ''
|
|
set captive-portal6 ''
|
|
set cert-auth disable
|
|
set captive-portal-port 7830
|
|
set auth-https enable
|
|
set captive-portal-ssl-port 7831
|
|
end
|
|
config system speed-test-schedule
|
|
end
|
|
config switch-controller switch-interface-tag
|
|
end
|
|
config switch-controller 802-1X-settings
|
|
set link-down-auth set-unauth
|
|
set reauth-period 60
|
|
set max-reauth-attempt 3
|
|
set tx-period 30
|
|
set mab-reauth disable
|
|
set mac-username-delimiter hyphen
|
|
set mac-password-delimiter hyphen
|
|
set mac-calling-station-delimiter hyphen
|
|
set mac-called-station-delimiter hyphen
|
|
set mac-case lowercase
|
|
end
|
|
config switch-controller security-policy 802-1X
|
|
edit "802-1X-policy-default"
|
|
set security-mode 802.1X
|
|
set user-group "SSO_Guest_Users"
|
|
set mac-auth-bypass disable
|
|
set open-auth disable
|
|
set eap-passthru enable
|
|
set eap-auto-untagged-vlans enable
|
|
set guest-vlan disable
|
|
set guest-auth-delay 30
|
|
set auth-fail-vlan disable
|
|
set framevid-apply enable
|
|
set radius-timeout-overwrite disable
|
|
set policy-type 802.1X
|
|
set authserver-timeout-vlan disable
|
|
set dacl disable
|
|
next
|
|
end
|
|
config switch-controller security-policy local-access
|
|
edit "default"
|
|
set mgmt-allowaccess https ping ssh
|
|
set internal-allowaccess https ping ssh
|
|
next
|
|
end
|
|
config switch-controller location
|
|
end
|
|
config switch-controller lldp-settings
|
|
set tx-hold 4
|
|
set tx-interval 30
|
|
set fast-start-interval 2
|
|
set management-interface internal
|
|
set device-detection enable
|
|
end
|
|
config switch-controller lldp-profile
|
|
edit "default"
|
|
set med-tlvs inventory-management network-policy location-identification
|
|
unset 802.1-tlvs
|
|
unset 802.3-tlvs
|
|
set auto-isl disable
|
|
config med-network-policy
|
|
edit "voice"
|
|
set status disable
|
|
next
|
|
edit "voice-signaling"
|
|
set status disable
|
|
next
|
|
edit "guest-voice"
|
|
set status disable
|
|
next
|
|
edit "guest-voice-signaling"
|
|
set status disable
|
|
next
|
|
edit "softphone-voice"
|
|
set status disable
|
|
next
|
|
edit "video-conferencing"
|
|
set status disable
|
|
next
|
|
edit "streaming-video"
|
|
set status disable
|
|
next
|
|
edit "video-signaling"
|
|
set status disable
|
|
next
|
|
end
|
|
config med-location-service
|
|
edit "coordinates"
|
|
set status disable
|
|
next
|
|
edit "address-civic"
|
|
set status disable
|
|
next
|
|
edit "elin-number"
|
|
set status disable
|
|
next
|
|
end
|
|
next
|
|
edit "default-auto-isl"
|
|
unset med-tlvs
|
|
unset 802.1-tlvs
|
|
unset 802.3-tlvs
|
|
set auto-isl enable
|
|
set auto-isl-hello-timer 3
|
|
set auto-isl-receive-timeout 60
|
|
set auto-isl-port-group 0
|
|
set auto-mclag-icl disable
|
|
set auto-isl-auth legacy
|
|
next
|
|
edit "default-auto-mclag-icl"
|
|
unset med-tlvs
|
|
unset 802.1-tlvs
|
|
unset 802.3-tlvs
|
|
set auto-isl enable
|
|
set auto-isl-hello-timer 3
|
|
set auto-isl-receive-timeout 60
|
|
set auto-isl-port-group 0
|
|
set auto-mclag-icl enable
|
|
set auto-isl-auth legacy
|
|
next
|
|
end
|
|
config switch-controller qos dot1p-map
|
|
edit "voice-dot1p"
|
|
set description ''
|
|
set egress-pri-tagging disable
|
|
set priority-0 queue-4
|
|
set priority-1 queue-4
|
|
set priority-2 queue-3
|
|
set priority-3 queue-2
|
|
set priority-4 queue-3
|
|
set priority-5 queue-1
|
|
set priority-6 queue-2
|
|
set priority-7 queue-2
|
|
next
|
|
end
|
|
config switch-controller qos ip-dscp-map
|
|
edit "voice-dscp"
|
|
set description ''
|
|
config map
|
|
edit "1"
|
|
set cos-queue 1
|
|
set value 46
|
|
next
|
|
edit "2"
|
|
set cos-queue 2
|
|
set value 24,26,48,56
|
|
next
|
|
edit "5"
|
|
set cos-queue 3
|
|
set value 34
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config switch-controller qos queue-policy
|
|
edit "default"
|
|
set schedule round-robin
|
|
set rate-by kbps
|
|
config cos-queue
|
|
edit "queue-0"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-1"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-2"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-3"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-4"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-5"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-6"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-7"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
end
|
|
next
|
|
edit "voice-egress"
|
|
set schedule weighted
|
|
set rate-by kbps
|
|
config cos-queue
