FG_VM-Demo $ show
#config-version=FortiGate-VM64 v6.2.3,build1066,191218 (GA):opmode=1:vdom=0:user=demo
#conf_file_ver=0
#buildno=1234
#global_vdom=1
config vdom
edit root
next
edit ro
next
end

config global
config system global
    set admintimeout 30
    set hostname "fortigate-02"
    set switch-controller enable
    set timezone 60
    set vdom-admin enable
end
config system interface
    edit "dmz"
        set vdom "root"
        set status down
        set type physical
        set role dmz
        set snmp-index 1
    next
    edit "port1"
        set vdom "root"
        set ip 192.168.122.10 255.255.255.0
        set allowaccess ping
        set type physical
        set role lan
        set snmp-index 3
    next
    edit "port2"
        set vdom "ro"
        set ip 192.168.1.10 255.255.255.0
        set allowaccess ping
        set type physical
        set role lan
        set snmp-index 12
    next
end
config system object-tagging
    edit "default"
    next
end
config switch-controller traffic-policy
    edit "quarantine"
        set description "Rate control for quarantined traffic"
        set guaranteed-bandwidth 163840
        set guaranteed-burst 8192
        set maximum-burst 163840
        set cos-queue 0
    next
    edit "sniffer"
        set description "Rate control for sniffer mirrored traffic"
        set guaranteed-bandwidth 50000
        set guaranteed-burst 8192
        set maximum-burst 163840
        set cos-queue 0
    next
end
config system settings
    set sip-expectation enable
    set gui-explicit-proxy enable
end
config system replacemsg-group
    edit "default"
        set comment "Default replacement message group."
    next
end
end

config vdom
edit root
config firewall address
    edit "FABRIC_DEVICE"
        set uuid a76e2dd8-aa8f-51e9-0fac-7aa6777f1d88
        set comment "IPv4 addresses of Fabric Devices."
    next
    edit "FIREWALL_AUTH_PORTAL_ADDRESS"
        set uuid d9d069fa-7ebb-51e7-2cd0-c9608532cb24
    next
    edit "SSLVPN_TUNNEL_ADDR1"
        set uuid be8eb8c0-986e-51e5-dc97-478e3a276638
        set type iprange
        set start-ip 192.168.5.200
        set end-ip 192.168.5.202
    next
    edit "all"
        set uuid be8d610a-986e-51e5-53bc-39bec5c48aeb
    next
    edit "none"
        set uuid be57b29e-986e-51e5-49db-e69f24c72156
        set subnet 0.0.0.0 255.255.255.255
    next
    edit "login.microsoftonline.com"
        set uuid af60459e-aa8f-51e9-5aa5-78d3091b8e9b
        set type fqdn
        set fqdn "login.microsoftonline.com"
    next
    edit "login.microsoft.com"
        set uuid af604954-aa8f-51e9-eecc-d4526e0952a7
        set type fqdn
        set fqdn "login.microsoft.com"
    next
    edit "login.windows.net"
        set uuid af604bca-aa8f-51e9-c190-e8272431b6a1
        set type fqdn
        set fqdn "login.windows.net"
    next
    edit "gmail.com"
        set uuid af604e22-aa8f-51e9-c969-a204fe038d3d
        set type fqdn
        set fqdn "gmail.com"
    next
    edit "wildcard.google.com"
        set uuid af6050b6-aa8f-51e9-c36b-0a18477fb70d
        set type fqdn
        set fqdn "*.google.com"
    next
    edit "wildcard.dropbox.com"
        set uuid af605336-aa8f-51e9-7681-1339395b0f08
        set type fqdn
        set fqdn "*.dropbox.com"
    next
    edit "FCTEMS_ALL_FORTICLOUD_SERVERS"
        set uuid e5650e66-7b7e-51ea-d8ad-649c2568d229
        set type dynamic
    next
    edit "network_192.168.1.0/24"
        set uuid 833281c2-75f3-4779-b5b0-55154d0766c2
        set associated-interface "port1"
        set subnet 192.168.1.0 255.255.255.0
    next
    edit "network_192.168.122.0/24"
        set uuid 4dccf13a-864e-46db-8e45-f703f7f5e4fa
        set associated-interface "port2"
        set subnet 192.168.122.0 255.255.255.0
    next
    edit "host_192.168.122.1"
        set uuid b057f4d9-05d4-4516-b581-918a1d9ca66c
        set associated-interface "port2"
        set subnet 192.168.122.1 255.255.255.255
    next
end
config firewall multicast-address
    edit "all"
        set start-ip 224.0.0.0
        set end-ip 239.255.255.255
    next
    edit "all_hosts"
        set start-ip 224.0.0.1
        set end-ip 224.0.0.1
    next
    edit "all_routers"
        set start-ip 224.0.0.2
        set end-ip 224.0.0.2
    next
    edit "Bonjour"
        set start-ip 224.0.0.251
        set end-ip 224.0.0.251
    next
    edit "EIGRP"
        set start-ip 224.0.0.10
        set end-ip 224.0.0.10
    next
    edit "OSPF"
        set start-ip 224.0.0.5
        set end-ip 224.0.0.6
    next
end
config firewall address6
    edit "SSLVPN_TUNNEL_IPv6_ADDR1"
        set uuid be8eba1e-986e-51e5-0a3a-4ddcdd701106
        set ip6 fdff:ffff::/120
    next
    edit "all"
        set uuid be8d633a-986e-51e5-b335-2325460720e0
    next
    edit "none"
        set uuid be58271a-986e-51e5-dc8b-471e5f6ce676
        set ip6 ::/128
    next
end
config firewall multicast-address6
    edit "all"
        set ip6 ff00::/8
    next
end
config firewall addrgrp
    edit "Microsoft Office 365"
        set uuid af6055c0-aa8f-51e9-9a4f-98e92eff371f
        set member "login.microsoftonline.com" "login.microsoft.com" "login.windows.net"
    next
    edit "G Suite"
        set uuid af60599e-aa8f-51e9-c489-084025e179a6
        set member "gmail.com" "wildcard.google.com"
    next
    edit "Monitor_Servers"
        set uuid f0b5a5c5-6c90-4ee8-9f02-31c445e868b5
        set member "host_192.168.3.1" "host_192.168.3.3" "host_192.168.3.5"
    next
end
config firewall wildcard-fqdn custom
    edit "g-Adobe Login"
        set uuid d11bcff0-9442-51e8-01be-32d8da4f7463
        set wildcard-fqdn "*.adobelogin.com"
    next
    edit "g-Gotomeeting"
        set uuid d11be094-9442-51e8-53e6-46035c800b06
        set wildcard-fqdn "*.gotomeeting.com"
    next
    edit "g-Windows update 2"
        set uuid d11beddc-9442-51e8-c8e7-11194c099c10
        set wildcard-fqdn "*.windowsupdate.com"
    next
    edit "g-adobe"
        set uuid d11bcdac-9442-51e8-8684-6d383935053c
        set wildcard-fqdn "*.adobe.com"
    next
    edit "g-android"
        set uuid d11bd130-9442-51e8-f1d6-b9f04b2992a0
        set wildcard-fqdn "*.android.com"
    next
    edit "g-apple"
        set uuid d11bd25c-9442-51e8-77f5-fdddbc97c911
        set wildcard-fqdn "*.apple.com"
    next
    edit "g-appstore"
        set uuid d11bd37e-9442-51e8-d421-368e2f49c62d
        set wildcard-fqdn "*.appstore.com"
    next
    edit "g-auth.gfx.ms"
        set uuid d11bd4aa-9442-51e8-8e95-f0d533dcbe27
        set wildcard-fqdn "*.auth.gfx.ms"
    next
    edit "g-autoupdate.opera.com"
        set uuid a78a305a-aa8f-51e9-f1fd-e56ec158ecad
        set wildcard-fqdn "*autoupdate.opera.com"
    next
    edit "g-citrix"
        set uuid d11bd5e0-9442-51e8-680b-9e1c64d904e4
        set wildcard-fqdn "*.citrixonline.com"
    next
    edit "g-dropbox.com"
        set uuid d11bd702-9442-51e8-81a6-9d3c3c2f91a8
        set wildcard-fqdn "*.dropbox.com"
    next
    edit "g-eease"
        set uuid d11bd82e-9442-51e8-f738-3d0674a08a92
        set wildcard-fqdn "*.eease.com"
    next
    edit "g-firefox update server"
        set uuid d11bd95a-9442-51e8-02ea-cdfe8a0b104f
        set wildcard-fqdn "aus*.mozilla.org"
    next
    edit "g-fortinet"
        set uuid d11bda86-9442-51e8-1a02-7835b606fef5
        set wildcard-fqdn "*.fortinet.com"
    next
    edit "g-google-drive"
        set uuid d11bdcfc-9442-51e8-08d4-e585c0cc339d
        set wildcard-fqdn "*drive.google.com"
    next
    edit "g-google-play"
        set uuid a78a2a92-aa8f-51e9-c377-4414d7717388
        set wildcard-fqdn "*play.google.com"
    next
    edit "g-google-play2"
        set uuid d11bde28-9442-51e8-0b1d-0ae70217f1f6
        set wildcard-fqdn "*.ggpht.com"
    next
    edit "g-google-play3"
        set uuid d11bdf5e-9442-51e8-10a9-80d252a33b7c
        set wildcard-fqdn "*.books.google.com"
    next
    edit "g-googleapis.com"
        set uuid d11bdbc6-9442-51e8-5214-4f19d12eb43a
        set wildcard-fqdn "*.googleapis.com"
    next
    edit "g-icloud"
        set uuid d11be274-9442-51e8-871a-5c2d9401a7c0
        set wildcard-fqdn "*.icloud.com"
    next
    edit "g-itunes"
        set uuid d11be454-9442-51e8-26f7-46baa33c6e3c
        set wildcard-fqdn "*itunes.apple.com"
    next
    edit "g-live.com"
        set uuid d11bef12-9442-51e8-e3cc-948b1d2922d8
        set wildcard-fqdn "*.live.com"
    next
    edit "g-microsoft"
        set uuid d11be594-9442-51e8-86cd-cf421e76ee9b
        set wildcard-fqdn "*.microsoft.com"
    next
    edit "g-skype"
        set uuid d11bea08-9442-51e8-157c-4af75a9b547e
        set wildcard-fqdn "*.messenger.live.com"
    next
    edit "g-softwareupdate.vmware.com"
        set uuid d11beb70-9442-51e8-3c3d-70222b25db21
        set wildcard-fqdn "*.softwareupdate.vmware.com"
    next
    edit "g-swscan.apple.com"
        set uuid a78a2e70-aa8f-51e9-5a27-37a38bcc45ce
        set wildcard-fqdn "*swscan.apple.com"
    next
    edit "g-update.microsoft.com"
        set uuid a78a2c86-aa8f-51e9-b5a8-c61cfc18b2e3
        set wildcard-fqdn "*update.microsoft.com"
    next
    edit "g-verisign"
        set uuid d11beca6-9442-51e8-0ddf-d23bd3acdb10
        set wildcard-fqdn "*.verisign.com"
    next
    edit "*.live.com"
        set uuid d1799c5c-9442-51e8-632c-e22c4df52cf3
        set wildcard-fqdn "*.live.com"
    next
end
config firewall service category
    edit "General"
        set comment "General services."
    next
    edit "Web Access"
        set comment "Web access."
    next
    edit "File Access"
        set comment "File access."
    next
    edit "Email"
        set comment "Email services."
    next
    edit "Network Services"
        set comment "Network services."
    next
    edit "Authentication"
        set comment "Authentication service."
    next
    edit "Remote Access"
        set comment "Remote access."
    next
    edit "Tunneling"
        set comment "Tunneling service."
    next
    edit "VoIP, Messaging & Other Applications"
        set comment "VoIP, messaging, and other applications."
    next
    edit "Web Proxy"
        set comment "Explicit web proxy."
    next
end
config firewall service custom
    edit "DNS"
        set category "Network Services"
        set tcp-portrange 53
        set udp-portrange 53
    next
    edit "HTTP"
        set category "Web Access"
        set tcp-portrange 80
    next
    edit "HTTPS"
        set category "Web Access"
        set tcp-portrange 443
    next
    edit "IMAP"
        set category "Email"
        set tcp-portrange 143
    next
    edit "IMAPS"
        set category "Email"
        set tcp-portrange 993
    next
    edit "LDAP"
        set category "Authentication"
        set tcp-portrange 389
    next
    edit "DCE-RPC"
        set category "Remote Access"
        set tcp-portrange 135
        set udp-portrange 135
    next
    edit "POP3"
        set category "Email"
        set tcp-portrange 110
    next
    edit "POP3S"
        set category "Email"
        set tcp-portrange 995
    next
    edit "SAMBA"
        set category "File Access"
        set tcp-portrange 139
    next
    edit "SMTP"
        set category "Email"
        set tcp-portrange 25
    next
    edit "SMTPS"
        set category "Email"
        set tcp-portrange 465
    next
    edit "KERBEROS"
        set category "Authentication"
        set tcp-portrange 88 464
        set udp-portrange 88 464
    next
    edit "LDAP_UDP"
        set category "Authentication"
        set udp-portrange 389
    next
    edit "SMB"
        set category "File Access"
        set tcp-portrange 445
    next
    edit "ALL"
        set category "General"
        set protocol IP
    next
    edit "ALL_TCP"
        set category "General"
        set tcp-portrange 1-65535
    next
    edit "ALL_UDP"
        set category "General"
        set udp-portrange 1-65535
    next
    edit "ALL_ICMP"
        set category "General"
        set protocol ICMP
        unset icmptype
    next
    edit "ALL_ICMP6"
        set category "General"
        set protocol ICMP6
        unset icmptype
    next
    edit "GRE"
        set category "Tunneling"
        set protocol IP
        set protocol-number 47
    next
    edit "AH"
        set category "Tunneling"
        set protocol IP
        set protocol-number 51
    next
    edit "ESP"
        set category "Tunneling"
        set protocol IP
        set protocol-number 50
    next
    edit "AOL"
        set visibility disable
        set tcp-portrange 5190-5194
    next
    edit "BGP"
        set category "Network Services"
        set tcp-portrange 179
    next
    edit "DHCP"
        set category "Network Services"
        set udp-portrange 67-68
    next
    edit "FINGER"
        set visibility disable
        set tcp-portrange 79
    next
    edit "FTP"
        set category "File Access"
        set tcp-portrange 21
    next
    edit "FTP_GET"
        set category "File Access"
        set tcp-portrange 21
    next
    edit "FTP_PUT"
        set category "File Access"
        set tcp-portrange 21
    next
    edit "GOPHER"
        set visibility disable
        set tcp-portrange 70
    next
    edit "H323"
        set category "VoIP, Messaging & Other Applications"
        set tcp-portrange 1720 1503
        set udp-portrange 1719
    next
    edit "IKE"
        set category "Tunneling"
        set udp-portrange 500 4500
    next
    edit "Internet-Locator-Service"
        set visibility disable
        set tcp-portrange 389
    next
    edit "IRC"
        set category "VoIP, Messaging & Other Applications"
        set tcp-portrange 6660-6669
    next
    edit "L2TP"
        set category "Tunneling"
        set tcp-portrange 1701
        set udp-portrange 1701
    next
    edit "NetMeeting"
        set visibility disable
        set tcp-portrange 1720
    next
    edit "NFS"
        set category "File Access"
        set tcp-portrange 111 2049
        set udp-portrange 111 2049
    next
    edit "NNTP"
        set visibility disable
        set tcp-portrange 119
    next
    edit "NTP"
        set category "Network Services"
        set tcp-portrange 123
        set udp-portrange 123
    next
    edit "OSPF"
        set category "Network Services"
        set protocol IP
        set protocol-number 89
    next
    edit "PC-Anywhere"
        set category "Remote Access"
        set tcp-portrange 5631
        set udp-portrange 5632
    next
    edit "PING"
        set category "Network Services"
        set protocol ICMP
        set icmptype 8
        unset icmpcode
    next
    edit "TIMESTAMP"
        set protocol ICMP
        set visibility disable
        set icmptype 13
        unset icmpcode
    next
    edit "INFO_REQUEST"
        set protocol ICMP
        set visibility disable
        set icmptype 15
        unset icmpcode
    next
    edit "INFO_ADDRESS"
        set protocol ICMP
        set visibility disable
        set icmptype 17
        unset icmpcode
    next
    edit "ONC-RPC"
        set category "Remote Access"
        set tcp-portrange 111
        set udp-portrange 111
    next
    edit "PPTP"
        set category "Tunneling"
        set tcp-portrange 1723
    next
    edit "QUAKE"
        set visibility disable
        set udp-portrange 26000 27000 27910 27960
    next
    edit "RAUDIO"
        set visibility disable
        set udp-portrange 7070
    next
    edit "REXEC"
        set visibility disable
        set tcp-portrange 512
    next
    edit "RIP"
        set category "Network Services"
        set udp-portrange 520
    next
    edit "RLOGIN"
        set visibility disable
        set tcp-portrange 513:512-1023
    next
    edit "RSH"
        set visibility disable
        set tcp-portrange 514:512-1023
    next
    edit "SCCP"
        set category "VoIP, Messaging & Other Applications"
        set tcp-portrange 2000
    next
    edit "SIP"
        set category "VoIP, Messaging & Other Applications"
        set tcp-portrange 5060
        set udp-portrange 5060
    next
    edit "SIP-MSNmessenger"
        set category "VoIP, Messaging & Other Applications"
        set tcp-portrange 1863
    next
    edit "SNMP"
        set category "Network Services"
        set tcp-portrange 161-162
        set udp-portrange 161-162
    next
    edit "SSH"
        set category "Remote Access"
        set tcp-portrange 22
    next
    edit "SYSLOG"
        set category "Network Services"
        set udp-portrange 514
    next
    edit "TALK"
        set visibility disable
        set udp-portrange 517-518
    next
    edit "TELNET"
        set category "Remote Access"
        set tcp-portrange 23
    next
    edit "TFTP"
        set category "File Access"
        set udp-portrange 69
    next
    edit "MGCP"
        set visibility disable
        set udp-portrange 2427 2727
    next
    edit "UUCP"
        set visibility disable
        set tcp-portrange 540
    next
    edit "VDOLIVE"
        set visibility disable
        set tcp-portrange 7000-7010
    next
    edit "WAIS"
        set visibility disable
        set tcp-portrange 210
    next
    edit "WINFRAME"
        set visibility disable
        set tcp-portrange 1494 2598
    next
    edit "X-WINDOWS"
        set category "Remote Access"
        set tcp-portrange 6000-6063
    next
    edit "PING6"
        set protocol ICMP6
        set visibility disable
        set icmptype 128
        unset icmpcode
    next
    edit "MS-SQL"
        set category "VoIP, Messaging & Other Applications"
        set tcp-portrange 1433 1434
    next
    edit "MYSQL"
        set category "VoIP, Messaging & Other Applications"
        set tcp-portrange 3306
    next
    edit "RDP"
        set category "Remote Access"
        set tcp-portrange 3389
    next
    edit "VNC"
        set category "Remote Access"
        set tcp-portrange 5900
    next
    edit "DHCP6"
        set category "Network Services"
        set udp-portrange 546 547
    next
    edit "SQUID"
        set category "Tunneling"
        set tcp-portrange 3128
    next
    edit "SOCKS"
        set category "Tunneling"
        set tcp-portrange 1080
        set udp-portrange 1080
    next
    edit "WINS"
        set category "Remote Access"
        set tcp-portrange 1512
        set udp-portrange 1512
    next
    edit "RADIUS"
        set category "Authentication"
        set udp-portrange 1812 1813
    next
    edit "RADIUS-OLD"
        set visibility disable
        set udp-portrange 1645 1646
    next
    edit "CVSPSERVER"
        set visibility disable
        set tcp-portrange 2401
        set udp-portrange 2401
    next
    edit "AFS3"
        set category "File Access"
        set tcp-portrange 7000-7009
        set udp-portrange 7000-7009
    next
    edit "TRACEROUTE"
        set category "Network Services"
        set udp-portrange 33434-33535
    next
    edit "RTSP"
        set category "VoIP, Messaging & Other Applications"
        set tcp-portrange 554 7070 8554
        set udp-portrange 554
    next
    edit "MMS"
        set visibility disable
        set tcp-portrange 1755
        set udp-portrange 1024-5000
    next
    edit "NONE"
        set visibility disable
        set tcp-portrange 0
    next
    edit "webproxy"
        set proxy enable
        set category "Web Proxy"
        set protocol ALL
        set tcp-portrange 0-65535:0-65535
    next
end
config firewall service group
    edit "Email Access"
        set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
    next
    edit "Web Access"
        set member "DNS" "HTTP" "HTTPS"
    next
    edit "Windows AD"
        set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
    next
    edit "Exchange Server"
        set member "DCE-RPC" "DNS" "HTTPS"
    next
end
config vpn certificate ca
    edit "CA_Cert_1"
        set range global
    next
end
config vpn certificate local
    edit "Fortinet_CA_SSL"
        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
        set range global
        set source factory
    next
    edit "Fortinet_CA_Untrusted"
        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
        set range global
        set source factory
    next
    edit "Fortinet_SSL"
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
    edit "Fortinet_SSL_RSA1024"
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
    edit "Fortinet_SSL_RSA2048"
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
    edit "Fortinet_SSL_RSA4096"
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
    edit "Fortinet_SSL_DSA1024"
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
    edit "Fortinet_SSL_DSA2048"
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
    edit "Fortinet_SSL_ECDSA256"
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
    edit "Fortinet_SSL_ECDSA384"
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
    edit "Fortinet_SSL_ECDSA521"
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
    edit "Fortinet_SSL_ED25519"
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
    edit "Fortinet_SSL_ED448"
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
    edit "Fortinet_CA_SSLProxy"
        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
        set range global
    next
    edit "Fortinet_SSLProxy"
        set range global
    next
    edit "certificate-fortidemo"
        set range global
    next
    edit "fortidemo"
        set range global
    next
    edit "fortidemo2020"
        set range global
    next
end
config webfilter ftgd-local-cat
    edit "custom1"
        set id 140
    next
    edit "custom2"
        set id 141
    next
end
config ips sensor
    edit "g-default"
        set comment "Prevent critical attacks."
