Fortigate VM

#config-version=FGT-VM-4.
00-FW-build513-120130:opmode=0:vdom=0:user=admin
#conf_file_ver=2939318298167593164
#buildno=0513
#global_vdom=1
config system global
set access-banner disable
set admin-concurrent enable
set admin-https-pki-required disable
set admin-lockout-duration 60
set admin-lockout-threshold 3
set admin-maintainer enable
set admin-port 80
set admin-scp disable
set admin-server-cert "self-sign"
set admin-sport 443
set admin-ssh-grace-time 120
set admin-ssh-port 22
set admin-ssh-v1 disable
set admin-telnet-port 23
set admintimeout 5
set anti-replay strict
set auth-cert "self-sign"
set auth-http-port 1000
set auth-https-port 1003
set auth-keepalive disable
set auth-policy-exact-match enable
set av-failopen pass
set av-failopen-session disable
set batch-cmdb enable
set cfg-save automatic
set check-protocol-header loose
set check-reset-range disable
set clt-cert-req disable
set csr-ca-attribute enable
set daily-restart disable
set detection-summary enable
set dst enable
set endpoint-control-fds-access enable
set endpoint-control-portal-port 8009
set explicit-proxy-auth-timeout 300
set fds-statistics enable
set fgd-alert-subscription advisory latest-threat
set fwpolicy-implicit-log disable
set fwpolicy6-implicit-log disable
set gui-ap-profile enable
set gui-central-nat-table disable
set gui-client-reputation disable
set gui-dns-database disable
set gui-dynamic-profile-display disable
set gui-icap disable
set gui-implicit-id-based-policy disable
set gui-implicit-policy enable
set gui-ipsec-manual-key disable
set gui-ipv6 disable
set gui-lines-per-page 50
set gui-load-balance enable
set gui-object-tags enable
set gui-policy-interface-pairs-view enable
set gui-voip-profile disable
set hostname "Fortigate-VM"
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
http-obfuscate modified
ip-src-port-range 1024-25000
ipsec-hmac-offload enable
ipv6-accept-dad 1
language english
ldapconntimeout 500
log-user-in-upper disable
loglocaldeny disable
management-vdom "root"
max-sql-log-size 10240
optimize antivirus
phase1-rekey enable
policy-auth-concurrent enable
radius-port 1645
refresh 0
registration-notification enable
remoteauthtimeout 5
reset-sessionless-tcp disable
revision-backup-on-logout enable
send-pmtu-icmp enable
service-expire-notification enable
strict-dirty-session-check enable
strong-crypto disable
tcp-halfclose-timer 120
tcp-halfopen-timer 120
tcp-option enable
tcp-timewait-timer 1
timezone 04
tos-based-priority medium
udp-idle-timer 180
user-server-cert "self-sign"
vdom-admin disable
vip-arp-range restricted
wifi-ca-certificate "Fortinet_CA"
wifi-certificate "Fortinet_Firmware"
wimax-4g-usb disable
wireless-controller-port 5246
fds-statistics-period 60
end
config system accprofile
edit "prof_admin"
set admingrp read-write
set authgrp read-write
set endpoint-control-grp read-write
set fwgrp read-write
set loggrp read-write
unset menu-file
set mntgrp read-write
set netgrp read-write
set routegrp read-write
set sysgrp read-write
set updategrp read-write
set utmgrp read-write
set vpngrp read-write
set wanoptgrp read-write
set wifi read-write
next
edit "noaccess"
unset menu-file
next
edit "read_only"
set admingrp read
set authgrp read
set endpoint-control-grp read
set fwgrp read
set loggrp read
unset menu-file
set mntgrp read
set netgrp read
set routegrp read
set sysgrp read
set updategrp read
set utmgrp custom
set vpngrp read
set wanoptgrp read
set wifi read
config utmgrp-permission
set antivirus read
set application-control read
set data-loss-prevention read
set ips read
set spamfilter read
set webfilter read
end
next
end
config system interface
edit "port1"
set vdom "root"
set ip 10.10.4.100 255.255.255.0
set allowaccess ping https ssh http telnet
set type physical
next
edit "port2"
set vdom "root"
set type physical
next
edit "port3"
set vdom "root"
set type physical
next
edit "port4"
set vdom "root"
set type physical
next
edit "port5"
set vdom "root"
set type physical
next
edit "port6"
set vdom "root"
set type physical
next
edit "port7"
set vdom "root"
set type physical
next
edit "port8"
set vdom "root"
set type physical
next
edit "port9"
set vdom "root"
set type physical
next
edit "port10"
set vdom "root"
set type physical
next
edit "ssl.root"
set vdom "root"
set type tunnel
next
end
config system admin
edit "admin"
set accprofile "super_admin"
set vdom "root"
config dashboard-tabs
edit 1
set name "Status"
next
end
config dashboard
edit 1
set tab-id 1
set column 1
next
edit 2
set widget-type licinfo
set tab-id 1
set column 1
next
edit 3
set widget-type tr-history
set tab-id 1
set column 1
set interface "port2"
set refresh enable
next
edit 4
set widget-type jsconsole
set tab-id 1
set column 1
next
edit 5
set widget-type sysres
set tab-id 1
set column 2
next
edit 6
set widget-type sessions
set tab-id 1
set column 2
next
edit 7
set widget-type sysop
set tab-id 1
set column 2
next
edit 8
set widget-type alert
set tab-id 1
set column 2
next
end
next
edit "test"
set remote-auth enable
set accprofile "noaccess"
set vdom "root"
config dashboard-tabs
edit 1
set name "Status"
next
end
config dashboard
edit 1
set tab-id 1
set column 1
next
edit 2
set widget-type licinfo
set tab-id 1
set column 1
next
edit 8
set widget-type tr-history
set tab-id 1
set column 1
set interface "port2"
set refresh enable
next
edit 3
set widget-type jsconsole
set tab-id 1
set column 1
next
edit 4
set widget-type sysres
set tab-id 1
set column 2
set time-period 0
set chart-color 0
next
edit 5
set widget-type sessions
set tab-id 1
set column 2
next
edit 6
set widget-type sysop
set tab-id 1
set column 2
next
edit 7
set widget-type alert
set tab-id 1
set column 2
next
set
set
set
set
end
wildcard enable
remote-group "test_group"
accprofile-override enable
radius-vdom-override enable
next
end
config system ha
set group-id 0
set group-name "FGT-HA"
set mode standalone
set password ENC eWCjP/9WZ49WVenXMB/isYT7AmWfs4p6Tsh+RSJQ+WydrKQeGtDGdRjGmip
Ig26Nw3RXMQzm6Xlq7eC8QUPRBvRVAikkufzWpwRkWyFIGvAaSh4J
set hbdev "port4" 50 "port4" 50
set route-ttl 10
set route-wait 0
set route-hold 10
set sync-config enable
set encryption disable
set authentication disable
set hb-interval 2
set hb-lost-threshold 20
set helo-holddown 20
set arps 5
set arps-interval 8
set session-pickup disable
set link-failed-signal disable
set uninterruptable-upgrade enable
set ha-eth-type "8890"
set hc-eth-type "8891"
set l2ep-eth-type "8893"
set ha-uptime-diff-margin 300
set override disable
set priority 128
set pingserver-failover-threshold 0
set pingserver-flip-timeout 60
end
config system dns
set primary 208.91.112.53
set secondary 208.91.112.52
set domain ''
set ip6-primary ::
set ip6-secondary ::
set dns-cache-limit 5000
set dns-cache-ttl 1800
set cache-notfound-responses disable
set source-ip 0.0.0.0
end
config system replacemsg-image
edit "logo_fnet"
set image-base64 ''
set image-type gif
next
edit "logo_fguard_wf"
set image-base64 ''
set image-type gif
next
edit "logo_fw_auth"
set image-base64 ''
set image-type png
next
edit "logo_v2_fnet"
set image-base64 ''
set image-type png
next
edit "logo_v2_fguard_wf"
set image-base64 ''
set image-type png
next
end
config system replacemsg mail "email-block"
set buffer "Potentially Dangerous Attachment Removed. The file \"%%FILE%%\"
has been blocked. File quarantined as: \"%%QUARFILENAME%%\"."
set header 8bit
set format text
end
config system replacemsg mail "email-virus"
set buffer "Dangerous Attachment has been Removed. The file \"%%FILE%%\" ha
s been removed because of a virus. It was infected with the \"%%VIRUS%%\" virus
. File quarantined as: \"%%QUARFILENAME%%\".\"%%VIRUS_REF_URL%%\""
set header 8bit
set format text
end
config system replacemsg mail "email-dlp"
set buffer "This email has been blocked. The email message appeared to cont
ain a data leak."
set header 8bit
set format text
end
config system replacemsg mail "email-dlp-subject"
set buffer "Data leak detected!"
set header 8bit
set format text
end
config system replacemsg mail "email-dlp-ban"
set buffer "This email has been blocked because a data leak was detected. P
lease contact your admin to be re-enabled."
set header 8bit
set format text
end
config system replacemsg mail "email-dlp-ban-sender"
set buffer "This email has been blocked because the sender has sent a data l
eak. Please contact your admin to be re-enabled."
set header 8bit
set format text
end
config system replacemsg mail "email-filesize"
set buffer "This email has been blocked. The email message is larger than t
he configured file size limit."
set header 8bit
set format text
end
config system replacemsg mail "partial"
set buffer "Fragmented emails are blocked."
set header 8bit
set format text
end
config system replacemsg mail "smtp-block"
set buffer "The file %%FILE%% has been blocked. File quarantined as: %%QUARF
ILENAME%%"
set header none

set format text
end
config system replacemsg mail "smtp-virus"
set buffer "The file %%FILE%% has been infected with the virus %%VIRUS%% Fil
e quarantined as %%QUARFILENAME%%"
set header none
set format text
end
config system replacemsg mail "smtp-filesize"
set buffer "This message is larger than the configured limit and has been bl
ocked."
set header none
set format text
end
config system replacemsg http "bannedword"
set buffer "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01//EN\">
<html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8
\"><style type=\"text/css\">html,body{height:100%;padding:0;margin:0;}.oc{displa
y:table;width:100%;height:100%;}.ic{display:table-cell;vertical-align:middle;hei
ght:100%;}div.msg{display:block;border:1px solid #30c;padding:0;width:500px;font
-family:helvetica,sans-serif;margin:10px auto;}h1{font-weight:bold;color:#fff;fo
nt-size:14px;margin:0;padding:2px;text-align:center;background: #30c;}p{font-siz
e:12px;margin:15px auto;width:75%;font-family:helvetica,sans-serif;text-align:le
ft;}</style><title>The URL you requested has been blocked</title></head><body><d
iv class=\"oc\"><div class=\"ic\"><div class=\"msg\"><h1>The URL you requested h
as been blocked</h1><p>The page you requested has been blocked because it contai
ns a banned word.<br /><br />URL = %%PROTOCOL%%%%URL%%<br />%%OVERRIDE%%</p></di
v></div></div></body></html>"
set header http
set format html
end
config system replacemsg http "url-block"
ft;}</style><title>The URL you requested has been blocked</title></head><body><d
iv class=\"oc\"><div class=\"ic\"><div class=\"msg\"><h1>The URL you requested h
as been blocked</h1><p>The page you have requested has been blocked, because the
URL is banned.<br /><br />URL = %%URL%%<br />%%OVERRIDE%%</p></div></div></div>
</body></html>"
set header http
set format html
end
config system replacemsg http "urlfilter-err"
ft;}</style><title>Web Page Blocked</title></head><body><div class=\"oc\"><div c
lass=\"ic\"><div class=\"msg\"><h1>Web Page Blocked</h1><p>%%URLFILTER_ERROR%% <
br /><br />Web filter service error: %%URLFILTER_ERROR_DETAIL%%</p></div></div><

/div></body></html>"
set header http
set format html
end
config system replacemsg http "infcache-block"
ft;}</style><title>High Security Alert!!</title></head><body><div class=\"oc\"><
div class=\"ic\"><div class=\"msg\"><h1>High Security Alert!!</h1><p>The URL you
requested was previously found to be infected.<br /><br />URL = %%PROTOCOL%%%%U
RL%%</p></div></div></div></body></html>"
set header http
set format html
end
config system replacemsg http "http-block"
div class=\"ic\"><div class=\"msg\"><h1>High Security Alert!!</h1><p>You are not
permitted to download the file \"%%FILE%%\"<br /><br />URL = %%PROTOCOL%%%%URL%
%</p></div></div></div></body></html>"
set header http
set format html
end
config system replacemsg http "http-virus"
permitted to download the file \"%%FILE%%\" because it is infected with the vir
us \"%%VIRUS%%\".<br /><br />URL = %%PROTOCOL%%%%URL%%<br /><br />File quarantin
ed as: %%QUARFILENAME%%.<br /><br />%%VIRUS_REF_URL%%</p></div></div></div></bod
y></html>"
set header http
set format html
end
config system replacemsg http "http-filesize"

ft;}</style><title>Attention!!</title></head><body><div class=\"oc\"><div class=
\"ic\"><div class=\"msg\"><h1>Attention!!</h1><p>The file \"%%FILE%%\" has been
blocked. The file is larger than the configured file size limit.<br /><br />URL
= %%PROTOCOL%%%%URL%%</p></div></div></div></body></html>"
set header http
set format html
end
config system replacemsg http "http-dlp"
\"ic\"><div class=\"msg\"><h1>Attention!!</h1><p>The transfer attempted appeared
to contain a data leak!<br /><br />URL = %%PROTOCOL%%%%URL%%</p></div></div></d
iv></body></html>"
set header http
set format html
end
config system replacemsg http "http-dlp-ban"
\"ic\"><div class=\"msg\"><h1>Attention!!</h1><p>Your user authentication or IP
address has been banned due to a detected data leak.You need an admin to re-enab
le your computer.<br /><br />URL = %%PROTOCOL%%%%URL%%</p></div></div></div></bo
dy></html>"
set header http
set format html
end
config system replacemsg http "http-archive-block"
set buffer "<HTML><BODY> <h2>Attention!!!</h2><p>The transfer contained an
archive that has been blocked.</p><p>URL = %%PROTOCOL%%%%URL%%</p> </BODY></HTML
>"
set header http
set format html
end
config system replacemsg http "http-contenttypeblock"

\"ic\"><div class=\"msg\"><h1>Attention!!</h1><p>Content-type not permitted<br /
><br />URL = %%PROTOCOL%%%%URL%%
<br />%%OVERRIDE%%</p></div></div></div></body></html>"
set header http
set format html
end
config system replacemsg http "https-invalid-cert-block"
set buffer "<html><head><title>Untrusted Connection</title></head><body><fon
t size=2><table width=\"100%\"><tr><td>%%FORTIGUARD_WF%%</td><td align=\"right\"
>%%FORTINET%%</td></tr><tr><td bgcolor=#ff6600 align=\"center\" colspan=2><font
color=#ffffff><b>This Connection is Untrusted</b></font></td></tr></table><br><b
r>A secure connection to %%HOSTNAME%% cannot be established.<br>
Normally, when you try to connect securely, sites will present trusted identific
ation to prove that you are going to the right place. However, this site\'s iden
tity can\'t be verified.<br>
<table><tr><td>Site:</td><td>%%HOSTNAME%%</td></tr>
<tr><td>Certificate CN:</td><td>%%CN%%</td></tr>
<tr><td>Certificate Authority:</td><td>%%AUTHORITY%%</td></tr>
<tr><td>Certificate Authority Validity:</td><td>Not Before: %%START_VALID%%<br>N
ot After: %%END_VALID%%</td></tr>
</table>
</font></body></html>"
set header http
set format html
end
config system replacemsg http "http-client-block"
\"ic\"><div class=\"msg\"><h1>Attention!!</h1><p>You are not permitted to upload
the file \"%%FILE%%\".<br /><br />URL = %%PROTOCOL%%%%URL%%</p></div></div></di
v></body></html>"
set header http
set format html
end
config system replacemsg http "http-client-virus"
permitted to upload the file \"%%FILE%%\" because it isinfected with the virus
\"%%VIRUS%%\".<br /><br />URL = %%PROTOCOL%%%%URL%%<br /><br />File quarantined
as: %%QUARFILENAME%%.<br /><br />%%VIRUS_REF_URL%%</p></div></div></div></body><
/html>"
set header http
set format html
end
config system replacemsg http "http-client-filesize"

\"ic\"><div class=\"msg\"><h1>Attention!!</h1><p>You request has been blocked. T
he request is larger than the configured file size limit.<br /><br />URL = %%PRO
TOCOL%%%%URL%%</p></div></div></div></body></html>"
set header http
set format html
end
config system replacemsg http "http-client-bannedword"
\"ic\"><div class=\"msg\"><h1>Attention!!</h1><p>The page you uploaded has been
blocked because it contains a banned word.<br /><br />URL = %%PROTOCOL%%%%URL%%<
/p></div></div></div></body></html>"
set header http
set format html
end
config system replacemsg http "http-post-block"
\"ic\"><div class=\"msg\"><h1>Attention!!</h1><p>HTTP POST action is not allowed
for policy reasons.</p></div></div></div></body></html>"
set header http
set format html
end
config system replacemsg http "http-client-archive-block"
set buffer "<HTML> <BODY> <h2>High security alert!!!</h2> <p>You are not per
mitted to upload the file \"%%FILE%%\".</p> <p>URL = %%PROTOCOL%%%%URL%%</p> </B
ODY> </HTML>"
set header http
set format html
end
config system replacemsg webproxy "deny"
ft;}</style><title>Access Denied</title></head><body><div class=\"oc\"><div clas
s=\"ic\"><div class=\"msg\"><h1>Access Denied</h1><p>The page you requested has
been blocked by a firewall policy restriction.</p></div></div></div></body></htm
l>"
set header http
set format html
end
config system replacemsg webproxy "user-limit"
ft;}</style><title>Access Denined</title></head><body><div class=\"oc\"><div cla
ss=\"ic\"><div class=\"msg\"><h1>Access Denined</h1><p>The maximum web proxy use
r limit has been reached.</p></div></div></div></body></html>"
set header http
set format html
end
config system replacemsg webproxy "auth-challenge"
ft;}</style><title>Firewall Authentication</title></head><body><div class=\"oc\"
><div class=\"ic\"><div class=\"msg\"><h1>Firewall Authentication</h1><p>You mus
t authenticate to use this service.</p></div></div></div></body></html>"
set header http
set format html
end
config system replacemsg webproxy "auth-login-fail"
ft;}</style><title>Firewall Authentication</title></head><body><div class=\"oc\"
><div class=\"ic\"><div class=\"msg\"><h1>Firewall Authentication</h1><p>Authent
ication Failed</p></div></div></div></body></html>"
set header http
set format html
end
config system replacemsg webproxy "auth-authorization-fail"

ft;}</style><title>Firewall Authorization</title></head><body><div class=\"oc\">
<div class=\"ic\"><div class=\"msg\"><h1>Firewall Authorization</h1><p>Authoriza
tion Failed</p></div></div></div></body></html>"
set header http
set format html
end
config system replacemsg webproxy "http-err"
ft;}</style><title>%%HTTP_ERR_CODE%% %%HTTP_ERR_DESC%%</title></head><body><div
class=\"oc\"><div class=\"ic\"><div class=\"msg\"><h1>%%HTTP_ERR_CODE%% %%HTTP_E
RR_DESC%%</h1><p>The webserver for %%PROTOCOL%%%%URL%% reported that an error oc
curred while trying to access the website. Please click <u><a href=\"javascript
:history.back()\">here</a></u> to return to the previous page.</p></div></div></
div></body></html>"
set header http
set format html
end
config system replacemsg ftp "ftp-dl-infected"
set buffer "Transfer failed. The file %%FILE%% is infected with the virus %
%VIRUS%%. File quarantined as %%QUARFILENAME%%."
set header none
set format text
end
config system replacemsg ftp "ftp-dl-blocked"
set buffer "Transfer failed. You are not permitted to transfer the file \"%
%FILE%%\"."
set header none
set format text
end
config system replacemsg ftp "ftp-dl-filesize"
set buffer "File size limit exceeded."
set header none
set format text
end
config system replacemsg ftp "ftp-dl-dlp"
set buffer "Transfer failed. Data leak detected \"%%FILE%%\"."
set header none
set format text
end
config system replacemsg ftp "ftp-dl-dlp-ban"
set buffer "Transfer failed. You are banned from transmitting due to a dete
cted data leak. Contact your admin to be re-enabled."
set header none
set format text
end
config system replacemsg ftp "ftp-explicit-banner"
set buffer "Welcome to Fortigate FTP proxy"
set header none
set format text
end
config system replacemsg ftp "ftp-dl-archive-block"
set buffer "Transfer failed. Archive \"%%FILE%%\" has been blocked."
set header none
set format text
end
config system replacemsg nntp "nntp-dl-infected"
set buffer "Dangerous Attachment has been Removed. The file \"%%FILE%%\" ha
s been removed because of a virus. It was infected with the \"%%VIRUS%%\" virus
. File quarantined as: \"%%QUARFILENAME%%\"."
set header none
set format text
end
config system replacemsg nntp "nntp-dl-blocked"
set buffer "The file %%FILE%% has been blocked. File quarantined as: %%QUARF
ILENAME%%"
set header none
set format text
end
config system replacemsg nntp "nntp-dl-filesize"
set buffer "This article has been blocked. The article is larger than the c
onfigured file size limit."
set header none
set format text
end
config system replacemsg nntp "nntp-dlp"
set buffer "This article has been blocked. It appears to contain a data lea
k."
set header none
set format text
end
config system replacemsg nntp "nntp-dlp-subject"
set buffer "Data leak detected!"
set header none
set format text
end
config system replacemsg nntp "nntp-dlp-ban"
set buffer "this article has been blocked. The user is banned for sending a
data leak. Please contact your admin to be re-enabled."
set header none
set format text
end
config system replacemsg fortiguard-wf "ftgd-block"
set buffer "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"
>
<html>
<head>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">
<title>Web Filter Violation</title>
<style type=\"text/css\">
html, body { margin: 0; padding: 0; font-family: Verdana, Arial, sans-se
rif; font-size: 10pt; }
h1, h2 { height: 82px; text-indent: -999em; margin: 0; padding: 0; margi
n: 0; }
div { margin: 0; padding: 0; }
div.header { background: url(%%IMAGE:logo_v2_fnet%%) 0 0 repeat-x; heigh
t: 82px; }
div.header h1 { background: url(%%IMAGE:logo_v2_fguard_wf%%) 0 0 no-repe
at; }
div.header h2 { background: url(%%IMAGE:logo_v2_fnet%%) 0 -82px no-repea
t; width: 160px; float: right; }

div.sidebar { width: 195px; height: 200px; float: left; }
div.main { padding: 5px; margin-left: 195px; }
div.buttons { margin-top: 30px; text-align: right; }
h3 { margin: 36px 0; font-size: 16pt; }
.blocked
h3 { color: #c00; }
.authenticate h3 { color: #36c; }
h2.fgd_icon { background: url(%%IMAGE:logo_v2_fnet%%) 0 -166px repeat-x;
width: 90px; height: 92px; margin: 48px auto; }
.blocked
h2.fgd_icon { background-position: 0 -166px; }
.authenticate h2.fgd_icon { background-position: -89px -166px; }
form { width: 300px; margin: 30px 0; }
label { display: block; width: 300px; margin: 5px 0; line-height: 25px;
}
label input { width: 200px; border: 1px solid #7f9db9; height: 20px; flo
at: right; }
</style>
</head>
<body class=\"blocked\">
<div class=\"header\">
<h2>Powered By Fortinet</h2>
<h1>FortiGuard Web Filtering</h1>
</div>
<div class=\"sidebar\">
<h2 class=\"fgd_icon\">blocked</h2>
</div>
<div class=\"main\">
<h3>Web Page Blocked!</h3>
<div class=\"notice\">
<p>You have tried to access a web page which is in violation of your interne
t usage policy.</p>
<p>
URL: %%URL%%<br />
Category: %%CATEGORY%%
</p>
<p>
%%OVERRIDE%%
</p>
<p> To have the rating of this web page re-evaluated <a href=\"%%FTGD_RE_EVA
L%%\">please click here</a>.</p>
</div>
</div>
</body>
</html>"
set header http
set format html
end
config system replacemsg fortiguard-wf "http-err"
>
<html>
<head>
<title>%%HTTP_ERR_CODE%% %%HTTP_ERR_DESC%%</title>
n: 0; }

t: 82px; }
at; }
.blocked
h3 { color: #c00; }
.blocked
}
at: right; }
</style>
</head>
</div>
</div>
<h3>%%HTTP_ERR_CODE%% %%HTTP_ERR_DESC%%</h3><div class=\"notice\">The webserver
for %%URL%% reported that an error occurred while trying to access the website.P
lease click <a onclick=\"history.back()\">here</a> to return to the previous pag
e.</div>
</div>
</body>
</html>"
set header http
set format html
end
config system replacemsg fortiguard-wf "ftgd-ovrd"
>
<html>
<head>
<title>Web Filter Block Override</title>
n: 0; }
t: 82px; }
at; }

