Documente Academic
Documente Profesional
Documente Cultură
Design goal:
FW upon receiving MCAST 2.2.2.20, 238.2.2.2 on port2, must perform SRC NAT i.e. 200.200.200.200,
238.2.2.2
Current state:
When source is not active:
Test starts:
R1 (source) sends multicast stream (2.2.2.20, 238.2.2.2).
Expected behavior:
1) FW should perform SRC NAT i.e. 200.200.200.200, 238.2.2.2
2) FW should encapsulate this stream (200.200.200.200, 238.2.2.2) in Register message and unicast this
REGISTER message to RP.
3) RP, since it has ( *,238.2.2.2) state with outgoing interface is not null, therefore RP will should PIM
JOIN ( 200.200.200.200,238.2.2.2) towards FW.
Upon receiving this PIM JOIN, FW should update its multicast state table with outgoing interface P3.
FW now should send two copies of each MCAST packet received (200.200.200.200, 238.2.2.2)
RP, upon receiving MCAST (200.200.200.200, 238.2.2.2) natively, send should REGSITER stop message to
FW.
4) Upon receiving REGISTER STOP, FW should stop sending REGISTER message. Now, FW should send
MCAST natively i.e. no more two copies of each MCAST packet received (200.200.200.200, 238.2.2.2).
Observed behavior:
FW does not perform SRC NAT, as a result original packet (2.2.2.20,238.2.2.2.) is carried in REGISTER
Message:
Since RP does not know about the source (2.2.2.2), therefore no PIM JOIN ( 2.2.2.20,238.2.2.2) can be
sent.
1) FW must perform SNAT when encapsulating payload i.e. 200.200.200.200, 238.2.2.2 instead of
2.2.2.20, 238.2.2.2.2
2) FW must act upon PIM JOIN (200.200.200.200, 238.2.2.2) sent by RP and join ( S,G) tree.
The 2nd item cannot be verified as we never progressed to that stage. I mentioned it to ensure when you
guys fixed the natting issue, you should t also ensure FW does demonstrate behavior mentioned in (2).
ADDITIONAL INFO:
FW CONFIG:
FortiGate-VM64 # show
#config-version=FGVM64-6.2.3-FW-build1066-191218:opmode=1:vdom=0:user=admin
#conf_file_ver=179714316608366
#buildno=1066
#global_vdom=1
set timezone 04
end
edit "prof_admin"
next
end
edit "port1"
set snmp-index 1
next
edit "port2"
--More--
set snmp-index 2
next
edit "port3"
set snmp-index 3
next
edit "port4"
set snmp-index 4
next
edit "ssl.root"
set snmp-index 5
next
end
edit "en"
next
edit "fr"
next
edit "sp"
next
edit "pg"
next
edit "x-sjis"
--More--
next
edit "big5"
next
edit "GB2312"
next
edit "euc-kr"
next
end
edit "admin"
next
end
config system ha
end
edit "Virtual-Disk"
set order 1
next
end
--More--
end
edit "logo_fnet"
next
edit "logo_fguard_wf"
next
edit "logo_fw_auth"
next
edit "logo_v2_fnet"
next
edit "logo_v2_fguard_wf"
next
edit "logo_v2_fguard_app"
next
end
end
end
end
end
config system replacemsg mail "email-filesize"
end
--More--
end
end
end
end
end
end
end
end
end
end
end
config system replacemsg http "http-filesize"
end
end
end
end
end
end
end
--More--
end
end
end
end
end
config system replacemsg http "switching-protocols-block"
end
end
end
end
end
end
end
end
end
end
end
end
--More--
end
end
end
end
end
end
end
end
end
end
end
end
end
end
end
end
end
--More--
end
end
end
end
end
end
end
end
end
end
end
end
end
end
end
end
end
config system replacemsg auth "auth-token-login-page"
--More--
end
end
end
end
end
end
end
end
end
end
end
end
config system replacemsg auth "auth-email-failed-page"
end
end
end
end
end
end
--More--
end
end
end
end
end
end
config system replacemsg sslvpn "hostcheck-error"
end
end
end
end
end
end
end
end
end
end
end
end
end
end
end
end
end
end
end
end
end
end
end
end
end
end
edit "vcache://"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
--More--
edit 1
next
end
config content-id
end
next
edit "rule2"
config match-entries
edit 1
set pattern "/*.mpd"
next
end
config content-id
end
next
edit "rule3"
config match-entries
edit 1
next
end
config content-id
end
next
edit "rule4"
config match-entries
edit 1
next
--More--
end
config content-id
end
next
end
next
edit "vcache://youtube/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
end
config content-id
set start-skip 2
next
edit "rule2"
config match-entries
edit 1
next
end
config content-id
set start-skip 2
--More--
end
next
edit "rule3"
config match-entries
edit 1
next
edit 2
next
edit 3
set pattern "/get_video_info"
next
end
config content-id
end
next
end
next
edit "vcache://googlevideo/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
end
config content-id
set start-skip 2
end
next
edit "rule2"
config match-entries
edit 1
next
end
config content-id
set start-skip 2
end
next
edit "rule3"
config match-entries
edit 1
next
edit 2
edit 3
next
end
config content-id
end
next
end
next
--More--
edit "vcache://metacafe/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
edit 2
next
edit 3
next
end
config content-id
set start-skip 1
end
next
end
next
edit "vcache://facebook/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
--More--
next
edit 2
next
edit 3
next
end
config content-id
set start-skip 1
end
next
end
next
edit "vcache://dailymotion/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
edit 2
next
edit 3
next
edit 4
next
--More--
edit 5
next
edit 6
next
edit 7
next
edit 8
next
edit 9
next
edit 10
next
edit 11
next
edit 12
next
edit 13
next
edit 14
next
end
config skip-entries
edit 1
next
--More--
end
config content-id
set start-skip 1
end
next
end
next
edit "vcache://break/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
edit 2
next
end
config skip-entries
edit 1
next
end
config content-id
set start-skip 1
end
next
edit "rule2"
config match-entries
--More--
edit 1
next
edit 2
next
edit 3
next
end
config content-id
end
next
end
next
edit "vcache://msn/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
edit 2
next
edit 3
next
end
--More--
config content-id
set start-skip 1
end
next
end
next
edit "vcache://llnwd/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
edit 2
next
edit 3
next
end
config skip-entries
edit 1
next
end
config content-id
set start-skip 1
end
next
--More--
end
next
edit "vcache://yahoo/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
edit 2
next
edit 3
next
end
config content-id
end
next
end
next
edit "vcache://myspace/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
edit 2
next
edit 3
next
end
config content-id
set start-skip 1
end
next
end
next
edit "vcache://vimeo/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
edit 2
next
edit 3
next
--More--
end
config content-id
set start-skip 1
end
next
end
next
edit "vcache://blip.tv/"
set comment "Static entries are not allowed to change except disable."
