From d39fa5b9bbd387149eda7a0f25d9a5a7c2b43b05 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Tue, 19 Mar 2024 12:17:07 +0100 Subject: [PATCH 01/27] samples: fix empty samples... --- .../Fortinet FortiGate As Built Report.docx | Bin 28239 -> 727865 bytes .../Fortinet FortiGate As Built Report.html | 1085 ++++++++++++++++- 2 files changed, 1063 insertions(+), 22 deletions(-) diff --git a/Samples/Fortinet FortiGate As Built Report.docx b/Samples/Fortinet FortiGate As Built Report.docx index 8a3cea9a78b336be1923472c51741311d8ad48cb..0b3f5576093fd59365476b21bc7af0354e9ee1b0 100644 GIT binary patch literal 727865 zcmeFaU2o$|k}i0F-J9LLT3~+wVPFRJHcBdyl5E*?>@%|DFSPA)Tds1SMgs;#rEGRl zq=uyI@_V~KYk|Gn|Fw~sBqj075=Etxc1+J(wq%J)1v4Teo_HeS=CA+D|N4LZH~N47 z+yCwS-Ti<6kN@xT|M}nl8~yM9gy&uycl2%K7_$kn{rc~T_22&o{G&V**E1daa7V2- zb`)Y8&d9VM4|it%xYpTGJYTm*y5-p9aOahHJOAV8zrP%WS5e>sws!#k9_~E({`BD6 zx0jcf`b)F!xR2ldes%dx-QVwgv-Jt_rn*6Pf;UV}BYJ~pJdug+)txD^;X-4_o#;M1 zgbR#Z{RP%CvA$`I#_l(Gmp^l(i@Zz=T!RW>>N*DTJh*b7e?Yh_y}$)0x@m{+cUO78 zGaj1;=?C|Le>0a@x(_$Odorh9c(qBf7F=+tq2(9 zqI5mwcxGC@a!aQ0SNdk3T>{=qFI3_eELB=txR^h*=(mL*Tzc@!(tS7vWh1Tyx)$6F zc)^7|0`bG9VzrnGdhwf755aGdBI;@BcF359}U;U2?-`;j)*G z^DF#Qqt#&-ADgb{-#X!ES^DB5_Q#%M%_h|J(Jev$9zMa|Z#(D5VElrm+Rjh@2wu!~ z7JO=tSk{%!HjVF0;TrH+YOCI&my3TjwqX8}&TjfkhK}z$6aJc1@sLn>=~tjzacNP> z&A+ED?0))yZ-01ObPLa1b3||JBm4w;@a1Ux`|z#U_fCJFe|Gp@pUcEx+rtPhZQLim z8oj&G8iLnx4dU-fegP(z6}7iJ^Pe2|AVo##YJ5R1fn(tN@L%-l;L(|G zS;T#XYjI~lAA)D#jFp~a`{4P8XHoF#AGY~lGZL7=#p}UmMxW#PqZ4}+x&`nkxEB4? zMRPR`b(Vkf_g-k*7TpW~=q|pb6sav=*w=?1{V@0$elOR2e1ZcI&Ml(DDGR5l!yZl@ z?{H_oq3(vC&EHE!$c4saJ+?-@C!GpB`0b9J#6$8(-C2Gpa0R0uYucXg-jUxv_1_Pe zD}T5%b%{sZXR>po+#-4-3!KVxzf#e~j?k*lv>=75~;w|uxROMnawFr&J znEM~Nl*;Lu+EGvM{;FwkA3NIqo7*F~g2m5=-;gtrU0<{cDQLY}#WNoGW+6;t|FNLXf84gIgWJko;P0O3F0%Yz(nDOX= zIPJ0d2tn?MiZcp2azz%H(?u6<*$h!@(0+u z`|G@id-vs??%;qEQUaVgMPC;DkM>nsR~?~X{$5JYL6I$%$s zH!zP6xrpEe=@;RvT!_k&R-$MC)M_{Ri5d%xqUZT%uM_}jZEmUpU&r8TNiR@(2z2F) zh?QdH*oQGwkRGE6Tp~a1ve!tL${c{SpmOCnN#GY65ZBZzA@p1qBiJI<6F)dpGcS8T zQ8nW`pC9pl7)lG=A};vZ9w3lpl)cW%3BGF>&dg3jM1!p)gXI0m<2V3y|ML+5YKwy4 zALu6Zz#-S|*X(a3!%eumI{VKsPRL$qpaAqofEX+|=F6dWPoL7DB`wg&h*^0IzVzWN z79OzZ23!vo!XEA@gOk50{KfzLi_*RA9$)m79l8)69&;OFJ2$Qa;SmowAhu!#=15(- zK70{~fB6Tjc7cp=yEYFU;vc}{r(`UZbc7azrD73c7{_?CDb0j@+9*b2qMTXgHY|GI7{&0|2cww7opsVU+AhRZ3HP*5juiG!j}xWF}@ z{GOVCI#aNdCbzQhIoqCWTk>-~J$w+j@^jrCy`;mJ5^dA&=vlW7fHKeTvt>Kis!;y} z5K*8wEg* zo3)~WofhBEWd(Kv9!te9{~lo-#4Hnf$S9D$W28)aP-0eU9_)o=u_)dPpI|R}n>~i{ z++vyyD%u0WLjd9U88H&bkJ;AH1|Tk&u=G!7wa z@6jO)zK0dDL8UfwKq)U=XZBEa?8B);kG%I`9N-= zw_1rQ~D`DRP3{RWXWE!frq*g4(B)t%ia3 z0cMe~wuv{#;8qN4o5Ct=|LFUTLd%;{3`gK*%HRgudd?wA*U5v9ii93LsPuJpOS$ge z$u0Jg>8<1&L^oiG(r0l&;3tkOYl=|5&c>49QaZr?NE-?_T&O-$$<=GZ8I zDAE;I#tKzUv`d0ikRNQ~M4U%Ac10;|307%Yp+>HQFErR_DrY|~FyPp*=^4`2khT`I zQv77i6fSl9aR!~K19ClIVyf0{@Gm%{A&^2l1n*M8TtPfq&$lf896aK}` z^KSOnks-uh5eBYKsCN(8JMEgPe21RM;IHtlg*QQH$U$4PnTF{rHxB%iyrIH}Q-Qwi z(V|R!sC$xI{tqYmOGh6m$GS!9_T;uX9}nb%lH|bXxXy31IkXd;IFPCT3WEwvL%D_i z~e&r|orJNAebGAMOrZ$j-F+a1#G{bB$I;sEv<8tH8uSr*OOj zLhr!f#q^CQ){PxZJj$O94H4+&+;^{)1s9*T{QffN!?S;&A_!H4uI-!8rYn1^(hqm& z-jktn3Im+b^3!oe0xi!^=vD5Z=-;F8zkfYI!M}&#@4Kf8w1yplH2_Mvlm)9G97Ta9D7t1;lnLRoT7=62iP(dDPHS4bRd29ZkliYSSxaY+n&uP z8j*?f!Nw8+2I4y~T~Ti7!wB8%1qQ~Z!Y=V%{L7W)5@)%gLaTe))Efr2EQ};h%js6y zDaH{)i_R(zO7)!yj3|?GP^wmRlu)dNb#xtWa6i6C>;0b7uq`)`i6CQvt7Y8_FHQTG+}jk~Wf)O0syVh*B%T#0&=DWNF1I*W zCDd2g2kyl0K#4wZp7SZx72Z|4qe*J0i(W9c)B?}Z`}2?^ik@uSA)yAH0s(bCU!JKMycRnI>XrUK;xFhh;F3#M6+bL{bDNsm# zI%U!E3N^?Px6-TA92$ajE-*!5j_zft_ z>1A%F=|N9G-$@5uh5EgFbEa8Zt1xta(fLK^_xINO$*PUceyTIuQCn%x?>19?-~Ij6 zS@rE!>P7an-Lz|KZ8`%gIq^PxxhQmbw;{?OEDA0+gsqTGZ&AMViD$SbYiC-d_N*z) z!@hM2vG?1;7I^nMEs{@Y3cKS!p__8dr<-#2L(f@ASTaKvi)Dv)~HFSx8Xt0umHwAfJmZP@I9x8J3ip4i;y4U|O@E z*VHg`iK@6Ys*QT5Q`hR?@O{(TZTQLm%NdE3xomN(o=vm$Mm9TndU1FCqnEwjOmS|_ zQi6n5a3RnP^7zL;lHLres#;)wiBs2#7(!6Ex{8*NZhLA(4bJBVQvvpZ|DK!`y*MeF zBL>vE@K-Z}yE~seb2{kO`d9xbuvO6%<`$TsN9cyOT5A^AUT6sq7SuFw37d5lJ;H6; z!6Ly68bUOLW9SOOcu4%5&Nysa=n?{9YpNTxRolzKFeqAG$6w)wu!Sxm%LHx56y9G- z6&k-B#GTeF;?9aK5(DVaDU&{cZlkd*$5^(}SZ>i+I<9XPtu7Ilb~zo~*ScqC1>!Jq z7SsNw7g(RTI9q>wbjhRc%blN=J4sLp)Nyy80*(MXVzA8=vV72y8qGm>a8f|uKTWhP zyE*h{woQugp~a=5(H55AK|;hGw}g<8E}*&M5Zx-JqAv!g_qFq!Y7)#v7h}ALa}1>q zrPU&^wm5aIgj2{kIVzHJwiim@XhpW^r|}2T3T~P@KtQnscMzC~s#@RQ$2{~_k}p55 ze+*8FR2QHflq3u7v8iAM;v3+v42oDn-LEMzVI+yD1>g zPh;Q@(;l&zpjb zf#qzX<=k5P2WmO*h;BR)w@4>8!IpD_m7?XWj^!*u14EzlAki+Ojcmp3u@wz{Qr~E_ zl(^!*FKnH#VB+e^&&%$$+&yY#hc~6Cd$$_5S6_E?%< zcOAzskW)kxh~&m_cW_k$eypn!=4u;poYj7Kw$#CA$#^WcR0ZmiNSg zne0Vw{kF2khy=3s{V%J=m}vbrwtmy;)G5+S7mHkYKYWTKE^vNE&P&eZO4%Y|TQ?p& z@;Cv?woGO)$=F_4=$!BK<+|Hb27LL*sM**ORDe;_=@i(e;{3EKWL1F9O(&T`_b}|M zy&bR8*2kD%2`QfyCD>r|hz&~?t6&N-tlo|RbnKy{yCdLc6*#T8mSRpimCS$q9xWDK z$WP%y?ibjU=t3^WxN10>1%1eE`_(CX0``&I~%*>7=(XbmNzw!MVg;%E&j&bHs-cp4qgs- zFqmEprV)hP4hTu@Uy-(XpT_=SfQ$h$gvQiEdd~nkBzbEv;1s7>QG!tEG)HO*i;Rl> zG^P*>p3xLaU<%O{+@34ATOjL)_Ahh~Qk?{Gqn!~7L@02j9x39Wg{tLB_R#)O0FoyH znYXh*+DHEn{Xg{ocA%rj%9U4DvwuYj2hjgR|8I4TzJqFj5l8<)ay2`kw$ffu!|D?B0MP?P5Af4^fLL9E1`rJ( z8o*C$0HvxfN#=?nQLNUkZY~D}wy3yl@r!O3SRZy`h5J2cr4<2V#D$?%$QA>=M&0ee ze|t!<+2)8(O{$8NRHLcYj$KC|4Rw1|z%rrbM4k=uY^dU_Of?sG5>+nCg5@i8Ct(3I z7BKr*zQUL@pDfKRRr$(ll~dw8KG~K!xEM8=XiOX76 zfj@(#ChUOPN~uXxs#23AXXeYr;Pf7Q(&&b1KSFuikc=G{+MBO4To#*nZEVBQN`CI1 zG)=5W$%&KEO~h0&4t!thOs*PPuqjnN3Z{zD1H@D@riuloikni^mY@Md1BeC?4WLK^ zh~*+VAuzI~F$BgC_+y8_Qk9D&GbPZH;o-;BGVNal=nUfOO0XvbT1p8lrMjopn~ggC zw}~@PAfDXL%#)^6B_>IudETvEg2gP71Q%yAF~5Q)Qv#ETG@LEcaHOh4$+VM2(%@(( zv1tu9t)Zp^PO;U1dvWy7%H^T4V1?}=K4^`(MGLL^5QRiX5go-3jY77HloNcKf)zA? zXaLawepmzeU%p*GbzI-1m>mno*KFL@Xt2Tw|8)vA6jQ_BUhBIrf1By9Zu_Q9l%JQf zk5!i4Zax=-K%2sDcdM~qgdr;~(5pfP3-rm>+O6ZH~vpMFYBV z0b3OeXc2H34d~*ihRA?6sS#Z;psjk5uu+_Fs{})Oo>g}p$Cumx91Jd%pEuWvY5T+- z>jo*XTydEj+5Jy{X4}LnB0^yvsN4!(1@{y4+iZiE-e$rlo>aziwH%x{<5w)U6*r|y zdfyS??E++&>%{8x)W2fk>SZ&rBO(wegn!c1Ri)-pS&*q4DimrHk847IK zW#Q!tDNsZB5p3|GwWNhiP5NZ4&n(X5V48bjk3dadf(9X+>M{DQ2l9lAUFxrJ1K~CN zZ)5W}83lj+ml0|>#O&_EMeq3~_Zxe#hr@R+U)6Dbg>P=OI_w^eP1o~pop3FdzW9j! zvFBK`iG8@E(yP+HhflEg+s^qhObQOZitYU5kKn~{$Jv)XcH9whJ@&|%!Zo}Ddnr~u)S@S)F-I8^d2G$U^&iR_3!