.blocked
h3 { color: #c00; }
.blocked
}
at: right; }
</style>
</head>
<body class=\"authenticate\">
</div>
<h2 class=\"fgd_icon\">authenticate</h2>
</div>
<h3>Web Filter Block Override</h3><div class=\"notice\">If you have been granted
override creation privileges by your administrator, you can enter your username
and password here to gain immediate access to the blocked web-page. If you do
not have these privileges, please contact your administrator to gain access to t
he web-page.</div> <div>%%OVRD_FORM%%</div>
</div>
</body>
</html>"
set header http
set format html
end
config system replacemsg fortiguard-wf "ftgd-quota"
>
<html>
<head>
<title>Web Filter Quota Exceeded</title>
n: 0; }
t: 82px; }
at; }
.blocked
h3 { color: #c00; }

.blocked
}
at: right; }
</style>
</head>
</div>
</div>
<h3>Web Page Blocked</h3><div class=\"notice\">
<p>Your daily quota for this
category of webpage has expired, in accordance with your internet usage policy.<
/p>
<p>
URL: %%URL%%<br />
</p>
<p>
%%OVERRIDE%%
</p>
</div>
</div>
</body>
</html>"
set header http
set format html
end
config system replacemsg fortiguard-wf "ftgd-warning"
>
<html>
<head>
<title>Web Filter Block Override</title>
n: 0; }
t: 82px; }
at; }

.blocked
h3 { color: #c00; }
.blocked
}
at: right; }
</style>
</head>
<body class=\"authenticate\">
</div>
<h2 class=\"fgd_icon\">authenticate</h2>
</div>
<h3>Web Page Blocked!</h3>
<div class=\"notice\">
<p>You have tried to access a web page which is in violation of your interne
t usage policy.</p>
<p>
URL: %%URL%%<br />
</p>
</div>
<div>
<form>
<input type=\"button\" value=\"Proceed\" onclick=\"document.location.href
=\'%%WARNINGLINK%%\'; return false;\">
<input type=\"button\" value=\"Go Back\" onclick=\'history.go(-1); return
false\'>
</form>
</div>
</div>
</body>
</html>"
set header http
set format html
end
config system replacemsg spam "ipblocklist"
set buffer "Mail from this IP address is not allowed and has been blocked."
set header none
set format text
end
config system replacemsg spam "smtp-spam-dnsbl"
set buffer "This message has been blocked because it is from a DNSBL/ORDBL I
P address."
set header none
set format text
end
config system replacemsg spam "smtp-spam-feip"
set buffer "This message has been blocked because it is from a FortiGuard AntiSpam black IP address."
set header none
set format text
end
config system replacemsg spam "smtp-spam-helo"
set buffer "This message has been blocked because the HELO/EHLO domain is in
valid."
set header none
set format text
end
config system replacemsg spam "smtp-spam-emailblack"
set buffer "Mail from this email address is not allowed and has been blocke
d."
set header none
set format text
end
config system replacemsg spam "smtp-spam-mimeheader"
set buffer "This message has been blocked because it contains an invalid hea
der."
set header none
set format text
end
config system replacemsg spam "reversedns"
set buffer "This message has been blocked because the return email domain is
invalid."
set header none
set format text
end
config system replacemsg spam "smtp-spam-bannedword"
set buffer "This message has been blocked because it contains a banned word.
"
set header none
set format text
end
config system replacemsg spam "smtp-spam-ase"
set buffer "This message has been blocked because ASE reports it as spam. "
set header none
set format text
end
config system replacemsg spam "submit"
set buffer "If this email is not spam, click here to submit the signatures t
o FortiGuard - AntiSpam Service."
set header none
set format text
end
config system replacemsg im "im-file-xfer-block"
set buffer "Transfer failed. You are not permitted to transfer the file \"%
%FILE%%\"."
set header none
set format text
end
config system replacemsg im "im-file-xfer-name"
set buffer "Transfer %%ACTION%%. The file name \"%%FILE%%\" matches the con
figured file name block list."
set header none
set format text
end
config system replacemsg im "im-file-xfer-infected"
set buffer "Transfer %%ACTION%%. The file \"%%FILE%%\" is infected with the
virus %%VIRUS%%. File quarantined as %%QUARFILENAME%%."

set header none
set format text
end
config system replacemsg im "im-file-xfer-size"
set buffer "Transfer %%ACTION%%. The file \"%%FILE%%\" is larger than the c
onfigured limit."
set header none
set format text
end
config system replacemsg im "im-dlp"
set buffer "Transfer %%ACTION%%. The file \"%%FILE%%\" contains a data leak
."
set header none
set format text
end
config system replacemsg im "im-dlp-ban"
set buffer "Transfer %%ACTION%%. The user is banned because of a detected d
ata leak."
set header none
set format text
end
config system replacemsg im "im-voice-chat-block"
set buffer "Connection failed. You are not permitted to use voice chat."
set header none
set format text
end
config system replacemsg im "im-video-chat-block"
set buffer "Connection failed. You are not permitted to use video chat."
set header none
set format text
end
config system replacemsg im "im-photo-share-block"
set buffer "Photo sharing failed. You are not permitted to share photo."
set header none
set format text
end
config system replacemsg im "im-long-chat-block"
set buffer "Message blocked. The message is longer than the configured limi
t."
set header none
set format text
end
config system replacemsg alertmail "alertmail-virus"
set buffer "Virus/Worm detected: %%VIRUS%% Protocol: %%PROTOCOL%% Source IP:
%%SOURCE_IP%% Destination IP: %%DEST_IP%% Email Address From: %%EMAIL_FROM%% Em
ail Address To: %%EMAIL_TO%% %%VIRUS_REF_URL%%"
set header none
set format text
end
config system replacemsg alertmail "alertmail-block"
set buffer "File Block Detected: %%FILE%% Protocol: %%PROTOCOL%% Source IP:
%%SOURCE_IP%% Destination IP: %%DEST_IP%% Email Address From: %%EMAIL_FROM%% Ema
il Address To: %%EMAIL_TO%% "
set header none
set format text
end
config system replacemsg alertmail "alertmail-nids-event"
set buffer "The following intrusion was observed: %%NIDS_EVENT%%."
set header none
set format text

end
config system replacemsg alertmail "alertmail-crit-event"
set buffer "The following critical firewall event was detected: %%CRITICAL_E
VENT%%."
set header none
set format text
end
config system replacemsg alertmail "alertmail-disk-full"
set buffer "The log disk is Full."
set header none
set format text
end
config system replacemsg admin "admin-disclaimer-text"
set buffer "W A R N I N G W A R N I N G W A R N I N G W A R N I N G
This is a private computer system. Unauthorized access or use
is prohibited and subject to prosecution and/or disciplinary
action. All use of this system constitutes consent to
monitoring at all times and users are not entitled to any
expectation of privacy. If monitoring reveals possible evidence
of violation of criminal statutes, this evidence and any other
related information, including identification information about
the user, may be provided to law enforcement officials.
If monitoring reveals violations of security regulations or
unauthorized use, employees who violate security regulations or
make unauthorized use of this system are subject to appropriate
disciplinary action.
W A R N I N G W A R N I N G W A R N I N G W A R N I N G
"
set header none
set format text
end
config system replacemsg auth "auth-disclaimer-page-1"
ght:100%;}form{display:block;background:#ccc;border:2px solid red;padding:0 0 25
px 0;width:500px;font-family:helvetica,sans-serif;font-size:14px;margin:10px aut
o;}.fel,.fer,.fec{text-align:center;width:350px;margin:0 auto;padding:10px;}.fel
{text-align:left;}.fer{text-align:right;}h1{font-weight:bold;font-size:21px;marg
in:0;padding:20px 10px;text-align:center;}p{margin:15px auto;width:75%;text-alig
n:left;}ul{margin:15px auto;width:75%;}h2{margin:25px 10px;font-weight:bold;text
-align:center;}label,h2{font-size:16px;}.logo{background:#eee center 25px url(%%
IMAGE:logo_fw_auth%%) no-repeat;padding-top:80px;}</style><title>Firewall Discla
imer</title></head><body><div class=\"oc\"><div class=\"ic\"><form action=\"/\"
method=\"post\"><input type=\"hidden\" name=\"%%REDIRID%%\" value= \"%%PROTURI%%
\"><input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL%%\"><input typ
e=\"hidden\" name=\"%%ANSWERID%%\" value=\"%%DECLINEVAL%%\"><h1 class=\"logo\">T
erms and Disclaimer Agreement</h1><p>You are about to access Internet content th
at is not under the control of the network access provider. The network access
provider is therefore not responsible for any of these sites, their content or t
heir privacy policies. The network access provider and its staff do not endorse
nor make any representations about these sites, or any information, software or
other products or materials found there, or any results that may be obtained fro
m using them. If you decide to access any Internet content, you do this entirely
at your own risk and you are responsible for ensuring that any accessed materia
l does not infringe the laws governing, but not exhaustively covering, copyright
, trademarks, pornography, or any other material which is slanderous, defamatory
or might cause offence in any other way.</p><h2>Do you agree to the above terms
?</h2><div class=\"fec\"><input type=\"submit\" value= \"Yes, I agree\" onclick=

\"sb(\'%%AGREEVAL%%\')\"><input type=\"submit\" value= \"No, I decline\" onclick
=\"sb(\'%%DECLINEVAL%%\')\"></div></form></div></div><script>function sb(val) {
document.forms[0].%%ANSWERID%%.value = val; document.forms[0].submit(); }</scrip
t></body></html>"
set header http
set format html
end
set buffer ''
set header http
set format html
end
set buffer ''
set header http
set format html
end
config system replacemsg auth "auth-reject-page"
imer Declined</title></head><body><div class=\"oc\"><div class=\"ic\"><form acti
on=\"/\" method=\"post\"><input type=\"hidden\" name=\"%%REDIRID%%\" value= \"%%
PROTURI%%\"><input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL%%\"><
h1 class=\"logo\">Disclaimer Declined</h1><p>Sorry, network access cannot be gra
nted unless you agree to the disclaimer.</p><div class=\"fec\"><input type=\"sub
mit\" value= \"Return to Disclaimer\"></div></form></div></div></body></html>"
set header http
set format html
end
config system replacemsg auth "auth-login-page"
IMAGE:logo_fw_auth%%) no-repeat;padding-top:80px;}</style><title>Firewall Authen
tication</title></head><body><div class=\"oc\"><div class=\"ic\"><form action=\"
%%AUTH_POST_URL%%\" method=\"post\"><input type=\"hidden\" name=\"%%REDIRID%%\"
value= \"%%PROTURI%%\"><input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAG
ICVAL%%\"><h1 class=\"logo\">Authentication Required</h1><h2>%%QUESTION%%</h2><d
iv class=\"fer\"><label for=\"ft_un\">Username:</label> <input name=\"%%USERNAME
ID%%\" id=\"ft_un\" style=\"width:245px\"><br></div><div class=\"fer\"><label fo
r=\"ft_pd\">Password:</label> <input name=\"%%PASSWORDID%%\" id=\"ft_pd\" type=\
"password\" style=\"width:245px\"></div><div class=\"fer\"><input type=\"submit\

" value= \"Continue\"></div></form></div></div></body></html>"
set header http
set format html
end
config system replacemsg auth "auth-login-failed-page"
%%AUTH_POST_URL%%\" method=\"post\"><input type=\"hidden\" name=\"%%REDIRID%%\"
value= \"%%PROTURI%%\"><input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAG
ICVAL%%\"><h1 class=\"logo\">Authentication Failed</h1><h2>%%FAILED_MESSAGE%%</h
2><div class=\"fer\"><label for=\"ft_un\">Username:</label> <input name=\"%%USER
NAMEID%%\" id=\"ft_un\" style=\"width:245px\"><br></div><div class=\"fer\"><labe
l for=\"ft_pd\">Password:</label> <input name=\"%%PASSWORDID%%\" id=\"ft_pd\" ty
pe=\"password\" style=\"width:245px\"></div><div class=\"fer\"><input type=\"sub
mit\" value= \"Continue\"></div></form></div></div></body></html>"
set header http
set format html
end
config system replacemsg auth "auth-success-msg"
set buffer "Welcome to Fortinet Firewall
Authentication is successful, please connect again"
set header none
set format text
end
config system replacemsg auth "auth-challenge-page"
/\" method=\"post\"><input type=\"hidden\" name=\"%%USERNAMEID%%\" value=\"%%USE
RNAMEVAL%%\"><input type=\"hidden\" name=\"%%REQUESTID%%\" value=\"%%REQUESTVAL%
%\"><input type=\"hidden\" name=\"%%USERGROUPID%%\" value=\"%%USERGROUPVAL%%\"><
input type=\"hidden\" name=\"%%REDIRID%%\" value=\"%%PROTURI%%\"><input type=\"h
idden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL%%\"><h1 class=\"logo\">Authentic
ation Required</h1><h2>%%QUESTION%%</h2><div class=\"fer\"><label for=\"ft_pd\">
Password:</label> <input name=\"%%PASSWORDID%%\" id=\"ft_pd\" type=\"password\"
style=\"width:245px\"></div><div class=\"fer\"><input type=\"submit\" value= \"C
ontinue\"></div></form></div></div></body></html>"
set header http
set format html

end
config system replacemsg auth "auth-keepalive-page"
tication Keepalive Window</title></head><body><div class=\"oc\"><div class=\"ic\
"><form action=\"/\" method=\"post\"><h2>This browser window is used to keep you
r authentication session active.</h2>
<h2>Please leave it open in the background and open a <a href=\"%%AUTH_REDIR_URL
%%\" target=\"_blank\">new window</a> to continue.</h2>
<p>Authentication Refresh in <b id=countdown>%%TIMEOUT%%</b> seconds</p>
<p><a href=\"%%AUTH_LOGOUT%%\">logout</a></p>
<p>%%QUOTA_TABLE%%</p>
<script language=\"javascript\">
var countDownTime=%%TIMEOUT%% + 1;
function countDown(){
countDownTime--;
if (countDownTime <= 0){
location.href=\"%%KEEPALIVEURL%%\";
return;
}
document.getElementById(\'countdown\').innerHTML = countDownTime;
counter=setTimeout(\"countDown()\", 1000);
}
function startit(){
countDown();
}
window.onload=startit
</script>
</form></div></div></body></html>"
set header http
set format html
end
config system replacemsg auth "auth-fortitoken-page"
%%AUTH_POST_URL%%\" method=\"post\"><input type=\"hidden\" name=\"%%REQUESTID%%\
" value= \"%%REQUESTVAL%%\"><input type=\"hidden\" name=\"%%REDIRID%%\" value= \
"%%PROTURI%%\"><input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL%%\
"><h1 class=\"logo\">FortiToken Code Required</h1><h2>%%QUESTION%%</h2><div clas

s=\"fer\"><label for=\"ft_tc\">Token Code:</label> <input name=\"%%TOKENCODE%%\"
id=\"ft_tc\" style=\"width:245px\"><br></div><div class=\"fer\"><input type=\"s
ubmit\" value= \"Continue\"></div></form></div></div></body></html>"
set header http
set format html
end
config system replacemsg auth "auth-email-token-page"
"><h1 class=\"logo\">Email Token Code Required</h1><h2>%%QUESTION%%</h2><div cla
ss=\"fer\"><label for=\"ft_tc\">Token Code:</label> <input name=\"%%TOKENCODE%%\
" id=\"ft_tc\" style=\"width:245px\"><br></div><div class=\"fer\"><input type=\"
submit\" value= \"Continue\"></div></form></div></div></body></html>"
set header http
set format html
end
config system replacemsg auth "auth-sms-token-page"
"><h1 class=\"logo\">SMS Token Code Required</h1><h2>%%QUESTION%%</h2><div class
=\"fer\"><label for=\"ft_tc\">Token Code:</label> <input name=\"%%TOKENCODE%%\"
id=\"ft_tc\" style=\"width:245px\"><br></div><div class=\"fer\"><input type=\"su
bmit\" value= \"Continue\"></div></form></div></div></body></html>"
set header http
set format html
end
config system replacemsg captive-portal-dflt "cpa-disclaimer-page-1"

imer</title></head><body><div class=\"oc\"><div class=\"ic\"><form action=\"/\"
method=\"post\"><input type=\"hidden\" name=\"%%REDIRID%%\" value= \"%%PROTURI%%
\"><input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL%%\"><input typ
e=\"hidden\" name=\"%%ANSWERID%%\" value=\"%%DECLINEVAL%%\"><h1 class=\"logo\">S
SID \"%%CPAUTH_SSID%%\" Terms and Disclaimer Agreement</h1><p>You are about to a
ccess Internet content that is not under the control of the network access provi
der. The network access provider is therefore not responsible for any of these
sites, their content or their privacy policies. The network access provider and
its staff do not endorse nor make any representations about these sites, or any
information, software or other products or materials found there, or any results
that may be obtained from using them. If you decide to access any Internet cont
ent, you do this entirely at your own risk and you are responsible for ensuring
that any accessed material does not infringe the laws governing, but not exhaust
ively covering, copyright, trademarks, pornography, or any other material which
is slanderous, defamatory or might cause offence in any other way.</p><h2>Do you
agree to the above terms?</h2><div class=\"fec\"><input type=\"submit\" value=
\"Yes, I agree\" onclick=\"sb(\'%%AGREEVAL%%\')\"><input type=\"submit\" value=
\"No, I decline\" onclick=\"sb(\'%%DECLINEVAL%%\')\"></div></form></div></div><s
cript>function sb(val) { document.forms[0].%%ANSWERID%%.value = val; document.fo
rms[0].submit(); }</script></body></html>"
set header http
set format html
end
set buffer ''
set header http
set format html
end
set buffer ''
set header http
set format html
end
config system replacemsg captive-portal-dflt "cpa-reject-page"
imer Declined</title></head><body><div class=\"oc\"><div class=\"ic\"><form acti
on=\"/\" method=\"post\"><input type=\"hidden\" name=\"%%REDIRID%%\" value= \"%%
PROTURI%%\"><input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL%%\"><
h1 class=\"logo\">SSID \"%%CPAUTH_SSID%%\" Disclaimer Declined</h1><p>Sorry, net
work access cannot be granted unless you agree to the disclaimer.</p><div class=
\"fec\"><input type=\"submit\" value= \"Return to Disclaimer\"></div></form></di
v></div></body></html>"
set header http
set format html
end
config system replacemsg captive-portal-dflt "cpa-login-page"
><html><head><style type=\"text/css\">html,body{height:100%;padding:0;margin:0;f
ont-size:small;text-align:center;font-family:helvetica,sans-serif;} form{display
:block;background:#ccc;border:2px solid red;padding: 0;width:500px;margin:10px a
uto;} div{padding: 1px; zoom: 1;} p {margin: 10px 15px;} h1{font-weight:bold;fon
t-size:21px;margin:0;padding:10px;text-align:center;} ul{margin:15px auto;width:
75%;} h2{margin:15px;font-weight:bold;text-align:left;} label,h2{font-size:12px;
} table{width:100%; height: 100%; font-size: 12px;} td{vertical-align:middle; te
xt-align: center;} .msg, label{font-weight:bold;} #ft_sm { background: #eee; tex
t-align: left; } #ft_sb div { text-align: right; width: 75%; margin: 5px auto; p
adding: 5px; } .dci{overflow:auto;height:150px;border:1px solid #7f9db9; backgro
und:#fff; padding: 5px; font-family:verdana,monospace; font-size:12px; text-alig
n:left;} .fl{display:inline;float:left;margin: 2px;} .logo{background:#ccc cente
r 25px url(%%IMAGE:logo_fw_auth%%) no-repeat;padding-top:80px;} .hl{color:#ff600
0;}</style><title>Firewall Authentication</title></head><body><table><tr><td><fo
rm action=\"/\" method=\"post\"><input type=\"hidden\" name=\"%%REDIRID%%\" valu
e=\"%%PROTURI%%\"><input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL
%%\"><div id=\"ft_st\"><h1 class=\"logo\">Terms and Disclaimer Agreement</h1></d
iv><div id=\"ft_sm\"><p class=\"dci\">You are about to access Internet content t
hat is not under the control of the network access provider. The network access
provider is therefore not responsible for any of these sites, their content or
their privacy policies. The network access provider and its staff do not endorse
other products or materials found there, or any results that may be obtained fr
om using them. If you decide to access any Internet content, you do this entirel
y at your own risk and you are responsible for ensuring that any accessed materi
al does not infringe the laws governing, but not exhaustively covering, copyrigh
t, trademarks, pornography, or any other material which is slanderous, defamator
y or might cause offence in any other way.</p><p><input type=\"checkbox\" id=\"f
t_ad\"><label for=\"ft_ad\" id=\"ft_adl\">I accept the terms and disclaimer agre
ement</label></p></div><div id=\"ft_sb\"><h2>Authentication for SSID: %%CPAUTH_S
SID%%</h2><p id=\"note\" class=\"msg\">Please enter your username and password t
o continue</p><div id=\"auth\"><p><label class=\"fl\" for=\"ft_un\">Username:</l
abel> <input name=\"%%USERNAMEID%%\" id=\"ft_un\" style=\"width:245px\"></p><p><
label class=\"fl\" for=\"ft_pd\">Password:</label> <input name=\"%%PASSWORDID%%\
" id=\"ft_pd\" type=\"password\" style=\"width:245px\"></p><p><input type=\"subm
it\" id=\"ft_ci\" value=\"Continue\"></p></div></div></form></td></tr></table><s
cript>var def_msg = \"Please enter your username and password to continue\";var
cb = get(\"ft_ad\"); var un = get(\"ft_un\"); var pd = get(\"ft_pd\"); var ci =
get(\"ft_ci\"); var note = get(\"note\"); var adl = get(\"ft_adl\");if (cb && un
&& pd && note && adl) { cb.onclick = cb_click; cb_click.apply(cb, [def_msg]); }
function get(x) { return document.getElementById(x); }function tc(elm, cn, tg) {
if (!elm) return; if (tg) elm.className += \" \" + cn; else elm.className = elm
.className.replace(cn,\'\'); }function cb_click(msg) { var en = !this.checked; u
n.disabled = en; pd.disabled = en; ci.disabled = en; tc(adl, \"hl\", en); tc(not
e, \"hl\", !en); if(typeof msg === \"string\") { note.innerHTML = msg; } else {
note.innerHTML = def_msg; } } </script></body></html>"
set header http
set format html
end
config system replacemsg captive-portal-dflt "cpa-login-failed-page"
><html><head><style type=\"text/css\">html,body{height:100%;padding:0;margin:0;f
ont-size:small;text-align:center;font-family:helvetica,sans-serif;} form{display
:block;background:#ccc;border:2px solid red;padding: 0;width:500px;margin:10px a
uto;} div{padding: 1px; zoom: 1;} p {margin: 10px 15px;} h1{font-weight:bold;fon

