Академический Документы
Профессиональный Документы
Культура Документы
00-FW-build513-120130:opmode=0:vdom=0:user=admin
#conf_file_ver=2939318298167593164
#buildno=0513
#global_vdom=1
config system global
set access-banner disable
set admin-concurrent enable
set admin-https-pki-required disable
set admin-lockout-duration 60
set admin-lockout-threshold 3
set admin-maintainer enable
set admin-port 80
set admin-scp disable
set admin-server-cert "self-sign"
set admin-sport 443
set admin-ssh-grace-time 120
set admin-ssh-port 22
set admin-ssh-v1 disable
set admin-telnet-port 23
set admintimeout 5
set anti-replay strict
set auth-cert "self-sign"
set auth-http-port 1000
set auth-https-port 1003
set auth-keepalive disable
set auth-policy-exact-match enable
set av-failopen pass
set av-failopen-session disable
set batch-cmdb enable
set cfg-save automatic
set check-protocol-header loose
set check-reset-range disable
set clt-cert-req disable
set csr-ca-attribute enable
set daily-restart disable
set detection-summary enable
set dst enable
set endpoint-control-fds-access enable
set endpoint-control-portal-port 8009
set explicit-proxy-auth-timeout 300
set fds-statistics enable
set fgd-alert-subscription advisory latest-threat
set fwpolicy-implicit-log disable
set fwpolicy6-implicit-log disable
set gui-ap-profile enable
set gui-central-nat-table disable
set gui-client-reputation disable
set gui-dns-database disable
set gui-dynamic-profile-display disable
set gui-icap disable
set gui-implicit-id-based-policy disable
set gui-implicit-policy enable
set gui-ipsec-manual-key disable
set gui-ipv6 disable
set gui-lines-per-page 50
set gui-load-balance enable
set gui-object-tags enable
set gui-policy-interface-pairs-view enable
set gui-voip-profile disable
set hostname "Fortigate-VM"
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
http-obfuscate modified
ip-src-port-range 1024-25000
ipsec-hmac-offload enable
ipv6-accept-dad 1
language english
ldapconntimeout 500
log-user-in-upper disable
loglocaldeny disable
management-vdom "root"
max-sql-log-size 10240
optimize antivirus
phase1-rekey enable
policy-auth-concurrent enable
radius-port 1645
refresh 0
registration-notification enable
remoteauthtimeout 5
reset-sessionless-tcp disable
revision-backup-on-logout enable
send-pmtu-icmp enable
service-expire-notification enable
strict-dirty-session-check enable
strong-crypto disable
tcp-halfclose-timer 120
tcp-halfopen-timer 120
tcp-option enable
tcp-timewait-timer 1
timezone 04
tos-based-priority medium
udp-idle-timer 180
user-server-cert "self-sign"
vdom-admin disable
vip-arp-range restricted
wifi-ca-certificate "Fortinet_CA"
wifi-certificate "Fortinet_Firmware"
wimax-4g-usb disable
wireless-controller-port 5246
fds-statistics-period 60
end
config system accprofile
edit "prof_admin"
set admingrp read-write
set authgrp read-write
set endpoint-control-grp read-write
set fwgrp read-write
set loggrp read-write
unset menu-file
set mntgrp read-write
set netgrp read-write
set routegrp read-write
set sysgrp read-write
set updategrp read-write
set utmgrp read-write
set vpngrp read-write
set wanoptgrp read-write
set wifi read-write
next
edit "noaccess"
unset menu-file
next
edit "read_only"
set admingrp read
set authgrp read
set endpoint-control-grp read
set fwgrp read
set loggrp read
unset menu-file
set mntgrp read
set netgrp read
set routegrp read
set sysgrp read
set updategrp read
set utmgrp custom
set vpngrp read
set wanoptgrp read
set wifi read
config utmgrp-permission
set antivirus read
set application-control read
set data-loss-prevention read
set ips read
set spamfilter read
set webfilter read
end
next
end
config system interface
edit "port1"
set vdom "root"
set ip 10.10.4.100 255.255.255.0
set allowaccess ping https ssh http telnet
set type physical
next
edit "port2"
set vdom "root"
set type physical
next
edit "port3"
set vdom "root"
set type physical
next
edit "port4"
set vdom "root"
set type physical
next
edit "port5"
set vdom "root"
set type physical
next
edit "port6"
set vdom "root"
set type physical
next
edit "port7"
set vdom "root"
set type physical
next
edit "port8"
set vdom "root"
set type physical
next
edit "port9"
set vdom "root"
set type physical
next
edit "port10"
set vdom "root"
set type physical
next
edit "ssl.root"
set vdom "root"
set type tunnel
next
end
config system admin
edit "admin"
set accprofile "super_admin"
set vdom "root"
config dashboard-tabs
edit 1
set name "Status"
next
end
config dashboard
edit 1
set tab-id 1
set column 1
next
edit 2
set widget-type licinfo
set tab-id 1
set column 1
next
edit 3
set widget-type tr-history
set tab-id 1
set column 1
set interface "port2"
set refresh enable
next
edit 4
set widget-type jsconsole
set tab-id 1
set column 1
next
edit 5
set widget-type sysres
set tab-id 1
set column 2
next
edit 6
set widget-type sessions
set tab-id 1
set column 2
next
edit 7
set widget-type sysop
set tab-id 1
set column 2
next
edit 8
set widget-type alert
set tab-id 1
set column 2
next
end
next
edit "test"
set remote-auth enable
set accprofile "noaccess"
set vdom "root"
config dashboard-tabs
edit 1
set name "Status"
next
end
config dashboard
edit 1
set tab-id 1
set column 1
next
edit 2
set widget-type licinfo
set tab-id 1
set column 1
next
edit 8
set widget-type tr-history
set tab-id 1
set column 1
set interface "port2"
set refresh enable
next
edit 3
set widget-type jsconsole
set tab-id 1
set column 1
next
edit 4
set widget-type sysres
set tab-id 1
set column 2
set time-period 0
set chart-color 0
next
edit 5
set widget-type sessions
set tab-id 1
set column 2
next
edit 6
set widget-type sysop
set tab-id 1
set column 2
next
edit 7
set widget-type alert
set tab-id 1
set column 2
next
set
set
set
set
end
wildcard enable
remote-group "test_group"
accprofile-override enable
radius-vdom-override enable
next
end
config system ha
set group-id 0
set group-name "FGT-HA"
set mode standalone
set password ENC eWCjP/9WZ49WVenXMB/isYT7AmWfs4p6Tsh+RSJQ+WydrKQeGtDGdRjGmip
Ig26Nw3RXMQzm6Xlq7eC8QUPRBvRVAikkufzWpwRkWyFIGvAaSh4J
set hbdev "port4" 50 "port4" 50
set route-ttl 10
set route-wait 0
set route-hold 10
set sync-config enable
set encryption disable
set authentication disable
set hb-interval 2
set hb-lost-threshold 20
set helo-holddown 20
set arps 5
set arps-interval 8
set session-pickup disable
set link-failed-signal disable
set uninterruptable-upgrade enable
set ha-eth-type "8890"
set hc-eth-type "8891"
set l2ep-eth-type "8893"
set ha-uptime-diff-margin 300
set override disable
set priority 128
set pingserver-failover-threshold 0
set pingserver-flip-timeout 60
end
config system dns
set primary 208.91.112.53
set secondary 208.91.112.52
set domain ''
set ip6-primary ::
set ip6-secondary ::
set dns-cache-limit 5000
set dns-cache-ttl 1800
set cache-notfound-responses disable
set source-ip 0.0.0.0
end
config system replacemsg-image
edit "logo_fnet"
set image-base64 ''
set image-type gif
next
edit "logo_fguard_wf"
set image-base64 ''
set image-type gif
next
edit "logo_fw_auth"
set image-base64 ''
set image-type png
next
edit "logo_v2_fnet"
set image-base64 ''
set image-type png
next
edit "logo_v2_fguard_wf"
set image-base64 ''
set image-type png
next
end
config system replacemsg mail "email-block"
set buffer "Potentially Dangerous Attachment Removed. The file \"%%FILE%%\"
has been blocked. File quarantined as: \"%%QUARFILENAME%%\"."
set header 8bit
set format text
end
config system replacemsg mail "email-virus"
set buffer "Dangerous Attachment has been Removed. The file \"%%FILE%%\" ha
s been removed because of a virus. It was infected with the \"%%VIRUS%%\" virus
. File quarantined as: \"%%QUARFILENAME%%\".\"%%VIRUS_REF_URL%%\""
set header 8bit
set format text
end
config system replacemsg mail "email-dlp"
set buffer "This email has been blocked. The email message appeared to cont
ain a data leak."
set header 8bit
set format text
end
config system replacemsg mail "email-dlp-subject"
set buffer "Data leak detected!"
set header 8bit
set format text
end
config system replacemsg mail "email-dlp-ban"
set buffer "This email has been blocked because a data leak was detected. P
lease contact your admin to be re-enabled."
set header 8bit
set format text
end
config system replacemsg mail "email-dlp-ban-sender"
set buffer "This email has been blocked because the sender has sent a data l
eak. Please contact your admin to be re-enabled."
set header 8bit
set format text
end
config system replacemsg mail "email-filesize"
set buffer "This email has been blocked. The email message is larger than t
he configured file size limit."
set header 8bit
set format text
end
config system replacemsg mail "partial"
set buffer "Fragmented emails are blocked."
set header 8bit
set format text
end
config system replacemsg mail "smtp-block"
set buffer "The file %%FILE%% has been blocked. File quarantined as: %%QUARF
ILENAME%%"
-family:helvetica,sans-serif;margin:10px auto;}h1{font-weight:bold;color:#fff;fo
nt-size:14px;margin:0;padding:2px;text-align:center;background: #30c;}p{font-siz
e:12px;margin:15px auto;width:75%;font-family:helvetica,sans-serif;text-align:le
ft;}</style><title>Access Denied</title></head><body><div class=\"oc\"><div clas
s=\"ic\"><div class=\"msg\"><h1>Access Denied</h1><p>The page you requested has
been blocked by a firewall policy restriction.</p></div></div></div></body></htm
l>"
set header http
set format html
end
config system replacemsg webproxy "user-limit"
set buffer "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01//EN\">
<html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8
\"><style type=\"text/css\">html,body{height:100%;padding:0;margin:0;}.oc{displa
y:table;width:100%;height:100%;}.ic{display:table-cell;vertical-align:middle;hei
ght:100%;}div.msg{display:block;border:1px solid #30c;padding:0;width:500px;font
-family:helvetica,sans-serif;margin:10px auto;}h1{font-weight:bold;color:#fff;fo
nt-size:14px;margin:0;padding:2px;text-align:center;background: #30c;}p{font-siz
e:12px;margin:15px auto;width:75%;font-family:helvetica,sans-serif;text-align:le
ft;}</style><title>Access Denined</title></head><body><div class=\"oc\"><div cla
ss=\"ic\"><div class=\"msg\"><h1>Access Denined</h1><p>The maximum web proxy use
r limit has been reached.</p></div></div></div></body></html>"
set header http
set format html
end
config system replacemsg webproxy "auth-challenge"
set buffer "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01//EN\">
<html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8
\"><style type=\"text/css\">html,body{height:100%;padding:0;margin:0;}.oc{displa
y:table;width:100%;height:100%;}.ic{display:table-cell;vertical-align:middle;hei
ght:100%;}div.msg{display:block;border:1px solid #30c;padding:0;width:500px;font
-family:helvetica,sans-serif;margin:10px auto;}h1{font-weight:bold;color:#fff;fo
nt-size:14px;margin:0;padding:2px;text-align:center;background: #30c;}p{font-siz
e:12px;margin:15px auto;width:75%;font-family:helvetica,sans-serif;text-align:le
ft;}</style><title>Firewall Authentication</title></head><body><div class=\"oc\"
><div class=\"ic\"><div class=\"msg\"><h1>Firewall Authentication</h1><p>You mus
t authenticate to use this service.</p></div></div></div></body></html>"
set header http
set format html
end
config system replacemsg webproxy "auth-login-fail"
set buffer "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01//EN\">
<html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8
\"><style type=\"text/css\">html,body{height:100%;padding:0;margin:0;}.oc{displa
y:table;width:100%;height:100%;}.ic{display:table-cell;vertical-align:middle;hei
ght:100%;}div.msg{display:block;border:1px solid #30c;padding:0;width:500px;font
-family:helvetica,sans-serif;margin:10px auto;}h1{font-weight:bold;color:#fff;fo
nt-size:14px;margin:0;padding:2px;text-align:center;background: #30c;}p{font-siz
e:12px;margin:15px auto;width:75%;font-family:helvetica,sans-serif;text-align:le
ft;}</style><title>Firewall Authentication</title></head><body><div class=\"oc\"
><div class=\"ic\"><div class=\"msg\"><h1>Firewall Authentication</h1><p>Authent
ication Failed</p></div></div></div></body></html>"
set header http
set format html
end
config system replacemsg webproxy "auth-authorization-fail"
set buffer "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01//EN\">
<html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8
\"><style type=\"text/css\">html,body{height:100%;padding:0;margin:0;}.oc{displa
y:table;width:100%;height:100%;}.ic{display:table-cell;vertical-align:middle;hei
end
config system replacemsg ftp "ftp-dl-archive-block"
set buffer "Transfer failed. Archive \"%%FILE%%\" has been blocked."
set header none
set format text
end
config system replacemsg nntp "nntp-dl-infected"
set buffer "Dangerous Attachment has been Removed. The file \"%%FILE%%\" ha
s been removed because of a virus. It was infected with the \"%%VIRUS%%\" virus
. File quarantined as: \"%%QUARFILENAME%%\"."
set header none
set format text
end
config system replacemsg nntp "nntp-dl-blocked"
set buffer "The file %%FILE%% has been blocked. File quarantined as: %%QUARF
ILENAME%%"
set header none
set format text
end
config system replacemsg nntp "nntp-dl-filesize"
set buffer "This article has been blocked. The article is larger than the c
onfigured file size limit."
set header none
set format text
end
config system replacemsg nntp "nntp-dlp"
set buffer "This article has been blocked. It appears to contain a data lea
k."
set header none
set format text
end
config system replacemsg nntp "nntp-dlp-subject"
set buffer "Data leak detected!"
set header none
set format text
end
config system replacemsg nntp "nntp-dlp-ban"
set buffer "this article has been blocked. The user is banned for sending a
data leak. Please contact your admin to be re-enabled."
set header none
set format text
end
config system replacemsg fortiguard-wf "ftgd-block"
set buffer "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"
>
<html>
<head>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">
<title>Web Filter Violation</title>
<style type=\"text/css\">
html, body { margin: 0; padding: 0; font-family: Verdana, Arial, sans-se
rif; font-size: 10pt; }
h1, h2 { height: 82px; text-indent: -999em; margin: 0; padding: 0; margi
n: 0; }
div { margin: 0; padding: 0; }
div.header { background: url(%%IMAGE:logo_v2_fnet%%) 0 0 repeat-x; heigh
t: 82px; }
div.header h1 { background: url(%%IMAGE:logo_v2_fguard_wf%%) 0 0 no-repe
at; }
div.header h2 { background: url(%%IMAGE:logo_v2_fnet%%) 0 -82px no-repea
set buffer "This message has been blocked because it is from a FortiGuard AntiSpam black IP address."
set header none
set format text
end
config system replacemsg spam "smtp-spam-helo"
set buffer "This message has been blocked because the HELO/EHLO domain is in
valid."
set header none
set format text
end
config system replacemsg spam "smtp-spam-emailblack"
set buffer "Mail from this email address is not allowed and has been blocke
d."
set header none
set format text
end
config system replacemsg spam "smtp-spam-mimeheader"
set buffer "This message has been blocked because it contains an invalid hea
der."
set header none
set format text
end
config system replacemsg spam "reversedns"
set buffer "This message has been blocked because the return email domain is
invalid."
set header none
set format text
end
config system replacemsg spam "smtp-spam-bannedword"
set buffer "This message has been blocked because it contains a banned word.