|
|
edit "queue-0"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-1"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 0
|
|
next
|
|
edit "queue-2"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 6
|
|
next
|
|
edit "queue-3"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 37
|
|
next
|
|
edit "queue-4"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 12
|
|
next
|
|
edit "queue-5"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-6"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
edit "queue-7"
|
|
set description ''
|
|
set min-rate 0
|
|
set max-rate 0
|
|
set drop-policy taildrop
|
|
set weight 1
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config switch-controller qos qos-policy
|
|
edit "default"
|
|
set default-cos 0
|
|
set trust-dot1p-map ''
|
|
set trust-ip-dscp-map ''
|
|
set queue-policy "default"
|
|
next
|
|
edit "voice-qos"
|
|
set default-cos 0
|
|
set trust-dot1p-map "voice-dot1p"
|
|
set trust-ip-dscp-map "voice-dscp"
|
|
set queue-policy "voice-egress"
|
|
next
|
|
end
|
|
config switch-controller storm-control-policy
|
|
edit "default"
|
|
set description "default storm control on all port"
|
|
set storm-control-mode global
|
|
next
|
|
edit "auto-config"
|
|
set description "storm control policy for fortilink-isl-icl port"
|
|
set storm-control-mode disabled
|
|
next
|
|
end
|
|
config switch-controller auto-config policy
|
|
edit "pse"
|
|
set qos-policy "default"
|
|
set storm-control-policy "auto-config"
|
|
set poe-status enable
|
|
set igmp-flood-report disable
|
|
set igmp-flood-traffic disable
|
|
next
|
|
edit "default"
|
|
set qos-policy "default"
|
|
set storm-control-policy "auto-config"
|
|
set poe-status enable
|
|
set igmp-flood-report disable
|
|
set igmp-flood-traffic disable
|
|
next
|
|
edit "default-icl"
|
|
set qos-policy "default"
|
|
set storm-control-policy "auto-config"
|
|
set poe-status disable
|
|
set igmp-flood-report enable
|
|
set igmp-flood-traffic enable
|
|
next
|
|
end
|
|
config switch-controller auto-config default
|
|
set fgt-policy "default"
|
|
set isl-policy "default"
|
|
set icl-policy "default-icl"
|
|
end
|
|
config switch-controller auto-config custom
|
|
end
|
|
config switch-controller initial-config template
|
|
edit "_default"
|
|
set vlanid 1
|
|
unset allowaccess
|
|
set dhcp-server disable
|
|
next
|
|
edit "quarantine"
|
|
set vlanid 4093
|
|
unset allowaccess
|
|
set auto-ip enable
|
|
set dhcp-server enable
|
|
next
|
|
edit "rspan"
|
|
set vlanid 4092
|
|
unset allowaccess
|
|
set auto-ip enable
|
|
set dhcp-server enable
|
|
next
|
|
edit "voice"
|
|
set vlanid 4091
|
|
unset allowaccess
|
|
set dhcp-server disable
|
|
next
|
|
edit "video"
|
|
set vlanid 4090
|
|
unset allowaccess
|
|
set dhcp-server disable
|
|
next
|
|
edit "onboarding"
|
|
set vlanid 4089
|
|
unset allowaccess
|
|
set dhcp-server disable
|
|
next
|
|
edit "nac_segment"
|
|
set vlanid 4088
|
|
unset allowaccess
|
|
set auto-ip enable
|
|
set dhcp-server enable
|
|
next
|
|
end
|
|
config switch-controller initial-config vlans
|
|
set default-vlan "_default"
|
|
set quarantine "quarantine"
|
|
set rspan "rspan"
|
|
set voice "voice"
|
|
set video "video"
|
|
set nac "onboarding"
|
|
set nac-segment "nac_segment"
|
|
end
|
|
config switch-controller switch-profile
|
|
edit "default"
|
|
set login-passwd-override disable
|
|
set login enable
|
|
set revision-backup-on-logout disable
|
|
set revision-backup-on-upgrade disable
|
|
next
|
|
end
|
|
config switch-controller custom-command
|
|
end
|
|
config switch-controller virtual-port-pool
|
|
end
|
|
config switch-controller ptp profile
|
|
edit "default"
|
|
set description ''
|
|
set mode transparent-e2e
|
|
next
|
|
end
|
|
config switch-controller ptp interface-policy
|
|
edit "default"
|
|
set description ''
|
|
set vlan ''
|
|
set vlan-pri 4
|
|
next
|
|
end
|
|
config switch-controller vlan-policy
|
|
end
|
|
config switch-controller acl ingress
|
|
end
|
|
config switch-controller acl group
|
|
end
|
|
config switch-controller dynamic-port-policy
|
|
end
|
|
config switch-controller managed-switch
|
|
end
|
|
config switch-controller switch-group
|
|
end
|
|
config switch-controller stp-settings
|
|
set name ''
|
|
set revision 0
|
|
set hello-time 2
|
|
set forward-time 15
|
|
set max-age 20
|
|
set max-hops 20
|
|
end
|
|
config switch-controller stp-instance
|
|
end
|
|
config switch-controller storm-control
|
|
set rate 500
|
|
set unknown-unicast disable
|