        config entries
            edit 1
                set severity medium high critical 
            next
        end
    next
    edit "g-sniffer-profile"
        set comment "Monitor IPS attacks."
        config entries
            edit 1
                set severity medium high critical 
            next
        end
    next
    edit "g-wifi-default"
        set comment "Default configuration for offloading WiFi traffic."
        config entries
            edit 1
                set severity medium high critical 
            next
        end
    next
    edit "all_default"
        set comment "All predefined signatures with default setting."
        config entries
            edit 1
            next
        end
    next
    edit "all_default_pass"
        set comment "All predefined signatures with PASS action."
        config entries
            edit 1
                set action pass
            next
        end
    next
    edit "protect_client"
        set comment "Protect against client-side vulnerabilities."
        config entries
            edit 1
                set location client 
            next
        end
    next
    edit "protect_email_server"
        set comment "Protect against email server-side vulnerabilities."
        config entries
            edit 1
                set location server 
                set protocol SMTP POP3 IMAP 
            next
        end
    next
    edit "protect_http_server"
        set comment "Protect against HTTP server-side vulnerabilities."
        config entries
            edit 1
                set location server 
                set protocol HTTP 
            next
        end
    next
    edit "sniffer-profile"
        set comment "Monitor IPS attacks."
        config entries
            edit 1
                set severity high critical 
            next
        end
    next
end
config firewall shaper traffic-shaper
    edit "high-priority"
        set maximum-bandwidth 1048576
        set per-policy enable
    next
    edit "medium-priority"
        set maximum-bandwidth 1048576
        set priority medium
        set per-policy enable
    next
    edit "low-priority"
        set maximum-bandwidth 1048576
        set priority low
        set per-policy enable
    next
    edit "guarantee-100kbps"
        set guaranteed-bandwidth 100
        set maximum-bandwidth 1048576
        set per-policy enable
    next
    edit "shared-1M-pipe"
        set maximum-bandwidth 1024
    next
end
config web-proxy global
    set proxy-fqdn "default.fqdn"
end
config web-proxy explicit
    set status enable
    set http-incoming-port 8888
end
config application list
    edit "g-default"
        set comment "Monitor all applications."
        config entries
            edit 1
                set action pass
            next
        end
    next
    edit "g-sniffer-profile"
        set comment "Monitor all applications."
        unset options
        config entries
            edit 1
                set action pass
            next
        end
    next
    edit "g-wifi-default"
        set comment "Default configuration for offloading WiFi traffic."
        set deep-app-inspection disable
        config entries
            edit 1
                set category 2 3 5 6 7 8 12 15 17 21 22 23 25 26 28 30 31
                set action pass
                set log disable
            next
        end
    next
    edit "block-high-risk"
        config entries
            edit 1
                set category 2 6
            next
            edit 2
                set action pass
            next
        end
    next
    edit "block-p2p"
        config entries
            edit 1
                set category 2
            next
        end
    next
    edit "monitor-p2p-and-media"
        config entries
            edit 1
                set category 2
                set action pass
            next
            edit 2
                set category 5
                set action pass
            next
        end
    next
end
config dlp filepattern
    edit 1
        set name "builtin-patterns"
        config entries
            edit "*.bat"
            next
            edit "*.com"
            next
            edit "*.dll"
            next
            edit "*.doc"
            next
            edit "*.exe"
            next
            edit "*.gz"
            next
            edit "*.hta"
            next
            edit "*.ppt"
            next
            edit "*.rar"
            next
            edit "*.scr"
            next
            edit "*.tar"
            next
            edit "*.tgz"
            next
            edit "*.vb?"
            next
            edit "*.wps"
            next
            edit "*.xl?"
            next
            edit "*.zip"
            next
            edit "*.pif"
            next
            edit "*.cpl"
            next
        end
    next
    edit 2
        set name "all_executables"
        config entries
            edit "bat"
                set filter-type type
                set file-type bat
            next
            edit "exe"
                set filter-type type
                set file-type exe
            next
            edit "elf"
                set filter-type type
                set file-type elf
            next
            edit "hta"
                set filter-type type
                set file-type hta
            next
        end
    next
end
config dlp sensitivity
    edit "Private"
    next
    edit "Critical"
    next
    edit "Warning"
    next
end
config dlp sensor
    edit "g-default"
        set comment "Default sensor."
    next
    edit "g-sniffer-profile"
        set comment "Log a summary of email and web traffic."
        set summary-proto smtp pop3 imap http-get http-post
    next
    edit "default"
        set comment "Log a summary of email and web traffic."
        set summary-proto smtp pop3 imap http-get http-post
    next
end
config webfilter ips-urlfilter-setting
end
config webfilter ips-urlfilter-setting6
end
config log threat-weight
    config web
        edit 1
            set category 26
            set level high
        next
        edit 2
            set category 61
            set level high
        next
        edit 3
            set category 86
            set level high
        next
        edit 4
            set category 1
            set level medium
        next
        edit 5
            set category 3
            set level medium
        next
        edit 6
            set category 4
            set level medium
        next
        edit 7
            set category 5
            set level medium
        next
        edit 8
            set category 6
            set level medium
        next
        edit 9
            set category 12
            set level medium
        next
        edit 10
            set category 59
            set level medium
        next
        edit 11
            set category 62
            set level medium
        next
        edit 12
            set category 83
            set level medium
        next
        edit 13
            set category 72
        next
        edit 14
            set category 14
        next
    end
    config application
        edit 1
            set category 2
        next
        edit 2
            set category 6
            set level medium
        next
    end
end
config icap profile
    edit "default"
    next
end
config user radius
    edit "FAC RADIUS"
        set server "172.30.72.231"
        set secret ENC XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        set secondary-server "172.30.72.232"
        set secondary-secret ENC XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    next
end
config user ldap
    edit "ad-fortidemo"
        set server "10.88.210.100"
        set cnid "sAMAccountName"
        set dn "dc=corp,dc=fortidemo,dc=com"
        set type regular
        set username "administrator@corp.fortidemo.com"
        set password ENC XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    next
end
config user fortitoken
    edit "FTKMOB5C94FE73B4"
        set license "FTMTRIAL00674734"
    next
    edit "FTKMOB5CC0DB3E44"
        set license "FTMTRIAL00674734"
    next
end
config user local
    edit "guest"
        set type password
        set passwd ENC XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    next
    edit "timbo"
        set type password
        set passwd-time 2019-11-14 07:38:19
        set passwd ENC XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    next
    edit "hridding"
        set type ldap
        set ldap-server "ad-fortidemo"
    next
    edit "mpoppins"
        set type ldap
        set ldap-server "ad-fortidemo"
    next
end
config user setting
    set auth-cert "Fortinet_Factory"
end
config user quarantine
    set quarantine disable
end
config user group
    edit "SSO_Guest_Users"
    next
    edit "Guest-group"
        set member "guest"
    next
    edit "demo-admins"
        set member "FAC RADIUS"
    next
end
config vpn ssl web host-check-software
    edit "FortiClient-AV"
        set guid "1A0271D5-3D4F-46DB-0C2C-AB37BA90D9F7"
    next
    edit "FortiClient-FW"
        set type fw
        set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
    next
    edit "FortiClient-AV-Vista"
        set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
    next
    edit "FortiClient-FW-Vista"
        set type fw
        set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
    next
    edit "FortiClient-AV-Win7"
        set guid "71629DC5-BE6F-CCD3-C5A5-014980643264"
    next
    edit "AVG-Internet-Security-AV"
        set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
    next
    edit "AVG-Internet-Security-FW"
        set type fw
        set guid "8DECF618-9569-4340-B34A-D78D28969B66"
    next
    edit "AVG-Internet-Security-AV-Vista-Win7"
        set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
    next
    edit "AVG-Internet-Security-FW-Vista-Win7"
        set type fw
        set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
    next
    edit "CA-Anti-Virus"
        set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
    next
    edit "CA-Internet-Security-AV"
        set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
    next
    edit "CA-Internet-Security-FW"
        set type fw
        set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
    next
    edit "CA-Internet-Security-AV-Vista-Win7"
        set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
    next
    edit "CA-Internet-Security-FW-Vista-Win7"
        set type fw
        set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
    next
    edit "CA-Personal-Firewall"
        set type fw
        set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
    next
    edit "F-Secure-Internet-Security-AV"
        set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
    next
    edit "F-Secure-Internet-Security-FW"
        set type fw
        set guid "D4747503-0346-49EB-9262-997542F79BF4"
    next
    edit "F-Secure-Internet-Security-AV-Vista-Win7"
        set guid "15414183-282E-D62C-CA37-EF24860A2F17"
    next
    edit "F-Secure-Internet-Security-FW-Vista-Win7"
        set type fw
        set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
    next
    edit "Kaspersky-AV"
        set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
    next
    edit "Kaspersky-FW"
        set type fw
        set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
    next
    edit "Kaspersky-AV-Vista-Win7"
        set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
    next
    edit "Kaspersky-FW-Vista-Win7"
        set type fw
        set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
    next
    edit "McAfee-Internet-Security-Suite-AV"
        set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
    next
    edit "McAfee-Internet-Security-Suite-FW"
        set type fw
        set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
    next
    edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
        set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
    next
    edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
        set type fw
        set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
    next
    edit "McAfee-Virus-Scan-Enterprise"
        set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
    next
    edit "Norton-360-2.0-AV"
        set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
    next
    edit "Norton-360-2.0-FW"
        set type fw
        set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
    next
    edit "Norton-360-3.0-AV"
        set guid "E10A9785-9598-4754-B552-92431C1C35F8"
    next
    edit "Norton-360-3.0-FW"
        set type fw
        set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
    next
    edit "Norton-Internet-Security-AV"
        set guid "E10A9785-9598-4754-B552-92431C1C35F8"
    next
    edit "Norton-Internet-Security-FW"
        set type fw
        set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
    next
    edit "Norton-Internet-Security-AV-Vista-Win7"
        set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
    next
    edit "Norton-Internet-Security-FW-Vista-Win7"
        set type fw
        set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
    next
    edit "Symantec-Endpoint-Protection-AV"
        set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
    next
    edit "Symantec-Endpoint-Protection-FW"
        set type fw
        set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
    next
    edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
        set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
    next
    edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
        set type fw
        set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
    next
    edit "Panda-Antivirus+Firewall-2008-AV"
        set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
    next
    edit "Panda-Antivirus+Firewall-2008-FW"
        set type fw
        set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
    next
    edit "Panda-Internet-Security-AV"
        set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
    next
    edit "Panda-Internet-Security-2006~2007-FW"
        set type fw
        set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
    next
    edit "Panda-Internet-Security-2008~2009-FW"
        set type fw
        set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
    next
    edit "Sophos-Anti-Virus"
        set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
    next
    edit "Sophos-Enpoint-Secuirty-and-Control-FW"
        set type fw
        set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
    next
    edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
        set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
    next
    edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
        set type fw
        set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
    next
    edit "Trend-Micro-AV"
        set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
    next
    edit "Trend-Micro-FW"
        set type fw
        set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
    next
    edit "Trend-Micro-AV-Vista-Win7"
        set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
    next
    edit "Trend-Micro-FW-Vista-Win7"
        set type fw
        set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
    next
    edit "ZoneAlarm-AV"
        set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
    next
    edit "ZoneAlarm-FW"
        set type fw
        set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
    next
    edit "ZoneAlarm-AV-Vista-Win7"
        set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
    next
    edit "ZoneAlarm-FW-Vista-Win7"
        set type fw
        set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
    next
    edit "ESET-Smart-Security-AV"
        set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
    next
    edit "ESET-Smart-Security-FW"
        set type fw
        set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
    next
    edit "FortiClient-AV-Vista-Win7"
        set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
    next
    edit "FortiClient-FW-Vista-Win7"
        set type fw
        set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
    next
    edit "FortiClient5-AV"
        set guid "5EEDDB8C-C27A-6714-3657-DBD811D1F1B7"
    next
end
config vpn ssl web portal
    edit "full-access"
        set tunnel-mode enable
        set ipv6-tunnel-mode enable
        set web-mode enable
        set ip-pools "SSLVPN_TUNNEL_ADDR1"
        set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
    next
    edit "web-access"
        set web-mode enable
    next
    edit "tunnel-access"
        set tunnel-mode enable
        set ipv6-tunnel-mode enable
        set ip-pools "SSLVPN_TUNNEL_ADDR1"
        set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
    next
end
config vpn ssl settings
    set ssl-min-proto-ver tls1-1
    set servercert "certificate-fortidemo"
    set tunnel-ip-pools "SSLVPN_TUNNEL_ADDR1"
    set tunnel-ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
    set port 4430
    set source-interface "any"
    set source-address "all"
    set source-address6 "all"
    set default-portal "full-access"
    config authentication-rule
        edit 1
            set users "guest"
            set portal "full-access"
        next
    end
end
config voip profile
    edit "default"
        set comment "Default VoIP profile."
        config sip
            set strict-register disable
        end
    next
    edit "strict"
        config sip
            set strict-register disable
            set malformed-request-line discard
            set malformed-header-via discard
            set malformed-header-from discard
            set malformed-header-to discard
            set malformed-header-call-id discard
            set malformed-header-cseq discard
            set malformed-header-rack discard
            set malformed-header-rseq discard
            set malformed-header-contact discard
            set malformed-header-record-route discard
            set malformed-header-route discard
            set malformed-header-expires discard
            set malformed-header-content-type discard
            set malformed-header-content-length discard
            set malformed-header-max-forwards discard
            set malformed-header-allow discard
            set malformed-header-p-asserted-identity discard
            set malformed-header-sdp-v discard
            set malformed-header-sdp-o discard
            set malformed-header-sdp-s discard
            set malformed-header-sdp-i discard
            set malformed-header-sdp-c discard
            set malformed-header-sdp-b discard
            set malformed-header-sdp-z discard
            set malformed-header-sdp-k discard
            set malformed-header-sdp-a discard
            set malformed-header-sdp-t discard
            set malformed-header-sdp-r discard
            set malformed-header-sdp-m discard
        end
    next
end
config dnsfilter profile
    edit "default"
        set comment "Default dns filtering."
        config ftgd-dns
            config filters
                edit 1
                    set category 2
                next
                edit 2
                    set category 7
                next
                edit 3
                    set category 8
                next
                edit 4
                    set category 9
                next
                edit 5
                    set category 11
                next
                edit 6
                    set category 12
                next
                edit 7
                    set category 13
                next
                edit 8
                    set category 14
                next
                edit 9
                    set category 15
                next
                edit 10
                    set category 16
                next
                edit 11
                next
                edit 12
                    set category 57
                next
                edit 13
                    set category 63
                next
                edit 14
                    set category 64
                next
                edit 15
                    set category 65
                next
                edit 16
                    set category 66
                next
                edit 17
                    set category 67
                next
                edit 18
                    set category 26
                    set action block
                next
                edit 19
                    set category 61
                    set action block
                next
                edit 20
                    set category 86
                    set action block
                next
                edit 21
                    set category 88
                    set action block
                next
                edit 22
                    set category 90
                next
                edit 23
                    set category 91
                next
            end
        end
        set block-botnet enable
    next
end
config antivirus settings
    set grayware enable
end
config antivirus profile
    edit "g-default"
        set comment "Scan files and block viruses."
        config http
            set options scan
        end
        config ftp
            set options scan
        end
        config imap
            set options scan
            set executables virus
        end
        config pop3
            set options scan
            set executables virus
        end
        config smtp
            set options scan
            set executables virus
        end
    next
    edit "g-sniffer-profile"
        set comment "Scan files and monitor viruses."
        config http
            set options scan
        end
        config ftp
            set options scan
        end
        config imap
            set options scan
            set executables virus
        end
        config pop3
            set options scan
            set executables virus
        end
        config smtp
            set options scan
            set executables virus
        end
    next
    edit "g-wifi-default"
        set comment "Default configuration for offloading WiFi traffic."
        config http
            set options scan
        end
        config ftp
            set options scan
        end
        config imap
            set options scan
            set executables virus
        end
        config pop3
            set options scan
            set executables virus
        end
        config smtp
            set options scan
            set executables virus
        end
    next
    edit "default"
        set comment "Scan files and block viruses."
        config http
            set options scan
        end
        config ftp
            set options scan
        end
        config imap
            set options scan
        end
        config pop3
            set options scan
        end
        config smtp
            set options scan
        end
    next
end
config webfilter profile
    edit "g-default"
        set comment "Default web filtering."
        config ftgd-wf
            unset options
            config filters
                edit 1
                    set category 2
                    set action block
                next
                edit 2
                    set category 7
                    set action block
                next
                edit 3
                    set category 8
                    set action block
                next
                edit 4
                    set category 9
                    set action block
                next
                edit 5
                    set category 11
                    set action block
                next
                edit 6
                    set category 12
                    set action block
                next
                edit 7
                    set category 13
                    set action block
                next
                edit 8
                    set category 14
                    set action block
                next
                edit 9
                    set category 15
                    set action block
                next
                edit 10
                    set category 16
                    set action block
                next
                edit 11
                    set action block
                next
                edit 12
                    set category 57
                    set action block
                next
                edit 13
                    set category 63
                    set action block
                next
                edit 14
                    set category 64
                    set action block
                next
                edit 15
                    set category 65
                    set action block
                next
                edit 16
                    set category 66
                    set action block
                next
                edit 17
                    set category 67
                    set action block
                next
                edit 18
                    set category 26
                    set action block
                next
                edit 19
                    set category 61
                    set action block
                next
                edit 20
                    set category 86
                    set action block
                next
                edit 21
                    set category 88
                    set action block
                next
                edit 22
                    set category 90
                    set action block
                next
                edit 23
                    set category 91
                    set action block
                next
            end
        end
    next
    edit "g-sniffer-profile"
        set comment "Monitor web traffic."