t-size:21px;margin:0;padding:10px;text-align:center;} ul{margin:15px auto;width:
75%;} h2{margin:15px;font-weight:bold;text-align:left;} label,h2{font-size:12px;
} table{width:100%; height: 100%; font-size: 12px;} td{vertical-align:middle; te
xt-align: center;} .msg, label{font-weight:bold;} #ft_sm { background: #eee; tex
t-align: left; } #ft_sb div { text-align: right; width: 75%; margin: 5px auto; p
adding: 5px; } .dci{overflow:auto;height:150px;border:1px solid #7f9db9; backgro
und:#fff; padding: 5px; font-family:verdana,monospace; font-size:12px; text-alig
n:left;} .fl{display:inline;float:left;margin: 2px;} .logo{background:#ccc cente
r 25px url(%%IMAGE:logo_fw_auth%%) no-repeat;padding-top:80px;} .hl{color:#ff600
0;}</style><title>Firewall Authentication</title></head><body><table><tr><td><fo
rm action=\"/\" method=\"post\"><input type=\"hidden\" name=\"%%REDIRID%%\" valu
e=\"%%PROTURI%%\"><input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL
%%\"><div id=\"ft_st\"><h1 class=\"logo\">Terms and Disclaimer Agreement</h1></d
iv><div id=\"ft_sm\"><p class=\"dci\">You are about to access Internet content t
hat is not under the control of the network access provider. The network access
provider is therefore not responsible for any of these sites, their content or
their privacy policies. The network access provider and its staff do not endorse
other products or materials found there, or any results that may be obtained fr
om using them. If you decide to access any Internet content, you do this entirel
y at your own risk and you are responsible for ensuring that any accessed materi
al does not infringe the laws governing, but not exhaustively covering, copyrigh
t, trademarks, pornography, or any other material which is slanderous, defamator
y or might cause offence in any other way.</p><p><input type=\"checkbox\" id=\"f
t_ad\" checked><label for=\"ft_ad\" id=\"ft_adl\">I accept the terms and disclai
mer agreement</label></p></div><div id=\"ft_sb\"><h2>Authentication for SSID: %%
CPAUTH_SSID%%</h2><p id=\"note\" class=\"msg\">Please enter your username and pa
ssword to continue</p><div id=\"auth\"><p><label class=\"fl\" for=\"ft_un\">User
name:</label> <input name=\"%%USERNAMEID%%\" id=\"ft_un\" style=\"width:245px\">
</p><p><label class=\"fl\" for=\"ft_pd\">Password:</label> <input name=\"%%PASSW
ORDID%%\" id=\"ft_pd\" type=\"password\" style=\"width:245px\"></p><p><input typ
e=\"submit\" id=\"ft_ci\" value=\"Continue\"></p></div></div></form></td></tr></
table><script>var def_msg = \"Please enter your username and password to continu
e\";var cb = get(\"ft_ad\"); var un = get(\"ft_un\"); var pd = get(\"ft_pd\"); v
ar ci = get(\"ft_ci\"); var note = get(\"note\"); var adl = get(\"ft_adl\");if (
cb && un && pd && note && adl) { cb.onclick = cb_click; cb_click.apply(cb, [\"Au
thentication failed. Please try again.\"]); }function get(x) { return document.g
etElementById(x); }function tc(elm, cn, tg) { if (!elm) return; if (tg) elm.clas
sName += \" \" + cn; else elm.className = elm.className.replace(cn,\'\'); }funct
ion cb_click(msg) { var en = !this.checked; un.disabled = en; pd.disabled = en;
ci.disabled = en; tc(adl, \"hl\", en); tc(note, \"hl\", !en); if(typeof msg ===
\"string\") { note.innerHTML = msg; } else { note.innerHTML = def_msg; } } </scr
ipt></body></html>"
set header http
set format html
end
config system replacemsg sslvpn "sslvpn-login"
set buffer "<html><head><meta http-equiv=\"Content-Type\" content=\"text/htm
l; charset=UTF-8\"><title>login</title><meta http-equiv=\"Pragma\" content=\"nocache\"><meta http-equiv=\"cache-control\" content=\"no-cache\"><meta http-equiv
=\"cache-control\" content=\"must-revalidate\"><link href=\"/sslvpn/css/login.cs
s\" rel=\"stylesheet\" type=\"text/css\"><script type=\"text/javascript\">if (to
p && top.location != window.location) top.location = top.location;if (window.ope
ner && window.opener.top) { window.opener.top.location = window.opener.top.locat
ion; self.close(); }</script></head><body class=\"main\"><center><table width=\"
100%\" height=\"100%\" align=\"center\" class=\"container\" valign=\"middle\" ce
llpadding=\"0\" cellspacing=\"0\"><tr valign=middle><td><form action=\"%%SSL_ACT
%%\" method=\"%%SSL_METHOD%%\" name=\"f\" autocomplete=\"off\"><table class=\"li
st\" cellpadding=10 cellspacing=0 align=center width=400 height=180>%%SSL_LOGIN%
%</table>%%SSL_HIDDEN%%</td></tr></table></form></center></body><script>document
.forms[0].username.focus();</script></html>"
set header http
set format html
end
config system replacemsg sslvpn "sslvpn-limit"
set buffer "<html><head><meta http-equiv=\"Content-Type\" content=\"text/htm
l; charset=UTF-8\"><title>Already Logged In</title><meta http-equiv=\"Pragma\" c
ontent=\"no-cache\"><meta http-equiv=\"cache-control\" content=\"no-cache\"><met
a http-equiv=\"cache-control\" content=\"must-revalidate\"><link href=\"/sslvpn/
css/login.css\" rel=\"stylesheet\" type=\"text/css\"><script type=\"text/javascr
ipt\">if (top && top.location != window.location) top.location = top.location;if
(window.opener && window.opener.top) { window.opener.top.location = window.open
er.top.location; self.close(); }</script></head><body class=\"main\"><center><ta
ble class=\"container\" height=\"100%\" cellspacing=\"0\" cellpadding=\"0\" alig
n=\"center\" width=\"100%\" valign=\"middle\"><tbody><tr valign=\"middle\"><td><
table class=\"list\" height=\"180\" cellspacing=\"0\" cellpadding=\"10\" align=\
"center\" width=\"400\"><tbody><tr class=\"dark\"><td colspan=\"2\"> <b>Already
Logged In</b></td></tr><tr><td colspan=\"2\"><p>You already have an open SSL VPN
connection. Opening multiple connections is not permitted.</p><p>If you proceed
, your other connection will be disconnected.</p><p>Please contact your administ
rator if you blevieve there is a problem.</p></td></tr><tr><td style=\"text-alig
n:center\">%%SSL_LOGIN_ANYWAY%%</td><td style=\"text-align:center\">%%SSL_LOGIN_
CANCEL%%</td></tr></tbody></table></td></tr></tbody></table></center></body></ht
ml>"
set header http
set format html
end
config system replacemsg ec "endpt-download-portal"
>
<html>
<head>
<title>Endpoint Security Required</title>
n: 0; }
t: 82px; }
div.header h1 { background: url(%%IMAGE:logo_v2_fw_auth%%) 15px 10px norepeat; }
.blocked
h3 { color: #c00; }
.blocked
}
at: right; }
</style>
</head>
<h1>FortiGate: Endpoint Control</h1>
</div>
</div>
<h3>Endpoint Security Required</h3><div class=\"notice\">The use of this securit
y policy requires that the latest FortiClient Endpoint Security software and ant
ivirus signature package are installed.<br><br>Installing FortiClient requires t
hat you have administrator privileges on your computer. If you do not, please co
ntact your network administrator to have FortiClient installed.<br><br>The insta
ller may be downloaded using the following link:<br>%%LINK%%</div><div><h4>Insta
llation instructions:</h4><ul><li><span style=\"font-style:italic\">For Internet
Explorer:</span></li><ol><li>Click the above link to download the installer</li
><li>When Internet Explorer asks what action you would like to take, click \"Run
\"</li></ol><br><li><span style=\"font-style:italic\">For Firefox:</span></li><o
l><li>Click the above link to download the installer</li><li>Save the installer
and note the location it is saved to</li><li>Open the folder containing the inst
aller and run it</li></ol></ul><p>FortiClient installation may take a few minute
s. Thank you for your patience.<br><br></p></div>
</div>
</body>
</html>"
set header http
set format html
end
config system replacemsg ec "endpt-recommendation-portal"
>
<html>
<head>
n: 0; }
t: 82px; }
.blocked
h3 { color: #c00; }
.blocked

}
at: right; }
</style>
</head>
</div>
</div>
<h3>Endpoint Security Required</h3><div class=\"notice\">The use of this securit
y policy requires that the latest FortiClient Endpoint Security software and ant
ivirus signature package are installed.<br><br>Installing FortiClient requires t
hat you have administrator privileges on your computer. If you do not, please co
ntact your network administrator to have FortiClient installed.<br><br>The insta
ller may be downloaded using the following link:<br>%%LINK%%</div><div><h4>Insta
llation instructions:</h4><ul><li><span style=\"font-style:italic\">For Internet
Explorer:</span></li><ol><li>Click the above link to download the installer</li
><li>When Internet Explorer asks what action you would like to take, click \"Run
\"</li></ol><br><li><span style=\"font-style:italic\">For Firefox:</span></li><o
l><li>Click the above link to download the installer</li><li>Save the installer
and note the location it is saved to</li><li>Open the folder containing the inst
aller and run it</li></ol></ul><p>FortiClient installation may take a few minute
s. Thank you for your patience.<br><br></p><p><a href=\"%%DST_ADDR_LINK%%\"> Con
tinue to %%DST_ADDR_LABEL%% </a></p></div>
</div>
</body>
</html>"
set header http
set format html
end
config system replacemsg ec "endpt-block-portal"
>
<html>
<head>
n: 0; }
t: 82px; }
.blocked
h3 { color: #c00; }
.blocked
}
at: right; }
</style>
</head>
</div>
</div>
<h3>Endpoint Security Required</h3><div class=\"notice\">The security policy req
uires the endpoint to be compliant in order to gain network access. Please check
your FortiClient software for details.</div>
</div>
</body>
</html>"
set header http
set format html
end
config system replacemsg ec "endpt-rmd-block-portal"
>
<html>
<head>
<title>Endpoint Security Recommended</title>
n: 0; }
t: 82px; }
.blocked
h3 { color: #c00; }
.blocked

}
at: right; }
</style>
</head>
</div>
</div>
<h3>Endpoint Security Recommended</h3><div class=\"notice\">The security policy
recommends the endpoint to be compliant in order to gain network access. Please
check your FortiClient software for details.<br /><a href=\"%%DST_ADDR_LINK%%\">
Continue to %%DST_ADDR_LABEL%% </a></div>
</div>
</body>
</html>"
set header http
set format html
end
config system replacemsg ec "endpt-ec-block-page"
>
<html>
<head>
n: 0; }
t: 82px; }
.blocked
h3 { color: #c00; }
.blocked
}
at: right; }
</style>
</head>
</div>
</div>
<h3>Endpoint Security Required</h3><div class=\"notice\">FortiClient security ch
eck failed due to the following:<br />%%FEATURE_BLOCK_REASONS%%</div>
</div>
</body>
</html>"
set header http
set format html
end
config system replacemsg ec "endpt-rmd-ec-block-page"
>
<html>
<head>
<title>Endpoint Security Recommended</title>
n: 0; }
t: 82px; }
.blocked
h3 { color: #c00; }
.blocked
}
at: right; }
</style>
</head>
</div>
</div>
<h3>Endpoint Security Recommended</h3><div class=\"notice\">FortiClient security
check failed due to the following:<br />%%FEATURE_BLOCK_REASONS%%<br><a href=\"
%%DST_ADDR_LINK%%\"> Continue to %%DST_ADDR_LABEL%% </a></div>
</div>
</body>
</html>"
set header http
set format html
end
config system replacemsg nac-quar "nac-quar-virus"
set buffer "<html><head><title>Virus Quarantine</title></head><body><font si
ze=2><table width=\"100%\"><tr><td bgcolor=#3300cc align=\"center\" colspan=2><f
ont color=#ffffff><b>Blocked because of virus</b></font></td></tr></table><br><b
r>A virus was detected, originating from your system. Please contact the system
administrator.<br><br><hr></font></body></html>"
set header http
set format html
end
config system replacemsg nac-quar "nac-quar-dos"
set buffer "<html><head><title>Attack Detected</title></head><body><font siz
e=2><table width=\"100%\"><tr><td bgcolor=#3300cc align=\"center\" colspan=2><fo
nt color=#ffffff><b>Blocked because of DoS Attack</b></font></td></tr></table><b
r><br>A DoS attack was detected, originating from your system. Please contact th
e system administrator.<br><br><hr></font></body></html>"
set header http
set format html
end
config system replacemsg nac-quar "nac-quar-ips"
set buffer "<html><head><title>Attack Detected</title></head><body><font siz
e=2><table width=\"100%\"><tr><td bgcolor=#3300cc align=\"center\" colspan=2><fo
nt color=#ffffff><b>Blocked because of IPS attack</b></font></td></tr></table><b
r><br>An attack was detected, originating from your system. Please contact the s
ystem administrator.<br><br><hr></font></body></html>"
set header http
set format html
end
config system replacemsg nac-quar "nac-quar-dlp"
set buffer "<html><head><title>Data Leak Detected</title></head><body><font
size=2><table width=\"100%\"><tr><td bgcolor=#3300cc align=\"center\" colspan=2>
<font color=#ffffff><b>Blocked because of data leak</b></font></td></tr></table>
<br><br>A data leak was detected, originating from your system. Please contact t
he system administrator.<br><br><hr></font></body></html>"
set header http
set format html
end
config system replacemsg traffic-quota "per-ip-shaper-block"
set buffer "<html><head><title>Traffic Quota Control</title></head><body><fo
nt size=2><table width=\"100%\"><tr><td bgcolor=#3300cc align=\"center\" colspan
=2><font color=#ffffff><b>Traffic blocked because of exceed session quota</b></f
ont></td></tr></table><br><br>Traffic blocked because of exceed per IP shaper se
ssion quota. Please contact the system administrator.<br>%%QUOTA_INFO%%<br><br><
hr></font></body></html>"
set header http
set format html
end
config vpn certificate ca
end
config vpn certificate local
end
config antivirus service "http"
set scan-bzip2 disable

set uncompnestlimit 12
set uncompsizelimit 10
end
config antivirus service "https"
end
config antivirus service "ftp"
end
config antivirus service "ftps"
end
config antivirus service "pop3"
end
config antivirus service "pop3s"
end
config antivirus service "imap"
end
config antivirus service "imaps"
end
config antivirus service "smtp"
end
config antivirus service "smtps"
end
config antivirus service "nntp"
end
config antivirus service "im"
end
config system session-sync
end
config wireless-controller global
set name ''
set location ''
set max-retransmit 3
set data-ethernet-II disable
set discovery-mc-addr 224.0.1.140
set max-clients 0
set rogue-scan-mac-adjacency 7
end
config gui console
unset preferences
end
config system session-helper
edit 1
set name pptp
set port 1723
set protocol 6
next
edit 2
set name h323
set port 1720
set protocol 6
next
edit 3
set name ras
set port 1719
set protocol 17
next
edit 4
set name tns
set port 1521
set protocol 6
next
edit 5
set name tftp
set port 69
set protocol 17
next
edit 6
set name rtsp
set port 554
set protocol 6
next
edit 7
set name rtsp
set port 7070
set protocol 6
next
edit 8
set name rtsp
set port 8554
set protocol 6
next
edit 9
set name ftp
set port 21
set protocol 6
next
edit 10
set name mms

set port 1863
set protocol 6
next
edit 11
set
set
set
next
edit 12
set
set
set
next
edit 13
set
set
set
next
edit 14
set
set
set
next
edit 15
set
set
set
next
edit 16
set
set
set
next
edit 17
set
set
set
next
edit 18
set
set
set
next
edit 19
set
set
set
next
edit 20
set
set
set
next
name pmap
port 111
protocol 6
name pmap
port 111
protocol 17
name sip
port 5060
protocol 17
name dns-udp
port 53
protocol 17
name rsh
port 514
protocol 6
name rsh
port 512
protocol 6
name dcerpc
port 135
protocol 6
name dcerpc
port 135
protocol 17
name mgcp
port 2427
protocol 17
name mgcp
port 2727
protocol 17
end
config system auto-install
set auto-install-config enable
set auto-install-image enable
set default-config-file "fgt_system.conf"
set default-image-file "image.out"
end
config system ntp
config ntpserver
edit 1
set server "ntp1.fortinet.net"
next
edit 2
set server "ntp2.fortinet.net"
next
end
set ntpsync enable
set source-ip 0.0.0.0
set syncinterval 60
end
config firewall address
edit "all"
next
edit "SSLVPN_TUNNEL_ADDR1"
set type iprange
set end-ip 10.212.134.210
set start-ip 10.212.134.200
next
end
config firewall address6
edit "all"
next
end
config ips sensor
edit "default"
set comment "prevent critical attacks"
config entries
edit 1
set severity high critical
next
end
next
edit "all_default"
set comment "all predefined signatures with default setting"
config entries
edit 1
next
end
next
edit "all_default_pass"
set comment "all predefined signatures with PASS action"
config entries
edit 1
set action pass
next
end
next
edit "protect_http_server"
set comment "protect against HTTP server-side vulnerabilities"
config entries
edit 1
set location server
set protocol HTTP
next
end
next
edit "protect_email_server"
set comment "protect against EMail server-side vulnerabilities"
config entries
edit 1
set location server
set protocol SMTP POP3 IMAP
next
end
next
edit "protect_client"
set comment "protect against client-side vulnerabilities"
config entries
edit 1
set location client
next
end
next
end
config ips DoS
edit "all_default"
config anomaly
edit "tcp_syn_flood"
set status enable
set threshold 2000
next
edit "tcp_port_scan"
set status enable
set threshold 1000
next
edit "tcp_src_session"
set status enable
set threshold 5000
next
edit "tcp_dst_session"
set status enable
set threshold 5000
next
edit "udp_flood"
set status enable
set threshold 2000
next
edit "udp_scan"
set status enable
set threshold 2000
next
edit "udp_src_session"
set status enable
set threshold 5000
next
edit "udp_dst_session"
set status enable
set threshold 5000
next
edit "icmp_flood"
set status enable
set threshold 250
next
edit "icmp_sweep"
set status enable
set threshold 100
next
edit "icmp_src_session"
set status enable
set threshold 300
next
edit "icmp_dst_session"
set status enable
set threshold 1000
next
edit "ip_src_session"
set status enable
set threshold 5000
next
edit "ip_dst_session"
set status enable
set threshold 5000
next
end
next
edit "block_flood"
config anomaly
edit "tcp_syn_flood"
set status enable
set action block
set threshold 2000
next
edit "tcp_port_scan"
set threshold 1000
next
edit "tcp_src_session"
set threshold 5000
next
edit "tcp_dst_session"
set threshold 5000
next
edit "udp_flood"
set status enable
set action block
set threshold 2000
next
edit "udp_scan"
set threshold 2000
next
edit "udp_src_session"
set threshold 5000
next
edit "udp_dst_session"
set threshold 5000
next
edit "icmp_flood"
set status enable
set action block
set threshold 250
next
edit "icmp_sweep"
set threshold 100
next
edit "icmp_src_session"
set threshold 300
next
edit "icmp_dst_session"
set threshold 1000
next
edit "ip_src_session"
set threshold 5000
next
edit "ip_dst_session"
set threshold 5000
next
end
next
end
config firewall shaper traffic-shaper
edit "high-priority"
set maximum-bandwidth 1048576
set per-policy enable
next
edit "medium-priority"
set priority medium
next
edit "low-priority"
set priority low
next
edit "guarantee-100kbps"
set guaranteed-bandwidth 100
next
edit "shared-1M-pipe"
next
end
config application list
edit "default"
set comment "monitor all applications"
config entries
edit 1
set action pass
next
end
next
edit "block-p2p"
config entries
edit 1
set category 2
next
end
next
edit "monitor-p2p-and-media"
config entries
edit 1
set action pass
set category 2
next
edit 2
set action pass
set category 5
next
end
next
end
config dlp filepattern
edit 1
config entries
edit "*.bat"
next
edit "*.com"
next
edit "*.dll"
next
edit "*.doc"
next
edit "*.exe"
next
edit "*.gz"
next
edit "*.hta"
next
edit "*.ppt"
next
edit "*.rar"
next
edit "*.scr"
next
edit "*.tar"
next
edit "*.tgz"
next
edit "*.vb?"
next
edit "*.wps"
next
edit "*.xl?"
next
edit "*.zip"
next
edit "*.pif"
next
edit "*.cpl"
next
end
set name "builtin-patterns"
next
edit 2
config entries
edit "bat"
set filter-type type
set file-type bat
set active imap smtp pop3 http ftp im nntp
next
edit "exe"
set file-type exe
next
edit "elf"

set file-type elf
next
edit "hta"
set file-type hta
next
end
set name "all_executables"
next
end
config dlp fp-sensitivity
edit "Private"
next
edit "Critical"
next
edit "Warning"
next
end
config dlp rule
edit "All-Email"
set protocol email
set sub-protocol smtp pop3 imap
set field always
next
edit "All-HTTP"
set protocol http
set sub-protocol http-get http-post
set field always
next
edit "All-FTP"
set protocol ftp
set sub-protocol ftp-get ftp-put
set field always
next
edit "All-NNTP"
set protocol nntp
set field always
next
edit "All-IM"
set protocol im
set sub-protocol aim icq msn ym
set field always
next
edit "HTTP-Visa-Mastercard"
set protocol http
set sub-protocol http-post
set regexp "(\\W|\\b)(4\\d|5[1-5])\\d{2}([ \\-]?\\d{4}[ \\-]?){3}(\\W|\\
b)"
next
edit "HTTP-AmEx"
set protocol http
set regexp "(\\W|\\b)3[47]\\d{2}([ \\-]?)\\d{6}\\2\\d{5}(\\W|\\b)"
next
edit "HTTP-Canada-SIN"
set protocol http
set regexp "(\\b|\\W)[1-79]\\d{2}([ \\-]?)\\d{3}\\2\\d{3}(\\b|\\W)"