{7CDt#@&A zzbMC{)gzX5rE{aoqzZRXZPi<8w?32yyrczbx3rf;a)#Gvoq8wjHC#lQ7vZa1SXa`% z@tql1Q2Kydg+=W-bIlRmDv$6JHX6u@eqg(~8*GU5=lN%c@AbJ@47TM0tk^dK{m|ON z@*P)>ZTgOzc^uGH2a9~~rRI$pqRZqGO_8f%k3)kOw-($0yo1~azV4ew6~wOQ5DF?M z_8Z4CjaTJZ_rT4_a)Bh;^9fHBoU>qgf$Zszs`}Z9ps_4JJJ(-Z(aSEyb=3GKQvx%a z>Ocm!Z}Ef)%@y-LB=*m=n12@eUvqD5$>Oq?qkk5;j_98)2Nv9zZN)!Ro4cXIzvQ23 z+AesK%nw+4UhSyhs1|she}|Z#7h(%Ti^lN4#bg(bJ0?tP_$rxo58}0SCvmUMv`GL7 z{|aG0!zr!Hu2!=vyrlxVZUtrF)XsGEg+*MNb0}-jt-cf{Q$aN}^@o+rnf_R)F$RH2G}e74o)&0+l#rYg)SYTHmTp_8Y`6C zsHjclr4&({n6)dNT@KpR>C`nmn?iGw%nYq#ocg`fdpwp{q*b2oSH;N#MN-kriw^G1 zH0egm$v@2zs1Pa(GN=OGP&|>gc_OKJB$cE{bOLbgyo;yO=RK9QCi-{f_;;s+Zmoay z4^*blt4u9)@k%HkGAK_m@39mp<>g)W(RZBuxTEs@)OYc!JUZ z)TmFaQ5ZIrs8IudHX^o<8ugjIJ?Nx|BnZ9%HiO6M83nZ@<1rpkB_B{#An5U|t=gzU z@D!|7tM5xSd?rcPs02`6MUq~XG^z?g6lxT>rIgYgFvK=HNl~Mi3$Z0;k=m$25QQ3r z8YO>OMzBlahx|blY7}ZzWi(1djVjTh!Z<4E)lfFjSD`qni5i6(#UK`1$P@2fB2B?l zbu>z=kk_ZxwVV=C8Mxc>muVm>u{~5`pLSgRrb=IqO)Im22amWp%kX?Yl&>mvPf&D& z)$L`$(We)8*FTWRS9a`F64gyx!nAN3XN;Udcv)FeBoGR`C)T# zOzHpRR;mikkw>N4qEfZ7+`Tjwf~^}59(kMqLso9(M~&K&M(ys?snZxpl@>@r%RTeb zv?cEjiu$x=eX0USwi0fiV-FqOrGtp@gesYHUJZ0&Ppd;-7yiXKsubpF6`I20@wBDm zXt6%-XnOi zI3RVBVkt9Tn#v%5m{W8Qam33GYoduG_zrjSXA0s7zJv8g@ZpFTn6mnEFeGEgg{isg z^sA*7Y*wfwUtIhAKJj2uERe|^TkgOU2fZvFyqocLqCqeB#C&}6D>&$d*mP!fksT{e zwF2BpsRaIn<6bBm;eWrr>SNDXca%Y%l~V7W1RhnbocQZAbBLFGc_ zLggyg-DXqFs(Er@xh%yrHiHWh%wPtk^mrhMw`e;DJhkxD!c(jKQ%h|Cp$?S`l?#=t zY~^B&9wOC(Gb~%g2*K|FgVw4cni2koyIpZd+t&&^&Cyx_9L7kkp&XU1E zX(1atr@a$mgX^=fe%@Ty&U!ZwE}1xfA<9Uj!B}7Z>l6rJQ^Vh(L|A$&N{b)9E(L_9@TJiZLY8ONoUE2W_7sfrad9p-|KP1o~potJ=z zZ|RGV*dKe2HJjLnJ1UL1>EFXAf*P6gW8EGFZ^w!mteCN^D?OtF<{lW>2(_UP0^BQs`ZcX6E+&W9JXew-P{dKbNciASPb8rOY;D>x~SOWAC6rlIuf|TqJgnt zj|cv%Md0?tZ3Ns>8pqx9J16kFT#?C;xGCodi!1r6_`fmYkH9tNAi8vw+>1ydDak1B zbD~@RlhS)4Mv4J zq2ns&jx|#H&P$PQ1*i%J#b1jxvp5B;R_PNTz}xJ7MPuprj#^i>Li~)Ot6ePnUhZhr z)29@w4xyhV_+0rtu^6$MCWT$%5%-zw9Nke1s4PhcPzP%?Feg)nKtK~3-#y$>1}A@0 z_>2Gf7o~gKJ-+BEJ9ITHpmurGZ#y@x10XL)o`NU+BelKs0q{+tPgv~=>1$VNtN79) zoqOm4#qtwM1~>)#jW_bDBBZUwAngdUo&(%Va20zwLfUFCa7B4LCv=)a=bRffiJa!p zUJWfk-yq)LmLrZ1vfU1QKS0;RH@*8ga;;A!clQQxSb(KV&>0v@mCikU zcMq>S8bRDHd4969t9-e3d}Zd51EswSO|EyrFl+zzN6INiZ!t(U*X4`5-yuJWd*Ji} z;>i$at}~lve;*l8rTvAwpu$a1RhZB9p>D#(jdJ5SY0gowtz@_j>cVYc^)eso7X0L) zk#cb(w=$@UHtFNth8xE+jWmw0M2et+L4r2E6m1?ID2=yI1G@IA4n0UzLX{St%E4lR z9;QmRGZNi61i5k20c7ux8M4S&Nn$lcnIW3C3tSb(2wviC?>F|+p4RrXumWe5m#ZBW z2sO#8x7z$^Zl7bM@DL0y5kZIgQc;ZZf(W`e%KIHu^cL{6RB`k-+i&Vf+kJR~OR1J*)Bs)0Ia*+X=3@F!0{x1p`Z2;PUH?nc> z;R*CCXEu5`?cUT*3Qe2GQ~v;PnaH9xXm@lK!XT}oO04lopNe%>xh%%OLl<9a#XdEQ z)W@J=rzkee6oCdxsMwpjN*KEruf3X|*aN*-Lj_dr6xD{o3u?QCs*S20>#-vcMep}c z?-ji;5mBIChk2fwHyhfdND-(&Kz%-1MQ#mW?Nt0U-geQBQ|}Q*pIi;phkx8%cOOpr zx3wM=W_sq>G_tzTz?}|jqbV>K+T3X6;xu{mYU>lzD3De{1%@I6Km&QHBC7^R1qNVY zj)qiJf$h=MF>U_=SOQbaq}@IWXa{QW(pJDDc%@Dos~He+*{o`6@Wo^beWG={h+B$! zi+algz;#l8sJF%OthwuaVUMAqP+qI5x!W8I(otDkC;>%!+Nf`&}j_jBR-lQoGE1VU|1%x{UY6FFw(_H z7bD&GiF9p8f5u1`Bi+R@VHoL39qHN*9uI~nT+M@2_X-l|f@KYjrE*&G8X@adqv`O1` zar4{?3tosvXQZC$L)SE5wiq2|;-$6or^jE=Eu5N)1a}^h=rkl6EBuQ@bjckXWP9NU zR`@eba#T;eYKAlcOd8RoM5SP;a~~v#aiGn zIxFfQR`;}CO_5NKCCnZt^ccKsECXJjbcD)_Shjd9JMKcCn~zTtVX#T1s8S0Kbe~-YSG&VrmyJaZwSotJY~>dYNN+oT@5lC3P)`d9xb zK+E|w`QJ+Q-hcsvCY1L+v|IJPX1(34tIbw{n=7tJ-<-O-{a9p_sqjI+k}LN+pTx-= z+i9>Fm6K-}Dxh5Sm721z?zK9tc7ZJ^j;d8vg;#ggx~6IMP7(2<#xMDCl{n5Tq4Awg zyVcs=Lya%gyF1&eKJ2yX(2KL)Y}H%41*D4#j|#sru9$YjtBpNP+b`sH;u)Vx#}1u( zwWZZt(BQFMZxykpsPU-rThjP;XSYb0iTa+e@4LHowXQ-Suc5wgymQf|ACj??U#gt# zZY~D#s@mS)YiK!fa%S=!H9lYCJDs|!w(9%4b<}v&cmXNz)ij>LcA8co%tVFHRQN%6 zaPnX|&_?&cn+d8`|x#%)W1#iH8st~PAs;%a*HX_DeO78N8V zS2@R3xA!ogc#h4lx7GYw!&4WED)liKUe=3qZR;WK)UB}k+M}rhhucHXnM^Gc`(Kw= zQ;GV!gZf+k;jn!CV)I-YSrnM!opkX7KpRh8)Y`3Utvx1&PeuizNO2)=g&Nl5QHw`y zG$OXV4pqxXEq3ig-&jBfX*FaFW7{-Dd0An9&Mcd_`p_y;4uR(^c*yfYJamrVpn9O% z7N3W@thU%=vpf$5)fUxO+14EFQ31I$#r>t9!2Lo4`}X^iMg{n^1RAcSY$g@*T@hjw4EiDAiU` zs>BI=YT8J3#9$YLUFn0}gzBD~k5A}0qvH%L#h1e!tPqkEq)O;5GL@03%smclJTE)K zoK#*UEMt`cwO^>amDAlz=LP*`^q0|JW?CR?Qa5qrUXhVGo1o^R=A!0SOLMVM2$5xU zl&gmFSaX<_C;|G0Mdcd3=M5<|uJw0aXJK&cvxGH5N0G=R|t5{Y*S ze#soE@M*Y@IdeRu!=?s<%bz#b4|hMVuTL%?y8Zrb&gwI7t+?(})fgC#iVLUn+w;a& zvm4kuF0FUm&+hfZb@vX325meiOlx%N`}CNFQObD8g5p+UhC$9TCEXzlCv5GkcZ1Wu zSV;la6@1pZg39Y`kr9X@edEeZ=z|h^oY99TZRy^k2SRpXkOzqj9kO|JmOm^A3w6Q^1M~tWOoUKvdQY?>CuZ|JzJ=b=x;>qKsyf z$*TgRAQj(Hei1TN{3oL5qmldQP7B;{apdGGWrjkPSB-<+{ewOIVAnVx!-G!FcR-at z+yU^E4?mr90Fl+_E=;vXl`o?5pzIY_Y*t#~{(9r&*n0Yb{NZXNFQ^r>$;cG?c| zmERMKxrXF$XX+ASC&Ncaxk_=19LKE*EMa=cMo@z!O7ng{^EcBMd{vl zk1u-44qZ*SKk4tbbK^SBIM~3jY3Y;xk=j}M0Qe@+C#-gb^tCHBr3*HjcwYSSyps%F z2J1)=wLxB%);ZBf06{gGxYA%`t+klRV2_fj316??t~bM_C}*xSOFKlO+Xr_s5X{h8 zx_eB#eKOW(mLIGMUVCAW;P%4U0JawYbqe=y^jn|5;8K5eWeLvaWkX+GCu}s36a8Wx6}}kTP)pCZ_V;0*CZErIeVbo~FE#uqpGz?`Z9|J15#sXe8umC; z=p|JNRvx|y+WCUY1)$~jn@`M5G+(8EbgfTFipiwkG+0~e3bnoVf(@D)+@7#^m7VLn zB9kF;3#@T#(SK5kJ!di@c9Av|;^Ku{GR_tvy>r2K=Jz}Gt_zgtaku|)_TzsJvX?yH zp}`Sq1Sgrmy}3!z<<^7=_i{b~I$KJ@6gVfylWyCcI<9ZRjLe5C-7*c+nRyR==r04~ z_NX(R=3FwHm!mUV+l{N;=B@3rq!HwX+Ec*k_n%Bpd8FR2@?u(+G6YCv1`ZiW5#|P4 zuM}V*BW3uigaR+3=eUExd0(OEnC@0GC08R|$66t$(*TXn6`uDABSMrQA!-Kwj* zYF*Q`dZ)ecybASIv;)EZZawz$y=J}LtgFq|!mIb-DjFaU5XkK=Jgx5T)}fIByhGb7 zupPIiQmY+Z;#}h@c_{PT#i&o7O@m0~lq3}(g#MRPeUSP4s)TdVsxmqDR|hZV4uj>JN?1c-Q&FLB_^T!Sc;5NEK~3P?5JUKL7%2veaF$XDXb=INk21s+Te+M0=V zY-^FLWemmHZ0DJ{mZOiPHi`4j2x_Cyco<>oQJs};Pzozdn)0o2HT9J#;a_23MoXlK z%K~P8nyx?7t#m&NSf?UUnYQxAY64shff-&cge5kIJNY$32+SZb1CH(1s(QBN8z(c% z2+RZp)5%gYMtxc_L4Wca;3GThyrUjMUWt@AeCA4@PJw zp(}|N3Q{f8H>L&dx46@?QQK{|n{wk}@~yFY2u|e6r`Onvvw_TDU+E^`CdVfQR72cK zD`loD1@5`HWum#J#oL<&ifFDmIfot+yct8hDmh07XdL}^>j`m2 zkeTZJx9bX6YVwHYu5N}tF;X| zIv}OJ9t3#Ez|x;d4MCAjJ(@WvvX`LwONBN>porYdM5~Qf8?E+2o1**6o`T@@#*ydT zPUnpPkic!_cDjvd$VWpOlI#OSLp~B3(z`pk8a$ldA0ra7nd;6>wc4lxa;<^MRvS5i zpaiE1y4C1bqg%b;R-X@Uot-)G13(aj8R+fUs8jUp?>jh(de~G4= zWq!+YtXpz>s}Tl*c6yV6-}2!Lh=Gh97iLkdQ(Tdw15#!fuM16$LoUd|c{fKuT19#b zh~rprLrnpYw%n9(bg9v$MwfcQ#GIm)E|2=5wTeuQcn>qJ?