"
set header none
set format text
end
config system replacemsg spam "smtp-spam-ase"
set buffer "This message has been blocked because ASE reports it as spam. "
set header none
set format text
end
config system replacemsg spam "submit"
set buffer "If this email is not spam, click here to submit the signatures t
o FortiGuard - AntiSpam Service."
set header none
set format text
end
config system replacemsg im "im-file-xfer-block"
set buffer "Transfer failed. You are not permitted to transfer the file \"%
%FILE%%\"."
set header none
set format text
end
config system replacemsg im "im-file-xfer-name"
set buffer "Transfer %%ACTION%%. The file name \"%%FILE%%\" matches the con
figured file name block list."
set header none
set format text
end
config system replacemsg im "im-file-xfer-infected"
set buffer "Transfer %%ACTION%%. The file \"%%FILE%%\" is infected with the
v></div></body></html>"
set header http
set format html
end
config system replacemsg captive-portal-dflt "cpa-login-page"
set buffer "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"
><html><head><style type=\"text/css\">html,body{height:100%;padding:0;margin:0;f
ont-size:small;text-align:center;font-family:helvetica,sans-serif;} form{display
:block;background:#ccc;border:2px solid red;padding: 0;width:500px;margin:10px a
uto;} div{padding: 1px; zoom: 1;} p {margin: 10px 15px;} h1{font-weight:bold;fon
t-size:21px;margin:0;padding:10px;text-align:center;} ul{margin:15px auto;width:
75%;} h2{margin:15px;font-weight:bold;text-align:left;} label,h2{font-size:12px;
} table{width:100%; height: 100%; font-size: 12px;} td{vertical-align:middle; te
xt-align: center;} .msg, label{font-weight:bold;} #ft_sm { background: #eee; tex
t-align: left; } #ft_sb div { text-align: right; width: 75%; margin: 5px auto; p
adding: 5px; } .dci{overflow:auto;height:150px;border:1px solid #7f9db9; backgro
und:#fff; padding: 5px; font-family:verdana,monospace; font-size:12px; text-alig
n:left;} .fl{display:inline;float:left;margin: 2px;} .logo{background:#ccc cente
r 25px url(%%IMAGE:logo_fw_auth%%) no-repeat;padding-top:80px;} .hl{color:#ff600
0;}</style><title>Firewall Authentication</title></head><body><table><tr><td><fo
rm action=\"/\" method=\"post\"><input type=\"hidden\" name=\"%%REDIRID%%\" valu
e=\"%%PROTURI%%\"><input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL
%%\"><div id=\"ft_st\"><h1 class=\"logo\">Terms and Disclaimer Agreement</h1></d
iv><div id=\"ft_sm\"><p class=\"dci\">You are about to access Internet content t
hat is not under the control of the network access provider. The network access
provider is therefore not responsible for any of these sites, their content or
their privacy policies. The network access provider and its staff do not endorse
nor make any representations about these sites, or any information, software or
other products or materials found there, or any results that may be obtained fr
om using them. If you decide to access any Internet content, you do this entirel
y at your own risk and you are responsible for ensuring that any accessed materi
al does not infringe the laws governing, but not exhaustively covering, copyrigh
t, trademarks, pornography, or any other material which is slanderous, defamator
y or might cause offence in any other way.</p><p><input type=\"checkbox\" id=\"f
t_ad\"><label for=\"ft_ad\" id=\"ft_adl\">I accept the terms and disclaimer agre
ement</label></p></div><div id=\"ft_sb\"><h2>Authentication for SSID: %%CPAUTH_S
SID%%</h2><p id=\"note\" class=\"msg\">Please enter your username and password t
o continue</p><div id=\"auth\"><p><label class=\"fl\" for=\"ft_un\">Username:</l
abel> <input name=\"%%USERNAMEID%%\" id=\"ft_un\" style=\"width:245px\"></p><p><
label class=\"fl\" for=\"ft_pd\">Password:</label> <input name=\"%%PASSWORDID%%\
" id=\"ft_pd\" type=\"password\" style=\"width:245px\"></p><p><input type=\"subm
it\" id=\"ft_ci\" value=\"Continue\"></p></div></div></form></td></tr></table><s
cript>var def_msg = \"Please enter your username and password to continue\";var
cb = get(\"ft_ad\"); var un = get(\"ft_un\"); var pd = get(\"ft_pd\"); var ci =
get(\"ft_ci\"); var note = get(\"note\"); var adl = get(\"ft_adl\");if (cb && un
&& pd && note && adl) { cb.onclick = cb_click; cb_click.apply(cb, [def_msg]); }
function get(x) { return document.getElementById(x); }function tc(elm, cn, tg) {
if (!elm) return; if (tg) elm.className += \" \" + cn; else elm.className = elm
.className.replace(cn,\'\'); }function cb_click(msg) { var en = !this.checked; u
n.disabled = en; pd.disabled = en; ci.disabled = en; tc(adl, \"hl\", en); tc(not
e, \"hl\", !en); if(typeof msg === \"string\") { note.innerHTML = msg; } else {
note.innerHTML = def_msg; } } </script></body></html>"
set header http
set format html
end
config system replacemsg captive-portal-dflt "cpa-login-failed-page"
set buffer "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"
><html><head><style type=\"text/css\">html,body{height:100%;padding:0;margin:0;f
ont-size:small;text-align:center;font-family:helvetica,sans-serif;} form{display
:block;background:#ccc;border:2px solid red;padding: 0;width:500px;margin:10px a
%</table>%%SSL_HIDDEN%%</td></tr></table></form></center></body><script>document
.forms[0].username.focus();</script></html>"
set header http
set format html
end
config system replacemsg sslvpn "sslvpn-limit"
set buffer "<html><head><meta http-equiv=\"Content-Type\" content=\"text/htm
l; charset=UTF-8\"><title>Already Logged In</title><meta http-equiv=\"Pragma\" c
ontent=\"no-cache\"><meta http-equiv=\"cache-control\" content=\"no-cache\"><met
a http-equiv=\"cache-control\" content=\"must-revalidate\"><link href=\"/sslvpn/
css/login.css\" rel=\"stylesheet\" type=\"text/css\"><script type=\"text/javascr
ipt\">if (top && top.location != window.location) top.location = top.location;if
(window.opener && window.opener.top) { window.opener.top.location = window.open
er.top.location; self.close(); }</script></head><body class=\"main\"><center><ta
ble class=\"container\" height=\"100%\" cellspacing=\"0\" cellpadding=\"0\" alig
n=\"center\" width=\"100%\" valign=\"middle\"><tbody><tr valign=\"middle\"><td><
table class=\"list\" height=\"180\" cellspacing=\"0\" cellpadding=\"10\" align=\
"center\" width=\"400\"><tbody><tr class=\"dark\"><td colspan=\"2\"> <b>Already
Logged In</b></td></tr><tr><td colspan=\"2\"><p>You already have an open SSL VPN
connection. Opening multiple connections is not permitted.</p><p>If you proceed
, your other connection will be disconnected.</p><p>Please contact your administ
rator if you blevieve there is a problem.</p></td></tr><tr><td style=\"text-alig
n:center\">%%SSL_LOGIN_ANYWAY%%</td><td style=\"text-align:center\">%%SSL_LOGIN_
CANCEL%%</td></tr></tbody></table></td></tr></tbody></table></center></body></ht
ml>"
set header http
set format html
end
config system replacemsg ec "endpt-download-portal"
set buffer "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"
>
<html>
<head>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">
<title>Endpoint Security Required</title>
<style type=\"text/css\">
html, body { margin: 0; padding: 0; font-family: Verdana, Arial, sans-se
rif; font-size: 10pt; }
h1, h2 { height: 82px; text-indent: -999em; margin: 0; padding: 0; margi
n: 0; }
div { margin: 0; padding: 0; }
div.header { background: url(%%IMAGE:logo_v2_fnet%%) 0 0 repeat-x; heigh
t: 82px; }
div.header h1 { background: url(%%IMAGE:logo_v2_fw_auth%%) 15px 10px norepeat; }
div.header h2 { background: url(%%IMAGE:logo_v2_fnet%%) 0 -82px no-repea
t; width: 160px; float: right; }
div.sidebar { width: 195px; height: 200px; float: left; }
div.main { padding: 5px; margin-left: 195px; }
div.buttons { margin-top: 30px; text-align: right; }
h3 { margin: 36px 0; font-size: 16pt; }
.blocked
h3 { color: #c00; }
.authenticate h3 { color: #36c; }
h2.fgd_icon { background: url(%%IMAGE:logo_v2_fnet%%) 0 -166px repeat-x;
width: 90px; height: 92px; margin: 48px auto; }
.blocked
h2.fgd_icon { background-position: 0 -166px; }
.authenticate h2.fgd_icon { background-position: -89px -166px; }
form { width: 300px; margin: 30px 0; }
label { display: block; width: 300px; margin: 5px 0; line-height: 25px;
}
label input { width: 200px; border: 1px solid #7f9db9; height: 20px; flo
at: right; }
</style>
</head>
<body class=\"blocked\">
<div class=\"header\">
<h2>Powered By Fortinet</h2>
<h1>FortiGate: Endpoint Control</h1>
</div>
<div class=\"sidebar\">
<h2 class=\"fgd_icon\">blocked</h2>
</div>
<div class=\"main\">
<h3>Endpoint Security Required</h3><div class=\"notice\">The use of this securit
y policy requires that the latest FortiClient Endpoint Security software and ant
ivirus signature package are installed.<br><br>Installing FortiClient requires t
hat you have administrator privileges on your computer. If you do not, please co
ntact your network administrator to have FortiClient installed.<br><br>The insta
ller may be downloaded using the following link:<br>%%LINK%%</div><div><h4>Insta
llation instructions:</h4><ul><li><span style=\"font-style:italic\">For Internet
Explorer:</span></li><ol><li>Click the above link to download the installer</li
><li>When Internet Explorer asks what action you would like to take, click \"Run
\"</li></ol><br><li><span style=\"font-style:italic\">For Firefox:</span></li><o
l><li>Click the above link to download the installer</li><li>Save the installer
and note the location it is saved to</li><li>Open the folder containing the inst
aller and run it</li></ol></ul><p>FortiClient installation may take a few minute
s. Thank you for your patience.<br><br></p></div>
</div>
</body>
</html>"
set header http
set format html
end
config system replacemsg ec "endpt-recommendation-portal"
set buffer "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"
>
<html>
<head>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">
<title>Endpoint Security Required</title>
<style type=\"text/css\">
html, body { margin: 0; padding: 0; font-family: Verdana, Arial, sans-se
rif; font-size: 10pt; }
h1, h2 { height: 82px; text-indent: -999em; margin: 0; padding: 0; margi
n: 0; }
div { margin: 0; padding: 0; }
div.header { background: url(%%IMAGE:logo_v2_fnet%%) 0 0 repeat-x; heigh
t: 82px; }
div.header h1 { background: url(%%IMAGE:logo_v2_fw_auth%%) 15px 10px norepeat; }
div.header h2 { background: url(%%IMAGE:logo_v2_fnet%%) 0 -82px no-repea
t; width: 160px; float: right; }
div.sidebar { width: 195px; height: 200px; float: left; }
div.main { padding: 5px; margin-left: 195px; }
div.buttons { margin-top: 30px; text-align: right; }
h3 { margin: 36px 0; font-size: 16pt; }
.blocked
h3 { color: #c00; }
.authenticate h3 { color: #36c; }
h2.fgd_icon { background: url(%%IMAGE:logo_v2_fnet%%) 0 -166px repeat-x;
width: 90px; height: 92px; margin: 48px auto; }
.blocked
h2.fgd_icon { background-position: 0 -166px; }
.blocked
h3 { color: #c00; }
.authenticate h3 { color: #36c; }
h2.fgd_icon { background: url(%%IMAGE:logo_v2_fnet%%) 0 -166px repeat-x;
width: 90px; height: 92px; margin: 48px auto; }
.blocked
h2.fgd_icon { background-position: 0 -166px; }
.authenticate h2.fgd_icon { background-position: -89px -166px; }
form { width: 300px; margin: 30px 0; }
label { display: block; width: 300px; margin: 5px 0; line-height: 25px;
}
label input { width: 200px; border: 1px solid #7f9db9; height: 20px; flo
at: right; }
</style>
</head>
<body class=\"blocked\">
<div class=\"header\">
<h2>Powered By Fortinet</h2>
<h1>FortiGate: Endpoint Control</h1>
</div>
<div class=\"sidebar\">
<h2 class=\"fgd_icon\">blocked</h2>
</div>
<div class=\"main\">
<h3>Endpoint Security Required</h3><div class=\"notice\">The security policy req