next
edit "HTTP-US-SSN"
set protocol http
set regexp "\\b(?!000)([0-6]\\d{2}|7([0-6]\\d|7[012]))([ -]?)(?!00)\\d\\
d\\3(?!0000)\\d{4}(\\b|\\W)"
next
edit "HTTP-Post-Not-Webex"
set protocol http
set regexp "WebEx"
set regexp-negated enable
set regexp-wildcard enable
next
edit "Email-AmEx"
set protocol email
set regexp "(\\W|\\b)(4\\d|5[1-5])\\d{2}([ \\-]?\\d{4}[ \\-]?){3}(\\W|\\
b)"
next
edit "Email-Visa-Mastercard"
set protocol email
set regexp "(\\W|\\b)(4\\d|5[1-5])\\d{2}([ \\-]?)\\d{4}(\\3\\d{4}){2}(\\
W|\\b)"
next
edit "Email-Canada-SIN"
set protocol email
set regexp "(\\b|\\W)[1-79]\\d{2}([ \\-]?)\\d{3}\\2\\d{3}(\\b|\\W)"
next
edit "Email-US-SSN"
set protocol email
set regexp "\\b(?!000)([0-6]\\d{2}|7([0-6]\\d|7[012]))([ -]?)(?!00)\\d\\
d\\3(?!0000)\\d{4}(\\b|\\W)"
next
edit "Email-Not-Webex"
set protocol email
set regexp "WebEx"
set regexp-negated enable
set regexp-wildcard enable
next
edit "Large-Attachment"
set protocol email
set field attachment-size
set value 5120
set operator greater-equal
next
edit "Large-FTP-Put"
set protocol ftp
set sub-protocol ftp-put
set field transfer-size
set value 5120
set operator greater-equal
next
edit "Large-HTTP-Post"
set
set
set
set
set
protocol http
sub-protocol http-post
field transfer-size
value 5120
operator greater-equal
next
end
config dlp compound
edit "Email-SIN"
set comment "Emails containing canadian SIN but are not WebEx invites"
set protocol email
set member "Email-Canada-SIN" "Email-Not-Webex"
next
edit "HTTP-Post-SIN"
set comment "Posts containing canadian SIN but are not WebEx invites"
set protocol http
set member "HTTP-Canada-SIN" "HTTP-Post-Not-Webex"
next
end
config dlp sensor
edit "default"
set comment "summary archive email and web traffics"
config filter
edit "All-Email"
set filter-type advanced-rule
set rule-name "All-Email"
set archive summary-only
next
edit "All-HTTP"
set filter-type advanced-rule
set rule-name "All-HTTP"
set archive summary-only
next
end
next
end
config webfilter content
end
config webfilter urlfilter
end
config spamfilter bword
end
config spamfilter emailbwl
end
config spamfilter ipbwl
end
config spamfilter mheader
end
config spamfilter dnsbl
end
config spamfilter iptrust
end
config voip profile
edit "default"
set comment "default VoIP profile"
config sip
set log-violations enable
end
config sccp
set log-call-summary enable
set log-violations enable
end
next
edit "strict"
config sip
set malformed-request-line discard
set malformed-header-via discard
set malformed-header-from discard
set malformed-header-to discard
set malformed-header-call-id discard
set malformed-header-cseq discard
set malformed-header-rack discard
set malformed-header-rseq discard
set malformed-header-contact discard
set malformed-header-record-route discard
set malformed-header-route discard
set malformed-header-expires discard
set malformed-header-content-type discard
set malformed-header-content-length discard
set malformed-header-max-forwards discard
set malformed-header-allow discard
set malformed-header-p-asserted-identity discard
set malformed-header-sdp-v discard
set malformed-header-sdp-o discard
set malformed-header-sdp-s discard
set malformed-header-sdp-i discard
set malformed-header-sdp-c discard
set malformed-header-sdp-b discard
set malformed-header-sdp-z discard
set malformed-header-sdp-k discard
set malformed-header-sdp-a discard
set malformed-header-sdp-t discard
set malformed-header-sdp-r discard
set malformed-header-sdp-m discard
end
next
end
config vpn ssl web host-check-software
edit "FortiClient-AV"
set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81"
next
edit "FortiClient-FW"
set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
set type fw
next
edit "FortiClient-AV-Vista-Win7"
set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
next
edit "FortiClient-FW-Vista-Win7"
set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
set type fw
next
edit "AVG-Internet-Security-AV"
set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
next
edit "AVG-Internet-Security-AV-Vista-Win7"
set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
next
edit "CA-Anti-Virus"
set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
next
edit "CA-Internet-Security-AV"
set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
next
edit "CA-Internet-Security-AV-Vista-Win7"
set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
next
edit "F-Secure-Internet-Security-AV"
set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
next
edit "F-Secure-Internet-Security-AV-Vista-Win7"
set guid "15414183-282E-D62C-CA37-EF24860A2F17"
next
edit "Kaspersky-AV"
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
next
edit "Kaspersky-AV-Vista-Win7"
set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
next
edit "McAfee-Internet-Security-Suite-AV"
set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
next
edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
next
edit "McAfee-Virus-Scan-Enterprise"
set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
next
edit "Norton-360-2.0-AV"
set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
next
edit "Norton-360-3.0-AV"
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit "Norton-Internet-Security-AV"
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit "Norton-Internet-Security-AV-Vista-Win7"
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit "Symantec-Endpoint-Protection-AV"
set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
next
edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit "Panda-Antivirus+Firewall-2008-AV"
set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
next
edit "Panda-Internet-Security-AV"
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
next
edit "Sophos-Anti-Virus"
set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
next
edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
next
edit "Trend-Micro-AV"
set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
next
edit "Trend-Micro-AV-Vista-Win7"
set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
next
edit "ZoneAlarm-AV"
set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
next
edit "ZoneAlarm-AV-Vista-Win7"
set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
next
edit "AVG-Internet-Security-FW"
set guid "8DECF618-9569-4340-B34A-D78D28969B66"
set type fw
next
edit "AVG-Internet-Security-FW-Vista-Win7"
set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
set type fw
next
edit "CA-Internet-Security-FW"
set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
set type fw
next
edit "CA-Internet-Security-FW-Vista-Win7"
set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
set type fw
next
edit "CA-Personal-Firewall"
set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
set type fw
next
edit "F-Secure-Internet-Security-FW"
set guid "D4747503-0346-49EB-9262-997542F79BF4"
set type fw
next
edit "F-Secure-Internet-Security-FW-Vista-Win7"
set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
set type fw
next
edit "Kaspersky-FW"
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
set type fw
next
edit "Kaspersky-FW-Vista-Win7"
set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
set type fw
next
edit "McAfee-Internet-Security-Suite-FW"
set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
set type fw
next
edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
set type fw
next
edit "Norton-360-2.0-FW"
set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
set type fw
next
edit "Norton-360-3.0-FW"
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
set type fw
next
edit "Norton-Internet-Security-FW"
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
set type fw
next
edit "Norton-Internet-Security-FW-Vista-Win7"
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
set type fw
next
edit "Symantec-Endpoint-Protection-FW"
set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
set type fw
next
edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
set type fw
next
edit "Panda-Antivirus+Firewall-2008-FW"
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
set type fw
next
edit "Panda-Internet-Security-2006~2007-FW"
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
set type fw
next
edit "Panda-Internet-Security-2008~2009-FW"
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
set type fw
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW"
set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
set type fw
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
set type fw
next
edit "Trend-Micro-FW"
set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
set type fw
next
edit "Trend-Micro-FW-Vista-Win7"
set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
set type fw
next
edit "ZoneAlarm-FW"
set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
set type fw
next
edit "ZoneAlarm-FW-Vista-Win7"
set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
set type fw
next
end
config vpn ssl web portal
edit "full-access"
set allow-access web ftp smb telnet ssh vnc rdp citrix rdpnative portfor
ward
set heading "Welcome to SSL VPN Service"
set page-layout double-column
config widget
edit 4
set name "Session Information"
set type info
next
edit 2
set name "Bookmarks"
set allow-apps web ftp smb telnet ssh vnc rdp citrix rdpnati
ve portforward
next
edit 3
set name "Connection Tool"
set type tool
set column two
ve portforward
next
edit 1
set name "Tunnel Mode"
set type tunnel
set column two
set tunnel-status enable
set split-tunneling enable
set ip-pools "SSLVPN_TUNNEL_ADDR1"
next
end
next
edit "web-access"
set allow-access web ftp smb telnet ssh vnc rdp citrix rdpnative portfor
ward
config widget
edit 4
set type info
next
edit 1
set name "Bookmarks"
ve portforward
next
end
next
edit "tunnel-access"
config widget
edit 4
set type info
next
edit 1
set name "Tunnel Mode"
set type tunnel
set tunnel-status enable
set split-tunneling enable
set ip-pools "SSLVPN_TUNNEL_ADDR1"
next
end
next
end
config user tacacs+
edit "tac_plus"
set authorization enable
set key ENC mZ11Doohx+uiw6RguEgIkhyl32cRB7hc3seFRKif+JzDIWLiGsw5tG5mwhuD
J9h0Mvi6txrmVFQUoAWAI10zz54nRQC+iJMsA2o1gQL3QGYK+VES
set server "10.10.4.20"
next
end
config user local
edit "guest"
set type password
set passwd ENC 19plW7CLgq0kjFx/xrAabDkzSJw4GXtShP8uFfh/MzgyeTmv8YeL9QPCp
046RFSr7WcbWx7i4pBmJMNjIoFcwOoDa8ovHNdtXgYXxCe8cNuRK5El
next
end
config user group
edit "FSSO_Guest_Users"
set group-type fsso-service
next
edit "Guest-group"
set member "guest"
next
edit "test_group"
set member "tac_plus"
next
end
config webfilter profile
edit "default"
set comment "default web filtering"
set options https-scan
set post-action comfort
config ftgd-wf
config filters
edit 1
set action warning
set category 2
next
edit 2
set action warning
set category 7
next
edit 3
set action warning
set category 8
next
edit 4
set action warning
set category 9
next
edit 5
set action warning
set category 11
next
edit 6
set action warning
set
next
edit 7
set
set
next
edit 8
set
set
next
edit 9
set
set
next
edit 10
set
set
next
edit 11
set
set
next
edit 12
set
set
next
edit 13
set
set
next
edit 14
set
set
next
edit 15
set
set
next
edit 16
set
set
next
edit 17
set
set
next
edit 18
set
set
next
end
end
next
end
config webfilter override
end
config webfilter override-user
end
config webfilter ftgd-warning
end
category 12
action warning
category 13
action warning
category 14
action warning
category 15
action warning
category 16
action warning
category 32
action warning
category 57
action warning
category 63
action warning
category 64
action warning
category 65
action warning
category 66
action warning
category 67
action block
category 26
config webfilter ftgd-local-rating

end
config endpoint-control app-detect rule-list
edit "Block_P2P_application"
config entries
edit 1
set category 15
set status running
next
end
set comment "deny access from endpoints running P2P applications"
set other-application-action allow
next
edit "Monitor_Microsoft_Office"
config entries
edit 1
set category 31
set vendor 53
set action monitor
next
end
set comment "monitor installed Microsoft Office applications"
next
edit "Monitor_game"
config entries
edit 1
set category 20
set action monitor
set status running
next
end
set comment "monitor running games"
next
edit "Monitor_Internet_browser"
config entries
edit 1
set category 12
set action monitor
next
end
set comment "monitor installed Internet browsers"
next
end
config endpoint-control profile
edit "Recommend_FortiClient"
next
edit "Enforce_FortiClient_AV"
set feature-enforcement enable
set recommendation-disclaimer disable
set require-av enable
next
edit "P2P_application_detection"
set application-detection enable
set application-detection-rule-list "Block_P2P_application"
next
end
config antivirus settings
set grayware enable

end
config antivirus profile
edit "default"
set comment "scan and delete virus"
config http
set options scan
end
config https
set options scan
end
config ftp
set options scan
end
config imap
set options scan
end
config imaps
set options scan
end
config pop3
set options scan
end
config pop3s
set options scan
end
config smtp
set options scan
end
config smtps
set options scan
end
config nntp
set options scan
end
config im
set options scan
end
next
end
config spamfilter profile
edit "default"
set comment "malware and phishing URL filtering"
next
end
config report dataset
edit "appctrl.Count.Bandwidth.Top10.Apps"
set query "select (timestamp-timestamp%3600) as hourstamp, (CASE WHEN ap
p!=\'N/A\' and app!=\'\' then app ELSE service END) as appname, sum(sent+rcvd) a
s bandwidth from traffic_log where ###timestamp_to_oid(traffic_log)### and (appn
ame in (select (CASE WHEN app!=\'N/A\' and app!=\'\' then app ELSE service END)
as appname from traffic_log where ###timestamp_to_oid(traffic_log)### group by
appname order by sum(sent+rcvd) desc limit 10)) group by hourstamp, appname orde
r by hourstamp desc"
next
edit "appctrl.Count.Bandwidth.Top10.MediaUser"
set query "select (timestamp-timestamp%3600) as hourstamp, (CASE WHEN us
er!=\'N/A\' and user!=\'\' then user ELSE src END) as userip, sum(sent+rcvd) as
bandwidth from traffic_log where ###timestamp_to_oid(traffic_log)### and app_cat
=\'media\' and (userip in (select (CASE WHEN user!=\'N/A\' and user!=\'\' then u
ser ELSE src END) as userip from traffic_log where ###timestamp_to_oid(traffic_l

og)### and app_cat=\'media\' group by userip order by sum(sent+rcvd) desc limit
10)) group by hourstamp, userip order by hourstamp"
next
edit "appctrl.Count.Bandwidth.Top10.P2PUser"
set query "select (timestamp-timestamp%3600) as hourstamp, (CASE WHEN us
er!=\'N/A\' and user!=\'\' then user ELSE src END) as userip, sum(sent+rcvd) as
bandwidth from traffic_log where ###timestamp_to_oid(traffic_log)### and app_cat
=\'p2p\' and (userip in (select (CASE WHEN user!=\'N/A\' and user!=\'\' then use
r ELSE src END) as userip from traffic_log where ###timestamp_to_oid(traffic_log
)### and app_cat=\'p2p\' group by userip order by sum(sent+rcvd) desc limit 10))
group by hourstamp, userip order by hourstamp"
next
edit "appctrl.Top10.Users.Web"
set query "select user, count(*) as totalnum from app_control_log where
###timestamp_to_oid(app_control_log)### and (user is not null and user!=\'N/A\')
and app_type=\'web\' group by user order by totalnum desc limit 10"
next
edit "appctrl.Top10.Users.Media"
and app_type=\'media\' group by user order by totalnum desc limit 10"
next
edit "appctrl.Top10.Users.Email"
and lower(service) in (\'pop3\', \'imap\', \'smtp\', \'pop3s\', \'imaps\', \'sm
tps\') group by user order by totalnum desc limit 10"
next
edit "appctrl.Top10.Media.Source"
set query "select src, count(*) as totalnum from app_control_log where #
##timestamp_to_oid(app_control_log)### and app_type=\'media\' and status=\'downl
oad\' group by src order by totalnum desc limit 10"
next
edit "appctrl.Top10.Media.Dest"
set query "select dst, count(*) as totalnum from app_control_log where #
##timestamp_to_oid(app_control_log)### and app_type=\'media\' and status=\'downl
oad\' group by dst order by totalnum desc limit 10"
next
edit "appctrl.Top10.Apps.Bandwidth"
set query "select app, sum(sent+rcvd) as bandwidth from traffic_log wher
e ###timestamp_to_oid(traffic_log)### and (app is not null and app!=\'N/A\') and
status=\'accept\' group by app order by bandwidth desc limit 10"
next
edit "appctrl.Top10.Apps.Used"
set query "select app, count(*) as totalnum from app_control_log where #
##timestamp_to_oid(app_control_log)### and (app is not null and app!=\'N/A\') gr
oup by app order by totalnum desc limit 10"
next
edit "appctrl.Top10.P2P.Users"
and app_type=\'p2p\' group by user order by totalnum desc limit 10"
next
edit "appctrl.Top10.P2P.App.Volume"
set query "select app, sum(sent+rcvd) as volume from traffic_log where #
##timestamp_to_oid(traffic_log)### and app_cat=\'p2p\' and (app is not null and
app!=\'N/A\') and status=\'accept\' group by app order by volume desc limit 10"
next
edit "appctrl.Top10.P2P.Local.Peers.Blocked"
set query "select (src||\'->\'||dst) as p2p_peer, count(*) as totalnum f

rom app_control_log where ###timestamp_to_oid(app_control_log)### and app_type=\
'p2p\' and action=\'block\' group by p2p_peer order by totalnum desc limit 10"
next
edit "appctrl.Top10.P2P.Local.Peers.BitTorrent.Blocked"
'p2p\' and app=\'BitTorrent\' and action=\'block\' group by p2p_peer order by to
talnum desc limit 10"
next
edit "appctrl.Top10.P2P.Local.Peers.eDonkey.Blocked"
'p2p\' and app=\'eDonkey\' and action=\'block\' group by p2p_peer order by total
num desc limit 10"
next
edit "appctrl.Top10.P2P.Local.Peers.Gnutella.Blocked"
'p2p\' and app=\'Gnutella\' and action=\'block\' group by p2p_peer order by tota
lnum desc limit 10"
next
edit "appctrl.Top10.P2P.Local.Peers.KaZaa.Blocked"
'p2p\' and app=\'KaZaa\' and action=\'block\' group by p2p_peer order by totalnu
m desc limit 10"
next
edit "appctrl.Top10.P2P.Local.Peers.Skype.Blocked"
'p2p\' and app=\'Skype\' and action=\'block\' group by p2p_peer order by totalnu
m desc limit 10"
next
edit "appctrl.Top10.P2P.Local.Peers.WinNY.Blocked"
'p2p\' and app=\'WinNY\' and action=\'block\' group by p2p_peer order by totalnu
m desc limit 10"
next
edit "appctrl.Top10.P2P.Local.Peers.Allowed"
'p2p\' and action=\'pass\' group by p2p_peer order by totalnum desc limit 10"
next
edit "appctrl.Top10.P2P.Local.Peers.BitTorrent.Allowed"
'p2p\' and app=\'BitTorrent\' and action=\'pass\' group by p2p_peer order by tot
alnum desc limit 10"
next
edit "appctrl.Top10.P2P.Local.Peers.eDonkey.Allowed"
'p2p\' and app=\'eDonkey\' and action=\'pass\' group by p2p_peer order by totaln
um desc limit 10"
next
edit "appctrl.Top10.P2P.Local.Peers.Gnutella.Allowed"
'p2p\' and app=\'Gnutella\' and action=\'pass\' group by p2p_peer order by total

num desc limit 10"
next
edit "appctrl.Top10.P2P.Local.Peers.KaZaa.Allowed"
'p2p\' and app=\'KaZaa\' and action=\'pass\' group by p2p_peer order by totalnum
desc limit 10"
next
edit "appctrl.Top10.P2P.Local.Peers.Skype.Allowed"
'p2p\' and app=\'Skype\' and action=\'pass\' group by p2p_peer order by totalnum
desc limit 10"
next
edit "appctrl.Top10.P2P.Local.Peers.WinNY.Allowed"
'p2p\' and app=\'WinNY\' and action=\'pass\' group by p2p_peer order by totalnum
desc limit 10"
next
edit "appctrl.Dist.Type"
set query "select app_type, count(*) as totalnum from app_control_log wh
ere ###timestamp_to_oid(app_control_log)### and (app_type is not null and app_ty
pe!=\'N/A\') group by app_type order by totalnum desc"
next
edit "appctrl.Count.P2P.Events"
set query "select (timestamp-timestamp%3600) as hourstamp, action, count
(*) from app_control_log where ###timestamp_to_oid(app_control_log)### and app_t
ype=\'p2p\' and (action=\'block\' or action=\'pass\') group by hourstamp, action
order by hourstamp desc"
next
edit "attack.Top10"
set query "select attack_name, count(*) as totalnum from attack_log whe
re ###timestamp_to_oid(attack_log)### and attack_id is not null group by attack_
id order by totalnum desc limit 10 "
next
edit "attack.Top10.Source"
set query "select src, count(*) as totalnum from attack_log where ###ti
mestamp_to_oid(attack_log)### group by src order by totalnum desc limit 10"
next
edit "attack.Top10.Dest"
set query "select dst, count(*) as totalnum from attack_log where ###ti
mestamp_to_oid(attack_log)### group by dst order by totalnum desc limit 10"
next
edit "attack.Dist.Protocol"
set query "select service, count(*) as totalnum from attack_log where #
##timestamp_to_oid(attack_log)### and (service is not null and service!=\'N/A\')
group by service order by totalnum desc"
next
edit "av.Top10.Viruses"
set query "select virus, count(*) as totalnum from antivirus_log where
###timestamp_to_oid(antivirus_log)### and (virus is not null and virus!=\'N/A\')
and subtype=\'infected\' group by virus order by totalnum desc limit 10"
next
edit "av.Top10.Sources"
set query "select src, count(*) as totalnum from antivirus_log where ##
#timestamp_to_oid(antivirus_log)### group by src order by totalnum desc limit 10
"
next
edit "av.Top10.Sources.http"
set query "select src, count(*) as totalnum from antivirus_log where ##
#timestamp_to_oid(antivirus_log)### and lower(service)=\'http\' group by src ord
er by totalnum desc limit 10"
next
edit "av.Top10.File.Name"
set query "select file, count(*) as totalnum from antivirus_log where #
##timestamp_to_oid(antivirus_log)### and (file is not null and file!=\'N/A\') an
d subtype=\'infected\' group by file order by totalnum desc limit 10"
next
edit "av.Top10.File.Extension"
set query "select filetype, count(*) as totalnum from antivirus_log whe
re ###timestamp_to_oid(antivirus_log)### and (filetype is not null and filetype!
=\'N/A\') and subtype=\'infected\' group by filetype order by totalnum desc limi
t 10"
next
edit "av.Dist.Violations"
set query "select subtype, count(*) as totalnum from antivirus_log wher
e ###timestamp_to_oid(antivirus_log)### and (subtype=\'infected\' or subtype=\'o
versized\' or subtype=\'blocked\') group by subtype order by totalnum desc"
next
edit "av.Dist.Protocol"
set query "select service, count(*) as totalnum from antivirus_log wher
e ###timestamp_to_oid(antivirus_log)### and (service is not null and service!=\'
N/A\') and subtype=\'infected\' group by service order by totalnum desc"
next
edit "av.Count.Viruses"
set query "select (timestamp-timestamp%3600) as hourstamp, count(*) from
antivirus_log where ###timestamp_to_oid(antivirus_log)### and (virus is not nul
l and virus!=\'N/A\') group by hourstamp order by hourstamp desc"
next
edit "dlp.Top10.Email.Senders"
set query "select \"from\" as sender, count(*) as totalnum from dlp_log
where ###timestamp_to_oid(dlp_log)### and (sender is not null and sender!=\'N/A\
') and (lower(service)=\'smtp\' or lower(service)=\'smtps\') group by sender ord
er by totalnum desc limit 10"
next
edit "dlp.Top10.Email.Receivers"
set query "select \"to\" as receiver, count(*) as totalnum from dlp_log
where ###timestamp_to_oid(dlp_log)### and (receiver is not null and receiver!=\'
N/A\') and lower(service) in (\'pop3\', \'imap\', \'pop3s\', \'imaps\') group by
receiver order by totalnum desc limit 10"
next
edit "dlp.Dist.Protocol"
set query "select service, count(*) as totalnum from dlp_log where ###ti
mestamp_to_oid(dlp_log)### and (service is not null and service!=\'N/A\') group
by service order by totalnum desc"
next
edit "email.Top10.Senders"
set query "select \"from\" as sender, count(*) as totalnum from spamfilt
er_log where ###timestamp_to_oid(spamfilter_log)### and (sender is not null and
sender!=\'N/A\') group by sender order by totalnum desc limit 10"
next
edit "email.Top10.Receivers"
set query "select \"to\" as receiver, count(*) as totalnum from spamfilt
er_log where ###timestamp_to_oid(spamfilter_log)### and (receiver is not null an
d receiver!=\'N/A\') group by receiver order by totalnum desc limit 10"
next
edit "email.Top10.Spam.Sources"
set query "select \"from\" as sender, count(*) as totalnum from spamfilt
er_log where ###timestamp_to_oid(spamfilter_log)### and (status=\'detected\' or

status=\'blocked\') group by sender order by totalnum desc limit 10"
next
edit "email.Usage.Incoming"
set query "select (timestamp-timestamp%3600) as hourstamp, count(*) fro
m spamfilter_log where ###timestamp_to_oid(spamfilter_log)### and lower(service)
in (\'pop3\', \'imap\', \'pop3s\', \'imaps\') group by hourstamp order by hours
tamp desc"
next
edit "email.Usage.Outgoing"
set query "select (timestamp-timestamp%3600) as hourstamp, count(*) fro
m spamfilter_log where ###timestamp_to_oid(spamfilter_log)### and lower(service)
in (\'smtp\', \'smtps\') group by hourstamp order by hourstamp desc"
next
edit "email.Dist.SpamvsClean"
set query "select (case status when \'exempted\' then \'clean\' else \'s
pam\' end) as email_status, count(*) as totalnum from spamfilter_log where ###ti
mestamp_to_oid(spamfilter_log)### group by email_status order by totalnum desc"
next
edit "email.Count.Volume"
set query "select (timestamp-timestamp%3600) as hourstamp, sum(sent+rcvd
) as volume from traffic_log where ###timestamp_to_oid(traffic_log)### and lower
(service) in (\'pop3\', \'110/tcp\', \'imap\', \'143/tcp\', \'smtp\', \'25/tcp\'
, \'pop3s\', \'imaps\',\'smtps\') and status=\'accept\' group by hourstamp orde
r by hourstamp desc"
next
edit "event.Top10.All"
set query "select log_id, count(*) as totalnum from event_log where ###
timestamp_to_oid(event_log)### group by log_id order by totalnum desc limit 10"
next
edit "event.Top10.Critical"
timestamp_to_oid(event_log)### and pri=\'critical\' group by log_id order by tot
alnum desc limit 10"
next
edit "event.Top10.Emergency"
timestamp_to_oid(event_log)### and pri=\'emergency\' group by log_id order by to
talnum desc limit 10"
next
edit "event.Usage.Mem"
set query "select (timestamp-timestamp%3600) as hourstamp, avg(mem) from
event_log where ###timestamp_to_oid(event_log)### group by hourstamp order by h
ourstamp desc"
next
edit "event.Usage.CPU"
set query "select (timestamp-timestamp%3600) as hourstamp, avg(cpu) from
event_log where ###timestamp_to_oid(event_log)### group by hourstamp order by h
ourstamp desc"
next
edit "event.Dist"
set query "select subtype, count(*) as totalnum from event_log where ##
#timestamp_to_oid(event_log)### group by subtype order by totalnum desc"
next
edit "event.Count.Sessions"
set query "select (timestamp-timestamp%3600) as hourstamp, sum(total_ses
sion) from event_log where ###timestamp_to_oid(event_log)### group by hourstamp
order by hourstamp desc"
next
edit "traffic.Top10.FTP.Pair.Volume"
set query "select (src||\'->\'||dst) as ftp_pair, sum(sent+rcvd) as vol