|
set unknown-multicast disable
|
|
set broadcast disable
|
|
end
|
|
config switch-controller global
|
|
set mac-aging-interval 300
|
|
set https-image-push enable
|
|
set vlan-optimization enable
|
|
set vlan-identity name
|
|
set mac-retention-period 24
|
|
set default-virtual-switch-vlan ''
|
|
set dhcp-server-access-list disable
|
|
set dhcp-option82-format ascii
|
|
set dhcp-option82-circuit-id intfname vlan mode
|
|
set dhcp-option82-remote-id mac
|
|
set dhcp-snoop-client-req drop-untrusted
|
|
set dhcp-snoop-client-db-exp 86400
|
|
set dhcp-snoop-db-per-port-learn-limit 64
|
|
set log-mac-limit-violations disable
|
|
set sn-dns-resolution enable
|
|
set mac-event-logging disable
|
|
set bounce-quarantined-link disable
|
|
set quarantine-mode by-vlan
|
|
set update-user-device mac-cache lldp dhcp-snooping l2-db l3-db
|
|
set fips-enforce enable
|
|
set firmware-provision-on-authorization disable
|
|
set switch-on-deauth no-op
|
|
end
|
|
config switch-controller switch-log
|
|
set status enable
|
|
set severity notification
|
|
end
|
|
config switch-controller igmp-snooping
|
|
set aging-time 300
|
|
set flood-unknown-multicast disable
|
|
set query-interval 125
|
|
end
|
|
config switch-controller sflow
|
|
set collector-ip 0.0.0.0
|
|
set collector-port 6343
|
|
end
|
|
config switch-controller network-monitor-settings
|
|
set network-monitoring disable
|
|
end
|
|
config switch-controller flow-tracking
|
|
set sample-mode perimeter
|
|
set sample-rate 512
|
|
set format netflow9
|
|
set level ip
|
|
set max-export-pkt-size 512
|
|
set template-export-period 5
|
|
set timeout-general 3600
|
|
set timeout-icmp 300
|
|
set timeout-max 604800
|
|
set timeout-tcp 3600
|
|
set timeout-tcp-fin 300
|
|
set timeout-tcp-rst 120
|
|
set timeout-udp 300
|
|
end
|
|
config switch-controller snmp-sysinfo
|
|
set status disable
|
|
set engine-id ''
|
|
set description ''
|
|
set contact-info ''
|
|
set location ''
|
|
end
|
|
config switch-controller snmp-trap-threshold
|
|
set trap-high-cpu-threshold 80
|
|
set trap-low-memory-threshold 80
|
|
set trap-log-full-threshold 90
|
|
end
|
|
config switch-controller snmp-community
|
|
end
|
|
config switch-controller snmp-user
|
|
end
|
|
config switch-controller traffic-sniffer
|
|
set mode erspan-auto
|
|
set erspan-ip 0.0.0.0
|
|
end
|
|
config switch-controller remote-log
|
|
edit "syslogd"
|
|
set status disable
|
|
next
|
|
edit "syslogd2"
|
|
set status disable
|
|
next
|
|
end
|
|
config switch-controller mac-policy
|
|
end
|
|
config wireless-controller setting
|
|
set account-id ''
|
|
set country US
|
|
set duplicate-ssid disable
|
|
set fapc-compatibility disable
|
|
set wfa-compatibility disable
|
|
set phishing-ssid-detect enable
|
|
set fake-ssid-action log
|
|
set device-weight 1
|
|
set device-holdoff 5
|
|
set device-idle 1440
|
|
set firmware-provision-on-authorization disable
|
|
set rolling-wtp-upgrade disable
|
|
set darrp-optimize 86400
|
|
set darrp-optimize-schedules "default-darrp-optimize"
|
|
end
|
|
config wireless-controller log
|
|
set status enable
|
|
set addrgrp-log notification
|
|
set ble-log notification
|
|
set clb-log notification
|
|
set dhcp-starv-log notification
|
|
set led-sched-log notification
|
|
set radio-event-log notification
|
|
set rogue-event-log notification
|
|
set sta-event-log notification
|
|
set sta-locate-log notification
|
|
set wids-log notification
|
|
set wtp-event-log notification
|
|
set wtp-fips-event-log notification
|
|
end
|
|
config wireless-controller apcfg-profile
|
|
end
|
|
config wireless-controller bonjour-profile
|
|
end
|
|
config wireless-controller arrp-profile
|
|
edit "arrp-default"
|
|
set comment ''
|
|
set selection-period 3600
|
|
set monitor-period 300
|
|
set weight-managed-ap 50
|
|
set weight-rogue-ap 10
|
|
set weight-noise-floor 40
|
|
set weight-channel-load 20
|
|
set weight-spectral-rssi 40
|
|
set weight-weather-channel 0
|
|
set weight-dfs-channel 0
|
|
set threshold-ap 250
|
|
set threshold-noise-floor "-85"
|
|
set threshold-channel-load 60
|
|
set threshold-spectral-rssi "-65"
|
|
set threshold-tx-retries 300
|
|
set threshold-rx-errors 50
|
|
set include-weather-channel enable
|
|
set include-dfs-channel enable
|
|
set override-darrp-optimize disable
|
|
next
|
|
end
|
|
config wireless-controller region
|
|
end
|
|
config wireless-controller vap-group
|
|
end
|
|
config wireless-controller wids-profile
|
|
edit "default"
|
|
set comment "Default WIDS profile."