        config ftgd-wf
            config filters
                edit 1
                next
                edit 2
                    set category 1
                next
                edit 3
                    set category 2
                next
                edit 4
                    set category 3
                next
                edit 5
                    set category 4
                next
                edit 6
                    set category 5
                next
                edit 7
                    set category 6
                next
                edit 8
                    set category 7
                next
                edit 9
                    set category 8
                next
                edit 10
                    set category 9
                next
                edit 11
                    set category 11
                next
                edit 12
                    set category 12
                next
                edit 13
                    set category 13
                next
                edit 14
                    set category 14
                next
                edit 15
                    set category 15
                next
                edit 16
                    set category 16
                next
                edit 17
                    set category 17
                next
                edit 18
                    set category 18
                next
                edit 19
                    set category 19
                next
                edit 20
                    set category 20
                next
                edit 21
                    set category 23
                next
                edit 22
                    set category 24
                next
                edit 23
                    set category 25
                next
                edit 24
                    set category 26
                next
                edit 25
                    set category 28
                next
                edit 26
                    set category 29
                next
                edit 27
                    set category 30
                next
                edit 28
                    set category 31
                next
                edit 29
                    set category 33
                next
                edit 30
                    set category 34
                next
                edit 31
                    set category 35
                next
                edit 32
                    set category 36
                next
                edit 33
                    set category 37
                next
                edit 34
                    set category 38
                next
                edit 35
                    set category 39
                next
                edit 36
                    set category 40
                next
                edit 37
                    set category 41
                next
                edit 38
                    set category 42
                next
                edit 39
                    set category 43
                next
                edit 40
                    set category 44
                next
                edit 41
                    set category 46
                next
                edit 42
                    set category 47
                next
                edit 43
                    set category 48
                next
                edit 44
                    set category 49
                next
                edit 45
                    set category 50
                next
                edit 46
                    set category 51
                next
                edit 47
                    set category 52
                next
                edit 48
                    set category 53
                next
                edit 49
                    set category 54
                next
                edit 50
                    set category 55
                next
                edit 51
                    set category 56
                next
                edit 52
                    set category 57
                next
                edit 53
                    set category 58
                next
                edit 54
                    set category 59
                next
                edit 55
                    set category 61
                next
                edit 56
                    set category 62
                next
                edit 57
                    set category 63
                next
                edit 58
                    set category 64
                next
                edit 59
                    set category 65
                next
                edit 60
                    set category 66
                next
                edit 61
                    set category 67
                next
                edit 62
                    set category 68
                next
                edit 63
                    set category 69
                next
                edit 64
                    set category 70
                next
                edit 65
                    set category 71
                next
                edit 66
                    set category 72
                next
                edit 67
                    set category 75
                next
                edit 68
                    set category 76
                next
                edit 69
                    set category 77
                next
                edit 70
                    set category 78
                next
                edit 71
                    set category 79
                next
                edit 72
                    set category 80
                next
                edit 73
                    set category 81
                next
                edit 74
                    set category 82
                next
                edit 75
                    set category 83
                next
                edit 76
                    set category 84
                next
                edit 77
                    set category 85
                next
                edit 78
                    set category 86
                next
                edit 79
                    set category 87
                next
                edit 80
                    set category 88
                next
                edit 81
                    set category 89
                next
                edit 82
                    set category 90
                next
                edit 83
                    set category 91
                next
                edit 84
                    set category 92
                next
                edit 85
                    set category 93
                next
                edit 86
                    set category 94
                next
                edit 87
                    set category 95
                next
            end
        end
    next
    edit "g-wifi-default"
        set comment "Default configuration for offloading WiFi traffic."
        set options block-invalid-url
        set post-action block
        config ftgd-wf
            unset options
            config filters
                edit 1
                next
                edit 2
                    set category 2
                    set action block
                next
                edit 3
                    set category 7
                    set action block
                next
                edit 4
                    set category 8
                    set action block
                next
                edit 5
                    set category 9
                    set action block
                next
                edit 6
                    set category 11
                    set action block
                next
                edit 7
                    set category 13
                    set action block
                next
                edit 8
                    set category 14
                    set action block
                next
                edit 9
                    set category 15
                    set action block
                next
                edit 10
                    set category 16
                    set action block
                next
                edit 11
                    set category 26
                    set action block
                next
                edit 12
                    set category 57
                    set action block
                next
                edit 13
                    set category 61
                    set action block
                next
                edit 14
                    set category 63
                    set action block
                next
                edit 15
                    set category 64
                    set action block
                next
                edit 16
                    set category 65
                    set action block
                next
                edit 17
                    set category 66
                    set action block
                next
                edit 18
                    set category 67
                    set action block
                next
                edit 19
                    set category 86
                    set action block
                next
                edit 20
                    set category 88
                    set action block
                next
                edit 21
                    set category 90
                    set action block
                next
                edit 22
                    set category 91
                    set action block
                next
            end
        end
    next
    edit "block-security-risks"
        set comment "Block security risks."
        config ftgd-wf
            set options rate-server-ip
            config filters
                edit 1
                    set category 26
                    set action block
                next
                edit 2
                    set category 61
                    set action block
                next
                edit 3
                    set category 86
                    set action block
                next
                edit 4
                    set action warning
                next
                edit 5
                    set category 90
                    set action warning
                next
                edit 6
                    set category 91
                    set action warning
                next
            end
        end
    next
    edit "default"
        set comment "Default web filtering."
        config ftgd-wf
            config filters
                edit 1
                    set category 2
                    set action warning
                next
                edit 2
                    set category 7
                    set action warning
                next
                edit 3
                    set category 8
                    set action warning
                next
                edit 4
                    set category 9
                    set action warning
                next
                edit 5
                    set category 11
                    set action warning
                next
                edit 6
                    set category 12
                    set action warning
                next
                edit 7
                    set category 13
                    set action warning
                next
                edit 8
                    set category 14
                    set action warning
                next
                edit 9
                    set category 15
                    set action warning
                next
                edit 10
                    set category 16
                    set action warning
                next
                edit 11
                    set action warning
                next
                edit 12
                    set category 57
                    set action warning
                next
                edit 13
                    set category 63
                    set action warning
                next
                edit 14
                    set category 64
                    set action warning
                next
                edit 15
                    set category 65
                    set action warning
                next
                edit 16
                    set category 66
                    set action warning
                next
                edit 17
                    set category 67
                    set action warning
                next
                edit 18
                    set category 26
                    set action block
                next
                edit 19
                    set category 90
                    set action warning
                next
                edit 20
                    set category 91
                    set action warning
                next
            end
        end
    next
    edit "flow-monitor-all"
        set comment "Monitor and log all visited URLs, flow-based."
        config ftgd-wf
            unset options
            config filters
                edit 1
                    set category 1
                next
                edit 2
                    set category 3
                next
                edit 3
                    set category 4
                next
                edit 4
                    set category 5
                next
                edit 5
                    set category 6
                next
                edit 6
                    set category 12
                next
                edit 7
                    set category 59
                next
                edit 8
                    set category 62
                next
                edit 9
                    set category 83
                next
                edit 10
                    set category 2
                next
                edit 11
                    set category 7
                next
                edit 12
                    set category 8
                next
                edit 13
                    set category 9
                next
                edit 14
                    set category 11
                next
                edit 15
                    set category 13
                next
                edit 16
                    set category 14
                next
                edit 17
                    set category 15
                next
                edit 18
                    set category 16
                next
                edit 19
                    set category 57
                next
                edit 20
                    set category 63
                next
                edit 21
                    set category 64
                next
                edit 22
                    set category 65
                next
                edit 23
                    set category 66
                next
                edit 24
                    set category 67
                next
                edit 25
                    set category 19
                next
                edit 26
                    set category 24
                next
                edit 27
                    set category 25
                next
                edit 28
                    set category 72
                next
                edit 29
                    set category 75
                next
                edit 30
                    set category 76
                next
                edit 31
                    set category 26
                next
                edit 32
                    set category 61
                next
                edit 33
                    set category 86
                next
                edit 34
                    set category 17
                next
                edit 35
                    set category 18
                next
                edit 36
                    set category 20
                next
                edit 37
                    set category 23
                next
                edit 38
                    set category 28
                next
                edit 39
                    set category 29
                next
                edit 40
                    set category 30
                next
                edit 41
                    set category 33
                next
                edit 42
                    set category 34
                next
                edit 43
                    set category 35
                next
                edit 44
                    set category 36
                next
                edit 45
                    set category 37
                next
                edit 46
                    set category 38
                next
                edit 47
                    set category 39
                next
                edit 48
                    set category 40
                next
                edit 49
                    set category 42
                next
                edit 50
                    set category 44
                next
                edit 51
                    set category 46
                next
                edit 52
                    set category 47
                next
                edit 53
                    set category 48
                next
                edit 54
                    set category 54
                next
                edit 55
                    set category 55
                next
                edit 56
                    set category 58
                next
                edit 57
                    set category 68
                next
                edit 58
                    set category 69
                next
                edit 59
                    set category 70
                next
                edit 60
                    set category 71
                next
                edit 61
                    set category 77
                next
                edit 62
                    set category 78
                next
                edit 63
                    set category 79
                next
                edit 64
                    set category 80
                next
                edit 65
                    set category 82
                next
                edit 66
                    set category 85
                next
                edit 67
                    set category 87
                next
                edit 68
                    set category 31
                next
                edit 69
                    set category 41
                next
                edit 70
                    set category 43
                next
                edit 71
                    set category 49
                next
                edit 72
                    set category 50
                next
                edit 73
                    set category 51
                next
                edit 74
                    set category 52
                next
                edit 75
                    set category 53
                next
                edit 76
                    set category 56
                next
                edit 77
                    set category 81
                next
                edit 78
                    set category 84
                next
                edit 79
                next
                edit 80
                    set category 89
                next
                edit 81
                    set category 88
                next
                edit 82
                    set category 90
                next
                edit 83
                    set category 91
                next
                edit 84
                    set category 92
                next
                edit 85
                    set category 93
                next
                edit 86
                    set category 94
                next
                edit 87
                    set category 95
                next
            end
        end
        set log-all-url enable
        set web-content-log disable
        set web-filter-activex-log disable
        set web-filter-command-block-log disable
        set web-filter-cookie-log disable
        set web-filter-applet-log disable
        set web-filter-jscript-log disable
        set web-filter-js-log disable
        set web-filter-vbs-log disable
        set web-filter-unknown-log disable
        set web-filter-referer-log disable
        set web-filter-cookie-removal-log disable
        set web-url-log disable
        set web-invalid-domain-log disable
        set web-ftgd-err-log disable
        set web-ftgd-quota-usage disable
    next
    edit "g-default"
        set comment "Default web filtering."
        config ftgd-wf
            unset options
            config filters
                edit 1
                    set category 2
                    set action block
                next
                edit 2
                    set category 7
                    set action block
                next
                edit 3
                    set category 8
                    set action block
                next
                edit 4
                    set category 9
                    set action block
                next
                edit 5
                    set category 11
                    set action block
                next
                edit 6
                    set category 12
                    set action block
                next
                edit 7
                    set category 13
                    set action block
                next
                edit 8
                    set category 14
                    set action block
                next
                edit 9
                    set category 15
                    set action block
                next
                edit 10
                    set category 16
                    set action block
                next
                edit 11
                    set action block
                next
                edit 12
                    set category 57
                    set action block
                next
                edit 13
                    set category 63
                    set action block
                next
                edit 14
                    set category 64
                    set action block
                next
                edit 15
                    set category 65
                    set action block
                next
                edit 16
                    set category 66
                    set action block
                next
                edit 17
                    set category 67
                    set action block
                next
                edit 18
                    set category 26
                    set action block
                next
                edit 19
                    set category 61
                    set action block
                next
                edit 20
                    set category 86
                    set action block
                next
                edit 21
                    set category 88
                    set action block
                next
                edit 22
                    set category 90
                    set action block
                next
                edit 23
                    set category 91
                    set action block
                next
            end
        end
    next
    edit "monitor-all"
        set comment "Monitor and log all visited URLs, proxy-based."
        config ftgd-wf
            unset options
            config filters
                edit 1
                    set category 1
                next
                edit 2
                    set category 3
                next
                edit 3
                    set category 4
                next
                edit 4
                    set category 5
                next
                edit 5
                    set category 6
                next
                edit 6
                    set category 12
                next
                edit 7
                    set category 59
                next
                edit 8
                    set category 62
                next
                edit 9
                    set category 83
                next
                edit 10
                    set category 2
                next
                edit 11
                    set category 7
                next
                edit 12
                    set category 8
                next
                edit 13
                    set category 9
                next
                edit 14
                    set category 11
                next
                edit 15
                    set category 13
                next
                edit 16
                    set category 14
                next
                edit 17
                    set category 15
                next
                edit 18
                    set category 16
                next
                edit 19
                    set category 57
                next
                edit 20
                    set category 63
                next
                edit 21
                    set category 64
                next
                edit 22
                    set category 65
                next
                edit 23
                    set category 66
                next
                edit 24
                    set category 67
                next
                edit 25
                    set category 19
                next
                edit 26
                    set category 24
                next
                edit 27
                    set category 25
                next
                edit 28
                    set category 72
                next
                edit 29
                    set category 75
                next
                edit 30
                    set category 76
                next
                edit 31
                    set category 26
                next
                edit 32
                    set category 61
                next
                edit 33
                    set category 86
                next
                edit 34
                    set category 17
                next
                edit 35
                    set category 18
                next
                edit 36
                    set category 20
                next
                edit 37
                    set category 23
                next
                edit 38
                    set category 28
                next
                edit 39
                    set category 29
                next
                edit 40
                    set category 30
                next
                edit 41
                    set category 33
                next
                edit 42
                    set category 34
                next
                edit 43
                    set category 35
                next
                edit 44
                    set category 36
                next
                edit 45
                    set category 37
                next
                edit 46
                    set category 38
                next
                edit 47
                    set category 39
                next
                edit 48
                    set category 40
                next
                edit 49
                    set category 42
                next
                edit 50
                    set category 44
                next
                edit 51
                    set category 46
                next
                edit 52
                    set category 47
                next
                edit 53
                    set category 48
                next
                edit 54
                    set category 54
                next
                edit 55
                    set category 55
                next
                edit 56
                    set category 58
                next
                edit 57
                    set category 68
                next
                edit 58
                    set category 69
                next
                edit 59
                    set category 70
                next
                edit 60
                    set category 71
                next
                edit 61
                    set category 77
                next
                edit 62
                    set category 78
                next
                edit 63
                    set category 79
                next
                edit 64
                    set category 80
                next
                edit 65
                    set category 82
                next
                edit 66
                    set category 85
                next
                edit 67
                    set category 87
                next
                edit 68
                    set category 31
                next
                edit 69
                    set category 41
                next
                edit 70
                    set category 43
                next
                edit 71
                    set category 49
                next
                edit 72
                    set category 50
                next
                edit 73
                    set category 51
                next
                edit 74
                    set category 52
                next
                edit 75
                    set category 53
                next
                edit 76
                    set category 56
                next
                edit 77
                    set category 81
                next
                edit 78
                    set category 84
                next
                edit 79
                next
                edit 80
                    set category 89
                next
                edit 81
                    set category 88
                next
                edit 82
                    set category 90
                next
                edit 83
                    set category 91
                next
                edit 84
                    set category 92
                next
                edit 85
                    set category 93
                next
                edit 86
                    set category 94
                next
                edit 87
                    set category 95
                next
            end
        end
        set log-all-url enable
        set web-content-log disable
        set web-filter-activex-log disable
        set web-filter-command-block-log disable
        set web-filter-cookie-log disable
        set web-filter-applet-log disable
        set web-filter-jscript-log disable
        set web-filter-js-log disable
        set web-filter-vbs-log disable
        set web-filter-unknown-log disable
        set web-filter-referer-log disable
        set web-filter-cookie-removal-log disable
        set web-url-log disable
        set web-invalid-domain-log disable
        set web-ftgd-err-log disable
        set web-ftgd-quota-usage disable
    next
    edit "sniffer-profile"
        set comment "Monitor web traffic."
        config ftgd-wf
            config filters
                edit 1
                next
                edit 2
                    set category 1
                next
                edit 3
                    set category 2
                next
                edit 4
                    set category 3
                next
                edit 5
                    set category 4
                next
                edit 6
                    set category 5
                next
                edit 7
                    set category 6
                next
                edit 8
                    set category 7
                next
                edit 9
                    set category 8
                next
                edit 10
                    set category 9
                next
                edit 11
                    set category 11
                next
                edit 12
                    set category 12
                next
                edit 13
                    set category 13
                next
                edit 14
                    set category 14
                next
                edit 15
                    set category 15
                next
                edit 16
                    set category 16
                next
                edit 17
                    set category 17
                next
                edit 18
                    set category 18
                next
                edit 19
                    set category 19
                next
                edit 20
                    set category 20
                next
                edit 21
                    set category 23
                next
                edit 22
                    set category 24
                next
                edit 23
                    set category 25
                next
                edit 24
                    set category 26
                next
                edit 25
                    set category 28
                next
                edit 26
                    set category 29
                next
                edit 27
                    set category 30
                next
                edit 28
                    set category 31
                next
                edit 29
                    set category 33
                next
                edit 30
                    set category 34
                next
                edit 31
                    set category 35
                next
                edit 32
                    set category 36
                next
                edit 33
                    set category 37
                next
                edit 34
                    set category 38
                next
                edit 35
                    set category 39
                next
                edit 36
                    set category 40
                next
                edit 37
                    set category 41
                next
                edit 38
                    set category 42
                next
                edit 39
                    set category 43
                next
                edit 40
                    set category 44
                next
                edit 41
                    set category 46
                next
                edit 42
                    set category 47
                next
                edit 43
                    set category 48
                next
                edit 44
                    set category 49
                next
                edit 45
                    set category 50
                next
                edit 46
                    set category 51
                next
                edit 47
                    set category 52
                next
                edit 48
                    set category 53
                next
                edit 49
                    set category 54
                next
                edit 50
                    set category 55
                next
                edit 51
                    set category 56
                next
                edit 52
                    set category 57
                next
                edit 53
                    set category 58
                next
                edit 54
                    set category 59
                next
                edit 55
                    set category 61
                next
                edit 56
                    set category 62
                next
                edit 57
                    set category 63
                next
                edit 58
                    set category 64
                next
                edit 59
                    set category 65
                next
                edit 60
                    set category 66
                next
                edit 61
                    set category 67
                next
                edit 62
                    set category 68
                next
                edit 63
                    set category 69
                next
                edit 64
                    set category 70
                next
                edit 65
                    set category 71
                next
                edit 66
                    set category 72
                next
                edit 67
                    set category 75
                next
                edit 68
                    set category 76
                next
                edit 69
                    set category 77
                next
                edit 70
                    set category 78
                next
                edit 71
                    set category 79
                next
                edit 72
                    set category 80
                next
                edit 73
                    set category 81
                next
                edit 74
                    set category 82
                next
                edit 75
                    set category 83
                next
                edit 76
                    set category 84
                next
                edit 77
                    set category 85
                next
                edit 78
                    set category 86
                next
                edit 79
                    set category 87
                next
                edit 80
                    set category 88
                next
                edit 81
                    set category 89
                next
                edit 82
                    set category 90
                next
                edit 83
                    set category 91
                next
                edit 84
                    set category 92
                next
                edit 85
                    set category 93
                next
                edit 86
                    set category 94
                next
                edit 87
                    set category 95
                next
            end
        end
    next
    edit "web-filter-flow"
        set comment "Flow-based web filter profile."