ume from traffic_log where ###timestamp_to_oid(traffic_log)### and lower(service
) in (\'ftp\',\'21/tcp\', \'20/tcp\') group by ftp_pair order by volume desc lim
it 10"
next
edit "traffic.Top10.FTP.Servers.Volume"
set query "select dst, sum(sent+rcvd) as volume from traffic_log where
###timestamp_to_oid(traffic_log)### and lower(service) in (\'ftp\', \'21/tcp\',
\'20/tcp\') group by dst order by volume desc limit 10"
next
edit "traffic.Top10.FTP.Clients.Volume"
set query "select src, sum(sent+rcvd) as volume from traffic_log where
###timestamp_to_oid(traffic_log)### and lower(service) in (\'ftp\', \'21/tcp\',
\'20/tcp\') group by src order by volume desc limit 10"
next
edit "traffic.Top10.IM.Users.Volume"
set query "select user, sum(sent+rcvd) as volume from traffic_log where
###timestamp_to_oid(traffic_log)### and (user is not null and user!=\'N/A\') an
d (app_type=\'AIM\' or app_type=\'ICQ\' or app_type=\'MSN\' or app_type=\'YAHOO\
') group by user order by volume desc limit 10"
next
edit "traffic.Top10.IM.Users.Blocked"
set query "select user, sum(sent+rcvd) as volume from traffic_log where
###timestamp_to_oid(traffic_log)### and (user is not null and user!=\'N/A\') an
d (app_type=\'AIM\' or app_type=\'ICQ\' or app_type=\'MSN\' or app_type=\'YAHOO\
') and status=\'deny\' group by user order by volume desc limit 10"
next
edit "traffic.Dist.IM.Protocol"
set query "select app_type, count(*) as totalnum from traffic_log where
###timestamp_to_oid(traffic_log)### and (app_type=\'AIM\' or app_type=\'ICQ\' or
app_type=\'MSN\' or app_type=\'YAHOO\') group by app_type order by totalnum des
c limit 10"
next
edit "traffic.Top10.Network.Dest.Volume"
###timestamp_to_oid(traffic_log)### group by dst order by volume desc limit 10"
next
edit "traffic.Top10.Network.Source.Volume"
###timestamp_to_oid(traffic_log)### group by src order by volume desc limit 10"
next
edit "traffic.Top10.Network.Users.Source.Bandwidth"
set query "select user, src, sum(sent+rcvd) as bandwidth from traffic_l
og where ###timestamp_to_oid(traffic_log)### and (user is not null and user!=\'N
/A\') group by user, src order by bandwidth desc limit 10"
next
edit "traffic.Top10.Network.Dest.Blocked"
set query "select dst, count(*) as totalnum from traffic_log where ###t
imestamp_to_oid(traffic_log)### and status=\'deny\' group by dst order by totaln
um desc limit 10"
next
edit "traffic.Top10.Network.Source.Blocked"
set query "select src, count(*) as totalnum from traffic_log where ###t
imestamp_to_oid(traffic_log)### and status=\'deny\' group by src order by totaln
um desc limit 10"
next
edit "traffic.Top10.Network.Policies.Blocked"
set query "select policyid, count(*) as totalnum from traffic_log where
###timestamp_to_oid(traffic_log)### and status=\'deny\' group by policyid order
by totalnum desc limit 10"
next
edit "traffic.Dist.Network.Bandwidth"
) as bandwidth from traffic_log where ###timestamp_to_oid(traffic_log)### grou
p by hourstamp order by hourstamp desc"
next
edit "traffic.Count.Network.Session"
set query "select (timestamp-timestamp%3600) as hourstamp, count(*) as t
otalnum from traffic_log where ###timestamp_to_oid(traffic_log)### group by hour
stamp order by hourstamp"
next
edit "traffic.Count.Terminal.SSH.Volume"
) as volume from traffic_log where ###timestamp_to_oid(traffic_log)### and lowe
r(service) in (\'22/tcp\', \'ssh\') group by hourstamp order by hourstamp desc"
next
edit "traffic.Count.Terminal.Telnet.Volume"
) as volume from traffic_log where ###timestamp_to_oid(traffic_log)### and lowe
r(service) in (\'23/tcp\',\'telnet\') group by hourstamp order by hourstamp desc
"
next
edit "traffic.Top10.Terminal.Volume"
set query "select service, sum(sent+rcvd) as volume from traffic_log whe
re ###timestamp_to_oid(traffic_log)### and lower(service) in (\'23/tcp\', \'teln
et\', \'22/tcp\', \'ssh\') group by service order by volume desc limit 10"
next
edit "traffic.Count.port1.Volume"
) as volume from traffic_log where ###timestamp_to_oid(traffic_log)### and (src
_int=\'port1\' or dst_int=\'port1\') group by hourstamp order by hourstamp desc"
next
edit "traffic.Count.WanOpt.Bandwidth"
set query "select (timestamp-timestamp%3600) as hourstamp,sum(lan_in+lan
_out) / 1000000.0 as lan, sum(wan_in+wan_out) / 1000000.0 as wan,max(coalesce((s
um(lan_in+lan_out)-sum(wan_in+wan_out))*100.0/sum(lan_in+lan_out),0.0),0.0) as r
educe_rate from traffic_log where timestamp>=F_TIMESTAMP(\'now\',\'hour\',\'-23\
') and subtype=\'wanopt-traffic\' group by hourstamp order by hourstamp desc"
next
edit "traffic.Dist.WanOpt.App.LAN.Bandwidth"
set query "select (case (wanopt_app_type in ( select wanopt_app_type fro
m traffic_log where subtype=\'wanopt-traffic\' and ###timestamp_to_oid(traffic_l
og)### group by wanopt_app_type order by sum(lan_in+lan_out) desc limit 5) ) whe
n 1 then wanopt_app_type else \'unknown\' end) as wanopt_app_type,sum(lan_in+lan
_out)/1000000.0 as lan,max(coalesce((sum(lan_in+lan_out)*100.0/(select sum(lan_i
n+lan_out) from traffic_log where subtype=\'wanopt-traffic\' and ###timestamp_to
_oid(traffic_log)###)),0.0),0.0) as percentage from traffic_log where subtype=\'
wanopt-traffic\' and timestamp>=F_TIMESTAMP(\'now\',\'hour\',\'-23\') group by w
anopt_app_type order by lan desc"
next
edit "traffic.Dist.WanOpt.App.WAN.Bandwidth"
set query "select (case (wanopt_app_type in ( select wanopt_app_type fro
m traffic_log where subtype=\'wanopt-traffic\' and ###timestamp_to_oid(traffic_l
og)### group by wanopt_app_type order by sum(wan_in+wan_out) desc limit 5) ) wh
en 1 then wanopt_app_type else \'unknown\' end) as wanopt_app_type, sum(wan_in+w
an_out)/1000000.0 as wan, max(coalesce((sum(wan_in+wan_out)*100.0/(select sum(wa
n_in+wan_out) from traffic_log where subtype=\'wanopt-traffic\' and ###timestamp
_to_oid(traffic_log)###)),0.0),0.0) as percentage from traffic_log where subtype
=\'wanopt-traffic\' and timestamp >=F_TIMESTAMP(\'now\',\'hour\',\'-23\') group
by wanopt_app_type order by wan desc"
next
edit "voip.Top10.Source.Volume"
###timestamp_to_oid(traffic_log)### and (app_cat=\'voip\' or ((app_cat is null o
r app_cat=\'N/A\') and lower(service) in (\'5060/udp\', \'5060/tcp\', \'2000/tc
p\') ) group by src order by volume desc limit 10"
next
edit "vpn.Top10.Peers.Volume"
###timestamp_to_oid(traffic_log)### and (vpn is not null and vpn!=\'n/a\' and vp
n!=\'N/A\') and status=\'accept\' group by dst order by volume desc limit 10"
next
edit "vpn.Top10.Sources.Volume"
###timestamp_to_oid(traffic_log)### and (vpn is not null and vpn!=\'n/a\' and vp
n!=\'N/A\') and status=\'accept\' group by src order by volume desc limit 10"
next
edit "vpn.Top10.Tunnels.Volume"
set query "select vpn as vpn_tunnel, sum(sent+rcvd) as volume from traf
fic_log where ###timestamp_to_oid(traffic_log)### and (vpn_tunnel is not null an
d vpn_tunnel!=\'n/a\' and vpn_tunnel!=\'N/A\') and status=\'accept\' group by vp
n_tunnel order by volume desc limit 10"
next
edit "vpn.Top10.User.SSL.Volume"
set query "select user, sum(sent+rcvd) as volume from event_log where #
##timestamp_to_oid(event_log)### and (user is not null and user!=\'N/A\') and su
btype=\'sslvpn-user\' and action=\'tunnel-down\' group by user order by volume d
esc limit 10"
next
edit "vpn.Top10.Ipsec.Dest.Volume"
set query "select dst, sum(sent+rcvd) as volume from event_log where ##
#timestamp_to_oid(event_log)### and subtype=\'ipsec\' and (dst is not null and d
st!=\'N/A\') group by dst order by volume desc limit 10"
next
edit "vpn.Top10.Ipsec.Source.Volume"
set query "select src, sum(sent+rcvd) as volume from event_log where ##
#timestamp_to_oid(event_log)### and subtype=\'ipsec\' and (src is not null and s
rc!=\'N/A\') group by src order by volume desc limit 10"
next
edit "vpn.Top10.Ipsec.Peers.Volume"
set query "select remote_ip, sum(sent+rcvd) as volume from event_log wh
ere ###timestamp_to_oid(event_log)### and subtype=\'ipsec\' group by remote_ip o
rder by volume desc limit 10"
next
edit "vpn.Last10.User.SSL.Login"
set query "select user, datetime(timestamp - duration, \'unixepoch\',\'l
ocaltime\') start_time, duration, sent + rcvd volume from event_log where (user
is not null and user!=\'N/A\') and lower(subtype)=\'sslvpn-user\' and lower(act
ion)=\'tunnel-down\' order by timestamp desc limit 10"
next
edit "vpn.Last10.DialupIPsecUser.Login"
set query "select user, duration, timestamp, sum(sent+rcvd) as volume f
rom event_log where (user is not null and user!=\'N/A\') and subtype=\'ipsec\' g
roup by user order by timestamp desc limit 10"
next
edit "vpn.Last10.StaticIPsecTunnel"
set query "select tunnel, duration, timestamp, sum(sent+rcvd) as volume
from event_log where (tunnel is not null and tunnel!=\'N/A\') and subtype=\'ips
ec\' group by tunnel order by timestamp desc limit 10"
next
edit "wf.Top10.Dest.Volume"
set query "select dst, sum(sent+rcvd) as volume from traffic_log where #
##timestamp_to_oid(traffic_log)### and lower(service) in (\'http\',\'80/tcp\',\'
https\',\'443/tcp\') and status=\'accept\' group by dst order by volume desc lim
it 10"
next
edit "wf.Top10.Source.Volume"
set query "select src, sum(sent+rcvd) as volume from traffic_log where #
https\',\'443/tcp\') and status=\'accept\' group by src order by volume desc lim
it 10"
next
edit "wf.Top10.Client.Volume"
set query "select src, sum(sent+rcvd) as volume from traffic_log where #
https\',\'443/tcp\') and status=\'accept\' group by src order by volume desc lim
it 10"
next
edit "wf.Top10.Servers.Connection"
set query "select dst, count(*) as totalnum from webfilter_log where ###
timestamp_to_oid(webfilter_log)### group by dst order by totalnum desc limit 10"
next
edit "wf.Top10.Sites"
set query "select hostname, count(*) as totalnum from webfilter_log wher
e ###timestamp_to_oid(webfilter_log)### and (hostname is not null and hostname!=
\'N/A\') group by hostname order by totalnum desc limit 10"
next
edit "wf.Top10.Sites.Blocked"
set query "select hostname, count(*) as totalnum from webfilter_log wher
e ###timestamp_to_oid(webfilter_log)### and (hostname is not null and hostname!=
\'N/A\') and status=\'blocked\' group by hostname order by totalnum desc limit 1
0"
next
edit "wf.Top10.Users.Blocked"
set query "select (CASE WHEN user!=\'\' THEN user ELSE src END) as user
s, count(*) as totalnum from webfilter_log where ###timestamp_to_oid(webfilter_l
og)### and status=\'blocked\' group by users order by totalnum desc limit 10"
next
edit "wf.Top10.Users"
set query "select (CASE WHEN user!=\'\' THEN user ELSE src END) as user
s, count(*) as totalnum from webfilter_log where ###timestamp_to_oid(webfilter_l
og)### group by users order by totalnum desc limit 10"
next
edit "wf.Top10.Category"
set query "select cat, count(*) as totalnum from webfilter_log where ###
timestamp_to_oid(webfilter_log)### and (cat is not null or cat!=\'N/A\') group
by cat order by totalnum desc limit 10"
next
edit "wf.Dist.Clients"
set query "select src as clients, count(*) as totalnum from webfilter_lo
g where ###timestamp_to_oid(webfilter_log)### group by clients order by totalnum
desc limit 10"
next
edit "wf.Dist.Category"
set query "select cat, count(*) as totalnum from webfilter_log where ###
timestamp_to_oid(webfilter_log)### and (cat is not null or cat!=\'N/A\') group
by cat order by totalnum desc"
next
edit "wf.Count.Volume"
) as volume from traffic_log where ###timestamp_to_oid(traffic_log)### and lower

(service) in (\'http\',\'80/tcp\',\'https\',\'443/tcp\') and status=\'accept\' g
roup by hourstamp order by hourstamp desc"
next
edit "netscan.Top10.OS"
set query "select os, count(*) as totalnum from netscan_log where ###tim
estamp_to_oid(netscan_log)### and subtype=\'discovery\' and action=\'host-detect
ion\' group by os order by totalnum desc limit 10"
next
edit "netscan.Top10.Service"
set query "select service, count(*) as totalnum from netscan_log where #
##timestamp_to_oid(netscan_log)### and subtype=\'discovery\' and action=\'servic
e-detection\' group by service order by totalnum desc limit 10"
next
edit "netscan.Top10.Service.TCP"
e-detection\' and proto=\'tcp\' group by service order by totalnum desc limit 10
"
next
edit "netscan.Top10.Service.UDP"
e-detection\' and proto=\'udp\' group by service order by totalnum desc limit 10
"
next
edit "netscan.Dist.Vuln.Severity"
set query "select severity, count(*) as totalnum, (case severity when \'
critical\' then 1 when \'high\' then 2 when \'medium\' then 3 when \'low\' then
4 when \'information\' then 5 else 6 end) as severity_rank from netscan_log wher
e ###timestamp_to_oid(netscan_log)### and subtype=\'vulnerability\' and action=\
'vuln-detection\' group by severity_rank order by severity_rank"
next
edit "netscan.Dist.Vuln.Category"
set query "select vuln_cat, count(*) as totalnum from netscan_log where
###timestamp_to_oid(netscan_log)### and subtype=\'vulnerability\' and action=\'
vuln-detection\' group by vuln_cat order by totalnum desc"
next
edit "traffic.bandwidth.app_cats"
set query "select ft_ifnull(app_cat, \'unknown\') app_cat, sum(ifnull(rc
vd,0) + ifnull(sent,0) + ifnull(lan_in,0) + ifnull(lan_out,0)) bandwidth from tr
affic_log where ###timestamp_to_oid(traffic_log)### and log_id in (2,5, 8,9,10)
group by app_cat order by bandwidth desc limit 10"
config field
edit 1
set displayname "Application Category"
next
edit 2
set type double
set displayname "Bandwidth"
next
end
next
edit "traffic.bandwidth.apps.app_cat"
set query "select ft_ifnull(ft_ifnull(app, service), \'unknown\') appnam
e, sum(ifnull(rcvd,0) + ifnull(sent,0) + ifnull(lan_in,0) + ifnull(lan_out,0)) a
s bandwidth from traffic_log where ###timestamp_to_oid(traffic_log)### and ft_if
null(app_cat, \'unknown\')=\'###parameter1###\' and log_id in (2,5, 8,9,10) grou
p by appname order by bandwidth desc limit 10 "
config field
edit 1
set displayname "App Name or Service"
next
edit 2
set type double
next
end
next
edit "traffic.bandwidth.users.app"
set query "select ft_ifnull(ft_ifnull(user,src), \'unknown\') userip, su
m(ifnull(rcvd,0) + ifnull(sent,0) + ifnull(lan_in,0) + ifnull(lan_out,0)) as ban
dwidth from traffic_log where ###timestamp_to_oid(traffic_log)### and ft_ifnull
(ft_ifnull(app, service), \'unknown\')=\'###parameter1###\' and log_id in (2,5,
8,9,10) group by userip order by bandwidth desc limit 10"
config field
edit 1
set displayname "User Name or IP"
next
edit 2
set type double
next
end
next
edit "traffic.bandwidth.apps.user"
e, sum(ifnull(rcvd,0) + ifnull(sent,0) + ifnull(lan_in,0) + ifnull(lan_out,0)) a
s bandwidth from traffic_log where ###timestamp_to_oid(traffic_log)### and ft_i
fnull(ft_ifnull(user,src), \'unknown\')=\'###parameter1###\' and log_id in (2,5,
8,9,10) group by appname order by bandwidth desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "traffic.sessions.app_cats"
set query "select ft_ifnull(app_cat, \'unknown\') app_cat, count(*) sess
ions from traffic_log where ###timestamp_to_oid(traffic_log)### and log_id in (2
,5, 8,9,10) group by app_cat order by sessions desc limit 10"
config field
edit 1
next
edit 2
set type double
set displayname "Sessions"
next
end
next
edit "traffic.sessions.apps.app_cat"
e, count(*) sessions from traffic_log where ###timestamp_to_oid(traffic_log)###
and log_id in (2,5, 8,9,10) and ft_ifnull(app_cat, \'unknown\')=\'###parameter1#
##\' group by appname order by sessions desc limit 10 "
config field
edit 1
next
edit 2
set type double
next
end
next
edit "traffic.sessions.users.app"
set query "select ft_ifnull(ft_ifnull(user,src), \'unknown\') userip, co
unt(*) sessions from traffic_log where ###timestamp_to_oid(traffic_log)### and l
og_id in (2,5, 8,9,10) and ft_ifnull(ft_ifnull(app, service), \'unknown\')=\'###
parameter1###\' group by userip order by sessions desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "traffic.sessions.apps.user"
and log_id in (2,5, 8,9,10) and ft_ifnull(ft_ifnull(user,src), \'unknown\')=\'##
#parameter1###\' group by appname order by sessions desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "traffic.bandwidth.users"
m(ifnull(rcvd,0) + ifnull(sent,0) + ifnull(lan_in,0) + ifnull(lan_out,0)) bandwi
dth from traffic_log where ###timestamp_to_oid(traffic_log)### and log_id in (2,
5, 8,9,10) group by userip order by bandwidth desc limit 10"
config field
edit 1
next
edit 2
set type double
set displayname "Bandwith"
next
end
next
edit "traffic.bandwidth.app_cats.user"
set query "select ft_ifnull(app_cat, \'unknown\') app_cat, sum(ifnull(rc
vd,0) + ifnull(sent,0) + ifnull(lan_in,0) + ifnull(lan_out,0)) bandwidth from tr
affic_log where ###timestamp_to_oid(traffic_log)### and ft_ifnull(ft_ifnull(user
,src), \'unknown\')=\'###parameter1###\' and log_id in (2,5, 8,9,10) group by ap
p_cat order by bandwidth desc limit 10"

config field
edit 1
next
edit 2
set type double
set displayname "Bandwith"
next
end
next
edit "traffic.sessions.users"
unt(*) sessions from traffic_log where ###timestamp_to_oid(traffic_log)### and l
og_id in (2,5, 8,9,10) group by userip order by sessions desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "traffic.sessions.app_cats.user"
set query "select ft_ifnull(app_cat, \'unknown\') app_cat, count(*) sess
ions from traffic_log where ###timestamp_to_oid(traffic_log)### and log_id in (2
,5, 8,9,10) and ft_ifnull(ft_ifnull(user,src), \'unknown\')=\'###parameter1###\'
group by app_cat order by sessions desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "traffic.bandwidth.wanopt"
set query "select \'LAN\' as interface, sum(lan_in + lan_out) as bandwid
th from traffic_log where lower(subtype)=\'wanopt-traffic\' and ###timestamp_to_
oid(traffic_log)### union select \'WAN\' as interface, sum(wan_in + wan_out) as
bandwidth from traffic_log where lower(subtype)=\'wanopt-traffic\' and ###timest
amp_to_oid(traffic_log)###"
config field
edit 1
set displayname "Interface"
next
edit 2
set type double
next
end
next
edit "traffic.bandwidth.dstcountries"
set query "create temp table top_dst_country(dst_country text, bandwidth
integer); insert into top_dst_country select dst_country, sum(ifnull(rcvd,0) +
ifnull(sent,0) + ifnull(lan_in,0) + ifnull(lan_out,0)) bandwidth from traffic_lo
g where ###timestamp_to_oid(traffic_log)### and ft_ifnull(dst_country,\'\')<>\'\

' and log_id in (2,5, 8,9,10) group by dst_country order by bandwidth desc limit
9; select * from top_dst_country union select \'others\', bandwidth from (sele
ct sum(ifnull(rcvd,0) + ifnull(sent,0) + ifnull(lan_in,0) + ifnull(lan_out,0)) b
andwidth from traffic_log where ###timestamp_to_oid(traffic_log)### and ft_ifnul
l(dst_country,\'\')<>\'\' and log_id in (2,5, 8,9,10) and dst_country not in (se
lect dst_country from top_dst_country) ) where bandwidth<>0"
config field
edit 1
set displayname "Country"
next
edit 2
set type double
next
end
next
edit "traffic.bandwidth.users.dstcountry"
dth from traffic_log where ###timestamp_to_oid(traffic_log)### and dst_country=
\'###parameter1###\' and log_id in (2,5, 8,9,10) group by userip order by bandwi
dth desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "traffic.bandwidth.dstcountries.user"
set query "select ft_ifnull(dst_country, \'unknown\') dst_country, sum(i
fnull(rcvd,0) + ifnull(sent,0) + ifnull(lan_in,0) + ifnull(lan_out,0)) bandwidth
from traffic_log where ###timestamp_to_oid(traffic_log)### and ft_ifnull(dst_co
untry,\'\')<>\'\' and ft_ifnull(ft_ifnull(user,src), \'unknown\')=\'###parameter
1###\' and log_id in (2,5, 8,9,10) group by dst_country order by bandwidth desc
limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "traffic.bandwidth.apps.dstcountry"
e, sum(ifnull(rcvd,0) + ifnull(sent,0) + ifnull(lan_in,0) + ifnull(lan_out,0)) b
andwidth from traffic_log where ###timestamp_to_oid(traffic_log)### and dst_coun
try=\'###parameter1###\' and log_id in (2,5, 8,9,10) group by appname order by b
andwidth desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "traffic.sessions.dstcountries"
set query "create temp table top_dst_country(dst_country text, sessions
integer); insert into top_dst_country select dst_country, count(*) sessions from
traffic_log where ###timestamp_to_oid(traffic_log)### and ft_ifnull(dst_country
,\'\')<>\'\' and log_id in (2,5, 8,9,10) group by dst_country order by sessions
desc limit 9; select * from top_dst_country union select \'others\', sessions fr
om (select count(*) sessions from traffic_log where ###timestamp_to_oid(traffic_
log)### and ft_ifnull(dst_country,\'\')<>\'\' and dst_country not in (select dst
_country from top_dst_country) and log_id in (2,5, 8,9,10) ) where sessions<>0"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "traffic.sessions.users.dstcountry"
unt(*) sessions from traffic_log where ###timestamp_to_oid(traffic_log)### and
dst_country=\'###parameter1###\' and log_id in (2,5, 8,9,10) group by userip ord
er by sessions desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "traffic.sessions.dstcountries.user"
set query "select ft_ifnull(dst_country, \'unknown\') dst_country, count
(*) sessions from traffic_log where ###timestamp_to_oid(traffic_log)### and ft_i
fnull(dst_country,\'\')<>\'\' and ft_ifnull(ft_ifnull(user,src), \'unknown\')=\'
###parameter1###\' and log_id in (2,5, 8,9,10) group by dst_country order by se
ssions desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "traffic.sessions.apps.dstcountry"
and dst_country=\'###parameter1###\' and log_id in (2,5, 8,9,10) group by appnam
e order by sessions desc limit 10"

config field
edit 1
next
edit 2
set type double
next
end
next
edit "web.allowed-request.web_cats"
set query "select ft_ifnull(cat_desc, \'unknown\') cat_desc, count(*) re
quests from webfilter_log where ###timestamp_to_oid(webfilter_log)### and lower(
status) <> \'blocked\' group by cat_desc order by requests desc limit 10"
config field
edit 1
set displayname "Web Category"
next
edit 2
set type double
set displayname "Requests"
next
end
next
edit "web.allowed-request.users.web_cat"
unt(*) requests from webfilter_log where ###timestamp_to_oid(webfilter_log)### a
nd lower(status) <> \'blocked\' and ft_ifnull(cat_desc, \'unknown\')=\'###parame
ter1###\' group by userip order by requests desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "web.allowed-request.sites.user"
set query "select ft_ifnull(hostname, \'unknown\') hostname, count(*) re
status) <> \'blocked\' and ft_ifnull(ft_ifnull(user,src), \'unknown\')=\'###para
meter1###\' group by hostname order by requests desc limit 10"
config field
edit 1
set displayname "Website"
next
edit 2
set type double
next
end
next
edit "web.blocked-request.web_cats"
set query "select ft_ifnull(cat_desc, \'unknown\') cat_desc, count(*) re
status) = \'blocked\' group by cat_desc order by requests desc limit 10"
config field
edit 1
set displayname "Web Category"
next
edit 2
set type double
next
end
next
edit "web.blocked-request.users.web_cat"
nd lower(status) = \'blocked\' and ft_ifnull(cat_desc, \'unknown\')=\'###paramet
er1###\' group by userip order by requests desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "web.blocked-request.sites.user"
status) = \'blocked\' and ft_ifnull(ft_ifnull(user,src), \'unknown\')=\'###param
eter1###\' group by hostname order by requests desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "web.requests.phrases"
set query "select keyword, count(*) requests from webfilter_log where ##
#timestamp_to_oid(webfilter_log)### and ft_ifnull(keyword,\'\')<>\'\' group by k
eyword order by requests desc limit 10"
config field
edit 1
set displayname "Keyword"
next
edit 2
set type double
next
end
next
edit "web.requests.users.phrase"
nd keyword = \'###parameter1###\' group by userip order by requests desc limit 1
0"
config field
edit 1

next
edit 2
set type double
next
end
next
edit "web.requests.phrases.user"
set query "select keyword, count(*) requests from webfilter_log where ##
#timestamp_to_oid(webfilter_log)### and ft_ifnull(keyword,\'\')<>\'\' and ft_ifn
ull(ft_ifnull(user,src), \'unknown\')=\'###parameter1###\' group by keyword orde
r by requests desc limit 10"
config field
edit 1
set displayname "Keyword"
next
edit 2
set type double
next
end
next
edit "web.allowed-request.sites"
status) <> \'blocked\' group by hostname order by requests desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "web.allowed-request.users.site"
nd lower(status) <> \'blocked\' and ft_ifnull(hostname, \'unknown\')=\'###parame
ter1###\' group by userip order by requests desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "web.blocked-request.sites"
status) = \'blocked\' group by hostname order by requests desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "web.blocked-request.users.site"
nd lower(status) = \'blocked\' and ft_ifnull(hostname, \'unknown\')=\'###paramet
er1###\' group by userip order by requests desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "web.bandwidth.sites"
set query "select ft_ifnull(hostname, \'unknown\') hostname, sum(ifnull(
rcvd,0) + ifnull(sent,0)) bandwidth from webfilter_log where ###timestamp_to_oid
(webfilter_log)### group by hostname order by bandwidth desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "web.bandwidth.users.site"
m(ifnull(rcvd,0) + ifnull(sent,0)) bandwidth from webfilter_log where ###timesta
mp_to_oid(webfilter_log)### and ft_ifnull(hostname, \'unknown\')=\'###parameter1
###\' group by userip order by bandwidth desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "web.bandwidth.sites.user"
(webfilter_log)### and ft_ifnull(ft_ifnull(user,src), \'unknown\')=\'###paramete
r1###\' group by hostname order by bandwidth desc limit 10"
config field
edit 1
next
edit 2
set type double

