tag:blogger.com,1999:blog-56011023584878109342024-02-19T17:42:56.646-05:00FortiHelpFortinet Devices Tips/Tricks and Rants.Mohttp://www.blogger.com/profile/09860723179453613089noreply@blogger.comBlogger12125tag:blogger.com,1999:blog-5601102358487810934.post-23451347227164049992018-12-07T10:26:00.001-05:002018-12-07T10:29:25.870-05:00SCP config backup, config restore and image restoreWorks in 5.2.x and up.<br />
Restoring the image to the primary partition will trigger an immediate upgrade/downgrade including reboot.<br />
<br />
These all require admin-scp to be enabled on the target device<br />
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace;">config global</span><br />
<span style="font-family: Courier New, Courier, monospace;">config system global</span><br />
<span style="font-family: Courier New, Courier, monospace;">set admin-scp enable</span><br />
<span style="font-family: Courier New, Courier, monospace;">end</span></blockquote>
<br />
#Config Backup<br />
<br />
scp admin@<fgthostname>:<span style="background-color: yellow;">fgt-config</span> <fgthostname>.conf<br />
<blockquote class="tr_bq">
<br />
<span style="font-family: Courier New, Courier, monospace;">scp admin@myfgt1:fgt-config myfgt1.conf</span></blockquote>
<br />
#Config Restore<br />
<br />
scp <fgthostname>.conf admin@<fgthostname>:<span style="background-color: yellow;">fgt-restore-config </span><br />
<blockquote class="tr_bq">
<br />
<span style="font-family: Courier New, Courier, monospace;">scp myfgt1.conf admin@myfgt1:fgt-restore-config </span></blockquote>
<br />
#Image Upload to Primary Partition<br />
<br />
scp <fgtimagename> admin@<fgthostname>:<span style="background-color: yellow;">fgt-image</span><br />
<blockquote class="tr_bq">
<br />
<span style="font-family: Courier New, Courier, monospace;">scp FGT_3700D-v5-build1600-FORTINET.out admin@myfgt1:fgt-image</span></blockquote>
<br />
#Image Upload to Secondary Partition<br />
<br />
scp <fgtimagename> admin@<fgthostname>:<span style="background-color: yellow;">fgt-secondary-image</span><br />
<blockquote class="tr_bq">
<br />
<span style="font-family: Courier New, Courier, monospace;">scp FGT_3700D-v5-build1600-FORTINET.out admin@myfgt1:fgt-secondary-image</span></blockquote>
<br />
<br />Mohttp://www.blogger.com/profile/09860723179453613089noreply@blogger.com0tag:blogger.com,1999:blog-5601102358487810934.post-72567146198639498602018-02-23T09:15:00.001-05:002018-02-23T09:21:18.002-05:00Inter-VDOM routing<br />
<br />
In this example we will be setting up inter-VDOM links between a VDOM named "root" and another VDOM named "untrust". This will allow bidirectional traffic to traverse the 2 VDOMs without any additional cabling.<br />
<br />
Prerequisites:<br />
<br />
<ul>
<li>Tested on FortiOS 6</li>
<li>VDOMs created</li>
<li>Links up</li>
</ul>
<br />
<br />
Process:<br />
<br />
<ul>
<li>Configure interfaces</li>
<li>Configure policies</li>
<li>Configure static routes</li>
</ul>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHEhy2g3VV-narvXBdH8kY1ob0lKj6KEKTCt49GrKaMKvQz8S-3HSaZeJ6PShSFiL2DwZj1evBkaGHgHRH-M3Zh3ZkuXgFvZxLCdnAGvrRIKr0jwH9jgaE8IIWMH4WS1zEdLaicA4xwoOK/s1600/VdomLinks.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="529" data-original-width="561" height="301" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHEhy2g3VV-narvXBdH8kY1ob0lKj6KEKTCt49GrKaMKvQz8S-3HSaZeJ6PShSFiL2DwZj1evBkaGHgHRH-M3Zh3ZkuXgFvZxLCdnAGvrRIKr0jwH9jgaE8IIWMH4WS1zEdLaicA4xwoOK/s320/VdomLinks.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;">###
Interfaces<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;">config
global<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;">config
system interface<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>edit "internal1"<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set vdom "root"<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set ip <span style="background: yellow; mso-highlight: yellow;">10.0.0.254</span> 255.255.255.0<o:p></o:p></span></div>
<div class="MsoNormal" style="text-indent: .5in;">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set
allowaccess ping https <span style="mso-tab-count: 1;"> </span>#This is your
choice<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set type physical<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>next<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>edit "internal2"<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set vdom "untrust"<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set ip <span style="background: yellow; mso-highlight: yellow;">192.168.1.254</span> 255.255.255.0<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span><span style="mso-spacerun: yes;"> </span>set allowaccess ping https<span style="mso-tab-count: 1;"> </span>#This is your choice<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set type physical<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>next<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span><span style="mso-spacerun: yes;"> </span>edit
"root-to-un0"<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set vdom "root"<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set ip <span style="background: yellow; mso-highlight: yellow;">10.10.10.1 255.255.255.252</span><o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set allowaccess ping<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set type vdom-link<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>next<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>edit "root-to-un1"<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set vdom "untrust"<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set ip 10.<span style="background: yellow; mso-highlight: yellow;">10.10.2 255.255.255.252</span><o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set allowaccess ping<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set type vdom-link<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>next<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;">end<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;">end<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-size: x-small;"><br /></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;">config
vdom<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;">edit
root<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;">###
Policies<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;">config
firewall policy<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>edit 1<span style="mso-tab-count: 5;"> </span><o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set name
"int1-to-root-to-un0"<o:p></o:p></span></div>
<div class="MsoNormal" style="text-indent: .5in;">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set
srcintf "<span style="background: yellow; mso-highlight: yellow;">internal1</span>"<span style="mso-tab-count: 1;"> </span>#this is your WAN intf<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set dstintf "<span style="background: yellow; mso-highlight: yellow;">root-to-un0</span>"<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set srcaddr "all"<span style="mso-tab-count: 2;"> </span>#Do not leave as all. Lock down. <o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set dstaddr "all"<span style="mso-tab-count: 2;"> </span>#Do not leave as all. Lock down.<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set action accept<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set schedule "always"<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set service "ALL"<span style="mso-tab-count: 2;"> </span>#Do not leave as all. Lock down.<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set logtraffic disable<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>next<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>edit 2<span style="mso-tab-count: 5;"> </span><o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set name
"root-to-un0-to-int1"<o:p></o:p></span></div>
<div class="MsoNormal" style="text-indent: .5in;">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set
srcintf "<span style="background: yellow; mso-highlight: yellow;">root-to-un0</span>"<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set dstintf "<span style="background: yellow; mso-highlight: yellow;">internal1</span>"<span style="mso-tab-count: 1;"> </span>#this is your WAN intf<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set srcaddr "all"<span style="mso-tab-count: 2;"> </span>#Do not leave as all. Lock down.<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set dstaddr "all"<span style="mso-tab-count: 2;"> </span>#Do not leave as all. Lock down.<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set action accept<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set schedule "always"<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set service "ALL"<span style="mso-tab-count: 2;"> </span>#Do not leave as all. Lock down.<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set logtraffic disable<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>next<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>end<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>### Static Routes<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>config router static<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>edit 1<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set dst <span style="background: yellow; mso-highlight: yellow;">192.168.1.0</span> 255.255.255.0<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span><span style="mso-spacerun: yes;"> </span>set gateway 10.10.10.<span style="background: yellow; mso-highlight: yellow;">2</span><span style="mso-tab-count: 1;"> </span>#This
is the OPPOSITE side of the VLink<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set device "<span style="background: yellow; mso-highlight: yellow;">root-to-un0</span>"<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>next<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>end<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>end<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-size: x-small;"><br /></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;">config
vdom<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;">edit
untrust<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;">###
Policies<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;">config
firewall policy<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>edit 1<span style="mso-tab-count: 5;"> </span><o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set name
"int1-to-root-to-un0"<o:p></o:p></span></div>
<div class="MsoNormal" style="text-indent: .5in;">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set
srcintf "<span style="background: yellow; mso-highlight: yellow;">internal2</span>"<span style="mso-tab-count: 1;"> </span>#this is your WAN intf<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set dstintf "<span style="background: yellow; mso-highlight: yellow;">root-to-un1</span>"<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set srcaddr "all"<span style="mso-tab-count: 2;"> </span>#Do not leave as all. Lock down. <o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set dstaddr "all"<span style="mso-tab-count: 2;"> </span>#Do not leave as all. Lock down.<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set action accept<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set schedule "always"<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set service "ALL"<span style="mso-tab-count: 2;"> </span>#Do not leave as all. Lock down.<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set logtraffic disable<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>next<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>edit 2<span style="mso-tab-count: 5;"> </span><o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set name
"root-to-un0-to-int1"<o:p></o:p></span></div>
<div class="MsoNormal" style="text-indent: .5in;">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set
srcintf "<span style="background: yellow; mso-highlight: yellow;">root-to-un1</span>"<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set dstintf "<span style="background: yellow; mso-highlight: yellow;">internal2</span>"<span style="mso-tab-count: 1;"> </span>#this is your WAN intf<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set srcaddr "all"<span style="mso-tab-count: 2;"> </span>#Do not leave as all. Lock down.<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set dstaddr "all"<span style="mso-tab-count: 2;"> </span>#Do not leave as all. Lock down.<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set action accept<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set schedule "always"<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set service "ALL"<span style="mso-tab-count: 2;"> </span>#Do not leave as all. Lock down.<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set logtraffic disable<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>next<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>end</span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>### Static Routes<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>config router static<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>edit 1<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set dst <span style="background: yellow; mso-highlight: yellow;">10.0.0.0</span> 255.255.255.0<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span><span style="mso-spacerun: yes;"> </span>set gateway 10.10.10.<span style="background: yellow; mso-highlight: yellow;">1</span><span style="mso-tab-count: 1;"> </span>#This
is the OPPOSITE side of the VLink<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>set device "<span style="background: yellow; mso-highlight: yellow;">root-to-un1</span>"<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>next<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "courier new" , serif; font-size: x-small;"><span style="mso-spacerun: yes;"> </span>end<o:p></o:p></span></div>
<div class="separator" style="clear: both; text-align: left;">
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
<o:PixelsPerInch>96</o:PixelsPerInch>
</o:OfficeDocumentSettings>
</xml><![endif]-->
<!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:TrackMoves/>
<w:TrackFormatting/>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:DoNotPromoteQF/>
<w:LidThemeOther>EN-US</w:LidThemeOther>
<w:LidThemeAsian>X-NONE</w:LidThemeAsian>
<w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
<w:SplitPgBreakAndParaMark/>
<w:EnableOpenTypeKerning/>
<w:DontFlipMirrorIndents/>
<w:OverrideTableStyleHps/>
</w:Compatibility>
<m:mathPr>
<m:mathFont m:val="Cambria Math"/>
<m:brkBin m:val="before"/>
<m:brkBinSub m:val="--"/>
<m:smallFrac m:val="off"/>
<m:dispDef/>
<m:lMargin m:val="0"/>
<m:rMargin m:val="0"/>
<m:defJc m:val="centerGroup"/>
<m:wrapIndent m:val="1440"/>
<m:intLim m:val="subSup"/>
<m:naryLim m:val="undOvr"/>
</m:mathPr></w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="false"
DefSemiHidden="false" DefQFormat="false" DefPriority="99"
LatentStyleCount="382">
<w:LsdException Locked="false" Priority="0" QFormat="true" Name="Normal"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 1"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 2"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 3"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 4"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 5"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 6"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 7"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 8"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 9"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 6"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 7"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 8"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 9"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 1"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 2"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 3"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 4"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 5"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 6"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 7"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 8"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 9"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Normal Indent"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="footnote text"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="annotation text"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="header"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="footer"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index heading"/>
<w:LsdException Locked="false" Priority="35" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="caption"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="table of figures"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="envelope address"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="envelope return"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="footnote reference"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="annotation reference"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="line number"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="page number"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="endnote reference"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="endnote text"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="table of authorities"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="macro"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="toa heading"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Bullet"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Number"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Bullet 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Bullet 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Bullet 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Bullet 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Number 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Number 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Number 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Number 5"/>
<w:LsdException Locked="false" Priority="10" QFormat="true" Name="Title"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Closing"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Signature"/>
<w:LsdException Locked="false" Priority="1" SemiHidden="true"
UnhideWhenUsed="true" Name="Default Paragraph Font"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text Indent"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Continue"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Continue 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Continue 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Continue 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Continue 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Message Header"/>