uires the endpoint to be compliant in order to gain network access. Please check
your FortiClient software for details.</div>
</div>
</body>
</html>"
set header http
set format html
end
config system replacemsg ec "endpt-rmd-block-portal"
set buffer "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"
>
<html>
<head>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">
<title>Endpoint Security Recommended</title>
<style type=\"text/css\">
html, body { margin: 0; padding: 0; font-family: Verdana, Arial, sans-se
rif; font-size: 10pt; }
h1, h2 { height: 82px; text-indent: -999em; margin: 0; padding: 0; margi
n: 0; }
div { margin: 0; padding: 0; }
div.header { background: url(%%IMAGE:logo_v2_fnet%%) 0 0 repeat-x; heigh
t: 82px; }
div.header h1 { background: url(%%IMAGE:logo_v2_fw_auth%%) 15px 10px norepeat; }
div.header h2 { background: url(%%IMAGE:logo_v2_fnet%%) 0 -82px no-repea
t; width: 160px; float: right; }
div.sidebar { width: 195px; height: 200px; float: left; }
div.main { padding: 5px; margin-left: 195px; }
div.buttons { margin-top: 30px; text-align: right; }
h3 { margin: 36px 0; font-size: 16pt; }
.blocked
h3 { color: #c00; }
.authenticate h3 { color: #36c; }
h2.fgd_icon { background: url(%%IMAGE:logo_v2_fnet%%) 0 -166px repeat-x;
width: 90px; height: 92px; margin: 48px auto; }
.blocked
h2.fgd_icon { background-position: 0 -166px; }
.authenticate h2.fgd_icon { background-position: -89px -166px; }
form { width: 300px; margin: 30px 0; }
<body class=\"blocked\">
<div class=\"header\">
<h2>Powered By Fortinet</h2>
<h1>FortiGate: Endpoint Control</h1>
</div>
<div class=\"sidebar\">
<h2 class=\"fgd_icon\">blocked</h2>
</div>
<div class=\"main\">
<h3>Endpoint Security Required</h3><div class=\"notice\">FortiClient security ch
eck failed due to the following:<br />%%FEATURE_BLOCK_REASONS%%</div>
</div>
</body>
</html>"
set header http
set format html
end
config system replacemsg ec "endpt-rmd-ec-block-page"
set buffer "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"
>
<html>
<head>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">
<title>Endpoint Security Recommended</title>
<style type=\"text/css\">
html, body { margin: 0; padding: 0; font-family: Verdana, Arial, sans-se
rif; font-size: 10pt; }
h1, h2 { height: 82px; text-indent: -999em; margin: 0; padding: 0; margi
n: 0; }
div { margin: 0; padding: 0; }
div.header { background: url(%%IMAGE:logo_v2_fnet%%) 0 0 repeat-x; heigh
t: 82px; }
div.header h1 { background: url(%%IMAGE:logo_v2_fw_auth%%) 15px 10px norepeat; }
div.header h2 { background: url(%%IMAGE:logo_v2_fnet%%) 0 -82px no-repea
t; width: 160px; float: right; }
div.sidebar { width: 195px; height: 200px; float: left; }
div.main { padding: 5px; margin-left: 195px; }
div.buttons { margin-top: 30px; text-align: right; }
h3 { margin: 36px 0; font-size: 16pt; }
.blocked
h3 { color: #c00; }
.authenticate h3 { color: #36c; }
h2.fgd_icon { background: url(%%IMAGE:logo_v2_fnet%%) 0 -166px repeat-x;
width: 90px; height: 92px; margin: 48px auto; }
.blocked
h2.fgd_icon { background-position: 0 -166px; }
.authenticate h2.fgd_icon { background-position: -89px -166px; }
form { width: 300px; margin: 30px 0; }
label { display: block; width: 300px; margin: 5px 0; line-height: 25px;
}
label input { width: 200px; border: 1px solid #7f9db9; height: 20px; flo
at: right; }
</style>
</head>
<body class=\"blocked\">
<div class=\"header\">
<h2>Powered By Fortinet</h2>
<h1>FortiGate: Endpoint Control</h1>
</div>
<div class=\"sidebar\">
<h2 class=\"fgd_icon\">blocked</h2>
</div>
<div class=\"main\">
<h3>Endpoint Security Recommended</h3><div class=\"notice\">FortiClient security
check failed due to the following:<br />%%FEATURE_BLOCK_REASONS%%<br><a href=\"
%%DST_ADDR_LINK%%\"> Continue to %%DST_ADDR_LABEL%% </a></div>
</div>
</body>
</html>"
set header http
set format html
end
config system replacemsg nac-quar "nac-quar-virus"
set buffer "<html><head><title>Virus Quarantine</title></head><body><font si
ze=2><table width=\"100%\"><tr><td bgcolor=#3300cc align=\"center\" colspan=2><f
ont color=#ffffff><b>Blocked because of virus</b></font></td></tr></table><br><b
r>A virus was detected, originating from your system. Please contact the system
administrator.<br><br><hr></font></body></html>"
set header http
set format html
end
config system replacemsg nac-quar "nac-quar-dos"
set buffer "<html><head><title>Attack Detected</title></head><body><font siz
e=2><table width=\"100%\"><tr><td bgcolor=#3300cc align=\"center\" colspan=2><fo
nt color=#ffffff><b>Blocked because of DoS Attack</b></font></td></tr></table><b
r><br>A DoS attack was detected, originating from your system. Please contact th
e system administrator.<br><br><hr></font></body></html>"
set header http
set format html
end
config system replacemsg nac-quar "nac-quar-ips"
set buffer "<html><head><title>Attack Detected</title></head><body><font siz
e=2><table width=\"100%\"><tr><td bgcolor=#3300cc align=\"center\" colspan=2><fo
nt color=#ffffff><b>Blocked because of IPS attack</b></font></td></tr></table><b
r><br>An attack was detected, originating from your system. Please contact the s
ystem administrator.<br><br><hr></font></body></html>"
set header http
set format html
end
config system replacemsg nac-quar "nac-quar-dlp"
set buffer "<html><head><title>Data Leak Detected</title></head><body><font
size=2><table width=\"100%\"><tr><td bgcolor=#3300cc align=\"center\" colspan=2>
<font color=#ffffff><b>Blocked because of data leak</b></font></td></tr></table>
<br><br>A data leak was detected, originating from your system. Please contact t
he system administrator.<br><br><hr></font></body></html>"
set header http
set format html
end
config system replacemsg traffic-quota "per-ip-shaper-block"
set buffer "<html><head><title>Traffic Quota Control</title></head><body><fo
nt size=2><table width=\"100%\"><tr><td bgcolor=#3300cc align=\"center\" colspan
=2><font color=#ffffff><b>Traffic blocked because of exceed session quota</b></f
ont></td></tr></table><br><br>Traffic blocked because of exceed per IP shaper se
ssion quota. Please contact the system administrator.<br>%%QUOTA_INFO%%<br><br><
hr></font></body></html>"
set header http
set format html
end
config vpn certificate ca
end
config vpn certificate local
end
config antivirus service "http"
end
config wireless-controller global
set name ''
set location ''
set max-retransmit 3
set data-ethernet-II disable
set discovery-mc-addr 224.0.1.140
set max-clients 0
set rogue-scan-mac-adjacency 7
end
config gui console
unset preferences
end
config system session-helper
edit 1
set name pptp
set port 1723
set protocol 6
next
edit 2
set name h323
set port 1720
set protocol 6
next
edit 3
set name ras
set port 1719
set protocol 17
next
edit 4
set name tns
set port 1521
set protocol 6
next
edit 5
set name tftp
set port 69
set protocol 17
next
edit 6
set name rtsp
set port 554
set protocol 6
next
edit 7
set name rtsp
set port 7070
set protocol 6
next
edit 8
set name rtsp
set port 8554
set protocol 6
next
edit 9
set name ftp
set port 21
set protocol 6
next
edit 10
name pmap
port 111
protocol 6
name pmap
port 111
protocol 17
name sip
port 5060
protocol 17
name dns-udp
port 53
protocol 17
name rsh
port 514
protocol 6
name rsh
port 512
protocol 6
name dcerpc
port 135
protocol 6
name dcerpc
port 135
protocol 17
name mgcp
port 2427
protocol 17
name mgcp
port 2727
protocol 17
end
config system auto-install
set auto-install-config enable
set auto-install-image enable
set default-config-file "fgt_system.conf"
set default-image-file "image.out"
end
config system ntp
config ntpserver
edit 1
set server "ntp1.fortinet.net"
next
edit 2
set server "ntp2.fortinet.net"
next
end
set ntpsync enable
set source-ip 0.0.0.0
set syncinterval 60
end
config firewall address
edit "all"
next
edit "SSLVPN_TUNNEL_ADDR1"
set type iprange
set end-ip 10.212.134.210
set start-ip 10.212.134.200
next
end
config firewall address6
edit "all"
next
end
config ips sensor
edit "default"
set comment "prevent critical attacks"
config entries
edit 1
set severity high critical
next
end
next
edit "all_default"
set comment "all predefined signatures with default setting"
config entries
edit 1
next
end
next
edit "all_default_pass"
set comment "all predefined signatures with PASS action"
config entries
edit 1
set action pass
next
end
next
edit "protect_http_server"
set comment "protect against HTTP server-side vulnerabilities"
config entries
edit 1
set location server
set protocol HTTP
next
end
next
edit "protect_email_server"
set comment "protect against EMail server-side vulnerabilities"
config entries
edit 1
set location server
set protocol SMTP POP3 IMAP
next
end
next
edit "protect_client"
set comment "protect against client-side vulnerabilities"
config entries
edit 1
set location client
next
end
next
end
config ips DoS
edit "all_default"
config anomaly
edit "tcp_syn_flood"
set status enable
set threshold 2000
next
edit "tcp_port_scan"
set status enable
set threshold 1000
next
edit "tcp_src_session"
set status enable
set threshold 5000
next
edit "tcp_dst_session"
set status enable
set threshold 5000
next
edit "udp_flood"
set status enable
set threshold 2000
next
edit "udp_scan"
set status enable
set threshold 2000
next
edit "udp_src_session"
set status enable
set threshold 5000
next
edit "udp_dst_session"
set status enable
set threshold 5000
next
edit "icmp_flood"
set status enable
set threshold 250
next
edit "icmp_sweep"
set status enable
set threshold 100
next
edit "icmp_src_session"
set status enable
set threshold 300
next
edit "icmp_dst_session"
set status enable
set threshold 1000
next
edit "ip_src_session"
set status enable
set threshold 5000
next
edit "ip_dst_session"
set status enable
set threshold 5000
next
end
next
edit "block_flood"
config anomaly
edit "tcp_syn_flood"
set status enable
set action block
set threshold 2000
next
edit "tcp_port_scan"
set threshold 1000
next
edit "tcp_src_session"
set threshold 5000
next
edit "tcp_dst_session"
set threshold 5000
next
edit "udp_flood"
set status enable
set action block
set threshold 2000
next
edit "udp_scan"
set threshold 2000
next
edit "udp_src_session"
set threshold 5000
next
edit "udp_dst_session"
set threshold 5000
next
edit "icmp_flood"
set status enable
set action block
set threshold 250
next
edit "icmp_sweep"
set threshold 100
next
edit "icmp_src_session"
set threshold 300
next
edit "icmp_dst_session"
set threshold 1000
next
edit "ip_src_session"
set threshold 5000
next
edit "ip_dst_session"
set threshold 5000
next
end
next
end
config firewall shaper traffic-shaper
edit "high-priority"
set maximum-bandwidth 1048576
set per-policy enable
next
edit "medium-priority"
set maximum-bandwidth 1048576
set per-policy enable
set priority medium
next
edit "low-priority"
set maximum-bandwidth 1048576
set per-policy enable
set priority low
next
edit "guarantee-100kbps"
set guaranteed-bandwidth 100
set maximum-bandwidth 1048576
set per-policy enable
next
edit "shared-1M-pipe"
set maximum-bandwidth 1024
next
end
config application list
edit "default"
set comment "monitor all applications"
config entries
edit 1
set action pass
next
end
next
edit "block-p2p"
config entries
edit 1
set category 2
next
end
next
edit "monitor-p2p-and-media"
config entries
edit 1
set action pass
set category 2
next
edit 2
set action pass
set category 5
next
end
next
end
config dlp filepattern
edit 1
config entries
edit "*.bat"
next
edit "*.com"
next
edit "*.dll"
next
edit "*.doc"
next
edit "*.exe"
next
edit "*.gz"
next
edit "*.hta"
next
edit "*.ppt"
next
edit "*.rar"
next
edit "*.scr"
next
edit "*.tar"
next
edit "*.tgz"
next
edit "*.vb?"
next
edit "*.wps"
next
edit "*.xl?"