#g|jpq)lLjdps`PSZJS zSGuh~78>n{ZuNpJ=Weyul$!-N_p7xw8f?Tsq6P|r*z~kM<%sbZ@)|eD)P^dmjgg{= zu?x*GUjIakU7m}*n*)PMz^|AaY{?gj4mLX2=wL56g_qsylhGr=1|gg4#oWJE+f^X$ zsakzs?l=Ig_2#=$zAUJ0-gS;^C1r-Odqb_Yaxpl)uVJ5%4O=oS8tp2e*ub<#tGyWy zNIr{*ypRvg3!#?!;rOzDRy)Pwn9X!|(Ok>j-i|{es@AA$k~cI#FB`pV#6%V_k-5Fb zV#X5PYq_z8z+N}eUT>PUK>s@IZnuuFBO5A`Qz8+dBJ@W^XA&oSw|&IXH@h&6*fNb* zWiXpeboVtS_+W|ds2k%t`!yM}-aQdz>{yobV%m?2M-1O|Y-Q>?&*q4DimpugYCOIg z#ThGO(P1$C^#-!yR=8 zriatNhflEg+s^qhG%yR^j+1(DQjcX_=^3SQbZYWTfk{2Bc5^pv_Hpz)xBF+VIihh> z(33TtcLEd{wsHOK#~0kxrI-)8+&5@EqSmP8xWK`onl4bo9*4u?<7R>lsrHR~xYuA; z1Pc7b)`u1;GTBn#BDH%9m!n)&5XYzwX{;@1ePg zi7^xfZgsV(d}+1no#uxU`=#^v2#%rLqVHPPfud>3m%Vnqv-@vr(D?Hl!v);+ouj# zqP=>1e}$8QdJ$CxbrM9LvOt|xU=)!vjrRgzCuP?y13J?%YIxSI!<}=YkKinA2GLy- z?a??)5sbZLk088&EwMPQ!#`5%?fPC_4bi2Va_zViJ#AoPw3%?aGEP^92$gL^oUU9t zX0zYeOM`5x{xm;~Vn`DtY8mb{w5UBJE;qb!goL52fTD8y<%e%dhpEJ&R0St4i(BBS z>r7IPmAAkJaSOb2q+Z^@nYjj$dWn7FL9Ruo*%_(VIUw${DY-1WEXgIc7>fZ{;uIPX z9;xN`cA!m-Q4H%QcIf7(fg{L!pM)Wyt?7M z`&EHQwSljX$KkKD5wU%bKe{8j@kCrt>aSIJ`kuHQ11Wf^MHp`1hiFqjESzGn8Q2T{ z-oMRwfz)5FdwD7K`as``tFptYOk^aK@k;WcQi5Wn)f2LEM-6K@HE-jp{W33 zHuGg-FiCxy+;^{Q7so}K2#SkGDqx^*v;_5ho?epxnv~rxv+VtqZd!`$n-NctjZcs& zWb5$=i8=?og(rf>*5DYC+Ao#eK3Cv~ll=&heSLUv;K3o>6O=mkVExNwKRMVUDGix& zlchf6@C@15z~C8@ED2sKwT#J-50?x{Cg=yh%qc6+@RS!5TK5eMJ*SRLw){zul8`=R z3Dzk$u7qa}o;j=*+laNj5{C|B0-lS0!;@Po8i@R13s`5VgMsRVEx|b_wKQdq3uIp( zVqY7(2^C1Y%e4!oK11%I?YRZytr`@!OKtgh@%>`O{X!{zSbWb*_ND$F7^rM)f#g!} zBrJi4%*MAE51BPZDD@$8F{t(BK3$?Hg|~dEey11Sz$W-wQXh!2TXWghho{Y&rZRb8 zSAhp6*EW>;xas$57jpM)sg8C2a0jDYdX%(9vab)1n~jef3~n|S;VpTFUW{ zREP=$LHXgY@M5pzkvZre*Y5rJkqoB$1sX~gN!6tzb!yU2)0KUyv+V1W z+iyIQ{lw%`r?a*C{ms)+1z2@Rfmrh(mpa|_JhdNw-dxwtdN&W2W9ZgHLuv()p0O4P zQ)(eD-SA4R)Fl(gCsHpJ1DrMOVgh)oL;^~#xjIQ1f^Huufr0}D7mT4EzS8HQ+x4Hi zJE{<^Zt-~HHbC<8DUiI>mP(gA&Ix4rPywSKE|s}XQr~nuo;E(7F!I@0grF}U@N|MI z6%3xrXyQ)IDF{<)LmI4+-|$MTv;yZSo=zK^)+(^~Dib_`5&Ag66Fr_P6FkXo{;Lo? z&2M-m&L<3>)@vA(1br}VREGB{d;T&Co<79sbmLg2@oMG_-jg98D>+mq`)MS*O3A)H zjEg=+TqM^vl%BA_NZEt#;N-!ZI=_haG#g5u7K&CZwL>mFxk4^IN&4Z@ZLR=1h)2t( zI9e(JxkY;OF+jKI>jdW$JEic1Dq*sGBw4A?QQ40v+1H0h6COFHD7bnG4F+Yz;!LDxg(YWwNcu6Ozn-o9jHUk=9BXkbpJ?7F7y`R?J4GC290 z!e9K)zbM_??(s!W*`W(zS9kepZ0E*xpl>Vx_~1$ZNNX;A0IV$fgw?K)zILUi@Vrs{ z>Rdo{6?wusC;G^=ADc{CX-QYD)7SyY>SLdP1lXe#xgM$Yc73m|1#5vtUD)u3v2GCM zMmODM;qp7X!m?VK%W7(i%VLjmmQ`1Sg&io6A5sqg{n7sq`dg~Zf(-^g`2B=mmi8Ch z0DUsnXOhdXRt{_7OF`Hp_;^A}v|ug=Ve*YLlM&EI4c{PkZ(xOY8Y zcNZ>t&o8;(*wg4uNV}@z{0iUPXmO#8P1o~p9axJ>-(~5+BepX3$DU)&CU&q^`uC+L zZ0GzK=1By9ww<5+5nPOICit?)jyr;>VRUQx&J;ew`!jeo(?Ab)ltt)g8;<3`w&{1Z zeYF?7f9UwWGg36i%yln1<|)vTxPj!4e%8m&|Bq+N!KDDxtGl?&@i_KxK{GcXVI0awFC?KyMJ z5#1_}@Dnx~d>i`3n!DkK+UR-EjbL9bU8a<$qcw6lgx@2afESquYD9_4wZpK-p|x1j z!$2(Iagg3|X|KItJ*Eb?1oXp=;Gkp1od2G@6^j-Teoxv%`0zl5kFNDek>Wvd3miBz z*N}UOeFz>+Tc^%O%0a?z8?%t<_gY*h_5pO1Hw(#9+#0)v^kS5Ky2_>VSYR89)99Wv znGoCevKL8Jh97_Y-*m+hx8h>$W5lhmSiC0t`otL>-u~pPQtUp9TPKoP%W!$*(iX6F z5TOT7f^3GbyFvFX+0BdW>l0^Iu=`UPX63`yKyOP?q_%t;aPYS!uQ|FL2Jdp6WM!>S zoZ-WC7NBvP;YU@dt(8kn(##(9`>LAGYQ^LDa?@FmLV7z@GvyXBI~N$Fw*W$Csf*;E zUo(#sCb$mR(A^-Bls&~fy1k2VcnA-(R0$@NFqyQJ9m8Z&m}|yl(g7xuLi$G1a<7x^ z!emlui9<{#l`=*ZlS!LtboG)+Y!VQ-igCAjjsnv>KTjBQTq+vcjmW}g$Oj?|k^JPJ z-i&zan&8Yw0~XqG3t2j_K&!e}h~0&w3(bh7y12so%U)a}4Dbk$BZL+>5MHia;m=p$LQ`n0vsTgcb6j;{0u7IUvhn z9z4HWIv$~j@;e_C3-x8EV2Cq~2t{lhMeeU&@sZV--zj<|)Hhg*C4~>EFh^=@rmN*&zUN>kEbW5Q+9-p%eDpMI0D{pl;cq z?(@`s2s}kTQ@+p`X>riR(ppn|TN=N}QKT2H)Fl(gFEV;ZoLV7Xv2n0n1(IxCTKm-F3 zjBqR=XakOwT7j6FBN(7IpAo@mHsS_t+Xw~-I{uOGgJ5*h z5De%+R2%sEc$~UM#4r%UKnw#hjKdwZxvMV70Wl23Fb>=sH!MMVx6wip9nl3YLUyEW*#$=clR0{iSW<5&6-+ z@T!pgY(!!PWv{*$mkpMN>_EQ;?DvEHe)NT49ElZ3thfie@N$Tt1cDOm%rweo;bXs_ zja^$T4Jmt5A}E2N1gPaZmU~rzHG!bS#+Lijff8Cg@ZLTskrVI>$0gK87BF!~bmIwT zV#VcyzytylBXSNwnD=MUNE4?bVZ{eC6GIEx5(rEnFoD1Xm4Jl9uMn6(U;=g~_^@vg zwZt)GkS(!Ul@tOKT&FjbqGd6iSg)y+I4${fz(g~CJGKo>?J5_eEz8wzYgu}Xj?j_!?ZC^icXs#n4R9-~rI zE^MDz3UwWwnLl)9_9*UBe*hdnoMA_tVly>DoZ{o*6iZklg%mmF9YmrmRUT9!PM2CX z_VlT5I(F!*2d`l*&3)zf#9}j+U{2xGB_45~$F5U(QmBJfNBJ6 z8WHgDqd^4X98*Lb5OF}nVV#lINP{Sw20@F*72i?i%= ziNd&Ry-0#u9Lk7IB{nWTz^<3{Am0pSVqGsIz4?@VFWd20y?hX3Re(S|iqXtOF``Wo z7Y{-i2xTCYfl!9U8!I4`flvlLA{LVp*#D9ycd*q2OBbz>H5V6lA(SBk%3y#7f*DiY zC_Zwy7}z3ClMukzIQT{Y0|AT@SQxwU2z~1SMm{zm9>r+QQH(*i*1!4(R)4sj-*c?l z#15J+SbFRU?3IZvDUgeST#R|3id>9E)*=q@Kmdc&a}mIx2@iej6Cex&Z-ldeGw{CZ zRey9X%Xv{w2VJFW7{p8KV8+lqY8-rn|I0y?cQBZ+%vyIeG3}c75_kJo*r(#S7zkf% zmYB!#53XaINpa>+B+?R^C5c+eP@BTfm&%rZ?8RkUKJc(=I4>S^XvZ-J4M7J49SC)m z499Z7RqA)OeYMB@C01``B5ML!6Udr)cOM!HKxhyX#BZDVS2#7a6ft7UiOsfQ^*{$2 z$3vc~cHg~@JJItHK?1y?SQw8mLx>(DOJZY|1di!gQ-mK4X6VE%y#lH&d+aXz`ox(=#1_^JjOR@aLwKeN6&P|s za32j^*pHjY^1+1_!glen!d@Dza4|T&ubp?}A_0dGj^Lpc{0PWzLu;u=DQhCyCu4nP z`9aPb-f|JfXsqAVa)8FJd8xlbyX7c&8=Jq$D0ut740xIki}ZDO;iC6E?AvebrG$O_ zs*dw3d~>6vu@4`cKu@@JDC3(3i?kquJ(~X!3nq}e0OZz}14I@Wga8T_sN$n*jzBxO z-XXGp$O1hg5LuvbxjNT@)kQcd&2NybN-~x`~#AXaw7lGJ91l}RGuuu+2qeq6XBDR3o z0&E6GWkPJ>F78B0MNYwPl4W<3Jch{)zmzK-#=n`)%u|N13TrlY(!VXR6J+NKh+AJM z#D_?<4+{)1?<<$`-}|>2FDM{U@Kpe(#p<$84%4b}3%O00HU|S0kJ9c(C~bfqV{sW4mjOD5 z?Q4(%7IM9i0!ELA6+kC(PARspp}|@yRZ&=6R*D$0ea$*Nhh!BB7MGRJoJ440vptE$ zWoyR8Nwr2)wG331@~V015i3Iq4y@@??NLvk(n5AdD4^~d&q{GHR{1@#7!QqdwO!&7 z_nGV*v1%n{DfE9ih$4Rof=qk!$viD>=>uS8(I-&Ju=T;HMEbk!+_;W2rob7zEO^pS zU%OHZ0(baj#mHSaxS%yMz=fdkSzIt!Vn%Dya3&AV%LqeW_%0q~P_saWbmCidpW$`~?lm^C(d`lIh{GD6 zfMAXtcSKx|ov_XnKnd^9prD<%;(>|wR_2tOq2v3`WX(5uw7bum@8KO<)>#?=dN_aw z+vA4B25e%32m?Jk7jp%OFi=+r5eDWG&fP>R6CQBJFgbBVZ!9$9qAw5j>i23FgShj& z!aWy$Z@WMNr9fTLwgcs&X{jdb)mOMi=MHI;Gvs`_@cY2>~c0K?i(Tab&Z6gv{ zvA%dXLd$?7@|yDm$P*$GylI~8{5(cPA`fEWIL6Pl@Dh%2E+RWat4A#BO6MFYhV#(0 zd#m0`4$=V#C_rf7CF!$vUJfGU2VSFf>YcR9U|U^ms|#C^L+(=f+E`OTJz0kEc` z6fq*_VYBG3ikt@=*t6L^FNT9QP?$2Uh*z~Iuy1Y-_ct}Ve=qP@jz@d z1BlIOzk@iebIy@hHoOFJ*uxz!m+FQ%>_IT$hECz*b*qb6j58P+Mt#-v(P0}tpV5}4 zl&6syhRiT}dLlCn$D8>_h{J9cUsVr>#TMi&b|{?&iY>@PYONm@b&G?Zu?0B;JU6pt z#jv(*p{Y^>y9^Jw?_S4Yh!udfZOJQ%3dwap%UYi}qk{RYje$wTb~hH`;FmdN+*(h0 zF)d3O7`mNpc7hBT{ZZAL-`)7P+cLJBgPMwmc3Tr87*Dqe;b>>$taj=_b&sU z<`uJ)JQ+L-3kdr808|CAS@_Q7t2)lF@Xd{u#y)&(x}JaQP>v>jm!