753b26ccf9
* New module fortios_address * Add module_utils required_if + fix Doc * Merge spec & required_if from module_utils * Fix pep8 * Py2.5 compat , cosmetic changes * Fix param timeout * Fortios_address module + integration tests * add netaddr library in requirements for integration tests * Pep8 problems * ANSIBLE_METADATA.version -> ANSIBLE_METADATA.metadata_version
3134 lines
86 KiB
Text
3134 lines
86 KiB
Text
config system global
|
|
set timezone 04
|
|
set admintimeout 480
|
|
set admin-server-cert "Fortinet_Firmware"
|
|
set fgd-alert-subscription advisory latest-threat
|
|
set hostname "FortiGate-VM64-HV"
|
|
end
|
|
config system accprofile
|
|
edit prof_admin
|
|
set vpngrp read-write
|
|
set utmgrp read-write
|
|
set authgrp read-write
|
|
set wifi read-write
|
|
set sysgrp read-write
|
|
set loggrp read-write
|
|
set mntgrp read-write
|
|
set netgrp read-write
|
|
set admingrp read-write
|
|
set fwgrp read-write
|
|
set wanoptgrp read-write
|
|
set updategrp read-write
|
|
set routegrp read-write
|
|
set endpoint-control-grp read-write
|
|
next
|
|
end
|
|
config system interface
|
|
edit port1
|
|
set ip 192.168.137.154 255.255.255.0
|
|
set type physical
|
|
set vdom "root"
|
|
set allowaccess ping https ssh http fgfm
|
|
next
|
|
edit port2
|
|
set type physical
|
|
set vdom "root"
|
|
next
|
|
edit port3
|
|
set type physical
|
|
set vdom "root"
|
|
next
|
|
edit port4
|
|
set type physical
|
|
set vdom "root"
|
|
next
|
|
edit port5
|
|
set type physical
|
|
set vdom "root"
|
|
next
|
|
edit port6
|
|
set type physical
|
|
set vdom "root"
|
|
next
|
|
edit port7
|
|
set type physical
|
|
set vdom "root"
|
|
next
|
|
edit port8
|
|
set type physical
|
|
set vdom "root"
|
|
next
|
|
edit ssl.root
|
|
set alias "SSL VPN interface"
|
|
set type tunnel
|
|
set vdom "root"
|
|
next
|
|
end
|
|
config system custom-language
|
|
edit en
|
|
set filename "en"
|
|
next
|
|
edit fr
|
|
set filename "fr"
|
|
next
|
|
edit sp
|
|
set filename "sp"
|
|
next
|
|
edit pg
|
|
set filename "pg"
|
|
next
|
|
edit x-sjis
|
|
set filename "x-sjis"
|
|
next
|
|
edit big5
|
|
set filename "big5"
|
|
next
|
|
edit GB2312
|
|
set filename "GB2312"
|
|
next
|
|
edit euc-kr
|
|
set filename "euc-kr"
|
|
next
|
|
end
|
|
config system admin
|
|
edit admin
|
|
set accprofile "super_admin"
|
|
set vdom "root"
|
|
config dashboard-tabs
|
|
edit 1
|
|
set name "Status"
|
|
next
|
|
end
|
|
config dashboard
|
|
edit 1
|
|
set column 1
|
|
set tab-id 1
|
|
next
|
|
edit 2
|
|
set column 1
|
|
set widget-type licinfo
|
|
set tab-id 1
|
|
next
|
|
edit 3
|
|
set column 1
|
|
set widget-type jsconsole
|
|
set tab-id 1
|
|
next
|
|
edit 4
|
|
set column 2
|
|
set widget-type sysres
|
|
set tab-id 1
|
|
next
|
|
edit 5
|
|
set column 2
|
|
set widget-type gui-features
|
|
set tab-id 1
|
|
next
|
|
edit 6
|
|
set column 2
|
|
set top-n 10
|
|
set widget-type alert
|
|
set tab-id 1
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config system ha
|
|
set override disable
|
|
end
|
|
config system dns
|
|
set primary 208.91.112.53
|
|
set secondary 208.91.112.52
|
|
end
|
|
config system replacemsg-image
|
|
edit logo_fnet
|
|
set image-base64 ''
|
|
set image-type gif
|
|
next
|
|
edit logo_fguard_wf
|
|
set image-base64 ''
|
|
set image-type gif
|
|
next
|
|
edit logo_fw_auth
|
|
set image-base64 ''
|
|
set image-type png
|
|
next
|
|
edit logo_v2_fnet
|
|
set image-base64 ''
|
|
set image-type png
|
|
next
|
|
edit logo_v2_fguard_wf
|
|
set image-base64 ''
|
|
set image-type png
|
|
next
|
|
edit logo_v2_fguard_app
|
|
set image-base64 ''
|
|
set image-type png
|
|
next
|
|
end
|
|
config system replacemsg mail email-block
|
|
end
|
|
config system replacemsg mail email-dlp-subject
|
|
end
|
|
config system replacemsg mail email-dlp-ban
|
|
end
|
|
config system replacemsg mail email-filesize
|
|
end
|
|
config system replacemsg mail partial
|
|
end
|
|
config system replacemsg mail smtp-block
|
|
end
|
|
config system replacemsg mail smtp-filesize
|
|
end
|
|
config system replacemsg http bannedword
|
|
end
|
|
config system replacemsg http url-block
|
|
end
|
|
config system replacemsg http urlfilter-err
|
|
end
|
|
config system replacemsg http infcache-block
|
|
end
|
|
config system replacemsg http http-block
|
|
end
|
|
config system replacemsg http http-filesize
|
|
end
|
|
config system replacemsg http http-dlp-ban
|
|
end
|
|
config system replacemsg http http-archive-block
|
|
end
|
|
config system replacemsg http http-contenttypeblock
|
|
end
|
|
config system replacemsg http https-invalid-cert-block
|
|
end
|
|
config system replacemsg http http-client-block
|
|
end
|
|
config system replacemsg http http-client-filesize
|
|
end
|
|
config system replacemsg http http-client-bannedword
|
|
end
|
|
config system replacemsg http http-post-block
|
|
end
|
|
config system replacemsg http http-client-archive-block
|
|
end
|
|
config system replacemsg http switching-protocols-block
|
|
end
|
|
config system replacemsg webproxy deny
|
|
end
|
|
config system replacemsg webproxy user-limit
|
|
end
|
|
config system replacemsg webproxy auth-challenge
|
|
end
|
|
config system replacemsg webproxy auth-login-fail
|
|
end
|
|
config system replacemsg webproxy auth-authorization-fail
|
|
end
|
|
config system replacemsg webproxy http-err
|
|
end
|
|
config system replacemsg webproxy auth-ip-blackout
|
|
end
|
|
config system replacemsg ftp ftp-dl-blocked
|
|
end
|
|
config system replacemsg ftp ftp-dl-filesize
|
|
end
|
|
config system replacemsg ftp ftp-dl-dlp-ban
|
|
end
|
|
config system replacemsg ftp ftp-explicit-banner
|
|
end
|
|
config system replacemsg ftp ftp-dl-archive-block
|
|
end
|
|
config system replacemsg nntp nntp-dl-blocked
|
|
end
|
|
config system replacemsg nntp nntp-dl-filesize
|
|
end
|
|
config system replacemsg nntp nntp-dlp-subject
|
|
end
|
|
config system replacemsg nntp nntp-dlp-ban
|
|
end
|
|
config system replacemsg fortiguard-wf ftgd-block
|
|
end
|
|
config system replacemsg fortiguard-wf http-err
|
|
end
|
|
config system replacemsg fortiguard-wf ftgd-ovrd
|
|
end
|
|
config system replacemsg fortiguard-wf ftgd-quota
|
|
end
|
|
config system replacemsg fortiguard-wf ftgd-warning
|
|
end
|
|
config system replacemsg spam ipblocklist
|
|
end
|
|
config system replacemsg spam smtp-spam-dnsbl
|
|
end
|
|
config system replacemsg spam smtp-spam-feip
|
|
end
|
|
config system replacemsg spam smtp-spam-helo
|
|
end
|
|
config system replacemsg spam smtp-spam-emailblack
|
|
end
|
|
config system replacemsg spam smtp-spam-mimeheader
|
|
end
|
|
config system replacemsg spam reversedns
|
|
end
|
|
config system replacemsg spam smtp-spam-bannedword
|
|
end
|
|
config system replacemsg spam smtp-spam-ase
|
|
end
|
|
config system replacemsg spam submit
|
|
end
|
|
config system replacemsg im im-file-xfer-block
|
|
end
|
|
config system replacemsg im im-file-xfer-name
|
|
end
|
|
config system replacemsg im im-file-xfer-infected
|
|
end
|
|
config system replacemsg im im-file-xfer-size
|
|
end
|
|
config system replacemsg im im-dlp
|
|
end
|
|
config system replacemsg im im-dlp-ban
|
|
end
|
|
config system replacemsg im im-voice-chat-block
|
|
end
|
|
config system replacemsg im im-video-chat-block
|
|
end
|
|
config system replacemsg im im-photo-share-block
|
|
end
|
|
config system replacemsg im im-long-chat-block
|
|
end
|
|
config system replacemsg alertmail alertmail-virus
|
|
end
|
|
config system replacemsg alertmail alertmail-block
|
|
end
|
|
config system replacemsg alertmail alertmail-nids-event
|
|
end
|
|
config system replacemsg alertmail alertmail-crit-event
|
|
end
|
|
config system replacemsg alertmail alertmail-disk-full
|
|
end
|
|
config system replacemsg admin pre_admin-disclaimer-text
|
|
end
|
|
config system replacemsg admin post_admin-disclaimer-text
|
|
end
|
|
config system replacemsg auth auth-disclaimer-page-1
|
|
end
|
|
config system replacemsg auth auth-disclaimer-page-2
|
|
end
|
|
config system replacemsg auth auth-disclaimer-page-3
|
|
end
|
|
config system replacemsg auth auth-reject-page
|
|
end
|
|
config system replacemsg auth auth-login-page
|
|
end
|
|
config system replacemsg auth auth-login-failed-page
|
|
end
|
|
config system replacemsg auth auth-token-login-page
|
|
end
|
|
config system replacemsg auth auth-token-login-failed-page
|
|
end
|
|
config system replacemsg auth auth-success-msg
|
|
end
|
|
config system replacemsg auth auth-challenge-page
|
|
end
|
|
config system replacemsg auth auth-keepalive-page
|
|
end
|
|
config system replacemsg auth auth-portal-page
|
|
end
|
|
config system replacemsg auth auth-password-page
|
|
end
|
|
config system replacemsg auth auth-fortitoken-page