next
edit "*.zip"
next
edit "*.pif"
next
edit "*.cpl"
next
end
set name "builtin-patterns"
next
edit 2
config entries
edit "bat"
set filter-type type
set file-type bat
set active imap smtp pop3 http ftp im nntp
next
edit "exe"
set filter-type type
set file-type exe
set active imap smtp pop3 http ftp im nntp
next
edit "elf"
set
set
set
set
set
protocol http
sub-protocol http-post
field transfer-size
value 5120
operator greater-equal
next
end
config dlp compound
edit "Email-SIN"
set comment "Emails containing canadian SIN but are not WebEx invites"
set protocol email
set sub-protocol smtp pop3 imap
set member "Email-Canada-SIN" "Email-Not-Webex"
next
edit "HTTP-Post-SIN"
set comment "Posts containing canadian SIN but are not WebEx invites"
set protocol http
set sub-protocol http-post
set member "HTTP-Canada-SIN" "HTTP-Post-Not-Webex"
next
end
config dlp sensor
edit "default"
set comment "summary archive email and web traffics"
config filter
edit "All-Email"
set filter-type advanced-rule
set rule-name "All-Email"
set archive summary-only
next
edit "All-HTTP"
set filter-type advanced-rule
set rule-name "All-HTTP"
set archive summary-only
next
end
next
end
config webfilter content
end
config webfilter urlfilter
end
config spamfilter bword
end
config spamfilter emailbwl
end
config spamfilter ipbwl
end
config spamfilter mheader
end
config spamfilter dnsbl
end
config spamfilter iptrust
end
config voip profile
edit "default"
set comment "default VoIP profile"
config sip
set log-violations enable
end
config sccp
set log-call-summary enable
set log-violations enable
end
next
edit "strict"
config sip
set malformed-request-line discard
set malformed-header-via discard
set malformed-header-from discard
set malformed-header-to discard
set malformed-header-call-id discard
set malformed-header-cseq discard
set malformed-header-rack discard
set malformed-header-rseq discard
set malformed-header-contact discard
set malformed-header-record-route discard
set malformed-header-route discard
set malformed-header-expires discard
set malformed-header-content-type discard
set malformed-header-content-length discard
set malformed-header-max-forwards discard
set malformed-header-allow discard
set malformed-header-p-asserted-identity discard
set malformed-header-sdp-v discard
set malformed-header-sdp-o discard
set malformed-header-sdp-s discard
set malformed-header-sdp-i discard
set malformed-header-sdp-c discard
set malformed-header-sdp-b discard
set malformed-header-sdp-z discard
set malformed-header-sdp-k discard
set malformed-header-sdp-a discard
set malformed-header-sdp-t discard
set malformed-header-sdp-r discard
set malformed-header-sdp-m discard
end
next
end
config vpn ssl web host-check-software
edit "FortiClient-AV"
set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81"
next
edit "FortiClient-FW"
set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
set type fw
next
edit "FortiClient-AV-Vista-Win7"
set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
next
edit "FortiClient-FW-Vista-Win7"
set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
set type fw
next
edit "AVG-Internet-Security-AV"
set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
next
edit "AVG-Internet-Security-AV-Vista-Win7"
set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
next
edit "CA-Anti-Virus"
set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
next
edit "CA-Internet-Security-AV"
set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
next
edit "CA-Internet-Security-AV-Vista-Win7"
set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
next
edit "F-Secure-Internet-Security-AV"
set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
next
edit "F-Secure-Internet-Security-AV-Vista-Win7"
set guid "15414183-282E-D62C-CA37-EF24860A2F17"
next
edit "Kaspersky-AV"
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
next
edit "Kaspersky-AV-Vista-Win7"
set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
next
edit "McAfee-Internet-Security-Suite-AV"
set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
next
edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
next
edit "McAfee-Virus-Scan-Enterprise"
set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
next
edit "Norton-360-2.0-AV"
set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
next
edit "Norton-360-3.0-AV"
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit "Norton-Internet-Security-AV"
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit "Norton-Internet-Security-AV-Vista-Win7"
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit "Symantec-Endpoint-Protection-AV"
set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
next
edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit "Panda-Antivirus+Firewall-2008-AV"
set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
next
edit "Panda-Internet-Security-AV"
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
next
edit "Sophos-Anti-Virus"
set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
next
edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
next
edit "Trend-Micro-AV"
set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
next
edit "Trend-Micro-AV-Vista-Win7"
set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
next
edit "ZoneAlarm-AV"
set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
next
edit "ZoneAlarm-AV-Vista-Win7"
set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
next
edit "AVG-Internet-Security-FW"
set guid "8DECF618-9569-4340-B34A-D78D28969B66"
set type fw
next
edit "AVG-Internet-Security-FW-Vista-Win7"
set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
set type fw
next
edit "CA-Internet-Security-FW"
set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
set type fw
next
edit "CA-Internet-Security-FW-Vista-Win7"
set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
set type fw
next
edit "CA-Personal-Firewall"
set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
set type fw
next
edit "F-Secure-Internet-Security-FW"
set guid "D4747503-0346-49EB-9262-997542F79BF4"
set type fw
next
edit "F-Secure-Internet-Security-FW-Vista-Win7"
set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
set type fw
next
edit "Kaspersky-FW"
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
set type fw
next
edit "Kaspersky-FW-Vista-Win7"
set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
set type fw
next
edit "McAfee-Internet-Security-Suite-FW"
set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
set type fw
next
edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
set type fw
next
edit "Norton-360-2.0-FW"
set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
set type fw
next
edit "Norton-360-3.0-FW"
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
set type fw
next
edit "Norton-Internet-Security-FW"
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
set type fw
next
edit "Norton-Internet-Security-FW-Vista-Win7"
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
set type fw
next
edit "Symantec-Endpoint-Protection-FW"
set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
set type fw
next
edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
set type fw
next
edit "Panda-Antivirus+Firewall-2008-FW"
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
set type fw
next
edit "Panda-Internet-Security-2006~2007-FW"
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
set type fw
next
edit "Panda-Internet-Security-2008~2009-FW"
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
set type fw
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW"
set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
set type fw
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
set type fw
next
edit "Trend-Micro-FW"
set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
set type fw
next
edit "Trend-Micro-FW-Vista-Win7"
set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
set type fw
next
edit "ZoneAlarm-FW"
set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
set type fw
next
edit "ZoneAlarm-FW-Vista-Win7"
set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
set type fw
next
end
config vpn ssl web portal
edit "full-access"
set allow-access web ftp smb telnet ssh vnc rdp citrix rdpnative portfor
ward
set heading "Welcome to SSL VPN Service"
set page-layout double-column
config widget
edit 4
set name "Session Information"
set type info
next
edit 2
set name "Bookmarks"
set allow-apps web ftp smb telnet ssh vnc rdp citrix rdpnati
ve portforward
next
edit 3
set name "Connection Tool"
set type tool
set column two
set allow-apps web ftp smb telnet ssh vnc rdp citrix rdpnati
ve portforward
next
edit 1
set name "Tunnel Mode"
set type tunnel
set column two
set tunnel-status enable
set split-tunneling enable
set ip-pools "SSLVPN_TUNNEL_ADDR1"
next
end
next
edit "web-access"
set allow-access web ftp smb telnet ssh vnc rdp citrix rdpnative portfor
ward
set heading "Welcome to SSL VPN Service"
config widget
edit 4
set name "Session Information"
set type info
next
edit 1
set name "Bookmarks"
set allow-apps web ftp smb telnet ssh vnc rdp citrix rdpnati
ve portforward
next
end
next
edit "tunnel-access"
set heading "Welcome to SSL VPN Service"
config widget
edit 4
set name "Session Information"
set type info
next
edit 1
set name "Tunnel Mode"
set type tunnel
set tunnel-status enable
set split-tunneling enable
set ip-pools "SSLVPN_TUNNEL_ADDR1"
next
end
next
end
config user tacacs+
edit "tac_plus"
set authorization enable
set key ENC mZ11Doohx+uiw6RguEgIkhyl32cRB7hc3seFRKif+JzDIWLiGsw5tG5mwhuD
J9h0Mvi6txrmVFQUoAWAI10zz54nRQC+iJMsA2o1gQL3QGYK+VES
set server "10.10.4.20"
next
end
config user local
edit "guest"
set type password
set passwd ENC 19plW7CLgq0kjFx/xrAabDkzSJw4GXtShP8uFfh/MzgyeTmv8YeL9QPCp
046RFSr7WcbWx7i4pBmJMNjIoFcwOoDa8ovHNdtXgYXxCe8cNuRK5El
next
end
config user group
edit "FSSO_Guest_Users"
set group-type fsso-service
next
edit "Guest-group"
set member "guest"
next
edit "test_group"
set member "tac_plus"
next
end
config webfilter profile
edit "default"
set comment "default web filtering"
set options https-scan
set post-action comfort
config ftgd-wf
config filters
edit 1
set action warning
set category 2
next
edit 2
set action warning
set category 7
next
edit 3
set action warning
set category 8
next
edit 4
set action warning
set category 9
next
edit 5
set action warning
set category 11
next
edit 6
set action warning
set
next
edit 7
set
set
next
edit 8
set
set
next
edit 9
set
set
next
edit 10
set
set
next
edit 11
set
set
next
edit 12
set
set
next
edit 13
set
set
next
edit 14
set
set
next
edit 15
set
set
next
edit 16
set
set
next
edit 17
set
set
next
edit 18
set
set
next
end
end
next
end
config webfilter override
end
config webfilter override-user
end
config webfilter ftgd-warning
end
category 12
action warning
category 13
action warning
category 14
action warning
category 15
action warning
category 16
action warning
category 32
action warning
category 57
action warning
category 63
action warning
category 64
action warning
category 65
action warning
category 66
action warning
category 67
action block
category 26
edit "av.Top10.Sources.http"
set query "select src, count(*) as totalnum from antivirus_log where ##
#timestamp_to_oid(antivirus_log)### and lower(service)=\'http\' group by src ord
er by totalnum desc limit 10"
next
edit "av.Top10.File.Name"
set query "select file, count(*) as totalnum from antivirus_log where #
##timestamp_to_oid(antivirus_log)### and (file is not null and file!=\'N/A\') an
d subtype=\'infected\' group by file order by totalnum desc limit 10"
next
edit "av.Top10.File.Extension"
set query "select filetype, count(*) as totalnum from antivirus_log whe
re ###timestamp_to_oid(antivirus_log)### and (filetype is not null and filetype!
=\'N/A\') and subtype=\'infected\' group by filetype order by totalnum desc limi
t 10"
next
edit "av.Dist.Violations"
set query "select subtype, count(*) as totalnum from antivirus_log wher
e ###timestamp_to_oid(antivirus_log)### and (subtype=\'infected\' or subtype=\'o
versized\' or subtype=\'blocked\') group by subtype order by totalnum desc"
next
edit "av.Dist.Protocol"
set query "select service, count(*) as totalnum from antivirus_log wher
e ###timestamp_to_oid(antivirus_log)### and (service is not null and service!=\'
N/A\') and subtype=\'infected\' group by service order by totalnum desc"
next
edit "av.Count.Viruses"
set query "select (timestamp-timestamp%3600) as hourstamp, count(*) from
antivirus_log where ###timestamp_to_oid(antivirus_log)### and (virus is not nul
l and virus!=\'N/A\') group by hourstamp order by hourstamp desc"
next
edit "dlp.Top10.Email.Senders"
set query "select \"from\" as sender, count(*) as totalnum from dlp_log
where ###timestamp_to_oid(dlp_log)### and (sender is not null and sender!=\'N/A\
') and (lower(service)=\'smtp\' or lower(service)=\'smtps\') group by sender ord
er by totalnum desc limit 10"
next
edit "dlp.Top10.Email.Receivers"
set query "select \"to\" as receiver, count(*) as totalnum from dlp_log
where ###timestamp_to_oid(dlp_log)### and (receiver is not null and receiver!=\'
N/A\') and lower(service) in (\'pop3\', \'imap\', \'pop3s\', \'imaps\') group by
receiver order by totalnum desc limit 10"
next
edit "dlp.Dist.Protocol"
set query "select service, count(*) as totalnum from dlp_log where ###ti
mestamp_to_oid(dlp_log)### and (service is not null and service!=\'N/A\') group
by service order by totalnum desc"
next
edit "email.Top10.Senders"
set query "select \"from\" as sender, count(*) as totalnum from spamfilt
er_log where ###timestamp_to_oid(spamfilter_log)### and (sender is not null and
sender!=\'N/A\') group by sender order by totalnum desc limit 10"
next
edit "email.Top10.Receivers"
set query "select \"to\" as receiver, count(*) as totalnum from spamfilt
er_log where ###timestamp_to_oid(spamfilter_log)### and (receiver is not null an
d receiver!=\'N/A\') group by receiver order by totalnum desc limit 10"
next
edit "email.Top10.Spam.Sources"
set query "select \"from\" as sender, count(*) as totalnum from spamfilt
next
edit "traffic.Dist.Network.Bandwidth"
set query "select (timestamp-timestamp%3600) as hourstamp, sum(sent+rcvd
) as bandwidth from traffic_log where ###timestamp_to_oid(traffic_log)### grou
p by hourstamp order by hourstamp desc"
next
edit "traffic.Count.Network.Session"
set query "select (timestamp-timestamp%3600) as hourstamp, count(*) as t
otalnum from traffic_log where ###timestamp_to_oid(traffic_log)### group by hour
stamp order by hourstamp"
next
edit "traffic.Count.Terminal.SSH.Volume"
set query "select (timestamp-timestamp%3600) as hourstamp, sum(sent+rcvd
) as volume from traffic_log where ###timestamp_to_oid(traffic_log)### and lowe
r(service) in (\'22/tcp\', \'ssh\') group by hourstamp order by hourstamp desc"
next
edit "traffic.Count.Terminal.Telnet.Volume"
set query "select (timestamp-timestamp%3600) as hourstamp, sum(sent+rcvd
) as volume from traffic_log where ###timestamp_to_oid(traffic_log)### and lowe
r(service) in (\'23/tcp\',\'telnet\') group by hourstamp order by hourstamp desc
"
next
edit "traffic.Top10.Terminal.Volume"
set query "select service, sum(sent+rcvd) as volume from traffic_log whe
re ###timestamp_to_oid(traffic_log)### and lower(service) in (\'23/tcp\', \'teln
et\', \'22/tcp\', \'ssh\') group by service order by volume desc limit 10"
next
edit "traffic.Count.port1.Volume"
set query "select (timestamp-timestamp%3600) as hourstamp, sum(sent+rcvd
) as volume from traffic_log where ###timestamp_to_oid(traffic_log)### and (src
_int=\'port1\' or dst_int=\'port1\') group by hourstamp order by hourstamp desc"
next
edit "traffic.Count.WanOpt.Bandwidth"