$`f=6~!t)(i(s z;($pUFbVnrdXj+!Bf5*|Ea4(cMkiN7X}jk#V-^JuiluASw}7gyK*%Ud#WH zu-GJa_vsjCd-1?~%cw+tz%L${Xy*bGGf2SrUR*?oO;9icyPm_5yhf8XWS$}O3|jPY zf5NcGA(FX-5e9_3aFWD(7kXUl6Ov;6C=4Ggjlr~tO&~TAV&YSSqvmXnl->TRi(St* zjRUbKS=pNsv58IhBw`aAM%7pi_u+VAh)uLQao1A_Hjxwai-#w6bKr?Pq8m@pr7kWd zgeMT57?E>;Xb_&5SGX-SPD>uPoYaGbaR^UPJcAj~QrbabgEA)1GBQWlpsbV~iG^`V z>(AJjf$@jmIR=}-G(ze`SPoU5l`Izi%U*DT)Cr_cl<7;zt|gz2IS2RmJTwk6uFCs7CI5MKmi4H7tsZ1C4t={UJeWgyG3BP2<#R?4+eg? z%@4fHSWaBB4ABKd7ZzNw%pEB%4ncHbvpBPQl!vn!@rn$G5oaZf#qP4NPn=F;56g`k zFjfIukV{QI8n&Qr9a~s6bQcdV>@UF!%@AJb_fGHQQel}lq%Po~A*`ne$+4gfSWm%W z<#1q9Fq$*$+%UAxiH_6-q%N@Z!^${~I1d`@DX^X*6PytjXjTtg0NR4$I|}s_AAVlk zD8=9hwppI#K;+{+T3G}sI1d_0Vn`B0lGr+ZXRvKAkLQ>ZS4wP0y~L}t ztGgP2xGAn8Jr(3YN2P}wpgzMK==Nyn{HDVEs<4^y;WGnEe4pQ4amWxoA_5PG%QsODF?}0v5Ytu z6rIj)K!yqfDefkIA zegyI(kRJgQgm<$+v>bzaiUosYabz;N^0mnb^s;+>GI}HhksEQK9fA!AHq1#+?`3yB zaB&;8rXHHpwTg9;=9HaD$Cv%H+UZwi{@^&Eopo=hp=E!loqSc$_=YLN&0urnmX(sY zliXKX%lIxA98*oKolxucN6H^g*&k96#~?LLf5=vg%vh{T<^*l`hPFE?((Emf>58C7 z9I`&pD5Ftcx7`D^v{fC3(T-b-?Pl`Wk(QAs6Q9g$rYG}Yd`Da=n8?FK9wzcIk%x&q zOynKXQN!O@6H25GPiey}!w&@#CRfU zXdxnif5DZN2M@t2WqLoNb{CsLb_h9?0y)UVU0c#vs<>Q>E6Z)zi-*?Rg&guDdhx(R zI}do6jfm}gaRDLrfY<|K4~RV=_JG&}Vh@NtKp;17h=(+X&0?l%(j2fu8q02OcIy#) zK_JFhp#2pZKK->Xw2gDr^cR<{s#CS<|++nr6 zthl}n>b_Q2cRO{hQP=)cYiO-nL#t_>heqe1r5>n>Vb4+(S*VRxU2Qb#d%N}hPD!g5 zR{%x_)u+S;lnQUKWLxlWtdY041y%riAU5p~Ah#4PtHAoiSpa?JJBCYipNtgUSLQZA zdD{liy~+qn!N2J{R@`?vy|{zc3>UUfEamz~PjP1c(3#mIxo?2%8>G1a}2oR6KOsiJ;q`H`leZ-c11B>h^0~D2Uu5 za*N0F4b}jy$F7W@I%-n3sGFI_nRRkvXd@BUk;Q& zX<&R?faeZh>2u19`KRuV{>WDN4}f5(@o!f;f)PrWbGx$O0r3FF{t|#O=pQ41u~gxP zC2vtR9+tfMuXKjU=(iq{XaTbA5zD&LGYaqbG>UoYW1m22BYnVIjlTR1t@nY40}BA zU!f~IuzXF|^KTvcWh1eKE!f{X6L_spibS;H99#r25Wt|kr?)~bae)kW+}SKdkezy# zgoHu>1ANBn02uSd#y$QOv`L(Or_lmkDgqdrk`oZX_*4J}4PZYbfRUI2ycGb0N>?%f zqt%E2jHsz`u*QDx^ghMPM?{;&C@hRhSfwPZd+d|3KC}3=NcNTs)*}Yu6&R@rPb`Ik z>;;$lD^Lcbzm3h`WE4bS|1#id-tdNYrwN{g1>D2)a7hTrSfrSCRmb@izPZuT*oQC0 zPP{D-i=^g%L<}RnqYz>k%Ug`c?ucO^h7njIaXv0$7>HpYhQW^P03e3nb7yrU34_Nn zj7eKcXOD|Pt=~)W5#Peq#92w%Q^&>DCk~gy`i_mcUnA4QI=QuKWWapP;Y4ansy&@( zH&Mu2I=ZlO>@J)k(NZ%3hKs@JeeJxPa(*y8fVy{xF>tuVcCa;Yey?MWO#B3>XY~%r zJZfERvAo1b;0>2)hP_p9rGZvqt7Lddt65J)prRJc@EWaC@1$LZcTdi|2wx>)3|tP# zlh_gGJtM||7{h`q2Ip})wMbk%f;@@O#*;vdVdES=_K=wB229ET=Ws~IjteBzb#TK9 za3Bz4pa=CjrV+f!4}~$b;$igGF^0VGT|CU7Wx@GlUlqBgn80UntqYsRAGa;;UugtK7q6NB+XO zKV9m1BI$Ja-30GxODMx?;k$U4p_KzCf%2v4%C;*1Q~G85)+MVHp~h zp)qWZ`wc6k7R7m5h&3SAAVG$^dRPONp|L2UbQ~GW&_Zn94~Zt?P6I4MW1h-pxT*Z$ z1(u<$-B_v+F1js13US-AvzHZMh+!GpCoeo zcEkm3z@9g}A{l$$V9%Qa_r|5YqQU<>T4<~rKWmX4w&u*Au0i_~OD#r38rE^Ali6)V z8p4pZyipEvu~d@xyx980Me^8Kcg-j{d5aNg_~b~#UL$^NZ>8r=3~9)V;KhRtojkB1 zhkb!q17Zz`H6YdiGw++b>Vg~)Ye1|4u?FT?lwO>ISi{CnKlaxxo4bycXxmYCtV9b@ zr-&{n4qm}ZG^|7uIaLw|qCwAdell%_)gx}Zq5KSkO#L`6CRJ7tE78{Ufs9YO4iBAxRC@8jB5D*`wrGXa7j8?N!}Ps^1?@V|Q^%Gj|i=f$)i z6_2nCw=yEWZd#r)g9X5oK8)sl^c2If$L8bAB_qYL`HbE(-6!?*C2|77Vis|^IX>-- z43}+Y3#zpwDEcTvP<2%q%qA1veNA7=mZddyoo91IJVjSLz6`|~FUu}hMis`_JM0#X zP1o~p9hl9{9@6=A^GEEDJ;$0&Yyc2A86 zO!M8f~9@aDel_Ah=6P~OZ*@n5IF{+t?q=v9UYGxOm!{BL9PHyH(g{g(kxvuk_4?k-$37-hKM;A4T(uIf0y!Z$Zs8dJ4-Xc2`D z8KDJxIffP(T8IxVG;OyNZ2zUuqVV(F>TaK2qk<5qv8=5h%qg-8Y`H#h4qSM9E))>*Y@IL!V5X>{Ww?qyqs07YZjKc`26i61d9K zZm-rqx%w`XEMd>B7`45}1{@5&Kb*~o=RZ)W$CF8L$vTR$=Q%Z4=Cf%?Wh<9%v3PA= z`uM=a(H~WfoSN}nSXSgjw|GvtvTAm%l%!Ep$$+1t8;4;NPw3drPd@dRlfRjKjvW_< zjd&Ck@SQ36klvrGkHsB2zVA%dd=rZ&*L)9Qk?cB4<5P6b*Zdruy;EfNj<&}kw3mbB zu&LSJPYb8iMn}x^+;ne0{MzGG0Ewformz(bz^Nea7w?bw(KC15z|y39;k&|CdE>Z6 z2vgz~*t?cmeto%@R}caacYE`*!GY%qdcu>g>DnUB>gc1|7!(G$F~x#wan?s|)H|KJ z20zqBPEtey3)Ji+dZtNbA-(QZ*D#!!?H5G+#3|FrI5Zr0`W1dg+mt>qoQc#%)FqEI zOHX44QUj333K1t;eKav`)AL>3cijJ^Vy;IruICCkFk;*Xt7hV{72iH(h0mD*>zje| z_4m8)y?}Dr3Y_a?c3a(L>3|@=%^oE)-2M>@oDY;Y%sZfNJQo_kAXSW}k>9vD;{c;+ zj#@xwT!Qztb&dfE4a#4hpE^wg<2n zyQ6Y~zp#N)J=P1c3brPAkYa_8!k%r8vUdpgTIs*B;)<;4lBJUV*HZ( zOqjt2s_DL;lisMDQt*2)Ai8TjDaX1em0J(etgw^AMf-jDFX&vMoSGJRk#g_vFaNGj zrvLH9VJkMEea55Xz8*f(y5m2-Oc=rc@GpPluwa7SPk&UEUfPb|qB8SiE2pJk*TdH5 z-tTfjW0|cI+JJj{$mC7}_YSIW$o+EK%l_Y%*vxvQn~Ni$v_U5DG= zSSAe$zZn^NXi@V4G?5)yAc;uKkdPpH@jGcC+i+$1SO0Aq7WQXr;VG^Kh){3l0p8d*MeRXIxm6dL79xAjLdA-1pl?0>(K+f08v8gSRL zSZ7t1mPg@3R!^XZ4XFtvU_<5LJ4n4>G;<};DYVF=Zln!*p@zPSm>x}WP^nln4VUz8d zzWFQ_#W!hiKH%o(O^4_dJFKaWx6Mg*dRgrA0>3A_ye!NyxrG+RXv@XA<2{&UQKT32 z*6et-eZm`%<_mPJRc?t*yQt%K7Q3CVx;+M{(9$raPb_m{N?)n*^g4YacJ@xG9I!}l zLZk>%-h^r!87g1u1ZHm;8Io!+>X*1i?lLR4v!&e3Nw0fq&2rB4KR$YE4Pq)|v{=9hJqFq(T$`FV2_q6Xc;iPZaa^a|N4GY#;g0u91X)&eHpQdQjjpMoTti7op5=;MB`$<0zeeLwH_0>lNv#E$)_s3+khCgVR6N4N9T{kDI{6E)op& z4Msw}MHOnc>QE_ASKIsWUm_bMl^sGIr+Ko{5>-^kuWl{}MNm(1T3(eiT+4w7B{+WY z3}^oHX120=XZWChEVYM@XE^tmH`|x{yY*JP4kx*$C7^sf!Pg;9ucF}`xMRog!dblB zkGQ8#ebceiXxhH=dtx!C4Lr4}OQ3uDGub)1(}xyOmX!77Aj-pla|h{cA5z@P;N))# zfAK&6qI7S&#}_?ihc1K}xBx)3og3G2#sNz_L=}(r5|fCdPgv~=>1$VN$@Genm*RM{ zgWcQxocWy3z{%Cav0EpX!gLcxreg-? zaA%JvPq>YY`YVUTkEM)CL=LGIX{2c1<+iXaN1lxffX`gOY2_wf0{J2ZGdBWP_-3G5 zIhk*gj1nmLw-EH|$^Az8Nn8*7$0c_VzQ+pAyg;DVJ5D%~=)Mbn$3a6|QRKRFkpkdOjNl%qSAj z?Qh```{Tl}qn88v_wWhiQ~*2Te69La35-P-RbR<+T8ugZD z4#=wDQ0-zaYO@;mDzGX>WTM+Sqqi#;O(Cy>mc_q^0YP3xz*c$(Hy?QwLH_GKTUB%t z)YdKXDzdYC5r1LvB-&JcR8W%OBGmF`*|=bt zmGheAXI5aZig$ABX|IaBPLY+{>qxB-pXJA174HxfBDErPsNX^ORiajWyiOs=sX$Hz zhx5Z0qhTc>_NsUXV~D*fw(W9(7hd7|V{9|=J}H~Z5F+M%B~r==s|vbQgXe&qBeq-n zQEkgz1 j(8V7z{lecBEtb04%GjcriYfFpmRiG=KYo#4q17&h)W=fIHV6L zidKaT2V^*`G1(kDMJ6@eYZY1Vg#P zNdu%eAicpSFkdotkRl9_3{$?V%^Iby4WCd@kvRp(aX^kkIuL~%hj%zyk>jv!jzemT z!vi{bqXy9`_KlDPJ@|NeAEZe{rD^YASgS#kz#$vkuQ^Am#MJOv(8qAtvinuQkPU1H z@lI&i$2&BUEP-T+&rOzS#<{9nCQGEJ>>^UaCRB+Qn+Fjz_t)s7Z%6T)>mRB0y?T>P zLcF-~h!IdG5}Xmf5Zb0DAkr*1r?~!p_q`X){b&UcXR<6_-CbM~dz7{$WiXpebT@70 z4B&lyfD8QKM=AU=@Lw$g+3088I^4OV(|7u0tj{cd?6S99u&xKt4xBAuxt^cB;8K5e zX0(?A|J&I7O-8}@_?Ho0oAp}=o`ug1V(0w^FZWNos^k0$-`r?v?8D~+KEOfe13c#A zK9&Z2u$SY2549JF92-$AZ!zjnZmAK4+EGI_ess+dOqhYK3hJY_+R)kpl=kIdyU+9Q zb_So#T4Mzuf28u%)WF1Fwvc!