<w:LsdException Locked="false" Priority="11" QFormat="true" Name="Subtitle"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Salutation"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Date"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text First Indent"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text First Indent 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Note Heading"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text Indent 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text Indent 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Block Text"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Hyperlink"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="FollowedHyperlink"/>
<w:LsdException Locked="false" Priority="22" QFormat="true" Name="Strong"/>
<w:LsdException Locked="false" Priority="20" QFormat="true" Name="Emphasis"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Document Map"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Plain Text"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="E-mail Signature"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Top of Form"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Bottom of Form"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Normal (Web)"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Acronym"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Address"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Cite"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Code"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Definition"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Keyboard"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Preformatted"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Sample"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Typewriter"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Variable"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Normal Table"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="annotation subject"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="No List"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Outline List 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Outline List 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Outline List 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Simple 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Simple 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Simple 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Classic 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Classic 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Classic 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Classic 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Colorful 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Colorful 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Colorful 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Columns 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Columns 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Columns 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Columns 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Columns 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 6"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 7"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 8"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 6"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 7"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 8"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table 3D effects 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table 3D effects 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table 3D effects 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Contemporary"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Elegant"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Professional"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Subtle 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Subtle 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Web 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Web 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Web 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Balloon Text"/>
<w:LsdException Locked="false" Priority="39" Name="Table Grid"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Theme"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Note Level 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Note Level 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Note Level 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Note Level 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Note Level 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Note Level 6"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Note Level 7"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Note Level 8"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Note Level 9"/>
<w:LsdException Locked="false" SemiHidden="true" Name="Placeholder Text"/>
<w:LsdException Locked="false" Priority="1" QFormat="true" Name="No Spacing"/>
<w:LsdException Locked="false" Priority="60" Name="Light Shading"/>
<w:LsdException Locked="false" Priority="61" Name="Light List"/>
<w:LsdException Locked="false" Priority="62" Name="Light Grid"/>
<w:LsdException Locked="false" Priority="63" Name="Medium Shading 1"/>
<w:LsdException Locked="false" Priority="64" Name="Medium Shading 2"/>
<w:LsdException Locked="false" Priority="65" Name="Medium List 1"/>
<w:LsdException Locked="false" Priority="66" Name="Medium List 2"/>
<w:LsdException Locked="false" Priority="67" Name="Medium Grid 1"/>
<w:LsdException Locked="false" Priority="68" Name="Medium Grid 2"/>
<w:LsdException Locked="false" Priority="69" Name="Medium Grid 3"/>
<w:LsdException Locked="false" Priority="70" Name="Dark List"/>
<w:LsdException Locked="false" Priority="71" Name="Colorful Shading"/>
<w:LsdException Locked="false" Priority="72" Name="Colorful List"/>
<w:LsdException Locked="false" Priority="73" Name="Colorful Grid"/>
<w:LsdException Locked="false" Priority="60" Name="Light Shading Accent 1"/>
<w:LsdException Locked="false" Priority="61" Name="Light List Accent 1"/>
<w:LsdException Locked="false" Priority="62" Name="Light Grid Accent 1"/>
<w:LsdException Locked="false" Priority="63" Name="Medium Shading 1 Accent 1"/>
<w:LsdException Locked="false" Priority="64" Name="Medium Shading 2 Accent 1"/>
<w:LsdException Locked="false" Priority="65" Name="Medium List 1 Accent 1"/>
<w:LsdException Locked="false" SemiHidden="true" Name="Revision"/>
<w:LsdException Locked="false" Priority="34" QFormat="true"
Name="List Paragraph"/>
<w:LsdException Locked="false" Priority="29" QFormat="true" Name="Quote"/>
<w:LsdException Locked="false" Priority="30" QFormat="true"
Name="Intense Quote"/>
<w:LsdException Locked="false" Priority="66" Name="Medium List 2 Accent 1"/>
<w:LsdException Locked="false" Priority="67" Name="Medium Grid 1 Accent 1"/>
<w:LsdException Locked="false" Priority="68" Name="Medium Grid 2 Accent 1"/>
<w:LsdException Locked="false" Priority="69" Name="Medium Grid 3 Accent 1"/>
<w:LsdException Locked="false" Priority="70" Name="Dark List Accent 1"/>
<w:LsdException Locked="false" Priority="71" Name="Colorful Shading Accent 1"/>
<w:LsdException Locked="false" Priority="72" Name="Colorful List Accent 1"/>
<w:LsdException Locked="false" Priority="73" Name="Colorful Grid Accent 1"/>
<w:LsdException Locked="false" Priority="60" Name="Light Shading Accent 2"/>
<w:LsdException Locked="false" Priority="61" Name="Light List Accent 2"/>
<w:LsdException Locked="false" Priority="62" Name="Light Grid Accent 2"/>
<w:LsdException Locked="false" Priority="63" Name="Medium Shading 1 Accent 2"/>
<w:LsdException Locked="false" Priority="64" Name="Medium Shading 2 Accent 2"/>
<w:LsdException Locked="false" Priority="65" Name="Medium List 1 Accent 2"/>
<w:LsdException Locked="false" Priority="66" Name="Medium List 2 Accent 2"/>
<w:LsdException Locked="false" Priority="67" Name="Medium Grid 1 Accent 2"/>
<w:LsdException Locked="false" Priority="68" Name="Medium Grid 2 Accent 2"/>
<w:LsdException Locked="false" Priority="69" Name="Medium Grid 3 Accent 2"/>
<w:LsdException Locked="false" Priority="70" Name="Dark List Accent 2"/>
<w:LsdException Locked="false" Priority="71" Name="Colorful Shading Accent 2"/>
<w:LsdException Locked="false" Priority="72" Name="Colorful List Accent 2"/>
<w:LsdException Locked="false" Priority="73" Name="Colorful Grid Accent 2"/>
<w:LsdException Locked="false" Priority="60" Name="Light Shading Accent 3"/>
<w:LsdException Locked="false" Priority="61" Name="Light List Accent 3"/>
<w:LsdException Locked="false" Priority="62" Name="Light Grid Accent 3"/>
<w:LsdException Locked="false" Priority="63" Name="Medium Shading 1 Accent 3"/>
<w:LsdException Locked="false" Priority="64" Name="Medium Shading 2 Accent 3"/>
<w:LsdException Locked="false" Priority="65" Name="Medium List 1 Accent 3"/>
<w:LsdException Locked="false" Priority="66" Name="Medium List 2 Accent 3"/>
<w:LsdException Locked="false" Priority="67" Name="Medium Grid 1 Accent 3"/>
<w:LsdException Locked="false" Priority="68" Name="Medium Grid 2 Accent 3"/>
<w:LsdException Locked="false" Priority="69" Name="Medium Grid 3 Accent 3"/>
<w:LsdException Locked="false" Priority="70" Name="Dark List Accent 3"/>
<w:LsdException Locked="false" Priority="71" Name="Colorful Shading Accent 3"/>
<w:LsdException Locked="false" Priority="72" Name="Colorful List Accent 3"/>
<w:LsdException Locked="false" Priority="73" Name="Colorful Grid Accent 3"/>
<w:LsdException Locked="false" Priority="60" Name="Light Shading Accent 4"/>
<w:LsdException Locked="false" Priority="61" Name="Light List Accent 4"/>
<w:LsdException Locked="false" Priority="62" Name="Light Grid Accent 4"/>
<w:LsdException Locked="false" Priority="63" Name="Medium Shading 1 Accent 4"/>
<w:LsdException Locked="false" Priority="64" Name="Medium Shading 2 Accent 4"/>
<w:LsdException Locked="false" Priority="65" Name="Medium List 1 Accent 4"/>
<w:LsdException Locked="false" Priority="66" Name="Medium List 2 Accent 4"/>
<w:LsdException Locked="false" Priority="67" Name="Medium Grid 1 Accent 4"/>
<w:LsdException Locked="false" Priority="68" Name="Medium Grid 2 Accent 4"/>
<w:LsdException Locked="false" Priority="69" Name="Medium Grid 3 Accent 4"/>
<w:LsdException Locked="false" Priority="70" Name="Dark List Accent 4"/>
<w:LsdException Locked="false" Priority="71" Name="Colorful Shading Accent 4"/>
<w:LsdException Locked="false" Priority="72" Name="Colorful List Accent 4"/>
<w:LsdException Locked="false" Priority="73" Name="Colorful Grid Accent 4"/>
<w:LsdException Locked="false" Priority="60" Name="Light Shading Accent 5"/>
<w:LsdException Locked="false" Priority="61" Name="Light List Accent 5"/>
<w:LsdException Locked="false" Priority="62" Name="Light Grid Accent 5"/>
<w:LsdException Locked="false" Priority="63" Name="Medium Shading 1 Accent 5"/>
<w:LsdException Locked="false" Priority="64" Name="Medium Shading 2 Accent 5"/>
<w:LsdException Locked="false" Priority="65" Name="Medium List 1 Accent 5"/>
<w:LsdException Locked="false" Priority="66" Name="Medium List 2 Accent 5"/>
<w:LsdException Locked="false" Priority="67" Name="Medium Grid 1 Accent 5"/>
<w:LsdException Locked="false" Priority="68" Name="Medium Grid 2 Accent 5"/>
<w:LsdException Locked="false" Priority="69" Name="Medium Grid 3 Accent 5"/>
<w:LsdException Locked="false" Priority="70" Name="Dark List Accent 5"/>
<w:LsdException Locked="false" Priority="71" Name="Colorful Shading Accent 5"/>
<w:LsdException Locked="false" Priority="72" Name="Colorful List Accent 5"/>
<w:LsdException Locked="false" Priority="73" Name="Colorful Grid Accent 5"/>
<w:LsdException Locked="false" Priority="60" Name="Light Shading Accent 6"/>
<w:LsdException Locked="false" Priority="61" Name="Light List Accent 6"/>
<w:LsdException Locked="false" Priority="62" Name="Light Grid Accent 6"/>
<w:LsdException Locked="false" Priority="63" Name="Medium Shading 1 Accent 6"/>
<w:LsdException Locked="false" Priority="64" Name="Medium Shading 2 Accent 6"/>
<w:LsdException Locked="false" Priority="65" Name="Medium List 1 Accent 6"/>
<w:LsdException Locked="false" Priority="66" Name="Medium List 2 Accent 6"/>
<w:LsdException Locked="false" Priority="67" Name="Medium Grid 1 Accent 6"/>
<w:LsdException Locked="false" Priority="68" Name="Medium Grid 2 Accent 6"/>
<w:LsdException Locked="false" Priority="69" Name="Medium Grid 3 Accent 6"/>
<w:LsdException Locked="false" Priority="70" Name="Dark List Accent 6"/>
<w:LsdException Locked="false" Priority="71" Name="Colorful Shading Accent 6"/>
<w:LsdException Locked="false" Priority="72" Name="Colorful List Accent 6"/>
<w:LsdException Locked="false" Priority="73" Name="Colorful Grid Accent 6"/>
<w:LsdException Locked="false" Priority="19" QFormat="true"
Name="Subtle Emphasis"/>
<w:LsdException Locked="false" Priority="21" QFormat="true"
Name="Intense Emphasis"/>
<w:LsdException Locked="false" Priority="31" QFormat="true"
Name="Subtle Reference"/>
<w:LsdException Locked="false" Priority="32" QFormat="true"
Name="Intense Reference"/>
<w:LsdException Locked="false" Priority="33" QFormat="true" Name="Book Title"/>
<w:LsdException Locked="false" Priority="37" SemiHidden="true"
UnhideWhenUsed="true" Name="Bibliography"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="TOC Heading"/>
<w:LsdException Locked="false" Priority="41" Name="Plain Table 1"/>
<w:LsdException Locked="false" Priority="42" Name="Plain Table 2"/>
<w:LsdException Locked="false" Priority="43" Name="Plain Table 3"/>
<w:LsdException Locked="false" Priority="44" Name="Plain Table 4"/>
<w:LsdException Locked="false" Priority="45" Name="Plain Table 5"/>
<w:LsdException Locked="false" Priority="40" Name="Grid Table Light"/>
<w:LsdException Locked="false" Priority="46" Name="Grid Table 1 Light"/>
<w:LsdException Locked="false" Priority="47" Name="Grid Table 2"/>
<w:LsdException Locked="false" Priority="48" Name="Grid Table 3"/>
<w:LsdException Locked="false" Priority="49" Name="Grid Table 4"/>
<w:LsdException Locked="false" Priority="50" Name="Grid Table 5 Dark"/>
<w:LsdException Locked="false" Priority="51" Name="Grid Table 6 Colorful"/>
<w:LsdException Locked="false" Priority="52" Name="Grid Table 7 Colorful"/>
<w:LsdException Locked="false" Priority="46"
Name="Grid Table 1 Light Accent 1"/>
<w:LsdException Locked="false" Priority="47" Name="Grid Table 2 Accent 1"/>
<w:LsdException Locked="false" Priority="48" Name="Grid Table 3 Accent 1"/>
<w:LsdException Locked="false" Priority="49" Name="Grid Table 4 Accent 1"/>
<w:LsdException Locked="false" Priority="50" Name="Grid Table 5 Dark Accent 1"/>
<w:LsdException Locked="false" Priority="51"
Name="Grid Table 6 Colorful Accent 1"/>
<w:LsdException Locked="false" Priority="52"
Name="Grid Table 7 Colorful Accent 1"/>
<w:LsdException Locked="false" Priority="46"
Name="Grid Table 1 Light Accent 2"/>
<w:LsdException Locked="false" Priority="47" Name="Grid Table 2 Accent 2"/>
<w:LsdException Locked="false" Priority="48" Name="Grid Table 3 Accent 2"/>
<w:LsdException Locked="false" Priority="49" Name="Grid Table 4 Accent 2"/>
<w:LsdException Locked="false" Priority="50" Name="Grid Table 5 Dark Accent 2"/>
<w:LsdException Locked="false" Priority="51"
Name="Grid Table 6 Colorful Accent 2"/>
<w:LsdException Locked="false" Priority="52"
Name="Grid Table 7 Colorful Accent 2"/>
<w:LsdException Locked="false" Priority="46"
Name="Grid Table 1 Light Accent 3"/>
<w:LsdException Locked="false" Priority="47" Name="Grid Table 2 Accent 3"/>
<w:LsdException Locked="false" Priority="48" Name="Grid Table 3 Accent 3"/>
<w:LsdException Locked="false" Priority="49" Name="Grid Table 4 Accent 3"/>
<w:LsdException Locked="false" Priority="50" Name="Grid Table 5 Dark Accent 3"/>
<w:LsdException Locked="false" Priority="51"
Name="Grid Table 6 Colorful Accent 3"/>
<w:LsdException Locked="false" Priority="52"
Name="Grid Table 7 Colorful Accent 3"/>
<w:LsdException Locked="false" Priority="46"
Name="Grid Table 1 Light Accent 4"/>
<w:LsdException Locked="false" Priority="47" Name="Grid Table 2 Accent 4"/>
<w:LsdException Locked="false" Priority="48" Name="Grid Table 3 Accent 4"/>
<w:LsdException Locked="false" Priority="49" Name="Grid Table 4 Accent 4"/>
<w:LsdException Locked="false" Priority="50" Name="Grid Table 5 Dark Accent 4"/>
<w:LsdException Locked="false" Priority="51"
Name="Grid Table 6 Colorful Accent 4"/>
<w:LsdException Locked="false" Priority="52"
Name="Grid Table 7 Colorful Accent 4"/>
<w:LsdException Locked="false" Priority="46"
Name="Grid Table 1 Light Accent 5"/>
<w:LsdException Locked="false" Priority="47" Name="Grid Table 2 Accent 5"/>
<w:LsdException Locked="false" Priority="48" Name="Grid Table 3 Accent 5"/>
<w:LsdException Locked="false" Priority="49" Name="Grid Table 4 Accent 5"/>
<w:LsdException Locked="false" Priority="50" Name="Grid Table 5 Dark Accent 5"/>
<w:LsdException Locked="false" Priority="51"
Name="Grid Table 6 Colorful Accent 5"/>
<w:LsdException Locked="false" Priority="52"
Name="Grid Table 7 Colorful Accent 5"/>
<w:LsdException Locked="false" Priority="46"
Name="Grid Table 1 Light Accent 6"/>
<w:LsdException Locked="false" Priority="47" Name="Grid Table 2 Accent 6"/>
<w:LsdException Locked="false" Priority="48" Name="Grid Table 3 Accent 6"/>
<w:LsdException Locked="false" Priority="49" Name="Grid Table 4 Accent 6"/>
<w:LsdException Locked="false" Priority="50" Name="Grid Table 5 Dark Accent 6"/>
<w:LsdException Locked="false" Priority="51"
Name="Grid Table 6 Colorful Accent 6"/>
<w:LsdException Locked="false" Priority="52"
Name="Grid Table 7 Colorful Accent 6"/>
<w:LsdException Locked="false" Priority="46" Name="List Table 1 Light"/>
<w:LsdException Locked="false" Priority="47" Name="List Table 2"/>
<w:LsdException Locked="false" Priority="48" Name="List Table 3"/>
<w:LsdException Locked="false" Priority="49" Name="List Table 4"/>
<w:LsdException Locked="false" Priority="50" Name="List Table 5 Dark"/>
<w:LsdException Locked="false" Priority="51" Name="List Table 6 Colorful"/>
<w:LsdException Locked="false" Priority="52" Name="List Table 7 Colorful"/>
<w:LsdException Locked="false" Priority="46"
Name="List Table 1 Light Accent 1"/>
<w:LsdException Locked="false" Priority="47" Name="List Table 2 Accent 1"/>
<w:LsdException Locked="false" Priority="48" Name="List Table 3 Accent 1"/>
<w:LsdException Locked="false" Priority="49" Name="List Table 4 Accent 1"/>
<w:LsdException Locked="false" Priority="50" Name="List Table 5 Dark Accent 1"/>
<w:LsdException Locked="false" Priority="51"
Name="List Table 6 Colorful Accent 1"/>
<w:LsdException Locked="false" Priority="52"
Name="List Table 7 Colorful Accent 1"/>
<w:LsdException Locked="false" Priority="46"
Name="List Table 1 Light Accent 2"/>