|
|
end
|
|
config system replacemsg auth auth-next-fortitoken-page
|
|
end
|
|
config system replacemsg auth auth-email-token-page
|
|
end
|
|
config system replacemsg auth auth-sms-token-page
|
|
end
|
|
config system replacemsg auth auth-email-harvesting-page
|
|
end
|
|
config system replacemsg auth auth-email-failed-page
|
|
end
|
|
config system replacemsg auth auth-cert-passwd-page
|
|
end
|
|
config system replacemsg auth auth-guest-print-page
|
|
end
|
|
config system replacemsg auth auth-guest-email-page
|
|
end
|
|
config system replacemsg auth auth-success-page
|
|
end
|
|
config system replacemsg auth auth-block-notification-page
|
|
end
|
|
config system replacemsg sslvpn sslvpn-login
|
|
end
|
|
config system replacemsg sslvpn sslvpn-limit
|
|
end
|
|
config system replacemsg sslvpn hostcheck-error
|
|
end
|
|
config system replacemsg ec endpt-download-portal
|
|
end
|
|
config system replacemsg ec endpt-download-portal-mac
|
|
end
|
|
config system replacemsg ec endpt-download-portal-ios
|
|
end
|
|
config system replacemsg ec endpt-download-portal-aos
|
|
end
|
|
config system replacemsg ec endpt-download-portal-other
|
|
end
|
|
config system replacemsg device-detection-portal device-detection-failure
|
|
end
|
|
config system replacemsg nac-quar nac-quar-virus
|
|
end
|
|
config system replacemsg nac-quar nac-quar-dos
|
|
end
|
|
config system replacemsg nac-quar nac-quar-ips
|
|
end
|
|
config system replacemsg nac-quar nac-quar-dlp
|
|
end
|
|
config system replacemsg nac-quar nac-quar-admin
|
|
end
|
|
config system replacemsg traffic-quota per-ip-shaper-block
|
|
end
|
|
config system replacemsg utm virus-html
|
|
end
|
|
config system replacemsg utm virus-text
|
|
end
|
|
config system replacemsg utm dlp-html
|
|
end
|
|
config system replacemsg utm dlp-text
|
|
end
|
|
config system replacemsg utm appblk-html
|
|
end
|
|
config vpn certificate ca
|
|
end
|
|
config vpn certificate local
|
|
edit Fortinet_CA_SSLProxy
|
|
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
set password ENC eRZ5UNnzW1eAAJn+reDWnDdgQZ1yxFr7z+rp0lzCeKX64OiaEcBKwGIzocIf5y5p37siqf1bPHwEMWkvISqQSXKT8JijvaLtA/oNlqTw8GwglMlW390JTckMS7v60mVQ2Jj1Ng9q4xi2dXKpVGXqYnpc1nDSApGqHTwpL/lgc1+HLh0CQvn4zQpIs8//4hVscjqz0g==
|
|
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
|
|
set certificate "-----BEGIN CERTIFICATE-----
|
|
next
|
|
edit Fortinet_SSLProxy
|
|
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
set password ENC JGQ1Psth3oHimOP5bRUzt+zfBA5PlPBXZj6xLvqp7JILLBa6Der02qjotGI4UnaKAGSad7uEkPKLq2ePjzBy/Rc/E55FJO8OjffWzIOgpT1jYMmw8IOuAlB50weCRpzMowrLT+FKFF53SxG+oe5n4EaoiqR92WZsXzOTFpNdSFXyvggt/lmOz4Zm08AMD3sWFWg/ZA==
|
|
set certificate "-----BEGIN CERTIFICATE-----
|
|
next
|
|
end
|
|
config user device-category
|
|
edit ipad
|
|
next
|
|
edit iphone
|
|
next
|
|
edit gaming-console
|
|
next
|
|
edit blackberry-phone
|
|
next
|
|
edit blackberry-playbook
|
|
next
|
|
edit linux-pc
|
|
next
|
|
edit mac
|
|
next
|
|
edit windows-pc
|
|
next
|
|
edit android-phone
|
|
next
|
|
edit android-tablet
|
|
next
|
|
edit media-streaming
|
|
next
|
|
edit windows-phone
|
|
next
|
|
edit windows-tablet
|
|
next
|
|
edit fortinet-device
|
|
next
|
|
edit ip-phone
|
|
next
|
|
edit router-nat-device
|
|
next
|
|
edit printer
|
|
next
|
|
edit other-network-device
|
|
next
|
|
edit collected-emails
|
|
next
|
|
edit all
|
|
next
|
|
end
|
|
config system session-sync
|
|
end
|
|
config system fortiguard
|
|
set webfilter-sdns-server-ip "208.91.112.220"
|
|
end
|
|
config ips global
|
|
set default-app-cat-mask 18446744073474670591
|
|
end
|
|
config ips dbinfo
|
|
set version 1
|
|
end
|
|
config gui console
|
|
end
|
|
config system session-helper
|
|
edit 1
|
|
set protocol 6
|
|
set name pptp
|
|
set port 1723
|
|
next
|
|
edit 2
|
|
set protocol 6
|
|
set name h323
|
|
set port 1720
|
|
next
|
|
edit 3
|
|
set protocol 17
|
|
set name ras
|
|
set port 1719
|
|
next
|
|
edit 4
|
|
set protocol 6
|
|
set name tns
|
|
set port 1521
|
|
next
|
|
edit 5
|
|
set protocol 17
|
|
set name tftp
|
|
set port 69
|
|
next
|
|
edit 6
|
|
set protocol 6
|
|
set name rtsp
|
|
set port 554
|
|
next
|
|
edit 7
|
|
set protocol 6
|
|
set name rtsp
|
|
set port 7070
|
|
next
|
|
edit 8
|
|
set protocol 6
|
|
set name rtsp
|
|
set port 8554
|
|
next
|
|
edit 9
|
|
set protocol 6
|
|
set name ftp
|
|
set port 21
|
|
next
|
|
edit 10
|
|
set protocol 6
|
|
set name mms
|
|
set port 1863
|
|
next
|
|
edit 11
|
|
set protocol 6
|
|
set name pmap
|
|
set port 111
|
|
next
|
|
edit 12
|
|
set protocol 17
|
|
set name pmap
|
|
set port 111
|
|
next
|
|
edit 13
|
|
set protocol 17
|
|
set name sip
|
|
set port 5060
|
|
next
|
|
edit 14
|
|
set protocol 17
|
|
set name dns-udp
|
|
set port 53
|
|
next
|
|
edit 15
|
|
set protocol 6
|
|
set name rsh
|
|
set port 514
|
|
next
|
|
edit 16
|
|
set protocol 6
|
|
set name rsh
|
|
set port 512
|
|
next
|
|
edit 17
|
|
set protocol 6
|
|
set name dcerpc
|
|
set port 135
|
|
next
|
|
edit 18
|
|
set protocol 17
|
|
set name dcerpc
|
|
set port 135
|
|
next
|
|
edit 19
|
|
set protocol 17
|
|
set name mgcp
|
|
set port 2427
|
|
next
|
|
edit 20
|
|
set protocol 17
|
|
set name mgcp
|
|
set port 2727
|
|
next
|
|
end
|
|
config system auto-install
|
|
set auto-install-config enable
|
|
set auto-install-image enable
|
|
end
|
|
config system ntp
|
|
set ntpsync enable
|
|
set syncinterval 60
|
|
end
|
|
config system settings
|
|
end
|
|
config firewall address
|
|
edit SSLVPN_TUNNEL_ADDR1
|
|
set type iprange
|
|
set end-ip 10.212.134.210
|
|
set start-ip 10.212.134.200
|
|
next
|
|
edit all
|
|
next
|
|
edit none
|
|
set subnet 0.0.0.0 255.255.255.255
|
|
next
|
|
edit apple
|
|
set type fqdn
|
|
set fqdn "*.apple.com"
|
|
next
|
|
edit dropbox.com
|
|
set type fqdn
|
|
set fqdn "*.dropbox.com"
|
|
next
|
|
edit Gotomeeting
|
|
set type fqdn
|
|
set fqdn "*.gotomeeting.com"
|
|
next
|
|
edit icloud
|
|
set type fqdn
|
|
set fqdn "*.icloud.com"
|
|
next
|
|
edit itunes
|
|
set type fqdn
|
|
set fqdn "*itunes.apple.com"
|
|
next
|
|
edit android
|
|
set type fqdn
|
|
set fqdn "*.android.com"
|
|
next
|
|
edit skype
|
|
set type fqdn
|
|
set fqdn "*.messenger.live.com"
|
|
next
|
|
edit swscan.apple.com
|
|
set type fqdn
|
|
set fqdn "swscan.apple.com"
|
|
next
|
|
edit update.microsoft.com
|
|
set type fqdn
|
|
set fqdn "update.microsoft.com"
|
|
next
|
|
edit appstore
|
|
set type fqdn
|
|
set fqdn "*.appstore.com"
|
|
next
|
|
edit eease
|
|
set type fqdn
|
|
set fqdn "*.eease.com"
|
|
next
|
|
edit google-drive
|
|
set type fqdn
|
|
set fqdn "*drive.google.com"
|
|
next
|
|
edit google-play
|
|
set type fqdn
|
|
set fqdn "play.google.com"
|
|
next
|
|
edit google-play2
|
|
set type fqdn
|
|
set fqdn "*.ggpht.com"
|
|
next
|
|
edit google-play3
|
|
set type fqdn
|
|
set fqdn "*.books.google.com"
|
|
next
|
|
edit microsoft
|
|
set type fqdn
|
|
set fqdn "*.microsoft.com"
|
|
next
|
|
edit adobe
|
|
set type fqdn
|
|
set fqdn "*.adobe.com"
|
|
next
|
|
edit Adobe Login
|
|
set type fqdn
|
|
set fqdn "*.adobelogin.com"
|
|
next
|
|
edit fortinet
|
|
set type fqdn
|
|
set fqdn "*.fortinet.com"
|
|
next
|
|
edit googleapis.com
|
|
set type fqdn
|
|
set fqdn "*.googleapis.com"
|
|
next
|
|
edit citrix
|
|
set type fqdn
|
|
set fqdn "*.citrixonline.com"
|
|
next
|
|
edit verisign
|
|
set type fqdn
|
|
set fqdn "*.verisign.com"
|
|
next
|
|
edit Windows update 2
|
|
set type fqdn
|
|
set fqdn "*.windowsupdate.com"
|
|
next
|
|
edit *.live.com
|
|
set type fqdn
|
|
set fqdn "*.live.com"
|
|
next
|
|
edit auth.gfx.ms
|
|
set type fqdn
|
|
set fqdn "auth.gfx.ms"
|
|
next
|
|
edit autoupdate.opera.com
|
|
set type fqdn
|
|
set fqdn "autoupdate.opera.com"
|
|
next
|
|
edit softwareupdate.vmware.com
|
|
set type fqdn
|
|
set fqdn "softwareupdate.vmware.com"
|
|
next
|
|
edit firefox update server
|
|
set type fqdn
|
|
set fqdn "aus*.mozilla.org"
|
|
next
|
|
end
|
|
config firewall multicast-address
|
|
edit all
|
|
set end-ip 239.255.255.255
|
|
set start-ip 224.0.0.0
|
|
next
|
|
edit all_hosts
|
|
set end-ip 224.0.0.1
|
|
set start-ip 224.0.0.1
|
|
next
|
|
edit all_routers
|
|
set end-ip 224.0.0.2
|
|
set start-ip 224.0.0.2
|
|
next
|
|
edit Bonjour
|
|
set end-ip 224.0.0.251
|
|
set start-ip 224.0.0.251
|
|
next
|
|
edit EIGRP
|
|
set end-ip 224.0.0.10
|
|
set start-ip 224.0.0.10
|
|
next
|
|
edit OSPF
|
|
set end-ip 224.0.0.6
|
|
set start-ip 224.0.0.5
|
|
next
|
|
end
|
|
config firewall address6
|
|
edit SSLVPN_TUNNEL_IPv6_ADDR1
|
|
set ip6 fdff:ffff::/120
|
|
next
|
|
edit all
|
|
next
|
|
edit none
|
|
set ip6 ::/128
|
|
next
|
|
end
|
|
config firewall service category
|
|
edit General
|
|
set comment "General services."