`M5awV_@!5Yqyq1*#s3W-178Ve?2tFHRBKFJvi z1}hD)px6pK!WMY*qaBG(whx!;!7>apm6`&n+5z5 z-1LtmPU-YMyBi=~YF=VU+{smiHQKWKRe=y6EXOD`yjI-pu8b&MGI9JIZ(2%aPse)X zQg+$bScx49LPTY!E_MG9KJ&_z{6ZRl$LA&~sPYk5FA~ zNbEZkj;?B*dWYr&mSNtP11=(fUt7&O>nyzd0&e(v#Imk*hIJ;*E;b}yXtgwtu3}KD zz(GxskxQ|0fk#Mx1h{t+z>b67;SBiqBz?6@SzR<7tR(W!BO zeR$!C&CH#lM9Q;jfRzB>W5e)p*k3|Fy={v0l|?<0EyWLSpOoDWl1nfm<@Q z^fW$5U=?JrY%6w>i4OIpypxQ_`Ckc{b}jQc2WFE&?jMhZ`B(C4nPXBkuPyM{0K%AK zk8)g&%K5ON><4dsGa0sitEn{_+5TQ-h5y%K&X$rv@NHH5NOE81r&Pi2ypiUw+|G~P zfr1RItyzAM=bWWfb>R-)*gP^An1CFjyh#$N+|5YgYN5dqUxl4^8_?=7GZ&ROBw_S* zvX^NR{)ncBTA-??T@%REw$iTJ0_d6Iut!-t{+eK70S3qhdkz6S+j`LTEMNr zCrLvzPq9K8^#hqBOpjuEl#{9$b7_Ihi|JA7VTcEMFg^NyBtJ}#!j^wO@nd?F`8wil z4yH$`t$)9bpI;~n52CHNYQU;~Bjn3wfJ7^tr%uZl-MvmF=ihxWW0Q6h zDg$h;S}F<0Q%X}L8A+&Vx1$<%hg$cl=0y{b)E4ui*|>0&brh8qZ7yd;p^TenMd26B zidwUY4GrMJo`qq-8KXqlm=(pWC}u@D=1Fr43&3YJoQK@LAC(JKs+AS}ShBBJR+Js` zm=(pW=oW`GU{>@!GGACU`VQ$vEE;{MoJ&}^C_i9`Sw>=_!CU zd1`pG`l3o^MIqY4tZ3NVSrkD4v!dcDFqjnuC+EFc)-<(5EzXJ!WHBoWE$2!cfsp)B6yy11_d4K5wo4U@kIU=5-D;}Srr#Rz;_;SUB6~36u#$0x253#~`DVKc% zqpDFfwJmIh?7-Lk zS&{CY@U>V>%12w2h(aXGbHtP)3luta%Ti2r;Pqs>1_DLiYBjSLNY}afpbLTW4pJ`{ zwolx#ZWJld*_!M@m~cu5x4x>94JJEhZyE7>y4rH>ld(Rte5G&zhx;{^+}$HEyLoIH z06r=M;yx2srahZH`WRFSQ(_)Yb;EbuoRJEZGaX&)(Q!@xX(IO>crqWKvR7C+sb7pN z7*t?Rh%=Mi1!-=-RlYzMq&xGUsv&o+1M`bN(2fTaYQUC%aTIXI>=tByjuR%>WX$l#3hiXdFv!>8p*p+Mxf{Kav{suLqFo9FNW4GD*MUUOJU2^CEMS z7%~_XL1PI78Wgsjndmi{_H)vfuPS=#NmjM}z<&G|l$B}$LYM+%7Em%yB#D0x=V$Po z3nig&hUWDDZ|_=q9LK6~W{Stq#Y4l)AR!Hsl^vk2bdsv->4?lIU5}|&O?OJwB|u^j za$=|AX~zz>tE;P7AcR=L3jP5s5I=y$AXu@1Kfww%Be6o7<(zXL_Vv9tY1?t)RMFK+ zb;Zto_&eWs?zz`D$LEiq(+Bi6oA>UpXY`KYyYRd3wA)*|xRVBE9<~?3?kQM_3rvT8 zmkd^7&f$r?a60m*@bT@|4*m4lHZ404j|}_>o&qc$8Tme}E{R86dju^cwFEGe5Dvfw zp34rc`P3fSf$c$<0!>2#nQq;p^Z&XLbR4T&4<1Iw;m?Hn}%+vxw|q*lY%*WlQtA6Shrx^nGs z>)FKp-h1%NfGKq7_?T&63)X|-B76(B{B-LV(dafj965|k&oW)#gNwSd!}@!8)wB)+ zihE%P9+NzdqG_km2!~^PVuoA()b`*UJW_RHM({Q`Z(!4~S!QU5A=Ex`8?Ym4w=ppt zuZ|VM1+W#95Z}VLx!GIxj{JA%dr=4oo8i!Ly7gY*m@aZ*-1EZZJ%McKyAUW|cAlDU zx4yHB{}`AdGK(B;#moB89Dy<2ENmJVI-zVK*FGf{heM$lyp^tuAO}5QtL|oCo(JZ1 zjF-VE1BSqNF`{k~E z2IzWK2sp{gV89oV2d%XNiL52^bLiflLH9PpE*IU~712E&IA}ibAzqY&8#8rda576oCHGQ9fj=dgt3#8?!3aAPk1G8&*j}yILVZc!7oC3 zUULOLeucEpioTxqd*&3sYND{7AI~>0V5KUed|3mlLod46q%{}!MZ9F{vvWm=pElkq z-TgY7KraC1B-EImyPmvJJ+H7L5vcS&&s`w?_u4Et|kt}1wJw?;QC<-r&+Ww6yx)nZ#M0-&aP(D9#%bcxUyK}Bx9tbuj~L5_fv9`~X?KDO9(jBrW?UQhN%{j>fa^9t&`_EFz}(*`@A zdwQFyydn{-FxJUB%hEf26)af^vNeimBGt;x9tE@rj(%URGb# zGJso*S#OH<5zt?;3~Swt+n<|@UqKIrRd5Al@3 zcs!Pm>rmn)&F4>|IYjbk0LP1PJF(F!XA-N6UNbutJ*}DacNK1Phr%~=<@DyeYftk% z({%=cgL{eCuD19H8NO1JxaMK|?k-<86QZ9|JUYcn=6h^_BCLfnnChzs1zVfhRc08j8U$ zA{}0Hm4aCx^!2nC-3!BuC?K>a&XHqTw#TAm;X5C?GQ~$L)@s!<$>Z6Q-QMMycR6dw z8dJqO%W2{w3e+@Tr5LZfjr9`#ff;zPMyw26{CGZTvQpPbj)#Z6omMYf^q6_9TaFw> zaOI(nohu@%VfeXcv!$5^(leW^$7$p|9 zkX}BAB$tUYOt8cG#6b&Hq=}`ttVJ=`4-^7U@<>5X72$l!V%L7GSQPjOJpf6&aS=lH zp2wKyL{66?IwwT{sgqh6kWZwNia=5)_T0#UOIie%cOP=%Ja(SP$yoUAGWhI$NOS`k zb&vv(gb42AhtIop*geXU&S3T%b`6-Krdv-%?KCS<&O(r(C%}9tc^a}k%w>|NgabKt zEc>WXsqg111tGYIBYm4T!3oLnL=r8HoFI(v>@E5Y`)rF3q<_!_vLhoJ(ynFR2rC#I zFO3yvx4SioXZVbS;y@TUAB;Vp?lb;>2V(#tZ65i-bK(XTMI)QmQjT@;f?C(~ zf`GjXWuySjaFwH8Vo z0RJnLvK9XBSC9X*^GdCTuh-*jg)DL8g82&hb4<(2SUB`2Q!~OakN(9nTtcLSiPXAv zdej*>t`l87^eqy%UIdV*P)e3KafX2(`lDzIiZpyk@H@0gy2LnUY|>0HfLqe&#nggF zARIcjYhg-6lF%>;E}#`KG$PEdSi<<<|M=g=UBDM#-{2Ut#DjQ0*bWv0dTa$HW`z`= z-Z~|b55H8}SGEL@C8r-i!gmy+&A?l;@a| zN$>pw!!SPlj`8r|^!Fa?EKzv~k5HiglKBL7-GRne_Y%f|;0b zIY?8|5wNbnr(2NB^^br0*R5}XZ1J@T(uIetyJ2GsfB*O6zh%kg3aML9ZP&!~JK@-w zhE%DFL(*h#1*<&)L(!zI&|*>t#A9Ne2DOsp;xsicqqe3 zk7~dau`JQJe0Wm&Aq@AiS?M;nCG})XMm@P7%8(d$hTd#mQfEeV-B#v0%_W@-8gXY> znoF@aGU5O5>F+;rH)=I}y#a*((Vh=^IKAj6sMPSsX!7jtgOn-gHsGPU*zWBJ+Xc75 z_GKFf&)_i4KuxsF`bQm!Ii0%ruqSX?ji;U^WtP58y+|xvImz@^d5T1)|;XIl)y^u0jv4N zeb9)j%#Kh+XYPh5t1`PmwH$Y&L9_#7`YW%#SxZv12Y=oC`v)K2s^JSKJ?S5kustR* z@K-J_XLwJF{|qXW^1aK2Zr(aFi zk(f!WLl+n&bsW9EDTYaMK{*yk3jXHntnnF<(?dW{tNh_*Wlk5 LF%n+oEpMzZQnYQb_;S%NA?(me$lX<(`S+4I))6ahA;@Qr6jfVM`5A*bWkGVLudp-i`0P17kUUi4-1Jic?eOz|T z)9aYHxwrfO;WB2PzV0X&+jhqzTu+&{3*F>OWZo`&ii?qXd((fe>rB%Hj&q4^&$`cb zk7>K^aiI3;eHVd-%3k2Q33M0-_ebXG@6U4yOb0SmwgcU=kafB|54Q+2&^z1Bc(@Z8 z!K_)l+!+uSD?hg{6Id)%klPs|Hd~1M9Ym~0lzR>{KUzplH<#o#fQQfYd`WIG=81d^ z(>o-&WfDPZr?v(^H)UjC0AWFJSi=bWcm{^@{Gt^7;?$Co%)Insy^7qN0B=Sn5e7u0 zJUjK3*&L`9gvDSw!Svz;28QYTM7YJKOG|O{fLuLYONv`slP?KsY)WccVrfo^TYi2? zY7rK*r{@8cGsmScOz)B6mQVmWHfBmu<#r|p1`w7(v297}^i@LKa{OrSoBk1G#?%ak O>HN~%Dr`nMAWZ;`z^~N+ diff --git a/Samples/Fortinet FortiGate As Built Report.html b/Samples/Fortinet FortiGate As Built Report.html index 45fff86..2979635 100644 --- a/Samples/Fortinet FortiGate As Built Report.html +++ b/Samples/Fortinet FortiGate As Built Report.html @@ -8,51 +8,1092 @@ hr { margin-top: 1.0rem; } .portrait { background: white; width: 210mm; display: block; margin-top: 1rem; margin-left: auto; margin-right: auto; margin-bottom: 1rem; position: relative; border-style: solid; border-width: 1px; border-color: #c6c6c6; } .landscape { background: white; width: 297mm; display: block; margin-top: 1rem; margin-left: auto; margin-right: auto; margin-bottom: 1rem; position: relative; border-style: solid; border-width: 1px; border-color: #c6c6c6; } - .Header { font-family: 'Arial'; font-size: 0.83rem; text-align: center; font-weight: normal; color: #565656; } + .OK { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #000000; background-color: #48d597; } .Title2 { font-family: 'Arial'; font-size: 1.50rem; text-align: center; font-weight: normal; color: #da291c; } + .Title3 { font-family: 'Arial'; font-size: 1.00rem; text-align: left; font-weight: normal; color: #da291c; } + .Heading5 { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #da291c; } + .Caption { font-family: 'Arial'; font-size: 0.83rem; text-align: center; font-weight: normal; font-style: italic; color: #565656; } + .Heading2 { font-family: 'Arial'; font-size: 1.17rem; text-align: left; font-weight: normal; color: #da291c; } + .Heading3 { font-family: 'Arial'; font-size: 1.00rem; text-align: left; font-weight: normal; color: #da291c; } + .Header { font-family: 'Arial'; font-size: 0.83rem; text-align: center; font-weight: normal; color: #565656; } + .NOTOCHeading5 { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #da291c; } + .Critical { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #ffffff; background-color: #a12d2d; } + .Heading1 { font-family: 'Arial'; font-size: 1.33rem; text-align: left; font-weight: normal; color: #da291c; } + .TOC { font-family: 'Arial'; font-size: 1.33rem; text-align: left; font-weight: normal; color: #da291c; } + .Heading6 { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 0.92rem; text-align: left; font-weight: normal; color: #1f3763; } + .Info { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #000000; background-color: #307fe2; } .Normal { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #565656; } + .TableDefaultAltRow { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 0.92rem; text-align: left; font-weight: normal; color: #000000; background-color: #d0ddee; } .Heading4 { font-family: 'Arial'; font-size: 0.92rem; text-align: left; font-weight: normal; color: #da291c; } .TableDefaultHeading { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #ffffff; background-color: #da291c; } .Warning { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #ffffff; background-color: #ffa52a; } - .Info { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #000000; background-color: #307fe2; } - .Heading2 { font-family: 'Arial'; font-size: 1.17rem; text-align: left; font-weight: normal; color: #da291c; } - .NOTOCHeading5 { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #da291c; } - .TableDefaultAltRow { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 0.92rem; text-align: left; font-weight: normal; color: #000000; background-color: #d0ddee; } - .Title { font-family: 'Arial'; font-size: 2.00rem; text-align: center; font-weight: normal; color: #000000; } .NOTOCHeading4 { font-family: 'Arial'; font-size: 0.92rem; text-align: left; font-weight: normal; color: #da291c; } - .Heading6 { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 0.92rem; text-align: left; font-weight: normal; color: #1f3763; } - .Heading1 { font-family: 'Arial'; font-size: 1.33rem; text-align: left; font-weight: normal; color: #da291c; } - .OK { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #000000; background-color: #48d597; } + .Title { font-family: 'Arial'; font-size: 2.00rem; text-align: center; font-weight: normal; color: #000000; } .TableDefaultRow { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #565656; } - .Title3 { font-family: 'Arial'; font-size: 1.00rem; text-align: left; font-weight: normal; color: #da291c; } - .Critical { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #ffffff; background-color: #a12d2d; } - .Caption { font-family: 'Arial'; font-size: 0.83rem; text-align: center; font-weight: normal; font-style: italic; color: #565656; } .Footer { font-family: 'Arial'; font-size: 0.83rem; text-align: center; font-weight: normal; color: #565656; } - .TOC { font-family: 'Arial'; font-size: 1.33rem; text-align: left; font-weight: normal; color: #da291c; } - .Heading5 { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #da291c; } - .Heading3 { font-family: 'Arial'; font-size: 1.00rem; text-align: left; font-weight: normal; color: #da291c; } - table.borderless { padding: 0.08rem 0.33rem 0rem 0.33rem; border-style: none; border-collapse: collapse; } - table.borderless th { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #565656; padding: 0.08rem 0.33rem 0rem 0.33rem; border-style: none; border-collapse: collapse; } - table.borderless td { padding: 0.08rem 0.33rem 0rem 0.33rem; border-style: none; border-collapse: collapse; } - table.borderless tr:nth-child(odd) { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #565656; padding: 0.08rem 0.33rem 0rem 0.33rem; border-style: none; border-collapse: collapse; } - table.borderless tr:nth-child(even) { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #565656; padding: 0.08rem 0.33rem 0rem 0.33rem; border-style: none; border-collapse: collapse; } table.tabledefault { padding: 0.08rem 0.17rem 0.13rem 0.17rem; border-style: solid; border-width: 0.02rem; border-color: #da291c; border-collapse: collapse; } table.tabledefault th { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #ffffff; background-color: #da291c; padding: 0.08rem 0.17rem 0.13rem 0.17rem; border-style: solid; border-width: 0.02rem; border-color: #da291c; border-collapse: collapse; } table.tabledefault td { padding: 0.08rem 0.17rem 0.13rem 0.17rem; border-style: solid; border-width: 0.02rem; border-color: #da291c; border-collapse: collapse; } table.tabledefault tr:nth-child(odd) { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #565656; padding: 0.08rem 0.17rem 0.13rem 0.17rem; border-style: solid; border-width: 0.02rem; border-color: #da291c; border-collapse: collapse; } table.tabledefault tr:nth-child(even) { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #565656; padding: 0.08rem 0.17rem 0.13rem 0.17rem; border-style: solid; border-width: 0.02rem; border-color: #da291c; border-collapse: collapse; } + table.borderless { padding: 0.08rem 0.33rem 0rem 0.33rem; border-style: none; border-collapse: collapse; } + table.borderless th { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #565656; padding: 0.08rem 0.33rem 0rem 0.33rem; border-style: none; border-collapse: collapse; } + table.borderless td { padding: 0.08rem 0.33rem 0rem 0.33rem; border-style: none; border-collapse: collapse; } + table.borderless tr:nth-child(odd) { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #565656; padding: 0.08rem 0.33rem 0rem 0.33rem; border-style: none; border-collapse: collapse; } + table.borderless tr:nth-child(even) { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #565656; padding: 0.08rem 0.33rem 0rem 0.33rem; border-style: none; border-collapse: collapse; }