|
|
set sensor-mode disable
|
|
set ap-scan enable
|
|
set ap-bgscan-period 600
|
|
set ap-bgscan-intv 1
|
|
set ap-bgscan-duration 20
|
|
set ap-bgscan-idle 0
|
|
set ap-bgscan-report-intv 30
|
|
set ap-fgscan-report-intv 15
|
|
set ap-scan-passive disable
|
|
set ap-scan-threshold "-90"
|
|
set wireless-bridge enable
|
|
set deauth-broadcast enable
|
|
set null-ssid-probe-resp enable
|
|
set long-duration-attack enable
|
|
set long-duration-thresh 8200
|
|
set invalid-mac-oui enable
|
|
set weak-wep-iv enable
|
|
set auth-frame-flood enable
|
|
set auth-flood-time 10
|
|
set auth-flood-thresh 30
|
|
set assoc-frame-flood enable
|
|
set assoc-flood-time 10
|
|
set assoc-flood-thresh 30
|
|
set spoofed-deauth enable
|
|
set asleap-attack enable
|
|
set eapol-start-flood enable
|
|
set eapol-start-thresh 10
|
|
set eapol-start-intv 1
|
|
set eapol-logoff-flood enable
|
|
set eapol-logoff-thresh 10
|
|
set eapol-logoff-intv 1
|
|
set eapol-succ-flood enable
|
|
set eapol-succ-thresh 10
|
|
set eapol-succ-intv 1
|
|
set eapol-fail-flood enable
|
|
set eapol-fail-thresh 10
|
|
set eapol-fail-intv 1
|
|
set eapol-pre-succ-flood enable
|
|
set eapol-pre-succ-thresh 10
|
|
set eapol-pre-succ-intv 1
|
|
set eapol-pre-fail-flood enable
|
|
set eapol-pre-fail-thresh 10
|
|
set eapol-pre-fail-intv 1
|
|
set deauth-unknown-src-thresh 10
|
|
next
|
|
edit "default-wids-apscan-enabled"
|
|
set comment ''
|
|
set sensor-mode disable
|
|
set ap-scan enable
|
|
set ap-bgscan-period 600
|
|
set ap-bgscan-intv 1
|
|
set ap-bgscan-duration 20
|
|
set ap-bgscan-idle 0
|
|
set ap-bgscan-report-intv 30
|
|
set ap-fgscan-report-intv 15
|
|
set ap-scan-passive disable
|
|
set ap-scan-threshold "-90"
|
|
set wireless-bridge disable
|
|
set deauth-broadcast disable
|
|
set null-ssid-probe-resp disable
|
|
set long-duration-attack disable
|
|
set long-duration-thresh 8200
|
|
set invalid-mac-oui disable
|
|
set weak-wep-iv disable
|
|
set auth-frame-flood disable
|
|
set assoc-frame-flood disable
|
|
set spoofed-deauth disable
|
|
set asleap-attack disable
|
|
set eapol-start-flood disable
|
|
set eapol-logoff-flood disable
|
|
set eapol-succ-flood disable
|
|
set eapol-fail-flood disable
|
|
set eapol-pre-succ-flood disable
|
|
set eapol-pre-fail-flood disable
|
|
set deauth-unknown-src-thresh 10
|
|
next
|
|
end
|
|
config wireless-controller ble-profile
|
|
edit "fortiap-discovery"
|
|
set comment ''
|
|
set advertising ibeacon eddystone-uid eddystone-url
|
|
set ibeacon-uuid "wtp-uuid"
|
|
set major-id 1000
|
|
set minor-id 2000
|
|
set eddystone-namespace "0102030405"
|
|
set eddystone-instance "abcdef"
|
|
set eddystone-url "http://www.fortinet.com"
|
|
set txpower 0
|
|
set beacon-interval 100
|
|
set ble-scanning disable
|
|
set scan-type active
|
|
set scan-threshold "-90"
|
|
next
|
|
end
|
|
config wireless-controller syslog-profile
|
|
end
|
|
config wireless-controller wtp-profile
|
|
end
|
|
config wireless-controller wtp
|
|
end
|
|
config wireless-controller wtp-group
|
|
end
|
|
config wireless-controller qos-profile
|
|
end
|
|
config wireless-controller wag-profile
|
|
end
|
|
config wireless-controller snmp
|
|
set engine-id ''
|
|
set contact-info ''
|
|
set trap-high-cpu-threshold 80
|
|
set trap-high-mem-threshold 80
|
|
end
|
|
config wireless-controller mpsk-profile
|
|
end
|
|
config wireless-controller nac-profile
|
|
end
|
|
config wireless-controller ssid-policy
|
|
end
|
|
config wireless-controller access-control-list
|
|
end
|
|
config wireless-controller ap-status
|
|
end
|
|
config user nac-policy
|
|
end
|
|
config extension-controller dataplan
|
|
end
|
|
config extension-controller extender-vap
|
|
end
|
|
config extension-controller extender-profile
|
|
end
|
|
config extension-controller extender
|
|
end
|
|
config extension-controller fortigate-profile
|
|
end
|
|
config extension-controller fortigate
|
|
end
|
|
config system ips
|
|
set signature-hold-time 0h
|
|
end
|
|
config endpoint-control settings
|
|
set override disable
|
|
end
|
|
config ips custom
|
|
end
|
|
config ips settings
|
|
set packet-log-history 1
|
|
set packet-log-post-attack 0
|
|
set ips-packet-quota 0
|
|
set proxy-inline-ips disable
|
|
end
|
|
config alertemail setting
|
|
set username ''
|
|
set mailto1 ''
|
|
set mailto2 ''
|
|
set mailto3 ''
|
|
set filter-mode category
|
|
set email-interval 5
|
|
set IPS-logs disable
|
|
set firewall-authentication-failure-logs disable
|
|
set IPsec-errors-logs disable
|
|
set PPP-errors-logs disable
|
|
set sslvpn-authentication-errors-logs disable
|
|
set antivirus-logs disable
|
|
set webfilter-logs disable
|
|
set configuration-changes-logs disable
|
|
set violation-traffic-logs disable
|
|
set admin-login-logs disable
|
|
set log-disk-usage-warning disable
|
|
set FSSO-disconnect-logs disable
|
|
set ssh-logs disable
|
|
set local-disk-usage 75
|
|
end
|
|
config router access-list
|
|
end
|
|
config router access-list6
|
|
end
|
|
config router aspath-list
|
|
end
|
|
config router prefix-list
|
|
end
|
|
config router prefix-list6
|
|
end
|
|