<w:LsdException Locked="false" Priority="47" Name="List Table 2 Accent 2"/>
<w:LsdException Locked="false" Priority="48" Name="List Table 3 Accent 2"/>
<w:LsdException Locked="false" Priority="49" Name="List Table 4 Accent 2"/>
<w:LsdException Locked="false" Priority="50" Name="List Table 5 Dark Accent 2"/>
<w:LsdException Locked="false" Priority="51"
Name="List Table 6 Colorful Accent 2"/>
<w:LsdException Locked="false" Priority="52"
Name="List Table 7 Colorful Accent 2"/>
<w:LsdException Locked="false" Priority="46"
Name="List Table 1 Light Accent 3"/>
<w:LsdException Locked="false" Priority="47" Name="List Table 2 Accent 3"/>
<w:LsdException Locked="false" Priority="48" Name="List Table 3 Accent 3"/>
<w:LsdException Locked="false" Priority="49" Name="List Table 4 Accent 3"/>
<w:LsdException Locked="false" Priority="50" Name="List Table 5 Dark Accent 3"/>
<w:LsdException Locked="false" Priority="51"
Name="List Table 6 Colorful Accent 3"/>
<w:LsdException Locked="false" Priority="52"
Name="List Table 7 Colorful Accent 3"/>
<w:LsdException Locked="false" Priority="46"
Name="List Table 1 Light Accent 4"/>
<w:LsdException Locked="false" Priority="47" Name="List Table 2 Accent 4"/>
<w:LsdException Locked="false" Priority="48" Name="List Table 3 Accent 4"/>
<w:LsdException Locked="false" Priority="49" Name="List Table 4 Accent 4"/>
<w:LsdException Locked="false" Priority="50" Name="List Table 5 Dark Accent 4"/>
<w:LsdException Locked="false" Priority="51"
Name="List Table 6 Colorful Accent 4"/>
<w:LsdException Locked="false" Priority="52"
Name="List Table 7 Colorful Accent 4"/>
<w:LsdException Locked="false" Priority="46"
Name="List Table 1 Light Accent 5"/>
<w:LsdException Locked="false" Priority="47" Name="List Table 2 Accent 5"/>
<w:LsdException Locked="false" Priority="48" Name="List Table 3 Accent 5"/>
<w:LsdException Locked="false" Priority="49" Name="List Table 4 Accent 5"/>
<w:LsdException Locked="false" Priority="50" Name="List Table 5 Dark Accent 5"/>
<w:LsdException Locked="false" Priority="51"
Name="List Table 6 Colorful Accent 5"/>
<w:LsdException Locked="false" Priority="52"
Name="List Table 7 Colorful Accent 5"/>
<w:LsdException Locked="false" Priority="46"
Name="List Table 1 Light Accent 6"/>
<w:LsdException Locked="false" Priority="47" Name="List Table 2 Accent 6"/>
<w:LsdException Locked="false" Priority="48" Name="List Table 3 Accent 6"/>
<w:LsdException Locked="false" Priority="49" Name="List Table 4 Accent 6"/>
<w:LsdException Locked="false" Priority="50" Name="List Table 5 Dark Accent 6"/>
<w:LsdException Locked="false" Priority="51"
Name="List Table 6 Colorful Accent 6"/>
<w:LsdException Locked="false" Priority="52"
Name="List Table 7 Colorful Accent 6"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Mention"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Smart Hyperlink"/>
</w:LatentStyles>
</xml><![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Courier New";
panose-1:2 7 3 9 2 2 5 2 4 4;
mso-font-charset:0;
mso-generic-font-family:roman;
mso-font-pitch:fixed;
mso-font-signature:-536859905 -1073711037 9 0 511 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;
mso-font-charset:0;
mso-generic-font-family:roman;
mso-font-pitch:variable;
mso-font-signature:-536870145 1107305727 0 0 415 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;
mso-font-charset:0;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:-536870145 1073786111 1 0 415 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Calibri",sans-serif;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:Calibri;
mso-fareast-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
.MsoChpDefault
{mso-style-type:export-only;
mso-default-props:yes;
font-family:"Calibri",sans-serif;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:Calibri;
mso-fareast-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.WordSection1
{page:WordSection1;}
</style>
</div>
-->
<!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Calibri",sans-serif;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
</style>
<![endif]-->
<!--StartFragment-->
<!--EndFragment--><br />
<div class="MsoNormal">
<span style="font-family: "courier new" , serif;"><span style="font-size: x-small;"><span style="mso-spacerun: yes;"> </span>end</span><span style="font-size: 10pt;"><o:p></o:p></span></span></div>
<br />Mohttp://www.blogger.com/profile/09860723179453613089noreply@blogger.com0tag:blogger.com,1999:blog-5601102358487810934.post-1944478356465876142017-07-01T17:35:00.000-04:002017-07-02T13:09:22.786-04:00FGT VM in transparent mode on ESXi 6.0<br />
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Purpose:<o:p></o:p></div>
<div class="MsoNormal">
Our goal with this config is to inspect/restrict traffic sourced/destined
from servers on our LAN without causing much impact to the existing network. <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Caution:<o:p></o:p></div>
<div class="MsoNormal">
Failing to specify VLAN, Forwarding-domain and strict
src/dst addresses may result in a Layer2 loop/broadcast storm. Please make sure
to follow the directions carefully. <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Topology:<o:p></o:p></div>
<div class="MsoNormal">
<span style="mso-no-proof: yes;"><!--[if gte vml 1]><v:shapetype
id="_x0000_t75" coordsize="21600,21600" o:spt="75" o:preferrelative="t"
path="m@4@5l@4@11@9@11@9@5xe" filled="f" stroked="f">
<v:stroke joinstyle="miter"/>
<v:formulas>
<v:f eqn="if lineDrawn pixelLineWidth 0"/>
<v:f eqn="sum @0 1 0"/>
<v:f eqn="sum 0 0 @1"/>
<v:f eqn="prod @2 1 2"/>
<v:f eqn="prod @3 21600 pixelWidth"/>
<v:f eqn="prod @3 21600 pixelHeight"/>
<v:f eqn="sum @0 0 1"/>
<v:f eqn="prod @6 1 2"/>
<v:f eqn="prod @7 21600 pixelWidth"/>
<v:f eqn="sum @8 21600 0"/>
<v:f eqn="prod @7 21600 pixelHeight"/>
<v:f eqn="sum @10 21600 0"/>
</v:formulas>
<v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
<o:lock v:ext="edit" aspectratio="t"/>
</v:shapetype><v:shape id="Picture_x0020_7" o:spid="_x0000_i1031" type="#_x0000_t75"
style='width:468pt;height:233pt;visibility:visible;mso-wrap-style:square'>
<v:imagedata src="file:////Users/moisesalves/Library/Group%20Containers/UBF8T346G9.Office/msoclip1/01/clip_image001.png"
o:title=""/>
</v:shape><![endif]--><!--[if !vml]--><!--[endif]--></span><o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfNrzo7MceAqj0rBtlxsEksxHWoQP4IrjUPqaE_uetbmJA9rhjpXSQJSEcLSpU403uvJzU707sggEGObJrutmHMV6-pKI9EsNkWIIFJsZsTOJhqIxCHi1oAPECbaercnNhypF4zfQFNKVq/s1600/Picture1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="485" data-original-width="975" height="197" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfNrzo7MceAqj0rBtlxsEksxHWoQP4IrjUPqaE_uetbmJA9rhjpXSQJSEcLSpU403uvJzU707sggEGObJrutmHMV6-pKI9EsNkWIIFJsZsTOJhqIxCHi1oAPECbaercnNhypF4zfQFNKVq/s400/Picture1.png" width="400" /></a></div>
<br />
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoListParagraphCxSpFirst" style="mso-list: l0 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">1.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Deploy OVF Template<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">a.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Follow the instructions in <a href="http://docs.fortinet.com/uploaded/files/1734/fortigate-vm-install-50.pdf">http://docs.fortinet.com/uploaded/files/1734/fortigate-vm-install-50.pdf</a><o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">b.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->I prefer to thin provision everything but that
is your choice<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">c.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Do not power on the Virtual machine after
deploying. <o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">2.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Shut off your VM servers that you would like to
add to the port group so that we may edit their port assignments. <o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">3.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Create a Port Group in ESXi<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto;">
<br /></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto;">
<span style="mso-no-proof: yes;"><!--[if gte vml 1]><v:shape id="Picture_x0020_1"
o:spid="_x0000_i1030" type="#_x0000_t75" style='width:258pt;height:265pt;
visibility:visible;mso-wrap-style:square'>
<v:imagedata src="file:////Users/moisesalves/Library/Group%20Containers/UBF8T346G9.Office/msoclip1/01/clip_image003.png"
o:title=""/>
</v:shape><![endif]--><!--[if !vml]--><!--[endif]--></span><o:p></o:p></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8DYPEAaeEF_Uv42PYbB110axJdCONlwrKUwKJwmXfnleGVyx8q-4pXvcxs80sVQGK0XwGm4Z-_cEYhE5_e6IN3-bYlG4Z4I9NJoaO2tGqZRhAdqI4PwSdSDW3UesO8P2GAC3uYWJ3zkS0/s1600/Picture2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="553" data-original-width="538" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8DYPEAaeEF_Uv42PYbB110axJdCONlwrKUwKJwmXfnleGVyx8q-4pXvcxs80sVQGK0XwGm4Z-_cEYhE5_e6IN3-bYlG4Z4I9NJoaO2tGqZRhAdqI4PwSdSDW3UesO8P2GAC3uYWJ3zkS0/s320/Picture2.png" width="311" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_KQSN3rFv9hHha5GRCaBNiecIeEX_kUnfSrweWfXqwvjCsQHf96SCypna_G9S9k9RIangV7tegguKLLw3DC-D9qtORg_Y3RJiG37SFW33K_TNSHB-UJBdbS3EXC4_8grwSlSyLpyjkj4N/s1600/Picture3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="336" data-original-width="794" height="135" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_KQSN3rFv9hHha5GRCaBNiecIeEX_kUnfSrweWfXqwvjCsQHf96SCypna_G9S9k9RIangV7tegguKLLw3DC-D9qtORg_Y3RJiG37SFW33K_TNSHB-UJBdbS3EXC4_8grwSlSyLpyjkj4N/s320/Picture3.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Make sure that you assign a unique vlan id here.</div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto;">
<o:p></o:p></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh93PBSeE5RbX3HK7l-q6Irmh1cnI8oy-pFI8cX4_NhW6I7JjOoaxEtsxUvc9cdwjw8dJfgM8_vyXkZlms14EILBPOAvganzMXyXSk-dB8-18LeuvK0h1W5nK1wgFUnr_e9kCey-gGtdPhw/s1600/Picture4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="374" data-original-width="816" height="146" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh93PBSeE5RbX3HK7l-q6Irmh1cnI8oy-pFI8cX4_NhW6I7JjOoaxEtsxUvc9cdwjw8dJfgM8_vyXkZlms14EILBPOAvganzMXyXSk-dB8-18LeuvK0h1W5nK1wgFUnr_e9kCey-gGtdPhw/s320/Picture4.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Edit your server VM and assign the network adapter to your new port
group.</div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto;">
<o:p></o:p></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8EgNTmJiOeRGJsSAwAxbPWAiYjGN37YohIxFaXC5-ALbIayDd73Q3HGqudXXy2Z9iIq2Yx9WlB4d78hlWXWUsR1rOxrxJ2IvsKbjnPBRfW4zAZA0I1b2GuMuAvbp2wS6vU1YG36rb9PEt/s1600/Picture5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="229" data-original-width="816" height="89" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8EgNTmJiOeRGJsSAwAxbPWAiYjGN37YohIxFaXC5-ALbIayDd73Q3HGqudXXy2Z9iIq2Yx9WlB4d78hlWXWUsR1rOxrxJ2IvsKbjnPBRfW4zAZA0I1b2GuMuAvbp2wS6vU1YG36rb9PEt/s320/Picture5.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
Edit your FGTVM.</div>
<div class="separator" style="clear: both; text-align: left;">
Disconnect all ports that will not be used.</div>
<div class="separator" style="clear: both; text-align: left;">
You will need 3 ports: In/Out/mgmt.</div>
<div class="separator" style="clear: both; text-align: left;">
In this case, we are using:</div>
<div class="separator" style="clear: both; text-align: left;">
Port1 for out to our network.</div>
<div class="separator" style="clear: both; text-align: left;">
Port2 for management.</div>
<div class="separator" style="clear: both; text-align: left;">
Port8 for connection the VM port group.</div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto;">
<o:p></o:p></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaiepLJfTuBqqVdwwufdjDb-r114P63eQsKO4N2PRXmUOQbBQvEPh_jTlL0IN-XUdLvFA7p9K518XkOBwx__9O2HBJq1Z8rxNEQ7IHRpkUiuwvTyU47PqBFuILtlnWqZpwRcx-RICT011c/s1600/Picture6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="395" data-original-width="817" height="154" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaiepLJfTuBqqVdwwufdjDb-r114P63eQsKO4N2PRXmUOQbBQvEPh_jTlL0IN-XUdLvFA7p9K518XkOBwx__9O2HBJq1Z8rxNEQ7IHRpkUiuwvTyU47PqBFuILtlnWqZpwRcx-RICT011c/s320/Picture6.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
Your port group should now look something like this if you had 2 servers
in it. The only exception is that your ports are not green as we have not
powered anything on yet.</div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto;">
<o:p></o:p></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifQZ9r705-k7lQJTBP7ui04km84sazdnMFmtjsAPQTh_7-QuCS9Ip0QHdU5-PIvUm9IpSSXpr1js77LtD_36PbLPK39gXu0ikEYbn1byCIrVIILI-A_5wuENiYKd3myzr-qFseQuWAU_X3/s1600/Picture7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="446" data-original-width="815" height="175" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifQZ9r705-k7lQJTBP7ui04km84sazdnMFmtjsAPQTh_7-QuCS9Ip0QHdU5-PIvUm9IpSSXpr1js77LtD_36PbLPK39gXu0ikEYbn1byCIrVIILI-A_5wuENiYKd3myzr-qFseQuWAU_X3/s320/Picture7.png" width="320" /></a></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto;">
<span style="mso-no-proof: yes;"><!--[if gte vml 1]><v:shape id="Picture_x0020_6"
o:spid="_x0000_i1025" type="#_x0000_t75" style='width:391pt;height:214pt;
visibility:visible;mso-wrap-style:square'>
<v:imagedata src="file:////Users/moisesalves/Library/Group%20Containers/UBF8T346G9.Office/msoclip1/01/clip_image013.png"
o:title=""/>
</v:shape><![endif]--><!--[if !vml]--><!--[endif]--></span><o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto;">
<br /></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto;">
<br /></div>
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">4.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Power on your FGT VM<span style="mso-spacerun: yes;"> </span>and console into FortiOS CLI.<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">5.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->As a precaution, we should shut all ports. <br />
<blockquote class="tr_bq">
config sys interface<br />
edit port1<br />
set status down<br />
next<br />
#repeat for all ports</blockquote>
<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="text-indent: .5in;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="text-indent: .5in;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">6.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Set the box transparent mode.<br />
<blockquote class="tr_bq">
config system settings<br />
set opmode transparent<br />
set
manageip<br />
<span style="mso-tab-count: 1;"> </span>end<br />
<span style="mso-tab-count: 1;"> </span>#this will
log you out so log back in. </blockquote>
<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto;">
<o:p></o:p></div>
<div class="MsoNormal">
<o:p></o:p></div>
<div class="MsoNormal">
<o:p></o:p></div>
<div class="MsoListParagraph" style="mso-list: l0 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">7.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Set DNS and static route if needed. <br />
<blockquote class="tr_bq">
config system dns<br />
set primary x.x.x.x<br />
set secondary x.x.x.x<br />
<span style="mso-tab-count: 1;"> </span>end<br />
<span style="mso-tab-count: 1;"> </span>config
router static<br />
<span style="mso-tab-count: 1;"> </span><span style="mso-tab-count: 1;"> </span>edit 0<br />
<span style="mso-tab-count: 1;"> </span><span style="mso-tab-count: 1;"> </span><span style="mso-tab-count: 1;"> </span>set
dst x.x.x.x x.x.x.x<br />
<span style="mso-tab-count: 1;"> </span><span style="mso-tab-count: 1;"> </span><span style="mso-tab-count: 1;"> </span>set
gateway x.x.x.x<br />
<span style="mso-tab-count: 1;"> </span>end</blockquote>
<o:p></o:p></div>
<div class="MsoNormal" style="margin-left: 1.0in;">
<o:p></o:p></div>
<div class="MsoNormal" style="margin-left: 1.0in;">
<o:p></o:p></div>
<div class="MsoNormal">
<o:p></o:p></div>
<div class="MsoNormal">
<o:p></o:p></div>
<div class="MsoNormal">
<o:p></o:p></div>
<div class="MsoNormal">
<o:p></o:p></div>
<div class="MsoNormal">
<o:p></o:p></div>
<div class="MsoNormal">
<o:p></o:p></div>
<div class="MsoNormal">
<span style="mso-tab-count: 1;"> </span><o:p></o:p></div>
<div class="MsoListParagraph" style="mso-list: l0 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">8.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Set the forward-domain for your interfaces that
are not used for management. <br />
<blockquote class="tr_bq">
config system interface<br />
edit port1<br />
<span style="mso-tab-count: 1;"> </span>set
forward-domain 100<br />
next<br />
edit port8<br />
<span style="mso-tab-count: 1;"> </span>set
forward-domain 100<br />
end </blockquote>
<o:p></o:p></div>
<div class="MsoNormal" style="margin-left: 1.0in;">
<o:p></o:p></div>
<div class="MsoNormal" style="margin-left: 1.0in;">
<o:p></o:p></div>
<div class="MsoNormal" style="margin-left: 1.0in;">
<o:p></o:p></div>
<div class="MsoNormal" style="margin-left: 1.0in;">
<o:p></o:p></div>
<div class="MsoNormal" style="margin-left: 1.0in;">
<o:p></o:p></div>
<div class="MsoNormal" style="margin-left: 1.0in;">
<o:p></o:p></div>
<div class="MsoListParagraph" style="mso-list: l0 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">9.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Set the allowaccess for your mgmt. interface.<br />
<blockquote class="tr_bq">
config system interface<br />
edit port2<br />
<span style="mso-tab-count: 1;"> </span>set
allowaccess ping https<br />
end</blockquote>
<o:p></o:p></div>
<div class="MsoNormal" style="margin-left: 1.0in;">
<o:p></o:p></div>
<div class="MsoNormal" style="margin-left: 1.0in;">
<o:p></o:p></div>
<div class="MsoNormal">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpFirst" style="mso-list: l0 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">10.<span style="font: 7.0pt "Times New Roman";"> </span></span></span><!--[endif]-->Setup
the in/out firewall policies for your Server communications. <o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle">
<span style="color: red;">It is very
important that you set specify srcaddr/dstaddr to avoid layer2 issues on your
network . </span><br />
<blockquote class="tr_bq">
config firewall policy<br />
edit 0<br />
<span style="mso-tab-count: 1;"> </span>set name “p1-p8”<br />
set srcintf port1<br />
<span style="mso-tab-count: 1;"> </span>set dstintf port8<br />
<span style="mso-tab-count: 1;"> </span>set srcaddr all<br />
<span style="mso-tab-count: 1;"> </span>set dstaddr "/32 srvIP"<br />
<span style="mso-tab-count: 1;"> </span>set service any<br />
<span style="mso-tab-count: 1;"> </span>set schedule always<br />
set action accept<br />
next<br />
edit
0<br />
<span style="mso-tab-count: 1;"> </span>set name “p8-p1”<br />
set srcintf port8<br />
<span style="mso-tab-count: 1;"> </span>set dstintf port1<br />
<span style="mso-tab-count: 1;"> </span>set dstaddr all<br />
<span style="mso-tab-count: 1;"> </span>set srcaddr "/32 srvIP"<br />