|
|
next
|
|
edit Web Access
|
|
set comment "Web access."
|
|
next
|
|
edit File Access
|
|
set comment "File access."
|
|
next
|
|
edit Email
|
|
set comment "Email services."
|
|
next
|
|
edit Network Services
|
|
set comment "Network services."
|
|
next
|
|
edit Authentication
|
|
set comment "Authentication service."
|
|
next
|
|
edit Remote Access
|
|
set comment "Remote access."
|
|
next
|
|
edit Tunneling
|
|
set comment "Tunneling service."
|
|
next
|
|
edit VoIP, Messaging & Other Applications
|
|
set comment "VoIP, messaging, and other applications."
|
|
next
|
|
edit Web Proxy
|
|
set comment "Explicit web proxy."
|
|
next
|
|
end
|
|
config firewall service custom
|
|
edit ALL
|
|
set category "General"
|
|
set protocol IP
|
|
next
|
|
edit ALL_TCP
|
|
set category "General"
|
|
set tcp-portrange 1-65535
|
|
next
|
|
edit ALL_UDP
|
|
set category "General"
|
|
set udp-portrange 1-65535
|
|
next
|
|
edit ALL_ICMP
|
|
set category "General"
|
|
set protocol ICMP
|
|
next
|
|
edit ALL_ICMP6
|
|
set category "General"
|
|
set protocol ICMP6
|
|
next
|
|
edit GRE
|
|
set category "Tunneling"
|
|
set protocol-number 47
|
|
set protocol IP
|
|
next
|
|
edit AH
|
|
set category "Tunneling"
|
|
set protocol-number 51
|
|
set protocol IP
|
|
next
|
|
edit ESP
|
|
set category "Tunneling"
|
|
set protocol-number 50
|
|
set protocol IP
|
|
next
|
|
edit AOL
|
|
set visibility disable
|
|
set tcp-portrange 5190-5194
|
|
next
|
|
edit BGP
|
|
set category "Network Services"
|
|
set tcp-portrange 179
|
|
next
|
|
edit DHCP
|
|
set category "Network Services"
|
|
set udp-portrange 67-68
|
|
next
|
|
edit DNS
|
|
set category "Network Services"
|
|
set udp-portrange 53
|
|
set tcp-portrange 53
|
|
next
|
|
edit FINGER
|
|
set visibility disable
|
|
set tcp-portrange 79
|
|
next
|
|
edit FTP
|
|
set category "File Access"
|
|
set tcp-portrange 21
|
|
next
|
|
edit FTP_GET
|
|
set category "File Access"
|
|
set tcp-portrange 21
|
|
next
|
|
edit FTP_PUT
|
|
set category "File Access"
|
|
set tcp-portrange 21
|
|
next
|
|
edit GOPHER
|
|
set visibility disable
|
|
set tcp-portrange 70
|
|
next
|
|
edit H323
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set udp-portrange 1719
|
|
set tcp-portrange 1720 1503
|
|
next
|
|
edit HTTP
|
|
set category "Web Access"
|
|
set tcp-portrange 80
|
|
next
|
|
edit HTTPS
|
|
set category "Web Access"
|
|
set tcp-portrange 443
|
|
next
|
|
edit IKE
|
|
set category "Tunneling"
|
|
set udp-portrange 500 4500
|
|
next
|
|
edit IMAP
|
|
set category "Email"
|
|
set tcp-portrange 143
|
|
next
|
|
edit IMAPS
|
|
set category "Email"
|
|
set tcp-portrange 993
|
|
next
|
|
edit Internet-Locator-Service
|
|
set visibility disable
|
|
set tcp-portrange 389
|
|
next
|
|
edit IRC
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set tcp-portrange 6660-6669
|
|
next
|
|
edit L2TP
|
|
set category "Tunneling"
|
|
set udp-portrange 1701
|
|
set tcp-portrange 1701
|
|
next
|
|
edit LDAP
|
|
set category "Authentication"
|
|
set tcp-portrange 389
|
|
next
|
|
edit NetMeeting
|
|
set visibility disable
|
|
set tcp-portrange 1720
|
|
next
|
|
edit NFS
|
|
set category "File Access"
|
|
set udp-portrange 111 2049
|
|
set tcp-portrange 111 2049
|
|
next
|
|
edit NNTP
|
|
set visibility disable
|
|
set tcp-portrange 119
|
|
next
|
|
edit NTP
|
|
set category "Network Services"
|
|
set udp-portrange 123
|
|
set tcp-portrange 123
|
|
next
|
|
edit OSPF
|
|
set category "Network Services"
|
|
set protocol-number 89
|
|
set protocol IP
|
|
next
|
|
edit PC-Anywhere
|
|
set category "Remote Access"
|
|
set udp-portrange 5632
|
|
set tcp-portrange 5631
|
|
next
|
|
edit PING
|
|
set category "Network Services"
|
|
set protocol ICMP
|
|
set icmptype 8
|
|
next
|
|
edit TIMESTAMP
|
|
set protocol ICMP
|
|
set visibility disable
|
|
set icmptype 13
|
|
next
|
|
edit INFO_REQUEST
|
|
set protocol ICMP
|
|
set visibility disable
|
|
set icmptype 15
|
|
next
|
|
edit INFO_ADDRESS
|
|
set protocol ICMP
|
|
set visibility disable
|
|
set icmptype 17
|
|
next
|
|
edit ONC-RPC
|
|
set category "Remote Access"
|
|
set udp-portrange 111
|
|
set tcp-portrange 111
|
|
next
|
|
edit DCE-RPC
|
|
set category "Remote Access"
|
|
set udp-portrange 135
|
|
set tcp-portrange 135
|
|
next
|
|
edit POP3
|
|
set category "Email"
|
|
set tcp-portrange 110
|
|
next
|
|
edit POP3S
|
|
set category "Email"
|
|
set tcp-portrange 995
|
|
next
|
|
edit PPTP
|
|
set category "Tunneling"
|
|
set tcp-portrange 1723
|
|
next
|
|
edit QUAKE
|
|
set udp-portrange 26000 27000 27910 27960
|
|
set visibility disable
|
|
next
|
|
edit RAUDIO
|
|
set udp-portrange 7070
|
|
set visibility disable
|
|
next
|
|
edit REXEC
|
|
set visibility disable
|
|
set tcp-portrange 512
|
|
next
|
|
edit RIP
|
|
set category "Network Services"
|
|
set udp-portrange 520
|
|
next
|
|
edit RLOGIN
|
|
set visibility disable
|
|
set tcp-portrange 513:512-1023
|
|
next
|
|
edit RSH
|
|
set visibility disable
|
|
set tcp-portrange 514:512-1023
|
|
next
|
|
edit SCCP
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set tcp-portrange 2000
|
|
next
|
|
edit SIP
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set udp-portrange 5060
|
|
set tcp-portrange 5060
|
|
next
|
|
edit SIP-MSNmessenger
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set tcp-portrange 1863
|
|
next
|
|
edit SAMBA
|
|
set category "File Access"
|
|
set tcp-portrange 139
|
|
next
|
|
edit SMTP
|
|
set category "Email"
|
|
set tcp-portrange 25
|
|
next
|
|
edit SMTPS
|
|
set category "Email"
|
|
set tcp-portrange 465
|
|
next
|
|
edit SNMP
|
|
set category "Network Services"
|
|
set udp-portrange 161-162
|
|
set tcp-portrange 161-162
|
|
next
|
|
edit SSH
|
|
set category "Remote Access"
|
|
set tcp-portrange 22
|
|
next
|
|
edit SYSLOG
|
|
set category "Network Services"
|
|
set udp-portrange 514
|
|
next
|
|
edit TALK
|
|
set udp-portrange 517-518
|
|
set visibility disable
|
|
next
|
|
edit TELNET
|
|
set category "Remote Access"
|
|
set tcp-portrange 23
|
|
next
|
|
edit TFTP
|
|
set category "File Access"
|
|
set udp-portrange 69
|
|
next
|
|
edit MGCP
|
|
set udp-portrange 2427 2727
|
|
set visibility disable
|
|
next
|
|
edit UUCP
|
|
set visibility disable
|
|
set tcp-portrange 540
|
|
next
|
|
edit VDOLIVE
|
|
set visibility disable
|
|
set tcp-portrange 7000-7010
|
|
next
|
|
edit WAIS
|
|
set visibility disable
|
|
set tcp-portrange 210
|
|
next
|
|
edit WINFRAME
|
|
set visibility disable
|
|
set tcp-portrange 1494 2598
|
|
next
|
|
edit X-WINDOWS
|
|
set category "Remote Access"
|
|
set tcp-portrange 6000-6063
|
|
next
|
|
edit PING6
|
|
set protocol ICMP6
|
|
set visibility disable
|
|
set icmptype 128
|
|
next
|
|
edit MS-SQL
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set tcp-portrange 1433 1434
|
|
next
|
|
edit MYSQL
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set tcp-portrange 3306
|
|
next
|
|
edit RDP
|
|
set category "Remote Access"
|
|
set tcp-portrange 3389
|
|
next
|
|
edit VNC
|
|
set category "Remote Access"
|
|
set tcp-portrange 5900
|
|
next
|
|
edit DHCP6
|
|
set category "Network Services"
|
|
set udp-portrange 546 547
|
|
next
|
|
edit SQUID
|
|
set category "Tunneling"
|
|
set tcp-portrange 3128
|
|
next
|
|
edit SOCKS
|
|
set category "Tunneling"
|
|
set udp-portrange 1080
|
|
set tcp-portrange 1080
|
|
next
|
|
edit WINS
|
|
set category "Remote Access"
|
|
set udp-portrange 1512
|
|
set tcp-portrange 1512