config router key-chain
|
|
end
|
|
config router community-list
|
|
end
|
|
config router extcommunity-list
|
|
end
|
|
config router route-map
|
|
end
|
|
config router rip
|
|
set default-information-originate disable
|
|
set default-metric 1
|
|
set max-out-metric 0
|
|
config redistribute "connected"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "static"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "ospf"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "bgp"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "isis"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
set update-timer 30
|
|
set timeout-timer 180
|
|
set garbage-timer 120
|
|
set version 2
|
|
end
|
|
config router ripng
|
|
set default-information-originate disable
|
|
set default-metric 1
|
|
set max-out-metric 0
|
|
config redistribute "connected"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "static"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "ospf"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "bgp"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
config redistribute "isis"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
end
|
|
set update-timer 30
|
|
set timeout-timer 180
|
|
set garbage-timer 120
|
|
end
|
|
config router static
|
|
edit 1
|
|
set status enable
|
|
set dst 0.0.0.0 0.0.0.0
|
|
set gateway 198.36.24.1
|
|
set preferred-source 0.0.0.0
|
|
set distance 1
|
|
set weight 0
|
|
set priority 1
|
|
set device "outside lag"
|
|
set comment "Outgoing traffic"
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set dstaddr ''
|
|
unset internet-service
|
|
set internet-service-custom ''
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 2
|
|
set status enable
|
|
set dst 10.0.0.0 255.0.0.0
|
|
set gateway 10.251.1.1
|
|
set preferred-source 0.0.0.0
|
|
set distance 1
|
|
set weight 0
|
|
set priority 1
|
|
set device "inside lag"
|
|
set comment "Internal traffic"
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 3
|
|
set status enable
|
|
set dst 10.250.201.0 255.255.255.0
|
|
set gateway 10.251.1.1
|
|
set preferred-source 0.0.0.0
|
|
set distance 1
|
|
set weight 0
|
|
set priority 1
|
|
set device "inside lag"
|
|
set comment "Ring 1"
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 4
|
|
set status enable
|
|
set dst 10.250.202.0 255.255.255.0
|
|
set gateway 10.251.1.1
|
|
set preferred-source 0.0.0.0
|
|
set distance 1
|
|
set weight 0
|
|
set priority 1
|
|
set device "inside lag"
|
|
set comment "Ring 2"
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 5
|
|
set status enable
|
|
set dst 10.250.203.0 255.255.255.0
|
|
set gateway 10.251.1.1
|
|
set preferred-source 0.0.0.0
|
|
set distance 1
|
|
set weight 0
|
|
set priority 1
|
|
set device "inside lag"
|
|
set comment "Ring 3"
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 6
|
|
set status enable
|
|
set dst 10.250.204.0 255.255.255.0
|
|
set gateway 10.251.1.1
|
|
set preferred-source 0.0.0.0
|
|
set distance 1
|
|
set weight 0
|
|
set priority 1
|
|
set device "inside lag"
|
|
set comment "Ring 4"
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 7
|
|
set status enable
|
|
set dst 10.250.205.0 255.255.255.0
|
|
set gateway 10.251.1.1
|
|
set preferred-source 0.0.0.0
|
|
set distance 1
|
|
set weight 0
|
|
set priority 1
|
|
set device "inside lag"
|
|
set comment "Ring 5"
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 8
|
|
set status enable
|
|
set dst 10.250.206.0 255.255.255.0
|
|
set gateway 10.251.1.1
|
|
set preferred-source 0.0.0.0
|
|
set distance 1
|
|
set weight 0
|
|
set priority 1
|
|
set device "inside lag"
|
|
set comment "Ring 6"
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 9
|
|
set status enable
|
|
set dst 10.250.207.0 255.255.255.0
|
|
set gateway 10.251.1.1
|
|
set preferred-source 0.0.0.0
|
|
set distance 1
|
|
set weight 0
|
|
set priority 1
|
|
set device "inside lag"
|
|
set comment "Ring 7"
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 10
|
|
set status enable
|
|
set dst 10.250.208.0 255.255.255.0
|
|
set gateway 10.251.1.1
|
|
set preferred-source 0.0.0.0
|
|
set distance 1
|
|
set weight 0
|
|
set priority 1
|
|
set device "inside lag"
|
|
set comment "Ring 8"
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 11
|
|
set status enable
|
|
set dst 172.17.0.0 255.255.0.0
|
|
set gateway 10.251.1.1
|
|
set preferred-source 0.0.0.0
|
|
set distance 1
|
|
set weight 0
|
|
set priority 1
|
|
set device "inside lag"
|
|
set comment "CK Mobile 01 IP Range Route"
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 12
|
|
set status enable
|
|
set dst 172.18.0.0 255.255.0.0
|
|
set gateway 10.251.1.1
|
|
set preferred-source 0.0.0.0
|
|
set distance 1
|
|
set weight 0
|
|
set priority 1
|
|
set device "inside lag"
|
|
set comment "CK Mobile 02 IP Range Route"
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 13
|
|
set status enable
|
|
set dst 172.19.0.0 255.255.0.0
|
|
set gateway 10.251.1.1
|
|
set preferred-source 0.0.0.0
|
|
set distance 1
|
|
set weight 0
|
|
set priority 1
|
|
set device "inside lag"
|
|