<span style="mso-tab-count: 1;"> </span>set service any<br />
<span style="mso-tab-count: 1;"> </span>set schedule always<br />
set action accept<br />
next </blockquote>
<br />
<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; text-indent: .5in;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto;">
<o:p></o:p></div>
<o:p></o:p><br />
<div class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpLast" style="margin-left: 1.0in; mso-add-space: auto; text-indent: .5in;">
<o:p></o:p></div>
<div class="MsoNormal">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpFirst" style="margin-left: 1.0in; mso-add-space: auto;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; text-indent: .5in;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto;">
<o:p></o:p></div>
<o:p></o:p><br />
<div class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpLast" style="margin-left: 1.0in; mso-add-space: auto; text-indent: .5in;">
<o:p></o:p></div>
<div class="MsoNormal">
<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoListParagraphCxSpFirst" style="mso-list: l0 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">11.<span style="font: 7.0pt "Times New Roman";"> </span></span></span><!--[endif]-->Enable
your 3 interfaces on the FGTVM and power on your VM servers. Traffic towards
your servers should now be routed through your FGTVM and the FGT should be accessible
via the management IP. <o:p></o:p></div>
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
<o:PixelsPerInch>96</o:PixelsPerInch>
</o:OfficeDocumentSettings>
</xml><![endif]-->
<!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:TrackMoves>false</w:TrackMoves>
<w:TrackFormatting/>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:DoNotPromoteQF/>
<w:LidThemeOther>EN-US</w:LidThemeOther>
<w:LidThemeAsian>X-NONE</w:LidThemeAsian>
<w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
<w:SplitPgBreakAndParaMark/>
<w:EnableOpenTypeKerning/>
<w:DontFlipMirrorIndents/>
<w:OverrideTableStyleHps/>
</w:Compatibility>
<m:mathPr>
<m:mathFont m:val="Cambria Math"/>
<m:brkBin m:val="before"/>
<m:brkBinSub m:val="--"/>
<m:smallFrac m:val="off"/>
<m:dispDef/>
<m:lMargin m:val="0"/>
<m:rMargin m:val="0"/>
<m:defJc m:val="centerGroup"/>
<m:wrapIndent m:val="1440"/>
<m:intLim m:val="subSup"/>
<m:naryLim m:val="undOvr"/>
</m:mathPr></w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="false"
DefSemiHidden="false" DefQFormat="false" DefPriority="99"
LatentStyleCount="382">
<w:LsdException Locked="false" Priority="0" QFormat="true" Name="Normal"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 1"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 2"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 3"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 4"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 5"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 6"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 7"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 8"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 9"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 6"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 7"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 8"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 9"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 1"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 2"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 3"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 4"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 5"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 6"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 7"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 8"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 9"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Normal Indent"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="footnote text"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="annotation text"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="header"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="footer"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index heading"/>
<w:LsdException Locked="false" Priority="35" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="caption"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="table of figures"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="envelope address"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="envelope return"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="footnote reference"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="annotation reference"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="line number"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="page number"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="endnote reference"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="endnote text"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="table of authorities"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="macro"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="toa heading"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Bullet"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Number"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Bullet 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Bullet 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Bullet 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Bullet 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Number 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Number 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Number 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Number 5"/>
<w:LsdException Locked="false" Priority="10" QFormat="true" Name="Title"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Closing"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Signature"/>
<w:LsdException Locked="false" Priority="1" SemiHidden="true"
UnhideWhenUsed="true" Name="Default Paragraph Font"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text Indent"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Continue"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Continue 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Continue 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Continue 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Continue 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Message Header"/>
<w:LsdException Locked="false" Priority="11" QFormat="true" Name="Subtitle"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Salutation"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Date"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text First Indent"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text First Indent 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Note Heading"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text Indent 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text Indent 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Block Text"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Hyperlink"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="FollowedHyperlink"/>
<w:LsdException Locked="false" Priority="22" QFormat="true" Name="Strong"/>
<w:LsdException Locked="false" Priority="20" QFormat="true" Name="Emphasis"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Document Map"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Plain Text"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="E-mail Signature"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Top of Form"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Bottom of Form"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Normal (Web)"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Acronym"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Address"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Cite"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Code"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Definition"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Keyboard"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Preformatted"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Sample"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Typewriter"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Variable"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Normal Table"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="annotation subject"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="No List"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Outline List 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Outline List 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Outline List 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Simple 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Simple 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Simple 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Classic 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Classic 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Classic 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Classic 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Colorful 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Colorful 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Colorful 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Columns 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Columns 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Columns 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Columns 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Columns 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 6"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 7"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 8"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 6"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 7"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 8"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table 3D effects 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table 3D effects 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table 3D effects 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Contemporary"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Elegant"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Professional"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Subtle 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Subtle 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Web 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Web 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Web 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Balloon Text"/>
<w:LsdException Locked="false" Priority="39" Name="Table Grid"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Theme"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Note Level 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Note Level 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Note Level 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Note Level 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Note Level 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Note Level 6"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Note Level 7"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Note Level 8"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Note Level 9"/>
<w:LsdException Locked="false" SemiHidden="true" Name="Placeholder Text"/>
<w:LsdException Locked="false" Priority="1" QFormat="true" Name="No Spacing"/>
<w:LsdException Locked="false" Priority="60" Name="Light Shading"/>
<w:LsdException Locked="false" Priority="61" Name="Light List"/>
<w:LsdException Locked="false" Priority="62" Name="Light Grid"/>
<w:LsdException Locked="false" Priority="63" Name="Medium Shading 1"/>
<w:LsdException Locked="false" Priority="64" Name="Medium Shading 2"/>
<w:LsdException Locked="false" Priority="65" Name="Medium List 1"/>
<w:LsdException Locked="false" Priority="66" Name="Medium List 2"/>
<w:LsdException Locked="false" Priority="67" Name="Medium Grid 1"/>
<w:LsdException Locked="false" Priority="68" Name="Medium Grid 2"/>
<w:LsdException Locked="false" Priority="69" Name="Medium Grid 3"/>
<w:LsdException Locked="false" Priority="70" Name="Dark List"/>
<w:LsdException Locked="false" Priority="71" Name="Colorful Shading"/>
<w:LsdException Locked="false" Priority="72" Name="Colorful List"/>
<w:LsdException Locked="false" Priority="73" Name="Colorful Grid"/>
<w:LsdException Locked="false" Priority="60" Name="Light Shading Accent 1"/>
<w:LsdException Locked="false" Priority="61" Name="Light List Accent 1"/>
<w:LsdException Locked="false" Priority="62" Name="Light Grid Accent 1"/>
<w:LsdException Locked="false" Priority="63" Name="Medium Shading 1 Accent 1"/>
<w:LsdException Locked="false" Priority="64" Name="Medium Shading 2 Accent 1"/>
<w:LsdException Locked="false" Priority="65" Name="Medium List 1 Accent 1"/>
<w:LsdException Locked="false" SemiHidden="true" Name="Revision"/>
<w:LsdException Locked="false" Priority="34" QFormat="true"
Name="List Paragraph"/>
<w:LsdException Locked="false" Priority="29" QFormat="true" Name="Quote"/>
<w:LsdException Locked="false" Priority="30" QFormat="true"
Name="Intense Quote"/>
<w:LsdException Locked="false" Priority="66" Name="Medium List 2 Accent 1"/>
<w:LsdException Locked="false" Priority="67" Name="Medium Grid 1 Accent 1"/>
<w:LsdException Locked="false" Priority="68" Name="Medium Grid 2 Accent 1"/>
<w:LsdException Locked="false" Priority="69" Name="Medium Grid 3 Accent 1"/>
<w:LsdException Locked="false" Priority="70" Name="Dark List Accent 1"/>
<w:LsdException Locked="false" Priority="71" Name="Colorful Shading Accent 1"/>
<w:LsdException Locked="false" Priority="72" Name="Colorful List Accent 1"/>
<w:LsdException Locked="false" Priority="73" Name="Colorful Grid Accent 1"/>
<w:LsdException Locked="false" Priority="60" Name="Light Shading Accent 2"/>
<w:LsdException Locked="false" Priority="61" Name="Light List Accent 2"/>
<w:LsdException Locked="false" Priority="62" Name="Light Grid Accent 2"/>
<w:LsdException Locked="false" Priority="63" Name="Medium Shading 1 Accent 2"/>
<w:LsdException Locked="false" Priority="64" Name="Medium Shading 2 Accent 2"/>
<w:LsdException Locked="false" Priority="65" Name="Medium List 1 Accent 2"/>
<w:LsdException Locked="false" Priority="66" Name="Medium List 2 Accent 2"/>
<w:LsdException Locked="false" Priority="67" Name="Medium Grid 1 Accent 2"/>
<w:LsdException Locked="false" Priority="68" Name="Medium Grid 2 Accent 2"/>
<w:LsdException Locked="false" Priority="69" Name="Medium Grid 3 Accent 2"/>
<w:LsdException Locked="false" Priority="70" Name="Dark List Accent 2"/>
<w:LsdException Locked="false" Priority="71" Name="Colorful Shading Accent 2"/>
<w:LsdException Locked="false" Priority="72" Name="Colorful List Accent 2"/>
<w:LsdException Locked="false" Priority="73" Name="Colorful Grid Accent 2"/>
<w:LsdException Locked="false" Priority="60" Name="Light Shading Accent 3"/>
<w:LsdException Locked="false" Priority="61" Name="Light List Accent 3"/>
<w:LsdException Locked="false" Priority="62" Name="Light Grid Accent 3"/>
<w:LsdException Locked="false" Priority="63" Name="Medium Shading 1 Accent 3"/>
<w:LsdException Locked="false" Priority="64" Name="Medium Shading 2 Accent 3"/>
<w:LsdException Locked="false" Priority="65" Name="Medium List 1 Accent 3"/>
<w:LsdException Locked="false" Priority="66" Name="Medium List 2 Accent 3"/>
<w:LsdException Locked="false" Priority="67" Name="Medium Grid 1 Accent 3"/>
<w:LsdException Locked="false" Priority="68" Name="Medium Grid 2 Accent 3"/>
<w:LsdException Locked="false" Priority="69" Name="Medium Grid 3 Accent 3"/>
<w:LsdException Locked="false" Priority="70" Name="Dark List Accent 3"/>
<w:LsdException Locked="false" Priority="71" Name="Colorful Shading Accent 3"/>
<w:LsdException Locked="false" Priority="72" Name="Colorful List Accent 3"/>
<w:LsdException Locked="false" Priority="73" Name="Colorful Grid Accent 3"/>
<w:LsdException Locked="false" Priority="60" Name="Light Shading Accent 4"/>
<w:LsdException Locked="false" Priority="61" Name="Light List Accent 4"/>
<w:LsdException Locked="false" Priority="62" Name="Light Grid Accent 4"/>
<w:LsdException Locked="false" Priority="63" Name="Medium Shading 1 Accent 4"/>
<w:LsdException Locked="false" Priority="64" Name="Medium Shading 2 Accent 4"/>
<w:LsdException Locked="false" Priority="65" Name="Medium List 1 Accent 4"/>
<w:LsdException Locked="false" Priority="66" Name="Medium List 2 Accent 4"/>
<w:LsdException Locked="false" Priority="67" Name="Medium Grid 1 Accent 4"/>
<w:LsdException Locked="false" Priority="68" Name="Medium Grid 2 Accent 4"/>
<w:LsdException Locked="false" Priority="69" Name="Medium Grid 3 Accent 4"/>
<w:LsdException Locked="false" Priority="70" Name="Dark List Accent 4"/>
<w:LsdException Locked="false" Priority="71" Name="Colorful Shading Accent 4"/>
<w:LsdException Locked="false" Priority="72" Name="Colorful List Accent 4"/>
<w:LsdException Locked="false" Priority="73" Name="Colorful Grid Accent 4"/>
<w:LsdException Locked="false" Priority="60" Name="Light Shading Accent 5"/>
<w:LsdException Locked="false" Priority="61" Name="Light List Accent 5"/>
<w:LsdException Locked="false" Priority="62" Name="Light Grid Accent 5"/>
<w:LsdException Locked="false" Priority="63" Name="Medium Shading 1 Accent 5"/>
<w:LsdException Locked="false" Priority="64" Name="Medium Shading 2 Accent 5"/>
<w:LsdException Locked="false" Priority="65" Name="Medium List 1 Accent 5"/>
<w:LsdException Locked="false" Priority="66" Name="Medium List 2 Accent 5"/>
<w:LsdException Locked="false" Priority="67" Name="Medium Grid 1 Accent 5"/>
<w:LsdException Locked="false" Priority="68" Name="Medium Grid 2 Accent 5"/>
<w:LsdException Locked="false" Priority="69" Name="Medium Grid 3 Accent 5"/>
<w:LsdException Locked="false" Priority="70" Name="Dark List Accent 5"/>
<w:LsdException Locked="false" Priority="71" Name="Colorful Shading Accent 5"/>
<w:LsdException Locked="false" Priority="72" Name="Colorful List Accent 5"/>
<w:LsdException Locked="false" Priority="73" Name="Colorful Grid Accent 5"/>
<w:LsdException Locked="false" Priority="60" Name="Light Shading Accent 6"/>
<w:LsdException Locked="false" Priority="61" Name="Light List Accent 6"/>
<w:LsdException Locked="false" Priority="62" Name="Light Grid Accent 6"/>
<w:LsdException Locked="false" Priority="63" Name="Medium Shading 1 Accent 6"/>
<w:LsdException Locked="false" Priority="64" Name="Medium Shading 2 Accent 6"/>
<w:LsdException Locked="false" Priority="65" Name="Medium List 1 Accent 6"/>
<w:LsdException Locked="false" Priority="66" Name="Medium List 2 Accent 6"/>
<w:LsdException Locked="false" Priority="67" Name="Medium Grid 1 Accent 6"/>
<w:LsdException Locked="false" Priority="68" Name="Medium Grid 2 Accent 6"/>
<w:LsdException Locked="false" Priority="69" Name="Medium Grid 3 Accent 6"/>