set query "select (timestamp-timestamp%3600) as hourstamp,sum(lan_in+lan
_out) / 1000000.0 as lan, sum(wan_in+wan_out) / 1000000.0 as wan,max(coalesce((s
um(lan_in+lan_out)-sum(wan_in+wan_out))*100.0/sum(lan_in+lan_out),0.0),0.0) as r
educe_rate from traffic_log where timestamp>=F_TIMESTAMP(\'now\',\'hour\',\'-23\
') and subtype=\'wanopt-traffic\' group by hourstamp order by hourstamp desc"
next
edit "traffic.Dist.WanOpt.App.LAN.Bandwidth"
set query "select (case (wanopt_app_type in ( select wanopt_app_type fro
m traffic_log where subtype=\'wanopt-traffic\' and ###timestamp_to_oid(traffic_l
og)### group by wanopt_app_type order by sum(lan_in+lan_out) desc limit 5) ) whe
n 1 then wanopt_app_type else \'unknown\' end) as wanopt_app_type,sum(lan_in+lan
_out)/1000000.0 as lan,max(coalesce((sum(lan_in+lan_out)*100.0/(select sum(lan_i
n+lan_out) from traffic_log where subtype=\'wanopt-traffic\' and ###timestamp_to
_oid(traffic_log)###)),0.0),0.0) as percentage from traffic_log where subtype=\'
wanopt-traffic\' and timestamp>=F_TIMESTAMP(\'now\',\'hour\',\'-23\') group by w
anopt_app_type order by lan desc"
next
edit "traffic.Dist.WanOpt.App.WAN.Bandwidth"
set query "select (case (wanopt_app_type in ( select wanopt_app_type fro
m traffic_log where subtype=\'wanopt-traffic\' and ###timestamp_to_oid(traffic_l
og)### group by wanopt_app_type order by sum(wan_in+wan_out) desc limit 5) ) wh
en 1 then wanopt_app_type else \'unknown\' end) as wanopt_app_type, sum(wan_in+w
an_out)/1000000.0 as wan, max(coalesce((sum(wan_in+wan_out)*100.0/(select sum(wa
n_in+wan_out) from traffic_log where subtype=\'wanopt-traffic\' and ###timestamp
_to_oid(traffic_log)###)),0.0),0.0) as percentage from traffic_log where subtype
=\'wanopt-traffic\' and timestamp >=F_TIMESTAMP(\'now\',\'hour\',\'-23\') group
by wanopt_app_type order by wan desc"
next
edit "voip.Top10.Source.Volume"
set query "select src, sum(sent+rcvd) as volume from traffic_log where
###timestamp_to_oid(traffic_log)### and (app_cat=\'voip\' or ((app_cat is null o
r app_cat=\'N/A\') and lower(service) in (\'5060/udp\', \'5060/tcp\', \'2000/tc
p\') ) group by src order by volume desc limit 10"
next
edit "vpn.Top10.Peers.Volume"
set query "select dst, sum(sent+rcvd) as volume from traffic_log where
###timestamp_to_oid(traffic_log)### and (vpn is not null and vpn!=\'n/a\' and vp
n!=\'N/A\') and status=\'accept\' group by dst order by volume desc limit 10"
next
edit "vpn.Top10.Sources.Volume"
set query "select src, sum(sent+rcvd) as volume from traffic_log where
###timestamp_to_oid(traffic_log)### and (vpn is not null and vpn!=\'n/a\' and vp
n!=\'N/A\') and status=\'accept\' group by src order by volume desc limit 10"
next
edit "vpn.Top10.Tunnels.Volume"
set query "select vpn as vpn_tunnel, sum(sent+rcvd) as volume from traf
fic_log where ###timestamp_to_oid(traffic_log)### and (vpn_tunnel is not null an
d vpn_tunnel!=\'n/a\' and vpn_tunnel!=\'N/A\') and status=\'accept\' group by vp
n_tunnel order by volume desc limit 10"
next
edit "vpn.Top10.User.SSL.Volume"
set query "select user, sum(sent+rcvd) as volume from event_log where #
##timestamp_to_oid(event_log)### and (user is not null and user!=\'N/A\') and su
btype=\'sslvpn-user\' and action=\'tunnel-down\' group by user order by volume d
esc limit 10"
next
edit "vpn.Top10.Ipsec.Dest.Volume"
set query "select dst, sum(sent+rcvd) as volume from event_log where ##
#timestamp_to_oid(event_log)### and subtype=\'ipsec\' and (dst is not null and d
st!=\'N/A\') group by dst order by volume desc limit 10"
next
edit "vpn.Top10.Ipsec.Source.Volume"
set query "select src, sum(sent+rcvd) as volume from event_log where ##
#timestamp_to_oid(event_log)### and subtype=\'ipsec\' and (src is not null and s
rc!=\'N/A\') group by src order by volume desc limit 10"
next
edit "vpn.Top10.Ipsec.Peers.Volume"
set query "select remote_ip, sum(sent+rcvd) as volume from event_log wh
ere ###timestamp_to_oid(event_log)### and subtype=\'ipsec\' group by remote_ip o
rder by volume desc limit 10"
next
edit "vpn.Last10.User.SSL.Login"
set query "select user, datetime(timestamp - duration, \'unixepoch\',\'l
ocaltime\') start_time, duration, sent + rcvd volume from event_log where (user
is not null and user!=\'N/A\') and lower(subtype)=\'sslvpn-user\' and lower(act
ion)=\'tunnel-down\' order by timestamp desc limit 10"
next
edit "vpn.Last10.DialupIPsecUser.Login"
set query "select user, duration, timestamp, sum(sent+rcvd) as volume f
rom event_log where (user is not null and user!=\'N/A\') and subtype=\'ipsec\' g
roup by user order by timestamp desc limit 10"
next
edit "vpn.Last10.StaticIPsecTunnel"
set query "select tunnel, duration, timestamp, sum(sent+rcvd) as volume
from event_log where (tunnel is not null and tunnel!=\'N/A\') and subtype=\'ips
ec\' group by tunnel order by timestamp desc limit 10"
next
edit "wf.Top10.Dest.Volume"
set query "select dst, sum(sent+rcvd) as volume from traffic_log where #
##timestamp_to_oid(traffic_log)### and lower(service) in (\'http\',\'80/tcp\',\'
https\',\'443/tcp\') and status=\'accept\' group by dst order by volume desc lim
it 10"
next
edit "wf.Top10.Source.Volume"
set query "select src, sum(sent+rcvd) as volume from traffic_log where #
##timestamp_to_oid(traffic_log)### and lower(service) in (\'http\',\'80/tcp\',\'
https\',\'443/tcp\') and status=\'accept\' group by src order by volume desc lim
it 10"
next
edit "wf.Top10.Client.Volume"
set query "select src, sum(sent+rcvd) as volume from traffic_log where #
##timestamp_to_oid(traffic_log)### and lower(service) in (\'http\',\'80/tcp\',\'
https\',\'443/tcp\') and status=\'accept\' group by src order by volume desc lim
it 10"
next
edit "wf.Top10.Servers.Connection"
set query "select dst, count(*) as totalnum from webfilter_log where ###
timestamp_to_oid(webfilter_log)### group by dst order by totalnum desc limit 10"
next
edit "wf.Top10.Sites"
set query "select hostname, count(*) as totalnum from webfilter_log wher
e ###timestamp_to_oid(webfilter_log)### and (hostname is not null and hostname!=
\'N/A\') group by hostname order by totalnum desc limit 10"
next
edit "wf.Top10.Sites.Blocked"
set query "select hostname, count(*) as totalnum from webfilter_log wher
e ###timestamp_to_oid(webfilter_log)### and (hostname is not null and hostname!=
\'N/A\') and status=\'blocked\' group by hostname order by totalnum desc limit 1
0"
next
edit "wf.Top10.Users.Blocked"
set query "select (CASE WHEN user!=\'\' THEN user ELSE src END) as user
s, count(*) as totalnum from webfilter_log where ###timestamp_to_oid(webfilter_l
og)### and status=\'blocked\' group by users order by totalnum desc limit 10"
next
edit "wf.Top10.Users"
set query "select (CASE WHEN user!=\'\' THEN user ELSE src END) as user
s, count(*) as totalnum from webfilter_log where ###timestamp_to_oid(webfilter_l
og)### group by users order by totalnum desc limit 10"
next
edit "wf.Top10.Category"
set query "select cat, count(*) as totalnum from webfilter_log where ###
timestamp_to_oid(webfilter_log)### and (cat is not null or cat!=\'N/A\') group
by cat order by totalnum desc limit 10"
next
edit "wf.Dist.Clients"
set query "select src as clients, count(*) as totalnum from webfilter_lo
g where ###timestamp_to_oid(webfilter_log)### group by clients order by totalnum
desc limit 10"
next
edit "wf.Dist.Category"
set query "select cat, count(*) as totalnum from webfilter_log where ###
timestamp_to_oid(webfilter_log)### and (cat is not null or cat!=\'N/A\') group
by cat order by totalnum desc"
next
edit "wf.Count.Volume"
set query "select (timestamp-timestamp%3600) as hourstamp, sum(sent+rcvd
edit 1
set displayname "App Name or Service"
next
edit 2
set type double
set displayname "Bandwidth"
next
end
next
edit "traffic.bandwidth.users.app"
set query "select ft_ifnull(ft_ifnull(user,src), \'unknown\') userip, su
m(ifnull(rcvd,0) + ifnull(sent,0) + ifnull(lan_in,0) + ifnull(lan_out,0)) as ban
dwidth from traffic_log where ###timestamp_to_oid(traffic_log)### and ft_ifnull
(ft_ifnull(app, service), \'unknown\')=\'###parameter1###\' and log_id in (2,5,
8,9,10) group by userip order by bandwidth desc limit 10"
config field
edit 1
set displayname "User Name or IP"
next
edit 2
set type double
set displayname "Bandwidth"
next
end
next
edit "traffic.bandwidth.apps.user"
set query "select ft_ifnull(ft_ifnull(app, service), \'unknown\') appnam
e, sum(ifnull(rcvd,0) + ifnull(sent,0) + ifnull(lan_in,0) + ifnull(lan_out,0)) a
s bandwidth from traffic_log where ###timestamp_to_oid(traffic_log)### and ft_i
fnull(ft_ifnull(user,src), \'unknown\')=\'###parameter1###\' and log_id in (2,5,
8,9,10) group by appname order by bandwidth desc limit 10"
config field
edit 1
set displayname "App Name or Service"
next
edit 2
set type double
set displayname "Bandwidth"
next
end
next
edit "traffic.sessions.app_cats"
set query "select ft_ifnull(app_cat, \'unknown\') app_cat, count(*) sess
ions from traffic_log where ###timestamp_to_oid(traffic_log)### and log_id in (2
,5, 8,9,10) group by app_cat order by sessions desc limit 10"
config field
edit 1
set displayname "Application Category"
next
edit 2
set type double
set displayname "Sessions"
next
end
next
edit "traffic.sessions.apps.app_cat"
set query "select ft_ifnull(ft_ifnull(app, service), \'unknown\') appnam
e, count(*) sessions from traffic_log where ###timestamp_to_oid(traffic_log)###
and log_id in (2,5, 8,9,10) and ft_ifnull(app_cat, \'unknown\')=\'###parameter1#
##\' group by appname order by sessions desc limit 10 "
config field
edit 1
set displayname "App Name or Service"
next
edit 2
set type double
set displayname "Sessions"
next
end
next
edit "traffic.sessions.users.app"
set query "select ft_ifnull(ft_ifnull(user,src), \'unknown\') userip, co
unt(*) sessions from traffic_log where ###timestamp_to_oid(traffic_log)### and l
og_id in (2,5, 8,9,10) and ft_ifnull(ft_ifnull(app, service), \'unknown\')=\'###
parameter1###\' group by userip order by sessions desc limit 10"
config field
edit 1
set displayname "User Name or IP"
next
edit 2
set type double
set displayname "Sessions"
next
end
next
edit "traffic.sessions.apps.user"
set query "select ft_ifnull(ft_ifnull(app, service), \'unknown\') appnam
e, count(*) sessions from traffic_log where ###timestamp_to_oid(traffic_log)###
and log_id in (2,5, 8,9,10) and ft_ifnull(ft_ifnull(user,src), \'unknown\')=\'##
#parameter1###\' group by appname order by sessions desc limit 10"
config field
edit 1
set displayname "App Name or Service"
next
edit 2
set type double
set displayname "Sessions"
next
end
next
edit "traffic.bandwidth.users"
set query "select ft_ifnull(ft_ifnull(user,src), \'unknown\') userip, su
m(ifnull(rcvd,0) + ifnull(sent,0) + ifnull(lan_in,0) + ifnull(lan_out,0)) bandwi
dth from traffic_log where ###timestamp_to_oid(traffic_log)### and log_id in (2,
5, 8,9,10) group by userip order by bandwidth desc limit 10"
config field
edit 1
set displayname "User Name or IP"
next
edit 2
set type double
set displayname "Bandwith"
next
end
next
edit "traffic.bandwidth.app_cats.user"
set query "select ft_ifnull(app_cat, \'unknown\') app_cat, sum(ifnull(rc
vd,0) + ifnull(sent,0) + ifnull(lan_in,0) + ifnull(lan_out,0)) bandwidth from tr
affic_log where ###timestamp_to_oid(traffic_log)### and ft_ifnull(ft_ifnull(user
,src), \'unknown\')=\'###parameter1###\' and log_id in (2,5, 8,9,10) group by ap
edit 2
set type double
set displayname "Bandwidth"
next
end
next
edit "traffic.sessions.dstcountries"
set query "create temp table top_dst_country(dst_country text, sessions
integer); insert into top_dst_country select dst_country, count(*) sessions from
traffic_log where ###timestamp_to_oid(traffic_log)### and ft_ifnull(dst_country
,\'\')<>\'\' and log_id in (2,5, 8,9,10) group by dst_country order by sessions
desc limit 9; select * from top_dst_country union select \'others\', sessions fr
om (select count(*) sessions from traffic_log where ###timestamp_to_oid(traffic_
log)### and ft_ifnull(dst_country,\'\')<>\'\' and dst_country not in (select dst
_country from top_dst_country) and log_id in (2,5, 8,9,10) ) where sessions<>0"
config field
edit 1
set displayname "Country"
next
edit 2
set type double
set displayname "Sessions"
next
end
next
edit "traffic.sessions.users.dstcountry"
set query "select ft_ifnull(ft_ifnull(user,src), \'unknown\') userip, co
unt(*) sessions from traffic_log where ###timestamp_to_oid(traffic_log)### and
dst_country=\'###parameter1###\' and log_id in (2,5, 8,9,10) group by userip ord
er by sessions desc limit 10"
config field
edit 1
set displayname "User Name or IP"
next
edit 2
set type double
set displayname "Sessions"
next
end
next
edit "traffic.sessions.dstcountries.user"
set query "select ft_ifnull(dst_country, \'unknown\') dst_country, count
(*) sessions from traffic_log where ###timestamp_to_oid(traffic_log)### and ft_i
fnull(dst_country,\'\')<>\'\' and ft_ifnull(ft_ifnull(user,src), \'unknown\')=\'
###parameter1###\' and log_id in (2,5, 8,9,10) group by dst_country order by se
ssions desc limit 10"
config field
edit 1
set displayname "Country"
next
edit 2
set type double
set displayname "Sessions"
next
end
next
edit "traffic.sessions.apps.dstcountry"
set query "select ft_ifnull(ft_ifnull(app, service), \'unknown\') appnam
e, count(*) sessions from traffic_log where ###timestamp_to_oid(traffic_log)###
and dst_country=\'###parameter1###\' and log_id in (2,5, 8,9,10) group by appnam
edit 1
set displayname "Web Category"
next
edit 2
set type double
set displayname "Requests"
next
end
next
edit "web.blocked-request.users.web_cat"
set query "select ft_ifnull(ft_ifnull(user,src), \'unknown\') userip, co
unt(*) requests from webfilter_log where ###timestamp_to_oid(webfilter_log)### a
nd lower(status) = \'blocked\' and ft_ifnull(cat_desc, \'unknown\')=\'###paramet
er1###\' group by userip order by requests desc limit 10"
config field
edit 1
set displayname "User Name or IP"
next
edit 2
set type double
set displayname "Requests"
next
end
next
edit "web.blocked-request.sites.user"
set query "select ft_ifnull(hostname, \'unknown\') hostname, count(*) re
quests from webfilter_log where ###timestamp_to_oid(webfilter_log)### and lower(
status) = \'blocked\' and ft_ifnull(ft_ifnull(user,src), \'unknown\')=\'###param
eter1###\' group by hostname order by requests desc limit 10"
config field
edit 1
set displayname "Website"
next
edit 2
set type double
set displayname "Requests"
next
end
next
edit "web.requests.phrases"
set query "select keyword, count(*) requests from webfilter_log where ##
#timestamp_to_oid(webfilter_log)### and ft_ifnull(keyword,\'\')<>\'\' group by k
eyword order by requests desc limit 10"
config field
edit 1
set displayname "Keyword"
next
edit 2
set type double
set displayname "Requests"
next
end
next
edit "web.requests.users.phrase"
set query "select ft_ifnull(ft_ifnull(user,src), \'unknown\') userip, co
unt(*) requests from webfilter_log where ###timestamp_to_oid(webfilter_log)### a
nd keyword = \'###parameter1###\' group by userip order by requests desc limit 1
0"
config field
edit 1
edit 2
set type double
set displayname "Requests"
next
end
next
edit "web.blocked-request.users.site"
set query "select ft_ifnull(ft_ifnull(user,src), \'unknown\') userip, co
unt(*) requests from webfilter_log where ###timestamp_to_oid(webfilter_log)### a
nd lower(status) = \'blocked\' and ft_ifnull(hostname, \'unknown\')=\'###paramet
er1###\' group by userip order by requests desc limit 10"
config field
edit 1
set displayname "User Name or IP"
next
edit 2
set type double
set displayname "Requests"
next
end
next
edit "web.bandwidth.sites"
set query "select ft_ifnull(hostname, \'unknown\') hostname, sum(ifnull(
rcvd,0) + ifnull(sent,0)) bandwidth from webfilter_log where ###timestamp_to_oid