|
|
next
|
|
edit RADIUS
|
|
set category "Authentication"
|
|
set udp-portrange 1812 1813
|
|
next
|
|
edit RADIUS-OLD
|
|
set udp-portrange 1645 1646
|
|
set visibility disable
|
|
next
|
|
edit CVSPSERVER
|
|
set udp-portrange 2401
|
|
set visibility disable
|
|
set tcp-portrange 2401
|
|
next
|
|
edit AFS3
|
|
set category "File Access"
|
|
set udp-portrange 7000-7009
|
|
set tcp-portrange 7000-7009
|
|
next
|
|
edit TRACEROUTE
|
|
set category "Network Services"
|
|
set udp-portrange 33434-33535
|
|
next
|
|
edit RTSP
|
|
set category "VoIP, Messaging & Other Applications"
|
|
set udp-portrange 554
|
|
set tcp-portrange 554 7070 8554
|
|
next
|
|
edit MMS
|
|
set udp-portrange 1024-5000
|
|
set visibility disable
|
|
set tcp-portrange 1755
|
|
next
|
|
edit KERBEROS
|
|
set category "Authentication"
|
|
set udp-portrange 88
|
|
set tcp-portrange 88
|
|
next
|
|
edit LDAP_UDP
|
|
set category "Authentication"
|
|
set udp-portrange 389
|
|
next
|
|
edit SMB
|
|
set category "File Access"
|
|
set tcp-portrange 445
|
|
next
|
|
edit NONE
|
|
set visibility disable
|
|
set tcp-portrange 0
|
|
next
|
|
edit webproxy
|
|
set category "Web Proxy"
|
|
set explicit-proxy enable
|
|
set protocol ALL
|
|
set tcp-portrange 0-65535:0-65535
|
|
next
|
|
end
|
|
config firewall service group
|
|
edit Email Access
|
|
set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
|
|
next
|
|
edit Web Access
|
|
set member "DNS" "HTTP" "HTTPS"
|
|
next
|
|
edit Windows AD
|
|
set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
|
|
next
|
|
edit Exchange Server
|
|
set member "DCE-RPC" "DNS" "HTTPS"
|
|
next
|
|
end
|
|
config webfilter ftgd-local-cat
|
|
edit custom1
|
|
set id 140
|
|
next
|
|
edit custom2
|
|
set id 141
|
|
next
|
|
end
|
|
config ips sensor
|
|
edit default
|
|
set comment "Prevent critical attacks."
|
|
config entries
|
|
edit 1
|
|
set severity medium high critical
|
|
next
|
|
end
|
|
next
|
|
edit all_default
|
|
set comment "All predefined signatures with default setting."
|
|
config entries
|
|
edit 1
|
|
next
|
|
end
|
|
next
|
|
edit all_default_pass
|
|
set comment "All predefined signatures with PASS action."
|
|
config entries
|
|
edit 1
|
|
set action pass
|
|
next
|
|
end
|
|
next
|
|
edit protect_http_server
|
|
set comment "Protect against HTTP server-side vulnerabilities."
|
|
config entries
|
|
edit 1
|
|
set protocol HTTP
|
|
set location server
|
|
next
|
|
end
|
|
next
|
|
edit protect_email_server
|
|
set comment "Protect against email server-side vulnerabilities."
|
|
config entries
|
|
edit 1
|
|
set protocol SMTP POP3 IMAP
|
|
set location server
|
|
next
|
|
end
|
|
next
|
|
edit protect_client
|
|
set comment "Protect against client-side vulnerabilities."
|
|
config entries
|
|
edit 1
|
|
set location client
|
|
next
|
|
end
|
|
next
|
|
edit high_security
|
|
set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities"
|
|
config entries
|
|
edit 1
|
|
set status enable
|
|
set action block
|
|
set severity medium high critical
|
|
next
|
|
edit 2
|
|
set severity low
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config firewall shaper traffic-shaper
|
|
edit high-priority
|
|
set per-policy enable
|
|
set maximum-bandwidth 1048576
|
|
next
|
|
edit medium-priority
|
|
set priority medium
|
|
set per-policy enable
|
|
set maximum-bandwidth 1048576
|
|
next
|
|
edit low-priority
|
|
set priority low
|
|
set per-policy enable
|
|
set maximum-bandwidth 1048576
|
|
next
|
|
edit guarantee-100kbps
|
|
set guaranteed-bandwidth 100
|
|
set maximum-bandwidth 1048576
|
|
set per-policy enable
|
|
next
|
|
edit shared-1M-pipe
|
|
set maximum-bandwidth 1024
|
|
next
|
|
end
|
|
config web-proxy global
|
|
set proxy-fqdn "default.fqdn"
|
|
end
|
|
config application list
|
|
edit default
|
|
set comment "Monitor all applications."
|
|
config entries
|
|
edit 1
|
|
set action pass
|
|
next
|
|
end
|
|
next
|
|
edit block-p2p
|
|
config entries
|
|
edit 1
|
|
set category 2
|
|
next
|
|
end
|
|
next
|
|
edit monitor-p2p-and-media
|
|
config entries
|
|
edit 1
|
|
set category 2
|
|
set action pass
|
|
next
|
|
edit 2
|
|
set category 5
|
|
set action pass
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config dlp filepattern
|
|
edit 1
|
|
set name "builtin-patterns"
|
|
config entries
|
|
edit *.bat
|
|
next
|
|
edit *.com
|
|
next
|
|
edit *.dll
|
|
next
|
|
edit *.doc
|
|
next
|
|
edit *.exe
|
|
next
|
|
edit *.gz
|
|
next
|
|
edit *.hta
|
|
next
|
|
edit *.ppt
|
|
next
|
|
edit *.rar
|
|
next
|
|
edit *.scr
|
|
next
|
|
edit *.tar
|
|
next
|
|
edit *.tgz
|
|
next
|
|
edit *.vb?
|
|
next
|
|
edit *.wps
|
|
next
|
|
edit *.xl?
|
|
next
|
|
edit *.zip
|
|
next
|
|
edit *.pif
|
|
next
|
|
edit *.cpl
|
|
next
|
|
end
|
|
next
|
|
edit 2
|
|
set name "all_executables"
|
|
config entries
|
|
edit bat
|
|
set file-type bat
|
|
set filter-type type
|
|
next
|
|
edit exe
|
|
set file-type exe
|
|
set filter-type type
|
|
next
|
|
edit elf
|
|
set file-type elf
|
|
set filter-type type
|
|
next
|
|
edit hta
|
|
set file-type hta
|
|
set filter-type type
|
|
next
|
|
end
|
|
next
|
|
end
|
|
config dlp fp-sensitivity
|
|
edit Private
|
|
next
|
|
edit Critical
|
|
next
|
|
edit Warning
|
|
next
|
|
end
|
|
config dlp sensor
|
|
edit default
|
|
set comment "Log a summary of email and web traffic."
|
|
set summary-proto smtp pop3 imap http-get http-post
|
|
next
|
|
end
|
|
config webfilter content
|
|
end
|
|
config webfilter urlfilter
|
|
end
|
|
config spamfilter bword
|
|
end
|
|
config spamfilter bwl
|
|
end
|
|
config spamfilter mheader
|
|
end
|
|
config spamfilter dnsbl
|
|
end
|
|
config spamfilter iptrust
|
|
end
|
|
config log threat-weight
|
|
config web
|
|
edit 1
|
|
set category 26
|
|
set level high
|
|
next
|
|
edit 2
|
|
set category 61
|
|
set level high
|
|
next
|
|
edit 3
|
|
set category 86
|
|
set level high
|
|
next
|
|
edit 4
|
|
set category 1
|
|
set level medium
|
|
next
|
|
edit 5
|
|
set category 3
|
|
set level medium
|
|
next
|
|
edit 6
|
|
set category 4
|
|
set level medium
|
|
next
|
|
edit 7
|
|
set category 5
|
|
set level medium
|
|
next
|
|
edit 8
|
|
set category 6
|
|
set level medium
|
|
next
|
|
edit 9
|
|
set category 12
|
|
set level medium
|
|
next
|
|
edit 10
|
|
set category 59
|
|
set level medium
|
|
next
|
|
edit 11
|
|
set category 62
|
|
set level medium
|
|
next
|
|
edit 12
|
|
set category 83
|
|
set level medium
|
|
next
|
|
edit 13
|
|
set category 72
|
|
next
|
|
edit 14
|
|
set category 14
|
|
next
|
|
end
|
|
config application
|
|
edit 1
|
|
set category 2
|
|
next
|
|
edit 2
|
|
set category 6
|
|
set level medium
|
|
next
|
|
edit 3
|
|
set category 19
|
|
set level critical
|
|
next
|
|
end
|
|
end
|
|
config icap profile
|
|
edit default
|
|
next
|
|
end
|
|
config user local
|
|
edit guest
|
|
set passwd ENC EntYbQ4nWAFLGsQz5QbIt8MIxko4Ms6Nm/9fMo/5+L7FJO42JRExvl705N++oKwIB0NvfdWaiqfZ/LGPDSOVqRZnqn4pUWOlNVE6yfGxbCZUIXTlcSL58A2ok3Yd428rHETuf7mNrOJMdVS1tfnrx5+92ofsXVzAn/kpKeJLrtBRWNfBQ1YplQ2FfEDCHHW27akz4g==
|
|
set type password
|
|
next
|
|
end
|
|
config user group
|
|
edit SSO_Guest_Users
|
|
next
|
|
edit Guest-group
|
|
set member "guest"
|
|
next
|
|
end
|
|
config user device-group
|
|
edit Mobile Devices
|
|
set member "android-phone" "android-tablet" "blackberry-phone" "blackberry-playbook" "ipad" "iphone" "windows-phone" "windows-tablet"
|
|
set comment "Phones, tablets, etc."