set comment "CK Mobile 03 IP Range Route"
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 14
|
|
set status enable
|
|
set dst 192.168.0.0 255.255.0.0
|
|
set gateway 10.251.1.1
|
|
set preferred-source 0.0.0.0
|
|
set distance 1
|
|
set weight 0
|
|
set priority 1
|
|
set device "inside lag"
|
|
set comment "Management Internal"
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 15
|
|
set status enable
|
|
set dst 10.212.134.0 255.255.255.0
|
|
set gateway 10.251.1.1
|
|
set preferred-source 0.0.0.0
|
|
set distance 1
|
|
set weight 0
|
|
set priority 1
|
|
set device "inside lag"
|
|
set comment "Fortinet VPN"
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 16
|
|
set status enable
|
|
set dst 170.161.52.27 255.255.255.255
|
|
set preferred-source 0.0.0.0
|
|
set distance 1
|
|
set weight 0
|
|
set priority 1
|
|
set device "SRIC_BOCES"
|
|
set comment "SRIC BOCES Site-to-Site VPN Route"
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 17
|
|
set status enable
|
|
set dst 10.222.0.0 255.255.0.0
|
|
set preferred-source 0.0.0.0
|
|
set distance 10
|
|
set weight 0
|
|
set priority 1
|
|
set device "vpn-042e9903"
|
|
set comment "eScholar AWS Site-to-Site VPN"
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 18
|
|
set status enable
|
|
set dst 10.250.0.0 255.255.0.0
|
|
set gateway 10.250.100.92
|
|
set preferred-source 0.0.0.0
|
|
set distance 10
|
|
set weight 0
|
|
set priority 1
|
|
set device "city_phones lag"
|
|
set comment "Route to City Phones"
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 19
|
|
set status enable
|
|
set dst 10.107.49.0 255.255.255.0
|
|
set preferred-source 0.0.0.0
|
|
set distance 10
|
|
set weight 0
|
|
set priority 1
|
|
set device "SCHC"
|
|
set comment "Syracuse Community Health Center Routes"
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 20
|
|
set status enable
|
|
set dst 10.107.100.0 255.255.255.0
|
|
set preferred-source 0.0.0.0
|
|
set distance 10
|
|
set weight 0
|
|
set priority 1
|
|
set device "SCHC"
|
|
set comment "Syracuse Community Health Center Routes"
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 21
|
|
set status enable
|
|
set dst 10.107.50.0 255.255.255.0
|
|
set preferred-source 0.0.0.0
|
|
set distance 10
|
|
set weight 0
|
|
set priority 1
|
|
set device "SCHC"
|
|
set comment "Syracuse Community Health Center Routes"
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 22
|
|
set status enable
|
|
set dst 10.253.17.0 255.255.255.0
|
|
set gateway 10.250.100.92
|
|
set preferred-source 0.0.0.0
|
|
set distance 10
|
|
set weight 0
|
|
set priority 1
|
|
set device "city_phones lag"
|
|
set comment "City CGRs"
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 23
|
|
set status enable
|
|
set dst 10.253.18.0 255.255.255.0
|
|
set gateway 10.250.100.92
|
|
set preferred-source 0.0.0.0
|
|
set distance 10
|
|
set weight 0
|
|
set priority 1
|
|
set device "city_phones lag"
|
|
set comment "City CGRs"
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 24
|
|
set status enable
|
|
set dst 0.0.0.0 0.0.0.0
|
|
set gateway 10.250.100.92
|
|
set preferred-source 0.0.0.0
|
|
set distance 10
|
|
set weight 0
|
|
set priority 1
|
|
set device "city_phones lag"
|
|
set comment "City Side Park Place VoIP Route"
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set dstaddr "City_Side_VoIP_Park_Place_Group"
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 25
|
|
set status enable
|
|
set dst 10.249.0.46 255.255.255.255
|
|
set gateway 10.250.100.92
|
|
set preferred-source 0.0.0.0
|
|
set distance 10
|
|
set weight 0
|
|
set priority 1
|
|
set device "city_phones lag"
|
|
set comment "City Water/DPW Recording"
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 26
|
|
set status enable
|
|
set dst 0.0.0.0 0.0.0.0
|
|
set gateway 10.250.100.92
|
|
set preferred-source 0.0.0.0
|
|
set distance 10
|
|
set weight 0
|
|
set priority 1
|
|
set device "city_phones lag"
|
|
set comment "SPD Genetec"
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set dstaddr "SPD_Side_Genetec"
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 34
|
|
set status enable
|
|
set dst 172.30.44.0 255.255.254.0
|
|
set preferred-source 0.0.0.0
|
|
set distance 10
|
|
set weight 0
|
|
set priority 1
|
|
set device "vpn-0fc50345"
|
|
set comment ''
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 28
|
|
set status disable
|
|
set dst 172.30.45.35 255.255.255.255
|
|
set preferred-source 0.0.0.0
|
|
set distance 10
|
|
set weight 0
|
|
set priority 1
|
|
set device "vpn-0fc50345"
|
|
set comment ''
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 29
|
|
set status enable
|
|
set dst 172.30.44.0 255.255.254.0
|
|
set distance 253
|
|
set weight 0
|
|
set priority 1
|
|
set comment ''
|
|
set blackhole enable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set vrf 0
|
|
next
|
|
edit 30
|
|
set status enable
|
|
set dst 10.11.0.0 255.255.240.0
|
|
set preferred-source 0.0.0.0
|
|
set distance 10
|
|
set weight 0
|
|
set priority 1
|
|
set device "vpn-0403e61"
|
|
set comment "eScholar AWS 2024"