edit "rule1"
config match-entries
edit 1
next
edit 2
next
edit 3
next
edit 4
next
edit 5
next
edit 6
next
edit 7
next
edit 8
next
end
config skip-entries
edit 1
next
end
config content-id
set start-skip 1
end
next
end
next
edit "vcache://maker.tv/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
set match-mode any
config match-entries
edit 1
next
end
config content-id
set start-skip 1
end
next
end
--More--
next
edit "vcache://aol/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
end
config skip-entries
edit 1
next
end
config content-id
set start-skip 1
end
next
edit "rule2"
config match-entries
edit 1
next
end
config content-id
set start-skip 1
end
next
end
next
--More--
edit "vcache://clipfish/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
edit 2
next
edit 3
next
edit 4
next
end
config content-id
set start-skip 1
end
next
end
next
edit "vcache://cnn/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
--More--
next
edit 2
next
edit 3
next
end
config content-id
set start-skip 1
end
next
edit "rule2"
config match-entries
edit 1
next
edit 2
next
edit 3
next
end
config content-id
set start-skip 1
end
next
edit "rule3"
config match-entries
edit 1
next
--More--
edit 2
next
edit 3
next
end
config content-id
set start-skip 1
end
next
end
next
edit "vcache://foxnews/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
edit 2
next
edit 3
next
end
config content-id
set start-skip 1
--More--
end
next
end
next
edit "vcache://discovery/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
edit 1
next
edit 2
next
edit 3
next
end
config content-id
set start-skip 1
end
next
end
next
edit "vcache://liveleak/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
--More--
config match-entries
edit 1
next
edit 2
next
end
config content-id
set start-skip 1
end
next
edit "rule2"
config match-entries
edit 1
next
edit 2
next
end
config content-id
set start-skip 1
end
next
edit "rule3"
config match-entries
edit 1
next
edit 2
--More--
next
end
config content-id
set start-skip 1
end
next
end
next
edit "vcache://sevenload/"
set comment "Static entries are not allowed to change except disable."
set host-domain-name-suffix "sevenload.com"
config rules
edit "rule1"
config match-entries
edit 1
next
edit 2
next
end
config skip-entries
edit 1
next
end
config content-id
set start-skip 1
end
next
--More--
end
next
edit "vcache://stupidvideos/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
edit 2
next
edit 3
next
end
config content-id
set start-skip 1
end
next
end
next
edit "vcache://howcast/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
--More--
edit 1
next
edit 2
next
end
config skip-entries
edit 1
next
end
config content-id
set start-skip 1
end
next
end
next
edit "vcache://vevo/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
edit 2
next
edit 3
--More--
next
end
config content-id
set start-skip 1
end
next
end
next
edit "vcache://redtube/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
edit 2
edit 3
next
end
config content-id
set start-skip 1
end
next
end
next
--More--
edit "vcache://xtube/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
end
config skip-entries
edit 1
next
edit 2
next
end
config content-id
set start-skip 1
end
next
edit "rule2"
config match-entries
edit 1
next
edit 2
next
--More--
end
config content-id
set start-skip 1
end
next
edit "rule3"
config match-entries
edit 1
next
end
config skip-entries
edit 1
next
end
config content-id
set start-skip 1
end
next
end
next
edit "vcache://youporn/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
--More--
edit 2
next
edit 3
next
end
config skip-entries
edit 1
next
end
config content-id
set start-skip 1
end
next
end
next
edit "vcache://pornhub/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
edit 2
next
--More--
edit 3
next
end
config skip-entries
edit 1
next
edit 2
next
end
config content-id
set start-skip 1
end
next
end
next
edit "vcache://tube8/"
set comment "Static entries are not allowed to change except disable."
set host-domain-name-suffix "tube8.com" "tube8.phncdn.com"
config rules
edit "rule1"
config match-entries
edit 1
next
edit 2
next
--More--
edit 3
next
end
config skip-entries
edit 1
next
end
config content-id
end
next
end
next
edit "vcache://ooyala/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
edit 2
next
end
config content-id
set start-skip 1
end
--More--
next
end
next
edit "vcache://ms-ads/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
edit 2
next
edit 3
next
end
config content-id
end
next
end
next
edit "vcache://yumenetworks-ads/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
--More--
config match-entries
edit 1
next
edit 2
next
edit 3
next
end
config content-id
set start-skip 1
end
next
end
next
edit "vcache://2mdn-ads/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
edit 2
next
edit 3
next
end
config content-id
set start-skip 1
end
next
end
next
edit "vcache://eyewonder-ads/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
edit 2
next
edit 3
next
end
config content-id
set start-skip 1
end
next
end
next
edit "vcache://eyereturn-ads/"
--More--
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
edit 2
set pattern "/*.mp4"
next
edit 3
next
end
config content-id
set start-skip 1
end
next
end
next
edit "vcache://serving-sys-ads/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
edit 2
next
edit 3
next
end
config content-id
set start-skip 1
end
next
end
next
edit "vcache://amazonaws-ads/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
edit 2
next
edit 3
next
end
config content-id
--More--
set start-skip 1
end
next
end
next
edit "vcache://edgesuite-ads/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
edit 2
next
edit 3
next
end
config content-id
set start-skip 1
end
next
end
next
edit "vcache://gorillanation-ads/"
set comment "Static entries are not allowed to change except disable."
config rules
--More--
edit "rule1"
config match-entries
edit 1
next
edit 2
next
edit 3
next
end
config content-id
set start-skip 1
end
next
end
next
edit "vcache://youku/"
set comment "Static entries are not allowed to change except disable."