|
|
next
|
|
edit Network Devices
|
|
set member "fortinet-device" "other-network-device" "router-nat-device"
|
|
set comment "Routers, firewalls, gateways, etc."
|
|
next
|
|
edit Others
|
|
set member "gaming-console" "media-streaming"
|
|
set comment "Other devices."
|
|
next
|
|
end
|
|
config vpn ssl web host-check-software
|
|
edit FortiClient-AV
|
|
set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81"
|
|
next
|
|
edit FortiClient-FW
|
|
set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
|
|
set type fw
|
|
next
|
|
edit FortiClient-AV-Vista-Win7
|
|
set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
|
|
next
|
|
edit FortiClient-FW-Vista-Win7
|
|
set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
|
|
set type fw
|
|
next
|
|
edit AVG-Internet-Security-AV
|
|
set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
|
|
next
|
|
edit AVG-Internet-Security-FW
|
|
set guid "8DECF618-9569-4340-B34A-D78D28969B66"
|
|
set type fw
|
|
next
|
|
edit AVG-Internet-Security-AV-Vista-Win7
|
|
set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
|
|
next
|
|
edit AVG-Internet-Security-FW-Vista-Win7
|
|
set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
|
|
set type fw
|
|
next
|
|
edit CA-Anti-Virus
|
|
set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
|
|
next
|
|
edit CA-Internet-Security-AV
|
|
set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
|
|
next
|
|
edit CA-Internet-Security-FW
|
|
set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
|
|
set type fw
|
|
next
|
|
edit CA-Internet-Security-AV-Vista-Win7
|
|
set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
|
|
next
|
|
edit CA-Internet-Security-FW-Vista-Win7
|
|
set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
|
|
set type fw
|
|
next
|
|
edit CA-Personal-Firewall
|
|
set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
|
|
set type fw
|
|
next
|
|
edit F-Secure-Internet-Security-AV
|
|
set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
|
|
next
|
|
edit F-Secure-Internet-Security-FW
|
|
set guid "D4747503-0346-49EB-9262-997542F79BF4"
|
|
set type fw
|
|
next
|
|
edit F-Secure-Internet-Security-AV-Vista-Win7
|
|
set guid "15414183-282E-D62C-CA37-EF24860A2F17"
|
|
next
|
|
edit F-Secure-Internet-Security-FW-Vista-Win7
|
|
set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
|
|
set type fw
|
|
next
|
|
edit Kaspersky-AV
|
|
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
|
|
next
|
|
edit Kaspersky-FW
|
|
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
|
|
set type fw
|
|
next
|
|
edit Kaspersky-AV-Vista-Win7
|
|
set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
|
|
next
|
|
edit Kaspersky-FW-Vista-Win7
|
|
set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
|
|
set type fw
|
|
next
|
|
edit McAfee-Internet-Security-Suite-AV
|
|
set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
|
|
next
|
|
edit McAfee-Internet-Security-Suite-FW
|
|
set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
|
|
set type fw
|
|
next
|
|
edit McAfee-Internet-Security-Suite-AV-Vista-Win7
|
|
set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
|
|
next
|
|
edit McAfee-Internet-Security-Suite-FW-Vista-Win7
|
|
set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
|
|
set type fw
|
|
next
|
|
edit McAfee-Virus-Scan-Enterprise
|
|
set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
|
|
next
|
|
edit Norton-360-2.0-AV
|
|
set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
|
|
next
|
|
edit Norton-360-2.0-FW
|
|
set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
|
|
set type fw
|
|
next
|
|
edit Norton-360-3.0-AV
|
|
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
|
|
next
|
|
edit Norton-360-3.0-FW
|
|
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
|
|
set type fw
|
|
next
|
|
edit Norton-Internet-Security-AV
|
|
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
|
|
next
|
|
edit Norton-Internet-Security-FW
|
|
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
|
|
set type fw
|
|
next
|
|
edit Norton-Internet-Security-AV-Vista-Win7
|
|
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
|
|
next
|
|
edit Norton-Internet-Security-FW-Vista-Win7
|
|
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
|
|
set type fw
|
|
next
|
|
edit Symantec-Endpoint-Protection-AV
|
|
set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
|
|
next
|
|
edit Symantec-Endpoint-Protection-FW
|
|
set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
|
|
set type fw
|
|
next
|
|
edit Symantec-Endpoint-Protection-AV-Vista-Win7
|
|
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
|
|
next
|
|
edit Symantec-Endpoint-Protection-FW-Vista-Win7
|
|
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
|
|
set type fw
|
|
next
|
|
edit Panda-Antivirus+Firewall-2008-AV
|
|
set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
|
|
next
|
|
edit Panda-Antivirus+Firewall-2008-FW
|
|
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
|
|
set type fw
|
|
next
|
|
edit Panda-Internet-Security-AV
|
|
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
|
|
next
|
|
edit Panda-Internet-Security-2006~2007-FW
|
|
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
|
|
set type fw
|
|
next
|
|
edit Panda-Internet-Security-2008~2009-FW
|
|
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
|
|
set type fw
|
|
next
|
|
edit Sophos-Anti-Virus
|
|
set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
|
|
next
|
|
edit Sophos-Enpoint-Secuirty-and-Control-FW
|
|
set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
|
|
set type fw
|
|
next
|
|
edit Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7
|
|
set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
|
|
next
|
|
edit Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7
|
|
set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
|
|
set type fw
|
|
next
|
|
edit Trend-Micro-AV
|
|
set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
|
|
next
|
|
edit Trend-Micro-FW
|
|
set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
|
|
set type fw
|
|
next
|
|
edit Trend-Micro-AV-Vista-Win7
|
|
set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
|
|
next
|
|
edit Trend-Micro-FW-Vista-Win7
|
|
set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
|
|
set type fw
|
|
next
|
|
edit ZoneAlarm-AV
|
|
set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
|
|
next
|
|
edit ZoneAlarm-FW
|
|
set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
|
|
set type fw
|
|
next
|
|
edit ZoneAlarm-AV-Vista-Win7
|
|
set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
|
|
next
|
|
edit ZoneAlarm-FW-Vista-Win7
|
|
set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
|
|
set type fw
|
|
next
|
|
edit ESET-Smart-Security-AV
|
|
set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
|
|
next
|
|
edit ESET-Smart-Security-FW
|
|
set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
|
|
set type fw
|
|
next
|
|
end
|
|
config vpn ssl web portal
|
|
edit full-access
|
|
set web-mode enable
|
|
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
|
|
set page-layout double-column
|
|
set ip-pools "SSLVPN_TUNNEL_ADDR1"
|
|
set ipv6-tunnel-mode enable
|
|
set tunnel-mode enable
|
|
next
|
|
edit web-access
|
|
set web-mode enable
|
|
next
|
|
edit tunnel-access
|
|
set ip-pools "SSLVPN_TUNNEL_ADDR1"
|
|
set ipv6-tunnel-mode enable
|
|
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
|
|
set tunnel-mode enable
|
|
next
|
|
end
|
|
config vpn ssl settings
|
|
set servercert "self-sign"
|
|
set port 443
|
|
end
|
|
config voip profile
|
|
edit default
|
|
set comment "Default VoIP profile."
|
|
next
|
|
edit strict
|
|
config sip
|
|
set malformed-header-max-forwards discard
|
|
set malformed-header-rack discard
|
|
set malformed-header-allow discard
|
|
set malformed-header-call-id discard
|
|
set malformed-header-sdp-v discard
|
|
set malformed-header-record-route discard
|
|
set malformed-header-contact discard
|
|
set malformed-header-sdp-s discard
|
|
set malformed-header-content-length discard
|
|
set malformed-header-sdp-z discard
|
|
set malformed-header-from discard
|
|
set malformed-header-route discard
|
|
set malformed-header-sdp-b discard
|
|
set malformed-header-sdp-c discard
|
|
set malformed-header-sdp-a discard
|
|
set malformed-header-sdp-o discard
|
|
set malformed-header-sdp-m discard
|
|
set malformed-header-sdp-k discard
|
|
set malformed-header-sdp-i discard
|
|
set malformed-header-to discard
|
|
set malformed-header-via discard
|
|
set malformed-header-sdp-t discard
|
|
set malformed-request-line discard
|
|
set malformed-header-sdp-r discard
|
|
set malformed-header-content-type discard
|
|
set malformed-header-expires discard
|
|
set malformed-header-rseq discard
|
|
set malformed-header-p-asserted-identity discard
|
|
set malformed-header-cseq discard
|
|
end
|
|
next
|
|
end
|
|
config webfilter profile
|
|
edit default
|
|
set comment "Default web filtering."