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 31
|
|
set status disable
|
|
set dst 10.46.0.0 255.255.0.0
|
|
set preferred-source 0.0.0.0
|
|
set distance 10
|
|
set weight 0
|
|
set priority 1
|
|
set device "DPS"
|
|
set comment ''
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 32
|
|
set status disable
|
|
set dst 192.168.46.0 255.255.255.0
|
|
set preferred-source 0.0.0.0
|
|
set distance 10
|
|
set weight 0
|
|
set priority 1
|
|
set device "DPS"
|
|
set comment ''
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 33
|
|
set status enable
|
|
set dst 10.51.62.0 255.255.255.0
|
|
set preferred-source 0.0.0.0
|
|
set distance 10
|
|
set weight 0
|
|
set priority 1
|
|
set device "Highstreet"
|
|
set comment ''
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 37
|
|
set status disable
|
|
set dst 192.168.146.0 255.255.255.0
|
|
set preferred-source 0.0.0.0
|
|
set distance 10
|
|
set weight 0
|
|
set priority 1
|
|
set device "DPS"
|
|
set comment ''
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 35
|
|
set status enable
|
|
set dst 192.168.67.0 255.255.255.0
|
|
set preferred-source 0.0.0.0
|
|
set distance 10
|
|
set weight 0
|
|
set priority 1
|
|
set device "RAP"
|
|
set comment ''
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 36
|
|
set status enable
|
|
set dst 10.67.0.0 255.255.0.0
|
|
set preferred-source 0.0.0.0
|
|
set distance 10
|
|
set weight 0
|
|
set priority 1
|
|
set device "RAP"
|
|
set comment "RAP Users"
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
edit 38
|
|
set status enable
|
|
set dst 192.168.167.0 255.255.255.0
|
|
set preferred-source 0.0.0.0
|
|
set distance 10
|
|
set weight 0
|
|
set priority 1
|
|
set device "RAP"
|
|
set comment ''
|
|
set blackhole disable
|
|
set dynamic-gateway disable
|
|
set link-monitor-exempt disable
|
|
set tag 0
|
|
set bfd disable
|
|
next
|
|
end
|
|
config router policy
|
|
end
|
|
config router policy6
|
|
end
|
|
config router static6
|
|
end
|
|
config router ospf
|
|
set abr-type standard
|
|
set auto-cost-ref-bandwidth 1000
|
|
set distance-external 110
|
|
set distance-inter-area 110
|
|
set distance-intra-area 110
|
|
set database-overflow disable
|
|
set database-overflow-max-lsas 10000
|
|
set database-overflow-time-to-recover 300
|
|
set default-information-originate disable
|
|
set default-information-metric 10
|
|
set default-information-metric-type 2
|
|
set default-information-route-map ''
|
|
set default-metric 10
|
|
set distance 110
|
|
set rfc1583-compatible disable
|
|
set router-id 0.0.0.0
|
|
set spf-timers 5 10
|
|
set bfd disable
|
|
set log-neighbour-changes enable
|
|
set distribute-list-in ''
|
|
set distribute-route-map-in ''
|
|
set restart-mode none
|
|
config redistribute "connected"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
set tag 0
|
|
end
|
|
config redistribute "static"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
set tag 0
|
|
end
|
|
config redistribute "rip"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
set tag 0
|
|
end
|
|
config redistribute "bgp"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
set tag 0
|
|
end
|
|
config redistribute "isis"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
set tag 0
|
|
end
|
|
end
|
|
config router ospf6
|
|
set abr-type standard
|
|
set auto-cost-ref-bandwidth 1000
|
|
set default-information-originate disable
|
|
set log-neighbour-changes enable
|
|
set default-information-metric 10
|
|
set default-information-metric-type 2
|
|
set default-information-route-map ''
|
|
set default-metric 10
|
|
set router-id 0.0.0.0
|
|
set spf-timers 5 10
|
|
set bfd disable
|
|
set restart-mode none
|
|
config redistribute "connected"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
end
|
|
config redistribute "static"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
end
|
|
config redistribute "rip"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
end
|
|
config redistribute "bgp"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
end
|
|
config redistribute "isis"
|
|
set status disable
|
|
set metric 0
|
|
set routemap ''
|
|
set metric-type 2
|
|
end
|
|
end
|
|
config router bgp
|
|
unset as
|
|
set keepalive-timer 60
|
|
set holdtime-timer 180
|
|
set always-compare-med disable
|
|
set bestpath-as-path-ignore disable
|
|
set bestpath-cmp-confed-aspath disable
|
|
set bestpath-cmp-routerid disable
|
|
set bestpath-med-confed disable
|
|
set bestpath-med-missing-as-worst disable
|
|
set client-to-client-reflection enable
|
|
set dampening disable
|
|
set deterministic-med disable
|
|
set ebgp-multipath disable
|
|
set ibgp-multipath disable
|
|
set enforce-first-as enable
|
|
set fast-external-failover enable
|
|
set log-neighbour-changes enable
|
|
set network-import-check enable
|
|
set ignore-optional-capability enable
|
|
set multipath-recursive-distance disable
|
|
set recursive-next-hop disable
|
|
set recursive-inherit-priority disable
|
|
set tag-resolve-mode disable
|
|
set cluster-id 0.0.0.0
|
|
set confederation-identifier 0
|
|
set default-local-preference 100