<w:LsdException Locked="false" Priority="70" Name="Dark List Accent 6"/>
<w:LsdException Locked="false" Priority="71" Name="Colorful Shading Accent 6"/>
<w:LsdException Locked="false" Priority="72" Name="Colorful List Accent 6"/>
<w:LsdException Locked="false" Priority="73" Name="Colorful Grid Accent 6"/>
<w:LsdException Locked="false" Priority="19" QFormat="true"
Name="Subtle Emphasis"/>
<w:LsdException Locked="false" Priority="21" QFormat="true"
Name="Intense Emphasis"/>
<w:LsdException Locked="false" Priority="31" QFormat="true"
Name="Subtle Reference"/>
<w:LsdException Locked="false" Priority="32" QFormat="true"
Name="Intense Reference"/>
<w:LsdException Locked="false" Priority="33" QFormat="true" Name="Book Title"/>
<w:LsdException Locked="false" Priority="37" SemiHidden="true"
UnhideWhenUsed="true" Name="Bibliography"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="TOC Heading"/>
<w:LsdException Locked="false" Priority="41" Name="Plain Table 1"/>
<w:LsdException Locked="false" Priority="42" Name="Plain Table 2"/>
<w:LsdException Locked="false" Priority="43" Name="Plain Table 3"/>
<w:LsdException Locked="false" Priority="44" Name="Plain Table 4"/>
<w:LsdException Locked="false" Priority="45" Name="Plain Table 5"/>
<w:LsdException Locked="false" Priority="40" Name="Grid Table Light"/>
<w:LsdException Locked="false" Priority="46" Name="Grid Table 1 Light"/>
<w:LsdException Locked="false" Priority="47" Name="Grid Table 2"/>
<w:LsdException Locked="false" Priority="48" Name="Grid Table 3"/>
<w:LsdException Locked="false" Priority="49" Name="Grid Table 4"/>
<w:LsdException Locked="false" Priority="50" Name="Grid Table 5 Dark"/>
<w:LsdException Locked="false" Priority="51" Name="Grid Table 6 Colorful"/>
<w:LsdException Locked="false" Priority="52" Name="Grid Table 7 Colorful"/>
<w:LsdException Locked="false" Priority="46"
Name="Grid Table 1 Light Accent 1"/>
<w:LsdException Locked="false" Priority="47" Name="Grid Table 2 Accent 1"/>
<w:LsdException Locked="false" Priority="48" Name="Grid Table 3 Accent 1"/>
<w:LsdException Locked="false" Priority="49" Name="Grid Table 4 Accent 1"/>
<w:LsdException Locked="false" Priority="50" Name="Grid Table 5 Dark Accent 1"/>
<w:LsdException Locked="false" Priority="51"
Name="Grid Table 6 Colorful Accent 1"/>
<w:LsdException Locked="false" Priority="52"
Name="Grid Table 7 Colorful Accent 1"/>
<w:LsdException Locked="false" Priority="46"
Name="Grid Table 1 Light Accent 2"/>
<w:LsdException Locked="false" Priority="47" Name="Grid Table 2 Accent 2"/>
<w:LsdException Locked="false" Priority="48" Name="Grid Table 3 Accent 2"/>
<w:LsdException Locked="false" Priority="49" Name="Grid Table 4 Accent 2"/>
<w:LsdException Locked="false" Priority="50" Name="Grid Table 5 Dark Accent 2"/>
<w:LsdException Locked="false" Priority="51"
Name="Grid Table 6 Colorful Accent 2"/>
<w:LsdException Locked="false" Priority="52"
Name="Grid Table 7 Colorful Accent 2"/>
<w:LsdException Locked="false" Priority="46"
Name="Grid Table 1 Light Accent 3"/>
<w:LsdException Locked="false" Priority="47" Name="Grid Table 2 Accent 3"/>
<w:LsdException Locked="false" Priority="48" Name="Grid Table 3 Accent 3"/>
<w:LsdException Locked="false" Priority="49" Name="Grid Table 4 Accent 3"/>
<w:LsdException Locked="false" Priority="50" Name="Grid Table 5 Dark Accent 3"/>
<w:LsdException Locked="false" Priority="51"
Name="Grid Table 6 Colorful Accent 3"/>
<w:LsdException Locked="false" Priority="52"
Name="Grid Table 7 Colorful Accent 3"/>
<w:LsdException Locked="false" Priority="46"
Name="Grid Table 1 Light Accent 4"/>
<w:LsdException Locked="false" Priority="47" Name="Grid Table 2 Accent 4"/>
<w:LsdException Locked="false" Priority="48" Name="Grid Table 3 Accent 4"/>
<w:LsdException Locked="false" Priority="49" Name="Grid Table 4 Accent 4"/>
<w:LsdException Locked="false" Priority="50" Name="Grid Table 5 Dark Accent 4"/>
<w:LsdException Locked="false" Priority="51"
Name="Grid Table 6 Colorful Accent 4"/>
<w:LsdException Locked="false" Priority="52"
Name="Grid Table 7 Colorful Accent 4"/>
<w:LsdException Locked="false" Priority="46"
Name="Grid Table 1 Light Accent 5"/>
<w:LsdException Locked="false" Priority="47" Name="Grid Table 2 Accent 5"/>
<w:LsdException Locked="false" Priority="48" Name="Grid Table 3 Accent 5"/>
<w:LsdException Locked="false" Priority="49" Name="Grid Table 4 Accent 5"/>
<w:LsdException Locked="false" Priority="50" Name="Grid Table 5 Dark Accent 5"/>
<w:LsdException Locked="false" Priority="51"
Name="Grid Table 6 Colorful Accent 5"/>
<w:LsdException Locked="false" Priority="52"
Name="Grid Table 7 Colorful Accent 5"/>
<w:LsdException Locked="false" Priority="46"
Name="Grid Table 1 Light Accent 6"/>
<w:LsdException Locked="false" Priority="47" Name="Grid Table 2 Accent 6"/>
<w:LsdException Locked="false" Priority="48" Name="Grid Table 3 Accent 6"/>
<w:LsdException Locked="false" Priority="49" Name="Grid Table 4 Accent 6"/>
<w:LsdException Locked="false" Priority="50" Name="Grid Table 5 Dark Accent 6"/>
<w:LsdException Locked="false" Priority="51"
Name="Grid Table 6 Colorful Accent 6"/>
<w:LsdException Locked="false" Priority="52"
Name="Grid Table 7 Colorful Accent 6"/>
<w:LsdException Locked="false" Priority="46" Name="List Table 1 Light"/>
<w:LsdException Locked="false" Priority="47" Name="List Table 2"/>
<w:LsdException Locked="false" Priority="48" Name="List Table 3"/>
<w:LsdException Locked="false" Priority="49" Name="List Table 4"/>
<w:LsdException Locked="false" Priority="50" Name="List Table 5 Dark"/>
<w:LsdException Locked="false" Priority="51" Name="List Table 6 Colorful"/>
<w:LsdException Locked="false" Priority="52" Name="List Table 7 Colorful"/>
<w:LsdException Locked="false" Priority="46"
Name="List Table 1 Light Accent 1"/>
<w:LsdException Locked="false" Priority="47" Name="List Table 2 Accent 1"/>
<w:LsdException Locked="false" Priority="48" Name="List Table 3 Accent 1"/>
<w:LsdException Locked="false" Priority="49" Name="List Table 4 Accent 1"/>
<w:LsdException Locked="false" Priority="50" Name="List Table 5 Dark Accent 1"/>
<w:LsdException Locked="false" Priority="51"
Name="List Table 6 Colorful Accent 1"/>
<w:LsdException Locked="false" Priority="52"
Name="List Table 7 Colorful Accent 1"/>
<w:LsdException Locked="false" Priority="46"
Name="List Table 1 Light Accent 2"/>
<w:LsdException Locked="false" Priority="47" Name="List Table 2 Accent 2"/>
<w:LsdException Locked="false" Priority="48" Name="List Table 3 Accent 2"/>
<w:LsdException Locked="false" Priority="49" Name="List Table 4 Accent 2"/>
<w:LsdException Locked="false" Priority="50" Name="List Table 5 Dark Accent 2"/>
<w:LsdException Locked="false" Priority="51"
Name="List Table 6 Colorful Accent 2"/>
<w:LsdException Locked="false" Priority="52"
Name="List Table 7 Colorful Accent 2"/>
<w:LsdException Locked="false" Priority="46"
Name="List Table 1 Light Accent 3"/>
<w:LsdException Locked="false" Priority="47" Name="List Table 2 Accent 3"/>
<w:LsdException Locked="false" Priority="48" Name="List Table 3 Accent 3"/>
<w:LsdException Locked="false" Priority="49" Name="List Table 4 Accent 3"/>
<w:LsdException Locked="false" Priority="50" Name="List Table 5 Dark Accent 3"/>
<w:LsdException Locked="false" Priority="51"
Name="List Table 6 Colorful Accent 3"/>
<w:LsdException Locked="false" Priority="52"
Name="List Table 7 Colorful Accent 3"/>
<w:LsdException Locked="false" Priority="46"
Name="List Table 1 Light Accent 4"/>
<w:LsdException Locked="false" Priority="47" Name="List Table 2 Accent 4"/>
<w:LsdException Locked="false" Priority="48" Name="List Table 3 Accent 4"/>
<w:LsdException Locked="false" Priority="49" Name="List Table 4 Accent 4"/>
<w:LsdException Locked="false" Priority="50" Name="List Table 5 Dark Accent 4"/>
<w:LsdException Locked="false" Priority="51"
Name="List Table 6 Colorful Accent 4"/>
<w:LsdException Locked="false" Priority="52"
Name="List Table 7 Colorful Accent 4"/>
<w:LsdException Locked="false" Priority="46"
Name="List Table 1 Light Accent 5"/>
<w:LsdException Locked="false" Priority="47" Name="List Table 2 Accent 5"/>
<w:LsdException Locked="false" Priority="48" Name="List Table 3 Accent 5"/>
<w:LsdException Locked="false" Priority="49" Name="List Table 4 Accent 5"/>
<w:LsdException Locked="false" Priority="50" Name="List Table 5 Dark Accent 5"/>
<w:LsdException Locked="false" Priority="51"
Name="List Table 6 Colorful Accent 5"/>
<w:LsdException Locked="false" Priority="52"
Name="List Table 7 Colorful Accent 5"/>
<w:LsdException Locked="false" Priority="46"
Name="List Table 1 Light Accent 6"/>
<w:LsdException Locked="false" Priority="47" Name="List Table 2 Accent 6"/>
<w:LsdException Locked="false" Priority="48" Name="List Table 3 Accent 6"/>
<w:LsdException Locked="false" Priority="49" Name="List Table 4 Accent 6"/>
<w:LsdException Locked="false" Priority="50" Name="List Table 5 Dark Accent 6"/>
<w:LsdException Locked="false" Priority="51"
Name="List Table 6 Colorful Accent 6"/>
<w:LsdException Locked="false" Priority="52"
Name="List Table 7 Colorful Accent 6"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Mention"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Smart Hyperlink"/>
</w:LatentStyles>
</xml><![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:-536870145 1107305727 0 0 415 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:-536870145 1073786111 1 0 415 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:Calibri;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:Calibri;
mso-fareast-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
mso-themecolor:hyperlink;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-noshow:yes;
mso-style-priority:99;
color:#954F72;
mso-themecolor:followedhyperlink;
text-decoration:underline;
text-underline:single;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
mso-style-unhide:no;
mso-style-qformat:yes;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:Calibri;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:Calibri;
mso-fareast-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst
{mso-style-priority:34;
mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:Calibri;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:Calibri;
mso-fareast-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle
{mso-style-priority:34;
mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:Calibri;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:Calibri;
mso-fareast-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast
{mso-style-priority:34;
mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:Calibri;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:Calibri;
mso-fareast-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
.MsoChpDefault
{mso-style-type:export-only;
mso-default-props:yes;
font-family:Calibri;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:Calibri;
mso-fareast-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1586693249;
mso-list-type:hybrid;
mso-list-template-ids:191429006 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
</style>
<br />
<br />
<!--EndFragment-->
<div class="MsoListParagraphCxSpLast" style="mso-list: l0 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">12.<span style="font: 7.0pt "Times New Roman";"> </span></span></span><!--[endif]-->Go
back and apply any UTM policies, restrict services, etc in your policies that
you may require. <o:p></o:p></div>
Mohttp://www.blogger.com/profile/09860723179453613089noreply@blogger.com0tag:blogger.com,1999:blog-5601102358487810934.post-68103283899869106322014-03-07T19:00:00.000-05:002014-03-07T19:00:01.640-05:00TCL | Create WTP-Profile and add all FAPs on units to new profile<span style="background-color: yellow; font-family: Arial, Helvetica, sans-serif;">Problem: </span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">We had a good percentage of access points across the enterprise that were not assigned to a WTP profile but instead were set to "Automatic". Even though this caused us no immediate harm it was definitely not optimal. </span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">In order to fix this issue we needed a uniform WTP profile across the board on all Fortigates and we needed to assign all of the FAPs on each FGT to the uniform WTP profile. Unfortunately, this option is not available through the standard Fortimanager features and is a very cumbersome process via the CLI because in order to reference the AP you need to address it by it's serial #.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="font-size: x-small;"><br /></span></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="font-size: x-small;">ex:</span></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="font-size: x-small;"><span style="orphans: 2; text-align: -webkit-auto; widows: 2;"><br /></span></span></span>
<span style="font-size: x-small;"><span style="font-family: Courier New, Courier, monospace; orphans: 2; text-align: -webkit-auto; widows: 2;">config wireless-controller wtp</span></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span style="font-size: x-small;">edit "FAP22B3U12345678"</span><span style="font-size: x-small;"> </span></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span style="font-size: x-small;">set wtp-profile "NEWdefaultwifiprof"</span><span style="font-size: x-small;"> </span></span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">end</span>
<br />
<div style="orphans: 2; text-align: -webkit-auto; widows: 2;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-small;"><br /></span></div>
<div style="orphans: 2; text-align: -webkit-auto; widows: 2;">
<span style="background-color: yellow; font-family: Arial, Helvetica, sans-serif;">Solution:</span></div>
<div style="orphans: 2; text-align: -webkit-auto; widows: 2;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="orphans: 2; text-align: -webkit-auto; widows: 2;">
<span style="font-family: Arial, Helvetica, sans-serif;">For a work around we will need to script out this manual process.</span></div>
<div style="orphans: 2; text-align: -webkit-auto; widows: 2;">
<span style="font-family: Arial, Helvetica, sans-serif;">The script will need to:</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="orphans: 2; text-align: -webkit-auto; widows: 2;">
<span style="font-family: Arial, Helvetica, sans-serif;">1. Create a new standard WTP profile. </span></div>
<div style="orphans: 2; text-align: -webkit-auto; widows: 2;">
<span style="font-family: Arial, Helvetica, sans-serif;">2. Query all of the FAPs on the unit. </span></div>
<div style="orphans: 2; text-align: -webkit-auto; widows: 2;">
<span style="font-family: Arial, Helvetica, sans-serif;">3. Add each FortiAP to the new WTP profile by serial. </span></div>
<div style="orphans: 2; text-align: -webkit-auto; widows: 2;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="orphans: 2; text-align: -webkit-auto; widows: 2;">
<span style="background-color: yellow; font-family: Arial, Helvetica, sans-serif;">Script:</span></div>
<div style="orphans: 2; text-align: -webkit-auto; widows: 2;">
<span style="color: #1f497d; font-family: "Calibri","sans-serif"; font-size: 11.0pt; mso-ansi-language: EN-US; mso-bidi-font-family: "Times New Roman"; mso-bidi-language: AR-SA; mso-fareast-font-family: Calibri; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-latin;"><br /><!--[endif]--></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjncIplq2Vr2WB-n-hfds3OWrRow1l5B3mx-jFBxazDP_HHIicz9mULqUcTgfd6Yj0e7Z18feuTu7Wo36XTclM8y0RH7gSowRyl0ebVnP6hX4eq_doLR6D0GpLsadFN-TfTFqBuC9Th-eEV/s1600/3-7-2014+12-18-34+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjncIplq2Vr2WB-n-hfds3OWrRow1l5B3mx-jFBxazDP_HHIicz9mULqUcTgfd6Yj0e7Z18feuTu7Wo36XTclM8y0RH7gSowRyl0ebVnP6hX4eq_doLR6D0GpLsadFN-TfTFqBuC9Th-eEV/s1600/3-7-2014+12-18-34+PM.png" height="400" width="400" /></a></div>
<span style="color: #1f497d; font-family: "Calibri","sans-serif"; font-size: 11.0pt; mso-ansi-language: EN-US; mso-bidi-font-family: "Times New Roman"; mso-bidi-language: AR-SA; mso-fareast-font-family: Calibri; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-latin;"><br /></span></div>
<div style="orphans: 2; text-align: -webkit-auto; widows: 2;">
<span style="font-family: Menlo; font-size: x-small;">#!</span><br />
<span style="font-family: Menlo; font-size: x-small;">#creates do_cmd process</span><br />
<span style="font-family: Menlo; font-size: x-small;">proc do_cmd {cmd} {</span><br />
<span style="font-family: Menlo; font-size: x-small;"> puts [exec "$cmd\n" "# "]</span><br />
<span style="font-family: Menlo; font-size: x-small;">}</span><br />
<span style="font-family: Menlo; font-size: x-small;">#creates single instance of new wtp-profile</span><br />
<span style="font-family: Menlo; font-size: x-small;">do_cmd "config wireless-controller wtp-profile"</span><br />
<span style="font-family: Menlo; font-size: x-small;">do_cmd "edit NEWdefaultwifiprof"</span><br />
<span style="font-family: Menlo; font-size: x-small;">do_cmd "config radio-1"</span><br />
<span style="font-family: Menlo; font-size: x-small;">do_cmd "set mode ap"</span><br />
<span style="font-family: Menlo; font-size: x-small;">do_cmd "set band 802.11n-5G"</span><br />
<span style="font-family: Menlo; font-size: x-small;">do_cmd "set ap-bgscan enable"</span><br />
<span style="font-family: Menlo; font-size: x-small;">do_cmd "set rogue-scan enable"</span><br />
<span style="font-family: Menlo; font-size: x-small;">do_cmd "set frequency-handoff enable"</span><br />
<span style="font-family: Menlo; font-size: x-small;">do_cmd "set ap-handoff enable"</span><br />
<span style="font-family: Menlo; font-size: x-small;">do_cmd "set vaps NewSitewifi"</span><br />
<span style="font-family: Menlo; font-size: x-small;">do_cmd "set channel 36 40 44 48 149 153 157 161 165"</span><br />
<span style="font-family: Menlo; font-size: x-small;">do_cmd "end"</span><br />
<span style="font-family: Menlo; font-size: x-small;">do_cmd "config radio-2"</span><br />
<span style="font-family: Menlo; font-size: x-small;">do_cmd "set mode ap"</span><br />
<span style="font-family: Menlo; font-size: x-small;">do_cmd "set band 802.11n"</span><br />
<span style="font-family: Menlo; font-size: x-small;">do_cmd "set ap-bgscan enable"</span><br />
<span style="font-family: Menlo; font-size: x-small;">do_cmd "set rogue-scan enable"</span><br />
<span style="font-family: Menlo; font-size: x-small;">do_cmd "set frequency-handoff enable"</span><br />
<span style="font-family: Menlo; font-size: x-small;">do_cmd "set ap-handoff enable"</span><br />
<span style="font-family: Menlo; font-size: x-small;">do_cmd "set vaps NewSitewifi"</span><br />
<span style="font-family: Menlo; font-size: x-small;">do_cmd "set channel 1 6 11"</span><br />
<span style="font-family: Menlo; font-size: x-small;">do_cmd "end"</span><br />
<span style="font-family: Menlo; font-size: x-small;">do_cmd "next"</span><br />
<span style="font-family: Menlo; font-size: x-small;">do_cmd "end"</span><br />
<span style="font-family: Menlo; font-size: x-small;">#queries all access points</span><br />