next
end
next
edit "web.bandwidth.stream-sites"
(webfilter_log)### and cat=25 group by hostname order by bandwidth desc limit 10
"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "web.bandwidth.users.stream-site"
m(ifnull(rcvd,0) + ifnull(sent,0)) bandwidth from webfilter_log where ###timesta
mp_to_oid(webfilter_log)### and cat=25 and ft_ifnull(hostname, \'unknown\')=\'##
#parameter1###\' group by userip order by bandwidth desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "web.bandwidth.stream-sites.user"
(webfilter_log)### and cat=25 and ft_ifnull(ft_ifnull(user,src), \'unknown\')=\'
###parameter1###\' group by hostname order by bandwidth desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "email.request.senders"
set query "select ft_ifnull(\"from\", \'unknown\') sender, count(*) requ
ests from spamfilter_log where ###timestamp_to_oid(spamfilter_log)### and lower
(service) in (\'smtp\', \'25/tcp\', \'smtps\', \'465/tcp\', \'http\', \'80/tcp\'
, \'https\', \'443/tcp\') and pri=\'information\' group by sender order by reque
sts desc limit 10 "
config field
edit 1
set displayname "Email Sender"
next
edit 2
set type double
set displayname "Emails"
next
end
next
edit "email.request.timeperiods.sender"
set query "select ft_localtruncate(timestamp, \'H\') timestamp, \'###par
ameter1###\' sender, count(*) requests from spamfilter_log where ###timestamp_to
_oid(spamfilter_log)### and lower(service) in (\'smtp\', \'25/tcp\', \'smtps\',
\'465/tcp\', \'http\', \'80/tcp\', \'https\', \'443/tcp\') and ft_ifnull(\"from\
", \'unknown\') =\'###parameter1###\' and pri=\'information\' group by timestam
p, sender order by timestamp, user "
config field
edit 1
set type double
set displayname "Date Time"
next
edit 2
next
edit 3
set type double
next
end
next
edit "email.bandwidth.senders"
set query "select ft_ifnull(\"from\", \'unknown\') sender, sum(ifnull(rc
vd,0) + ifnull(sent,0)) bandwidth from spamfilter_log where ###timestamp_to_oid(
spamfilter_log)### and lower(service) in (\'smtp\', \'25/tcp\', \'smtps\', \'46
5/tcp\', \'http\', \'80/tcp\', \'https\', \'443/tcp\') and pri=\'information\' g
roup by sender order by bandwidth desc limit 10 "
config field
edit 1
next
edit 2
set type double
next
end
next
edit "email.bandwidth.timeperiods.sender"
ameter1###\' sender, sum(ifnull(rcvd,0) + ifnull(sent,0)) bandwidth from spamfil
ter_log where ###timestamp_to_oid(spamfilter_log)### and lower(service) in (\'sm
tp\', \'25/tcp\', \'smtps\', \'465/tcp\', \'http\', \'80/tcp\', \'https\', \'443
/tcp\') and ft_ifnull(\"from\", \'unknown\')=\'###parameter1###\' and pri=\'info
rmation\' group by timestamp, user order by timestamp, sender "
config field
edit 1
set type double
next
edit 2
next
edit 3
set type double

next
end
next
edit "email.request.receivers"
set query "select ft_ifnull(ft_firstitem(\"to\"), \'unknown\') receiver,
count(*) requests from spamfilter_log where ###timestamp_to_oid(spamfilter_log)
### and lower(service) in (\'pop3\', \'110/tcp\', \'imap\', \'143/tcp\', \'imaps
\', \'993/tcp\', \'pop3s\', \'995/tcp\') and pri=\'information\' group by receiv
er order by requests desc limit 10 "
config field
edit 1
set displayname "Email Recipient"
next
edit 2
set type double
next
end
next
edit "email.request.timeperiods.receiver"
ameter1###\' receiver, count(*) requests from spamfilter_log where ###timestamp_
to_oid(spamfilter_log)### and lower(service) in (\'pop3\', \'110/tcp\', \'imap\'
, \'143/tcp\', \'imaps\', \'993/tcp\', \'pop3s\', \'995/tcp\') and ft_ifnull(ft_
firstitem(\"to\"), \'unknown\') =\'###parameter1###\' and pri=\'information\' gr
oup by timestamp, receiver order by timestamp, user "
config field
edit 1
set type double
next
edit 2
set displayname "Email Recipient"
next
edit 3
set type double
next
end
next
edit "virus.count.viruses"
set query "select ft_ifnull(virus, \'unknown\') virus, count(*) virus_co
unt from antivirus_log where ###timestamp_to_oid(antivirus_log)### and lower(sub
type)=\'infected\' group by virus order by virus_count desc limit 10"
config field
edit 1
set displayname "Virus Name"
next
edit 2
set type double
set displayname "Occurrence"
next
end
next
edit "virus.count.users.virus"
unt(*) virus_count from antivirus_log where ###timestamp_to_oid(antivirus_log)##
# and ft_ifnull(virus, \'unknown\')=\'###parameter1###\' and lower(subtype)=\'in
fected\' group by userip order by virus_count desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "virus.count.viruses.user"
type)=\'infected\' and ft_ifnull(ft_ifnull(user,src), \'unknown\')=\'###paramete
r1###\' group by virus order by virus_count desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "virus.count.users"
unt(*) virus_count from antivirus_log where ###timestamp_to_oid(antivirus_log)##
# and lower(subtype)=\'infected\' group by userip order by virus_count desc limi
t 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "virus.count.protocols"
set query "select ft_ifnull(service, \'unknown\') service, count(*) viru
s_count from antivirus_log where ###timestamp_to_oid(antivirus_log)### and lower
(subtype)=\'infected\' group by service order by virus_count desc limit 10"
config field
edit 1
set displayname "Service"
next
edit 2
set type double
next
end
next
edit "virus.count.viruses.protocol"
type)=\'infected\' and ft_ifnull(service, \'unknown\')=\'###parameter1###\' grou
p by virus order by virus_count desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "attack.count.critical-attacks"
set query "select ft_ifnull(attack_name, \'unknown\') attack_name, count
(*) attack_count from attack_log where ###timestamp_to_oid(attack_log)### and lo
wer(severity) in (\'critical\', \'high\') group by attack_name order by attack_c
ount desc limit 10"
config field
edit 1
set displayname "Attack Name"
next
edit 2
set type double
next
end
next
edit "attack.count.users.critical-attack"
unt(*) attack_count from attack_log where ###timestamp_to_oid(attack_log)### and
lower(severity) in (\'critical\', \'high\') and ft_ifnull(attack_name, \'unknow
n\')=\'###parameter1###\' group by userip order by attack_count desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "attack.count.critical-attacks.user"
(*) attack_count from attack_log where ###timestamp_to_oid(attack_log)### and lo
wer(severity) in (\'critical\', \'high\') and ft_ifnull(ft_ifnull(user,src), \'u
nknown\')=\'###parameter1###\' group by attack_name order by attack_count desc l
imit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "attack.count.attacks"
(*) attack_count from attack_log where ###timestamp_to_oid(attack_log)### group
by attack_name order by attack_count desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "attack.count.users.attack"
unt(*) attack_count from attack_log where ###timestamp_to_oid(attack_log)### and
ft_ifnull(attack_name, \'unknown\')=\'###parameter1###\' group by userip order
by attack_count desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "attack.count.attacks.user"
(*) attack_count from attack_log where ###timestamp_to_oid(attack_log)### and ft
_ifnull(ft_ifnull(user,src), \'unknown\')=\'###parameter1###\' group by attack_n
ame order by attack_count desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "vpn.bandwidth.static-tunnels"
set query "select vpn, sum(ifnull(rcvd,0) + ifnull(sent,0) + ifnull(lan_
in,0) + ifnull(lan_out,0)) bandwidth FROM traffic_log where ###timestamp_to_oid(
traffic_log)### and ft_ifnull(vpn,\' \')!=\' \' and lower(status)=\'accept\' and
lower(vpn_type)=\'ipsec-static\' group by vpn order by bandwidth desc limit 10"
config field
edit 1
set displayname "VPN Tunnel"
next
edit 2
set type double
next
end
next
edit "vpn.bandwidth.users.static-tunnel"
dth FROM traffic_log where ###timestamp_to_oid(traffic_log)### and vpn=\'###para
meter1###\' and lower(status)=\'accept\' and lower(vpn_type)=\'ipsec-static\' gr
oup by userip order by bandwidth desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "vpn.bandwidth.static-tunnels.user"
set query "select vpn, sum(ifnull(rcvd,0) + ifnull(sent,0) + ifnull(lan_
in,0) + ifnull(lan_out,0)) bandwidth FROM traffic_log where ###timestamp_to_oid(
traffic_log)### and ft_ifnull(vpn,\' \')!=\' \' and lower(status)=\'accept\' and
ft_ifnull(ft_ifnull(user,src), \'unknown\')=\'###parameter1###\' and lower(vpn_
type)=\'ipsec-static\' group by vpn order by bandwidth desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "vpn.bandwidth.ssl-sources"
set query "select ft_ifnull(remote_ip, \'unknown\') remote_ip, sum(rcvd+
sent) bandwidth from event_log where ###timestamp_to_oid(event_log)### and lower
(subtype) = \'sslvpn-user\' and lower(action)=\'tunnel-down\' group by remote_ip
order by bandwidth desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "vpn.bandwidth.users.ssl-source"
m(rcvd+sent) bandwidth from event_log where ###timestamp_to_oid(event_log)### an
d lower(subtype)=\'sslvpn-user\' and lower(action)=\'tunnel-down\' and ft_ifnull
(remote_ip, \'unknown\')=\'###parameter1###\' group by userip order by bandwidth
desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "vpn.bandwidth.ssl-sources.user"
set query "select ft_ifnull(remote_ip, \'unknown\') remote_ip, sum(rcvd+
sent) bandwidth from event_log where ###timestamp_to_oid(event_log)### and lower
(subtype)=\'sslvpn-user\' and lower(action)=\'tunnel-down\' and ft_ifnull(ft_ifn

ull(user,src), \'unknown\')=\'###parameter1###\' group by remote_ip order by ban
dwidth desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "vpn.bandwidth.dynamic-tunnels"
set query "select vpn_tunnel, sum(ifnull(rcvd,0) + ifnull(sent,0) + ifnu
ll(lan_in,0) + ifnull(lan_out,0)) bandwidth FROM traffic_log where ###timestamp_
to_oid(traffic_log)### and ft_ifnull(vpn,\' \')!=\' \' and lower(status)=\'accep
t\' and lower(vpn_type)=\'ipsec-dynamic\' group by vpn_tunnel order by bandwidth
desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "vpn.bandwidth.users.dynamic-tunnel"
dth FROM traffic_log where ###timestamp_to_oid(traffic_log)### and vpn_tunnel=\'
###parameter1###\' and lower(status)=\'accept\' and lower(vpn_type)=\'ipsec-dyna
mic\' group by userip order by bandwidth desc limit 10"
config field
edit 1
next
edit 2
set type double
next
end
next
edit "vpn.bandwidth.dynamic-tunnels.user"
set query "select vpn_tunnel, sum(ifnull(rcvd,0) + ifnull(sent,0) + ifnu
ll(lan_in,0) + ifnull(lan_out,0)) bandwidth FROM traffic_log where ###timestamp_
to_oid(traffic_log)### and ft_ifnull(vpn,\' \')!=\' \' and lower(status)=\'accep
t\' and ft_ifnull(ft_ifnull(user,src), \'unknown\')=\'###parameter1###\' and low
er(vpn_type)=\'ipsec-dynamic\' group by vpn_tunnel order by bandwidth desc limit
10"
config field
edit 1
next
edit 2
set type double
next
end
next
end
config report chart
edit "appctrl.Count.Bandwidth.Top10.Apps.last24h"
set comments "Top 10 Application Bandwidth Usage Per Hour Summary"
set dataset "appctrl.Count.Bandwidth.Top10.Apps"
set category traffic
set graph-type flow
config x-series
set databind "field(1)"
set is-category no
set scale-format HH-MM
set scale-number-of-step 24
set scale-unit hour
end
config y-series
set group "field(2)"
end
next
edit "appctrl.Count.Bandwidth.Top10.P2PUser.last24h"
set comments "Top10 P2P User Bandwidth Usage Per Hour Summary"
set dataset "appctrl.Count.Bandwidth.Top10.P2PUser"
set graph-type flow
config x-series
set is-category no
set scale-unit hour
end
config y-series
end
next
edit "appctrl.Count.Bandwidth.Top10.MediaUser.last24h"
set comments "Top10 Media User Bandwidth Usage Per Hour Summary"
set dataset "appctrl.Count.Bandwidth.Top10.MediaUser"
set graph-type flow
config x-series
set is-category no
set scale-unit hour
end
config y-series
end
next
edit "appctrl.Top10.Users.Web.last24h"
set comments "Top 10 Web Users In Last 24 Hours"
set dataset "appctrl.Top10.Users.Web"
set category app-ctrl
next
edit "appctrl.Top10.Users.Media.last24h"
set comments "Top 10 Media Users In Last 24 Hours"
set dataset "appctrl.Top10.Users.Media"
set graph-type bar
config x-series
end
config y-series
end
next
edit "appctrl.Top10.Users.Email.last24h"
set comments "Top 10 Email Users In Last 24 Hours"
set dataset "appctrl.Top10.Users.Email"
set graph-type bar
config x-series
end
config y-series
end
next
edit "appctrl.Top10.Media.Source.last24h"
set comments "Top 10 Media Downloads By Source In Last 24 Hours"
set dataset "appctrl.Top10.Media.Source"
set graph-type bar
config x-series
end
config y-series
end
next
edit "appctrl.Top10.Media.Dest.last24h"
set comments "Top 10 Media Downloads By Destination In Last 24 Hours"
set dataset "appctrl.Top10.Media.Dest"
set graph-type bar
config x-series
end
config y-series
end
next
edit "appctrl.Top10.Apps.Bandwidth.last24h"
set comments "Top 10 Applications By Bandwidth In Last 24 Hours"
set dataset "appctrl.Top10.Apps.Bandwidth"
set graph-type bar
config x-series
end
config y-series
end
next
edit "appctrl.Top10.Apps.Used.last24h"
set comments "Top 10 Applications Used In Last 24 Hours"
set dataset "appctrl.Top10.Apps.Used"
set graph-type bar
config x-series
end
config y-series
end
next
edit "appctrl.Top10.P2P.Users.last24h"
set comments "Top 10 P2P Users In Last 24 Hours"
set dataset "appctrl.Top10.P2P.Users"
set graph-type bar
config x-series
end
config y-series
end
next
edit "appctrl.Top10.P2P.App.Volume.last24h"
set comments "Top 10 P2P Volume Per Application Last 24 Hours"
set dataset "appctrl.Top10.P2P.App.Volume"
set graph-type bar
config x-series
end
config y-series
end
next
edit "appctrl.Top10.P2P.Local.Peers.Blocked.last24h"
set comments "Top 10 Blocked P2P Local Peers Over Last 24 Hours"
set dataset "appctrl.Top10.P2P.Local.Peers.Blocked"
set graph-type bar
config x-series
end
config y-series
end
next
edit "appctrl.Top10.P2P.Local.Peers.BitTorrent.Blocked.last24h"
set comments "Top 10 Blocked Bittorrent Local Peers Over Last 24 Hours"
set dataset "appctrl.Top10.P2P.Local.Peers.BitTorrent.Blocked"
set graph-type bar
config x-series
end
config y-series
end
next
edit "appctrl.Top10.P2P.Local.Peers.eDonkey.Blocked.last24h"
set comments "Top 10 Blocked eDonkey Local Peers Over Last 24 Hours"
set dataset "appctrl.Top10.P2P.Local.Peers.eDonkey.Blocked"
set graph-type bar
config x-series
end
config y-series
end
next
edit "appctrl.Top10.P2P.Local.Peers.Gnutella.Blocked.last24h"
set comments "Top 10 Blocked Gnutella Local Peers Over Last 24 Hours"
set dataset "appctrl.Top10.P2P.Local.Peers.Gnutella.Blocked"
set graph-type bar
config x-series
end
config y-series
end
next
edit "appctrl.Top10.P2P.Local.Peers.KaZaa.Blocked.last24h"
set comments "Top 10 Blocked KaZaa Local Peers Over Last 24 Hours"
set dataset "appctrl.Top10.P2P.Local.Peers.KaZaa.Blocked"
set graph-type bar
config x-series
end
config y-series
end
next
edit "appctrl.Top10.P2P.Local.Peers.Skype.Blocked.last24h"
set comments "Top 10 Blocked Skype Local Peers Over Last 24 Hours"
set dataset "appctrl.Top10.P2P.Local.Peers.Skype.Blocked"
set graph-type bar
config x-series
end
config y-series
end
next
edit "appctrl.Top10.P2P.Local.Peers.WinNY.Blocked.last24h"
set comments "Top 10 Blocked WinNY Local Peers Over Last 24 Hours"
set dataset "appctrl.Top10.P2P.Local.Peers.WinNY.Blocked"
set graph-type bar
config x-series
end
config y-series
end
next
edit "appctrl.Top10.P2P.Local.Peers.Allowed.last24h"
set comments "Top 10 Allowed P2P Local Peers Over Last 24 Hours"
set dataset "appctrl.Top10.P2P.Local.Peers.Allowed"
set graph-type bar
config x-series
end
config y-series
end
next
edit "appctrl.Top10.P2P.Local.Peers.BitTorrent.Allowed.last24h"
set comments "Top 10 Allowed Bittorrent Local Peers Over Last 24 Hours"
set dataset "appctrl.Top10.P2P.Local.Peers.BitTorrent.Allowed"
set graph-type bar
config x-series
end
config y-series
end
next
edit "appctrl.Top10.P2P.Local.Peers.eDonkey.Allowed.last24h"
set comments "Top 10 Allowed eDonkey Local Peers Over Last 24 Hours"
set dataset "appctrl.Top10.P2P.Local.Peers.eDonkey.Allowed"
set graph-type bar
config x-series
end
config y-series
end
next
edit "appctrl.Top10.P2P.Local.Peers.Gnutella.Allowed.last24h"
set comments "Top 10 Allowed Gnutella Local Peers Over Last 24 Hours"
set dataset "appctrl.Top10.P2P.Local.Peers.Gnutella.Allowed"
set graph-type bar
config x-series
end
config y-series
end
next
edit "appctrl.Top10.P2P.Local.Peers.KaZaa.Allowed.last24h"
set comments "Top 10 Allowed KaZaa Local Peers Over Last 24 Hours"
set dataset "appctrl.Top10.P2P.Local.Peers.KaZaa.Allowed"
set graph-type bar
config x-series
end
config y-series
end
next
edit "appctrl.Top10.P2P.Local.Peers.Skype.Allowed.last24h"
set comments "Top 10 Allowed Skype Local Peers Over Last 24 Hours"
set dataset "appctrl.Top10.P2P.Local.Peers.Skype.Allowed"
set graph-type bar
config x-series
end
config y-series
end
next
edit "appctrl.Top10.P2P.Local.Peers.WinNY.Allowed.last24h"
set comments "Top 10 Allowed WinNY Local Peers Over Last 24 Hours"
set dataset "appctrl.Top10.P2P.Local.Peers.WinNY.Allowed"
set graph-type bar
config x-series
end
config y-series
end
next
edit "appctrl.Dist.Type.last24h"
set comments "Distribution Of Apps By Type In Last 24 Hours"
set dataset "appctrl.Dist.Type"
set graph-type pie
config category-series
end
config value-series
end
next
edit "appctrl.Count.P2P.Events.last24h"
set comments "Count Of P2P Pass/Block Events Over Last 24 Hours"
set dataset "appctrl.Count.P2P.Events"
set graph-type flow
config x-series
set is-category no
set scale-unit hour
end
config y-series
end
next
edit "attack.Top10.last24h"
set comments "Top 10 Attacks Over The Last 24 Hours"
set dataset "attack.Top10"
set category attack
set graph-type bar
config x-series
end
config y-series
set caption "Occurrences"
end
next
edit "attack.Top10.Source.last24h"
set comments "Top 10 Attack Sources Over The Last 24 Hours"
set dataset "attack.Top10.Source"
set category attack
set graph-type bar
config x-series
end
config y-series
end
next
edit "attack.Top10.Dest.last24h"
set comments "Top 10 Attack Destinations Over The Last 24 Hours"
set dataset "attack.Top10.Dest"
set category attack
set graph-type bar
config x-series
end
config y-series
end
next
edit "attack.Dist.Protocol.last24h"
set comments "Distribution Of Attack Protocols Over The Last 24 Hours"
set dataset "attack.Dist.Protocol"
set graph-type pie
end
config value-series
end
next
edit "av.Top10.Viruses.last24h"
set comments "Top 10 Viruses Detected In Last 24 Hours"
set dataset "av.Top10.Viruses"
set category virus
set graph-type bar
config x-series
end
config y-series
end
next
edit "av.Top10.Sources.last24h"
set comments "Top 10 Virus Sources In Last 24 Hours"
set dataset "av.Top10.Sources"
set category virus
set graph-type bar
config x-series

end
config y-series
end
next
edit "av.Top10.Sources.http.last24h"
set comments "Top 10 Http Virus Sources In Last 24 Hours"
set dataset "av.Top10.Sources.http"
set category virus
set graph-type bar
config x-series
end
config y-series
end
next
edit "av.Top10.File.Name.last24h"
set comments "Top 10 Infected Filenames In Last 24 Hours"
set dataset "av.Top10.File.Name"
set category virus
set graph-type bar
config x-series
end
config y-series
end
next
edit "av.Top10.File.Extension.last24h"
set comments "Top 10 Infected File Extensions In Last 24 Hours"
set dataset "av.Top10.File.Extension"
set category virus
set graph-type bar
config x-series
end
config y-series
end
next
edit "av.Dist.Violations.last24h"
set comments "Violation Breakdown (Infected/Oversize/File Block) In The
Last 24 Hours"
set dataset "av.Dist.Violations"
set category virus
set graph-type pie
end
config value-series
end
next
edit "av.Dist.Protocol.last24h"
set comments "Distribution Of Infections By Protocol In The Last 24 Hour
s"
set dataset "av.Dist.Protocol"
set category virus
set graph-type pie

end
config value-series
end
next
edit "av.Count.Viruses.last24h"
set comments "Number Of Virus Events In Last 24 Hours"
set dataset "av.Count.Viruses"
set category virus
set graph-type line
config x-series
set is-category no
set scale-unit hour
end
config y-series
end
next
edit "dlp.Top10.Email.Senders.last24h"
set comments "Top 10 Email Senders Triggering Dlp Rules Last 24 Hours"
set dataset "dlp.Top10.Email.Senders"
set category dlp
set graph-type bar
config x-series
end
config y-series
end
next
edit "dlp.Top10.Email.Receivers.last24h"
set comments "Top 10 Email Receivers Triggering Dlp Rules Last 24 Hours"
set dataset "dlp.Top10.Email.Receivers"
set category dlp
set graph-type bar
config x-series
end
config y-series
end
next
edit "dlp.Dist.Protocol.last24h"
set comments "Distribution Of Data Leaks By Protocol Over Last 24 Hours"
set dataset "dlp.Dist.Protocol"
set category dlp
set graph-type pie
end
config value-series
end
next
edit "email.Top10.Senders.last24h"
set comments "Top 10 Senders Over Last 24 Hours"
set dataset "email.Top10.Senders"
set category spam
set graph-type bar
config x-series
end
config y-series
end
next
edit "email.Top10.Receivers.last24h"
set comments "Top 10 Receivers Over Last 24 Hours"
set dataset "email.Top10.Receivers"
set category spam
set graph-type bar
config x-series
end
config y-series
end
next
edit "email.Top10.Spam.Sources.last24h"
set comments "Top 10 Spam Sources Over Last 24 Hours"
set dataset "email.Top10.Spam.Sources"
set category spam
set graph-type bar
config x-series
end
config y-series
end
next
edit "email.Usage.Incoming.last24h"
set comments "Number Of Incoming Mails (Pop3/IMAP) Over Last 24 Hours"
set dataset "email.Usage.Incoming"
set category spam
set graph-type line
config x-series
set is-category no
set scale-unit hour
end
config y-series
end
next
edit "email.Usage.Outgoing.last24h"
set comments "Number Of Outgoing Mails (SMTP) Over Last 24 Hours"
set dataset "email.Usage.Outgoing"
set category spam
set graph-type line
config x-series
set is-category no