edit "rule1"
config match-entries
edit 1
next
edit 2
next
end
config content-id
--More--
set start-skip 1
end
next
edit "rule2"
config match-entries
edit 1
next
edit 2
set target parameter
next
end
config content-id
set start-skip 1
end
next
edit "rule3"
config match-entries
edit 1
next
edit 2
next
end
config content-id
set start-skip 1
end
next
edit "rule4"
config match-entries
edit 1
next
end
config skip-entries
edit 1
next
end
config content-id
set start-skip 1
end
next
edit "rule5"
config match-entries
edit 1
next
end
config skip-entries
edit 1
next
end
config content-id
--More--
set start-skip 1
end
next
edit "rule6"
config match-entries
edit 1
next
end
config skip-entries
edit 1
next
end
config content-id
set start-skip 1
end
next
end
next
edit "vcache://tudou/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
--More--
edit 2
next
end
config skip-entries
edit 1
next
end
config content-id
set start-skip 1
end
next
end
next
edit "vcache://cbc/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
edit 2
next
edit 3
next
end
--More--
config content-id
set start-skip 1
end
next
edit "rule2"
config match-entries
edit 1
next
edit 2
set pattern "*.mp4"
next
end
config content-id
set start-skip 1
end
next
end
next
edit "vcache://megaupload/"
set comment "Static entries are not allowed to change except disable."
config rules
edit "rule1"
config match-entries
edit 1
next
end
config content-id
set start-skip 2
end
next
end
next
edit "update://windowsupdate/"
set comment "Static entries are not allowed to change except disable."
next
end
end
end
end
end
edit 1
set protocol 6
next
edit 2
set protocol 6
--More--
next
edit 3
set protocol 17
next
edit 4
set protocol 6
next
edit 5
set protocol 17
set port 69
next
edit 6
set protocol 6
next
edit 7
set protocol 6
next
edit 8
set protocol 6
next
edit 9
set protocol 6
set port 21
--More--
next
edit 10
set protocol 6
next
edit 11
set protocol 6
next
edit 12
set protocol 17
next
edit 13
set protocol 17
next
edit 14
set protocol 17
set port 53
next
edit 15
set protocol 6
next
edit 16
set protocol 6
next
--More--
edit 17
set protocol 6
next
edit 18
set protocol 17
next
edit 19
next
edit 20
set protocol 17
next
end
end
end
set hugepage-percentage 30
set mbufpool-percentage 25
end
--More--
end
edit "default"
next
end
edit "quarantine"
set cos-queue 0
next
edit "sniffer"
set cos-queue 0
next
end
end
edit "login.microsoftonline.com"
--More--
next
edit "login.microsoft.com"
next
edit "login.windows.net"
next
edit "gmail.com"
set uuid b5a2755e-4971-51ea-4168-58e92db927db
next
edit "wildcard.google.com"
next
edit "all"
next
edit "FIREWALL_AUTH_PORTAL_ADDRESS"
next
edit "FABRIC_DEVICE"
next
edit "SSLVPN_TUNNEL_ADDR1"
next
edit "2-2-2-20"
next
edit "200-200-200-200"
next
end
edit "all"
next
end
edit "SSLVPN_TUNNEL_IPv6_ADDR1"
next
edit "all"
set uuid b5a2c2ac-4971-51ea-58ad-fc9611861495
next
edit "none"
next
end
edit "all"
next
end
--More--
next
next
end
edit "adobe"
set uuid b5d6c4da-4971-51ea-eb26-750e7b4b0f43
next
next
edit "android"
next
edit "apple"
next
edit "appstore"
next
edit "auth.gfx.ms"
next
edit "citrix"
--More--
next
edit "dropbox.com"
next
edit "eease"
next
next
edit "fortinet"
next
edit "googleapis.com"
next
edit "google-drive"
set uuid b5d6d75e-4971-51ea-12d1-089a68109cad
next
edit "google-play2"
next
edit "google-play3"
next
edit "Gotomeeting"
--More--
next
edit "icloud"
next
edit "itunes"
next
edit "microsoft"
set uuid b5d6e1ea-4971-51ea-b64c-aa2f90fda0e9
next
edit "skype"
next
edit "softwareupdate.vmware.com"
next
edit "verisign"
next
next
edit "live.com"
next
edit "google-play"
--More--
next
edit "update.microsoft.com"
next
edit "swscan.apple.com"
next
edit "autoupdate.opera.com"
next
end
edit "General"
next
next
next
edit "Email"
next
next
edit "Authentication"
next
--More--
next
edit "Tunneling"
next
next
next
end
config firewall service custom
edit "DNS"
set tcp-portrange 53
set udp-portrange 53
next
edit "HTTP"
set tcp-portrange 80
next
edit "HTTPS"
next
edit "IMAP"
next
edit "IMAPS"
next
edit "LDAP"
next
edit "DCE-RPC"
next
edit "POP3"
next
edit "POP3S"
next
edit "SAMBA"
next
edit "SMTP"
set tcp-portrange 25
next
edit "SMTPS"
set category "Email"
next
edit "KERBEROS"
next
edit "LDAP_UDP"
next
--More--
edit "SMB"
next
edit "ALL"
set protocol IP
next
edit "ALL_TCP"
next
edit "ALL_UDP"
next
edit "ALL_ICMP"
unset icmptype
next
edit "ALL_ICMP6"
unset icmptype
next
edit "GRE"
set protocol IP
set protocol-number 47
next
edit "AH"
set protocol IP
set protocol-number 51
next
--More--
edit "ESP"
set protocol IP
set protocol-number 50
next
edit "AOL"
next
edit "BGP"
next
edit "DHCP"
next
edit "FINGER"
set tcp-portrange 79