(webfilter_log)### group by hostname order by bandwidth desc limit 10"
config field
edit 1
set displayname "Website"
next
edit 2
set type double
set displayname "Bandwidth"
next
end
next
edit "web.bandwidth.users.site"
set query "select ft_ifnull(ft_ifnull(user,src), \'unknown\') userip, su
m(ifnull(rcvd,0) + ifnull(sent,0)) bandwidth from webfilter_log where ###timesta
mp_to_oid(webfilter_log)### and ft_ifnull(hostname, \'unknown\')=\'###parameter1
###\' group by userip order by bandwidth desc limit 10"
config field
edit 1
set displayname "User Name or IP"
next
edit 2
set type double
set displayname "Bandwidth"
next
end
next
edit "web.bandwidth.sites.user"
set query "select ft_ifnull(hostname, \'unknown\') hostname, sum(ifnull(
rcvd,0) + ifnull(sent,0)) bandwidth from webfilter_log where ###timestamp_to_oid
(webfilter_log)### and ft_ifnull(ft_ifnull(user,src), \'unknown\')=\'###paramete
r1###\' group by hostname order by bandwidth desc limit 10"
config field
edit 1
set displayname "Website"
next
edit 2
edit 2
set type double
set displayname "Emails"
next
end
next
edit "email.request.timeperiods.sender"
set query "select ft_localtruncate(timestamp, \'H\') timestamp, \'###par
ameter1###\' sender, count(*) requests from spamfilter_log where ###timestamp_to
_oid(spamfilter_log)### and lower(service) in (\'smtp\', \'25/tcp\', \'smtps\',
\'465/tcp\', \'http\', \'80/tcp\', \'https\', \'443/tcp\') and ft_ifnull(\"from\
", \'unknown\') =\'###parameter1###\' and pri=\'information\' group by timestam
p, sender order by timestamp, user "
config field
edit 1
set type double
set displayname "Date Time"
next
edit 2
set displayname "Email Sender"
next
edit 3
set type double
set displayname "Emails"
next
end
next
edit "email.bandwidth.senders"
set query "select ft_ifnull(\"from\", \'unknown\') sender, sum(ifnull(rc
vd,0) + ifnull(sent,0)) bandwidth from spamfilter_log where ###timestamp_to_oid(
spamfilter_log)### and lower(service) in (\'smtp\', \'25/tcp\', \'smtps\', \'46
5/tcp\', \'http\', \'80/tcp\', \'https\', \'443/tcp\') and pri=\'information\' g
roup by sender order by bandwidth desc limit 10 "
config field
edit 1
set displayname "Email Sender"
next
edit 2
set type double
set displayname "Bandwidth"
next
end
next
edit "email.bandwidth.timeperiods.sender"
set query "select ft_localtruncate(timestamp, \'H\') timestamp, \'###par
ameter1###\' sender, sum(ifnull(rcvd,0) + ifnull(sent,0)) bandwidth from spamfil
ter_log where ###timestamp_to_oid(spamfilter_log)### and lower(service) in (\'sm
tp\', \'25/tcp\', \'smtps\', \'465/tcp\', \'http\', \'80/tcp\', \'https\', \'443
/tcp\') and ft_ifnull(\"from\", \'unknown\')=\'###parameter1###\' and pri=\'info
rmation\' group by timestamp, user order by timestamp, sender "
config field
edit 1
set type double
set displayname "Date Time"
next
edit 2
set displayname "Email Sender"
next
edit 3
set type double
config field
edit 1
set displayname "User Name or IP"
next
edit 2
set type double
set displayname "Occurrence"
next
end
next
edit "virus.count.viruses.user"
set query "select ft_ifnull(virus, \'unknown\') virus, count(*) virus_co
unt from antivirus_log where ###timestamp_to_oid(antivirus_log)### and lower(sub
type)=\'infected\' and ft_ifnull(ft_ifnull(user,src), \'unknown\')=\'###paramete
r1###\' group by virus order by virus_count desc limit 10"
config field
edit 1
set displayname "Virus Name"
next
edit 2
set type double
set displayname "Occurrence"
next
end
next
edit "virus.count.users"
set query "select ft_ifnull(ft_ifnull(user,src), \'unknown\') userip, co
unt(*) virus_count from antivirus_log where ###timestamp_to_oid(antivirus_log)##
# and lower(subtype)=\'infected\' group by userip order by virus_count desc limi
t 10"
config field
edit 1
set displayname "User Name or IP"
next
edit 2
set type double
set displayname "Occurrence"
next
end
next
edit "virus.count.protocols"
set query "select ft_ifnull(service, \'unknown\') service, count(*) viru
s_count from antivirus_log where ###timestamp_to_oid(antivirus_log)### and lower
(subtype)=\'infected\' group by service order by virus_count desc limit 10"
config field
edit 1
set displayname "Service"
next
edit 2
set type double
set displayname "Occurrence"
next
end
next
edit "virus.count.viruses.protocol"
set query "select ft_ifnull(virus, \'unknown\') virus, count(*) virus_co
unt from antivirus_log where ###timestamp_to_oid(antivirus_log)### and lower(sub
type)=\'infected\' and ft_ifnull(service, \'unknown\')=\'###parameter1###\' grou
p by virus order by virus_count desc limit 10"
config field
edit 1
set displayname "Virus Name"
next
edit 2
set type double
set displayname "Occurrence"
next
end
next
edit "attack.count.critical-attacks"
set query "select ft_ifnull(attack_name, \'unknown\') attack_name, count
(*) attack_count from attack_log where ###timestamp_to_oid(attack_log)### and lo
wer(severity) in (\'critical\', \'high\') group by attack_name order by attack_c
ount desc limit 10"
config field
edit 1
set displayname "Attack Name"
next
edit 2
set type double
set displayname "Occurrence"
next
end
next
edit "attack.count.users.critical-attack"
set query "select ft_ifnull(ft_ifnull(user,src), \'unknown\') userip, co
unt(*) attack_count from attack_log where ###timestamp_to_oid(attack_log)### and
lower(severity) in (\'critical\', \'high\') and ft_ifnull(attack_name, \'unknow
n\')=\'###parameter1###\' group by userip order by attack_count desc limit 10"
config field
edit 1
set displayname "User Name or IP"
next
edit 2
set type double
set displayname "Occurrence"
next
end
next
edit "attack.count.critical-attacks.user"
set query "select ft_ifnull(attack_name, \'unknown\') attack_name, count
(*) attack_count from attack_log where ###timestamp_to_oid(attack_log)### and lo
wer(severity) in (\'critical\', \'high\') and ft_ifnull(ft_ifnull(user,src), \'u
nknown\')=\'###parameter1###\' group by attack_name order by attack_count desc l
imit 10"
config field
edit 1
set displayname "Attack Name"
next
edit 2
set type double
set displayname "Occurrence"
next
end
next
edit "attack.count.attacks"
set query "select ft_ifnull(attack_name, \'unknown\') attack_name, count
(*) attack_count from attack_log where ###timestamp_to_oid(attack_log)### group
by attack_name order by attack_count desc limit 10"
config field
edit 1
set displayname "Attack Name"
next
edit 2
set type double
set displayname "Occurrence"
next
end
next
edit "attack.count.users.attack"
set query "select ft_ifnull(ft_ifnull(user,src), \'unknown\') userip, co
unt(*) attack_count from attack_log where ###timestamp_to_oid(attack_log)### and
ft_ifnull(attack_name, \'unknown\')=\'###parameter1###\' group by userip order
by attack_count desc limit 10"
config field
edit 1
set displayname "User Name or IP"
next
edit 2
set type double
set displayname "Occurrence"
next
end
next
edit "attack.count.attacks.user"
set query "select ft_ifnull(attack_name, \'unknown\') attack_name, count
(*) attack_count from attack_log where ###timestamp_to_oid(attack_log)### and ft
_ifnull(ft_ifnull(user,src), \'unknown\')=\'###parameter1###\' group by attack_n
ame order by attack_count desc limit 10"
config field
edit 1
set displayname "Attack Name"
next
edit 2
set type double
set displayname "Occurrence"
next
end
next
edit "vpn.bandwidth.static-tunnels"
set query "select vpn, sum(ifnull(rcvd,0) + ifnull(sent,0) + ifnull(lan_
in,0) + ifnull(lan_out,0)) bandwidth FROM traffic_log where ###timestamp_to_oid(
traffic_log)### and ft_ifnull(vpn,\' \')!=\' \' and lower(status)=\'accept\' and
lower(vpn_type)=\'ipsec-static\' group by vpn order by bandwidth desc limit 10"
config field
edit 1
set displayname "VPN Tunnel"
next
edit 2
set type double
set displayname "Bandwidth"
next
end
next
edit "vpn.bandwidth.users.static-tunnel"
set query "select ft_ifnull(ft_ifnull(user,src), \'unknown\') userip, su
m(ifnull(rcvd,0) + ifnull(sent,0) + ifnull(lan_in,0) + ifnull(lan_out,0)) bandwi
dth FROM traffic_log where ###timestamp_to_oid(traffic_log)### and vpn=\'###para
meter1###\' and lower(status)=\'accept\' and lower(vpn_type)=\'ipsec-static\' gr
oup by userip order by bandwidth desc limit 10"
config field
edit 1
set displayname "User Name or IP"
next
edit 2
set type double
set displayname "Bandwidth"
next
end
next
edit "vpn.bandwidth.static-tunnels.user"
set query "select vpn, sum(ifnull(rcvd,0) + ifnull(sent,0) + ifnull(lan_
in,0) + ifnull(lan_out,0)) bandwidth FROM traffic_log where ###timestamp_to_oid(
traffic_log)### and ft_ifnull(vpn,\' \')!=\' \' and lower(status)=\'accept\' and
ft_ifnull(ft_ifnull(user,src), \'unknown\')=\'###parameter1###\' and lower(vpn_
type)=\'ipsec-static\' group by vpn order by bandwidth desc limit 10"
config field
edit 1
set displayname "VPN Tunnel"
next
edit 2
set type double
set displayname "Bandwidth"
next
end
next
edit "vpn.bandwidth.ssl-sources"
set query "select ft_ifnull(remote_ip, \'unknown\') remote_ip, sum(rcvd+
sent) bandwidth from event_log where ###timestamp_to_oid(event_log)### and lower
(subtype) = \'sslvpn-user\' and lower(action)=\'tunnel-down\' group by remote_ip
order by bandwidth desc limit 10"
config field
edit 1
set displayname "VPN Tunnel"
next
edit 2
set type double
set displayname "Bandwidth"
next
end
next
edit "vpn.bandwidth.users.ssl-source"
set query "select ft_ifnull(ft_ifnull(user,src), \'unknown\') userip, su
m(rcvd+sent) bandwidth from event_log where ###timestamp_to_oid(event_log)### an
d lower(subtype)=\'sslvpn-user\' and lower(action)=\'tunnel-down\' and ft_ifnull
(remote_ip, \'unknown\')=\'###parameter1###\' group by userip order by bandwidth
desc limit 10"
config field
edit 1
set displayname "User Name or IP"
next
edit 2
set type double
set displayname "Bandwidth"
next
end
next
edit "vpn.bandwidth.ssl-sources.user"
set query "select ft_ifnull(remote_ip, \'unknown\') remote_ip, sum(rcvd+
sent) bandwidth from event_log where ###timestamp_to_oid(event_log)### and lower
end
next
end
config report chart
edit "appctrl.Count.Bandwidth.Top10.Apps.last24h"
set comments "Top 10 Application Bandwidth Usage Per Hour Summary"
set dataset "appctrl.Count.Bandwidth.Top10.Apps"
set category traffic
set graph-type flow
config x-series
set databind "field(1)"
set is-category no
set scale-format HH-MM
set scale-number-of-step 24
set scale-unit hour
end
config y-series
set databind "field(3)"
set group "field(2)"
end
next
edit "appctrl.Count.Bandwidth.Top10.P2PUser.last24h"
set comments "Top10 P2P User Bandwidth Usage Per Hour Summary"
set dataset "appctrl.Count.Bandwidth.Top10.P2PUser"
set category traffic
set graph-type flow
config x-series
set databind "field(1)"
set is-category no
set scale-format HH-MM
set scale-number-of-step 24
set scale-unit hour
end
config y-series
set databind "field(3)"
set group "field(2)"
end
next
edit "appctrl.Count.Bandwidth.Top10.MediaUser.last24h"
set comments "Top10 Media User Bandwidth Usage Per Hour Summary"
set dataset "appctrl.Count.Bandwidth.Top10.MediaUser"
set category traffic
set graph-type flow
config x-series
set databind "field(1)"
set is-category no
set scale-format HH-MM
set scale-number-of-step 24
set scale-unit hour
end
config y-series
set databind "field(3)"
set group "field(2)"
end
next
edit "appctrl.Top10.Users.Web.last24h"
set comments "Top 10 Web Users In Last 24 Hours"
set dataset "appctrl.Top10.Users.Web"
set category app-ctrl
next
edit "appctrl.Top10.Users.Media.last24h"
set comments "Top 10 Media Users In Last 24 Hours"
set dataset "appctrl.Top10.Users.Media"
set category app-ctrl
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "appctrl.Top10.Users.Email.last24h"
set comments "Top 10 Email Users In Last 24 Hours"
set dataset "appctrl.Top10.Users.Email"
set category app-ctrl
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "appctrl.Top10.Media.Source.last24h"
set comments "Top 10 Media Downloads By Source In Last 24 Hours"
set dataset "appctrl.Top10.Media.Source"
set category app-ctrl
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "appctrl.Top10.Media.Dest.last24h"
set comments "Top 10 Media Downloads By Destination In Last 24 Hours"
set dataset "appctrl.Top10.Media.Dest"
set category app-ctrl
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "appctrl.Top10.Apps.Bandwidth.last24h"
set comments "Top 10 Applications By Bandwidth In Last 24 Hours"
set dataset "appctrl.Top10.Apps.Bandwidth"
set category app-ctrl
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "appctrl.Top10.Apps.Used.last24h"
set comments "Top 10 Applications Used In Last 24 Hours"
set dataset "appctrl.Top10.Apps.Used"
set category app-ctrl
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "appctrl.Top10.P2P.Users.last24h"
set comments "Top 10 P2P Users In Last 24 Hours"
set dataset "appctrl.Top10.P2P.Users"
set category app-ctrl
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "appctrl.Top10.P2P.App.Volume.last24h"
set comments "Top 10 P2P Volume Per Application Last 24 Hours"
set dataset "appctrl.Top10.P2P.App.Volume"
set category app-ctrl
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "appctrl.Top10.P2P.Local.Peers.Blocked.last24h"
set comments "Top 10 Blocked P2P Local Peers Over Last 24 Hours"
set dataset "appctrl.Top10.P2P.Local.Peers.Blocked"
set category app-ctrl
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "appctrl.Top10.P2P.Local.Peers.BitTorrent.Blocked.last24h"
set comments "Top 10 Blocked Bittorrent Local Peers Over Last 24 Hours"
set dataset "appctrl.Top10.P2P.Local.Peers.BitTorrent.Blocked"
set category app-ctrl
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "appctrl.Top10.P2P.Local.Peers.eDonkey.Blocked.last24h"
set comments "Top 10 Blocked eDonkey Local Peers Over Last 24 Hours"
set dataset "appctrl.Top10.P2P.Local.Peers.eDonkey.Blocked"
set category app-ctrl
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "appctrl.Top10.P2P.Local.Peers.Gnutella.Blocked.last24h"
set comments "Top 10 Blocked Gnutella Local Peers Over Last 24 Hours"
set dataset "appctrl.Top10.P2P.Local.Peers.Gnutella.Blocked"
set category app-ctrl
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "appctrl.Top10.P2P.Local.Peers.KaZaa.Blocked.last24h"
set comments "Top 10 Blocked KaZaa Local Peers Over Last 24 Hours"
set dataset "appctrl.Top10.P2P.Local.Peers.KaZaa.Blocked"
set category app-ctrl
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "appctrl.Top10.P2P.Local.Peers.Skype.Blocked.last24h"
set comments "Top 10 Blocked Skype Local Peers Over Last 24 Hours"
set dataset "appctrl.Top10.P2P.Local.Peers.Skype.Blocked"
set category app-ctrl
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "appctrl.Top10.P2P.Local.Peers.WinNY.Blocked.last24h"
set comments "Top 10 Blocked WinNY Local Peers Over Last 24 Hours"
set dataset "appctrl.Top10.P2P.Local.Peers.WinNY.Blocked"
set category app-ctrl
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "appctrl.Top10.P2P.Local.Peers.Allowed.last24h"
set comments "Top 10 Allowed P2P Local Peers Over Last 24 Hours"
set dataset "appctrl.Top10.P2P.Local.Peers.Allowed"
set category app-ctrl
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "appctrl.Top10.P2P.Local.Peers.BitTorrent.Allowed.last24h"
set comments "Top 10 Allowed Bittorrent Local Peers Over Last 24 Hours"
set dataset "appctrl.Top10.P2P.Local.Peers.BitTorrent.Allowed"
set category app-ctrl
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "appctrl.Top10.P2P.Local.Peers.eDonkey.Allowed.last24h"
set comments "Top 10 Allowed eDonkey Local Peers Over Last 24 Hours"
set dataset "appctrl.Top10.P2P.Local.Peers.eDonkey.Allowed"
set category app-ctrl
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "appctrl.Top10.P2P.Local.Peers.Gnutella.Allowed.last24h"