set scale-unit hour
end
config y-series
end
next
edit "email.Dist.SpamvsClean.last24h"
set comments "Comparision Of Spam Vs Clean Distribution Over Last 24 Hou
rs"
set dataset "email.Dist.SpamvsClean"
set category spam
set graph-type pie
end
config value-series
end
next
edit "email.Count.Volume.last24h"
set comments "Count Of Mail By Size Over Last 24 Hours"
set dataset "email.Count.Volume"
set category spam
set graph-type line
config x-series
set is-category no
set scale-unit hour
end
config y-series
end
next
edit "event.Top10.All.last24h"
set comments "Top 10 Events In Last 24 Hours"
set dataset "event.Top10.All"
set category event
set graph-type bar
config x-series
end
config y-series
end
next
edit "event.Top10.Critical.last24h"
set comments "Top 10 Critical Events In Last 24 Hours"
set dataset "event.Top10.Critical"
set category event
set graph-type bar
config x-series
end
config y-series
end
next
edit "event.Top10.Emergency.last24h"
set comments "Top 10 Emergency Events In Last 24 Hours"
set dataset "event.Top10.Emergency"
set category event
set graph-type bar
config x-series
end
config y-series
end
next
edit "event.Usage.Mem.last24h"
set comments "Memory Usage Over Last 24 Hours"
set dataset "event.Usage.Mem"
set category event
set graph-type line
config x-series
set is-category no
set scale-unit hour
end
config y-series
end
next
edit "event.Usage.CPU.last24h"
set comments "CPU Usage Over Last 24 Hours"
set dataset "event.Usage.CPU"
set category event
set graph-type line
config x-series
set is-category no
set scale-unit hour
end
config y-series
end
next
edit "event.Dist.last24h"
set comments "Event Distribution Over Last 24 Hours"
set dataset "event.Dist"
set category event
set graph-type pie
end
config value-series
end
next
edit "event.Count.Sessions.last24h"
set comments "Count Of Active Firewall Sessions Over The Last 24 Hours"
set dataset "event.Count.Sessions"
set category event

set graph-type line
config x-series
set is-category no
set scale-unit hour
end
config y-series
end
next
edit "traffic.Top10.FTP.Pair.Volume.last24h"
set comments "Top 10 Ftp Client Server Pairs By Volume Over The Last 24
Hours"
set dataset "traffic.Top10.FTP.Pair.Volume"
set graph-type bar
config x-series
end
config y-series
end
next
edit "traffic.Top10.FTP.Servers.Volume.last24h"
set comments "Top 10 Ftp Servers Accessed By Volume Over Last 24 Hours"
set dataset "traffic.Top10.FTP.Servers.Volume"
set graph-type bar
config x-series
end
config y-series
end
next
edit "traffic.Top10.FTP.Clients.Volume.last24h"
set comments "Top 10 Ftp Clients By Volume Over Last 24 Hours"
set dataset "traffic.Top10.FTP.Clients.Volume"
set graph-type bar
config x-series
end
config y-series
end
next
edit "traffic.Top10.IM.Users.Volume.last24h"
set comments "Top 10 IM Users By Volume Over The Last 24 Hours"
set dataset "traffic.Top10.IM.Users.Volume"
set graph-type bar
config x-series
end
config y-series
end
next
edit "traffic.Top10.IM.Users.Blocked.last24h"
set comments "Top 10 Blocked IM Users Over The Last 24 Hours"
set dataset "traffic.Top10.IM.Users.Blocked"
set graph-type bar
config x-series
end
config y-series
end
next
edit "traffic.Dist.IM.Protocol.last24h"
set comments "Distribution Of IM Events Per Protocol Over Last 24 Hours"
set dataset "traffic.Dist.IM.Protocol"
set graph-type pie
end
config value-series
end
next
edit "traffic.Top10.Network.Dest.Volume.last24h"
set comments "Top 10 Network Destinations By Volume Over Last 24 Hours"
set dataset "traffic.Top10.Network.Dest.Volume"
set graph-type bar
config x-series
end
config y-series
end
next
edit "traffic.Top10.Network.Source.Volume.last24h"
set comments "Top 10 Network Sources By Volume Over Last 24 Hours"
set dataset "traffic.Top10.Network.Source.Volume"
set graph-type bar
config x-series
end
config y-series
end
next
edit "traffic.Top10.Network.Users.Source.Bandwidth.last24h"
set comments "Top 10 Users By Bandwidth And Source Over Last 24 Hours"
set dataset "traffic.Top10.Network.Users.Source.Bandwidth"
set graph-type bar
config x-series
end
config y-series
end
next
edit "traffic.Top10.Network.Dest.Blocked.last24h"
set comments "Top 10 Network Destinations Blocked (Denied) Over Last 24
Hours"
set dataset "traffic.Top10.Network.Dest.Blocked"
set graph-type bar
config x-series
end
config y-series
end
next
edit "traffic.Top10.Network.Source.Blocked.last24h"
set comments "Top 10 Network Sources Blocked (Denied) Over Last 24 Hours
"
set dataset "traffic.Top10.Network.Source.Blocked"
set graph-type bar
config x-series
end
config y-series
end
next
edit "traffic.Top10.Network.Policies.Blocked.last24h"
set comments "Top 10 Network Policies Blocked (Denied) Over Last 24 Hour
s"
set dataset "traffic.Top10.Network.Policies.Blocked"
set graph-type bar
config x-series
end
config y-series
end
next
edit "traffic.Dist.Network.Bandwidth.last24h"
set comments "Network Bandwidth Composition Over Last 24 Hours"
set dataset "traffic.Dist.Network.Bandwidth"
set graph-type bar
config x-series
set is-category no
set scale-unit hour
end
config y-series
end
next
edit "traffic.Count.Network.Session.last24h"
set comments "Count Of Network Sessions Over Last 24 Hours"
set dataset "traffic.Count.Network.Session"

set graph-type line
config x-series
set is-category no
set scale-unit hour
end
config y-series
end
next
edit "traffic.Count.Terminal.SSH.Volume.last24h"
set comments "Count Of SSH Terminal Client By Volume Over Last 24 Hours"
set dataset "traffic.Count.Terminal.SSH.Volume"
set graph-type line
config x-series
set is-category no
set scale-unit hour
end
config y-series
end
next
edit "traffic.Count.Terminal.Telnet.Volume.last24h"
set comments "Count Telnet Terminal Client By Volume Over Last 24 Hours"
set dataset "traffic.Count.Terminal.Telnet.Volume"
set graph-type line
config x-series
set is-category no
set scale-unit hour
end
config y-series
end
next
edit "traffic.Top10.Terminal.Volume.last24h"
set comments "Top 10 Terminal Clients By Volume Over Last 24 Hours"
set dataset "traffic.Top10.Terminal.Volume"
set graph-type bar
config x-series
end
config y-series
end
next
edit "traffic.Count.port1.Volume.last24h"
set comments "Traffic Volume Count Telnet For Port1 Interface Over Last
24 Hours"
set dataset "traffic.Count.port1.Volume"

set graph-type line
config x-series
set is-category no
set scale-unit hour
end
config y-series
end
next
edit "traffic.Count.WanOpt.Bandwidth.last24h"
set comments "Wan Opt Bandwidth Over Last 24 Hours"
set dataset "traffic.Count.WanOpt.Bandwidth"
set graph-type line
config x-series
set is-category no
set scale-unit hour
end
config y-series
set extra-databind "field(2)"
set extra-y enable
set extra-y-legend "LAN"
set y-legend "WAN"
end
next
edit "traffic.Dist.WanOpt.App.LAN.Bandwidth.last24h"
set comments "Wan Opt App In LAN Composition Over Last 24 Hours"
set dataset "traffic.Dist.WanOpt.App.LAN.Bandwidth"
set graph-type pie
set style manual
end
config value-series
end
next
edit "traffic.Dist.WanOpt.App.WAN.Bandwidth.last24h"
set comments "Wan Opt App In WAN Composition Over Last 24 Hours"
set dataset "traffic.Dist.WanOpt.App.WAN.Bandwidth"
set graph-type pie
set style manual
end
config value-series
end
next
edit "voip.Top10.Source.Volume"
set comments "Top 10 VoIP Sources By Volume"
set dataset "voip.Top10.Source.Volume"

set graph-type bar
config x-series
end
config y-series
end
next
edit "vpn.Top10.Peers.Volume.last24h"
set comments "Top 10 Peers By Volume Over Last 24 Hours"
set dataset "vpn.Top10.Peers.Volume"
set graph-type bar
config x-series
end
config y-series
end
next
edit "vpn.Top10.Sources.Volume.last24h"
set comments "Top 10 Sources By Volume Over Last 24 Hours"
set dataset "vpn.Top10.Sources.Volume"
set graph-type bar
config x-series
end
config y-series
end
next
edit "vpn.Top10.Tunnels.Volume.last24h"
set comments "Top 10 Tunnels By Volume Over Last 24 Hours"
set dataset "vpn.Top10.Tunnels.Volume"
set graph-type bar
config x-series
end
config y-series
end
next
edit "vpn.Top10.User.SSL.Volume.last24h"
set comments "Top 10 SSL Users By Volume Over Last 24 Hours"
set dataset "vpn.Top10.User.SSL.Volume"
set category event
set graph-type bar
config x-series
end
config y-series
end
next
edit "vpn.Top10.Ipsec.Dest.Volume.last24h"
set comments "Top 10 Ipsec Destinations By Volume Over Last 24 Hours"
set dataset "vpn.Top10.Ipsec.Dest.Volume"
set category event

set graph-type bar
config x-series
end
config y-series
end
next
edit "vpn.Top10.Ipsec.Source.Volume.last24h"
set comments "Top 10 Ipsec Sources By Volume Over Last 24 Hours"
set dataset "vpn.Top10.Ipsec.Source.Volume"
set category event
set graph-type bar
config x-series
end
config y-series
end
next
edit "vpn.Top10.Ipsec.Peers.Volume.last24h"
set comments "Top 10 Ipsec Peers By Volume Over Last 24 Hours"
set dataset "vpn.Top10.Ipsec.Peers.Volume"
set category event
set graph-type bar
config x-series
end
config y-series
end
next
edit "vpn.Last10.User.SSL.Login"
set type table
set comments "Table Of Last 10 Users To Login Via SSL"
set dataset "vpn.Last10.User.SSL.Login"
set category event
config column
edit 1
set detail-value "field(1)"
set header-value "User Name"
next
edit 2
set header-value "Start Time"
next
edit 3
set header-value "Duration seconds"
next
edit 4
set header-value "Traffic Volume"
next
end
next
edit "vpn.Last10.DialupIPsecUser.Login"
set type table
set comments "Table Of Last 10 Users To Login Via Dialup IPsec"
set dataset "vpn.Last10.DialupIPsecUser.Login"

set category event
config column
edit 1
set header-value "User Name"
next
edit 2
set header-value "Start Time"
next
edit 3
set header-value "Duration"
next
edit 4
next
end
next
edit "vpn.Last10.StaticIPsecTunnel"
set type table
set comments "Table Of Last 10 IPsec Static IPsec Tunnel Connections"
set dataset "vpn.Last10.StaticIPsecTunnel"
set category event
config column
edit 1
set header-value "Tunnel Name"
next
edit 2
set header-value "Tunnel Start Time"
next
edit 3
set header-value "Duration"
next
edit 4
next
end
next
edit "wf.Top10.Dest.Volume.last24h"
set comments "Top 10 Destinations By Volume Over Last 24 Hours"
set dataset "wf.Top10.Dest.Volume"
set category webfilter
set graph-type bar
config x-series
end
config y-series
end
next
edit "wf.Top10.Source.Volume.last24h"
set comments "Top 10 Sources By Volume Over Last 24 Hours"
set dataset "wf.Top10.Source.Volume"

set graph-type bar
config x-series
end
config y-series
end
next
edit "wf.Top10.Client.Volume.last24h"
set comments "Top 10 Web Clients By Volume Over Last 24 Hours"
set dataset "wf.Top10.Client.Volume"
set graph-type bar
config x-series
end
config y-series
end
next
edit "wf.Top10.Servers.Connection.last24h"
set comments "Top 10 Web Servers By Connections Over Last 24 Hours"
set dataset "wf.Top10.Servers.Connection"
set graph-type bar
config x-series
end
config y-series
end
next
edit "wf.Top10.Sites.last24h"
set comments "Top 10 Requested Websites Over Last 24 Hours"
set dataset "wf.Top10.Sites"
set graph-type bar
config x-series
end
config y-series
end
next
edit "wf.Top10.Sites.Blocked.last24h"
set comments "Top 10 Blocked Websites Over Last 24 Hours"
set dataset "wf.Top10.Sites.Blocked"
set graph-type bar
config x-series
end
config y-series
end
next
edit "wf.Top10.Users.Blocked.last24h"
set comments "Top 10 Blocked Web Users Over Last 24 Hours"
set dataset "wf.Top10.Users.Blocked"

set graph-type bar
config x-series
end
config y-series
end
next
edit "wf.Top10.Users.last24h"
set comments "Top 10 Web Users Over Last 24 Hours"
set dataset "wf.Top10.Users"
set graph-type bar
config x-series
end
config y-series
end
next
edit "wf.Top10.Category.last24h"
set comments "Top 10 Web Site Categories Over Last 24 Hours"
set dataset "wf.Top10.Category"
set graph-type bar
config x-series
end
config y-series
end
next
edit "wf.Dist.Clients.last24hh"
set comments "Distribution Of Web Clients Over Last 24 Hours"
set dataset "wf.Dist.Clients"
set graph-type pie
end
config value-series
end
next
edit "wf.Dist.Category.last24h"
set comments "Distribution Of Web Site Categories Visited Over Last 24 H
ours"
set dataset "wf.Dist.Category"
set graph-type pie
end
config value-series
end
next
edit "wf.Count.Volume.last24h"
set comments "Web Volume By Over Last 24 Hours"
set dataset "wf.Count.Volume"

set graph-type line
config x-series
set is-category no
set scale-unit hour
end
config y-series
end
next
edit "netscan.Top10.OS.last24h"
set comments "Top 10 Operating Systems Detected Over Last 24 Hours"
set dataset "netscan.Top10.OS"
set category vulnerability
set graph-type bar
config x-series
end
config y-series
end
next
edit "netscan.Top10.Service.last24h"
set comments "Top Vulnerable Services Detected"
set dataset "netscan.Top10.Service"
set graph-type bar
config x-series
end
config y-series
end
next
edit "netscan.Top10.Service.TCP.last24h"
set comments "Top 10 TCP Services Detected Over Last 24 Hours"
set dataset "netscan.Top10.Service.TCP"
set graph-type bar
config x-series
end
config y-series
end
next
edit "netscan.Top10.Service.UDP.last24h"
set comments "Top 10 UDP Services Detected Over Last 24 Hours"
set dataset "netscan.Top10.Service.UDP"
set graph-type bar
config x-series
end
config y-series
end
next
edit "netscan.Dist.Vuln.Severity.last24h"
set comments "Distribution Of Vulnerabilities By Severity Over Last 24 H
ours"
set dataset "netscan.Dist.Vuln.Severity"
set graph-type pie
end
config value-series
end
next
edit "netscan.Dist.Vuln.Category.last24h"
set comments "Distribution Of Vulnerabilities By Category Over Last 24 H
ours"
set dataset "netscan.Dist.Vuln.Category"
set graph-type pie
end
config value-series
end
next
edit "traffic.bandwidth.apps.app_cat"
set drill-down-chart "traffic.bandwidth.users.app"
set dataset "traffic.bandwidth.apps.app_cat"
set graph-type bar
config x-series
end
config y-series
set caption "Bandwidth Usage"
end
set title "Top Applications for Category by Bandwidth"
next
edit "traffic.bandwidth.app_cats.user"
set drill-down-chart "traffic.bandwidth.apps.app_cat"
set dataset "traffic.bandwidth.app_cats.user"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Categories for User by Bandwidth"
next
edit "traffic.bandwidth.users"
set drill-down-chart "traffic.bandwidth.app_cats.user"
set dataset "traffic.bandwidth.users"
set graph-type bar

config x-series
end
config y-series
end
set title "Top Users by Bandwidth"
next
edit "traffic.sessions.apps.app_cat"
set drill-down-chart "traffic.sessions.users.app"
set dataset "traffic.sessions.apps.app_cat"
set graph-type bar
config x-series
end
config y-series
set caption "Sessions"
end
set title "Top Applications for Category by Sessions"
next
edit "traffic.sessions.app_cats.user"
set drill-down-chart "traffic.sessions.apps.app_cat"
set dataset "traffic.sessions.app_cats.user"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Categories for User by Sessions"
next
edit "traffic.sessions.users"
set drill-down-chart "traffic.sessions.app_cats.user"
set dataset "traffic.sessions.users"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Users by Sessions"
next
edit "traffic.bandwidth.apps.user"
set dataset "traffic.bandwidth.apps.user"
set graph-type bar
config x-series
end
config y-series

end
set title "Top Applications for User by Bandwidth"
next
edit "traffic.bandwidth.users.app"
set drill-down-chart "traffic.bandwidth.apps.user"
set dataset "traffic.bandwidth.users.app"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Users for Application by Bandwidth"
next
edit "traffic.bandwidth.app_cats"
set drill-down-chart "traffic.bandwidth.apps.app_cat"
set dataset "traffic.bandwidth.app_cats"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Application Categories by Bandwidth"
next
edit "traffic.sessions.apps.user"
set dataset "traffic.sessions.apps.user"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Applications for User by Sessions"
next
edit "traffic.sessions.users.app"
set drill-down-chart "traffic.sessions.apps.user"
set dataset "traffic.sessions.users.app"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Users for Application by Sessions"
next
edit "traffic.sessions.app_cats"
set drill-down-chart "traffic.sessions.apps.app_cat"
set dataset "traffic.sessions.app_cats"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Application Categories by Sessions"
next
edit "traffic.bandwidth.wanopt"
set dataset "traffic.bandwidth.wanopt"
set graph-type pie
end
config value-series
end
set title "Wan Optimization & Cache Performance"
next
edit "traffic.bandwidth.dstcountries"
set drill-down-chart "traffic.bandwidth.users.dstcountry"
set dataset "traffic.bandwidth.dstcountries"
set graph-type pie
end
config value-series
end
set title "Top Destination Countries by Bandwidth Usage"
next
edit "traffic.bandwidth.users.dstcountry"
set drill-down-chart "traffic.bandwidth.dstcountries.user"
set dataset "traffic.bandwidth.users.dstcountry"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Users for Destination Country by Bandwidth Usage"
next
edit "traffic.bandwidth.dstcountries.user"
set drill-down-chart "traffic.bandwidth.apps.dstcountry"
set dataset "traffic.bandwidth.dstcountries.user"
set graph-type bar
config x-series
end
config y-series

end
set title "Top Destination Countries for User by Bandwidth Usage"
next
edit "traffic.bandwidth.apps.dstcountry"
set dataset "traffic.bandwidth.apps.dstcountry"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Applications for Destination Country by Bandwidth Usage"
next
edit "traffic.sessions.dstcountries"
set drill-down-chart "traffic.sessions.users.dstcountry"
set dataset "traffic.sessions.dstcountries"
set graph-type pie
end
config value-series
end
set title "Top Destination Countries by Sessions"
next
edit "traffic.sessions.users.dstcountry"
set drill-down-chart "traffic.sessions.dstcountries.user"
set dataset "traffic.sessions.users.dstcountry"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Users for Destination Country by Sessions"
next
edit "traffic.sessions.dstcountries.user"
set drill-down-chart "traffic.sessions.apps.dstcountry"
set dataset "traffic.sessions.dstcountries.user"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Destination Countries for User by Sessions"
next
edit "traffic.sessions.apps.dstcountry"
set dataset "traffic.sessions.apps.dstcountry"

set graph-type bar
config x-series
end
config y-series
end
set title "Top Applications for Destination Country by Sessions"
next
edit "web.allowed-request.sites.user"
set dataset "web.allowed-request.sites.user"
set graph-type bar
config x-series
end
config y-series
set caption "Requests"
end
set title "Top Allowed Web Sites for User by Requests"
next
edit "web.allowed-request.users.web_cat"
set drill-down-chart "web.allowed-request.sites.user"
set dataset "web.allowed-request.users.web_cat"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Allowed Users for Web Category by Requests"
next
edit "web.allowed-request.web_cats"
set drill-down-chart "web.allowed-request.users.web_cat"
set dataset "web.allowed-request.web_cats"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Allowed Web Categories by Requests"
next
edit "web.blocked-request.sites.user"
set dataset "web.blocked-request.sites.user"
set graph-type bar
config x-series
end
config y-series

end
set title "Top Blocked Web Sites for User by Requests"
next
edit "web.blocked-request.users.web_cat"
set drill-down-chart "web.blocked-request.sites.user"
set dataset "web.blocked-request.users.web_cat"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Blocked Users for Web Category by Requests"
next
edit "web.blocked-request.web_cats"
set drill-down-chart "web.blocked-request.users.web_cat"
set dataset "web.blocked-request.web_cats"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Blocked Web Categories by Requests"
next
edit "web.requests.phrases.user"
set dataset "web.requests.phrases.user"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Search Phrases for User"
next
edit "web.requests.users.phrase"
set drill-down-chart "web.requests.phrases.user"
set dataset "web.requests.users.phrase"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Users for Search Phrase"
next
edit "web.requests.phrases"
set drill-down-chart "web.requests.users.phrase"
set dataset "web.requests.phrases"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Search Phrases"
next
edit "web.allowed-request.users.site"
set dataset "web.allowed-request.users.site"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Allowed Users for Web Site by Requests"
next
edit "web.allowed-request.sites"
set drill-down-chart "web.allowed-request.users.site"
set dataset "web.allowed-request.sites"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Allowed Web Sites by Requests"
next
edit "web.blocked-request.users.site"
set dataset "web.blocked-request.users.site"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Blocked Users for Web Site by Requests"
next
edit "web.blocked-request.sites"
set drill-down-chart "web.blocked-request.users.site"
set dataset "web.blocked-request.sites"
set graph-type bar
config x-series

end
config y-series
end
set title "Top Blocked Web Sites by Requests"
next
edit "web.bandwidth.sites.user"
set dataset "web.bandwidth.sites.user"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Web Sites for User by Bandwidth"
next
edit "web.bandwidth.users.site"
set drill-down-chart "web.bandwidth.sites.user"
set dataset "web.bandwidth.users.site"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Users for Web Site by Bandwidth"
next
edit "web.bandwidth.sites"
set drill-down-chart "web.bandwidth.users.site"
set dataset "web.bandwidth.sites"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Web Sites by Bandwidth"
next
edit "web.bandwidth.stream-sites.user"
set dataset "web.bandwidth.stream-sites.user"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Video Streaming Web Sites for User by Bandwidth"
next
edit "web.bandwidth.users.stream-site"
set drill-down-chart "web.bandwidth.stream-sites.user"
set dataset "web.bandwidth.users.stream-site"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Users for Video Streaming Web Site by Bandwidth"
next
edit "web.bandwidth.stream-sites"
set drill-down-chart "web.bandwidth.users.stream-site"
set dataset "web.bandwidth.stream-sites"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Video Streaming Web Sites by Bandwidth"
next
edit "email.request.timeperiods.sender"
set dataset "email.request.timeperiods.sender"
set category spam
set graph-type line
config x-series
set is-category no
set scale-origin min
set scale-unit hour
end
config y-series
set caption "Emails"
end
set title "Number of emails from Sender"
next
edit "email.request.senders"
set drill-down-chart "email.request.timeperiods.sender"
set dataset "email.request.senders"
set category spam
set graph-type bar
config x-series
end
config y-series
end
set title "Top Email Senders"
next
edit "email.bandwidth.timeperiods.sender"
set dataset "email.bandwidth.timeperiods.sender"
set category spam
set graph-type line
config x-series
set is-category no
set scale-unit hour
end
config y-series
end
set title "Email Bandwidth Usage from Sender"
next
edit "email.bandwidth.senders"
set drill-down-chart "email.bandwidth.timeperiods.sender"
set dataset "email.bandwidth.senders"
set category spam
set graph-type bar
config x-series
end
config y-series
end
set title "Top Email Senders by Bandwidth"
next
edit "email.request.timeperiods.receiver"
set dataset "email.request.timeperiods.receiver"
set category spam
set graph-type line
config x-series
set is-category no
set scale-unit hour
end
config y-series
end
set title "Number of emails to Recipient"
next
edit "email.request.receivers"
set drill-down-chart "email.request.timeperiods.receiver"
set dataset "email.request.receivers"
set category spam
set graph-type bar
config x-series
end
config y-series
end
set title "Top Email Recipients"
next
edit "virus.count.viruses.user"
set dataset "virus.count.viruses.user"
set category virus
set graph-type bar
config x-series
end
config y-series
end
set title "Top Viruses for User"
next
edit "virus.count.users.virus"
set drill-down-chart "virus.count.viruses.user"
set dataset "virus.count.users.virus"
set category virus
set graph-type bar
config x-series
end
config y-series
end
set title "Top Users Targeted by Virus"
next
edit "virus.count.viruses"
set drill-down-chart "virus.count.users.virus"
set dataset "virus.count.viruses"
set category virus
set graph-type bar
config x-series
end
config y-series
end
set title "Top Viruses"
next
edit "virus.count.users"
set drill-down-chart "virus.count.viruses.user"
set dataset "virus.count.users"
set category virus
set graph-type bar
config x-series
end
config y-series