        config ftgd-wf
            config filters
                edit 1
                    set category 2
                next
                edit 2
                    set category 7
                next
                edit 3
                    set category 8
                next
                edit 4
                    set category 9
                next
                edit 5
                    set category 11
                next
                edit 6
                    set category 12
                next
                edit 7
                    set category 13
                next
                edit 8
                    set category 14
                next
                edit 9
                    set category 15
                next
                edit 10
                    set category 16
                next
                edit 11
                next
                edit 12
                    set category 57
                next
                edit 13
                    set category 63
                next
                edit 14
                    set category 64
                next
                edit 15
                    set category 65
                next
                edit 16
                    set category 66
                next
                edit 17
                    set category 67
                next
                edit 18
                    set category 26
                    set action block
                next
                edit 19
                    set category 90
                next
                edit 20
                    set category 91
                next
            end
        end
    next
end
config webfilter search-engine
    edit "google"
        set hostname ".*\\.google\\..*"
        set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
        set query "q="
        set safesearch url
        set safesearch-str "&safe=active"
    next
    edit "yahoo"
        set hostname ".*\\.yahoo\\..*"
        set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
        set query "p="
        set safesearch url
        set safesearch-str "&vm=r"
    next
    edit "bing"
        set hostname ".*\\.bing\\..*"
        set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
        set query "q="
        set safesearch header
    next
    edit "yandex"
        set hostname ".*\\.yandex\\..*"
        set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"
        set query "text="
        set safesearch url
        set safesearch-str "&family=yes"
    next
    edit "youtube"
        set hostname ".*youtube.*"
        set safesearch header
    next
    edit "baidu"
        set hostname ".*\\.baidu\\.com"
        set url "^\\/s?\\?"
        set query "wd="
    next
    edit "baidu2"
        set hostname ".*\\.baidu\\.com"
        set url "^\\/(ns|q|m|i|v)\\?"
        set query "word="
    next
    edit "baidu3"
        set hostname "tieba\\.baidu\\.com"
        set url "^\\/f\\?"
        set query "kw="
    next
end
config emailfilter profile
    edit "sniffer-profile"
        set comment "Malware and phishing URL monitoring."
    next
    edit "default"
        set comment "Malware and phishing URL filtering."
    next
end
config wanopt settings
    set host-id "default-id"
end
config wanopt profile
    edit "default"
        set comments "Default WANopt profile."
    next
end
config firewall schedule recurring
    edit "always"
        set day sunday monday tuesday wednesday thursday friday saturday
    next
    edit "none"
    next
    edit "default-darrp-optimize"
        set start 01:00
        set end 01:30
        set day sunday monday tuesday wednesday thursday friday saturday
    next
end
config firewall profile-protocol-options
    edit "default"
        set comment "All services."
        config http
            set ports 80
            unset options
            unset post-lang
        end
        config ftp
            set ports 21
            set options splice
        end
        config imap
            set ports 143
            set options fragmail
        end
        config mapi
            set ports 135
            set options fragmail
        end
        config pop3
            set ports 110
            set options fragmail
        end
        config smtp
            set ports 25
            set options fragmail splice
        end
        config nntp
            set ports 119
            set options splice
        end
        config ssh
            unset options
        end
        config dns
            set ports 53
        end
        config cifs
            set ports 445
        end
    next
end
config firewall ssl-ssh-profile
    edit "no-inspection"
        set comment "Read-only profile that does no inspection."
        config https
            set status disable
        end
        config ftps
            set status disable
        end
        config imaps
            set status disable
        end
        config pop3s
            set status disable
        end
        config smtps
            set status disable
        end
        config ssh
            set ports 22
            set status disable
        end
    next
    edit "custom-deep-inspection"
        set comment "Customizable deep inspection profile."
        config https
            set ports 443
            set status deep-inspection
        end
        config ftps
            set ports 990
            set status deep-inspection
        end
        config imaps
            set ports 993
            set status deep-inspection
        end
        config pop3s
            set ports 995
            set status deep-inspection
        end
        config smtps
            set ports 465
            set status deep-inspection
        end
        config ssh
            set ports 22
            set status deep-inspection
        end
        config ssl-exempt
            edit 1
                set fortiguard-category 31
            next
            edit 2
                set fortiguard-category 33
            next
            edit 3
                set type wildcard-fqdn
                set wildcard-fqdn "g-google-play"
            next
            edit 4
                set type wildcard-fqdn
                set wildcard-fqdn "g-update.microsoft.com"
            next
            edit 5
                set type wildcard-fqdn
                set wildcard-fqdn "g-swscan.apple.com"
            next
            edit 6
                set type wildcard-fqdn
                set wildcard-fqdn "g-autoupdate.opera.com"
            next
            edit 7
                set type wildcard-fqdn
                set wildcard-fqdn "g-android"
            next
            edit 8
                set type wildcard-fqdn
                set wildcard-fqdn "g-apple"
            next
            edit 9
                set type wildcard-fqdn
                set wildcard-fqdn "g-appstore"
            next
            edit 10
                set type wildcard-fqdn
                set wildcard-fqdn "g-citrix"
            next
            edit 11
                set type wildcard-fqdn
                set wildcard-fqdn "g-eease"
            next
            edit 12
                set type wildcard-fqdn
                set wildcard-fqdn "g-google-drive"
            next
            edit 13
                set type wildcard-fqdn
                set wildcard-fqdn "g-google-play2"
            next
            edit 14
                set type wildcard-fqdn
                set wildcard-fqdn "g-google-play3"
            next
            edit 15
                set type wildcard-fqdn
                set wildcard-fqdn "g-Gotomeeting"
            next
            edit 16
                set type wildcard-fqdn
                set wildcard-fqdn "g-microsoft"
            next
            edit 17
                set type wildcard-fqdn
                set wildcard-fqdn "g-adobe"
            next
            edit 18
                set type wildcard-fqdn
                set wildcard-fqdn "g-Adobe Login"
            next
            edit 19
                set type wildcard-fqdn
                set wildcard-fqdn "g-dropbox.com"
            next
            edit 20
                set type wildcard-fqdn
                set wildcard-fqdn "g-fortinet"
            next
            edit 21
                set type wildcard-fqdn
                set wildcard-fqdn "g-googleapis.com"
            next
            edit 22
                set type wildcard-fqdn
                set wildcard-fqdn "g-icloud"
            next
            edit 23
                set type wildcard-fqdn
                set wildcard-fqdn "g-itunes"
            next
            edit 24
                set type wildcard-fqdn
                set wildcard-fqdn "g-skype"
            next
            edit 25
                set type wildcard-fqdn
                set wildcard-fqdn "g-verisign"
            next
            edit 26
                set type wildcard-fqdn
                set wildcard-fqdn "g-Windows update 2"
            next
            edit 27
                set type wildcard-fqdn
                set wildcard-fqdn "g-auth.gfx.ms"
            next
            edit 28
                set type wildcard-fqdn
                set wildcard-fqdn "g-softwareupdate.vmware.com"
            next
            edit 29
                set type wildcard-fqdn
                set wildcard-fqdn "g-firefox update server"
            next
            edit 30
                set type wildcard-fqdn
                set wildcard-fqdn "g-live.com"
            next
        end
    next
    edit "certificate-inspection"
        set comment "SSL handshake inspection."
        config https
            set ports 443
            set status certificate-inspection
        end
        config ftps
            set status disable
        end
        config imaps
            set status disable
        end
        config pop3s
            set status disable
        end
        config smtps
            set status disable
        end
        config ssh
            set ports 22
            set status disable
        end
        set caname "Fortinet_CA_SSLProxy"
    next
    edit "deep-inspection"
        set comment "Read-only deep inspection profile."
        config https
            set ports 443
            set status deep-inspection
        end
        config ftps
            set ports 990
            set status deep-inspection
        end
        config imaps
            set ports 993
            set status deep-inspection
        end
        config pop3s
            set ports 995
            set status deep-inspection
        end
        config smtps
            set ports 465
            set status deep-inspection
        end
        config ssh
            set ports 22
            set status disable
        end
        config ssl-exempt
            edit 1
                set fortiguard-category 31
            next
            edit 2
                set fortiguard-category 33
            next
            edit 3
                set type wildcard-fqdn
                set wildcard-fqdn "g-adobe"
            next
            edit 4
                set type wildcard-fqdn
                set wildcard-fqdn "g-Adobe Login"
            next
            edit 5
                set type wildcard-fqdn
                set wildcard-fqdn "g-android"
            next
            edit 6
                set type wildcard-fqdn
                set wildcard-fqdn "g-apple"
            next
            edit 7
                set type wildcard-fqdn
                set wildcard-fqdn "g-appstore"
            next
            edit 8
                set type wildcard-fqdn
                set wildcard-fqdn "g-auth.gfx.ms"
            next
            edit 9
                set type wildcard-fqdn
                set wildcard-fqdn "g-citrix"
            next
            edit 10
                set type wildcard-fqdn
                set wildcard-fqdn "g-dropbox.com"
            next
            edit 11
                set type wildcard-fqdn
                set wildcard-fqdn "g-eease"
            next
            edit 12
                set type wildcard-fqdn
                set wildcard-fqdn "g-firefox update server"
            next
            edit 13
                set type wildcard-fqdn
                set wildcard-fqdn "g-fortinet"
            next
            edit 14
                set type wildcard-fqdn
                set wildcard-fqdn "g-googleapis.com"
            next
            edit 15
                set type wildcard-fqdn
                set wildcard-fqdn "g-google-drive"
            next
            edit 16
                set type wildcard-fqdn
                set wildcard-fqdn "g-google-play2"
            next
            edit 17
                set type wildcard-fqdn
                set wildcard-fqdn "g-google-play3"
            next
            edit 18
                set type wildcard-fqdn
                set wildcard-fqdn "g-Gotomeeting"
            next
            edit 19
                set type wildcard-fqdn
                set wildcard-fqdn "g-icloud"
            next
            edit 20
                set type wildcard-fqdn
                set wildcard-fqdn "g-itunes"
            next
            edit 21
                set type wildcard-fqdn
                set wildcard-fqdn "g-microsoft"
            next
            edit 22
                set type wildcard-fqdn
                set wildcard-fqdn "g-skype"
            next
            edit 23
                set type wildcard-fqdn
                set wildcard-fqdn "g-softwareupdate.vmware.com"
            next
            edit 24
                set type wildcard-fqdn
                set wildcard-fqdn "g-verisign"
            next
            edit 25
                set type wildcard-fqdn
                set wildcard-fqdn "g-Windows update 2"
            next
            edit 26
                set type wildcard-fqdn
                set wildcard-fqdn "g-live.com"
            next
            edit 27
                set type wildcard-fqdn
                set wildcard-fqdn "g-google-play"
            next
            edit 28
                set type wildcard-fqdn
                set wildcard-fqdn "g-update.microsoft.com"
            next
            edit 29
                set type wildcard-fqdn
                set wildcard-fqdn "g-swscan.apple.com"
            next
            edit 30
                set type wildcard-fqdn
                set wildcard-fqdn "g-autoupdate.opera.com"
            next
        end
    next
end
config waf profile
    edit "default"
        config signature
            config main-class 100000000
                set action block
                set log disable
                set severity high
            end
            config main-class 20000000
                set log disable
            end
            config main-class 30000000
                set status enable
                set action block
                set log disable
                set severity high
            end
            config main-class 40000000
                set log disable
            end
            config main-class 50000000
                set status enable
                set action block
                set log disable
                set severity high
            end
            config main-class 60000000
                set log disable
            end
            config main-class 70000000
                set status enable
                set action block
                set log disable
                set severity high
            end
            config main-class 80000000
                set status enable
                set log disable
                set severity low
            end
            config main-class 110000000
                set status enable
                set log disable
                set severity high
            end
            config main-class 90000000
                set status enable
                set action block
                set log disable
                set severity high
            end
            set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002
        end
        config constraint
            config header-length
                set status enable
                set log enable
                set severity low
            end
            config content-length
                set status enable
                set log enable
                set severity low
            end
            config param-length
                set status enable
                set log enable
                set severity low
            end
            config line-length
                set status enable
                set log enable
                set severity low
            end
            config url-param-length
                set status enable
                set log enable
                set severity low
            end
            config version
                set log enable
            end
            config method
                set action block
                set log enable
            end
            config hostname
                set action block
                set log enable
            end
            config malformed
                set log enable
            end
            config max-cookie
                set status enable
                set log enable
                set severity low
            end
            config max-header-line
                set status enable
                set log enable
                set severity low
            end
            config max-url-param
                set status enable
                set log enable
                set severity low
            end
            config max-range-segment
                set status enable
                set log enable
                set severity high
            end
        end
    next
end
config firewall policy
    edit 1
        set name "Test1"
        set uuid 2372eb5c-832b-51ea-dbda-8dea47646393
        set srcintf "port2"
        set dstintf "port1"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set inspection-mode proxy
        set nat enable
    next
    edit 20
        set name "Monitor_Servers_02"
        set uuid 3da73baa-dacb-48cb-852c-c4be245b4609
        set srcintf "port0"
        set srcintf "port1"
        set srcaddr "host_192.168.122.1"
        set dstaddr "network_192.168.122.0/24"
        set action accept
        set schedule "always"
        set service ""HTTPS" "HTTP"
    next
end
config firewall proxy-policy
    edit 1
        set uuid c46a6e86-832b-51ea-134a-b57537de4b2a
        set proxy explicit-web
        set dstintf "port1"
        set srcaddr "all"
        set dstaddr "all"
        set service "webproxy"
        set action accept
        set schedule "always"
    next
end
config firewall ssh local-key
    edit "g-Fortinet_SSH_DSA1024"
        set password ENC XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        set source built-in
    next
    edit "g-Fortinet_SSH_ECDSA256"
        set password ENC XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        set source built-in
    next
    edit "g-Fortinet_SSH_ECDSA384"
        set password ENC XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        set source built-in
    next
    edit "g-Fortinet_SSH_ECDSA521"
        set password ENC XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        set source built-in
    next
    edit "g-Fortinet_SSH_ED25519"
        set password ENC XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        set source built-in
    next
    edit "g-Fortinet_SSH_RSA2048"
        set password ENC XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        set source built-in
    next
end
config firewall ssh local-ca
    edit "g-Fortinet_SSH_CA"
        set password ENC XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        set source built-in
    next
    edit "g-Fortinet_SSH_CA_Untrusted"
        set password ENC XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        set source built-in
    next
end
config firewall ssh setting
    set caname "g-Fortinet_SSH_CA"
    set untrusted-caname "g-Fortinet_SSH_CA_Untrusted"
    set hostkey-rsa2048 "g-Fortinet_SSH_RSA2048"
    set hostkey-dsa1024 "g-Fortinet_SSH_DSA1024"
    set hostkey-ecdsa256 "g-Fortinet_SSH_ECDSA256"
    set hostkey-ecdsa384 "g-Fortinet_SSH_ECDSA384"
    set hostkey-ecdsa521 "g-Fortinet_SSH_ECDSA521"
    set hostkey-ed25519 "g-Fortinet_SSH_ED25519"
end
config switch-controller security-policy 802-1X
    edit "802-1X-policy-default"
        set user-group "SSO_Guest_Users"
        set mac-auth-bypass disable
        set open-auth disable
        set eap-passthru enable
        set guest-vlan disable
        set auth-fail-vlan disable
        set framevid-apply enable
        set radius-timeout-overwrite disable
    next
end
config switch-controller security-policy local-access
    edit "default"
        set mgmt-allowaccess https ping ssh
        set internal-allowaccess https ping ssh
    next
end
config switch-controller lldp-profile
    edit "default"
        set med-tlvs inventory-management network-policy location-identification
        set auto-isl disable
        config med-network-policy
            edit "voice"
            next
            edit "voice-signaling"
            next
            edit "guest-voice"
            next
            edit "guest-voice-signaling"
            next
            edit "softphone-voice"
            next
            edit "video-conferencing"
            next
            edit "streaming-video"
            next
            edit "video-signaling"
            next
        end
        config med-location-service
            edit "coordinates"
            next
            edit "address-civic"
            next
            edit "elin-number"
            next
        end
    next
    edit "default-auto-isl"
    next
    edit "default-auto-mclag-icl"
    next
end
config switch-controller qos dot1p-map
    edit "voice-dot1p"
        set priority-0 queue-4
        set priority-1 queue-4
        set priority-2 queue-3
        set priority-3 queue-2
        set priority-4 queue-3
        set priority-5 queue-1
        set priority-6 queue-2
        set priority-7 queue-2
    next
end
config switch-controller qos ip-dscp-map
    edit "voice-dscp"
        config map
            edit "1"
                set cos-queue 1
                set value 46
            next
            edit "2"
                set cos-queue 2
                set value 24,26,48,56
            next
            edit "5"
                set cos-queue 3
                set value 34
            next
        end
    next
end
config switch-controller qos queue-policy
    edit "default"
        set schedule round-robin
        set rate-by kbps
        config cos-queue
            edit "queue-0"
            next
            edit "queue-1"
            next
            edit "queue-2"
            next
            edit "queue-3"
            next
            edit "queue-4"
            next
            edit "queue-5"
            next
            edit "queue-6"
            next
            edit "queue-7"
            next
        end
    next
    edit "voice-egress"
        set schedule weighted
        set rate-by kbps
        config cos-queue
            edit "queue-0"
            next
            edit "queue-1"
                set weight 0
            next
            edit "queue-2"
                set weight 6
            next
            edit "queue-3"
                set weight 37
            next
            edit "queue-4"
                set weight 12
            next
            edit "queue-5"
            next
            edit "queue-6"
            next
            edit "queue-7"
            next
        end
    next
end
config switch-controller qos qos-policy
    edit "default"
    next
    edit "voice-qos"
        set trust-dot1p-map "voice-dot1p"
        set trust-ip-dscp-map "voice-dscp"
        set queue-policy "voice-egress"
    next
end
config switch-controller storm-control-policy
    edit "default"
        set description "default storm control on all port"
    next
    edit "auto-config"
        set description "storm control policy for fortilink-isl-icl port"
        set storm-control-mode disabled
    next
end
config switch-controller auto-config policy
    edit "default"
    next
    edit "default-icl"
        set poe-status disable
        set igmp-flood-report enable
        set igmp-flood-traffic enable
    next
end
config switch-controller auto-config default
    set icl-policy "default"
end
config switch-controller switch-profile
    edit "default"
    next
end
config switch-controller remote-log
    edit "syslogd"
    next
    edit "syslogd2"
    next
end
config wireless-controller wids-profile
    edit "default"
        set comment "Default WIDS profile."
        set ap-scan enable
        set wireless-bridge enable
        set deauth-broadcast enable
        set null-ssid-probe-resp enable
        set long-duration-attack enable
        set invalid-mac-oui enable
        set weak-wep-iv enable
        set auth-frame-flood enable
        set assoc-frame-flood enable
        set spoofed-deauth enable
        set asleap-attack enable
        set eapol-start-flood enable
        set eapol-logoff-flood enable
        set eapol-succ-flood enable
        set eapol-fail-flood enable
        set eapol-pre-succ-flood enable
        set eapol-pre-fail-flood enable
    next
    edit "default-wids-apscan-enabled"
        set ap-scan enable
    next
end
config wireless-controller utm-profile
    edit "g-wifi-default"
        set comment "Default configuration for offloading WiFi traffic."