|
|
set post-action comfort
|
|
config ftgd-wf
|
|
config filters
|
|
edit 1
|
|
set category 2
|
|
set action warning
|
|
next
|
|
edit 2
|
|
set category 7
|
|
set action warning
|
|
next
|
|
edit 3
|
|
set category 8
|
|
set action warning
|
|
next
|
|
edit 4
|
|
set category 9
|
|
set action warning
|
|
next
|
|
edit 5
|
|
set category 11
|
|
set action warning
|
|
next
|
|
edit 6
|
|
set category 12
|
|
set action warning
|
|
next
|
|
edit 7
|
|
set category 13
|
|
set action warning
|
|
next
|
|
edit 8
|
|
set category 14
|
|
set action warning
|
|
next
|
|
edit 9
|
|
set category 15
|
|
set action warning
|
|
next
|
|
edit 10
|
|
set category 16
|
|
set action warning
|
|
next
|
|
edit 11
|
|
set action warning
|
|
next
|
|
edit 12
|
|
set category 57
|
|
set action warning
|
|
next
|
|
edit 13
|
|
set category 63
|
|
set action warning
|
|
next
|
|
edit 14
|
|
set category 64
|
|
set action warning
|
|
next
|
|
edit 15
|
|
set category 65
|
|
set action warning
|
|
next
|
|
edit 16
|
|
set category 66
|
|
set action warning
|
|
next
|
|
edit 17
|
|
set category 67
|
|
set action warning
|
|
next
|
|
edit 18
|
|
set category 26
|
|
set action block
|
|
next
|
|
end
|
|
end
|
|
next
|
|
edit web-filter-flow
|
|
set comment "Flow-based web filter profile."
|
|
set inspection-mode flow-based
|
|
set post-action comfort
|
|
config ftgd-wf
|
|
config filters
|
|
edit 1
|
|
set category 2
|
|
next
|
|
edit 2
|
|
set category 7
|
|
next
|
|
edit 3
|
|
set category 8
|
|
next
|
|
edit 4
|
|
set category 9
|
|
next
|
|
edit 5
|
|
set category 11
|
|
next
|
|
edit 6
|
|
set category 12
|
|
next
|
|
edit 7
|
|
set category 13
|
|
next
|
|
edit 8
|
|
set category 14
|
|
next
|
|
edit 9
|
|
set category 15
|
|
next
|
|
edit 10
|
|
set category 16
|
|
next
|
|
edit 11
|
|
next
|
|
edit 12
|
|
set category 57
|
|
next
|
|
edit 13
|
|
set category 63
|
|
next
|
|
edit 14
|
|
set category 64
|
|
next
|
|
edit 15
|
|
set category 65
|
|
next
|
|
edit 16
|
|
set category 66
|
|
next
|
|
edit 17
|
|
set category 67
|
|
next
|
|
edit 18
|
|
set category 26
|
|
set action block
|
|
next
|
|
end
|
|
end
|
|
next
|
|
edit monitor-all
|
|
set comment "Monitor and log all visited URLs, proxy-based."
|
|
set web-content-log disable
|
|
set web-filter-applet-log disable
|
|
set web-ftgd-err-log disable
|
|
set web-filter-command-block-log disable
|
|
set web-filter-jscript-log disable
|
|
set web-filter-activex-log disable
|
|
set web-filter-referer-log disable
|
|
set web-filter-js-log disable
|
|
set web-invalid-domain-log disable
|
|
set web-ftgd-quota-usage disable
|
|
set web-filter-vbs-log disable
|
|
set web-filter-unknown-log disable
|
|
set web-filter-cookie-log disable
|
|
set log-all-url enable
|
|
set web-filter-cookie-removal-log disable
|
|
set web-url-log disable
|
|
config ftgd-wf
|
|
config filters
|
|
edit 1
|
|
set category 1
|
|
next
|
|
edit 2
|
|
set category 3
|
|
next
|
|
edit 3
|
|
set category 4
|
|
next
|
|
edit 4
|
|
set category 5
|
|
next
|
|
edit 5
|
|
set category 6
|
|
next
|
|
edit 6
|
|
set category 12
|
|
next
|
|
edit 7
|
|
set category 59
|
|
next
|
|
edit 8
|
|
set category 62
|
|
next
|
|
edit 9
|
|
set category 83
|
|
next
|
|
edit 10
|
|
set category 2
|
|
next
|
|
edit 11
|
|
set category 7
|
|
next
|
|
edit 12
|
|
set category 8
|
|
next
|
|
edit 13
|
|
set category 9
|
|
next
|
|
edit 14
|
|
set category 11
|
|
next
|
|
edit 15
|
|
set category 13
|
|
next
|
|
edit 16
|
|
set category 14
|
|
next
|
|
edit 17
|
|
set category 15
|
|
next
|
|
edit 18
|
|
set category 16
|
|
next
|
|
edit 19
|
|
set category 57
|
|
next
|
|
edit 20
|
|
set category 63
|
|
next
|
|
edit 21
|
|
set category 64
|
|
next
|
|
edit 22
|
|
set category 65
|
|
next
|
|
edit 23
|
|
set category 66
|
|
next
|
|
edit 24
|
|
set category 67
|
|
next
|
|
edit 25
|
|
set category 19
|
|
next
|
|
edit 26
|
|
set category 24
|
|
next
|
|
edit 27
|
|
set category 25
|
|
next
|
|
edit 28
|
|
set category 72
|
|
next
|
|
edit 29
|
|
set category 75
|
|
next
|
|
edit 30
|
|
set category 76
|
|
next
|
|
edit 31
|
|
set category 26
|
|
next
|
|
edit 32
|
|
set category 61
|
|
next
|
|
edit 33
|
|
set category 86
|
|
next
|
|
edit 34
|
|
set category 17
|
|
next
|
|
edit 35
|
|
set category 18
|
|
next
|
|
edit 36
|
|
set category 20
|
|
next
|
|
edit 37
|
|
set category 23
|
|
next
|
|
edit 38
|
|
set category 28
|
|
next
|
|
edit 39
|
|
set category 29
|
|
next
|
|
edit 40
|
|
set category 30
|
|
next
|
|
edit 41
|
|
set category 33
|
|
next
|
|
edit 42
|
|
set category 34
|
|
next
|
|
edit 43
|
|
set category 35
|
|
next
|
|
edit 44
|
|
set category 36
|
|
next
|
|
edit 45
|
|
set category 37
|
|
next
|
|
edit 46
|
|
set category 38
|
|
next
|
|
edit 47
|
|
set category 39
|
|
next
|
|
edit 48
|
|
set category 40
|
|
next
|
|
edit 49
|
|
set category 42
|
|
next
|
|
edit 50
|
|
set category 44
|
|
next
|
|
edit 51
|
|
set category 46
|
|
next
|
|
edit 52
|
|
set category 47
|
|
next
|
|
edit 53
|
|
set category 48
|
|
next
|
|
edit 54
|
|
set category 54
|
|
next
|
|
edit 55
|
|
set category 55
|
|
next
|
|
edit 56
|
|
set category 58
|
|
next
|
|
edit 57
|
|
set category 68
|
|
next
|
|
edit 58
|
|
set category 69
|
|
next
|
|
edit 59
|
|
set category 70
|
|
next
|
|
edit 60
|
|
set category 71
|
|
next
|
|
edit 61
|
|
set category 77
|
|
next
|
|
edit 62
|
|
set category 78
|
|
next
|
|
edit 63
|
|
set category 79
|
|
next
|
|
edit 64
|
|
set category 80
|
|
next
|
|
edit 65
|
|
set category 82
|
|
next
|
|
edit 66
|
|
set category 85
|
|
next
|
|
edit 67
|
|
set category 87
|
|
next
|
|
edit 68
|
|
set category 31
|
|
next
|
|
edit 69
|
|
set category 41
|
|
next
|
|
edit 70
|
|
set category 43
|
|
next
|
|
edit 71
|
|
set category 49
|
|
next
|
|
edit 72
|
|
set category 50
|
|
next
|
|
edit 73
|
|
set category 51
|
|
next
|
|
edit 74
|
|
set category 52
|
|
next
|
|
edit 75
|
|
set category 53
|
|
next
|
|
edit 76
|
|
set category 56
|
|
next
|
|
edit 77
|
|
set category 81
|
|
next
|
|
edit 78
|
|
set category 84
|
|
next
|
|
edit 79
|
|
next
|
|
end
|
|
end
|
|
next
|
|
edit flow-monitor-all
|
|
set comment "Monitor and log all visited URLs, flow-based."