end
set title "Top Users Targeted by Viruses"
next
edit "virus.count.viruses.protocol"
set drill-down-chart "virus.count.users.virus"
set dataset "virus.count.viruses.protocol"
set category virus
set graph-type bar
config x-series
end
config y-series
end
set title "Top Viruses for Protocol"
next
edit "virus.count.protocols"
set drill-down-chart "virus.count.viruses.protocol"
set dataset "virus.count.protocols"
set category virus
set graph-type bar
config x-series
end
config y-series
end
set title "Virus Protocol Distribution"
next
edit "attack.count.critical-attacks.user"
set dataset "attack.count.critical-attacks.user"
set category attack
set graph-type bar
config x-series
end
config y-series
end
set title "Top Critical/High Attacks for User"
next
edit "attack.count.users.critical-attack"
set drill-down-chart "attack.count.critical-attacks.user"
set dataset "attack.count.users.critical-attack"
set category attack
set graph-type bar
config x-series
end
config y-series
end
set title "Top Users for Attack"
next
edit "attack.count.critical-attacks"
set
set
set
set
drill-down-chart "attack.count.users.critical-attack"
dataset "attack.count.critical-attacks"
category attack
graph-type bar
config x-series
end
config y-series
end
set title "Top High/Critical Attacks"
next
edit "attack.count.attacks.user"
set dataset "attack.count.attacks.user"
set category attack
set graph-type bar
config x-series
end
config y-series
end
set title "Top Attacks for User"
next
edit "attack.count.users.attack"
set drill-down-chart "attack.count.attacks.user"
set dataset "attack.count.users.attack"
set category attack
set graph-type bar
config x-series
end
config y-series
end
set title "Top 10 Users for Attack"
next
edit "attack.count.attacks"
set drill-down-chart "attack.count.users.attack"
set dataset "attack.count.attacks"
set category attack
set graph-type bar
config x-series
end
config y-series
end
set title "Top Attacks"
next
edit "vpn.bandwidth.static-tunnels.user"
set dataset "vpn.bandwidth.static-tunnels.user"
set graph-type bar
config x-series
end
config y-series
end
set title "Top VPN Tunnels for User"
next
edit "vpn.bandwidth.users.static-tunnel"
set drill-down-chart "vpn.bandwidth.static-tunnels.user"
set dataset "vpn.bandwidth.users.static-tunnel"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Users for VPN Tunnel"
next
edit "vpn.bandwidth.static-tunnels"
set drill-down-chart "vpn.bandwidth.users.static-tunnel"
set dataset "vpn.bandwidth.static-tunnels"
set graph-type bar
config x-series
end
config y-series
end
set title "Top VPN Tunnels"
next
edit "vpn.bandwidth.ssl-sources.user"
set dataset "vpn.bandwidth.ssl-sources.user"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Sources of SSL-VPN Tunnels for User"
next
edit "vpn.bandwidth.users.ssl-source"
set drill-down-chart "vpn.bandwidth.ssl-sources.user"
set dataset "vpn.bandwidth.users.ssl-source"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Users of SSL-VPN Tunnel from Source"

next
edit "vpn.bandwidth.ssl-sources"
set drill-down-chart "vpn.bandwidth.users.ssl-source"
set dataset "vpn.bandwidth.ssl-sources"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Sources of SSL-VPN Tunnels"
next
edit "vpn.bandwidth.dynamic-tunnels.user"
set dataset "vpn.bandwidth.dynamic-tunnels.user"
set graph-type bar
config x-series
end
config y-series
end
set title "Top VPN Dialup Tunnels for User"
next
edit "vpn.bandwidth.users.dynamic-tunnel"
set drill-down-chart "vpn.bandwidth.dynamic-tunnels.user"
set dataset "vpn.bandwidth.users.dynamic-tunnel"
set graph-type bar
config x-series
end
config y-series
end
set title "Top Users of VPN Dialup Tunnel"
next
edit "vpn.bandwidth.dynamic-tunnels"
set drill-down-chart "vpn.bandwidth.users.dynamic-tunnel"
set dataset "vpn.bandwidth.dynamic-tunnels"
set graph-type bar
config x-series
end
config y-series
end
set title "Top VPN Dialup Tunnels"
next
end
config report style
edit "default.html_default"
set
set
set
set
set
options font text color

bg-color "FFFFFF"
font-family Verdana
font-size "12"
line-height "120%"
next
edit "default.pdf_default"
set options font text
set font-family Helvetica
set font-size "10"
set line-height "120%"
next
edit "default.page"
set options margin column
set column-gap "10"
set margin-bottom "36"
set margin-left "36"
set margin-right "36"
set margin-top "36"
next
edit "default.page_header"
set options margin border
set border-bottom "1px solid black"
next
edit "default.page_footer"
set options margin border
set border-top "1px solid black"
set margin-top "10"
next
edit "default.toc_title"
set options font text margin
set font-size "xx-large"
set font-weight bold
set margin-top "10"
next
edit "default.toc_heading1"
set font-size "x-large"
next
set font-size "large"
next
set font-style italic
next
set font-size "small"

next
edit "default.report_title"
set options font text align margin
set align center
set font-size "18"
set margin-top "100"
next
edit "default.report_subtitle"
next
edit "default.heading1"
next
next
next
next
edit "default.text"
set options margin
next
edit "default.image"
set options margin
next
edit "default.hline"
set options color size margin
set fg-color "black"
set height "1"
next
edit "default.graph"
set options size margin
set height "300"
set width "500"
next
edit "default-new.graph"
set options size margin
set height "450"
set width "750"
next
edit "default.table"
set options font margin border
set border-left "1px solid black"
set border-right "1px solid black"
next
edit "default.table_caption"
set options font color align
set align center
set bg-color "black"
set fg-color "white"
next
edit "default.table_head"
set options font color
set bg-color "4b5362"
next
edit "default.table_odd_row"
set options color
set bg-color "edf5ff"
next
edit "default.table_even_row"
next
edit "align_right"
set options align
set align right
next
edit "align_center"
set options align
set align center
next
edit "timeinfo_text"
set options font align margin
set align center
next
edit "info_text"
set options margin
set margin-top "20"
next
edit "logo_img"
set options align margin
set align center
next
edit "summary.html_default"
set options font text color
set bg-color "FFFFFF"
set font-family Verdana
set font-size "12"
next
edit "summary.pdf_default"
set font-family Helvetica
set font-size "9"
next
edit "summary.page"
set options margin column
set column-gap "10"
set margin-top "36"
next
edit "summary.page_header"
next
edit "summary.page_footer"
set options margin
set margin-top "10"
next
edit "summary.toc_title"
set margin-top "10"
next
edit "summary.toc_heading1"
next
next
next
next
edit "summary.report_title"
set options font text align margin column
set align center
set column-span all
next
edit "summary.report_subtitle"
next
edit "summary.heading1"
set align center
set font-size "medium"
next
set align center
next
next
next
edit "summary.text"
set options margin
next
edit "summary.image"
set options margin
next
edit "summary.hline"
set options color size margin
set fg-color "black"
set height "1"
next
edit "summary.graph"
set options size margin border
set border-right "1px solid black"
set height "300"
set width "500"
next
edit "summary.table"
set options font margin border
set
set
set
set
border-right "1px solid black"

border-top "1px solid black"
font-size "small"
margin-bottom "5"
next
edit "summary.table_caption"
set options font color align
set align center
set bg-color "black"
next
edit "summary.table_head"
set options font color
set bg-color "4b5362"
next
edit "summary.table_odd_row"
set options color
set bg-color "edf5ff"
next
edit "summary.table_even_row"
next
edit "summary_info_text"
set options font align margin column
set align center
set column-span all
next
edit "report-cover1"
set options size
set height "109"
set width "800"
next
set options font text color align margin
set align right
set fg-color "ff0000"
set font-size "28"
next
set options font text align
set align right
set font-size "18"
next
set options align margin
set align right
set margin-top "10"
next
end
config report theme
edit "default"
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
default-html-style "default.html_default"
default-pdf-style "default.pdf_default"
graph-chart-style "default.graph"
heading1-style "default.heading1"
hline-style "default.hline"
image-style "default.image"
normal-text-style "default.text"
page-footer-style "default.page_footer"
page-header-style "default.page_header"
page-style "default.page"
report-subtitle-style "default.report_subtitle"
report-title-style "default.report_title"
table-chart-caption-style "default.table_caption"
table-chart-even-row-style "default.table_even_row"
table-chart-head-style "default.table_head"
table-chart-odd-row-style "default.table_odd_row"
table-chart-style "default.table"
toc-heading1-style "default.toc_heading1"
toc-title-style "default.toc_title"
next
edit "default-report"
set default-html-style "default.html_default"
set default-pdf-style "default.pdf_default"
set graph-chart-style "default-new.graph"
set heading1-style "default.heading1"
set hline-style "default.hline"
set image-style "default.image"
set normal-text-style "default.text"
set page-footer-style "default.page_footer"
set page-header-style "default.page_header"
set page-style "default.page"
set report-subtitle-style "default.report_subtitle"
set report-title-style "default.report_title"
set table-chart-caption-style "default.table_caption"
set table-chart-even-row-style "default.table_even_row"
set table-chart-head-style "default.table_head"
set table-chart-odd-row-style "default.table_odd_row"
set table-chart-style "default.table"
set toc-heading1-style "default.toc_heading1"
set toc-title-style "default.toc_title"
next
edit "summary"
set column-count 3
set default-html-style "summary.html_default"
set default-pdf-style "summary.pdf_default"
set graph-chart-style "summary.graph"
set heading1-style "summary.heading1"
set heading2-style "summary.heading2"
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
heading3-style "summary.heading3"
heading4-style "summary.heading4"
hline-style "summary.hline"
image-style "summary.image"
normal-text-style "summary.text"
page-footer-style "summary.page_footer"
page-header-style "summary.page_header"
page-style "summary.page"
report-subtitle-style "summary.report_subtitle"
report-title-style "summary.report_title"
table-chart-caption-style "summary.table_caption"
table-chart-even-row-style "summary.table_even_row"
table-chart-head-style "summary.table_head"
table-chart-odd-row-style "summary.table_odd_row"
table-chart-style "summary.table"
toc-heading1-style "summary.toc_heading1"
toc-title-style "summary.toc_title"
next
end
config report layout
edit "default"
config body-item
edit 101
set style "report-cover1"
set type image
set img-src "fortinet_bar.png"
next
edit 103
set content "FortiGate UTM"
next
edit 105
set content "${schedule_type} Activity Report"
next
edit 107
set content "${started_time}"
next
edit 109
set content "FortiGate Host Name: ${hostname}"
next
edit 111
set content "FortiGate Serial Number: ${serialnum}"
next
edit 113
set type image
set img-src "fortinet_grid_logo.png"
next
edit 121
set type misc
set misc-component page-break
next
edit 201
set type image

set img-src "default-rpt-1.jpg"
next
edit 301
set content "Bandwidth and Application Usage"
set text-component heading1
next
edit 302
set content "Top Users By Bandwidth"
next
edit 303
set content "The following chart displays the top 10 users b
y bandwidth usage."
next
edit 305
set type chart
set chart "traffic.bandwidth.users"
next
edit 321
set type misc
next
edit 402
set content "Top Users by Sessions"
next
edit 403
set content "The following chart displays the top 10 users b
y the number of created sessions."
next
edit 405
set type chart
set chart "traffic.sessions.users"
next
edit 421
set type misc
next
edit 502
set content "Top Application Categories by Bandwidth"
next
edit 503
set content "The following chart displays the top 10 applica
tion categories by bandwidth usage."
next
edit 505
set type chart
set chart "traffic.bandwidth.app_cats"
next
edit 521
set type misc
next
edit 602
set content "Top Application Categories by Sessions"
next
edit 603
set content "The following chart displays the top 10 applica

tion categories by the number of created sessions."
next
edit 605
set type chart
set chart "traffic.sessions.app_cats"
next
edit 621
set type misc
next
edit 702
set content "Wan Optimization & Cache Performance"
next
edit 703
set content "The following chart displays the bandwidth usag
e distribution of WAN optimization and caches."
next
edit 705
set type chart
set chart "traffic.bandwidth.wanopt"
next
edit 721
set type misc
next
edit 752
set content "Top Destination Countries by Bandwidth Usage"
next
edit 753
set content "The following chart displays the top 10 destina
tion countries by bandwidth usage."
next
edit 755
set type chart
set chart "traffic.bandwidth.dstcountries"
next
edit 771
set type misc
next
edit 802
set content "Top Destination Countries by Sessions"
next
edit 803
set content "The following chart displays the top 10 destina
tion countries by sessions."
next
edit 805
set type chart
set chart "traffic.sessions.dstcountries"
next
edit 821
set type misc
next
edit 901
set content "Web Usage"

next
edit 902
set content "Top Allowed Web Categories By Requests"
next
edit 903
set content "The following chart displays the top 10
web categories by number of requests."
next
edit 905
set type chart
set chart "web.allowed-request.web_cats"
next
edit 921
set type misc
next
edit 1002
set content "Top Blocked Web Categories by Requests"
next
edit 1003
web categories by the number of requests."
next
edit 1005
set type chart
set chart "web.blocked-request.web_cats"
next
edit 1021
set type misc
next
edit 1102
set content "Top Search Phrases"
next
edit 1103
phrases by the number of requests."
next
edit 1105
set type chart
set chart "web.requests.phrases"
next
edit 1121
set type misc
next
edit 1202
set content "Top Web Sites by Bandwidth"
next
edit 1203
es by bandwidth usage."
next
edit 1205
allowed
blocked
search
web sit
set type chart

set chart "web.bandwidth.sites"
next
edit 1221
set type misc
next
edit 1302
set content "Top Allowed Sites By Requests"
next
edit 1303
set content "The following chart displays the
web sites by the number of requests."
next
edit 1305
set type chart
set chart "web.allowed-request.sites"
next
edit 1321
set type misc
next
edit 1402
set content "Top Blocked Sites By Requests"
next
edit 1403
web sites by the number of requests."
next
edit 1405
set type chart
set chart "web.blocked-request.sites"
next
edit 1421
set type misc
next
edit 1502
set content "Top Video Streaming Web Sites by
next
edit 1503
y video stream bandwidth usage."
next
edit 1505
set type chart
set chart "web.bandwidth.stream-sites"
next
edit 1521
set type misc
next
edit 1701
set content "Emails"
next
edit 1702
top 10 allowed
top 10 blocked
Bandwidth"
top 10 sites b
set content "Top Email Senders"

next
edit 1703
by the number of emails sent."
next
edit 1705
set type chart
set chart "email.request.senders"
next
edit 1721
set type misc
next
edit 1802
set content "Top Email Senders by Bandwidth"
next
edit 1803
enders by bandwidth usage."
next
edit 1805
set type chart
set chart "email.bandwidth.senders"
next
edit 1821
set type misc
next
edit 1902
set content "Top Email Recipients"
next
edit 1903
ecipients by the number of emails received."
next
edit 1905
set type chart
set chart "email.request.receivers"
next
edit 1921
set type misc
next
edit 2301
set content "Threats"
next
edit 2302
set content "Top Viruses"
next
edit 2303
by the number of occurrences."
next
edit 2305
top 10 senders
top 10 email s
top 10 email r
top 10 viruses
set type chart

set chart "virus.count.viruses"
next
edit 2321
set type misc
next
edit 2402
set content "Top Users Targeted by Viruses"
next
edit 2403
set content "The following chart displays the top 10 users t
argeted by viruses."
next
edit 2405
set type chart
set chart "virus.count.users"
next
edit 2421
set type misc
next
edit 2502
set content "Virus Protocol Distribution"
next
edit 2503
set content "The following chart displays the distribution o
f protocols within which viruses were detected."
next
edit 2505
set type chart
set chart "virus.count.protocols"
next
edit 2521
set type misc
next
edit 2602
set content "Top High/Critical Attacks"
next
edit 2603
set content "The following chart displays the top 10 high/cr
itical attacks by the number of occurrences."
next
edit 2605
set type chart
set chart "attack.count.critical-attacks"
next
edit 2621
set type misc
next
edit 2702
set content "Top Attacks"
next
edit 2703

by the number of occurrences."
next
edit 2705
set type chart
set chart "attack.count.attacks"
next
edit 2721
set type misc
next
edit 3001
set content "VPN Usage"
next
edit 3002
set content "Top VPN Tunnels"
next
edit 3003
nels by bandwidth usage."
next
edit 3005
set type chart
set chart "vpn.bandwidth.static-tunnels"
next
edit 3021
set type misc
next
edit 3102
set content "Top Sources of SSL-VPN Tunnels"
next
edit 3103
of SSL VPN tunnels by bandwidth usage."
next
edit 3105
set type chart
set chart "vpn.bandwidth.ssl-sources"
next
edit 3121
set type misc
next
edit 3202
set content "Top VPN Dialup Tunnels"
next
edit 3203
lup tunnels by bandwidth usage."
next
edit 3205
set type chart
set chart "vpn.bandwidth.dynamic-tunnels"
next
edit 3221
top 10 attacks
top 10 VPN tun
top 10 sources
top 10 VPN dia
set type misc

set
set
set
set
next
end
format html pdf
options include-table-of-content
config page
set column-break-before heading1
config footer
config footer-item
edit 1
set content "${report_period}"
next
edit 2
set content "${page_no}"
set style "align_right"
next
end
end
config header
config header-item
edit 1
set content "${layout_title}"
next
edit 2
set style "align_right"
set type image
set img-src "fortinet_logo.png"
next
end
end
set paper letter
end
style-theme "default-report"
title "FortiGate UTM Daily Activity Report"
next
end
config firewall service explicit-web
edit "webproxy"
next
end
config firewall service group
edit "Windows AD"
set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB
"
next
edit "Exchange Server"
set member "DCE-RPC" "DNS" "HTTPS"
next
edit "Exchange Server OWA"
set member "DNS" "HTTPS"
next
edit "Outlook"
set member "DCE-RPC" "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMT
PS" "HTTPS"
next
end
config firewall schedule recurring
edit "always"
set day sunday monday tuesday wednesday thursday friday saturday
next
end
config firewall profile-protocol-options
edit "default"
set comment "all default services"
config http
set port 80
set options no-content-summary
unset post-lang
end
config https
set port 443
set options no-content-summary
unset post-lang
end
config ftp
set port 21
set options no-content-summary splice
end
config ftps
set port 990
unset post-lang
end
config imap
set port 143
set options fragmail no-content-summary
end
config imaps
set port 993
end
config pop3
set port 110
end
config pop3s
set port 995
end
config smtp
set port 25
set options fragmail no-content-summary splice
end
config smtps
set port 465
set options fragmail no-content-summary splice
end
config nntp
set port 119
end
next
end
config firewall policy
end
config firewall local-in-policy
end
config firewall policy6
end
config firewall local-in-policy6

end
config firewall interface-policy
end
config firewall interface-policy6
end
config firewall sniff-interface-policy
end
config firewall sniff-interface-policy6
end
config wanopt rule
end
config wireless-controller wtp-profile
edit "FAP220A-default"
config platform
set type 220A
end
config radio-1
set band 802.11n
set channel "1" "6" "11"
end
config radio-2
set band 802.11n-5G
set channel "36" "40" "44" "48" "149" "153" "157" "161" "165
"
end
next
edit "FAP220B-default"
config radio-1
set band 802.11n-5G
set channel "36" "40" "44" "48" "149" "153" "157" "161" "165
"
end
config radio-2
set band 802.11n
end
next
config platform
set type 210B
end
config radio-1
set band 802.11n
end
config radio-2
set mode disabled
end
next
config platform
set type 222B
end
config radio-1
set band 802.11n
end
config radio-2
set band 802.11n-5G
set channel "36" "40" "44" "48" "149" "153" "157" "161" "165
"
end
next
edit "11g-only"
config platform
set type 30B-50B
end
config radio-1
set band 802.11g
end
config radio-2
set mode disabled
end
next
end
config log disk setting
end
config router rip
config redistribute
end
config redistribute
end
config redistribute
end
config redistribute
end
config redistribute
end
end
config router ripng
config redistribute
end
config redistribute
end
config redistribute
end
config redistribute
end
config redistribute
end
end
config router ospf
config redistribute
end
config redistribute
end
config redistribute
end
config redistribute
end
config redistribute
end
end
config router ospf6
config redistribute
end
config redistribute
end
"connected"
"static"
"ospf"
"bgp"
"isis"
"connected"
"static"
"ospf"
"bgp"
"isis"
"connected"
"static"
"rip"
"bgp"
"isis"
"connected"
"static"
config redistribute "rip"

end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router bgp
config redistribute "connected"
end
end
config redistribute "ospf"
end
config redistribute "static"
end
config redistribute "isis"
end
config redistribute6 "connected"
end
config redistribute6 "rip"
end
config redistribute6 "ospf"
end
config redistribute6 "static"
end
config redistribute6 "isis"
end
end
config router isis
config redistribute "connected"
end
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "static"
end
end
config router multicast
end

Fortigate VM

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Fortigate VM

Загружено:

Авторское право:

Доступные форматы

#config-version=FGT-VM-4.

set header none

br /><br />Web filter service error: %%URLFILTER_ERROR_DETAIL%%</p></div></div><

ght:100%;}div.msg{display:block;border:1px solid #30c;padding:0;width:500px;font

ft;}</style><title>Attention!!</title></head><body><div class=\"oc\"><div class=

config system replacemsg http "http-client-filesize"

ght:100%;}div.msg{display:block;border:1px solid #30c;padding:0;width:500px;font

t; width: 160px; float: right; }

div.header { background: url(%%IMAGE:logo_v2_fnet%%) 0 0 repeat-x; heigh

div.sidebar { width: 195px; height: 200px; float: left; }

.authenticate h3 { color: #36c; }

h3 { margin: 36px 0; font-size: 16pt; }

virus %%VIRUS%%. File quarantined as %%QUARFILENAME%%."

set format text

?</h2><div class=\"fec\"><input type=\"submit\" value= \"Yes, I agree\" onclick=

"password\" style=\"width:245px\"></div><div class=\"fer\"><input type=\"submit\

set format html

"><h1 class=\"logo\">FortiToken Code Required</h1><h2>%%QUESTION%%</h2><div clas

ght:100%;}form{display:block;background:#ccc;border:2px solid red;padding:0 0 25

uto;} div{padding: 1px; zoom: 1;} p {margin: 10px 15px;} h1{font-weight:bold;fon

.authenticate h2.fgd_icon { background-position: -89px -166px; }

label { display: block; width: 300px; margin: 5px 0; line-height: 25px;

set scan-bzip2 disable

set name mms

set filter-type type

set regexp "(\\b|\\W)[1-79]\\d{2}([ \\-]?)\\d{3}\\2\\d{3}(\\b|\\W)"

config webfilter ftgd-local-rating

set grayware enable

ser ELSE src END) as userip from traffic_log where ###timestamp_to_oid(traffic_l

set query "select (src||\'->\'||dst) as p2p_peer, count(*) as totalnum f

'p2p\' and app=\'Gnutella\' and action=\'pass\' group by p2p_peer order by total

er_log where ###timestamp_to_oid(spamfilter_log)### and (status=\'detected\' or

set query "select (src||\'->\'||dst) as ftp_pair, sum(sent+rcvd) as vol

) as volume from traffic_log where ###timestamp_to_oid(traffic_log)### and lower

p_cat order by bandwidth desc limit 10"

g where ###timestamp_to_oid(traffic_log)### and ft_ifnull(dst_country,\'\')<>\'\

e order by sessions desc limit 10"

set displayname "User Name or IP"

set type double

set displayname "Bandwidth"

(subtype)=\'sslvpn-user\' and lower(action)=\'tunnel-down\' and ft_ifnull(ft_ifn

set databind "field(1)"

set graph-type pie

set scale-format HH-MM

set category event

set category traffic

set dataset "traffic.Count.port1.Volume"

set category traffic

set category event

set dataset "vpn.Last10.DialupIPsecUser.Login"

set category webfilter

set category webfilter

set dataset "wf.Count.Volume"

set graph-type bar

set caption "Bandwidth Usage"

set caption "Bandwidth Usage"

set category traffic

set caption "Requests"

set databind "field(1)"

set databind "field(2)"

set title "Top Users of SSL-VPN Tunnel from Source"

options font text color

set line-height "120%"

border-right "1px solid black"