        set ips-sensor "g-wifi-default"
        set application-list "g-wifi-default"
        set antivirus-profile "g-wifi-default"
        set webfilter-profile "g-wifi-default"
    next
end
config log memory setting
    set status disable
end
config log disk setting
    set status disable
end
config log null-device setting
    set status disable
end
config log setting
    set fwpolicy-implicit-log enable
    set local-in-allow enable
    set local-in-deny-unicast enable
    set local-in-deny-broadcast enable
    set local-out enable
end
config router rip
    config redistribute "connected"
    end
    config redistribute "static"
    end
    config redistribute "ospf"
    end
    config redistribute "bgp"
    end
    config redistribute "isis"
    end
end
config router ripng
    config redistribute "connected"
    end
    config redistribute "static"
    end
    config redistribute "ospf"
    end
    config redistribute "bgp"
    end
    config redistribute "isis"
    end
end
config router static
    edit 1
        set gateway 172.30.72.254
        set device "port1"
    next
end
config router ospf
    config redistribute "connected"
    end
    config redistribute "static"
    end
    config redistribute "rip"
    end
    config redistribute "bgp"
    end
    config redistribute "isis"
    end
end
config router ospf6
    config redistribute "connected"
    end
    config redistribute "static"
    end
    config redistribute "rip"
    end
    config redistribute "bgp"
    end
    config redistribute "isis"
    end
end
config router bgp
    config redistribute "connected"
    end
    config redistribute "rip"
    end
    config redistribute "ospf"
    end
    config redistribute "static"
    end
end
end

config vdom
edit ro
config system settings
    set inspection-mode flow
end
config firewall address
    edit "host_192.168.3.1"
        set uuid 2706ebe5-4213-4d68-9f02-9b7c8c97fd43
        set associated-interface "port1"
        set subnet 192.168.3.1 255.255.255.255
    next
    edit "host_192.168.3.3"
        set uuid 0c939690-0f41-45d0-9fac-bccd983af96f
        set associated-interface "port1"
        set subnet 192.168.3.3 255.255.255.255
    next
    edit "host_192.168.3.5"
        set uuid fad9712a-feac-4722-9ae0-29f82c01372b
        set associated-interface "port1"
        set subnet 192.168.3.5 255.255.255.255
    next
    edit "iprange_192.168.2.1..3"
        set uuid 4ff4e7a3-fef4-4c80-8a3b-e8da5d7773c4
        set type iprange
        set start-ip 192.168.2.1
        set end-ip 192.168.2.3
    next
end
config firewall multicast-address
    edit "all"
        set start-ip 224.0.0.0
        set end-ip 239.255.255.255
    next
    edit "all_hosts"
        set start-ip 224.0.0.1
        set end-ip 224.0.0.1
    next
    edit "all_routers"
        set start-ip 224.0.0.2
        set end-ip 224.0.0.2
    next
    edit "Bonjour"
        set start-ip 224.0.0.251
        set end-ip 224.0.0.251
    next
    edit "EIGRP"
        set start-ip 224.0.0.10
        set end-ip 224.0.0.10
    next
    edit "OSPF"
        set start-ip 224.0.0.5
        set end-ip 224.0.0.6
    next
end
config firewall address6
    edit "SSLVPN_TUNNEL_IPv6_ADDR1"
        set uuid be8eba1e-986e-51e5-0a3a-4ddcdd701106
        set ip6 fdff:ffff::/120
    next
    edit "all"
        set uuid be8d633a-986e-51e5-b335-2325460720e0
    next
    edit "none"
        set uuid be58271a-986e-51e5-dc8b-471e5f6ce676
        set ip6 ::/128
    next
end
config firewall multicast-address6
    edit "all"
        set ip6 ff00::/8
    next
end
config firewall addrgrp
    edit "Microsoft Office 365"
        set uuid af6055c0-aa8f-51e9-9a4f-98e92eff371f
        set member "login.microsoftonline.com" "login.microsoft.com" "login.windows.net"
    next
    edit "G Suite"
        set uuid af60599e-aa8f-51e9-c489-084025e179a6
        set member "gmail.com" "wildcard.google.com"
    next
    edit "Monitor_Servers"
        set uuid f0b5a5c5-6c90-4ee8-9f02-31c445e868b5
        set member "host_192.168.3.1" "host_192.168.3.3" "host_192.168.3.5"
    next
end
config firewall wildcard-fqdn custom
    edit "g-Adobe Login"
        set uuid d11bcff0-9442-51e8-01be-32d8da4f7463
        set wildcard-fqdn "*.adobelogin.com"
    next
    edit "g-Gotomeeting"
        set uuid d11be094-9442-51e8-53e6-46035c800b06
        set wildcard-fqdn "*.gotomeeting.com"
    next
    edit "g-Windows update 2"
        set uuid d11beddc-9442-51e8-c8e7-11194c099c10
        set wildcard-fqdn "*.windowsupdate.com"
    next
    edit "g-adobe"
        set uuid d11bcdac-9442-51e8-8684-6d383935053c
        set wildcard-fqdn "*.adobe.com"
    next
    edit "g-android"
        set uuid d11bd130-9442-51e8-f1d6-b9f04b2992a0
        set wildcard-fqdn "*.android.com"
    next
    edit "g-apple"
        set uuid d11bd25c-9442-51e8-77f5-fdddbc97c911
        set wildcard-fqdn "*.apple.com"
    next
    edit "g-appstore"
        set uuid d11bd37e-9442-51e8-d421-368e2f49c62d
        set wildcard-fqdn "*.appstore.com"
    next
    edit "g-auth.gfx.ms"
        set uuid d11bd4aa-9442-51e8-8e95-f0d533dcbe27
        set wildcard-fqdn "*.auth.gfx.ms"
    next
    edit "g-autoupdate.opera.com"
        set uuid a78a305a-aa8f-51e9-f1fd-e56ec158ecad
        set wildcard-fqdn "*autoupdate.opera.com"
    next
    edit "g-citrix"
        set uuid d11bd5e0-9442-51e8-680b-9e1c64d904e4
        set wildcard-fqdn "*.citrixonline.com"
    next
    edit "g-dropbox.com"
        set uuid d11bd702-9442-51e8-81a6-9d3c3c2f91a8
        set wildcard-fqdn "*.dropbox.com"
    next
    edit "g-eease"
        set uuid d11bd82e-9442-51e8-f738-3d0674a08a92
        set wildcard-fqdn "*.eease.com"
    next
    edit "g-firefox update server"
        set uuid d11bd95a-9442-51e8-02ea-cdfe8a0b104f
        set wildcard-fqdn "aus*.mozilla.org"
    next
    edit "g-fortinet"
        set uuid d11bda86-9442-51e8-1a02-7835b606fef5
        set wildcard-fqdn "*.fortinet.com"
    next
    edit "g-google-drive"
        set uuid d11bdcfc-9442-51e8-08d4-e585c0cc339d
        set wildcard-fqdn "*drive.google.com"
    next
    edit "g-google-play"
        set uuid a78a2a92-aa8f-51e9-c377-4414d7717388
        set wildcard-fqdn "*play.google.com"
    next
    edit "g-google-play2"
        set uuid d11bde28-9442-51e8-0b1d-0ae70217f1f6
        set wildcard-fqdn "*.ggpht.com"
    next
    edit "g-google-play3"
        set uuid d11bdf5e-9442-51e8-10a9-80d252a33b7c
        set wildcard-fqdn "*.books.google.com"
    next
    edit "g-googleapis.com"
        set uuid d11bdbc6-9442-51e8-5214-4f19d12eb43a
        set wildcard-fqdn "*.googleapis.com"
    next
    edit "g-icloud"
        set uuid d11be274-9442-51e8-871a-5c2d9401a7c0
        set wildcard-fqdn "*.icloud.com"
    next
    edit "g-itunes"
        set uuid d11be454-9442-51e8-26f7-46baa33c6e3c
        set wildcard-fqdn "*itunes.apple.com"
    next
    edit "g-live.com"
        set uuid d11bef12-9442-51e8-e3cc-948b1d2922d8
        set wildcard-fqdn "*.live.com"
    next
    edit "g-microsoft"
        set uuid d11be594-9442-51e8-86cd-cf421e76ee9b
        set wildcard-fqdn "*.microsoft.com"
    next
    edit "g-skype"
        set uuid d11bea08-9442-51e8-157c-4af75a9b547e
        set wildcard-fqdn "*.messenger.live.com"
    next
    edit "g-softwareupdate.vmware.com"
        set uuid d11beb70-9442-51e8-3c3d-70222b25db21
        set wildcard-fqdn "*.softwareupdate.vmware.com"
    next
    edit "g-swscan.apple.com"
        set uuid a78a2e70-aa8f-51e9-5a27-37a38bcc45ce
        set wildcard-fqdn "*swscan.apple.com"
    next
    edit "g-update.microsoft.com"
        set uuid a78a2c86-aa8f-51e9-b5a8-c61cfc18b2e3
        set wildcard-fqdn "*update.microsoft.com"
    next
    edit "g-verisign"
        set uuid d11beca6-9442-51e8-0ddf-d23bd3acdb10
        set wildcard-fqdn "*.verisign.com"
    next
    edit "*.live.com"
        set uuid d1799c5c-9442-51e8-632c-e22c4df52cf3
        set wildcard-fqdn "*.live.com"
    next
end
config firewall service category
    edit "General"
        set comment "General services."
    next
    edit "Web Access"
        set comment "Web access."
    next
    edit "File Access"
        set comment "File access."
    next
    edit "Email"
        set comment "Email services."
    next
    edit "Network Services"
        set comment "Network services."
    next
    edit "Authentication"
        set comment "Authentication service."
    next
    edit "Remote Access"
        set comment "Remote access."
    next
    edit "Tunneling"
        set comment "Tunneling service."
    next
    edit "VoIP, Messaging & Other Applications"
        set comment "VoIP, messaging, and other applications."
    next
    edit "Web Proxy"
        set comment "Explicit web proxy."
    next
end
config firewall service custom
    edit "DNS"
        set category "Network Services"
        set tcp-portrange 53
        set udp-portrange 53
    next
    edit "HTTP"
        set category "Web Access"
        set tcp-portrange 80
    next
    edit "HTTPS"
        set category "Web Access"
        set tcp-portrange 443
    next
    edit "IMAP"
        set category "Email"
        set tcp-portrange 143
    next
    edit "IMAPS"
        set category "Email"
        set tcp-portrange 993
    next
    edit "LDAP"
        set category "Authentication"
        set tcp-portrange 389
    next
    edit "DCE-RPC"
        set category "Remote Access"
        set tcp-portrange 135
        set udp-portrange 135
    next
    edit "POP3"
        set category "Email"
        set tcp-portrange 110
    next
    edit "POP3S"
        set category "Email"
        set tcp-portrange 995
    next
    edit "SAMBA"
        set category "File Access"
        set tcp-portrange 139
    next
    edit "SMTP"
        set category "Email"
        set tcp-portrange 25
    next
    edit "SMTPS"
        set category "Email"
        set tcp-portrange 465
    next
    edit "KERBEROS"
        set category "Authentication"
        set tcp-portrange 88 464
        set udp-portrange 88 464
    next
    edit "LDAP_UDP"
        set category "Authentication"
        set udp-portrange 389
    next
    edit "SMB"
        set category "File Access"
        set tcp-portrange 445
    next
    edit "ALL"
        set category "General"
        set protocol IP
    next
    edit "ALL_TCP"
        set category "General"
        set tcp-portrange 1-65535
    next
    edit "ALL_UDP"
        set category "General"
        set udp-portrange 1-65535
    next
    edit "ALL_ICMP"
        set category "General"
        set protocol ICMP
        unset icmptype
    next
    edit "ALL_ICMP6"
        set category "General"
        set protocol ICMP6
        unset icmptype
    next
    edit "GRE"
        set category "Tunneling"
        set protocol IP
        set protocol-number 47
    next
    edit "AH"
        set category "Tunneling"
        set protocol IP
        set protocol-number 51
    next
    edit "ESP"
        set category "Tunneling"
        set protocol IP
        set protocol-number 50
    next
    edit "AOL"
        set visibility disable
        set tcp-portrange 5190-5194
    next
    edit "BGP"
        set category "Network Services"
        set tcp-portrange 179
    next
    edit "DHCP"
        set category "Network Services"
        set udp-portrange 67-68
    next
    edit "FINGER"
        set visibility disable
        set tcp-portrange 79
    next
    edit "FTP"
        set category "File Access"
        set tcp-portrange 21
    next
    edit "FTP_GET"
        set category "File Access"
        set tcp-portrange 21
    next
    edit "FTP_PUT"
        set category "File Access"
        set tcp-portrange 21
    next
    edit "GOPHER"
        set visibility disable
        set tcp-portrange 70
    next
    edit "H323"
        set category "VoIP, Messaging & Other Applications"
        set tcp-portrange 1720 1503
        set udp-portrange 1719
    next
    edit "IKE"
        set category "Tunneling"
        set udp-portrange 500 4500
    next
    edit "Internet-Locator-Service"
        set visibility disable
        set tcp-portrange 389
    next
    edit "IRC"
        set category "VoIP, Messaging & Other Applications"
        set tcp-portrange 6660-6669
    next
    edit "L2TP"
        set category "Tunneling"
        set tcp-portrange 1701
        set udp-portrange 1701
    next
    edit "NetMeeting"
        set visibility disable
        set tcp-portrange 1720
    next
    edit "NFS"
        set category "File Access"
        set tcp-portrange 111 2049
        set udp-portrange 111 2049
    next
    edit "NNTP"
        set visibility disable
        set tcp-portrange 119
    next
    edit "NTP"
        set category "Network Services"
        set tcp-portrange 123
        set udp-portrange 123
    next
    edit "OSPF"
        set category "Network Services"
        set protocol IP
        set protocol-number 89
    next
    edit "PC-Anywhere"
        set category "Remote Access"
        set tcp-portrange 5631
        set udp-portrange 5632
    next
    edit "PING"
        set category "Network Services"
        set protocol ICMP
        set icmptype 8
        unset icmpcode
    next
    edit "TIMESTAMP"
        set protocol ICMP
        set visibility disable
        set icmptype 13
        unset icmpcode
    next
    edit "INFO_REQUEST"
        set protocol ICMP
        set visibility disable
        set icmptype 15
        unset icmpcode
    next
    edit "INFO_ADDRESS"
        set protocol ICMP
        set visibility disable
        set icmptype 17
        unset icmpcode
    next
    edit "ONC-RPC"
        set category "Remote Access"
        set tcp-portrange 111
        set udp-portrange 111
    next
    edit "PPTP"
        set category "Tunneling"
        set tcp-portrange 1723
    next
    edit "QUAKE"
        set visibility disable
        set udp-portrange 26000 27000 27910 27960
    next
    edit "RAUDIO"
        set visibility disable
        set udp-portrange 7070
    next
    edit "REXEC"
        set visibility disable
        set tcp-portrange 512
    next
    edit "RIP"
        set category "Network Services"
        set udp-portrange 520
    next
    edit "RLOGIN"
        set visibility disable
        set tcp-portrange 513:512-1023
    next
    edit "RSH"
        set visibility disable
        set tcp-portrange 514:512-1023
    next
    edit "SCCP"
        set category "VoIP, Messaging & Other Applications"
        set tcp-portrange 2000
    next
    edit "SIP"
        set category "VoIP, Messaging & Other Applications"
        set tcp-portrange 5060
        set udp-portrange 5060
    next
    edit "SIP-MSNmessenger"
        set category "VoIP, Messaging & Other Applications"
        set tcp-portrange 1863
    next
    edit "SNMP"
        set category "Network Services"
        set tcp-portrange 161-162
        set udp-portrange 161-162
    next
    edit "SSH"
        set category "Remote Access"
        set tcp-portrange 22
    next
    edit "SYSLOG"
        set category "Network Services"
        set udp-portrange 514
    next
    edit "TALK"
        set visibility disable
        set udp-portrange 517-518
    next
    edit "TELNET"
        set category "Remote Access"
        set tcp-portrange 23
    next
    edit "TFTP"
        set category "File Access"
        set udp-portrange 69
    next
    edit "MGCP"
        set visibility disable
        set udp-portrange 2427 2727
    next
    edit "UUCP"
        set visibility disable
        set tcp-portrange 540
    next
    edit "VDOLIVE"
        set visibility disable
        set tcp-portrange 7000-7010
    next
    edit "WAIS"
        set visibility disable
        set tcp-portrange 210
    next
    edit "WINFRAME"
        set visibility disable
        set tcp-portrange 1494 2598
    next
    edit "X-WINDOWS"
        set category "Remote Access"
        set tcp-portrange 6000-6063
    next
    edit "PING6"
        set protocol ICMP6
        set visibility disable
        set icmptype 128
        unset icmpcode
    next
    edit "MS-SQL"
        set category "VoIP, Messaging & Other Applications"
        set tcp-portrange 1433 1434
    next
    edit "MYSQL"
        set category "VoIP, Messaging & Other Applications"
        set tcp-portrange 3306
    next
    edit "RDP"
        set category "Remote Access"
        set tcp-portrange 3389
    next
    edit "VNC"
        set category "Remote Access"
        set tcp-portrange 5900
    next
    edit "DHCP6"
        set category "Network Services"
        set udp-portrange 546 547
    next
    edit "SQUID"
        set category "Tunneling"
        set tcp-portrange 3128
    next
    edit "SOCKS"
        set category "Tunneling"
        set tcp-portrange 1080
        set udp-portrange 1080
    next
    edit "WINS"
        set category "Remote Access"
        set tcp-portrange 1512
        set udp-portrange 1512
    next
    edit "RADIUS"
        set category "Authentication"
        set udp-portrange 1812 1813
    next
    edit "RADIUS-OLD"
        set visibility disable
        set udp-portrange 1645 1646
    next
    edit "CVSPSERVER"
        set visibility disable
        set tcp-portrange 2401
        set udp-portrange 2401
    next
    edit "AFS3"
        set category "File Access"
        set tcp-portrange 7000-7009
        set udp-portrange 7000-7009
    next
    edit "TRACEROUTE"
        set category "Network Services"
        set udp-portrange 33434-33535
    next
    edit "RTSP"
        set category "VoIP, Messaging & Other Applications"
        set tcp-portrange 554 7070 8554
        set udp-portrange 554
    next
    edit "MMS"
        set visibility disable
        set tcp-portrange 1755
        set udp-portrange 1024-5000
    next
    edit "NONE"
        set visibility disable
        set tcp-portrange 0
    next
    edit "webproxy"
        set proxy enable
        set category "Web Proxy"
        set protocol ALL
        set tcp-portrange 0-65535:0-65535
    next
end
config firewall service group
    edit "Email Access"
        set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
    next
    edit "Web Access"
        set member "DNS" "HTTP" "HTTPS"
    next
    edit "Windows AD"
        set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
    next
    edit "Exchange Server"
        set member "DCE-RPC" "DNS" "HTTPS"
    next
end
config vpn certificate ca
    edit "CA_Cert_1"
        set range global
    next
end
config vpn certificate local
    edit "Fortinet_CA_SSL"
        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
        set range global
        set source factory
    next
    edit "Fortinet_CA_Untrusted"
        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
        set range global
        set source factory
    next
    edit "Fortinet_SSL"
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
    edit "Fortinet_SSL_RSA1024"
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
    edit "Fortinet_SSL_RSA2048"
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
    edit "Fortinet_SSL_RSA4096"
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
    edit "Fortinet_SSL_DSA1024"
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
    edit "Fortinet_SSL_DSA2048"
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
    edit "Fortinet_SSL_ECDSA256"
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
    edit "Fortinet_SSL_ECDSA384"
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
    edit "Fortinet_SSL_ECDSA521"
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
    edit "Fortinet_SSL_ED25519"
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
    edit "Fortinet_SSL_ED448"
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
    edit "Fortinet_CA_SSLProxy"
        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
        set range global
    next
    edit "Fortinet_SSLProxy"
        set range global
    next
    edit "certificate-fortidemo"
        set range global
    next
    edit "fortidemo"
        set range global
    next
    edit "fortidemo2020"
        set range global
    next
end
config webfilter ftgd-local-cat
    edit "custom1"
        set id 140
    next
    edit "custom2"
        set id 141
    next
end
config ips sensor
    edit "g-default"
        set comment "Prevent critical attacks."