set comments "Top 10 Allowed Gnutella Local Peers Over Last 24 Hours"
set dataset "appctrl.Top10.P2P.Local.Peers.Gnutella.Allowed"
set category app-ctrl
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "appctrl.Top10.P2P.Local.Peers.KaZaa.Allowed.last24h"
set comments "Top 10 Allowed KaZaa Local Peers Over Last 24 Hours"
set dataset "appctrl.Top10.P2P.Local.Peers.KaZaa.Allowed"
set category app-ctrl
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "appctrl.Top10.P2P.Local.Peers.Skype.Allowed.last24h"
set comments "Top 10 Allowed Skype Local Peers Over Last 24 Hours"
set dataset "appctrl.Top10.P2P.Local.Peers.Skype.Allowed"
set category app-ctrl
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "appctrl.Top10.P2P.Local.Peers.WinNY.Allowed.last24h"
set comments "Top 10 Allowed WinNY Local Peers Over Last 24 Hours"
set dataset "appctrl.Top10.P2P.Local.Peers.WinNY.Allowed"
set category app-ctrl
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "appctrl.Dist.Type.last24h"
set comments "Distribution Of Apps By Type In Last 24 Hours"
set dataset "appctrl.Dist.Type"
set category app-ctrl
set graph-type pie
config category-series
set databind "field(1)"
end
config value-series
set databind "field(2)"
end
next
edit "appctrl.Count.P2P.Events.last24h"
set comments "Count Of P2P Pass/Block Events Over Last 24 Hours"
set dataset "appctrl.Count.P2P.Events"
set category app-ctrl
set graph-type flow
config x-series
set databind "field(1)"
set is-category no
set scale-format HH-MM
set scale-number-of-step 24
set scale-unit hour
end
config y-series
set databind "field(3)"
set group "field(2)"
end
next
edit "attack.Top10.last24h"
set comments "Top 10 Attacks Over The Last 24 Hours"
set dataset "attack.Top10"
set category attack
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set caption "Occurrences"
set databind "field(2)"
end
next
edit "attack.Top10.Source.last24h"
set comments "Top 10 Attack Sources Over The Last 24 Hours"
set dataset "attack.Top10.Source"
set category attack
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "attack.Top10.Dest.last24h"
set comments "Top 10 Attack Destinations Over The Last 24 Hours"
set dataset "attack.Top10.Dest"
set category attack
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "attack.Dist.Protocol.last24h"
set comments "Distribution Of Attack Protocols Over The Last 24 Hours"
set dataset "attack.Dist.Protocol"
set category app-ctrl
set graph-type pie
config category-series
set databind "field(1)"
end
config value-series
set databind "field(2)"
end
next
edit "av.Top10.Viruses.last24h"
set comments "Top 10 Viruses Detected In Last 24 Hours"
set dataset "av.Top10.Viruses"
set category virus
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "av.Top10.Sources.last24h"
set comments "Top 10 Virus Sources In Last 24 Hours"
set dataset "av.Top10.Sources"
set category virus
set graph-type bar
config x-series
edit "email.Top10.Senders.last24h"
set comments "Top 10 Senders Over Last 24 Hours"
set dataset "email.Top10.Senders"
set category spam
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "email.Top10.Receivers.last24h"
set comments "Top 10 Receivers Over Last 24 Hours"
set dataset "email.Top10.Receivers"
set category spam
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "email.Top10.Spam.Sources.last24h"
set comments "Top 10 Spam Sources Over Last 24 Hours"
set dataset "email.Top10.Spam.Sources"
set category spam
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "email.Usage.Incoming.last24h"
set comments "Number Of Incoming Mails (Pop3/IMAP) Over Last 24 Hours"
set dataset "email.Usage.Incoming"
set category spam
set graph-type line
config x-series
set databind "field(1)"
set is-category no
set scale-format HH-MM
set scale-number-of-step 24
set scale-unit hour
end
config y-series
set databind "field(2)"
end
next
edit "email.Usage.Outgoing.last24h"
set comments "Number Of Outgoing Mails (SMTP) Over Last 24 Hours"
set dataset "email.Usage.Outgoing"
set category spam
set graph-type line
config x-series
set databind "field(1)"
set is-category no
next
edit "event.Top10.Emergency.last24h"
set comments "Top 10 Emergency Events In Last 24 Hours"
set dataset "event.Top10.Emergency"
set category event
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "event.Usage.Mem.last24h"
set comments "Memory Usage Over Last 24 Hours"
set dataset "event.Usage.Mem"
set category event
set graph-type line
config x-series
set databind "field(1)"
set is-category no
set scale-format HH-MM
set scale-number-of-step 24
set scale-unit hour
end
config y-series
set databind "field(2)"
end
next
edit "event.Usage.CPU.last24h"
set comments "CPU Usage Over Last 24 Hours"
set dataset "event.Usage.CPU"
set category event
set graph-type line
config x-series
set databind "field(1)"
set is-category no
set scale-format HH-MM
set scale-number-of-step 24
set scale-unit hour
end
config y-series
set databind "field(2)"
end
next
edit "event.Dist.last24h"
set comments "Event Distribution Over Last 24 Hours"
set dataset "event.Dist"
set category event
set graph-type pie
config category-series
set databind "field(1)"
end
config value-series
set databind "field(2)"
end
next
edit "event.Count.Sessions.last24h"
set comments "Count Of Active Firewall Sessions Over The Last 24 Hours"
set dataset "event.Count.Sessions"
end
next
edit "traffic.Top10.IM.Users.Blocked.last24h"
set comments "Top 10 Blocked IM Users Over The Last 24 Hours"
set dataset "traffic.Top10.IM.Users.Blocked"
set category traffic
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "traffic.Dist.IM.Protocol.last24h"
set comments "Distribution Of IM Events Per Protocol Over Last 24 Hours"
set dataset "traffic.Dist.IM.Protocol"
set category traffic
set graph-type pie
config category-series
set databind "field(1)"
end
config value-series
set databind "field(2)"
end
next
edit "traffic.Top10.Network.Dest.Volume.last24h"
set comments "Top 10 Network Destinations By Volume Over Last 24 Hours"
set dataset "traffic.Top10.Network.Dest.Volume"
set category traffic
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "traffic.Top10.Network.Source.Volume.last24h"
set comments "Top 10 Network Sources By Volume Over Last 24 Hours"
set dataset "traffic.Top10.Network.Source.Volume"
set category traffic
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "traffic.Top10.Network.Users.Source.Bandwidth.last24h"
set comments "Top 10 Users By Bandwidth And Source Over Last 24 Hours"
set dataset "traffic.Top10.Network.Users.Source.Bandwidth"
set category traffic
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "traffic.Top10.Network.Dest.Blocked.last24h"
set comments "Top 10 Network Destinations Blocked (Denied) Over Last 24
Hours"
set dataset "traffic.Top10.Network.Dest.Blocked"
set category traffic
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "traffic.Top10.Network.Source.Blocked.last24h"
set comments "Top 10 Network Sources Blocked (Denied) Over Last 24 Hours
"
set dataset "traffic.Top10.Network.Source.Blocked"
set category traffic
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "traffic.Top10.Network.Policies.Blocked.last24h"
set comments "Top 10 Network Policies Blocked (Denied) Over Last 24 Hour
s"
set dataset "traffic.Top10.Network.Policies.Blocked"
set category traffic
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set databind "field(2)"
end
next
edit "traffic.Dist.Network.Bandwidth.last24h"
set comments "Network Bandwidth Composition Over Last 24 Hours"
set dataset "traffic.Dist.Network.Bandwidth"
set category traffic
set graph-type bar
config x-series
set databind "field(1)"
set is-category no
set scale-format HH-MM
set scale-number-of-step 24
set scale-unit hour
end
config y-series
set databind "field(2)"
end
next
edit "traffic.Count.Network.Session.last24h"
set comments "Count Of Network Sessions Over Last 24 Hours"
set dataset "traffic.Count.Network.Session"
end
next
edit "netscan.Dist.Vuln.Severity.last24h"
set comments "Distribution Of Vulnerabilities By Severity Over Last 24 H
ours"
set dataset "netscan.Dist.Vuln.Severity"
set category vulnerability
set graph-type pie
config category-series
set databind "field(1)"
end
config value-series
set databind "field(2)"
end
next
edit "netscan.Dist.Vuln.Category.last24h"
set comments "Distribution Of Vulnerabilities By Category Over Last 24 H
ours"
set dataset "netscan.Dist.Vuln.Category"
set category vulnerability
set graph-type pie
config category-series
set databind "field(1)"
end
config value-series
set databind "field(2)"
end
next
edit "traffic.bandwidth.apps.app_cat"
set drill-down-chart "traffic.bandwidth.users.app"
set dataset "traffic.bandwidth.apps.app_cat"
set category traffic
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set caption "Bandwidth Usage"
set databind "field(2)"
end
set title "Top Applications for Category by Bandwidth"
next
edit "traffic.bandwidth.app_cats.user"
set drill-down-chart "traffic.bandwidth.apps.app_cat"
set dataset "traffic.bandwidth.app_cats.user"
set category traffic
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set caption "Bandwidth Usage"
set databind "field(2)"
end
set title "Top Categories for User by Bandwidth"
next
edit "traffic.bandwidth.users"
set drill-down-chart "traffic.bandwidth.app_cats.user"
set dataset "traffic.bandwidth.users"
set category traffic
edit "traffic.sessions.app_cats"
set drill-down-chart "traffic.sessions.apps.app_cat"
set dataset "traffic.sessions.app_cats"
set category traffic
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set caption "Sessions"
set databind "field(2)"
end
set title "Top Application Categories by Sessions"
next
edit "traffic.bandwidth.wanopt"
set dataset "traffic.bandwidth.wanopt"
set graph-type pie
config category-series
set databind "field(1)"
end
config value-series
set databind "field(2)"
end
set title "Wan Optimization & Cache Performance"
next
edit "traffic.bandwidth.dstcountries"
set drill-down-chart "traffic.bandwidth.users.dstcountry"
set dataset "traffic.bandwidth.dstcountries"
set graph-type pie
config category-series
set databind "field(1)"
end
config value-series
set databind "field(2)"
end
set title "Top Destination Countries by Bandwidth Usage"
next
edit "traffic.bandwidth.users.dstcountry"
set drill-down-chart "traffic.bandwidth.dstcountries.user"
set dataset "traffic.bandwidth.users.dstcountry"
set category traffic
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set caption "Bandwidth Usage"
set databind "field(2)"
end
set title "Top Users for Destination Country by Bandwidth Usage"
next
edit "traffic.bandwidth.dstcountries.user"
set drill-down-chart "traffic.bandwidth.apps.dstcountry"
set dataset "traffic.bandwidth.dstcountries.user"
set category traffic
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
edit "web.requests.phrases"
set drill-down-chart "web.requests.users.phrase"
set dataset "web.requests.phrases"
set category webfilter
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set caption "Requests"
set databind "field(2)"
end
set title "Top Search Phrases"
next
edit "web.allowed-request.users.site"
set dataset "web.allowed-request.users.site"
set category webfilter
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set caption "Requests"
set databind "field(2)"
end
set title "Top Allowed Users for Web Site by Requests"
next
edit "web.allowed-request.sites"
set drill-down-chart "web.allowed-request.users.site"
set dataset "web.allowed-request.sites"
set category webfilter
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set caption "Requests"
set databind "field(2)"
end
set title "Top Allowed Web Sites by Requests"
next
edit "web.blocked-request.users.site"
set dataset "web.blocked-request.users.site"
set category webfilter
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set caption "Requests"
set databind "field(2)"
end
set title "Top Blocked Users for Web Site by Requests"
next
edit "web.blocked-request.sites"
set drill-down-chart "web.blocked-request.users.site"
set dataset "web.blocked-request.sites"
set category webfilter
set graph-type bar
config x-series
set title "Top Video Streaming Web Sites for User by Bandwidth"
next
edit "web.bandwidth.users.stream-site"
set drill-down-chart "web.bandwidth.stream-sites.user"
set dataset "web.bandwidth.users.stream-site"
set category webfilter
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set caption "Bandwidth Usage"
set databind "field(2)"
end
set title "Top Users for Video Streaming Web Site by Bandwidth"
next
edit "web.bandwidth.stream-sites"
set drill-down-chart "web.bandwidth.users.stream-site"
set dataset "web.bandwidth.stream-sites"
set category webfilter
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set caption "Bandwidth Usage"
set databind "field(2)"
end
set title "Top Video Streaming Web Sites by Bandwidth"
next
edit "email.request.timeperiods.sender"
set dataset "email.request.timeperiods.sender"
set category spam
set graph-type line
config x-series
set databind "field(1)"
set is-category no
set scale-format HH-MM
set scale-number-of-step 24
set scale-origin min
set scale-unit hour
end
config y-series
set caption "Emails"
set databind "field(3)"
set group "field(2)"
end
set title "Number of emails from Sender"
next
edit "email.request.senders"
set drill-down-chart "email.request.timeperiods.sender"
set dataset "email.request.senders"
set category spam
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set caption "Emails"
set databind "field(2)"
end
set title "Top Email Senders"
next
edit "email.bandwidth.timeperiods.sender"
set dataset "email.bandwidth.timeperiods.sender"
set category spam
set graph-type line
config x-series
set databind "field(1)"
set is-category no
set scale-format HH-MM
set scale-number-of-step 24
set scale-origin min
set scale-unit hour
end
config y-series
set caption "Bandwidth Usage"
set databind "field(3)"
set group "field(2)"
end
set title "Email Bandwidth Usage from Sender"
next
edit "email.bandwidth.senders"
set drill-down-chart "email.bandwidth.timeperiods.sender"
set dataset "email.bandwidth.senders"
set category spam
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set caption "Bandwidth Usage"
set databind "field(2)"
end
set title "Top Email Senders by Bandwidth"
next
edit "email.request.timeperiods.receiver"
set dataset "email.request.timeperiods.receiver"
set category spam
set graph-type line
config x-series
set databind "field(1)"
set is-category no
set scale-format HH-MM
set scale-number-of-step 24
set scale-origin min
set scale-unit hour
end
config y-series
set caption "Emails"
set databind "field(3)"
set group "field(2)"
end
set title "Number of emails to Recipient"
next
edit "email.request.receivers"
set drill-down-chart "email.request.timeperiods.receiver"
set dataset "email.request.receivers"
set category spam
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set caption "Emails"
set databind "field(2)"
end
set title "Top Email Recipients"
next
edit "virus.count.viruses.user"
set dataset "virus.count.viruses.user"
set category virus
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set caption "Occurrences"
set databind "field(2)"
end
set title "Top Viruses for User"
next
edit "virus.count.users.virus"
set drill-down-chart "virus.count.viruses.user"
set dataset "virus.count.users.virus"
set category virus
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set caption "Occurrences"
set databind "field(2)"
end
set title "Top Users Targeted by Virus"
next
edit "virus.count.viruses"
set drill-down-chart "virus.count.users.virus"
set dataset "virus.count.viruses"
set category virus
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set caption "Occurrences"
set databind "field(2)"
end
set title "Top Viruses"