next
edit "FTP"
set tcp-portrange 21
next
edit "FTP_GET"
set tcp-portrange 21
next
edit "FTP_PUT"
set tcp-portrange 21
next
edit "GOPHER"
set tcp-portrange 70
--More--
next
edit "H323"
next
edit "IKE"
next
edit "Internet-Locator-Service"
next
edit "IRC"
next
edit "L2TP"
next
edit "NetMeeting"
next
edit "NFS"
next
edit "NNTP"
next
--More--
edit "NTP"
next
edit "OSPF"
set protocol IP
set protocol-number 89
next
edit "PC-Anywhere"
next
edit "PING"
set icmptype 8
unset icmpcode
next
edit "TIMESTAMP"
unset icmpcode
next
edit "INFO_REQUEST"
set icmptype 15
unset icmpcode
next
edit "INFO_ADDRESS"
--More--
set icmptype 17
unset icmpcode
next
edit "ONC-RPC"
next
edit "PPTP"
next
edit "QUAKE"
next
edit "RAUDIO"
next
edit "REXEC"
next
edit "RIP"
next
edit "RLOGIN"
next
edit "RSH"
next
--More--
edit "SCCP"
next
edit "SIP"
next
edit "SIP-MSNmessenger"
next
edit "SNMP"
next
edit "SSH"
set tcp-portrange 22
next
edit "SYSLOG"
next
edit "TALK"
next
edit "TELNET"
set tcp-portrange 23
next
edit "TFTP"
--More--
set udp-portrange 69
next
edit "MGCP"
next
edit "UUCP"
next
edit "VDOLIVE"
next
edit "WAIS"
next
edit "WINFRAME"
next
edit "X-WINDOWS"
next
edit "PING6"
unset icmpcode
next
edit "MS-SQL"
next
--More--
edit "MYSQL"
next
edit "RDP"
next
edit "VNC"
next
edit "DHCP6"
next
edit "SQUID"
next
edit "SOCKS"
edit "WINS"
next
edit "RADIUS"
next
edit "RADIUS-OLD"
--More--
next
edit "CVSPSERVER"
next
edit "AFS3"
next
edit "TRACEROUTE"
next
edit "RTSP"
next
edit "MMS"
next
edit "NONE"
set tcp-portrange 0
next
edit "webproxy"
next
--More--
end
next
next
next
next
end
end
edit "Fortinet_CA_SSL"
set comments "This is the default CA certificate the SSL Inspection will use when generating new
server certificates."
next
edit "Fortinet_CA_Untrusted"
set comments "This is the default CA certificate the SSL Inspection will use when generating new
server certificates."
next
edit "Fortinet_SSL"
set comments "This certificate is embedded in the hardware at the factory and is unique to this
unit. "
--More--
next
edit "Fortinet_SSL_RSA1024"
set comments "This certificate is embedded in the hardware at the factory and is unique to this
unit. "
set range global
next
edit "Fortinet_SSL_RSA2048"
set comments "This certificate is embedded in the hardware at the factory and is unique to this
unit. "
next
edit "Fortinet_SSL_RSA4096"
set comments "This certificate is embedded in the hardware at the factory and is unique to this
unit. "
next
edit "Fortinet_SSL_DSA1024"
set comments "This certificate is embedded in the hardware at the factory and is unique to this
unit. "
set range global
next
edit "Fortinet_SSL_DSA2048"
set comments "This certificate is embedded in the hardware at the factory and is unique to this
unit. "
--More--
next
edit "Fortinet_SSL_ECDSA256"
set comments "This certificate is embedded in the hardware at the factory and is unique to this
unit. "
next
edit "Fortinet_SSL_ECDSA384"
next
edit "Fortinet_SSL_ECDSA521"
set comments "This certificate is embedded in the hardware at the factory and is unique to this
unit. "
next
edit "Fortinet_SSL_ED25519"
set comments "This certificate is embedded in the hardware at the factory and is unique to this
unit. "
next
edit "Fortinet_SSL_ED448"
--More--
next
end
edit "custom1"
set id 140
next
edit "custom2"
set id 141
next
end
edit "default"
config entries
edit 1
next
end
next
edit "sniffer-profile"
edit 1
next
end
next
edit "wifi-default"
config entries
edit 1
next
end
next
edit "all_default"
--More--
config entries
edit 1
next
end
next
edit "all_default_pass"
config entries
edit 1
next
end
next
edit "protect_http_server"
config entries
edit 1
next
end
next
edit "protect_email_server"
config entries
edit 1
next
end
next
edit "protect_client"
edit 1
--More--
next
end
next
edit "high_security"
set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities"
config entries
edit 1
next
edit 2
next
end
next
end
edit "high-priority"
next
edit "medium-priority"
next
edit "low-priority"
next
edit "guarantee-100kbps"
--More--
next
edit "shared-1M-pipe"
next
end
end
config application list
edit "default"
config entries
edit 1
next
end
next
edit "sniffer-profile"
unset options
config entries
edit 1
next
end
next
edit "wifi-default"
config entries
edit 1
--More--
end
next
edit "block-high-risk"
config entries
edit 1
set category 2 6
next
edit 2
next
end
next
end
edit 1
config entries
edit "*.bat"
next
edit "*.com"
next
edit "*.dll"
next
edit "*.doc"
next
edit "*.exe"
next
edit "*.gz"
next
edit "*.hta"
next
edit "*.ppt"
next
edit "*.rar"
next
edit "*.scr"
--More--
next
edit "*.tar"
next
edit "*.tgz"
next
edit "*.vb?"
next
edit "*.wps"
next
edit "*.xl?"