        config entries
            edit 1
                set severity medium high critical 
            next
        end
    next
    edit "g-sniffer-profile"
        set comment "Monitor IPS attacks."
        config entries
            edit 1
                set severity medium high critical 
            next
        end
    next
    edit "g-wifi-default"
        set comment "Default configuration for offloading WiFi traffic."
        config entries
            edit 1
                set severity medium high critical 
            next
        end
    next
    edit "all_default"
        set comment "All predefined signatures with default setting."
        config entries
            edit 1
            next
        end
    next
    edit "all_default_pass"
        set comment "All predefined signatures with PASS action."
        config entries
            edit 1
                set action pass
            next
        end
    next
    edit "protect_client"
        set comment "Protect against client-side vulnerabilities."
        config entries
            edit 1
                set location client 
            next
        end
    next
    edit "protect_email_server"
        set comment "Protect against email server-side vulnerabilities."
        config entries
            edit 1
                set location server 
                set protocol SMTP POP3 IMAP 
            next
        end
    next
    edit "protect_http_server"
        set comment "Protect against HTTP server-side vulnerabilities."
        config entries
            edit 1
                set location server 
                set protocol HTTP 
            next
        end
    next
    edit "sniffer-profile"
        set comment "Monitor IPS attacks."
        config entries
            edit 1
                set severity high critical 
            next
        end
    next
end
config firewall shaper traffic-shaper
    edit "high-priority"
        set maximum-bandwidth 1048576
        set per-policy enable
    next
    edit "medium-priority"
        set maximum-bandwidth 1048576
        set priority medium
        set per-policy enable
    next
    edit "low-priority"
        set maximum-bandwidth 1048576
        set priority low
        set per-policy enable
    next
    edit "guarantee-100kbps"
        set guaranteed-bandwidth 100
        set maximum-bandwidth 1048576
        set per-policy enable
    next
    edit "shared-1M-pipe"
        set maximum-bandwidth 1024
    next
end
config web-proxy global
    set proxy-fqdn "default.fqdn"
end
config web-proxy explicit
    set status enable
    set http-incoming-port 8888
end
config application list
    edit "g-default"
        set comment "Monitor all applications."
        config entries
            edit 1
                set action pass
            next
        end
    next
    edit "g-sniffer-profile"
        set comment "Monitor all applications."
        unset options
        config entries
            edit 1
                set action pass
            next
        end
    next
    edit "g-wifi-default"
        set comment "Default configuration for offloading WiFi traffic."
        set deep-app-inspection disable
        config entries
            edit 1
                set category 2 3 5 6 7 8 12 15 17 21 22 23 25 26 28 30 31
                set action pass
                set log disable
            next
        end
    next
    edit "block-high-risk"
        config entries
            edit 1
                set category 2 6
            next
            edit 2
                set action pass
            next
        end
    next
    edit "block-p2p"
        config entries
            edit 1
                set category 2
            next
        end
    next
    edit "monitor-p2p-and-media"
        config entries
            edit 1
                set category 2
                set action pass
            next
            edit 2
                set category 5
                set action pass
            next
        end
    next
end
config dlp filepattern
    edit 1
        set name "builtin-patterns"
        config entries
            edit "*.bat"
            next
            edit "*.com"
            next
            edit "*.dll"
            next
            edit "*.doc"
            next
            edit "*.exe"
            next
            edit "*.gz"
            next
            edit "*.hta"
            next
            edit "*.ppt"
            next
            edit "*.rar"
            next
            edit "*.scr"
            next
            edit "*.tar"
            next
            edit "*.tgz"
            next
            edit "*.vb?"
            next
            edit "*.wps"
            next
            edit "*.xl?"
            next
            edit "*.zip"
            next
            edit "*.pif"
            next
            edit "*.cpl"
            next
        end
    next
    edit 2
        set name "all_executables"
        config entries
            edit "bat"
                set filter-type type
                set file-type bat
            next
            edit "exe"
                set filter-type type
                set file-type exe
            next
            edit "elf"
                set filter-type type
                set file-type elf
            next
            edit "hta"
                set filter-type type
                set file-type hta
            next
        end
    next
end
config dlp sensitivity
    edit "Private"
    next
    edit "Critical"
    next
    edit "Warning"
    next
end
config dlp sensor
    edit "g-default"
        set comment "Default sensor."
    next
    edit "g-sniffer-profile"
        set comment "Log a summary of email and web traffic."
        set summary-proto smtp pop3 imap http-get http-post
    next
    edit "default"
        set comment "Log a summary of email and web traffic."
        set summary-proto smtp pop3 imap http-get http-post
    next
end
config webfilter ips-urlfilter-setting
end
config webfilter ips-urlfilter-setting6
end
config log threat-weight
    config web
        edit 1
            set category 26
            set level high
        next
        edit 2
            set category 61
            set level high
        next
        edit 3
            set category 86
            set level high
        next
        edit 4
            set category 1
            set level medium
        next
        edit 5
            set category 3
            set level medium
        next
        edit 6
            set category 4
            set level medium
        next
        edit 7
            set category 5
            set level medium
        next
        edit 8
            set category 6
            set level medium
        next
        edit 9
            set category 12
            set level medium
        next
        edit 10
            set category 59
            set level medium
        next
        edit 11
            set category 62
            set level medium
        next
        edit 12
            set category 83
            set level medium
        next
        edit 13
            set category 72
        next
        edit 14
            set category 14
        next
    end
    config application
        edit 1
            set category 2
        next
        edit 2
            set category 6
            set level medium
        next
    end
end
config icap profile
    edit "default"
    next
end
config user radius
    edit "FAC RADIUS"
        set server "172.30.72.231"
        set secret ENC XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        set secondary-server "172.30.72.232"
        set secondary-secret ENC XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    next
end
config user ldap
    edit "ad-fortidemo"
        set server "10.88.210.100"
        set cnid "sAMAccountName"
        set dn "dc=corp,dc=fortidemo,dc=com"
        set type regular
        set username "administrator@corp.fortidemo.com"
        set password ENC XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    next
end
config user fortitoken
    edit "FTKMOB5C94FE73B4"
        set license "FTMTRIAL00674734"
    next
    edit "FTKMOB5CC0DB3E44"
        set license "FTMTRIAL00674734"
    next
end
config user local
    edit "guest"
        set type password
        set passwd ENC XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    next
    edit "timbo"
        set type password
        set passwd-time 2019-11-14 07:38:19
        set passwd ENC XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    next
    edit "hridding"
        set type ldap
        set ldap-server "ad-fortidemo"
    next
    edit "mpoppins"
        set type ldap
        set ldap-server "ad-fortidemo"
    next
end
config user setting
    set auth-cert "Fortinet_Factory"
end
config user quarantine
    set quarantine disable
end
config user group
    edit "SSO_Guest_Users"
    next
    edit "Guest-group"
        set member "guest"
    next
    edit "demo-admins"
        set member "FAC RADIUS"
    next
end
config vpn ssl web host-check-software
    edit "FortiClient-AV"
        set guid "1A0271D5-3D4F-46DB-0C2C-AB37BA90D9F7"
    next
    edit "FortiClient-FW"
        set type fw
        set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
    next
    edit "FortiClient-AV-Vista"
        set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
    next
    edit "FortiClient-FW-Vista"
        set type fw
        set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
    next
    edit "FortiClient-AV-Win7"
        set guid "71629DC5-BE6F-CCD3-C5A5-014980643264"
    next
    edit "AVG-Internet-Security-AV"
        set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
    next
    edit "AVG-Internet-Security-FW"
        set type fw
        set guid "8DECF618-9569-4340-B34A-D78D28969B66"
    next
    edit "AVG-Internet-Security-AV-Vista-Win7"
        set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
    next
    edit "AVG-Internet-Security-FW-Vista-Win7"
        set type fw
        set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
    next
    edit "CA-Anti-Virus"
        set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
    next
    edit "CA-Internet-Security-AV"
        set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
    next
    edit "CA-Internet-Security-FW"
        set type fw
        set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
    next
    edit "CA-Internet-Security-AV-Vista-Win7"
        set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
    next
    edit "CA-Internet-Security-FW-Vista-Win7"
        set type fw
        set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
    next
    edit "CA-Personal-Firewall"
        set type fw
        set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
    next
    edit "F-Secure-Internet-Security-AV"
        set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
    next
    edit "F-Secure-Internet-Security-FW"
        set type fw
        set guid "D4747503-0346-49EB-9262-997542F79BF4"
    next
    edit "F-Secure-Internet-Security-AV-Vista-Win7"
        set guid "15414183-282E-D62C-CA37-EF24860A2F17"
    next
    edit "F-Secure-Internet-Security-FW-Vista-Win7"
        set type fw
        set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
    next
    edit "Kaspersky-AV"
        set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
    next
    edit "Kaspersky-FW"
        set type fw
        set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
    next
    edit "Kaspersky-AV-Vista-Win7"
        set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
    next
    edit "Kaspersky-FW-Vista-Win7"
        set type fw
        set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
    next
    edit "McAfee-Internet-Security-Suite-AV"
        set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
    next
    edit "McAfee-Internet-Security-Suite-FW"
        set type fw
        set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
    next
    edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
        set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
    next
    edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
        set type fw
        set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
    next
    edit "McAfee-Virus-Scan-Enterprise"
        set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
    next
    edit "Norton-360-2.0-AV"
        set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
    next
    edit "Norton-360-2.0-FW"
        set type fw
        set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
    next
    edit "Norton-360-3.0-AV"
        set guid "E10A9785-9598-4754-B552-92431C1C35F8"
    next
    edit "Norton-360-3.0-FW"
        set type fw
        set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
    next
    edit "Norton-Internet-Security-AV"
        set guid "E10A9785-9598-4754-B552-92431C1C35F8"
    next
    edit "Norton-Internet-Security-FW"
        set type fw
        set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
    next
    edit "Norton-Internet-Security-AV-Vista-Win7"
        set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
    next
    edit "Norton-Internet-Security-FW-Vista-Win7"
        set type fw
        set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
    next
    edit "Symantec-Endpoint-Protection-AV"
        set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
    next
    edit "Symantec-Endpoint-Protection-FW"
        set type fw
        set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
    next
    edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
        set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
    next
    edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
        set type fw
        set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
    next
    edit "Panda-Antivirus+Firewall-2008-AV"
        set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
    next
    edit "Panda-Antivirus+Firewall-2008-FW"
        set type fw
        set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
    next
    edit "Panda-Internet-Security-AV"
        set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
    next
    edit "Panda-Internet-Security-2006~2007-FW"
        set type fw
        set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
    next
    edit "Panda-Internet-Security-2008~2009-FW"
        set type fw
        set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
    next
    edit "Sophos-Anti-Virus"
        set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
    next
    edit "Sophos-Enpoint-Secuirty-and-Control-FW"
        set type fw
        set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
    next
    edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
        set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
    next
    edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
        set type fw
        set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
    next
    edit "Trend-Micro-AV"
        set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
    next
    edit "Trend-Micro-FW"
        set type fw
        set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
    next
    edit "Trend-Micro-AV-Vista-Win7"
        set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
    next
    edit "Trend-Micro-FW-Vista-Win7"
        set type fw
        set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
    next
    edit "ZoneAlarm-AV"
        set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
    next
    edit "ZoneAlarm-FW"
        set type fw
        set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
    next
    edit "ZoneAlarm-AV-Vista-Win7"
        set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
    next
    edit "ZoneAlarm-FW-Vista-Win7"
        set type fw
        set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
    next
    edit "ESET-Smart-Security-AV"
        set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
    next
    edit "ESET-Smart-Security-FW"
        set type fw
        set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
    next
    edit "FortiClient-AV-Vista-Win7"
        set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
    next
    edit "FortiClient-FW-Vista-Win7"
        set type fw
        set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
    next
    edit "FortiClient5-AV"
        set guid "5EEDDB8C-C27A-6714-3657-DBD811D1F1B7"
    next
end
config vpn ssl web portal
    edit "full-access"
        set tunnel-mode enable
        set ipv6-tunnel-mode enable
        set web-mode enable
        set ip-pools "SSLVPN_TUNNEL_ADDR1"
        set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
    next
    edit "web-access"
        set web-mode enable
    next
    edit "tunnel-access"
        set tunnel-mode enable
        set ipv6-tunnel-mode enable
        set ip-pools "SSLVPN_TUNNEL_ADDR1"
        set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
    next
end
config vpn ssl settings
    set ssl-min-proto-ver tls1-1
    set servercert "certificate-fortidemo"
    set tunnel-ip-pools "SSLVPN_TUNNEL_ADDR1"
    set tunnel-ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
    set port 4430
    set source-interface "any"
    set source-address "all"
    set source-address6 "all"
    set default-portal "full-access"
    config authentication-rule
        edit 1
            set users "guest"
            set portal "full-access"
        next
    end
end
config voip profile
    edit "default"
        set comment "Default VoIP profile."
        config sip
            set strict-register disable
        end
    next
    edit "strict"
        config sip
            set strict-register disable
            set malformed-request-line discard
            set malformed-header-via discard
            set malformed-header-from discard
            set malformed-header-to discard
            set malformed-header-call-id discard
            set malformed-header-cseq discard
            set malformed-header-rack discard
            set malformed-header-rseq discard
            set malformed-header-contact discard
            set malformed-header-record-route discard
            set malformed-header-route discard
            set malformed-header-expires discard
            set malformed-header-content-type discard
            set malformed-header-content-length discard
            set malformed-header-max-forwards discard
            set malformed-header-allow discard
            set malformed-header-p-asserted-identity discard
            set malformed-header-sdp-v discard
            set malformed-header-sdp-o discard
            set malformed-header-sdp-s discard
            set malformed-header-sdp-i discard
            set malformed-header-sdp-c discard
            set malformed-header-sdp-b discard
            set malformed-header-sdp-z discard
            set malformed-header-sdp-k discard
            set malformed-header-sdp-a discard
            set malformed-header-sdp-t discard
            set malformed-header-sdp-r discard
            set malformed-header-sdp-m discard
        end
    next
end
config dnsfilter profile
    edit "default"
        set comment "Default dns filtering."
        config ftgd-dns
            config filters
                edit 1
                    set category 2
                next
                edit 2
                    set category 7
                next
                edit 3
                    set category 8
                next
                edit 4
                    set category 9
                next
                edit 5
                    set category 11
                next
                edit 6
                    set category 12
                next
                edit 7
                    set category 13
                next
                edit 8
                    set category 14
                next
                edit 9
                    set category 15
                next
                edit 10
                    set category 16
                next
                edit 11
                next
                edit 12
                    set category 57
                next
                edit 13
                    set category 63
                next
                edit 14
                    set category 64
                next
                edit 15
                    set category 65
                next
                edit 16
                    set category 66
                next
                edit 17
                    set category 67
                next
                edit 18
                    set category 26
                    set action block
                next
                edit 19
                    set category 61
                    set action block
                next
                edit 20
                    set category 86
                    set action block
                next
                edit 21
                    set category 88
                    set action block
                next
                edit 22
                    set category 90
                next
                edit 23
                    set category 91
                next
            end
        end
        set block-botnet enable
    next
end
config antivirus settings
    set grayware enable
end
config antivirus profile
    edit "g-default"
        set comment "Scan files and block viruses."
        config http
            set options scan
        end
        config ftp
            set options scan
        end
        config imap
            set options scan
            set executables virus
        end
        config pop3
            set options scan
            set executables virus
        end
        config smtp
            set options scan
            set executables virus
        end
    next
    edit "g-sniffer-profile"
        set comment "Scan files and monitor viruses."
        config http
            set options scan
        end
        config ftp
            set options scan
        end
        config imap
            set options scan
            set executables virus
        end
        config pop3
            set options scan
            set executables virus
        end
        config smtp
            set options scan
            set executables virus
        end
    next
    edit "g-wifi-default"
        set comment "Default configuration for offloading WiFi traffic."
        config http
            set options scan
        end
        config ftp
            set options scan
        end
        config imap
            set options scan
            set executables virus
        end
        config pop3
            set options scan
            set executables virus
        end
        config smtp
            set options scan
            set executables virus
        end
    next
    edit "default"
        set comment "Scan files and block viruses."
        config http
            set options scan
        end
        config ftp
            set options scan
        end
        config imap
            set options scan
        end
        config pop3
            set options scan
        end
        config smtp
            set options scan
        end
    next
end
config webfilter profile
    edit "g-default"
        set comment "Default web filtering."
        config ftgd-wf
            unset options
            config filters
                edit 1
                    set category 2
                    set action block
                next
                edit 2
                    set category 7
                    set action block
                next
                edit 3
                    set category 8
                    set action block
                next
                edit 4
                    set category 9
                    set action block
                next
                edit 5
                    set category 11
                    set action block
                next
                edit 6
                    set category 12
                    set action block
                next
                edit 7
                    set category 13
                    set action block
                next
                edit 8
                    set category 14
                    set action block
                next
                edit 9
                    set category 15
                    set action block
                next
                edit 10
                    set category 16
                    set action block
                next
                edit 11
                    set action block
                next
                edit 12
                    set category 57
                    set action block
                next
                edit 13
                    set category 63
                    set action block
                next
                edit 14
                    set category 64
                    set action block
                next
                edit 15
                    set category 65
                    set action block
                next
                edit 16
                    set category 66
                    set action block
                next
                edit 17
                    set category 67
                    set action block
                next
                edit 18
                    set category 26
                    set action block
                next
                edit 19
                    set category 61
                    set action block
                next
                edit 20
                    set category 86
                    set action block
                next
                edit 21
                    set category 88
                    set action block
                next
                edit 22
                    set category 90
                    set action block
                next
                edit 23
                    set category 91
                    set action block
                next
            end
        end
    next
    edit "g-sniffer-profile"
        set comment "Monitor web traffic."