<span style="font-family: Menlo; font-size: x-small;">foreach line [split [exec "show wireless-controller wtp | grep edit\n" "# "] \n] {</span><br />
<span style="font-family: Menlo; font-size: x-small;">#regexp to match FAP serial #s</span><br />
<span style="font-family: Menlo; font-size: x-small;"> if {[regexp {edit[ ]+"(.*)"} $line match fapid]} {</span><br />
<span style="font-family: Menlo; font-size: x-small;">#assigns all aps on fortigate to new wtp-profile</span><br />
<span style="font-family: Menlo; font-size: x-small;"> do_cmd "config wireless-controller wtp"</span><br />
<span style="font-family: Menlo; font-size: x-small;"> do_cmd "edit $fapid"</span><br />
<span style="font-family: Menlo; font-size: x-small;"> do_cmd "set wtp-profile NEWdefaultwifiprof"</span><br />
<span style="font-family: Menlo; font-size: x-small;"> do_cmd "end"</span><br />
<span style="font-family: Menlo; font-size: x-small;"> }</span><br />
<span style="font-size: x-small;"><span style="font-family: Menlo;"></span></span><br />
<span style="font-family: Menlo; font-size: x-small;">}</span><br />
<span style="font-family: Menlo; font-size: x-small;"><br /></span>
<span style="font-family: Menlo; font-size: x-small;"><br /></span>
</div>
Mohttp://www.blogger.com/profile/09860723179453613089noreply@blogger.com0tag:blogger.com,1999:blog-5601102358487810934.post-20451559023404157582014-01-23T23:20:00.000-05:002014-01-24T00:06:37.539-05:00TCL {fortiManager} $script | grep continuedPlease refer to my last <a href="http://www.fortihelp.com/2013/03/tcl-scripting-with-fortimanager-40.html" target="_blank">post</a> on FortiManager scripting for more info.<br />
<br />
This script was directly inspired by the legacy Fortinet tech doc: <a href="http://docs-legacy.fortinet.com/fmgr/fmgr-admin/index.html#page/FMG-437-Online-Help/1500_Scripts.16.18.html#ww1830754" target="_blank">TCL Decisions</a>.<br />
<br />
Below is a quick script utilizing our fairly new grep capabilities in FortiOS.<br />
<br />
When launched this script will:<br />
<br />
1. Find all policies that match our regex.<br />
2. Store their "edit #" value in a variable named $policyid.<br />
3. Run commands in a foreach loop against those policies. <br />
<br />
<br />
<div class="MsoNormal" style="background-color: white; color: #222222; font-family: Calibri, sans-serif; font-size: 11pt; margin: 0in 0in 0.0001pt;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXc6T0adv2MsoBpCnJS_-wGS-MK0GmOlpYBEs6yPwL6CDLf4O_Kj2u9hgSv4r2lyl1TRAFdQQwJ8IaR2M8BexD3rOBrBL5txTpLbrdvljHuZIw7zWdJdFzP9uYCBuIW-YXlgeWanjrTnfK/s1600/1-24-2014+12-02-14+AM.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXc6T0adv2MsoBpCnJS_-wGS-MK0GmOlpYBEs6yPwL6CDLf4O_Kj2u9hgSv4r2lyl1TRAFdQQwJ8IaR2M8BexD3rOBrBL5txTpLbrdvljHuZIw7zWdJdFzP9uYCBuIW-YXlgeWanjrTnfK/s1600/1-24-2014+12-02-14+AM.png" height="217" width="400" /></a></div>
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
proc do_cmd {cmd} {<u></u><u></u></div>
<div class="MsoNormal" style="background-color: white; color: #222222; font-family: Calibri, sans-serif; font-size: 11pt; margin: 0in 0in 0.0001pt;">
puts [exec "$cmd\n" "# "]<u></u><u></u></div>
<div class="MsoNormal" style="background-color: white; color: #222222; font-family: Calibri, sans-serif; font-size: 11pt; margin: 0in 0in 0.0001pt;">
}<u></u><u></u></div>
<div class="MsoNormal" style="background-color: white; color: #222222; font-family: Calibri, sans-serif; font-size: 11pt; margin: 0in 0in 0.0001pt;">
foreach line [split [exec "show firewall policy | grep -f deep-inspection\n" "# "] \n] {<u></u><u></u></div>
<div class="MsoNormal" style="background-color: white; color: #222222; font-family: Calibri, sans-serif; font-size: 11pt; margin: 0in 0in 0.0001pt;">
if {[regexp {edit[ ]+([0-9]+)} $line match policyid]} {<u></u><u></u></div>
<div class="MsoNormal" style="background-color: white; color: #222222; font-family: Calibri, sans-serif; font-size: 11pt; margin: 0in 0in 0.0001pt;">
continue<u></u><u></u></div>
<div class="MsoNormal" style="background-color: white; color: #222222; font-family: Calibri, sans-serif; font-size: 11pt; margin: 0in 0in 0.0001pt;">
} elseif {[regexp {set[ ]+(\w+)[ ]+(.*)\r} $line match key value]} {<u></u><u></u></div>
<div class="MsoNormal" style="background-color: white; color: #222222; font-family: Calibri, sans-serif; font-size: 11pt; margin: 0in 0in 0.0001pt;">
lappend fw_policy($policyid) "$key $value"<u></u><u></u></div>
<div class="MsoNormal" style="background-color: white; color: #222222; font-family: Calibri, sans-serif; font-size: 11pt; margin: 0in 0in 0.0001pt;">
}<u></u><u></u></div>
<div class="MsoNormal" style="background-color: white; color: #222222; font-family: Calibri, sans-serif; font-size: 11pt; margin: 0in 0in 0.0001pt;">
}<u></u><u></u></div>
<div class="MsoNormal" style="background-color: white; color: #222222; font-family: Calibri, sans-serif; font-size: 11pt; margin: 0in 0in 0.0001pt;">
do_cmd "config firewall policy"<u></u><u></u></div>
<div class="MsoNormal" style="background-color: white; color: #222222; font-family: Calibri, sans-serif; font-size: 11pt; margin: 0in 0in 0.0001pt;">
foreach policyid [array names fw_policy] {<u></u><u></u></div>
<div class="MsoNormal" style="background-color: white; color: #222222; font-family: Calibri, sans-serif; font-size: 11pt; margin: 0in 0in 0.0001pt;">
do_cmd "edit $policyid"<u></u><u></u></div>
<div class="MsoNormal" style="background-color: white; color: #222222; font-family: Calibri, sans-serif; font-size: 11pt; margin: 0in 0in 0.0001pt;">
do_cmd "unset deep-inspection-options"<u></u><u></u></div>
<div class="MsoNormal" style="background-color: white; color: #222222; font-family: Calibri, sans-serif; font-size: 11pt; margin: 0in 0in 0.0001pt;">
do_cmd "next"<u></u><u></u></div>
<div class="MsoNormal" style="background-color: white; color: #222222; font-family: Calibri, sans-serif; font-size: 11pt; margin: 0in 0in 0.0001pt;">
}<u></u><u></u></div>
<div class="MsoNormal" style="background-color: white; color: #222222; font-family: Calibri, sans-serif; font-size: 11pt; margin: 0in 0in 0.0001pt;">
do_cmd "end"</div>
<div class="MsoNormal" style="background-color: white; color: #222222; font-family: Calibri, sans-serif; font-size: 11pt; margin: 0in 0in 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="background-color: white; color: #222222; font-family: Calibri, sans-serif; font-size: 11pt; margin: 0in 0in 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="background-color: white; color: #222222; font-family: Calibri, sans-serif; font-size: 11pt; margin: 0in 0in 0.0001pt;">
Enjoy and feel free to post and questions or comments below.</div>
Mohttp://www.blogger.com/profile/09860723179453613089noreply@blogger.com0tag:blogger.com,1999:blog-5601102358487810934.post-80350836712929402532013-03-03T15:15:00.001-05:002013-03-03T15:30:00.396-05:00TCL scripting with Fortimanager 4.0This is how you write a simple TCL that will parse the IP address from CLI and input it into your commands.<br />
<br />
<b><u>1. The Problem. </u></b><br />
<b><u><br /></u></b>
I needed to begin logging about 200 80c's to our FortiAnalyzer.<br />
<br />
The main issue is that all of our interface tunnels are set with 0.0.0.0 local and remote IPs for simplicity so when I input the private 192.x IP of the Analyzer into the GUI it would not route through the tunnel.<br />
<br />
The solution to this is to use internal interface IP in the CLI like so:<br />
<br />
<br />
config log fortianalyzer setting<br />
set status enable<br />
set source-ip 192.168.1.1<br />
end<br />
<br />
In the above example let's say that 192.168.1.1 is the internal interface IP for this box.<br />
<br />
Now, the question was how I was going to do these for 200 units .. each with their own unique internal interface IP.<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwTd821DZQKwwR1uWZr61EacnaW40uK1CCNCujzauzM4CcbUed4mEV1414p1Cydq0lKnihQBRYfU4AeFczF1ggaVmk9-WJkr6cfbJpPZ3H7VTq0SwTff-u69akh6985CLcHzvmiK0SCPqM/s1600/3-3-2013+2-46-16+PM.gif" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwTd821DZQKwwR1uWZr61EacnaW40uK1CCNCujzauzM4CcbUed4mEV1414p1Cydq0lKnihQBRYfU4AeFczF1ggaVmk9-WJkr6cfbJpPZ3H7VTq0SwTff-u69akh6985CLcHzvmiK0SCPqM/s1600/3-3-2013+2-46-16+PM.gif" height="230" width="400" /></a></div>
<br />
<br />
<b><u><br /></u></b>
<b><u><br /></u></b>
<b><u><br /></u></b>
<b><u><br /></u></b>
<b><u><br /></u></b>
<b><u><br /></u></b>
<b><u><br /></u></b>
<b><u><br /></u></b>
<b><u><br /><br /><br /><br /><br /><br /><br /></u></b>
<b><u><br /></u></b>
<b><u><br /></u></b>
<b><u>2. Fortimanager TCL scripting</u></b><br />
<br />
Access the Fortimanager TCL scripting feature in the "Device Manager" tab under "Tools".<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnTiv6wtoTGSj70DLOdyQV7kiuPNzN6ip6O_nn1jvel1JP73oYMFgb021TwUdZ1lZXBL_iEP2cBzNF5HKZgNqcvYUNtAOOi1BOLwXLCb1KcFQHc_XtBHHu1DW1gKM77anyfMVpfmtrS8eH/s1600/3-3-2013+2-52-52+PM.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnTiv6wtoTGSj70DLOdyQV7kiuPNzN6ip6O_nn1jvel1JP73oYMFgb021TwUdZ1lZXBL_iEP2cBzNF5HKZgNqcvYUNtAOOi1BOLwXLCb1KcFQHc_XtBHHu1DW1gKM77anyfMVpfmtrS8eH/s1600/3-3-2013+2-52-52+PM.gif" height="300" width="640" /></a></div>
<br />
<br />
Click on "Create New"<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBeszGwxge514TePLUnMcY9VbmeCtXNE51ZjienFKmUddjmXhHJlaRd_ROUXUn4GNwrwTyiw5cEwT_YydNqtoXjvsMLbLl4xVJc-ZOFlXkSZ0r2gnQuuEmugPj6A0feslFbv7YVD8rWkqj/s1600/3-3-2013+2-57-29+PM.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBeszGwxge514TePLUnMcY9VbmeCtXNE51ZjienFKmUddjmXhHJlaRd_ROUXUn4GNwrwTyiw5cEwT_YydNqtoXjvsMLbLl4xVJc-ZOFlXkSZ0r2gnQuuEmugPj6A0feslFbv7YVD8rWkqj/s1600/3-3-2013+2-57-29+PM.gif" height="146" width="640" /></a></div>
<br />
<br />
<u><b>3. The Script</b></u><br />
<br />
<br />
#!<br />
puts "Script starts ..."<br />
<br />
# Create do_cmd procedure to execute CLI commands<br />
proc do_cmd {cmd} {<br />
puts [exec "$cmd\n" "# " 15]<br />
}<br />
<br />
# get internal ip<br />
do_cmd "config system interface"<br />
do_cmd "edit internal"<br />
set query [exec "show\n" "# "]<br />
#puts $query<br />
set output [split $query "\n"]<br />
#Find IP address and puts $ip<br />
regexp {(?:\d+\.){3}\d+} $output ip<br />
do_cmd "end"<br />
<br />
# set internal ip as source ip for log fortianalyzer<br />
do_cmd "config log fortianalyzer setting"<br />
do_cmd "set status enable"<br />
do_cmd "set source-ip $ip"<br />
do_cmd "end"<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjejmF-ITT_T0vhHbDxuRhSr9jSEFLT8GKPE1SjpFWrDXI1wyPwBUGtBBX_unvGKOxoXgqTAdnQX74hxt_sMvDoZlBKG9pOlpAh44pRcx6B0kY3zCVDij0wMsHgPZ0CbKMz64D6M6l4LS0n/s1600/3-3-2013+2-22-47+PM.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjejmF-ITT_T0vhHbDxuRhSr9jSEFLT8GKPE1SjpFWrDXI1wyPwBUGtBBX_unvGKOxoXgqTAdnQX74hxt_sMvDoZlBKG9pOlpAh44pRcx6B0kY3zCVDij0wMsHgPZ0CbKMz64D6M6l4LS0n/s1600/3-3-2013+2-22-47+PM.gif" height="472" width="640" /></a></div>
<br />
<br />
Input and save.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFqlaTFFzzMX-alOL90EwlZxVcOL9Kr7ZFMhRiVgWLA6zVENhsh_gSv1JqlergbQWmNPNbMnhKo0VRFFdteCdKXstdcidJqWezkiO73F5DJXwB-Sb4DmQEmfdaPi6SJCueIHWfli8PlfQg/s1600/3-3-2013+3-03-27+PM.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFqlaTFFzzMX-alOL90EwlZxVcOL9Kr7ZFMhRiVgWLA6zVENhsh_gSv1JqlergbQWmNPNbMnhKo0VRFFdteCdKXstdcidJqWezkiO73F5DJXwB-Sb4DmQEmfdaPi6SJCueIHWfli8PlfQg/s1600/3-3-2013+3-03-27+PM.gif" height="390" width="400" /></a></div>
<br />
<br />
<b><u>4. Execute and Verify</u></b><br />
<br />
You can only execute scripts at the group level so (if you haven't already) create a new test script group and add your test unit into the group.<br />
<br />
Right click the group name and select "Script".<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_f-Wi5Uo8rAKgu8qZ6z_Z1lBvB4zdNrnXmOgqkeKhjT8N9BquqA07x21EcT4hkSDUpXfab_3Wcum0qkXtY8kBt99p-jmPn0Qc1AZFLB4F8seXm6GMz-0e5mysnCIUdAL-0HdPSeq-h5qe/s1600/3-3-2013+3-06-11+PM.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_f-Wi5Uo8rAKgu8qZ6z_Z1lBvB4zdNrnXmOgqkeKhjT8N9BquqA07x21EcT4hkSDUpXfab_3Wcum0qkXtY8kBt99p-jmPn0Qc1AZFLB4F8seXm6GMz-0e5mysnCIUdAL-0HdPSeq-h5qe/s1600/3-3-2013+3-06-11+PM.gif" /></a></div>
<br />
Click "Create New"<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvtBihGWA09-hi6eebRYkIOu9zkUatP1k_exo9jnqiTaHcZMzCvTHr223-NaaqVXb89slxqZFRa29HWoswegyUYPoW4-XkF1H1-QLjDxW-hCw3NMYRP_YqTKeHeuSQ0nTI_l-rNdpINCiv/s1600/3-3-2013+3-07-10+PM.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvtBihGWA09-hi6eebRYkIOu9zkUatP1k_exo9jnqiTaHcZMzCvTHr223-NaaqVXb89slxqZFRa29HWoswegyUYPoW4-XkF1H1-QLjDxW-hCw3NMYRP_YqTKeHeuSQ0nTI_l-rNdpINCiv/s1600/3-3-2013+3-07-10+PM.gif" height="132" width="640" /></a></div>
<br />
Select your script from the drop down and hit OK.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJMfciwAFkfoOTO9WMwyA5u_-8sx9BAqyfAGow6yihq8Myza51qrSJcp_0h5hw7XmPsyYXG8vX5MAklnKxCeuXdyTB4Ek7jyX8Nm8Eqg6nIPLmZoZMSkmBhAeiP649UVn-5Ox4Y2hBk5vZ/s1600/3-3-2013+3-08-10+PM.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJMfciwAFkfoOTO9WMwyA5u_-8sx9BAqyfAGow6yihq8Myza51qrSJcp_0h5hw7XmPsyYXG8vX5MAklnKxCeuXdyTB4Ek7jyX8Nm8Eqg6nIPLmZoZMSkmBhAeiP649UVn-5Ox4Y2hBk5vZ/s1600/3-3-2013+3-08-10+PM.gif" height="163" width="400" /></a></div>
<br />
<br />
<b><u>5. Review Script Log</u></b><br />
<br />
Go to the dashboard of the unit that was in the group that you ran the script on.<br />
On the right side: Click on "Configure" next to Script status.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwJJvToc4Ubj8Of6DVSNCFwRSZl-DhL8zY_iFDpeh8xXeCA-XCR3cQX9JR0Nuu7atSQKC6i3yG5EZns7crtfiFltHq54l6WgzU_ptiSx3EHR30qwWJmFpTVDzfVioWcgvebo97vD8WOXiQ/s1600/3-3-2013+3-10-30+PM.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwJJvToc4Ubj8Of6DVSNCFwRSZl-DhL8zY_iFDpeh8xXeCA-XCR3cQX9JR0Nuu7atSQKC6i3yG5EZns7crtfiFltHq54l6WgzU_ptiSx3EHR30qwWJmFpTVDzfVioWcgvebo97vD8WOXiQ/s1600/3-3-2013+3-10-30+PM.gif" /></a></div>
<br />
<br />
In this window you should be able to see your script execution history which should look something like my output below.<br />
<br />
<br />
<br />
<blockquote>
Starting log (Run on device)<br />
Script starts ...<br />
config system interface<br />
<br />
HQ_LAB (interface) #<br />
edit internal<br />
change table entry 'internal'<br />
HQ_LAB (internal) #<br />
end<br />
cmd_clean_context 0, abort=0<br />
HQ_LAB #<br />
config log fortianalyzer setting<br />
<br />
HQ_LAB (setting) #<br />
set status enable<br />
path=log.fortianalyzer, objname=setting, size=340, sz_attr=1<br />
attr : status enable, 4, 0<br />
HQ_LAB (setting) #<br />
set source-ip 192.168.1.1<br />
path=log.fortianalyzer, objname=setting, size=340, sz_attr=1<br />
attr : source-ip 192.168.1.1, 4, 320<br />
HQ_LAB (setting) #<br />
end<br />
cmd_clean_context 0, abort=0<br />
HQ_LAB #</blockquote>
<br />
I hope this has helped some of you out there. Leave a comment if you have any questions.<br />
Thank you!<br />
-MoMohttp://www.blogger.com/profile/09860723179453613089noreply@blogger.com2tag:blogger.com,1999:blog-5601102358487810934.post-53260600364028396982012-09-06T13:48:00.000-04:002012-09-06T13:50:12.372-04:00No FortiManager, No Problem! [Windows]Having a Fortimanager can get pricey. Not to mention risky when dealing with the latest builds and a large FGT network. In this post we will examine how we can run scripts/commands on your entire network without a manager by using open source software and the FortiOS CLI.<br />
<div>
<br /></div>
<div>
Download <a href="http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html">PLink</a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
1. First create a working folder in your root drive. In the illustration below I have named my folder "putty".</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjByz06m1vzRt6KoGjejs9UOZMARRY0b9ML6r0aq-283cBysjKph7NpRrZdq6qz6vdiw_lTxE5E1fyD1gH4xOvuWN8VEyQFEM1LzXDCft63uGFF8shMTTyPViTmfwvwrFWPmwILMMLBXRrw/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjByz06m1vzRt6KoGjejs9UOZMARRY0b9ML6r0aq-283cBysjKph7NpRrZdq6qz6vdiw_lTxE5E1fyD1gH4xOvuWN8VEyQFEM1LzXDCft63uGFF8shMTTyPViTmfwvwrFWPmwILMMLBXRrw/s1600/1.png" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
2. Then inside the putty folder we will create the following folder structure to store our info. </div>
<div>
<br /></div>
<div>
Devices / Logs / Scripts. Also save your plink.exe file in this root folder. </div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgllF8Qk0CODX4TL2Mc6EjrKlvbzgDD879fp41tuhQKQIVkuqsLruJzNJQjmEhl3d6MgK62V80dIng1sq_E8DJRXeIM0HX0ByZVRVVXigzxQToojhlJ4mgg52J1YW01mVlkMo1rk-MvbWXq/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgllF8Qk0CODX4TL2Mc6EjrKlvbzgDD879fp41tuhQKQIVkuqsLruJzNJQjmEhl3d6MgK62V80dIng1sq_E8DJRXeIM0HX0ByZVRVVXigzxQToojhlJ4mgg52J1YW01mVlkMo1rk-MvbWXq/s1600/2.png" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
3. Open your "devices" folder and create a new txt file. Add the interface IPs you will be connecting to via SSH in a single column.</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMwGxmMMleSIAn7AyTLMPxSJNOu7z-4pag9ZpytqySPQtyg4xydEDShi2etVfx6oksOfe2znYCcaXxHHV3hk9DyWx1TCxtAjB-oNroxdLcDipIcSkN3AqgwFAD1fLcEs-g3BTWlt701Iju/s1600/3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="140" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMwGxmMMleSIAn7AyTLMPxSJNOu7z-4pag9ZpytqySPQtyg4xydEDShi2etVfx6oksOfe2znYCcaXxHHV3hk9DyWx1TCxtAjB-oNroxdLcDipIcSkN3AqgwFAD1fLcEs-g3BTWlt701Iju/s320/3.png" width="320" /></a></div>
<div>
<br /></div>
<div>
4. Open the "scripts" folder and create a new txt with your commands.</div>
<div>
<br /></div>
<div>
This can be any command that you would be able to run in an SSH session on the Fortigate.</div>
<div>
<br /></div>
<div>
Refer to <a href="http://www.fortihelp.com/2008/06/how-to-create-quick-scripts-using-gui.html" target="_blank">this post</a> for CLI scripting help.</div>
<div>
<br /></div>
<div>
In this case I have used </div>
<blockquote class="tr_bq">
get system status | grep Serial-Number</blockquote>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXXhZyrS0OOECBxydlXNN1H8zcVExsOqSFeP-BrItVuJFMdMJOZaY7U5gsn3HIyaSLOSV68WuWttvE5EizNvkB6swCZdKZFHLMCCs4V8Wvgs9f1LVRSA03hZLwH3Y9yH03ZzA-SFt3ZjNT/s1600/4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="77" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXXhZyrS0OOECBxydlXNN1H8zcVExsOqSFeP-BrItVuJFMdMJOZaY7U5gsn3HIyaSLOSV68WuWttvE5EizNvkB6swCZdKZFHLMCCs4V8Wvgs9f1LVRSA03hZLwH3Y9yH03ZzA-SFt3ZjNT/s320/4.png" width="320" /></a></div>
<div>
<br /></div>
<div>
5. Go back to your root folder "putty" and create a new txt file. Save it as "script_FGT.cmd". </div>
<div>
<br /></div>
<div>
In this txt file we will be calling the script to run on your devices list and create a log in our logs folder. </div>
<div>
<br /></div>
<div>
Replace username with your account username and password with the account password.</div>
<div>
<br /></div>
<blockquote class="tr_bq">