next
edit "*.zip"
next
edit "*.pif"
next
edit "*.cpl"
next
end
next
edit 2
config entries
edit "bat"
next
edit "exe"
next
edit "elf"
next
edit "hta"
next
end
next
end
edit "Private"
next
edit "Critical"
next
edit "Warning"
next
end
edit "default"
next
edit "sniffer-profile"
next
end
end
config webfilter ips-urlfilter-setting6
end
config web
edit 1
set category 26
next
edit 2
set category 61
next
--More--
edit 3
set category 86
next
edit 4
set category 1
next
edit 5
set category 3
next
edit 6
set category 4
next
edit 7
set category 5
next
edit 8
set category 6
next
edit 9
set category 12
next
edit 10
set category 59
next
edit 11
set category 62
next
--More--
edit 12
set category 83
next
edit 13
set category 72
next
edit 14
set category 14
next
end
config application
edit 1
set category 2
next
edit 2
set category 6
next
end
end
edit "default"
config icap-headers
edit 1
next
edit 2
next
end
next
end
--More--
edit "guest"
next
end
end
edit "SSO_Guest_Users"
next
edit "Guest-group"
next
end
edit "FortiClient-AV"
next
edit "FortiClient-FW"
set type fw
next
edit "FortiClient-AV-Vista"
next
edit "FortiClient-FW-Vista"
set type fw
next
edit "FortiClient5-AV"
next
edit "AVG-Internet-Security-AV"
next
edit "AVG-Internet-Security-FW"
set type fw
next
edit "AVG-Internet-Security-AV-Vista-Win7"
next
edit "AVG-Internet-Security-FW-Vista-Win7"
set type fw
next
edit "CA-Anti-Virus"
next
edit "CA-Internet-Security-AV"
next
edit "CA-Internet-Security-FW"
set type fw
next
edit "CA-Internet-Security-AV-Vista-Win7"
edit "CA-Internet-Security-FW-Vista-Win7"
set type fw
next
edit "CA-Personal-Firewall"
set type fw
next
edit "F-Secure-Internet-Security-AV"
next
--More--
edit "F-Secure-Internet-Security-FW"
set type fw
next
edit "F-Secure-Internet-Security-AV-Vista-Win7"
next
edit "F-Secure-Internet-Security-FW-Vista-Win7"
set type fw
next
edit "Kaspersky-AV"
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
next
edit "Kaspersky-FW"
set type fw
next
edit "Kaspersky-AV-Vista-Win7"
next
edit "Kaspersky-FW-Vista-Win7"
set type fw
next
edit "McAfee-Internet-Security-Suite-AV"
next
edit "McAfee-Internet-Security-Suite-FW"
set type fw
next
edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
next
edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
--More--
set type fw
next
edit "McAfee-Virus-Scan-Enterprise"
next
edit "Norton-360-2.0-AV"
next
edit "Norton-360-2.0-FW"
set type fw
next
edit "Norton-360-3.0-AV"
next
edit "Norton-360-3.0-FW"
set type fw
next
edit "Norton-Internet-Security-AV"
next
edit "Norton-Internet-Security-FW"
set type fw
next
edit "Norton-Internet-Security-AV-Vista-Win7"
next
edit "Norton-Internet-Security-FW-Vista-Win7"
set type fw
next
edit "Symantec-Endpoint-Protection-AV"
--More--
next
edit "Symantec-Endpoint-Protection-FW"
set type fw
next
edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
next
edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
set type fw
next
edit "Panda-Antivirus+Firewall-2008-AV"
next
edit "Panda-Antivirus+Firewall-2008-FW"
set type fw
next
edit "Panda-Internet-Security-AV"
next
edit "Panda-Internet-Security-2006~2007-FW"
set type fw
next
edit "Panda-Internet-Security-2008~2009-FW"
set type fw
next
edit "Sophos-Anti-Virus"
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW"
set type fw
next
edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
set type fw
next
edit "Trend-Micro-AV"
next
edit "Trend-Micro-FW"
set type fw
next
edit "Trend-Micro-AV-Vista-Win7"
next
edit "Trend-Micro-FW-Vista-Win7"
set type fw
next
edit "ZoneAlarm-AV"
edit "ZoneAlarm-FW"
set type fw
next
edit "ZoneAlarm-AV-Vista-Win7"
next
edit "ZoneAlarm-FW-Vista-Win7"
set type fw
next
--More--
edit "ESET-Smart-Security-AV"
next
edit "ESET-Smart-Security-FW"
set type fw
next
end
edit "full-access"
next
end
end
edit "default"
next
edit "strict"
config sip
end
next
end
config ftgd-dns
config filters
edit 1
set category 2
next
edit 2
set category 7
next
edit 3
set category 8
--More--
next
edit 4
set category 9
next
edit 5
set category 11
next
edit 6
set category 12
next
edit 7
set category 13
next
edit 8
set category 14
next
edit 9
set category 15
next
edit 10
set category 16
next
edit 11
next
edit 12
set category 57
next
edit 13
set category 63
next
edit 14
set category 64
next
edit 15
set category 65
next
--More--
edit 16
set category 66
next
edit 17
set category 67
next
edit 18
set category 26
next
edit 19
set category 61
next
edit 20
set category 86
next
edit 21
set category 88
next
edit 22
set category 90
set action block
next
edit 23
set category 91
next
end
end
next
end
--More--
end
edit "default"
config http
end
config ftp
end
config imap
set options scan
end
config pop3
end
config smtp
end
next
edit "sniffer-profile"
config http
end
config ftp
end
config imap
end
--More--
config pop3
end
config smtp
end
next
edit "wifi-default"
config http
end
config ftp
end
config imap
end
config pop3
config smtp
end
next
end
edit "default"
config ftgd-wf
unset options
--More--
config filters
edit 1
next
edit 2
set category 2
next
edit 3
set category 7
next
edit 4
set category 8
next
edit 5
set category 9
next
edit 6
set category 11
next
edit 7
set category 12
next
edit 8
set category 13
next
edit 9
set category 14
next
--More--
edit 10
set category 15
next
edit 11
set category 16
next
edit 12
set category 26
next
edit 13
set category 57
next
edit 14
set category 61
next
edit 15
set category 63
next
edit 16
set category 64
next
edit 17
set category 65
next
edit 18
set category 66
next
--More--
edit 19
set category 67
next
edit 20
set category 86
next
edit 21
set category 88
next
edit 22
set category 90
next
edit 23
set category 91
next
end
end
next
edit "sniffer-profile"
config ftgd-wf
config filters
edit 1
next
edit 2
set category 1
next
edit 3
set category 2
next
edit 4
--More--
set category 3
next
edit 5
set category 4
next
edit 6
set category 5
next
edit 7
set category 6
next
edit 8
set category 7
next
edit 9
set category 8
next
edit 10
set category 9
next