        config ftgd-wf
            config filters
                edit 1
                next
                edit 2
                    set category 1
                next
                edit 3
                    set category 2
                next
                edit 4
                    set category 3
                next
                edit 5
                    set category 4
                next
                edit 6
                    set category 5
                next
                edit 7
                    set category 6
                next
                edit 8
                    set category 7
                next
                edit 9
                    set category 8
                next
                edit 10
                    set category 9
                next
                edit 11
                    set category 11
                next
                edit 12
                    set category 12
                next
                edit 13
                    set category 13
                next
                edit 14
                    set category 14
                next
                edit 15
                    set category 15
                next
                edit 16
                    set category 16
                next
                edit 17
                    set category 17
                next
                edit 18
                    set category 18
                next
                edit 19
                    set category 19
                next
                edit 20
                    set category 20
                next
                edit 21
                    set category 23
                next
                edit 22
                    set category 24
                next
                edit 23
                    set category 25
                next
                edit 24
                    set category 26
                next
                edit 25
                    set category 28
                next
                edit 26
                    set category 29
                next
                edit 27
                    set category 30
                next
                edit 28
                    set category 31
                next
                edit 29
                    set category 33
                next
                edit 30
                    set category 34
                next
                edit 31
                    set category 35
                next
                edit 32
                    set category 36
                next
                edit 33
                    set category 37
                next
                edit 34
                    set category 38
                next
                edit 35
                    set category 39
                next
                edit 36
                    set category 40
                next
                edit 37
                    set category 41
                next
                edit 38
                    set category 42
                next
                edit 39
                    set category 43
                next
                edit 40
                    set category 44
                next
                edit 41
                    set category 46
                next
                edit 42
                    set category 47
                next
                edit 43
                    set category 48
                next
                edit 44
                    set category 49
                next
                edit 45
                    set category 50
                next
                edit 46
                    set category 51
                next
                edit 47
                    set category 52
                next
                edit 48
                    set category 53
                next
                edit 49
                    set category 54
                next
                edit 50
                    set category 55
                next
                edit 51
                    set category 56
                next
                edit 52
                    set category 57
                next
                edit 53
                    set category 58
                next
                edit 54
                    set category 59
                next
                edit 55
                    set category 61
                next
                edit 56
                    set category 62
                next
                edit 57
                    set category 63
                next
                edit 58
                    set category 64
                next
                edit 59
                    set category 65
                next
                edit 60
                    set category 66
                next
                edit 61
                    set category 67
                next
                edit 62
                    set category 68
                next
                edit 63
                    set category 69
                next
                edit 64
                    set category 70
                next
                edit 65
                    set category 71
                next
                edit 66
                    set category 72
                next
                edit 67
                    set category 75
                next
                edit 68
                    set category 76
                next
                edit 69
                    set category 77
                next
                edit 70
                    set category 78
                next
                edit 71
                    set category 79
                next
                edit 72
                    set category 80
                next
                edit 73
                    set category 81
                next
                edit 74
                    set category 82
                next
                edit 75
                    set category 83
                next
                edit 76
                    set category 84
                next
                edit 77
                    set category 85
                next
                edit 78
                    set category 86
                next
                edit 79
                    set category 87
                next
                edit 80
                    set category 88
                next
                edit 81
                    set category 89
                next
                edit 82
                    set category 90
                next
                edit 83
                    set category 91
                next
                edit 84
                    set category 92
                next
                edit 85
                    set category 93
                next
                edit 86
                    set category 94
                next
                edit 87
                    set category 95
                next
            end
        end
    next
    edit "g-wifi-default"
        set comment "Default configuration for offloading WiFi traffic."
        set options block-invalid-url
        set post-action block
        config ftgd-wf
            unset options
            config filters
                edit 1
                next
                edit 2
                    set category 2
                    set action block
                next
                edit 3
                    set category 7
                    set action block
                next
                edit 4
                    set category 8
                    set action block
                next
                edit 5
                    set category 9
                    set action block
                next
                edit 6
                    set category 11
                    set action block
                next
                edit 7
                    set category 13
                    set action block
                next
                edit 8
                    set category 14
                    set action block
                next
                edit 9
                    set category 15
                    set action block
                next
                edit 10
                    set category 16
                    set action block
                next
                edit 11
                    set category 26
                    set action block
                next
                edit 12
                    set category 57
                    set action block
                next
                edit 13
                    set category 61
                    set action block
                next
                edit 14
                    set category 63
                    set action block
                next
                edit 15
                    set category 64
                    set action block
                next
                edit 16
                    set category 65
                    set action block
                next
                edit 17
                    set category 66
                    set action block
                next
                edit 18
                    set category 67
                    set action block
                next
                edit 19
                    set category 86
                    set action block
                next
                edit 20
                    set category 88
                    set action block
                next
                edit 21
                    set category 90
                    set action block
                next
                edit 22
                    set category 91
                    set action block
                next
            end
        end
    next
    edit "block-security-risks"
        set comment "Block security risks."
        config ftgd-wf
            set options rate-server-ip
            config filters
                edit 1
                    set category 26
                    set action block
                next
                edit 2
                    set category 61
                    set action block
                next
                edit 3
                    set category 86
                    set action block
                next
                edit 4
                    set action warning
                next
                edit 5
                    set category 90
                    set action warning
                next
                edit 6
                    set category 91
                    set action warning
                next
            end
        end
    next
    edit "default"
        set comment "Default web filtering."
        config ftgd-wf
            config filters
                edit 1
                    set category 2
                    set action warning
                next
                edit 2
                    set category 7
                    set action warning
                next
                edit 3
                    set category 8
                    set action warning
                next
                edit 4
                    set category 9
                    set action warning
                next
                edit 5
                    set category 11
                    set action warning
                next
                edit 6
                    set category 12
                    set action warning
                next
                edit 7
                    set category 13
                    set action warning
                next
                edit 8
                    set category 14
                    set action warning
                next
                edit 9
                    set category 15
                    set action warning
                next
                edit 10
                    set category 16
                    set action warning
                next
                edit 11
                    set action warning
                next
                edit 12
                    set category 57
                    set action warning
                next
                edit 13
                    set category 63
                    set action warning
                next
                edit 14
                    set category 64
                    set action warning
                next
                edit 15
                    set category 65
                    set action warning
                next
                edit 16
                    set category 66
                    set action warning
                next
                edit 17
                    set category 67
                    set action warning
                next
                edit 18
                    set category 26
                    set action block
                next
                edit 19
                    set category 90
                    set action warning
                next
                edit 20
                    set category 91
                    set action warning
                next
            end
        end
    next
    edit "flow-monitor-all"
        set comment "Monitor and log all visited URLs, flow-based."
        config ftgd-wf
            unset options
            config filters
                edit 1
                    set category 1
                next
                edit 2
                    set category 3
                next
                edit 3
                    set category 4
                next
                edit 4
                    set category 5
                next
                edit 5
                    set category 6
                next
                edit 6
                    set category 12
                next
                edit 7
                    set category 59
                next
                edit 8
                    set category 62
                next
                edit 9
                    set category 83
                next
                edit 10
                    set category 2
                next
                edit 11
                    set category 7
                next
                edit 12
                    set category 8
                next
                edit 13
                    set category 9
                next
                edit 14
                    set category 11
                next
                edit 15
                    set category 13
                next
                edit 16
                    set category 14
                next
                edit 17
                    set category 15
                next
                edit 18
                    set category 16
                next
                edit 19
                    set category 57
                next
                edit 20
                    set category 63
                next
                edit 21
                    set category 64
                next
                edit 22
                    set category 65
                next
                edit 23
                    set category 66
                next
                edit 24
                    set category 67
                next
                edit 25
                    set category 19
                next
                edit 26
                    set category 24
                next
                edit 27
                    set category 25
                next
                edit 28
                    set category 72
                next
                edit 29
                    set category 75
                next
                edit 30
                    set category 76
                next
                edit 31
                    set category 26
                next
                edit 32
                    set category 61
                next
                edit 33
                    set category 86
                next
                edit 34
                    set category 17
                next
                edit 35
                    set category 18
                next
                edit 36
                    set category 20
                next
                edit 37
                    set category 23
                next
                edit 38
                    set category 28
                next
                edit 39
                    set category 29
                next
                edit 40
                    set category 30
                next
                edit 41
                    set category 33
                next
                edit 42
                    set category 34
                next
                edit 43
                    set category 35
                next
                edit 44
                    set category 36
                next
                edit 45
                    set category 37
                next
                edit 46
                    set category 38
                next
                edit 47
                    set category 39
                next
                edit 48
                    set category 40
                next
                edit 49
                    set category 42
                next
                edit 50
                    set category 44
                next
                edit 51
                    set category 46
                next
                edit 52
                    set category 47
                next
                edit 53
                    set category 48
                next
                edit 54
                    set category 54
                next
                edit 55
                    set category 55
                next
                edit 56
                    set category 58
                next
                edit 57
                    set category 68
                next
                edit 58
                    set category 69
                next
                edit 59
                    set category 70
                next
                edit 60
                    set category 71
                next
                edit 61
                    set category 77
                next
                edit 62
                    set category 78
                next
                edit 63
                    set category 79
                next
                edit 64
                    set category 80
                next
                edit 65
                    set category 82
                next
                edit 66
                    set category 85
                next
                edit 67
                    set category 87
                next
                edit 68
                    set category 31
                next
                edit 69
                    set category 41
                next
                edit 70
                    set category 43
                next
                edit 71
                    set category 49
                next
                edit 72
                    set category 50
                next
                edit 73
                    set category 51
                next
                edit 74
                    set category 52
                next
                edit 75
                    set category 53
                next
                edit 76
                    set category 56
                next
                edit 77
                    set category 81
                next
                edit 78
                    set category 84
                next
                edit 79
                next
                edit 80
                    set category 89
                next
                edit 81
                    set category 88
                next
                edit 82
                    set category 90
                next
                edit 83
                    set category 91
                next
                edit 84
                    set category 92
                next
                edit 85
                    set category 93
                next
                edit 86
                    set category 94
                next
                edit 87
                    set category 95
                next
            end
        end
        set log-all-url enable
        set web-content-log disable
        set web-filter-activex-log disable
        set web-filter-command-block-log disable
        set web-filter-cookie-log disable
        set web-filter-applet-log disable
        set web-filter-jscript-log disable
        set web-filter-js-log disable
        set web-filter-vbs-log disable
        set web-filter-unknown-log disable
        set web-filter-referer-log disable
        set web-filter-cookie-removal-log disable
        set web-url-log disable
        set web-invalid-domain-log disable
        set web-ftgd-err-log disable
        set web-ftgd-quota-usage disable
    next
    edit "g-default"
        set comment "Default web filtering."
        config ftgd-wf
            unset options
            config filters
                edit 1
                    set category 2
                    set action block
                next
                edit 2
                    set category 7
                    set action block
                next
                edit 3
                    set category 8
                    set action block
                next
                edit 4
                    set category 9
                    set action block
                next
                edit 5
                    set category 11
                    set action block
                next
                edit 6
                    set category 12
                    set action block
                next
                edit 7
                    set category 13
                    set action block
                next
                edit 8
                    set category 14
                    set action block
                next
                edit 9
                    set category 15
                    set action block
                next
                edit 10
                    set category 16
                    set action block
                next
                edit 11
                    set action block
                next
                edit 12
                    set category 57
                    set action block
                next
                edit 13
                    set category 63
                    set action block
                next
                edit 14
                    set category 64
                    set action block
                next
                edit 15
                    set category 65
                    set action block
                next
                edit 16
                    set category 66
                    set action block
                next
                edit 17
                    set category 67
                    set action block
                next
                edit 18
                    set category 26
                    set action block
                next
                edit 19
                    set category 61
                    set action block
                next
                edit 20
                    set category 86
                    set action block
                next
                edit 21
                    set category 88
                    set action block
                next
                edit 22
                    set category 90
                    set action block
                next
                edit 23
                    set category 91
                    set action block
                next
            end
        end
    next
    edit "monitor-all"
        set comment "Monitor and log all visited URLs, proxy-based."
        config ftgd-wf
            unset options
            config filters
                edit 1
                    set category 1
                next
                edit 2
                    set category 3
                next
                edit 3
                    set category 4
                next
                edit 4
                    set category 5
                next
                edit 5
                    set category 6
                next
                edit 6
                    set category 12
                next
                edit 7
                    set category 59
                next
                edit 8
                    set category 62
                next
                edit 9
                    set category 83
                next
                edit 10
                    set category 2
                next
                edit 11
                    set category 7
                next
                edit 12
                    set category 8
                next
                edit 13
                    set category 9
                next
                edit 14
                    set category 11
                next
                edit 15
                    set category 13
                next
                edit 16
                    set category 14
                next
                edit 17
                    set category 15
                next
                edit 18
                    set category 16
                next
                edit 19
                    set category 57
                next
                edit 20
                    set category 63
                next
                edit 21
                    set category 64
                next
                edit 22
                    set category 65
                next
                edit 23
                    set category 66
                next
                edit 24
                    set category 67
                next
                edit 25
                    set category 19
                next
                edit 26
                    set category 24
                next
                edit 27
                    set category 25
                next
                edit 28
                    set category 72
                next
                edit 29
                    set category 75
                next
                edit 30
                    set category 76
                next
                edit 31
                    set category 26
                next
                edit 32
                    set category 61
                next
                edit 33
                    set category 86
                next
                edit 34
                    set category 17
                next
                edit 35
                    set category 18
                next
                edit 36
                    set category 20
                next
                edit 37
                    set category 23
                next
                edit 38
                    set category 28
                next
                edit 39
                    set category 29
                next
                edit 40
                    set category 30
                next
                edit 41
                    set category 33
                next
                edit 42
                    set category 34
                next
                edit 43
                    set category 35
                next
                edit 44
                    set category 36
                next
                edit 45
                    set category 37
                next
                edit 46
                    set category 38
                next
                edit 47
                    set category 39
                next
                edit 48
                    set category 40
                next
                edit 49
                    set category 42
                next
                edit 50
                    set category 44
                next
                edit 51
                    set category 46
                next
                edit 52
                    set category 47
                next
                edit 53
                    set category 48
                next
                edit 54
                    set category 54
                next
                edit 55
                    set category 55
                next
                edit 56
                    set category 58
                next
                edit 57
                    set category 68
                next
                edit 58
                    set category 69
                next
                edit 59
                    set category 70
                next
                edit 60
                    set category 71
                next
                edit 61
                    set category 77
                next
                edit 62
                    set category 78
                next
                edit 63
                    set category 79
                next
                edit 64
                    set category 80
                next
                edit 65
                    set category 82
                next
                edit 66
                    set category 85
                next
                edit 67
                    set category 87
                next
                edit 68
                    set category 31
                next
                edit 69
                    set category 41
                next
                edit 70
                    set category 43
                next
                edit 71
                    set category 49
                next
                edit 72
                    set category 50
                next
                edit 73
                    set category 51
                next
                edit 74
                    set category 52
                next
                edit 75
                    set category 53
                next
                edit 76
                    set category 56
                next
                edit 77
                    set category 81
                next
                edit 78
                    set category 84
                next
                edit 79
                next
                edit 80
                    set category 89
                next
                edit 81
                    set category 88
                next
                edit 82
                    set category 90
                next
                edit 83
                    set category 91
                next
                edit 84
                    set category 92
                next
                edit 85
                    set category 93
                next
                edit 86
                    set category 94
                next
                edit 87
                    set category 95
                next
            end
        end
        set log-all-url enable
        set web-content-log disable
        set web-filter-activex-log disable
        set web-filter-command-block-log disable
        set web-filter-cookie-log disable
        set web-filter-applet-log disable
        set web-filter-jscript-log disable
        set web-filter-js-log disable
        set web-filter-vbs-log disable
        set web-filter-unknown-log disable
        set web-filter-referer-log disable
        set web-filter-cookie-removal-log disable
        set web-url-log disable
        set web-invalid-domain-log disable
        set web-ftgd-err-log disable
        set web-ftgd-quota-usage disable
    next
    edit "sniffer-profile"
        set comment "Monitor web traffic."
        config ftgd-wf
            config filters
                edit 1
                next
                edit 2
                    set category 1
                next
                edit 3
                    set category 2
                next
                edit 4
                    set category 3
                next
                edit 5
                    set category 4
                next
                edit 6
                    set category 5
                next
                edit 7
                    set category 6
                next
                edit 8
                    set category 7
                next
                edit 9
                    set category 8
                next
                edit 10
                    set category 9
                next
                edit 11
                    set category 11
                next
                edit 12
                    set category 12
                next
                edit 13
                    set category 13
                next
                edit 14
                    set category 14
                next
                edit 15
                    set category 15
                next
                edit 16
                    set category 16
                next
                edit 17
                    set category 17
                next
                edit 18
                    set category 18
                next
                edit 19
                    set category 19
                next
                edit 20
                    set category 20
                next
                edit 21
                    set category 23
                next
                edit 22
                    set category 24
                next
                edit 23
                    set category 25
                next
                edit 24
                    set category 26
                next
                edit 25
                    set category 28
                next
                edit 26
                    set category 29
                next
                edit 27
                    set category 30
                next
                edit 28
                    set category 31
                next
                edit 29
                    set category 33
                next
                edit 30
                    set category 34
                next
                edit 31
                    set category 35
                next
                edit 32
                    set category 36
                next
                edit 33
                    set category 37
                next
                edit 34
                    set category 38
                next
                edit 35
                    set category 39
                next
                edit 36
                    set category 40
                next
                edit 37
                    set category 41
                next
                edit 38
                    set category 42
                next
                edit 39
                    set category 43
                next
                edit 40
                    set category 44
                next
                edit 41
                    set category 46
                next
                edit 42
                    set category 47
                next
                edit 43
                    set category 48
                next
                edit 44
                    set category 49
                next
                edit 45
                    set category 50
                next
                edit 46
                    set category 51
                next
                edit 47
                    set category 52
                next
                edit 48
                    set category 53
                next
                edit 49
                    set category 54
                next
                edit 50
                    set category 55
                next
                edit 51
                    set category 56
                next
                edit 52
                    set category 57
                next
                edit 53
                    set category 58
                next
                edit 54
                    set category 59
                next
                edit 55
                    set category 61
                next
                edit 56
                    set category 62
                next
                edit 57
                    set category 63
                next
                edit 58
                    set category 64
                next
                edit 59
                    set category 65
                next
                edit 60
                    set category 66
                next
                edit 61
                    set category 67
                next
                edit 62
                    set category 68
                next
                edit 63
                    set category 69
                next
                edit 64
                    set category 70
                next
                edit 65
                    set category 71
                next
                edit 66
                    set category 72
                next
                edit 67
                    set category 75
                next
                edit 68
                    set category 76
                next
                edit 69
                    set category 77
                next
                edit 70
                    set category 78
                next
                edit 71
                    set category 79
                next
                edit 72
                    set category 80
                next
                edit 73
                    set category 81
                next
                edit 74
                    set category 82
                next
                edit 75
                    set category 83
                next
                edit 76
                    set category 84
                next
                edit 77
                    set category 85
                next
                edit 78
                    set category 86
                next
                edit 79
                    set category 87
                next
                edit 80
                    set category 88
                next
                edit 81
                    set category 89
                next
                edit 82
                    set category 90
                next
                edit 83
                    set category 91
                next
                edit 84
                    set category 92
                next
                edit 85
                    set category 93
                next
                edit 86
                    set category 94
                next
                edit 87
                    set category 95
                next
            end
        end
    next
    edit "web-filter-flow"
        set comment "Flow-based web filter profile."
        config ftgd-wf
            config filters
                edit 1
                    set category 2
                next
                edit 2
                    set category 7
                next
                edit 3
                    set category 8
                next
                edit 4
                    set category 9
                next
                edit 5
                    set category 11
                next
                edit 6
                    set category 12
                next
                edit 7
                    set category 13
                next
                edit 8
                    set category 14
                next
                edit 9
                    set category 15
                next
                edit 10
                    set category 16
                next
                edit 11
                next
                edit 12
                    set category 57
                next
                edit 13
                    set category 63
                next
                edit 14
                    set category 64
                next
                edit 15
                    set category 65
                next
                edit 16
                    set category 66
                next
                edit 17
                    set category 67
                next
                edit 18
                    set category 26
                    set action block
                next
                edit 19
                    set category 90
                next
                edit 20
                    set category 91
                next
            end
        end
    next
end
config webfilter search-engine
    edit "google"
        set hostname ".*\\.google\\..*"
        set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
        set query "q="
        set safesearch url
        set safesearch-str "&safe=active"
    next
    edit "yahoo"
        set hostname ".*\\.yahoo\\..*"
        set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
        set query "p="
        set safesearch url
        set safesearch-str "&vm=r"
    next
    edit "bing"
        set hostname ".*\\.bing\\..*"
        set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
        set query "q="
        set safesearch header
    next
    edit "yandex"
        set hostname ".*\\.yandex\\..*"
        set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"
        set query "text="
        set safesearch url
        set safesearch-str "&family=yes"
    next
    edit "youtube"
        set hostname ".*youtube.*"
        set safesearch header
    next
    edit "baidu"
        set hostname ".*\\.baidu\\.com"
        set url "^\\/s?\\?"