for /f %%i in (c:\putty\devices\devices.txt) do c:\putty\plink.exe username@%%i -pw password -m c:\putty\scripts\grepserial.txt >> c:\putty\logs\_LOG.txt</blockquote>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgP45MSGzgMoHwDo1UsE86jKNArKs4xhh_3sYop0dNofA1uge5hGdlx1HsGulnsdubUMjqMTsOSo_aZKgdth6lv4snF9raUC4IjpVL1_cmIPiqr1s7XcFnTKpxvm-ROn4IoMV1ckC_SZMNW/s1600/5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="110" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgP45MSGzgMoHwDo1UsE86jKNArKs4xhh_3sYop0dNofA1uge5hGdlx1HsGulnsdubUMjqMTsOSo_aZKgdth6lv4snF9raUC4IjpVL1_cmIPiqr1s7XcFnTKpxvm-ROn4IoMV1ckC_SZMNW/s320/5.png" width="320" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
6. Finally, open a command prompt and run script_FGT.cmd. </div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7BYURlfUIpihvvrfJv3X9m7WDXUtTJMPw9XkGTTcLK6OdH1Z9qL9W9F872utVpbF0hKQ-Fy0NJbmncDzF0lvITbIMAV36ggP-Gj-07s4cY1FRdSmq2FWTc5hoX2148PXoc8XTnU8ccqJW/s1600/6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="98" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7BYURlfUIpihvvrfJv3X9m7WDXUtTJMPw9XkGTTcLK6OdH1Z9qL9W9F872utVpbF0hKQ-Fy0NJbmncDzF0lvITbIMAV36ggP-Gj-07s4cY1FRdSmq2FWTc5hoX2148PXoc8XTnU8ccqJW/s320/6.png" width="320" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
Resources:</div>
<div>
<a href="http://simple-webdesign.blogspot.com/2011/12/automate-cisco-ssh-connections-with.html">http://simple-webdesign.blogspot.com/2011/12/automate-cisco-ssh-connections-with.html</a> [original post]</div>
<div>
<a href="http://the.earth.li/~sgtatham/putty/0.55/htmldoc/Chapter7.html">http://the.earth.li/~sgtatham/putty/0.55/htmldoc/Chapter7.html</a> [plink help]</div>
<div>
<a href="http://docs.fortinet.com/fgt/techdocs/fortigate-cli.pdf">http://docs.fortinet.com/fgt/techdocs/fortigate-cli.pdf</a> [FortiOS 4.0 CLI ref.]</div>
<div>
<br /></div>
<div>
Please post any questions in the comments section below. </div>
<div>
<br /></div>
<div>
<br /></div>
Mohttp://www.blogger.com/profile/09860723179453613089noreply@blogger.com1tag:blogger.com,1999:blog-5601102358487810934.post-54392973676411041102008-12-03T15:23:00.001-05:002008-12-03T15:40:32.804-05:00How to setup a custom FortiClient install.In this tutorial I will demonstrate how you should setup a custom <span class="blsp-spelling-error" id="SPELLING_ERROR_0">Forticlient</span> install for your users and include some example scripts to help you along. <div><div><div><br /><br /><div style="color: rgb(204, 0, 0);"><strong>1. Log into the <span class="blsp-spelling-error" id="SPELLING_ERROR_1">Fortinet</span> Support site and download the latest .zip package of <span class="blsp-spelling-error" id="SPELLING_ERROR_2">Forticlient</span>.</strong></div><br /><div style="font-style: italic;">[Note that the install packages with _<span class="blsp-spelling-error" id="SPELLING_ERROR_3">FG</span> in the <span class="blsp-spelling-error" id="SPELLING_ERROR_4">filename</span> are for uploading directly to the <span class="blsp-spelling-error" id="SPELLING_ERROR_5">Fortigate</span> only.]</div><br /><div><br /></div><div></div><a href="ftp://support.fortinet.com/FortiClient/v3.0/">ftp://support.fortinet.com/FortiClient/v3.0/</a><img id="BLOGGER_PHOTO_ID_5275293965893891970" style="margin: 0px auto 10px; display: block; width: 400px; height: 183px; text-align: center;" alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGOFov8hEAPghN_YMVGUpgnQz0mz2PZEKaZnKix8aan4b20fdlo0i2JQsacX00gq_TL65uYD6EmdizMW9o3qrthMaF2BVK53eyVf1X4tqkWuxB84G7avf1nwXpGRHqLq0G2dFQsQMJsWUm/s400/ftp_download.png" border="0" /><br /><br /><br /><div style="text-align: center;"><pre><span style="color: rgb(51, 51, 51);font-family:georgia;font-size:100%;" >See [<a href="http://docs.google.com/Doc?id=dcf4b5t7_42zt6gmf6">LINK</a>] for Readme.txt explanation of different install packages.</span><br /></pre></div><div></div><br /><br /><div style="color: rgb(204, 0, 0);"><strong>2. Unzip contents.</strong></div><img id="BLOGGER_PHOTO_ID_5275295261737910530" style="margin: 0px auto 10px; display: block; width: 400px; height: 274px; text-align: center;" alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnFBRrZBakXMnEQ5QW_XecthWgQVXLqksyygTE9DZVNVNRNaahbzrEciwHtZ6nSqxrpT59KZkU479VGhKX_ZG5aJt7vtZtLCEkRP3u3kJNBH8KYk5Hj9O1n8md5J6tCTC1fPu3XZ3q55k5/s400/zip_contents.gif" border="0" /> </div><br /><div><strong></strong> </div><br /><div style="color: rgb(204, 0, 0);"><strong>3. Install <span class="blsp-spelling-error" id="SPELLING_ERROR_6">Forticlient</span>.<span class="blsp-spelling-error" id="SPELLING_ERROR_7">msi</span> to a clean system/PC. Then proceed to configure the client as you would like it configured for your end-users.</strong></div><br /><div> </div><br /><div>[When installing; make sure to install only the components that you would like installed for your users as well. This will make the rest of the process a little simpler.]</div><br /><div> </div><br /><div style="text-align: center;"><span style="font-family:georgia;">See [<a href="http://fortihelp.blogspot.com/2008/12/visual-forticlient-overview.html">LINK</a>] for a sample FortiClient configuration.</span><br /><br /><br /><div style="text-align: left;"><span style="font-weight: bold; color: rgb(204, 0, 0);">4. Create a folder with a simple filename like "forticlient" in the root of C:\ and copy FCRepackager.exe and Forticlient MSI to it.</span><br /><br />FCRepackager.exe can be found in FortiClientSetup_3.0.606\tools.<br /><br /><span style="font-style: italic;">[Make sure you read </span><a style="font-style: italic;" href="http://docs.google.com/Doc?id=dcf4b5t7_3hh39h8cq">FCRepackager_Readme.txt</a><span style="font-style: italic;"> for all available switches and options.]</span><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWHRDlxULZBxTAMlvKOMwggJkQtCghsVTKcHT_yAkFx4qv_-2542SypyKQ8m7t1YFLS_kvrLCR4P9XuyujD6EN5wVtKc7j_bm5JFN-wSjuJtE2L4CrSbnXdw8s409OXlo50vG6aE_tqVvv/s1600-h/C-forticlient.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 364px; height: 153px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWHRDlxULZBxTAMlvKOMwggJkQtCghsVTKcHT_yAkFx4qv_-2542SypyKQ8m7t1YFLS_kvrLCR4P9XuyujD6EN5wVtKc7j_bm5JFN-wSjuJtE2L4CrSbnXdw8s409OXlo50vG6aE_tqVvv/s400/C-forticlient.gif" alt="" id="BLOGGER_PHOTO_ID_5275599219491010226" border="0" /></a><br /><br /><br /><span style="color: rgb(204, 0, 0); font-weight: bold;">5. Run c:\forticlient\FCRepackager.exe -i AV,VPN,FW,WF -L p@ssw0rd -v at a DOS prompt.</span><br /><br /><br />This command string is executing the following:<br /><br />Components installed:<br />AntiVirus,VPN,Firewall,WebFilter<br /><br />Admin password = p@ssw0rd<br /><br />Verbose Output:<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHBEhWPb0-x7SdmhvPYiBXvV6oXA79IFF9yHWlnSs3bGxigQzqoEfCqgamNcZvAQgheNLZgnzivFiRVdixKPxi4gozedHO3geLY1yUcVM6bFTuIFOSUUQjVAJ4LzkhME_A89FxKhEgo5nC/s1600-h/verbose.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 394px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHBEhWPb0-x7SdmhvPYiBXvV6oXA79IFF9yHWlnSs3bGxigQzqoEfCqgamNcZvAQgheNLZgnzivFiRVdixKPxi4gozedHO3geLY1yUcVM6bFTuIFOSUUQjVAJ4LzkhME_A89FxKhEgo5nC/s400/verbose.gif" alt="" id="BLOGGER_PHOTO_ID_5275657767187443266" border="0" /></a><br />This process creates the FortiClient.mst file which is required in the next steps. Make sure you place in the same folder as FortiClient.msi if it is not already located there.<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSmjqP3Q5ng4Pa4-AladaP6Ga-pEiPPbVtcjJUOcKmeu2UvXPVdWF81pZgtrd7FGMLgarFGmeBQGaiqVPyyeZWDChBLLM1qGWeyneBTyMOwCcMEkHXexX3HZXOSmQxwLykGq5hHxKcaX03/s1600-h/forticlient-mst.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 104px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSmjqP3Q5ng4Pa4-AladaP6Ga-pEiPPbVtcjJUOcKmeu2UvXPVdWF81pZgtrd7FGMLgarFGmeBQGaiqVPyyeZWDChBLLM1qGWeyneBTyMOwCcMEkHXexX3HZXOSmQxwLykGq5hHxKcaX03/s400/forticlient-mst.gif" alt="" id="BLOGGER_PHOTO_ID_5275658686421437714" border="0" /></a><br /><br /><br /><br /><span style="font-weight: bold; color: rgb(204, 0, 0);">6. Scripting the install.</span><br /><br /><br /><br />A) To install Forticlient off of a network drive I like to use this little 2 part batch script.<br /><br /><span style="font-style: italic;">[Make sure that move Forticlient.msi, FortiClient.mst and the scripts into the same folder on the server. In this case it is \\xSERVERx\FortiClient\MR7_Default_Install\.</span>]<br /><br /><div style="text-align: center;"><span style="font-weight: bold;">Step1.bat</span><br /></div><blockquote><span style="color: rgb(0, 102, 0);">cls<br />@echo off<br />TITLE Forticlient MR7 Patch3 Default Install<br /><br />c:<br /><br />net use v: \\xSERVERx\FortiClient\MR7_Default_Install<br /><br /><br />echo This is a silent install.......<br />echo You will be prompted when finished.<br />echo.<br /><br />xcopy v:\*.* C:\Forticlient\*.* /F /Y<br /><br /><br />echo.<br />echo.<br />echo I mapped the install folder to V:\ and copied all of the contents to c:\Forticlient.<br />echo.<br />echo.<br />echo Another script will start and you will lose your connection to your network drives. Sorry.....<br /><br />call c:\Forticlient\step2.bat<br /><br />net use v: /delete<br /><br />echo V:\ drive removed<br />echo Goodbye<br />exit<br /></span><br /></blockquote><div style="text-align: center;"><span style="font-weight: bold;">Step2.bat</span><br /></div><br /><blockquote style="color: rgb(0, 102, 0);">@echo off<br />TITLE Forticlient MR7 Default Install [PART 2]<br /><br />echo ......Installing..... Please Wait......<br /><br />start /wait msiexec /i c:\Forticlient\FortiClient.msi TRANSFORMS=c:\Forticlient\FortiClient.mst /qn+<br /><br />echo.<br />echo.<br />echo.<br />echo.<br />echo.<br /><br />echo done<br /><br />pause</blockquote><br />B) To script a local install just recycle step2.bat from above. Just make sure that all of your files are in c:\forticlient.<br /><br /><br /><br /></div></div></div></div>Mohttp://www.blogger.com/profile/09860723179453613089noreply@blogger.com2tag:blogger.com,1999:blog-5601102358487810934.post-67730362421973029422008-12-02T16:51:00.000-05:002008-12-03T10:06:26.149-05:00Visual FortiClient Overview<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIDkEZmXrMfWs2p52HuoBH3DoCgGzF5AVsp5CGMfRDrjMzLbqV8ZSrHbVNRqh76zDyDm9C-dND6c4pfXnqPY4NqK33HJ-sNqSEx8uqwlSwG_dCDNwoeBfJBX3OB8gZNbMiC6IQD4Hi8VOU/s1600-h/_Forticlient.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 346px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIDkEZmXrMfWs2p52HuoBH3DoCgGzF5AVsp5CGMfRDrjMzLbqV8ZSrHbVNRqh76zDyDm9C-dND6c4pfXnqPY4NqK33HJ-sNqSEx8uqwlSwG_dCDNwoeBfJBX3OB8gZNbMiC6IQD4Hi8VOU/s400/_Forticlient.gif" alt="" id="BLOGGER_PHOTO_ID_5275314061831498194" border="0" /></a><br /><div style="text-align: center;"><strong><br />General</strong></div><br /><div> </div><br /><div>-Status<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB5JPKX5SNf5FrskctjtSUPQ5pH-anfihkd-V0mql0HJwjA7nUItVBH5STf-ZrQaNjSHkDWmxkFyLnh37uTJ_ftCtmV_qWeZ0k3P15c1JZdDt0cC5EjflWm8zjt2fQPCnrVv5uxJ548BnN/s1600-h/client-general-status.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 334px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB5JPKX5SNf5FrskctjtSUPQ5pH-anfihkd-V0mql0HJwjA7nUItVBH5STf-ZrQaNjSHkDWmxkFyLnh37uTJ_ftCtmV_qWeZ0k3P15c1JZdDt0cC5EjflWm8zjt2fQPCnrVv5uxJ548BnN/s400/client-general-status.gif" alt="" id="BLOGGER_PHOTO_ID_5275300021872342034" border="0" /></a><br /></div><p> </p><div> </div>-Connection<br /><div> </div><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0_QT4LgBWkMEUFm1fwNoaV_OCmSecu94lNFVd2UV7Iv1v-P8W_lRAlue0gKjbUlY_5I2apmiH8I7nHxyUA-uYttMxFQhBJwajz8XhBEf1qONB1en9hs1te9rJntMPK25UPri2Zw2juwEj/s1600-h/client-general-connection.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 219px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0_QT4LgBWkMEUFm1fwNoaV_OCmSecu94lNFVd2UV7Iv1v-P8W_lRAlue0gKjbUlY_5I2apmiH8I7nHxyUA-uYttMxFQhBJwajz8XhBEf1qONB1en9hs1te9rJntMPK25UPri2Zw2juwEj/s400/client-general-connection.gif" alt="" id="BLOGGER_PHOTO_ID_5275300520162417810" border="0" /></a><br /><br /><div style="font-weight: bold;">VPN<br /><br />-<span style="font-weight: normal;">Connections</span><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxaaCiSAYPfQ2MAJrAVknDlBtsNXhvDLsQ5AESVUoOJZQR1OHkXLY85VXSgHvinDFn9s6yWgRjf3EoRltffQWmzLMaLSmgkrAP4-pMFl-5HP1euyNqmwYyaEhSVLB3szafcBQ6HWxiMb3b/s1600-h/client-vpn-connections.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 298px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxaaCiSAYPfQ2MAJrAVknDlBtsNXhvDLsQ5AESVUoOJZQR1OHkXLY85VXSgHvinDFn9s6yWgRjf3EoRltffQWmzLMaLSmgkrAP4-pMFl-5HP1euyNqmwYyaEhSVLB3szafcBQ6HWxiMb3b/s400/client-vpn-connections.gif" alt="" id="BLOGGER_PHOTO_ID_5275301098304191714" border="0" /></a><span style="font-weight: normal;">-My Certifcates</span><br /></div><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjS6Celzj9yNKGqWY5zbTb4Q-oymwMoau9q_kOkKTrQ4qRXzSCtzWsI1AcupG9YdjHkIa3FhcOp9EBQtgrHN1zMveuZJf-2Uozu1kSIAbw-jursWdvAVU7HGzRAcidxmtehEAEVT6T2B2KP/s1600-h/client-vpn-certificates.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 212px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjS6Celzj9yNKGqWY5zbTb4Q-oymwMoau9q_kOkKTrQ4qRXzSCtzWsI1AcupG9YdjHkIa3FhcOp9EBQtgrHN1zMveuZJf-2Uozu1kSIAbw-jursWdvAVU7HGzRAcidxmtehEAEVT6T2B2KP/s400/client-vpn-certificates.gif" alt="" id="BLOGGER_PHOTO_ID_5275301810770649362" border="0" /></a><br /><br /><span style="font-weight: bold;">-</span>CA Certificates<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUzt2NO0-mwGTRpWr9DzbrYfznPxwfNZqqfjouFJM1mRkjwl9ofcOzRi495T2x0iBE1OYqSD_PgqXwAoCSz4QSS_gCg0xKqeMGIpv5xNTECEFNAAdFqSsA5r4rm-KnfkBsI_3i-iz3U200/s1600-h/client-vpn-CAcertificates.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 204px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUzt2NO0-mwGTRpWr9DzbrYfznPxwfNZqqfjouFJM1mRkjwl9ofcOzRi495T2x0iBE1OYqSD_PgqXwAoCSz4QSS_gCg0xKqeMGIpv5xNTECEFNAAdFqSsA5r4rm-KnfkBsI_3i-iz3U200/s400/client-vpn-CAcertificates.gif" alt="" id="BLOGGER_PHOTO_ID_5275302195609102850" border="0" /></a><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUzt2NO0-mwGTRpWr9DzbrYfznPxwfNZqqfjouFJM1mRkjwl9ofcOzRi495T2x0iBE1OYqSD_PgqXwAoCSz4QSS_gCg0xKqeMGIpv5xNTECEFNAAdFqSsA5r4rm-KnfkBsI_3i-iz3U200/s1600-h/client-vpn-CAcertificates.gif"><span style="font-weight: bold;"></span></a>-CRL Certificates<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWKSXvFQE2tSqpVi6nBkeZ7j51eIjEkEEtRl6f67rmnmztg5UiM1n2j76wgV-nj06pA2eM6jVBXZOOtJ8RsomDcMwa_C0q6eyy6-7DFmcHosBbuqCTqsBANeP0uNZb0zT8A2b_37r1tLxZ/s1600-h/client-vpn-CRLcertificates.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 238px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWKSXvFQE2tSqpVi6nBkeZ7j51eIjEkEEtRl6f67rmnmztg5UiM1n2j76wgV-nj06pA2eM6jVBXZOOtJ8RsomDcMwa_C0q6eyy6-7DFmcHosBbuqCTqsBANeP0uNZb0zT8A2b_37r1tLxZ/s400/client-vpn-CRLcertificates.gif" alt="" id="BLOGGER_PHOTO_ID_5275302585104104306" border="0" /></a><br /><div style="text-align: center;"><span style="font-weight: bold;">AntiVirus</span><br /></div><br />-Scan<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7nifDD_j5b4WGA-rs17LX6I-9HSPYcLoCdggVRJOaNIDKDUB2-f3ad2HzwlixW-V0mVaG47dox2p7Ee4jGfQSAampvT6CQRqnltTSCLIXUGF9EFdQfuNHKsTt9BauuLi3nHgEuTMM-yjo/s1600-h/client-av-scan.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 258px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7nifDD_j5b4WGA-rs17LX6I-9HSPYcLoCdggVRJOaNIDKDUB2-f3ad2HzwlixW-V0mVaG47dox2p7Ee4jGfQSAampvT6CQRqnltTSCLIXUGF9EFdQfuNHKsTt9BauuLi3nHgEuTMM-yjo/s400/client-av-scan.gif" alt="" id="BLOGGER_PHOTO_ID_5275303184367379602" border="0" /></a><br />-Settings<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjg_0DHgMJ7usska027rEFGIASscNkpb7BgFwsfc0VI80yWGxEFUAmTOMz7-B82P3LoLoOdGFlveXRHxWFgNiVxLvvEeUYbl9FggjMpAxoK-e2MCWogMiTf3aGRD4QyX481eyxduYWwHOq2/s1600-h/client-av-settings.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 307px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjg_0DHgMJ7usska027rEFGIASscNkpb7BgFwsfc0VI80yWGxEFUAmTOMz7-B82P3LoLoOdGFlveXRHxWFgNiVxLvvEeUYbl9FggjMpAxoK-e2MCWogMiTf3aGRD4QyX481eyxduYWwHOq2/s400/client-av-settings.gif" alt="" id="BLOGGER_PHOTO_ID_5275303462657237394" border="0" /></a><br />-Realtime Protection<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUFwUQVVDly8LOaLTw1UTlg-yc_PJ4KsO2KilIwHRBigmnz6aC-wqTkg45f0j9MXI6fQlw0E5OMMeTk4w-EoqCDZbPRJ7sEGCpU6VZ3UnWIrUZ247-QxjLk5-QIuCYArtLgXch83tLsVgN/s1600-h/client-av-rprotection.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 282px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUFwUQVVDly8LOaLTw1UTlg-yc_PJ4KsO2KilIwHRBigmnz6aC-wqTkg45f0j9MXI6fQlw0E5OMMeTk4w-EoqCDZbPRJ7sEGCpU6VZ3UnWIrUZ247-QxjLk5-QIuCYArtLgXch83tLsVgN/s400/client-av-rprotection.gif" alt="" id="BLOGGER_PHOTO_ID_5275303924781781810" border="0" /></a><br />-Email<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXfvpvi3s1zDvmabrKSqs59VsenfsfvCBAckbzp_AKKM-6hsq071QelLPXvWRNrWqnkDcd_obuSU8YAxh5nCBMYhob0RExT3S_tGY5A9matyC8NZQXH0V45QDTDD7uWQ2itXd2jr6lAjlE/s1600-h/client-av-email.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 287px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXfvpvi3s1zDvmabrKSqs59VsenfsfvCBAckbzp_AKKM-6hsq071QelLPXvWRNrWqnkDcd_obuSU8YAxh5nCBMYhob0RExT3S_tGY5A9matyC8NZQXH0V45QDTDD7uWQ2itXd2jr6lAjlE/s400/client-av-email.gif" alt="" id="BLOGGER_PHOTO_ID_5275304115060831634" border="0" /></a><br />-Quarantine<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVEustGwIZ1xvhauOZku4EuG1eqxEX0tx22KRue_wzpFlG20pHSmIq50imdDnr8B_NNKi_5GFsodtYwEBVnhvvyN75oQyNj8Yyc2bddi0hUVspzqqbF8LYghvin7Unj-1O3ez9Vd3ctWaM/s1600-h/client-av-Quarantine.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 295px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVEustGwIZ1xvhauOZku4EuG1eqxEX0tx22KRue_wzpFlG20pHSmIq50imdDnr8B_NNKi_5GFsodtYwEBVnhvvyN75oQyNj8Yyc2bddi0hUVspzqqbF8LYghvin7Unj-1O3ez9Vd3ctWaM/s400/client-av-Quarantine.gif" alt="" id="BLOGGER_PHOTO_ID_5275304303207461282" border="0" /></a><br />-Registry Monitor<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWSKrEU0d7ahUvrJfhQUaXwe04dgZSUZw_G2BGfOBpCWqSv2zgCGwRnQfWnH_38iQRFP459Uy0b-NJX-6ZM667iaVcwjD1KycYUaL9aOf9a37Hg-9yzC_j4yKuQn2OrUueyoUU3AMMEKFW/s1600-h/client-av-regmonitor.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 269px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWSKrEU0d7ahUvrJfhQUaXwe04dgZSUZw_G2BGfOBpCWqSv2zgCGwRnQfWnH_38iQRFP459Uy0b-NJX-6ZM667iaVcwjD1KycYUaL9aOf9a37Hg-9yzC_j4yKuQn2OrUueyoUU3AMMEKFW/s400/client-av-regmonitor.gif" alt="" id="BLOGGER_PHOTO_ID_5275304486348837538" border="0" /></a><br /><div style="text-align: center;"><span style="font-weight: bold;">Firewall</span><br /></div><br />-Status<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgiKcFbsDCdMHWSoeX7prLyYu0VVW89aH5JB173G1lDX7wBjrssOCYItHMkpbjTmlqu3T6ZpCMrmNd2cW2ugntDBzdwpzux_dgFO2Iv6sCkJf82iW6ywznncXdJn2fViXu3Q41RTmStcrXY/s1600-h/client-firewall-status.