edit 11
set category 11
next
edit 12
set category 12
next
edit 13
set category 13
next
edit 14
set category 14
next
edit 15
set category 15
next
edit 16
--More--
set category 16
next
edit 17
set category 17
next
edit 18
set category 18
next
edit 19
set category 19
next
edit 20
set category 20
next
edit 21
set category 23
next
edit 22
set category 24
next
edit 23
set category 25
next
edit 24
set category 26
next
edit 25
set category 28
next
edit 26
set category 29
next
edit 27
set category 30
next
edit 28
--More--
set category 31
next
edit 29
set category 33
next
edit 30
set category 34
next
edit 31
set category 35
next
edit 32
set category 36
next
edit 33
set category 37
next
edit 34
set category 38
next
edit 35
set category 39
next
edit 36
set category 40
next
edit 37
set category 41
next
edit 38
set category 42
next
edit 39
set category 43
next
edit 40
--More--
set category 44
next
edit 41
set category 46
next
edit 42
set category 47
next
edit 43
set category 48
next
edit 44
set category 49
next
edit 45
set category 50
next
edit 46
set category 51
next
edit 47
set category 52
next
edit 48
set category 53
next
edit 49
set category 54
next
edit 50
set category 55
next
edit 51
set category 56
next
edit 52
--More--
set category 57
next
edit 53
set category 58
next
edit 54
set category 59
next
edit 55
set category 61
next
edit 56
set category 62
next
edit 57
set category 63
next
edit 58
set category 64
next
edit 59
set category 65
next
edit 60
set category 66
next
edit 61
set category 67
next
edit 62
set category 68
next
edit 63
set category 69
next
edit 64
--More--
set category 70
next
edit 65
set category 71
next
edit 66
set category 72
next
edit 67
set category 75
next
edit 68
set category 76
next
edit 69
set category 77
next
edit 70
set category 78
next
edit 71
set category 79
next
edit 72
set category 80
next
edit 73
set category 81
next
edit 74
set category 82
next
edit 75
set category 83
next
edit 76
--More--
set category 84
next
edit 77
set category 85
next
edit 78
set category 86
next
edit 79
set category 87
next
edit 80
set category 88
next
edit 81
set category 89
next
edit 82
set category 90
next
edit 83
set category 91
next
edit 84
set category 92
next
edit 85
set category 93
next
edit 86
set category 94
next
edit 87
set category 95
next
end
--More--
end
next
edit "wifi-default"
config ftgd-wf
unset options
config filters
edit 1
next
edit 2
set category 2
set action block
next
edit 3
set category 7
next
edit 4
set category 8
next
edit 5
set category 9
next
edit 6
set category 11
next
edit 7
set category 12
next
edit 8
set category 13
--More--
next
edit 9
set category 14
next
edit 10
set category 15
next
edit 11
set category 16
next
edit 12
set category 26
next
edit 13
set category 57
next
edit 14
set category 61
set action block
next
edit 15
set category 63
next
edit 16
set category 64
next
edit 17
set category 65
--More--
next
edit 18
set category 66
next
edit 19
set category 67
next
edit 20
set category 86
set action block
next
edit 21
set category 88
next
edit 22
set category 90
next
edit 23
set category 91
next
end
end
next
edit "monitor-all"
config ftgd-wf
unset options
config filters
edit 1
set category 1
--More--
next
edit 2
set category 3
next
edit 3
set category 4
next
edit 4
set category 5
next
edit 5
set category 6
next
edit 6
set category 12
next
edit 7
set category 59
next
edit 8
set category 62
next
edit 9
set category 83
next
edit 10
set category 2
next
edit 11
set category 7
next
edit 12
set category 8
next
edit 13
set category 9
--More--
next
edit 14
set category 11
next
edit 15
set category 13
next
edit 16
set category 14
next
edit 17
set category 15
next
edit 18
set category 16
next
edit 19
set category 57
next
edit 20
set category 63
next
edit 21
set category 64
next
edit 22
set category 65
next
edit 23
set category 66
next
edit 24
set category 67
next
edit 25
set category 19
--More--
next
edit 26
set category 24
next
edit 27
set category 25
next
edit 28
set category 72
next
edit 29
set category 75
next
edit 30
set category 76
next
edit 31
set category 26
next
edit 32
set category 61
next
edit 33
set category 86
next
edit 34
set category 17
next
edit 35
set category 18
next
edit 36
set category 20
next
edit 37
set category 23
--More--
next
edit 38
set category 28
next
edit 39
set category 29
next
edit 40
set category 30
next
edit 41
set category 33
next
edit 42
set category 34
next
edit 43
set category 35
next
edit 44
set category 36
next
edit 45
set category 37
next
edit 46
set category 38
next
edit 47
set category 39
next
edit 48
set category 40
next
edit 49
set category 42
--More--
next
edit 50
set category 44
next
edit 51
set category 46
next
edit 52
set category 47
next
edit 53
set category 48
next
edit 54
set category 54
next
edit 55
set category 55
next
edit 56
set category 58
next
edit 57
set category 68
next
edit 58
set category 69
next
edit 59
set category 70
next
edit 60
set category 71
next
edit 61
set category 77
--More--
next
edit 62
set category 78
next
edit 63
set category 79
next
edit 64
set category 80
next
edit 65
set category 82
next
edit 66
set category 85
next
edit 67
set category 87
next
edit 68
set category 31
next
edit 69
set category 41
next
edit 70
set category 43
next
edit 71
set category 49
next
edit 72
set category 50
next
edit 73
set category 51
--More--
next
edit 74
set category 52
next
edit 75
set category 53
next
edit 76
set category 56
next
edit 77
set category 81
next
edit 78
set category 84
next
edit 79
next
edit 80
set category 88
next
edit 81
set category 89
next
edit 82
set category 90
next
edit 83
set category 91
next
edit 84
set category 92
next
edit 85
set category 93
next
--More--
edit 86
set category 94
next
edit 87
set category 95
next
end
end
next
end
edit "google"
next
edit "yahoo"
next
edit "bing"
next
edit "yandex"
next
edit "youtube"
next
edit "baidu"
next
edit "baidu2"
next
edit "baidu3"
--More--
next
end
edit "sniffer-profile"
next
edit "default"
next
end
edit "default"