Fortinet FortiGate As Built Report

































- +
Author: 
Date:vendredi 1 mars 2024
Date:vendredi 15 mars 2024
Version:1.0

Fortinet FortiGate As Built Report - v1.0

Table of Contents

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
1Implementation Report FG181FTK22901829
1.1   FortiCare
1.2   System
1.2.1      Global
1.2.2      Settings
1.2.3      GUI Settings
1.2.4      DNS
1.2.5      DNS Server
1.2.6      Admin
1.2.7      Interfaces
1.3   Route
1.3.1      Summary
1.3.2      Route Monitor
1.3.3      Static Route
1.4   SD-WAN
1.4.1      Summary
1.4.2      Configuration
1.4.3      SD-WAN Zone
1.5   Firewall
1.5.1      Summary
1.5.2      Address
1.5.3      Address Group
1.5.4      IP Pool
1.5.5      Virtual IP
1.5.6      Policy Summary
1.5.7      Policy
1.5.7.1         Policy - Normal
1.5.7.2         Policy - Interface Pair
1.5.7.2.1            Policy: any => any
1.5.7.2.2            Policy: DCFW => FSA-DMZ
1.5.7.2.3            Policy: DCFW => FWLC
1.5.7.2.4            Policy: DCFW => ISFW-HA
1.5.7.2.5            Policy: DCFW => port36
1.5.7.2.6            Policy: DCFW => VPN-GCP
1.5.7.2.7            Policy: DCFW => VPN-SDB
1.5.7.2.8            Policy: DCFW => WLC-Staff
1.5.7.2.9            Policy: DCFW => WLC-Students
1.5.7.2.10            Policy: DCFW => WLC-Teachers
1.5.7.2.11            Policy: FITNUC => port36
1.5.7.2.12            Policy: FortiSASE => DCFW
1.5.7.2.13            Policy: FortiSASE => FortiSASE
1.5.7.2.14            Policy: FSA-DMZ => port36
1.5.7.2.15            Policy: FSA-DMZ2 => port36
1.5.7.2.16            Policy: FWLC => DCFW
1.5.7.2.17            Policy: FWLC => ISFW-HA
1.5.7.2.18            Policy: FWLC => port36
1.5.7.2.19            Policy: ISFW-HA => DCFW
1.5.7.2.20            Policy: ISFW-HA => FSA-DMZ
1.5.7.2.21            Policy: ISFW-HA => FWLC
1.5.7.2.22            Policy: ISFW-HA => ISFW-HA
1.5.7.2.23            Policy: ISFW-HA => port36
1.5.7.2.24            Policy: ISFW-HA => WLC-Staff
1.5.7.2.25            Policy: ISFW-HA => WLC-Students
1.5.7.2.26            Policy: ISFW-HA => WLC-Teachers
1.5.7.2.27            Policy: P22 => port36
1.5.7.2.28            Policy: port16 => port36
1.5.7.2.29            Policy: port36 => DCFW
1.5.7.2.30            Policy: port36 => FSA-DMZ
1.5.7.2.31            Policy: port36 => FWLC
1.5.7.2.32            Policy: port36 => ISFW-HA
1.5.7.2.33            Policy: port36 => P22
1.5.7.2.34            Policy: port36 => WLC-Staff
1.5.7.2.35            Policy: port36 => WLC-Students
1.5.7.2.36            Policy: port36 => WLC-Teachers
1.5.7.2.37            Policy: port4 => port36
1.5.7.2.38            Policy: VPN-GCP => any
1.5.7.2.39            Policy: VPN-SDB => any
1.5.7.2.40            Policy: WLC-Staff => DCFW
1.5.7.2.41            Policy: WLC-Staff => ISFW-HA
1.5.7.2.42            Policy: WLC-Staff => port36
1.5.7.2.43            Policy: WLC-Students => DCFW
1.5.7.2.44            Policy: WLC-Students => ISFW-HA
1.5.7.2.45            Policy: WLC-Students => port36
1.5.7.2.46            Policy: WLC-Teachers => DCFW
1.5.7.2.47            Policy: WLC-Teachers => ISFW-HA
1.5.7.2.48            Policy: WLC-Teachers => port36
1.6   User
1.6.1      Summary
1.6.2      User Group
1.6.3      LDAP
1.6.4      RADIUS
1.7   VPN IPsec
1.7.1      Summary
1.7.2      VPN IPsec Phase 1
1.7.2.1         Phase 1: FortiSASE
1.7.2.2         Phase 1: VPN-GCP
1.7.2.3         Phase 1: VPN-MPLS1
1.7.2.4         Phase 1: VPN-SDB
1.7.3      VPN IPsec Phase 2
1.7.3.1         Phase 2: FortiSASE (FortiSASE)
1.7.3.2         Phase 2: VPN-GCP (VPN-GCP)
1.7.3.3         Phase 2: VPN-SDB (VPN-SDB)
1.8   VPN SSL
1.8.1      Summary
1.8.2      VPN SSL Settings

Page 2
-
Fortinet FortiGate As Built Report - v1.0

+
Fortinet FortiGate As Built Report - v1.0

1 Implementation Report FG181FTK22901829

The following section provides a summary of the implemented components on the Fortinet FortiGate infrastructure.