next
edit "virus.count.users"
set drill-down-chart "virus.count.viruses.user"
set dataset "virus.count.users"
set category virus
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set caption "Occurrences"
set
set
set
set
drill-down-chart "attack.count.users.critical-attack"
dataset "attack.count.critical-attacks"
category attack
graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set caption "Occurrences"
set databind "field(2)"
end
set title "Top High/Critical Attacks"
next
edit "attack.count.attacks.user"
set dataset "attack.count.attacks.user"
set category attack
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set caption "Occurrences"
set databind "field(2)"
end
set title "Top Attacks for User"
next
edit "attack.count.users.attack"
set drill-down-chart "attack.count.attacks.user"
set dataset "attack.count.users.attack"
set category attack
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set caption "Occurrences"
set databind "field(2)"
end
set title "Top 10 Users for Attack"
next
edit "attack.count.attacks"
set drill-down-chart "attack.count.users.attack"
set dataset "attack.count.attacks"
set category attack
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set caption "Occurrences"
set databind "field(2)"
end
set title "Top Attacks"
next
edit "vpn.bandwidth.static-tunnels.user"
set dataset "vpn.bandwidth.static-tunnels.user"
set category traffic
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set caption "Bandwidth Usage"
set databind "field(2)"
end
set title "Top VPN Tunnels for User"
next
edit "vpn.bandwidth.users.static-tunnel"
set drill-down-chart "vpn.bandwidth.static-tunnels.user"
set dataset "vpn.bandwidth.users.static-tunnel"
set category traffic
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set caption "Bandwidth Usage"
set databind "field(2)"
end
set title "Top Users for VPN Tunnel"
next
edit "vpn.bandwidth.static-tunnels"
set drill-down-chart "vpn.bandwidth.users.static-tunnel"
set dataset "vpn.bandwidth.static-tunnels"
set category traffic
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set caption "Bandwidth Usage"
set databind "field(2)"
end
set title "Top VPN Tunnels"
next
edit "vpn.bandwidth.ssl-sources.user"
set dataset "vpn.bandwidth.ssl-sources.user"
set category traffic
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set caption "Bandwidth Usage"
set databind "field(2)"
end
set title "Top Sources of SSL-VPN Tunnels for User"
next
edit "vpn.bandwidth.users.ssl-source"
set drill-down-chart "vpn.bandwidth.ssl-sources.user"
set dataset "vpn.bandwidth.users.ssl-source"
set category traffic
set graph-type bar
config x-series
set databind "field(1)"
end
config y-series
set caption "Bandwidth Usage"
set databind "field(2)"
end
set
set
set
set
set
next
edit "default.pdf_default"
set options font text
set font-family Helvetica
set font-size "10"
set line-height "120%"
next
edit "default.page"
set options margin column
set column-gap "10"
set margin-bottom "36"
set margin-left "36"
set margin-right "36"
set margin-top "36"
next
edit "default.page_header"
set options margin border
set border-bottom "1px solid black"
set margin-bottom "10"
next
edit "default.page_footer"
set options margin border
set border-top "1px solid black"
set margin-top "10"
next
edit "default.toc_title"
set options font text margin
set font-size "xx-large"
set font-weight bold
set line-height "120%"
set margin-bottom "5"
set margin-top "10"
next
edit "default.toc_heading1"
set options font text
set font-size "x-large"
set font-weight bold
set line-height "120%"
next
edit "default.toc_heading2"
set options font text margin
set font-size "large"
set line-height "120%"
set margin-left "10"
next
edit "default.toc_heading3"
set options font text margin
set font-style italic
set line-height "120%"
set margin-left "20"
next
edit "default.toc_heading4"
set options font text margin
set font-size "small"
set font-style italic
next
edit "default-new.graph"
set options size margin
set height "450"
set margin-bottom "5"
set width "750"
next
edit "default.table"
set options font margin border
set border-bottom "1px solid black"
set border-left "1px solid black"
set border-right "1px solid black"
set border-top "1px solid black"
set font-size "small"
set margin-bottom "5"
next
edit "default.table_caption"
set options font color align
set align center
set bg-color "black"
set fg-color "white"
set font-weight bold
next
edit "default.table_head"
set options font color
set bg-color "4b5362"
set fg-color "white"
set font-weight bold
next
edit "default.table_odd_row"
set options color
set bg-color "edf5ff"
next
edit "default.table_even_row"
next
edit "align_right"
set options align
set align right
next
edit "align_center"
set options align
set align center
next
edit "timeinfo_text"
set options font align margin
set align center
set font-size "small"
set font-style italic
set margin-top "300"
next
edit "info_text"
set options margin
set margin-left "120"
set margin-right "80"
set margin-top "20"
next
edit "logo_img"
set options align margin
set align center
set margin-top "100"
next
edit "summary.html_default"
set options font text color
set bg-color "FFFFFF"
set font-family Verdana
set font-size "12"
set line-height "120%"
next
edit "summary.pdf_default"
set options font text
set font-family Helvetica
set font-size "9"
set line-height "120%"
next
edit "summary.page"
set options margin column
set column-gap "10"
set margin-bottom "36"
set margin-left "36"
set margin-right "36"
set margin-top "36"
next
edit "summary.page_header"
next
edit "summary.page_footer"
set options margin
set margin-top "10"
next
edit "summary.toc_title"
set options font text margin
set font-size "xx-large"
set font-weight bold
set line-height "120%"
set margin-bottom "5"
set margin-top "10"
next
edit "summary.toc_heading1"
set options font text
set font-size "x-large"
set font-weight bold
set line-height "120%"
next
edit "summary.toc_heading2"
set options font text margin
set font-size "large"
set line-height "120%"
set margin-left "10"
next
edit "summary.toc_heading3"
set options font text margin
set font-style italic
set line-height "120%"
set margin-left "20"
next
edit "summary.toc_heading4"
set options font text margin
set font-size "small"
set font-style italic
set line-height "120%"
set margin-left "30"
next
edit "summary.report_title"
set options font text align margin column
set align center
set column-span all
set font-size "xx-large"
set font-weight bold
set line-height "120%"
set margin-bottom "5"
next
edit "summary.report_subtitle"
next
edit "summary.heading1"
set options font text align margin
set align center
set font-size "medium"
set font-weight bold
set line-height "120%"
set margin-bottom "5"
next
edit "summary.heading2"
set options font text align margin
set align center
set font-size "small"
set font-weight bold
set line-height "120%"
set margin-bottom "5"
next
edit "summary.heading3"
next
edit "summary.heading4"
next
edit "summary.text"
set options margin
set margin-bottom "5"
next
edit "summary.image"
set options margin
set margin-bottom "5"
next
edit "summary.hline"
set options color size margin
set fg-color "black"
set height "1"
set margin-bottom "5"
next
edit "summary.graph"
set options size margin border
set border-bottom "1px solid black"
set border-left "1px solid black"
set border-right "1px solid black"
set border-top "1px solid black"
set height "300"
set margin-bottom "5"
set width "500"
next
edit "summary.table"
set options font margin border
set border-bottom "1px solid black"
set border-left "1px solid black"
set
set
set
set
next
edit "summary.table_caption"
set options font color align
set align center
set bg-color "black"
set fg-color "white"
set font-weight bold
next
edit "summary.table_head"
set options font color
set bg-color "4b5362"
set fg-color "white"
set font-weight bold
next
edit "summary.table_odd_row"
set options color
set bg-color "edf5ff"
next
edit "summary.table_even_row"
next
edit "summary_info_text"
set options font align margin column
set align center
set column-span all
set font-size "small"
set margin-bottom "15"
set margin-left "120"
set margin-right "80"
next
edit "report-cover1"
set options size
set height "109"
set width "800"
next
edit "report-cover2"
set options font text color align margin
set align right
set fg-color "ff0000"
set font-size "28"
set font-weight bold
set margin-bottom "36"
set margin-top "100"
next
edit "report-cover3"
set options font text align
set align right
set font-size "18"
next
edit "report-cover4"
set options align margin
set align right
set margin-top "10"
next
end
config report theme
edit "default"
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
default-html-style "default.html_default"
default-pdf-style "default.pdf_default"
graph-chart-style "default.graph"
heading1-style "default.heading1"
heading2-style "default.heading2"
heading3-style "default.heading3"
heading4-style "default.heading4"
hline-style "default.hline"
image-style "default.image"
normal-text-style "default.text"
page-footer-style "default.page_footer"
page-header-style "default.page_header"
page-style "default.page"
report-subtitle-style "default.report_subtitle"
report-title-style "default.report_title"
table-chart-caption-style "default.table_caption"
table-chart-even-row-style "default.table_even_row"
table-chart-head-style "default.table_head"
table-chart-odd-row-style "default.table_odd_row"
table-chart-style "default.table"
toc-heading1-style "default.toc_heading1"
toc-heading2-style "default.toc_heading2"
toc-heading3-style "default.toc_heading3"
toc-heading4-style "default.toc_heading4"
toc-title-style "default.toc_title"
next
edit "default-report"
set default-html-style "default.html_default"
set default-pdf-style "default.pdf_default"
set graph-chart-style "default-new.graph"
set heading1-style "default.heading1"
set heading2-style "default.heading2"
set heading3-style "default.heading3"
set heading4-style "default.heading4"
set hline-style "default.hline"
set image-style "default.image"
set normal-text-style "default.text"
set page-footer-style "default.page_footer"
set page-header-style "default.page_header"
set page-style "default.page"
set report-subtitle-style "default.report_subtitle"
set report-title-style "default.report_title"
set table-chart-caption-style "default.table_caption"
set table-chart-even-row-style "default.table_even_row"
set table-chart-head-style "default.table_head"
set table-chart-odd-row-style "default.table_odd_row"
set table-chart-style "default.table"
set toc-heading1-style "default.toc_heading1"
set toc-heading2-style "default.toc_heading2"
set toc-heading3-style "default.toc_heading3"
set toc-heading4-style "default.toc_heading4"
set toc-title-style "default.toc_title"
next
edit "summary"
set column-count 3
set default-html-style "summary.html_default"
set default-pdf-style "summary.pdf_default"
set graph-chart-style "summary.graph"
set heading1-style "summary.heading1"
set heading2-style "summary.heading2"
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
heading3-style "summary.heading3"
heading4-style "summary.heading4"
hline-style "summary.hline"
image-style "summary.image"
normal-text-style "summary.text"
page-footer-style "summary.page_footer"
page-header-style "summary.page_header"
page-style "summary.page"
report-subtitle-style "summary.report_subtitle"
report-title-style "summary.report_title"
table-chart-caption-style "summary.table_caption"
table-chart-even-row-style "summary.table_even_row"
table-chart-head-style "summary.table_head"
table-chart-odd-row-style "summary.table_odd_row"
table-chart-style "summary.table"
toc-heading1-style "summary.toc_heading1"
toc-heading2-style "summary.toc_heading2"
toc-heading3-style "summary.toc_heading3"
toc-heading4-style "summary.toc_heading4"
toc-title-style "summary.toc_title"
next
end
config report layout
edit "default"
config body-item
edit 101
set style "report-cover1"
set type image
set img-src "fortinet_bar.png"
next
edit 103
set content "FortiGate UTM"
set style "report-cover2"
next
edit 105
set content "${schedule_type} Activity Report"
set style "report-cover3"
next
edit 107
set content "${started_time}"
set style "report-cover4"
next
edit 109
set content "FortiGate Host Name: ${hostname}"
set style "report-cover4"
next
edit 111
set content "FortiGate Serial Number: ${serialnum}"
set style "report-cover4"
next
edit 113
set style "report-cover4"
set type image
set img-src "fortinet_grid_logo.png"
next
edit 121
set type misc
set misc-component page-break
next
edit 201
allowed
blocked
search
web sit
top 10 allowed
top 10 blocked
Bandwidth"
top 10 sites b
top 10 senders
top 10 email s
top 10 email r
top 10 viruses
top 10 attacks
top 10 sources
set
set
next
end
format html pdf
options include-table-of-content
config page
set column-break-before heading1
config footer
config footer-item
edit 1
set content "${report_period}"
next
edit 2
set content "${page_no}"
set style "align_right"
next
end
end
config header
config header-item
edit 1
set content "${layout_title}"
next
edit 2
set style "align_right"
set type image
set img-src "fortinet_logo.png"
next
end
end
set paper letter
end
style-theme "default-report"
title "FortiGate UTM Daily Activity Report"
next
end
config firewall service explicit-web
edit "webproxy"
next
end
config firewall service group
edit "Windows AD"
set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB
"
next
edit "Exchange Server"
set member "DCE-RPC" "DNS" "HTTPS"
next
edit "Exchange Server OWA"
set member "DNS" "HTTPS"
next
edit "Outlook"
set member "DCE-RPC" "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMT
PS" "HTTPS"
next
end
config firewall schedule recurring
edit "always"
set day sunday monday tuesday wednesday thursday friday saturday
next
end
config firewall profile-protocol-options
edit "default"
set comment "all default services"
config http
set port 80
set options no-content-summary
unset post-lang
end
config https
set port 443
set options no-content-summary
unset post-lang
end
config ftp
set port 21
set options no-content-summary splice
end
config ftps
set port 990
set options no-content-summary splice
unset post-lang
end
config imap
set port 143
set options fragmail no-content-summary
end
config imaps
set port 993
set options fragmail no-content-summary
end
config pop3
set port 110
set options fragmail no-content-summary
end
config pop3s
set port 995
set options fragmail no-content-summary
end
config smtp
set port 25
set options fragmail no-content-summary splice
end
config smtps
set port 465
set options fragmail no-content-summary splice
end
config nntp
set port 119
set options no-content-summary splice
end
next
end
config firewall policy
end
config firewall local-in-policy
end
config firewall policy6
end
set channel "36" "40" "44" "48" "149" "153" "157" "161" "165
"
end
next
edit "11g-only"
config platform
set type 30B-50B
end
config radio-1
set band 802.11g
set channel "1" "6" "11"
end
config radio-2
set mode disabled
end
next
end
config log disk setting
end
config router rip
config redistribute
end
config redistribute
end
config redistribute
end
config redistribute
end
config redistribute
end
end
config router ripng
config redistribute
end
config redistribute
end
config redistribute
end
config redistribute
end
config redistribute
end
end
config router ospf
config redistribute
end
config redistribute
end
config redistribute
end
config redistribute
end
config redistribute
end
end
config router ospf6
config redistribute
end
config redistribute
end
"connected"
"static"
"ospf"
"bgp"
"isis"
"connected"
"static"
"ospf"
"bgp"
"isis"
"connected"
"static"
"rip"
"bgp"
"isis"
"connected"
"static"