|
|
set scan-time 60
|
|
set distance-external 20
|
|
set distance-internal 200
|
|
set distance-local 200
|
|
set synchronization disable
|
|
set graceful-restart disable
|
|
set cross-family-conditional-adv disable
|
|
config redistribute "connected"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute "rip"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute "ospf"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute "static"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute "isis"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute6 "connected"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute6 "rip"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute6 "ospf"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute6 "static"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
config redistribute6 "isis"
|
|
set status disable
|
|
set route-map ''
|
|
end
|
|
end
|
|
config router isis
|
|
set is-type level-1-2
|
|
set adv-passive-only disable
|
|
set adv-passive-only6 disable
|
|
set auth-mode-l1 password
|
|
set auth-mode-l2 password
|
|
set auth-password-l1 ENC ALAy5shkcwcpjRtDVaS3rrZERy1JxtFmXf21uQLdGEej1AlmIok2hLZpQ8mviR8DaMm//kK3WbBY0tKZWedaGuFfrprTzkR2GMIZi0XQckPkMua9Wxtt4AS3wVwGbNektnDxKpjIBcuD5uYa3IeZ84jPPtvqY0odvWWsIevsYzIkNEFXAw/PkVW3Sfij+OHYgcZ4eFlmMjY3dkVA
|
|
set auth-password-l2 ENC lUtL+A1Mf4Y72ESqqhRS/JPE5fAiDeJu4fUIrKXsZHkKwGdlb3Bq2c5Q4dKrAaRtkGNuEvK7XgyqwJfMHmQ9VaCrTnoVBKoHDQh/o5LFu/yQiolIYSzckkGMqKgLz89S03qOgWCOgoLMqH/Pfpcwc4zqq8wke02cs3KAfwl5V1WBNUn/4ia5AB0uoi2qPwV5bbe2bVlmMjY3dkVA
|
|
set auth-sendonly-l1 disable
|
|
set auth-sendonly-l2 disable
|
|
set ignore-lsp-errors disable
|
|
set lsp-gen-interval-l1 30
|
|
set lsp-gen-interval-l2 30
|
|
set lsp-refresh-interval 900
|
|
set max-lsp-lifetime 1200
|
|
set spf-interval-exp-l1 500 50000
|
|
set spf-interval-exp-l2 500 50000
|
|
set dynamic-hostname disable
|
|
set adjacency-check disable
|
|
set adjacency-check6 disable
|
|
set overload-bit disable
|
|
unset overload-bit-suppress
|
|
set overload-bit-on-startup 0
|
|
set default-originate disable
|
|
set default-originate6 disable
|
|
set metric-style narrow
|
|
set redistribute-l1 disable
|
|
set redistribute-l2 disable
|
|
set redistribute6-l1 disable
|
|
set redistribute6-l2 disable
|
|
config redistribute "connected"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute "rip"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute "ospf"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute "bgp"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute "static"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute6 "connected"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute6 "rip"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute6 "ospf"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute6 "bgp"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
config redistribute6 "static"
|
|
set status disable
|
|
set metric 0
|
|
set metric-type internal
|
|
set level level-2
|
|
set routemap ''
|
|
end
|
|
end
|
|
config router multicast-flow
|
|
end
|
|
config router multicast
|
|
set route-limit 2147483647
|
|
set multicast-routing disable
|
|
config pim-sm-global
|
|
set message-interval 60
|
|
set join-prune-holdtime 210
|
|
set accept-register-list ''
|
|
set accept-source-list ''
|
|
set bsr-candidate disable
|
|
set bsr-allow-quick-refresh disable
|
|
set cisco-register-checksum disable
|
|
set cisco-crp-prefix disable
|
|
set cisco-ignore-rp-set-priority disable
|
|
set register-rp-reachability enable
|
|
set register-source disable
|
|
set register-supression 60
|
|
set null-register-retries 1
|
|
set rp-register-keepalive 185
|
|
set spt-threshold enable
|
|
set ssm disable
|
|
set register-rate-limit 0
|
|
set pim-use-sdwan disable
|
|
set spt-threshold-group ''
|
|
end
|
|
end
|
|
config router multicast6
|
|
set multicast-routing disable
|
|
config pim-sm-global
|
|
end
|
|
end
|
|
config router auth-path
|
|
end
|
|
config router setting
|
|
set show-filter ''
|
|
set hostname ''
|
|
end
|
|
config router bfd
|
|
end
|
|
config router bfd6
|
|
end
|
|
config system proxy-arp
|
|
end
|
|
config system link-monitor
|
|
edit "1"
|
|
set addr-mode ipv4
|
|
set srcintf "vpn-0fc50345"
|
|
set server-config default
|
|
set server-type static
|
|
set server "169.254.54.77"
|
|
set protocol ping
|
|
set gateway-ip 0.0.0.0
|
|
set source-ip 0.0.0.0
|
|
set interval 20
|
|
set probe-timeout 500
|
|
set failtime 5
|
|
set recoverytime 5
|
|
set probe-count 30
|
|
set ha-priority 1
|
|
set update-cascade-interface enable
|
|
set update-static-route enable
|
|
set update-policy-route enable
|
|
set status disable
|
|
set diffservcode 000000
|
|
unset class-id
|
|
set service-detection disable
|
|
next
|
|
end
|
|
config system wccp
|
|
end
|
|
config system dns64
|
|
set status disable
|
|
set dns64-prefix 64:ff9b::/96
|
|
set always-synthesize-aaaa-record enable
|
|
end
|
|
config system nd-proxy
|
|
set status disable
|
|
end
|
|
config system vne-tunnel
|
|
set status disable
|
|
end
|
|
end
|
|
|