|
|
set web-content-log disable
|
|
set web-filter-applet-log disable
|
|
set web-ftgd-err-log disable
|
|
set web-filter-jscript-log disable
|
|
set web-filter-activex-log disable
|
|
set web-filter-referer-log disable
|
|
set web-filter-js-log disable
|
|
set web-invalid-domain-log disable
|
|
set inspection-mode flow-based
|
|
set web-ftgd-quota-usage disable
|
|
set web-filter-command-block-log disable
|
|
set web-filter-vbs-log disable
|
|
set web-filter-unknown-log disable
|
|
set web-filter-cookie-log disable
|
|
set log-all-url enable
|
|
set web-filter-cookie-removal-log disable
|
|
set web-url-log disable
|
|
config ftgd-wf
|
|
config filters
|
|
edit 1
|
|
set category 1
|
|
next
|
|
edit 2
|
|
set category 3
|
|
next
|
|
edit 3
|
|
set category 4
|
|
next
|
|
edit 4
|
|
set category 5
|
|
next
|
|
edit 5
|
|
set category 6
|
|
next
|
|
edit 6
|
|
set category 12
|
|
next
|
|
edit 7
|
|
set category 59
|
|
next
|
|
edit 8
|
|
set category 62
|
|
next
|
|
edit 9
|
|
set category 83
|
|
next
|
|
edit 10
|
|
set category 2
|
|
next
|
|
edit 11
|
|
set category 7
|
|
next
|
|
edit 12
|
|
set category 8
|
|
next
|
|
edit 13
|
|
set category 9
|
|
next
|
|
edit 14
|
|
set category 11
|
|
next
|
|
edit 15
|
|
set category 13
|
|
next
|
|
edit 16
|
|
set category 14
|
|
next
|
|
edit 17
|
|
set category 15
|
|
next
|
|
edit 18
|
|
set category 16
|
|
next
|
|
edit 19
|
|
set category 57
|
|
next
|
|
edit 20
|
|
set category 63
|
|
next
|
|
edit 21
|
|
set category 64
|
|
next
|
|
edit 22
|
|
set category 65
|
|
next
|
|
edit 23
|
|
set category 66
|
|
next
|
|
edit 24
|
|
set category 67
|
|
next
|
|
edit 25
|
|
set category 19
|
|
next
|
|
edit 26
|
|
set category 24
|
|
next
|
|
edit 27
|
|
set category 25
|
|
next
|
|
edit 28
|
|
set category 72
|
|
next
|
|
edit 29
|
|
set category 75
|
|
next
|
|
edit 30
|
|
set category 76
|
|
next
|
|
edit 31
|
|
set category 26
|
|
next
|
|
edit 32
|
|
set category 61
|
|
next
|
|
edit 33
|
|
set category 86
|
|
next
|
|
edit 34
|
|
set category 17
|
|
next
|
|
edit 35
|
|
set category 18
|
|
next
|
|
edit 36
|
|
set category 20
|
|
next
|
|
edit 37
|
|
set category 23
|
|
next
|
|
edit 38
|
|
set category 28
|
|
next
|
|
edit 39
|
|
set category 29
|
|
next
|
|
edit 40
|
|
set category 30
|
|
next
|
|
edit 41
|
|
set category 33
|
|
next
|
|
edit 42
|
|
set category 34
|
|
next
|
|
edit 43
|
|
set category 35
|
|
next
|
|
edit 44
|
|
set category 36
|
|
next
|
|
edit 45
|
|
set category 37
|
|
next
|
|
edit 46
|
|
set category 38
|
|
next
|
|
edit 47
|
|
set category 39
|
|
next
|
|
edit 48
|
|
set category 40
|
|
next
|
|
edit 49
|
|
set category 42
|
|
next
|
|
edit 50
|
|
set category 44
|
|
next
|
|
edit 51
|
|
set category 46
|
|
next
|
|
edit 52
|
|
set category 47
|
|
next
|
|
edit 53
|
|
set category 48
|
|
next
|
|
edit 54
|
|
set category 54
|
|
next
|
|
edit 55
|
|
set category 55
|
|
next
|
|
edit 56
|
|
set category 58
|
|
next
|
|
edit 57
|
|
set category 68
|
|
next
|
|
edit 58
|
|
set category 69
|
|
next
|
|
edit 59
|
|
set category 70
|
|
next
|
|
edit 60
|
|
set category 71
|
|
next
|
|
edit 61
|
|
set category 77
|
|
next
|
|
edit 62
|
|
set category 78
|
|
next
|
|
edit 63
|
|
set category 79
|
|
next
|
|
edit 64
|
|
set category 80
|
|
next
|
|
edit 65
|
|
set category 82
|
|
next
|
|
edit 66
|
|
set category 85
|
|
next
|
|
edit 67
|
|
set category 87
|
|
next
|
|
edit 68
|
|
set category 31
|
|
next
|
|
edit 69
|
|
set category 41
|
|
next
|
|
edit 70
|
|
set category 43
|
|
next
|
|
edit 71
|
|
set category 49
|
|
next
|
|
edit 72
|
|
set category 50
|
|
next
|
|
edit 73
|
|
set category 51
|
|
next
|
|
edit 74
|
|
set category 52
|
|
next
|
|
edit 75
|
|
set category 53
|
|
next
|
|
edit 76
|
|
set category 56
|
|
next
|
|
edit 77
|
|
set category 81
|
|
next
|
|
edit 78
|
|
set category 84
|
|
next
|
|
edit 79
|
|
next
|
|
end
|
|
end
|
|
next
|
|
edit block-security-risks
|
|
set comment "Block security risks."
|
|
config ftgd-wf
|
|
set options rate-server-ip
|
|
config filters
|
|
edit 1
|
|
set category 26
|
|
set action block
|
|
next
|
|
edit 2
|
|
set category 61
|
|
set action block
|
|
next
|
|
edit 3
|
|
set category 86
|
|
set action block
|
|
next
|
|
edit 4
|
|
set action warning
|
|
next
|
|
end
|
|
end
|
|
next
|
|
end
|
|
config webfilter override
|
|
end
|
|
config webfilter override-user
|
|
end
|
|
config webfilter ftgd-warning
|
|
end
|
|
config webfilter ftgd-local-rating
|
|
end
|
|
config webfilter search-engine
|
|
edit google
|
|
set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
|
|
set query "q="
|
|
set safesearch url
|
|
set hostname ".*\\.google\\..*"
|
|
set safesearch-str "&safe=active"
|
|
next
|
|
edit yahoo
|
|
set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
|
|
set query "p="
|
|
set safesearch url
|
|
set hostname ".*\\.yahoo\\..*"
|
|
set safesearch-str "&vm=r"
|
|
next
|
|
edit bing
|
|
set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
|
|
set query "q="
|
|
set safesearch url
|
|
set hostname "www\\.bing\\.com"
|
|
set safesearch-str "&adlt=strict"
|
|
next
|
|
edit yandex
|
|
set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"
|
|
set query "text="
|
|
set safesearch url
|
|
set hostname "yandex\\..*"
|
|
set safesearch-str "&family=yes"
|
|
next
|
|
edit youtube
|
|
set safesearch header
|
|
set hostname ".*\\.youtube\\..*"
|
|
next
|
|
edit baidu
|
|
set url "^\\/s?\\?"
|
|
set query "wd="
|
|
set hostname ".*\\.baidu\\.com"
|
|
next
|
|
edit baidu2
|
|
set url "^\\/(ns|q|m|i|v)\\?"
|
|
set query "word="
|
|
set hostname ".*\\.baidu\\.com"
|
|
next
|
|
edit baidu3
|
|
set url "^\\/f\\?"
|
|
set query "kw="
|
|
set hostname "tieba\\.baidu\\.com"
|
|
next
|
|
end
|
|
config antivirus profile
|
|
edit default
|
|
set comment "Scan files and block viruses."
|
|
config http
|
|
set options scan
|
|
end
|
|
config ftp
|
|
set options scan
|
|
end
|
|
config imap
|
|
set options scan
|
|
end
|
|
config pop3
|
|
set options scan
|
|
end
|
|
config smtp
|
|
set options scan
|
|
end
|
|
next
|
|
end
|
|
config spamfilter profile
|
|
edit default
|
|
set comment "Malware and phishing URL filtering."
|
|
next
|
|
end
|
|
config wanopt settings
|
|
set host-id "default-id"
|
|
end
|
|
config wanopt profile
|
|
edit default
|
|
set comments "Default WANopt profile."
|
|
next
|
|
end
|
|
config firewall schedule recurring
|
|
edit always
|
|
set day sunday monday tuesday wednesday thursday friday saturday
|
|
next
|
|
edit none
|
|
set day none
|
|
next
|
|
end
|
|
config firewall profile-protocol-options
|
|
edit default
|
|
set comment "All default services."
|
|
config http
|
|
set ports 80
|
|
end
|
|
config ftp
|
|
set ports 21
|
|
set options splice
|
|
end
|
|
config imap
|
|
set ports 143
|
|
set options fragmail
|
|
end
|
|
config mapi
|
|
set ports 135
|
|
set options fragmail
|
|
end
|
|
config pop3
|
|
set ports 110
|
|
set options fragmail
|
|
end
|
|
config smtp
|
|
set ports 25
|
|
set options fragmail splice
|
|
end
|
|
config nntp
|
|
set ports 119
|
|
set options splice
|
|
end
|
|
config dns
|
|
set ports 53
|
|
end
|
|
next
|
|
end
|
|
config firewall ssl-ssh-profile
|
|
edit deep-inspection
|
|
set comment "Deep inspection."
|
|
config https
|
|
set ports 443
|
|
end
|
|
config ftps
|
|
set ports 990
|
|
end
|
|
config imaps
|
|
set ports 993
|
|
end
|
|
config pop3s
|
|
set ports 995
|
|
end
|
|
config smtps
|
|
set ports 465
|
|
end
|
|
config ssh
|
|
set ports 22
|
|
end
|
|
config ssl-exempt
|
|
edit 1
|
|
set fortiguard-category 31
|
|
next
|
|
edit 2
|
|
set fortiguard-category 33
|
|
next
|
|
edit 3
|
|
set fortiguard-category 87
|
|
next
|
|
edit 4
|
|
set type address
|
|
set address "apple"
|
|
next
|
|
edit 5
|
|
set type address
|
|
set address "appstore"
|
|
next
|
|
edit 6
|
|
set type address
|
|
set address "dropbox.com"
|
|
next
|
|
edit 7
|
|
set type address
|
|
set address "Gotomeeting"
|
|
next
|
|
edit 8
|
|
set type address
|
|
set address "icloud"
|
|
next
|
|
edit 9
|
|
set type address
|
|
set address "itunes"
|
|
next
|
|
edit 10
|
|
set type address
|
|
set address "android"
|
|
next
|
|
edit 11
|
|
set type address
|
|
set address "skype"
|
|
next
|
|
edit 12
|
|
set type address
|
|
set address "swscan.apple.com"
|
|
next
|
|
edit 13
|
|
set type address
|
|
set address "update.microsoft.com"
|
|
next
|
|
edit 14
|
|
set type address
|
|
set address "eease"
|
|
next
|
|
edit 15
|
|
set type address
|
|
set address "google-drive"
|
|
next
|
|
edit 16
|
|
set type address
|
|
set address "google-play"
|
|
next
|
|
edit 17
|
|
set type address
|
|
set address "google-play2"
|
|
next
|
|
edit 18
|
|
set type address
|
|
set address "google-play3"
|
|
next
|
|
edit 19
|
|
set type address
|
|
set address "microsoft"
|
|
next
|
|
edit 20
|
|
set type address
|
|
set address "adobe"
|
|
next
|
|
edit 21
|
|
set type address
|
|
set address "Adobe Login"
|
|
next
|
|
edit 22
|
|
set type address
|
|
set address "fortinet"
|
|
next
|
|
edit 23
|
|
set type address
|
|
set address "googleapis.com"
|
|
next
|
|
edit 24
|
|
set type address
|
|
set address "citrix"
|
|
next
|
|
edit 25
|
|
set type address
|
|
set address "verisign"
|
|
next
|
|
edit 26
|
|
set type address
|
|
set address "Windows update 2"
|
|
next
|
|
edit 27
|
|
set type address
|
|
set address "*.live.com"
|
|
next
|
|
edit 28
|
|
set type address
|
|
set address "auth.gfx.ms"
|
|
next
|
|
edit 29
|
|
set type address
|
|
set address "autoupdate.opera.com"
|
|
next
|
|
edit 30
|
|
set type address
|
|
set address "softwareupdate.vmware.com"
|
|
next
|
|
edit 31
|
|
set type address
|
|
set address "firefox update server"
|
|
next
|
|
end
|
|
next
|
|
edit certificate-inspection
|
|
set comment "SSL handshake inspection."