        set query "wd="
    next
    edit "baidu2"
        set hostname ".*\\.baidu\\.com"
        set url "^\\/(ns|q|m|i|v)\\?"
        set query "word="
    next
    edit "baidu3"
        set hostname "tieba\\.baidu\\.com"
        set url "^\\/f\\?"
        set query "kw="
    next
end
config emailfilter profile
    edit "sniffer-profile"
        set comment "Malware and phishing URL monitoring."
    next
    edit "default"
        set comment "Malware and phishing URL filtering."
    next
end
config wanopt settings
    set host-id "default-id"
end
config wanopt profile
    edit "default"
        set comments "Default WANopt profile."
    next
end
config firewall schedule recurring
    edit "always"
        set day sunday monday tuesday wednesday thursday friday saturday
    next
    edit "none"
    next
    edit "default-darrp-optimize"
        set start 01:00
        set end 01:30
        set day sunday monday tuesday wednesday thursday friday saturday
    next
end
config firewall profile-protocol-options
    edit "default"
        set comment "All services."
        config http
            set ports 80
            unset options
            unset post-lang
        end
        config ftp
            set ports 21
            set options splice
        end
        config imap
            set ports 143
            set options fragmail
        end
        config mapi
            set ports 135
            set options fragmail
        end
        config pop3
            set ports 110
            set options fragmail
        end
        config smtp
            set ports 25
            set options fragmail splice
        end
        config nntp
            set ports 119
            set options splice
        end
        config ssh
            unset options
        end
        config dns
            set ports 53
        end
        config cifs
            set ports 445
        end
    next
end
config firewall ssl-ssh-profile
    edit "no-inspection"
        set comment "Read-only profile that does no inspection."
        config https
            set status disable
        end
        config ftps
            set status disable
        end
        config imaps
            set status disable
        end
        config pop3s
            set status disable
        end
        config smtps
            set status disable
        end
        config ssh
            set ports 22
            set status disable
        end
    next
    edit "custom-deep-inspection"
        set comment "Customizable deep inspection profile."
        config https
            set ports 443
            set status deep-inspection
        end
        config ftps
            set ports 990
            set status deep-inspection
        end
        config imaps
            set ports 993
            set status deep-inspection
        end
        config pop3s
            set ports 995
            set status deep-inspection
        end
        config smtps
            set ports 465
            set status deep-inspection
        end
        config ssh
            set ports 22
            set status deep-inspection
        end
        config ssl-exempt
            edit 1
                set fortiguard-category 31
            next
            edit 2
                set fortiguard-category 33
            next
            edit 3
                set type wildcard-fqdn
                set wildcard-fqdn "g-google-play"
            next
            edit 4
                set type wildcard-fqdn
                set wildcard-fqdn "g-update.microsoft.com"
            next
            edit 5
                set type wildcard-fqdn
                set wildcard-fqdn "g-swscan.apple.com"
            next
            edit 6
                set type wildcard-fqdn
                set wildcard-fqdn "g-autoupdate.opera.com"
            next
            edit 7
                set type wildcard-fqdn
                set wildcard-fqdn "g-android"
            next
            edit 8
                set type wildcard-fqdn
                set wildcard-fqdn "g-apple"
            next
            edit 9
                set type wildcard-fqdn
                set wildcard-fqdn "g-appstore"
            next
            edit 10
                set type wildcard-fqdn
                set wildcard-fqdn "g-citrix"
            next
            edit 11
                set type wildcard-fqdn
                set wildcard-fqdn "g-eease"
            next
            edit 12
                set type wildcard-fqdn
                set wildcard-fqdn "g-google-drive"
            next
            edit 13
                set type wildcard-fqdn
                set wildcard-fqdn "g-google-play2"
            next
            edit 14
                set type wildcard-fqdn
                set wildcard-fqdn "g-google-play3"
            next
            edit 15
                set type wildcard-fqdn
                set wildcard-fqdn "g-Gotomeeting"
            next
            edit 16
                set type wildcard-fqdn
                set wildcard-fqdn "g-microsoft"
            next
            edit 17
                set type wildcard-fqdn
                set wildcard-fqdn "g-adobe"
            next
            edit 18
                set type wildcard-fqdn
                set wildcard-fqdn "g-Adobe Login"
            next
            edit 19
                set type wildcard-fqdn
                set wildcard-fqdn "g-dropbox.com"
            next
            edit 20
                set type wildcard-fqdn
                set wildcard-fqdn "g-fortinet"
            next
            edit 21
                set type wildcard-fqdn
                set wildcard-fqdn "g-googleapis.com"
            next
            edit 22
                set type wildcard-fqdn
                set wildcard-fqdn "g-icloud"
            next
            edit 23
                set type wildcard-fqdn
                set wildcard-fqdn "g-itunes"
            next
            edit 24
                set type wildcard-fqdn
                set wildcard-fqdn "g-skype"
            next
            edit 25
                set type wildcard-fqdn
                set wildcard-fqdn "g-verisign"
            next
            edit 26
                set type wildcard-fqdn
                set wildcard-fqdn "g-Windows update 2"
            next
            edit 27
                set type wildcard-fqdn
                set wildcard-fqdn "g-auth.gfx.ms"
            next
            edit 28
                set type wildcard-fqdn
                set wildcard-fqdn "g-softwareupdate.vmware.com"
            next
            edit 29
                set type wildcard-fqdn
                set wildcard-fqdn "g-firefox update server"
            next
            edit 30
                set type wildcard-fqdn
                set wildcard-fqdn "g-live.com"
            next
        end
    next
    edit "certificate-inspection"
        set comment "SSL handshake inspection."
        config https
            set ports 443
            set status certificate-inspection
        end
        config ftps
            set status disable
        end
        config imaps
            set status disable
        end
        config pop3s
            set status disable
        end
        config smtps
            set status disable
        end
        config ssh
            set ports 22
            set status disable
        end
        set caname "Fortinet_CA_SSLProxy"
    next
    edit "deep-inspection"
        set comment "Read-only deep inspection profile."
        config https
            set ports 443
            set status deep-inspection
        end
        config ftps
            set ports 990
            set status deep-inspection
        end
        config imaps
            set ports 993
            set status deep-inspection
        end
        config pop3s
            set ports 995
            set status deep-inspection
        end
        config smtps
            set ports 465
            set status deep-inspection
        end
        config ssh
            set ports 22
            set status disable
        end
        config ssl-exempt
            edit 1
                set fortiguard-category 31
            next
            edit 2
                set fortiguard-category 33
            next
            edit 3
                set type wildcard-fqdn
                set wildcard-fqdn "g-adobe"
            next
            edit 4
                set type wildcard-fqdn
                set wildcard-fqdn "g-Adobe Login"
            next
            edit 5
                set type wildcard-fqdn
                set wildcard-fqdn "g-android"
            next
            edit 6
                set type wildcard-fqdn
                set wildcard-fqdn "g-apple"
            next
            edit 7
                set type wildcard-fqdn
                set wildcard-fqdn "g-appstore"
            next
            edit 8
                set type wildcard-fqdn
                set wildcard-fqdn "g-auth.gfx.ms"
            next
            edit 9
                set type wildcard-fqdn
                set wildcard-fqdn "g-citrix"
            next
            edit 10
                set type wildcard-fqdn
                set wildcard-fqdn "g-dropbox.com"
            next
            edit 11
                set type wildcard-fqdn
                set wildcard-fqdn "g-eease"
            next
            edit 12
                set type wildcard-fqdn
                set wildcard-fqdn "g-firefox update server"
            next
            edit 13
                set type wildcard-fqdn
                set wildcard-fqdn "g-fortinet"
            next
            edit 14
                set type wildcard-fqdn
                set wildcard-fqdn "g-googleapis.com"
            next
            edit 15
                set type wildcard-fqdn
                set wildcard-fqdn "g-google-drive"
            next
            edit 16
                set type wildcard-fqdn
                set wildcard-fqdn "g-google-play2"
            next
            edit 17
                set type wildcard-fqdn
                set wildcard-fqdn "g-google-play3"
            next
            edit 18
                set type wildcard-fqdn
                set wildcard-fqdn "g-Gotomeeting"
            next
            edit 19
                set type wildcard-fqdn
                set wildcard-fqdn "g-icloud"
            next
            edit 20
                set type wildcard-fqdn
                set wildcard-fqdn "g-itunes"
            next
            edit 21
                set type wildcard-fqdn
                set wildcard-fqdn "g-microsoft"
            next
            edit 22
                set type wildcard-fqdn
                set wildcard-fqdn "g-skype"
            next
            edit 23
                set type wildcard-fqdn
                set wildcard-fqdn "g-softwareupdate.vmware.com"
            next
            edit 24
                set type wildcard-fqdn
                set wildcard-fqdn "g-verisign"
            next
            edit 25
                set type wildcard-fqdn
                set wildcard-fqdn "g-Windows update 2"
            next
            edit 26
                set type wildcard-fqdn
                set wildcard-fqdn "g-live.com"
            next
            edit 27
                set type wildcard-fqdn
                set wildcard-fqdn "g-google-play"
            next
            edit 28
                set type wildcard-fqdn
                set wildcard-fqdn "g-update.microsoft.com"
            next
            edit 29
                set type wildcard-fqdn
                set wildcard-fqdn "g-swscan.apple.com"
            next
            edit 30
                set type wildcard-fqdn
                set wildcard-fqdn "g-autoupdate.opera.com"
            next
        end
    next
end
config waf profile
    edit "default"
        config signature
            config main-class 100000000
                set action block
                set log disable
                set severity high
            end
            config main-class 20000000
                set log disable
            end
            config main-class 30000000
                set status enable
                set action block
                set log disable
                set severity high
            end
            config main-class 40000000
                set log disable
            end
            config main-class 50000000
                set status enable
                set action block
                set log disable
                set severity high
            end
            config main-class 60000000
                set log disable
            end
            config main-class 70000000
                set status enable
                set action block
                set log disable
                set severity high
            end
            config main-class 80000000
                set status enable
                set log disable
                set severity low
            end
            config main-class 110000000
                set status enable
                set log disable
                set severity high
            end
            config main-class 90000000
                set status enable
                set action block
                set log disable
                set severity high
            end
            set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002
        end
        config constraint
            config header-length
                set status enable
                set log enable
                set severity low
            end
            config content-length
                set status enable
                set log enable
                set severity low
            end
            config param-length
                set status enable
                set log enable
                set severity low
            end
            config line-length
                set status enable
                set log enable
                set severity low
            end
            config url-param-length
                set status enable
                set log enable
                set severity low
            end
            config version
                set log enable
            end
            config method
                set action block
                set log enable
            end
            config hostname
                set action block
                set log enable
            end
            config malformed
                set log enable
            end
            config max-cookie
                set status enable
                set log enable
                set severity low
            end
            config max-header-line
                set status enable
                set log enable
                set severity low
            end
            config max-url-param
                set status enable
                set log enable
                set severity low
            end
            config max-range-segment
                set status enable
                set log enable
                set severity high
            end
        end
    next
end
config firewall policy
    edit 2
        set name "Test2"
        set uuid 2372eb5c-832b-51ea-dbda-8dea47646393
        set srcintf "port2"
        set dstintf "port1"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set inspection-mode proxy
        set nat enable
    next
    edit 10
        set name "Monitor_Servers_01"
        set uuid 6b10145a-775f-4bcf-bc1b-5caef7e78d5c
        set srcintf "port0"
        set srcintf "port1"
        set srcaddr "host_192.168.122.1" "iprange_192.168.2.1..3"
        set dstaddr "host_192.168.3.1" "host_192.168.3.3" "host_192.168.3.5"
        set action accept
        set schedule "always"
        set service "SNMP" "ALL_ICMP" "HTTPS" "HTTP"
        set comments "2020/04/22 Demo"
    next
end
config firewall proxy-policy
    edit 1
        set uuid c46a6e86-832b-51ea-134a-b57537de4b2a
        set proxy explicit-web
        set dstintf "port1"
        set srcaddr "all"
        set dstaddr "all"
        set service "webproxy"
        set action accept
        set schedule "always"
    next
end
config firewall ssh local-key
    edit "g-Fortinet_SSH_DSA1024"
        set password ENC XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        set source built-in
    next
    edit "g-Fortinet_SSH_ECDSA256"
        set password ENC XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        set source built-in
    next
    edit "g-Fortinet_SSH_ECDSA384"
        set password ENC XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        set source built-in
    next
    edit "g-Fortinet_SSH_ECDSA521"
        set password ENC XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        set source built-in
    next
    edit "g-Fortinet_SSH_ED25519"
        set password ENC XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        set source built-in
    next
    edit "g-Fortinet_SSH_RSA2048"
        set password ENC XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        set source built-in
    next
end
config firewall ssh local-ca
    edit "g-Fortinet_SSH_CA"
        set password ENC XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        set source built-in
    next
    edit "g-Fortinet_SSH_CA_Untrusted"
        set password ENC XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        set source built-in
    next
end
config firewall ssh setting
    set caname "g-Fortinet_SSH_CA"
    set untrusted-caname "g-Fortinet_SSH_CA_Untrusted"
    set hostkey-rsa2048 "g-Fortinet_SSH_RSA2048"
    set hostkey-dsa1024 "g-Fortinet_SSH_DSA1024"
    set hostkey-ecdsa256 "g-Fortinet_SSH_ECDSA256"
    set hostkey-ecdsa384 "g-Fortinet_SSH_ECDSA384"
    set hostkey-ecdsa521 "g-Fortinet_SSH_ECDSA521"
    set hostkey-ed25519 "g-Fortinet_SSH_ED25519"
end
config switch-controller security-policy 802-1X
    edit "802-1X-policy-default"
        set user-group "SSO_Guest_Users"
        set mac-auth-bypass disable
        set open-auth disable
        set eap-passthru enable
        set guest-vlan disable
        set auth-fail-vlan disable
        set framevid-apply enable
        set radius-timeout-overwrite disable
    next
end
config switch-controller security-policy local-access
    edit "default"
        set mgmt-allowaccess https ping ssh
        set internal-allowaccess https ping ssh
    next
end
config switch-controller lldp-profile
    edit "default"
        set med-tlvs inventory-management network-policy location-identification
        set auto-isl disable
        config med-network-policy
            edit "voice"
            next
            edit "voice-signaling"
            next
            edit "guest-voice"
            next
            edit "guest-voice-signaling"
            next
            edit "softphone-voice"
            next
            edit "video-conferencing"
            next
            edit "streaming-video"
            next
            edit "video-signaling"
            next
        end
        config med-location-service
            edit "coordinates"
            next
            edit "address-civic"
            next
            edit "elin-number"
            next
        end
    next
    edit "default-auto-isl"
    next
    edit "default-auto-mclag-icl"
    next
end
config switch-controller qos dot1p-map
    edit "voice-dot1p"
        set priority-0 queue-4
        set priority-1 queue-4
        set priority-2 queue-3
        set priority-3 queue-2
        set priority-4 queue-3
        set priority-5 queue-1
        set priority-6 queue-2
        set priority-7 queue-2
    next
end
config switch-controller qos ip-dscp-map
    edit "voice-dscp"
        config map
            edit "1"
                set cos-queue 1
                set value 46
            next
            edit "2"
                set cos-queue 2
                set value 24,26,48,56
            next
            edit "5"
                set cos-queue 3
                set value 34
            next
        end
    next
end
config switch-controller qos queue-policy
    edit "default"
        set schedule round-robin
        set rate-by kbps
        config cos-queue
            edit "queue-0"
            next
            edit "queue-1"
            next
            edit "queue-2"
            next
            edit "queue-3"
            next
            edit "queue-4"
            next
            edit "queue-5"
            next
            edit "queue-6"
            next
            edit "queue-7"
            next
        end
    next
    edit "voice-egress"
        set schedule weighted
        set rate-by kbps
        config cos-queue
            edit "queue-0"
            next
            edit "queue-1"
                set weight 0
            next
            edit "queue-2"
                set weight 6
            next
            edit "queue-3"
                set weight 37
            next
            edit "queue-4"
                set weight 12
            next
            edit "queue-5"
            next
            edit "queue-6"
            next
            edit "queue-7"
            next
        end
    next
end
config switch-controller qos qos-policy
    edit "default"
    next
    edit "voice-qos"
        set trust-dot1p-map "voice-dot1p"
        set trust-ip-dscp-map "voice-dscp"
        set queue-policy "voice-egress"
    next
end
config switch-controller storm-control-policy
    edit "default"
        set description "default storm control on all port"
    next
    edit "auto-config"
        set description "storm control policy for fortilink-isl-icl port"
        set storm-control-mode disabled
    next
end
config switch-controller auto-config policy
    edit "default"
    next
    edit "default-icl"
        set poe-status disable
        set igmp-flood-report enable
        set igmp-flood-traffic enable
    next
end
config switch-controller auto-config default
    set icl-policy "default"
end
config switch-controller switch-profile
    edit "default"
    next
end
config switch-controller remote-log
    edit "syslogd"
    next
    edit "syslogd2"
    next
end
config wireless-controller wids-profile
    edit "default"
        set comment "Default WIDS profile."
        set ap-scan enable
        set wireless-bridge enable
        set deauth-broadcast enable
        set null-ssid-probe-resp enable
        set long-duration-attack enable
        set invalid-mac-oui enable
        set weak-wep-iv enable
        set auth-frame-flood enable
        set assoc-frame-flood enable
        set spoofed-deauth enable
        set asleap-attack enable
        set eapol-start-flood enable
        set eapol-logoff-flood enable
        set eapol-succ-flood enable
        set eapol-fail-flood enable
        set eapol-pre-succ-flood enable
        set eapol-pre-fail-flood enable
    next
    edit "default-wids-apscan-enabled"
        set ap-scan enable
    next
end
config wireless-controller utm-profile
    edit "g-wifi-default"
        set comment "Default configuration for offloading WiFi traffic."
        set ips-sensor "g-wifi-default"
        set application-list "g-wifi-default"
        set antivirus-profile "g-wifi-default"
        set webfilter-profile "g-wifi-default"
    next
end
config log memory setting
    set status disable
end
config log disk setting
    set status disable
end
config log null-device setting
    set status disable
end
config log setting
    set fwpolicy-implicit-log enable
    set local-in-allow enable
    set local-in-deny-unicast enable
    set local-in-deny-broadcast enable
    set local-out enable
end
config router rip
    config redistribute "connected"
    end
    config redistribute "static"
    end
    config redistribute "ospf"
    end
    config redistribute "bgp"
    end
    config redistribute "isis"
    end
end
config router ripng
    config redistribute "connected"
    end
    config redistribute "static"
    end
    config redistribute "ospf"
    end
    config redistribute "bgp"
    end
    config redistribute "isis"
    end
end
config router static
    edit 1
        set gateway 172.30.72.254
        set device "port1"
    next
end
config router ospf
    config redistribute "connected"
    end
    config redistribute "static"
    end
    config redistribute "rip"
    end
    config redistribute "bgp"
    end
    config redistribute "isis"
    end
end
config router ospf6
    config redistribute "connected"
    end
    config redistribute "static"
    end
    config redistribute "rip"
    end
    config redistribute "bgp"
    end
    config redistribute "isis"
    end
end
config router bgp
    config redistribute "connected"
    end
    config redistribute "rip"
    end
    config redistribute "ospf"
    end
    config redistribute "static"
    end
end
config router static6
    edit 1
    next
end
end