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 277px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgiKcFbsDCdMHWSoeX7prLyYu0VVW89aH5JB173G1lDX7wBjrssOCYItHMkpbjTmlqu3T6ZpCMrmNd2cW2ugntDBzdwpzux_dgFO2Iv6sCkJf82iW6ywznncXdJn2fViXu3Q41RTmStcrXY/s400/client-firewall-status.gif" alt="" id="BLOGGER_PHOTO_ID_5275304853981924178" border="0" /></a>-Applications<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcUxbeu4sjdyMO_xIMGDNK6AUmBORl9njv2SAFVHjHOgkX43f3mAHNjmR5j2qsCxDWa0d4lN6xwoe4qc2-7svprj3NMTK5DVEskiEN-OGKyQlUuC-U_UEsrNAYvMW1LXhRXe725k37AD9I/s1600-h/client-firewall-applications.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 267px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcUxbeu4sjdyMO_xIMGDNK6AUmBORl9njv2SAFVHjHOgkX43f3mAHNjmR5j2qsCxDWa0d4lN6xwoe4qc2-7svprj3NMTK5DVEskiEN-OGKyQlUuC-U_UEsrNAYvMW1LXhRXe725k37AD9I/s400/client-firewall-applications.gif" alt="" id="BLOGGER_PHOTO_ID_5275305351374421186" border="0" /></a><br />-Network<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9rtR38CnNHs2WdwsIX9PLPvUgv1QzOdmlxlvdiyaHeE1C2D9iSYD1Qcxr3a_cVcom-9eZ1Vn5fLSK-HcEzr0FJiYimOkioryCFoaKjCC2YcBxcyRqoEONJkBeHd4Aar4YjU8Mto6Z11fz/s1600-h/client-firewall-network.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 262px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9rtR38CnNHs2WdwsIX9PLPvUgv1QzOdmlxlvdiyaHeE1C2D9iSYD1Qcxr3a_cVcom-9eZ1Vn5fLSK-HcEzr0FJiYimOkioryCFoaKjCC2YcBxcyRqoEONJkBeHd4Aar4YjU8Mto6Z11fz/s400/client-firewall-network.gif" alt="" id="BLOGGER_PHOTO_ID_5275306229586437058" border="0" /></a><br />-Intrusion Detection<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_v59ppRxJ6AqiAD9kXQkPMYu-Hz3o1JnHxUyUA2pgnYKvT_3amH3F1-LrY85Mmj7VIMirjrtxhfruIlW64GVo0HuIyRHxHpP3Pxos86pFG16i00HlQ3EfJTnZ20W2ewxyRnP4CuHCOwr2/s1600-h/client-firewall-intdetection.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 297px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_v59ppRxJ6AqiAD9kXQkPMYu-Hz3o1JnHxUyUA2pgnYKvT_3amH3F1-LrY85Mmj7VIMirjrtxhfruIlW64GVo0HuIyRHxHpP3Pxos86pFG16i00HlQ3EfJTnZ20W2ewxyRnP4CuHCOwr2/s400/client-firewall-intdetection.gif" alt="" id="BLOGGER_PHOTO_ID_5275306512610231506" border="0" /></a><br />-Advanced<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjS6Celzj9yNKGqWY5zbTb4Q-oymwMoau9q_kOkKTrQ4qRXzSCtzWsI1AcupG9YdjHkIa3FhcOp9EBQtgrHN1zMveuZJf-2Uozu1kSIAbw-jursWdvAVU7HGzRAcidxmtehEAEVT6T2B2KP/s1600-h/client-vpn-certificates.gif"><span style="font-weight: bold;"></span></a><div> </div><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6H2P1oUvQrlF3drYux8nuX0nZo51ACqrI_OK3gefDsZojf5ogq10F2c38nstrgcKM7aeittdKUswE4vJ-isakb_g4Y_HnwMhNbPOGnc5pLGYlAKtMxea28w1FLFyaijdDCyoyoLWRTbqh/s1600-h/client-firewall-advanced.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 277px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6H2P1oUvQrlF3drYux8nuX0nZo51ACqrI_OK3gefDsZojf5ogq10F2c38nstrgcKM7aeittdKUswE4vJ-isakb_g4Y_HnwMhNbPOGnc5pLGYlAKtMxea28w1FLFyaijdDCyoyoLWRTbqh/s400/client-firewall-advanced.gif" alt="" id="BLOGGER_PHOTO_ID_5275306729027423458" border="0" /></a><div> </div><br /><div style="text-align: center;"><span style="font-weight: bold;">Webfilter</span><br /></div><br />-Global Settings<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjN1Lbg3nS7IOF2lYArYzs3PmaO9E3fE9UfTyQHwrEzy2Ay6j27-K50QjFjx6pv5CqRo48oamrJ_dWtLsfnDwbIIuUTs_FVF5iRncXjv5PQqhyphenhyphenzMcG9u7-jGykKZ03knm0HX6WYeofd4K4W/s1600-h/client-webfilter-globalsettings.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 177px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjN1Lbg3nS7IOF2lYArYzs3PmaO9E3fE9UfTyQHwrEzy2Ay6j27-K50QjFjx6pv5CqRo48oamrJ_dWtLsfnDwbIIuUTs_FVF5iRncXjv5PQqhyphenhyphenzMcG9u7-jGykKZ03knm0HX6WYeofd4K4W/s400/client-webfilter-globalsettings.gif" alt="" id="BLOGGER_PHOTO_ID_5275307491553127330" border="0" /></a><br />-Profile Settings<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiOSIxWZE6qk2SpyYKP3KzOW601ulvOwdiXkyb5_7eeMn9tDROGvchGq6NvOFPB-SMXPKeOEPczEr4OOM5Ubi0fLut4KpxOahbmazs2LcKUQrkZ_lPBNQvpQEgOaDmVvuKhGPnuyRqTRm7k/s1600-h/client-webfilter-profilesettings.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 209px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiOSIxWZE6qk2SpyYKP3KzOW601ulvOwdiXkyb5_7eeMn9tDROGvchGq6NvOFPB-SMXPKeOEPczEr4OOM5Ubi0fLut4KpxOahbmazs2LcKUQrkZ_lPBNQvpQEgOaDmVvuKhGPnuyRqTRm7k/s400/client-webfilter-profilesettings.gif" alt="" id="BLOGGER_PHOTO_ID_5275307784196054402" border="0" /></a><br />-Per User Settings<br /><div> </div><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMU2IL8lgIBqWuwuWVMeciAkcx3F0WsE1aVVzcncDqZ5bSYasrU4VuKoS_dAcxBq6bJQ98GxSvD4eqrIEVi04M_5vnp28Ztx4LUTTwNIDM_Cfpx8Q1xrIOx17_DRTXXBkuP1xVh7cgwQ-E/s1600-h/client-webfilter-perusersettings.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 188px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMU2IL8lgIBqWuwuWVMeciAkcx3F0WsE1aVVzcncDqZ5bSYasrU4VuKoS_dAcxBq6bJQ98GxSvD4eqrIEVi04M_5vnp28Ztx4LUTTwNIDM_Cfpx8Q1xrIOx17_DRTXXBkuP1xVh7cgwQ-E/s400/client-webfilter-perusersettings.gif" alt="" id="BLOGGER_PHOTO_ID_5275308000544799186" border="0" /></a><div> </div><div style="text-align: center;"><span style="font-weight: bold;">Maintenance</span><br /></div><br />-Update<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRXrFYbMKV2gyCJqNzOzsN-YgHe9Q6mgPIqnSTX6D9tWTUGmZqGK7uAVou4kBhVuLLR7AuZibEgJWvLQwUpx2oAhnNj_Uk2gnC2sRFepuBi6DAmxZjivbNj1-cMFXTue7Pr6o1OJN7_OE2/s1600-h/client-maintennce-update.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 292px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRXrFYbMKV2gyCJqNzOzsN-YgHe9Q6mgPIqnSTX6D9tWTUGmZqGK7uAVou4kBhVuLLR7AuZibEgJWvLQwUpx2oAhnNj_Uk2gnC2sRFepuBi6DAmxZjivbNj1-cMFXTue7Pr6o1OJN7_OE2/s400/client-maintennce-update.gif" alt="" id="BLOGGER_PHOTO_ID_5275310298266634178" border="0" /></a><br />-Backup/Restore<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhz-4FcdeJ1Odz8nYEQGmKS65J2HPbZvPFO5HjsV48bGlQrqhnDre7xcirQslNs-8JBzaiXkkhyphenhyphenn5xb1BQNkirF3KeqQ9ZW7AYvAxAQpfv-IHWn5qPTI5MP1EEZQyR0MCYjT4MOi3qAC4Ni/s1600-h/client-maintennce-backup.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 189px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhz-4FcdeJ1Odz8nYEQGmKS65J2HPbZvPFO5HjsV48bGlQrqhnDre7xcirQslNs-8JBzaiXkkhyphenhyphenn5xb1BQNkirF3KeqQ9ZW7AYvAxAQpfv-IHWn5qPTI5MP1EEZQyR0MCYjT4MOi3qAC4Ni/s400/client-maintennce-backup.gif" alt="" id="BLOGGER_PHOTO_ID_5275310602209071202" border="0" /></a><br /><div style="text-align: center;"><span style="font-weight: bold;">Logs</span><br /></div><br />-Logview<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwIbXLJQBqCMXjyq1kchiZLJlqN8FWCn-9_8sGT-nTRrVzSG8qIze0bEe7o7sz68cmejTpnxy-fcY1TiRqCNcT3yEdIkcY9nqzFg5NVIUha7J9sPpWgYTr1v-Okw9luFtaerCcdKff4Qyq/s1600-h/client-logs-logview.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 206px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwIbXLJQBqCMXjyq1kchiZLJlqN8FWCn-9_8sGT-nTRrVzSG8qIze0bEe7o7sz68cmejTpnxy-fcY1TiRqCNcT3yEdIkcY9nqzFg5NVIUha7J9sPpWgYTr1v-Okw9luFtaerCcdKff4Qyq/s400/client-logs-logview.gif" alt="" id="BLOGGER_PHOTO_ID_5275312988345257042" border="0" /></a>-Settings<br /><div> </div><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjr_h-hLJ6Vx_Tn6qTWtzLohbXm4L_TLJ03o1OpimSUeatlA9wnpff-X6ZiaScKXOwuAwArK2Exg5TTFUctD6rvMdhdygng-jolUoq4rjx55mMZs2EiY7prOfdi6Bsy4zX9PQ-p3Bg4xz5f/s1600-h/client-logs-settings.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 289px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjr_h-hLJ6Vx_Tn6qTWtzLohbXm4L_TLJ03o1OpimSUeatlA9wnpff-X6ZiaScKXOwuAwArK2Exg5TTFUctD6rvMdhdygng-jolUoq4rjx55mMZs2EiY7prOfdi6Bsy4zX9PQ-p3Bg4xz5f/s400/client-logs-settings.gif" alt="" id="BLOGGER_PHOTO_ID_5275313255322669650" border="0" /></a><div> </div><div> </div><div> </div><div> </div><div> </div><div></div>Mohttp://www.blogger.com/profile/09860723179453613089noreply@blogger.com0tag:blogger.com,1999:blog-5601102358487810934.post-48979077319441340332008-06-02T14:00:00.001-04:002008-12-04T17:12:58.374-05:00How to create quick scripts using the CLIFor those of you who are too lazy or just simply dont feel like learning another scripting language, I will now show you how to get any script you want for the Fortigate units using the CLI. We are going to use the Diagnose Debug branch commands in order to accomplish this.<br /><br />You will need an SSH client to do this. [Ex. Putty]<br /><br /><span style="color: rgb(255, 0, 0);">1. Start an SSH session to your box.</span><br />If SSH is not enabled then log into the GUI and enable it under System>Network>[Interface]<br /><br /><span style="color: rgb(255, 0, 0);">2. Run > Diag debug enable</span><br /><br /><span style="color: rgb(255, 0, 0);">3. Run > Diag debug cli 7</span><br /><br /><img src="file:///C:/DOCUME%7E1/malves/LOCALS%7E1/Temp/moz-screenshot-3.jpg" alt="" /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWOmibvx893QDt74rTDIGhDqF2aLzc8nhf_b0G3FHrgEK9aE_UPTSlBM3iaI7-F3mfvKqQt9XbnMQn_UKCPezqEiQY0y3QJxbUv2-e586Je6l4NRZZMQwOZBgEGODDJTIkHm6eteuFhRJh/s1600-h/1-.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWOmibvx893QDt74rTDIGhDqF2aLzc8nhf_b0G3FHrgEK9aE_UPTSlBM3iaI7-F3mfvKqQt9XbnMQn_UKCPezqEiQY0y3QJxbUv2-e586Je6l4NRZZMQwOZBgEGODDJTIkHm6eteuFhRJh/s400/1-.gif" alt="" id="BLOGGER_PHOTO_ID_5207347440130612130" border="0" /></a><br /><span style="color: rgb(255, 0, 0);">4. Now just keep this window open and log into the GUI and make changes to your config that you would like scripted.<br /><span style="font-size:78%;"><span style="color: rgb(0, 0, 0); font-weight: bold;">This will allow all changes made in the gui to output the corresponding CLI commands in your SSH client.<br /><br /><br /></span></span></span><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAnsiJ0H44Z7_OYlgm4Cx31tqzEkXLT1U28K-AR-j9X0OYOUIUqH9y3A-XPZoMhS473_BK5zzmpOJI1CJGj6CymhUJBebUANeVcAQVK-3pyhgv9CiyyW6R-0hM80F-NK0YN70-fCXe6XHM/s1600-h/2-.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAnsiJ0H44Z7_OYlgm4Cx31tqzEkXLT1U28K-AR-j9X0OYOUIUqH9y3A-XPZoMhS473_BK5zzmpOJI1CJGj6CymhUJBebUANeVcAQVK-3pyhgv9CiyyW6R-0hM80F-NK0YN70-fCXe6XHM/s400/2-.gif" alt="" id="BLOGGER_PHOTO_ID_5207348591181847474" border="0" /></a><br />In the above example I have created a new Firewall Address called "Local" and then added it to a new Firewall Policy for "Internal>WAN1".<br />In order to make this into a usable script you will have to copy the script into a text file and edit out the "O: " that precedes the commands.<br /><br />I hope that you have found this useful.... :-)<br /><span style="color: rgb(255, 0, 0);"><span style="font-size:78%;"><span style="color: rgb(0, 0, 0); font-weight: bold;"><br /></span></span></span>Mohttp://www.blogger.com/profile/09860723179453613089noreply@blogger.com0tag:blogger.com,1999:blog-5601102358487810934.post-74914808093019051822008-05-31T14:17:00.000-04:002008-05-31T19:53:50.016-04:00Basic FortiClient Serverside ConfigurationAlright, so, this is a basic configuration of a Fortigate 60 for use with FortiClient VPN clients using Xauth and local users for authentication.<br /><br />1. Create your local user(s): User > Local > Create New<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqSe0R5BqH3RGy3TRwUK-F1yePo0Nctpu5wfQQDjBTPsL_7Bthb72drhlwD0YhOyDG9M5xhyphenhyphenWJputKlYcb3LZmZFOMaDiW529eLEvn-KUbJLFhEpbI47gKWwVDtk1S20dx3ZDG64YpRhqh/s1600-h/Local+User+Config.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqSe0R5BqH3RGy3TRwUK-F1yePo0Nctpu5wfQQDjBTPsL_7Bthb72drhlwD0YhOyDG9M5xhyphenhyphenWJputKlYcb3LZmZFOMaDiW529eLEvn-KUbJLFhEpbI47gKWwVDtk1S20dx3ZDG64YpRhqh/s400/Local+User+Config.png" alt="" id="BLOGGER_PHOTO_ID_5206608593179769794" border="0" /></a><br />2. Add the user to a new group: User > User Group > Create New<br />Make sure the type is set to "Firewall" and add the user to the members section.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiU6SbJIRP-x0TiSF8qBxFlkHgCvBPECXjhswWxhUDkgRPYyk6c9fymkHEg9Bj_aME7fjSUVqnOo_pyTRwZc6Tmf0C1S4C8oZZqNzcmgV5GXDbx1EfkZQe__p73Da6Mz3_spJUDiWSdugun/s1600-h/User+Group+Config.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiU6SbJIRP-x0TiSF8qBxFlkHgCvBPECXjhswWxhUDkgRPYyk6c9fymkHEg9Bj_aME7fjSUVqnOo_pyTRwZc6Tmf0C1S4C8oZZqNzcmgV5GXDbx1EfkZQe__p73Da6Mz3_spJUDiWSdugun/s400/User+Group+Config.png" alt="" id="BLOGGER_PHOTO_ID_5206608593179769810" border="0" /></a><br />3. Phase 1 VPN: VPN > IPSec > Create Phase 1<br />Create a new phase 1 with the options selected below. Fortinet recommends Aggressive mode but I have found that it also works well with Main Mode. Fortinet also recommends using Peer IDs but once again, this way works as well.<br />Notice that this is going to be a dialup tunnel so, therefore, Interface mode is not enabled. Dont forget to select Xauth with the apporiate group.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIFPMmZY6c6BZBWBTFKTskaS89SPE7PZq8pdJZcgM-Q285yhwjLSjVpyg8KCy-cuNUKkfXcJCIrkVcUrJ19VyrSktHYHsZ3htpsXsI0VfV7U2-nvT38ZSICfhq86RA0KiM1EbODCqnFSTj/s1600-h/Phase1.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIFPMmZY6c6BZBWBTFKTskaS89SPE7PZq8pdJZcgM-Q285yhwjLSjVpyg8KCy-cuNUKkfXcJCIrkVcUrJ19VyrSktHYHsZ3htpsXsI0VfV7U2-nvT38ZSICfhq86RA0KiM1EbODCqnFSTj/s400/Phase1.png" alt="" id="BLOGGER_PHOTO_ID_5206608588884802466" border="0" /></a>4. Phase 2 Tunnel: VPN > IPSec > Create Phase 2<br />Enable "DHCP over IPSec" and add the source and destination addresses.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyz0lcbew_T2g38Dp_rq4HHcO5ohiIVZ_YvvowWbd963iou2rN8EFwh0mCel4GW4DVjrXd04LiEopSrTwfG4IpKSnmajNTKoHkVz_eqIasl6sm1TMWomoz1mBYWYPDLFchb4tEg1bXJzlQ/s1600-h/Phase2.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyz0lcbew_T2g38Dp_rq4HHcO5ohiIVZ_YvvowWbd963iou2rN8EFwh0mCel4GW4DVjrXd04LiEopSrTwfG4IpKSnmajNTKoHkVz_eqIasl6sm1TMWomoz1mBYWYPDLFchb4tEg1bXJzlQ/s400/Phase2.png" alt="" id="BLOGGER_PHOTO_ID_5206608588884802482" border="0" /></a><br />5. Now Create a new DHCP Server: System > DHCP > Internal > Add DHCP Server<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg40KT-rkU_SrYJoY2u1uPwUAHhy3oQMChswnk26JXKgeLS1WAUTSpiEeyqvjpI_TRVZwitonEjZvKcUGxWAVNdgWUK3TxkxuyOWMHu8WidBM5D8oOCbz2fBBnosavRfp0USDcjO-yKTaWT/s1600-h/DHCP.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg40KT-rkU_SrYJoY2u1uPwUAHhy3oQMChswnk26JXKgeLS1WAUTSpiEeyqvjpI_TRVZwitonEjZvKcUGxWAVNdgWUK3TxkxuyOWMHu8WidBM5D8oOCbz2fBBnosavRfp0USDcjO-yKTaWT/s400/DHCP.png" alt="" id="BLOGGER_PHOTO_ID_5206608597474737122" border="0" /></a>6. Configure DHCP Server:<br />Make sure the type is set to "IPSEC" and the range that you want your Forticlients to pull is not already being used on your network. The Default Gatway will be the IP of your Fortigate Device.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVLbZ7SKqAOEw7MPrA0cslyCpeBlla8MkPVa8WZRvMSuv1_da9OHIuwwYcyhy5a99Bl29Dv0a85cIZbGiENyziaPmQanxEt55Nsp0qjGX7AV6_YDUnmU36kB-mt-XBaLVUNgVsqJLl6oin/s1600-h/DHCP+Config.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVLbZ7SKqAOEw7MPrA0cslyCpeBlla8MkPVa8WZRvMSuv1_da9OHIuwwYcyhy5a99Bl29Dv0a85cIZbGiENyziaPmQanxEt55Nsp0qjGX7AV6_YDUnmU36kB-mt-XBaLVUNgVsqJLl6oin/s400/DHCP+Config.png" alt="" id="BLOGGER_PHOTO_ID_5206608949662055410" border="0" /></a>7. Create Address of Forticlients Range: Firewall > Address > Create New<br />For demonstration purposes our range will be 192. 1.x.[1 - 254]. Notice the format required for defining ranges in Firewall Addresses.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFBYP_mnPz0D8FKy5-9jmyN_S3j6-WFTXvZOLcEMbKm0YNV_Nyryr7o7iSohulS2unsDL2MnJnY5UB1FpWA-rjBlIs7vrfw9ocQRpisLcpCfkMU4anpx7YHSDY_FwvIe-h8hzsj0_eBLP9/s1600-h/Firewall+Address.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFBYP_mnPz0D8FKy5-9jmyN_S3j6-WFTXvZOLcEMbKm0YNV_Nyryr7o7iSohulS2unsDL2MnJnY5UB1FpWA-rjBlIs7vrfw9ocQRpisLcpCfkMU4anpx7YHSDY_FwvIe-h8hzsj0_eBLP9/s400/Firewall+Address.png" alt="" id="BLOGGER_PHOTO_ID_5206608953957022722" border="0" /></a>8. Create 2 Policies: Firewall > Policy > New<br />2 Policies are required in order to make this work. One will be used for the DHCP service and the other for client traffic.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLywIDejXGI86TzeCoMWxZI5nTNabs_IAdEtFYIfNR51lkfb4LhqUonjTPhfHI0d7p4FyILv-v0eAhN9oIOM55wA3dK65uRE2lkG595FEc980yxRcY9yVmx1NPN0FgaEm9AdXoDy38kR8c/s1600-h/Firewall+Policy.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLywIDejXGI86TzeCoMWxZI5nTNabs_IAdEtFYIfNR51lkfb4LhqUonjTPhfHI0d7p4FyILv-v0eAhN9oIOM55wA3dK65uRE2lkG595FEc980yxRcY9yVmx1NPN0FgaEm9AdXoDy38kR8c/s400/Firewall+Policy.png" alt="" id="BLOGGER_PHOTO_ID_5206608953957022738" border="0" /></a>9. DHCP Policy:<br />Make sure the service selected is "DHCP" with the action of "IPSEC". Select the correct tunnel and select "Allow Inbound", "Allow Outbound", and "Inbound NAT" as it is displayed below.<br />Notice that the address name is set to "ALL" in this policy.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJ0quifnzz18d-WDii_psHG8vCKrBr8oNxY4exBHrzM4LN-hTDoVdPiZX2cPBTOa-V0H3XdgEyqD616rrnByHuPIXrl0ylWznDTX7Utf1WjbI9PjuZaEvWbGpRzePha7swzmOydLN-t4no/s1600-h/Firewall+Policy+Config.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJ0quifnzz18d-WDii_psHG8vCKrBr8oNxY4exBHrzM4LN-hTDoVdPiZX2cPBTOa-V0H3XdgEyqD616rrnByHuPIXrl0ylWznDTX7Utf1WjbI9PjuZaEvWbGpRzePha7swzmOydLN-t4no/s400/Firewall+Policy+Config.png" alt="" id="BLOGGER_PHOTO_ID_5206608958251990050" border="0" /></a>10. Client Policy:<br />In this policy we select the "Forticlients" firewall address under the destination address name with the service set to "ANY" with the action of "IPSEC". Use the same VPN Tunnel properties as above.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi94dxVhWuJVeN8UfCkJalDILFtRLAWKgOqPVgSfEqFf1k4WxzFbZL1Xw362G-WgyO2jGw_ETVyLY1rsy9MiD4J-5jYpcrMsUhajr_i5TJQI-gZSHfZ3Y1Zaio_S9DZb99NuDErdjkFJXU9/s1600-h/Firewall+Policy+Config2.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi94dxVhWuJVeN8UfCkJalDILFtRLAWKgOqPVgSfEqFf1k4WxzFbZL1Xw362G-WgyO2jGw_ETVyLY1rsy9MiD4J-5jYpcrMsUhajr_i5TJQI-gZSHfZ3Y1Zaio_S9DZb99NuDErdjkFJXU9/s400/Firewall+Policy+Config2.png" alt="" id="BLOGGER_PHOTO_ID_5206608958251990066" border="0" /></a><br />So there you have it. Your all set on the serverside of this config. I will soon put up the client config to match this setup and allow you to connect. I will put up a brief overview of the FortiClient with it's various pros and cons. Please leave a comment if you have any questions.Mohttp://www.blogger.com/profile/09860723179453613089noreply@blogger.com0tag:blogger.com,1999:blog-5601102358487810934.post-68830443982984240312008-05-30T14:55:00.000-04:002008-06-02T14:20:28.097-04:00Welcome!I guess you can call this the grand opening of my Fortinet Tips Blog. One thing I found when trying to find help and information regarding Fortinet products is that IT'S NOT THERE! There is literally almost NO information out there regarding troubleshooting these devices. It is as if their techsupport get's paid by the ticket or something.<br /><br />Anyway, here you will find information regarding the following products:<br /><br />Fortigate<br />FortiManager<br />FortiAnalyzer<br />FortiClient<br />FortiMail<br />Scripting for Fortinet Devices<br /><br />If there is anything you guys want to know just ask in the comments or email me and I will see about writing up a post for it.Mohttp://www.blogger.com/profile/09860723179453613089noreply@blogger.com1