set title "FortiGate System Analysis Report"
config page
config header
config header-item
edit 1
next
end
end
config footer
config footer-item
edit 1
next
edit 2
next
--More--
end
end
end
config body-item
edit 101
next
edit 103
next
edit 105
next
edit 107
next
edit 109
edit 111
next
edit 121
next
edit 301
--More--
next
edit 311
next
edit 321
next
edit 331
next
edit 411
next
edit 421
next
edit 511
next
edit 521
next
edit 611
next
edit 1001
next
edit 1011
next
edit 1021
next
edit 1031
next
edit 1041
next
edit 1051
next
edit 1061
next
edit 1071
next
edit 1301
next
edit 1311
--More--
next
edit 1321
next
edit 1331
next
edit 1341
next
edit 1501
next
edit 1511
set top-n 80
next
edit 1531
set top-n 80
next
edit 1541
set top-n 80
next
edit 1551
next
edit 1561
set top-n 80
next
edit 1571
set top-n 80
next
edit 1581
set top-n 80
next
edit 1591
next
edit 1601
set top-n 80
edit 1611
set top-n 80
next
edit 1621
set top-n 80
next
edit 1631
--More--
next
edit 1641
next
edit 1651
next
edit 1701
set text-component heading1
next
edit 1711
set top-n 80
next
edit 1721
set top-n 80
next
edit 1731
set top-n 80
next
edit 1741
set top-n 80
next
edit 1901
--More--
next
edit 1911
set top-n 80
next
edit 1931
set top-n 80
next
edit 1961
set top-n 80
next
end
next
end
end
config wanopt profile
edit "default"
next
end
config health-check
edit "Default_Office_365"
set recoverytime 10
--More--
config sla
edit 1
set jitter-threshold 50
set packetloss-threshold 5
next
end
next
edit "Default_Gmail"
set recoverytime 10
config sla
edit 1
set jitter-threshold 50
set packetloss-threshold 2
next
end
next
edit "Default_AWS"
set recoverytime 10
config sla
edit 1
set jitter-threshold 50
set packetloss-threshold 5
next
end
next
set recoverytime 10
config sla
edit 1
set jitter-threshold 50
set packetloss-threshold 5
next
end
next
edit "Default_FortiGuard"
set recoverytime 10
config sla
edit 1
set jitter-threshold 50
set packetloss-threshold 5
next
end
next
end
end
edit "always"
next
edit "none"
next
edit "default-darrp-optimize"
next
--More--
end
edit "default"
config http
set ports 80
unset options
unset post-lang
end
config ftp
set ports 21
config imap
end
config mapi
end
config pop3
end
config smtp
set ports 25
end
config nntp
end
config ssh
unset options
end
--More--
config dns
set ports 53
end
config cifs
end
next
end
edit "deep-inspection"
config https
end
config ftps
end
config imaps
end
config pop3s
set ports 995
end
config smtps
end
config ssh
set ports 22
end
config ssl-exempt
--More--
edit 1
set fortiguard-category 31
next
edit 2
set fortiguard-category 33
next
edit 3
next
edit 4
next
edit 5
next
edit 6
next
edit 7
next
edit 8
next
edit 9
next
edit 10
next
edit 11
next
edit 12
next
edit 13
next
edit 14
next
edit 15
next
edit 16
next
edit 17
next
edit 18
next
edit 19
--More--
next
edit 20
next
edit 21
next
edit 22
next
edit 23
next
edit 24
next
edit 25
next
edit 26
next
edit 27
next
edit 28
next
edit 29
next
edit 30
next
end
next
edit "custom-deep-inspection"
config https
end
config ftps
end
config imaps
end
config pop3s
end
config smtps
end
config ssh
set ports 22
--More--
end
config ssl-exempt
edit 1
set fortiguard-category 31
next
edit 2
set fortiguard-category 33
next
edit 3
edit 4
next
edit 5
next
edit 6
next
edit 7
next
edit 8
next
edit 9
next
edit 10
next
edit 11
next
edit 12
next
edit 13
next
edit 14
next
edit 15
edit 16
next
edit 17
next
edit 18
--More--
next
edit 19
next
edit 20
next
edit 21
edit 22
next
edit 23
next
edit 24
next
edit 25
next
edit 26
next
edit 27
next
edit 28
next
edit 29
next
edit 30
next
end
next
edit "no-inspection"
config https
end
config ftps
end
config imaps
set status disable
end
config pop3s
end
config smtps
end
config ssh
set ports 22
end
--More--
next
edit "certificate-inspection"
config https
end
config ftps
end
config imaps
config pop3s
end
config smtps
end
config ssh
set ports 22
end
next
end
edit "default"
config signature
end
end
end
end
end
end
end
end
end
end
config constraint
config header-length
--More--
end
config content-length
end
config param-length
end
config line-length
end
config url-param-length
end
config version
end
config method
end
config hostname
end
config malformed
end
--More--
config max-cookie
end
config max-header-line
end
config max-url-param
end
config max-range-segment
end
end
next
end
next
end
--More--
edit 1
next
end
edit "Fortinet_SSH_RSA2048"
set password ENC
fwAAAKSJ0o20GPL+z7vD3F5rrs8UfYRHNNRI5kyTxpKeqeRUmwV1vAo4D0Ny6SIFt1BJRoEMlDfBIYC47IyqT
ZuFV2/B1ivlBK6XQ2kFR4FAZZQCcQ+F5ddYGzFpkrAzmTYBHBX5sQilV44lUuSdtnVJseX3xz0s4pFfAQNYx6F
myvKE6Yyq2KL68bxHlyNHh/Zzug==
next
edit "Fortinet_SSH_DSA1024"
next
edit "Fortinet_SSH_ECDSA256"
next
edit "Fortinet_SSH_ECDSA384"
next
edit "Fortinet_SSH_ECDSA521"
next
--More--
edit "Fortinet_SSH_ED25519"
next
end
edit "Fortinet_SSH_CA"
next
edit "Fortinet_SSH_CA_Untrusted"
next
end
config firewall ssh setting
end
edit "802-1X-policy-default"
--More--
next
end
edit "default"
set mgmt-allowaccess https ping ssh
next
end
edit "default"
config med-network-policy
edit "voice"
next
edit "voice-signaling"
next
edit "guest-voice"
next
edit "guest-voice-signaling"
next
edit "softphone-voice"
next
edit "video-conferencing"
next
edit "streaming-video"
next
edit "video-signaling"
next
end
config med-location-service
edit "coordinates"
next
edit "address-civic"
--More--
next
edit "elin-number"
next
end
next
edit "default-auto-isl"
next
end
edit "voice-dot1p"
next
end
edit "voice-dscp"
config map
edit "1"
set cos-queue 1
set value 46
next
edit "2"
set cos-queue 2
next
edit "5"
set cos-queue 3
set value 34
next
end
--More--
next
end
edit "default"
config cos-queue
edit "queue-0"
next
edit "queue-1"
next
edit "queue-2"
next
edit "queue-3"
next
edit "queue-4"
next
edit "queue-5"
next
edit "queue-6"
next
edit "queue-7"
next
end
next
edit "voice-egress"
config cos-queue
edit "queue-0"
next
edit "queue-1"
set weight 0
next
edit "queue-2"
set weight 6
--More--
next
edit "queue-3"
set weight 37
next
edit "queue-4"