|
|
config https
|
|
set status certificate-inspection
|
|
set ports 443
|
|
end
|
|
config ftps
|
|
set status disable
|
|
set ports 990
|
|
end
|
|
config imaps
|
|
set status disable
|
|
set ports 993
|
|
end
|
|
config pop3s
|
|
set status disable
|
|
set ports 995
|
|
end
|
|
config smtps
|
|
set status disable
|
|
set ports 465
|
|
end
|
|
config ssh
|
|
set status disable
|
|
set ports 22
|
|
end
|
|
next
|
|
end
|
|
config firewall identity-based-route
|
|
end
|
|
config firewall policy
|
|
end
|
|
config firewall local-in-policy
|
|
end
|
|
config firewall policy6
|
|
end
|
|
config firewall local-in-policy6
|
|
end
|
|
config firewall ttl-policy
|
|
end
|
|
config firewall policy64
|
|
end
|
|
config firewall policy46
|
|
end
|
|
config firewall explicit-proxy-policy
|
|
end
|
|
config firewall interface-policy
|
|
end
|
|
config firewall interface-policy6
|
|
end
|
|
config firewall DoS-policy
|
|
end
|
|
config firewall DoS-policy6
|
|
end
|
|
config firewall sniffer
|
|
end
|
|
config endpoint-control profile
|
|
edit default
|
|
config forticlient-winmac-settings
|
|
set forticlient-wf-profile "default"
|
|
end
|
|
config forticlient-android-settings
|
|
end
|
|
config forticlient-ios-settings
|
|
end
|
|
next
|
|
end
|
|
config wireless-controller wids-profile
|
|
edit default
|
|
set comment "Default WIDS profile."
|
|
set deauth-broadcast enable
|
|
set assoc-frame-flood enable
|
|
set invalid-mac-oui enable
|
|
set ap-scan enable
|
|
set long-duration-attack enable
|
|
set eapol-logoff-flood enable
|
|
set eapol-succ-flood enable
|
|
set eapol-start-flood enable
|
|
set eapol-fail-flood enable
|
|
set wireless-bridge enable
|
|
set eapol-pre-succ-flood enable
|
|
set auth-frame-flood enable
|
|
set asleap-attack enable
|
|
set eapol-pre-fail-flood enable
|
|
set spoofed-deauth enable
|
|
set weak-wep-iv enable
|
|
set null-ssid-probe-resp enable
|
|
next
|
|
edit default-wids-apscan-enabled
|
|
set ap-scan enable
|
|
next
|
|
end
|
|
config wireless-controller wtp-profile
|
|
edit FAP112B-default
|
|
set ap-country US
|
|
config platform
|
|
set type 112B
|
|
end
|
|
config radio-1
|
|
set band 802.11n
|
|
end
|
|
config radio-2
|
|
set mode disabled
|
|
end
|
|
next
|
|
edit FAP220B-default
|
|
set ap-country US
|
|
config radio-1
|
|
set band 802.11n-5G
|
|
end
|
|
config radio-2
|
|
set band 802.11n
|
|
end
|
|
next
|
|
edit FAP223B-default
|
|
set ap-country US
|
|
config platform
|
|
set type 223B
|
|
end
|
|
config radio-1
|
|
set band 802.11n-5G
|
|
end
|
|
config radio-2
|
|
set band 802.11n
|
|
end
|
|
next
|
|
edit FAP210B-default
|
|
set ap-country US
|
|
config platform
|
|
set type 210B
|
|
end
|
|
config radio-1
|
|
set band 802.11n
|
|
end
|
|
config radio-2
|
|
set mode disabled
|
|
end
|
|
next
|
|
edit FAP222B-default
|
|
set ap-country US
|
|
config platform
|
|
set type 222B
|
|
end
|
|
config radio-1
|
|
set band 802.11n
|
|
end
|
|
config radio-2
|
|
set band 802.11n-5G
|
|
end
|
|
next
|
|
edit FAP320B-default
|
|
set ap-country US
|
|
config platform
|
|
set type 320B
|
|
end
|
|
config radio-1
|
|
set band 802.11n-5G
|
|
end
|
|
config radio-2
|
|
set band 802.11n
|
|
end
|
|
next
|
|
edit FAP11C-default
|
|
set ap-country US
|
|
config platform
|
|
set type 11C
|
|
end
|
|
config radio-1
|
|
set band 802.11n
|
|
end
|
|
config radio-2
|
|
set mode disabled
|
|
end
|
|
next
|
|
edit FAP14C-default
|
|
set ap-country US
|
|
config platform
|
|
set type 14C
|
|
end
|
|
config radio-1
|
|
set band 802.11n
|
|
end
|
|
config radio-2
|
|
set mode disabled
|
|
end
|
|
next
|
|
edit FAP28C-default
|
|
set ap-country US
|
|
config platform
|
|
set type 28C
|
|
end
|
|
config radio-1
|
|
set band 802.11n
|
|
end
|
|
config radio-2
|
|
set mode disabled
|
|
end
|
|
next
|
|
edit FAP320C-default
|
|
set ap-country US
|
|
config platform
|
|
set type 320C
|
|
end
|
|
config radio-1
|
|
set band 802.11n
|
|
end
|
|
config radio-2
|
|
set band 802.11ac
|
|
end
|
|
next
|
|
edit FAP221C-default
|
|
set ap-country US
|
|
config platform
|
|
set type 221C
|
|
end
|
|
config radio-1
|
|
set band 802.11n
|
|
end
|
|
config radio-2
|
|
set band 802.11ac
|
|
end
|
|
next
|
|
edit FAP25D-default
|
|
set ap-country US
|
|
config platform
|
|
set type 25D
|
|
end
|
|
config radio-1
|
|
set band 802.11n
|
|
end
|
|
config radio-2
|
|
set mode disabled
|
|
end
|
|
next
|
|
edit FAP222C-default
|
|
set ap-country US
|
|
config platform
|
|
set type 222C
|
|
end
|
|
config radio-1
|
|
set band 802.11n
|
|
end
|
|
config radio-2
|
|
set band 802.11ac
|
|
end
|
|
next
|
|
edit FAP224D-default
|
|
set ap-country US
|
|
config platform
|
|
set type 224D
|
|
end
|
|
config radio-1
|
|
set band 802.11n-5G
|
|
end
|
|
config radio-2
|
|
set band 802.11n
|
|
end
|
|
next
|
|
edit FK214B-default
|
|
set ap-country US
|
|
config platform
|
|
set type 214B
|
|
end
|
|
config radio-1
|
|
set band 802.11n
|
|
end
|
|
config radio-2
|
|
set mode disabled
|
|
end
|
|
next
|
|
edit FAP21D-default
|
|
set ap-country US
|
|
config platform
|
|
set type 21D
|
|
end
|
|
config radio-1
|
|
set band 802.11n
|
|
end
|
|
config radio-2
|
|
set mode disabled
|
|
end
|
|
next
|
|
edit FAP24D-default
|
|
set ap-country US
|
|
config platform
|
|
set type 24D
|
|
end
|
|
config radio-1
|
|
set band 802.11n
|
|
end
|
|
config radio-2
|
|
set mode disabled
|
|
end
|
|
next
|
|
edit FAP112D-default
|
|
set ap-country US
|
|
config platform
|
|
set type 112D
|
|
end
|
|
config radio-1
|
|
set band 802.11n
|
|
end
|
|
config radio-2
|
|
set mode disabled
|
|
end
|
|
next
|
|
edit FAP223C-default
|
|
set ap-country US
|
|
config platform
|
|
set type 223C
|
|
end
|
|
config radio-1
|
|
set band 802.11n
|
|
end
|
|
config radio-2
|
|
set band 802.11ac
|
|
end
|
|
next
|
|
edit FAP321C-default
|
|
set ap-country US
|
|
config platform
|
|
set type 321C
|
|
end
|
|
config radio-1
|
|
set band 802.11n
|
|
end
|
|
config radio-2
|
|
set band 802.11ac
|
|
end
|
|
next
|
|
end
|
|
config log memory setting
|
|
set status enable
|
|
end
|
|
config router rip
|
|
config redistribute connected
|
|
end
|
|
config redistribute static
|
|
end
|
|
config redistribute ospf
|
|
end
|
|
config redistribute bgp
|
|
end
|
|
config redistribute isis
|
|
end
|
|
end
|
|
config router ripng
|
|
config redistribute connected
|
|
end
|
|
config redistribute static
|
|
end
|
|
config redistribute ospf
|
|
end
|
|
config redistribute bgp
|
|
end
|
|
config redistribute isis
|
|
end
|
|
end
|
|
config router ospf
|
|
config redistribute connected
|
|
end
|
|
config redistribute static
|
|
end
|
|
config redistribute rip
|
|
end
|
|
config redistribute bgp
|
|
end
|
|
config redistribute isis
|
|
end
|
|
end
|
|
config router ospf6
|
|
config redistribute connected
|
|
end
|
|
config redistribute static
|
|
end
|
|
config redistribute rip
|
|
end
|
|
config redistribute bgp
|
|
end
|
|
config redistribute isis
|
|
end
|
|
end
|
|
config router bgp
|
|
config redistribute connected
|
|
end
|
|
config redistribute rip
|
|
end
|
|
config redistribute ospf
|
|
end
|
|
config redistribute static
|
|
end
|
|
config redistribute isis
|
|
end
|
|
config redistribute6 connected
|
|
end
|
|
config redistribute6 rip
|
|
end
|
|
config redistribute6 ospf
|
|
end
|
|
config redistribute6 static
|
|
end
|
|
config redistribute6 isis
|
|
end
|
|
end
|
|
config router isis
|
|
config redistribute connected
|
|
end
|
|
config redistribute rip
|
|
end
|
|
config redistribute ospf
|
|
end
|
|
config redistribute bgp
|
|
end
|
|
config redistribute static
|
|
end
|
|
end
|
|
config router multicast
|
|
end
|