set weight 12
next
edit "queue-5"
next
edit "queue-6"
next
edit "queue-7"
next
end
next
end
edit "default"
next
edit "voice-qos"
set trust-dot1p-map "voice-dot1p"
next
end
edit "default"
next
edit "auto-config"
next
end
edit "default"
--More--
next
edit "default-icl"
next
end
next
end
edit "syslogd"
next
edit "syslogd2"
next
end
end
edit "default"
--More--
next
edit "default-wids-apscan-enabled"
next
end
edit "AP-11N-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
next
edit "FAP112B-default"
config platform
set type 112B
end
set handoff-sta-thresh 30
config radio-1
end
next
edit "FAP220B-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
--More--
config radio-2
end
next
edit "FAP223B-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
config radio-2
end
next
edit "FAP210B-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
next
edit "FAP222B-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
config radio-2
set band 802.11n-5G
end
--More--
next
edit "FAP320B-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
config radio-2
end
next
edit "FAP11C-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
next
edit "FAP14C-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
next
edit "FAP28C-default"
config platform
end
set handoff-sta-thresh 30
--More--
config radio-1
end
next
edit "FAP320C-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
end
next
edit "FAP221C-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
config radio-2
end
next
edit "FAP25D-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
--More--
next
edit "FAP222C-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
config radio-2
end
next
edit "FAP224D-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
config radio-2
next
edit "FK214B-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
next
edit "FAP21D-default"
config platform
--More--
end
set handoff-sta-thresh 30
config radio-1
end
next
edit "FAP24D-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
next
edit "FAP112D-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
next
edit "FAP223C-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
config radio-2
end
--More--
next
edit "FAP321C-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
config radio-2
end
next
edit "FAPS321C-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
config radio-2
end
next
edit "FAPS322C-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
config radio-2
end
--More--
next
edit "FAPS323C-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
config radio-2
end
next
edit "FAPS311C-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
next
edit "FAPS313C-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
next
edit "FAPS321CR-default"
config platform
end
set handoff-sta-thresh 30
--More--
config radio-1
end
config radio-2
end
next
edit "FAPS322CR-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
config radio-2
end
next
edit "FAPS323CR-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
config radio-2
end
next
edit "FAPS421E-default"
config platform
end
set handoff-sta-thresh 55
--More--
config radio-1
end
config radio-2
end
next
edit "FAPS422E-default"
config platform
end
set handoff-sta-thresh 55
config radio-1
end
config radio-2
end
next
edit "FAPS423E-default"
config platform
end
set handoff-sta-thresh 55
config radio-1
end
config radio-2
end
next
edit "FAP421E-default"
config platform
end
set handoff-sta-thresh 55
--More--
config radio-1
end
config radio-2
end
next
edit "FAP423E-default"
config platform
end
set handoff-sta-thresh 55
config radio-1
end
config radio-2
end
next
edit "FAPU421E-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
config radio-2
end
next
edit "FAPU422EV-default"
config platform
end
set handoff-sta-thresh 30
--More--
config radio-1
end
config radio-2
end
next
edit "FAPU423E-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
config radio-2
end
next
edit "FAP221E-default"
set handoff-sta-thresh 55
config radio-1
end
config radio-2
end
next
edit "FAP222E-default"
config platform
end
set handoff-sta-thresh 55
config radio-1
end
--More--
config radio-2
end
next
edit "FAP223E-default"
config platform
end
set handoff-sta-thresh 55
config radio-1
end
config radio-2
end
next
edit "FAP224E-default"
config platform
end
set handoff-sta-thresh 55
config radio-1
end
config radio-2
end
next
edit "FAPS221E-default"
config platform
end
set handoff-sta-thresh 55
config radio-1
end
--More--
config radio-2
end
next
edit "FAPS223E-default"
config platform
end
set handoff-sta-thresh 55
config radio-1
end
config radio-2
end
next
edit "FAP321E-default"
config platform
end
set handoff-sta-thresh 55
config radio-1
end
config radio-2
end
next
edit "FAPU221EV-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
--More--
config radio-2
end
next
edit "FAPU223EV-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
config radio-2
end
next
edit "FAPU24JEV-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
config radio-2
end
next
edit "FAPU321EV-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
--More--
config radio-2
end
next
edit "FAPU323EV-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
config radio-2
end
next
edit "FAPU431F-default"
config platform
end
set handoff-sta-thresh 30
config radio-1
end
config radio-2
end
config radio-3
end
next
edit "FAPU433F-default"
config platform
end
set handoff-sta-thresh 30
--More--
config radio-1
end
config radio-2
end
config radio-3
end
next
end
edit "wifi-default"
next
end
end
end
end
edit "ALLOWED-GROUPS"
config rule
edit 1
next
edit 2
--More--
next
end
next
edit "ALLOWED-GROUPS`"
next
end
end
end
config redistribute "ospf"
end
end
end
end
end
end
end
end
end
end
edit 1
next
end
end
end
end
end
end
end
end
end
end
end
end
end
end
end
end
--More--
end
end
end
end
end
end
end
config router isis
end
end
end
end
end
end
end
end
end
end
end
config pim-sm-global
config rp-address
edit 1
next
end
end
config interface
edit "port2"
next
edit "port3"
next
end
end
FortiGate-VM64 #