1.1 FortiCare

The following section details FortiCare settings configured on FortiGate.

+ + + + + + +
ModelFG181F
SerialFG181FTK22901829
Statusregistered
Accounttmgfortinet@gmail.com
CompanyTMG@Fortinet
+
Table 1 - FortiCare

+
The following section details support settings configured on FortiGate.

+ + + +
TypeLevelStatusExpiration Date
HardwareAdvanced HWlicensed17/02/2025
EnhancedPremiumlicensed17/02/2025
+
Table 2 - Support

+
The following section details firmware information on FortiGate.

+ + + + +
Installedv7.4.3
UpdateNo Update Available
Upgrade PathN/A
+
Table 3 - Firmware

+

1.2 System

The following section details system settings configured on FortiGate.

1.2.1 Global

+ + + + + + + + +
NomNGFW_PRI
AliasFortiGate-1801F
RebootEveryday at 00:00
Port SSH22
Port HTTP80
Port HTTPS443
HTTPS Redirectenable
+
Table 4 - Global

+

1.2.2 Settings

+ + + + + + +
OP Modenat
Central NATdisable
LLDP Receptionglobal
LLDP Transmissionglobal
Comments 
+
Table 5 - Settings

+

1.2.3 GUI Settings

+ + + + + + + + + + + + + + + + + + + + + + + + + +
Languageenglish
Themesecurity-fabric
IPv6enable
Wireless Open Securityenable
Implicit Policyenable
Dns Databaseenable
Load Balancedisable
Explicit Proxyenable
Dynamic Routingenable
Application Controlenable
IPSenable
VPNenable
Wireless Controllerenable
Switch Controllerenable
WAN Load Balancing (SDWAN)enable
Antivirusenable
Web Filterenable
Video Filterenable
DNS Filterenable
WAF Profileenable
Allow Unnamed Policyenable
Multiple Interface Policyenable
ZTNAenable
OTenable
+
Table 6 - Settings

+

1.2.4 DNS

+ + + + + +
Primary96.45.45.45
Secondary96.45.46.46
Domainfortidemo.com
Protocoldot
+
Table 7 - DNS

+

1.2.5 DNS Server

+ + +
NameModeDNS Filter ProfileDOH
FortiLinkforward-onlydefaultdisable
+
Table 8 - DNS Server

+

1.2.6 Admin

+ + +
NameProfileTrusted HostsMFA
demoReadOnlyAlldisable
+
Table 9 - Administrator

+

1.2.7 Interfaces

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameAlias (Description)RoleTypeVlan IDModeIP AddressStatus
DCFWDCFWlanvlan2static10.88.2.254/255.255.255.0up
FITNUC lanvlan111static10.100.1.254/255.255.255.0up
FSA-DMZ lanvlan23static10.88.23.1/255.255.255.0up
FSA-DMZ2 lanvlan41static10.88.41.254/255.255.255.0up
FWLCMeruWLClanvlan51static10.88.51.254/255.255.255.0up
FortiLinkFSW-AGGn/aaggregate0static169.254.1.1/255.255.255.0up
FortiSASE n/atunnel0static10.10.1.1/255.255.255.255up
ISFW-HA lanvlan12static10.88.12.254/255.255.255.0up
P22 lanvlan11static10.88.11.99/255.255.255.0up
UNUSED lanswitch0static0.0.0.0/0.0.0.0up
VPN-GCP n/atunnel0static0.0.0.0/0.0.0.0up
VPN-MPLS1 n/atunnel0static0.0.0.0/0.0.0.0up
VPN-SDB n/atunnel0static0.0.0.0/0.0.0.0up
WLC-StaffWLC-Stafflanvlan54static10.88.54.254/255.255.255.0up
WLC-StudentsWLC-Studentslanvlan53static10.88.53.254/255.255.255.0up
WLC-TeachersWLC-Teacherslanvlan52static10.88.52.254/255.255.255.0up
cam.FortiLink(Forticamera VLAN)n/avlan4090static0.0.0.0/0.0.0.0up
ha1 n/aphysical0static0.0.0.0/0.0.0.0up
ha2 n/aphysical0static0.0.0.0/0.0.0.0up
l2t.root n/atunnel0static0.0.0.0/0.0.0.0up
mgmt1 lanphysical0static192.168.1.99/255.255.255.0up
mgmt2 wanphysical0dhcp0.0.0.0/0.0.0.0up
modem n/aphysical0pppoe0.0.0.0/0.0.0.0down
nac_segmentnac_segment.FortiLink(NAC Segment VLAN)n/avlan4088static10.255.11.1/255.255.255.0up
naf.root n/atunnel0static0.0.0.0/0.0.0.0up
onboarding(NAC Onboarding VLAN)n/avlan4089static169.254.11.1/255.255.255.0up
port1HAlanphysical0static0.0.0.0/0.0.0.0up
port2HAlanphysical0static0.0.0.0/0.0.0.0up
port3 n/aphysical0static0.0.0.0/0.0.0.0up
port4 lanphysical0static192.168.20.1/255.255.255.0up
port5 n/aphysical0static0.0.0.0/0.0.0.0up
port6 n/aphysical0static0.0.0.0/0.0.0.0up
port7 n/aphysical0static0.0.0.0/0.0.0.0up
port8 n/aphysical0static0.0.0.0/0.0.0.0up
port9 n/aphysical0static0.0.0.0/0.0.0.0up
port10 n/aphysical0static0.0.0.0/0.0.0.0up
port11 n/aphysical0static0.0.0.0/0.0.0.0up
port12 n/aphysical0static0.0.0.0/0.0.0.0up
port13 n/aphysical0static0.0.0.0/0.0.0.0up
port14 n/aphysical0static0.0.0.0/0.0.0.0up
port15 n/aphysical0static0.0.0.0/0.0.0.0up
port16Guestlanphysical0static10.89.20.10/255.255.255.0up
port17(ToWAN)lanphysical0static0.0.0.0/0.0.0.0up
port18 n/aphysical0static0.0.0.0/0.0.0.0up
port19 n/aphysical0static0.0.0.0/0.0.0.0up
port20 n/aphysical0static0.0.0.0/0.0.0.0up
port21 n/aphysical0static0.0.0.0/0.0.0.0up
port22 n/aphysical0static0.0.0.0/0.0.0.0up
port23WAN1-MPLSwanphysical0static10.168.167.10/255.255.255.0up
port24WAN2-Broadbandwanphysical0static0.0.0.0/0.0.0.0up
port25 n/aphysical0static0.0.0.0/0.0.0.0up
port26 n/aphysical0static0.0.0.0/0.0.0.0up
port27 n/aphysical0static0.0.0.0/0.0.0.0up
port28 n/aphysical0static0.0.0.0/0.0.0.0up
port29 n/aphysical0static0.0.0.0/0.0.0.0up
port30 lanphysical0static0.0.0.0/0.0.0.0up
port31(ISFW)lanphysical0static0.0.0.0/0.0.0.0up
port32 lanphysical0static0.0.0.0/0.0.0.0up
port33 n/aphysical0static0.0.0.0/0.0.0.0up
port34 n/aphysical0static0.0.0.0/0.0.0.0up
port35 n/aphysical0static0.0.0.0/0.0.0.0up
port36WAN_Uplinkwanphysical0static172.30.72.33/255.255.255.0up
port37HA-Link1lanphysical0static0.0.0.0/0.0.0.0up
port38HA-Link2lanphysical0static0.0.0.0/0.0.0.0up
port39 n/aphysical0static0.0.0.0/0.0.0.0up
port40 n/aphysical0static0.0.0.0/0.0.0.0up
qtn.FortiLink(Quarantine VLAN)n/avlan4093static10.254.254.254/255.255.255.0up
snf.FortiLink(Sniffer VLAN)n/avlan4092static10.254.253.254/255.255.254.0up
ssl.rootSSL VPN interfacen/atunnel0static0.0.0.0/0.0.0.0up
test lanvlan100static0.0.0.0/0.0.0.0up
voi.FortiLink(Fortivoice VLAN)n/avlan4091static0.0.0.0/0.0.0.0up
vsw.FortiLink n/avlan1static0.0.0.0/0.0.0.0up
+
Table 10 - Interface

+

1.3 Route

The following section details route settings configured on FortiGate.

1.3.1 Summary

The following section provides a summary of route settings.

+ + + + +
Monitor Route28
Static Route12
Policy Based Route0
+
Table 11 - Summary

+

1.3.2 Route Monitor

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
TypeIP/MaskGatewayInterfaceDistance/Metric/Priority
static0.0.0.0/0172.30.72.254port3610 / 0 / 1
connect10.10.1.0/240.0.0.0FortiSASE0 / 0 / 0
connect10.10.1.1/320.0.0.0FortiSASE0 / 0 / 0
connect10.88.2.0/240.0.0.0DCFW0 / 0 / 0
connect10.88.11.0/240.0.0.0P220 / 0 / 0
connect10.88.12.0/240.0.0.0ISFW-HA0 / 0 / 0
connect10.88.23.0/240.0.0.0FSA-DMZ0 / 0 / 0
connect10.88.41.0/240.0.0.0FSA-DMZ20 / 0 / 0
connect10.88.51.0/240.0.0.0FWLC0 / 0 / 0
connect10.88.52.0/240.0.0.0WLC-Teachers0 / 0 / 0
connect10.88.53.0/240.0.0.0WLC-Students0 / 0 / 0
connect10.88.54.0/240.0.0.0WLC-Staff0 / 0 / 0
static10.88.101.0/2410.88.12.99ISFW-HA10 / 0 / 1
static10.88.102.0/2410.88.12.99ISFW-HA10 / 0 / 1
static10.88.103.0/2410.88.12.99ISFW-HA10 / 0 / 1
static10.88.110.0/2410.88.12.99ISFW-HA10 / 0 / 1
static10.88.120.0/2410.88.12.99ISFW-HA10 / 0 / 1
static10.88.130.0/2410.88.12.99ISFW-HA10 / 0 / 1
static10.88.210.0/2410.88.2.21DCFW10 / 0 / 1
static10.89.0.0/1610.88.12.99ISFW-HA10 / 0 / 1
connect10.100.1.0/240.0.0.0FITNUC0 / 0 / 0
connect10.254.252.0/230.0.0.0snf.FortiLink0 / 0 / 0
connect10.254.254.0/240.0.0.0qtn.FortiLink0 / 0 / 0
connect10.255.11.0/240.0.0.0nac_segment0 / 0 / 0
connect169.254.1.0/240.0.0.0FortiLink0 / 0 / 0
connect169.254.11.0/240.0.0.0onboarding0 / 0 / 0
connect172.30.72.0/240.0.0.0port360 / 0 / 0
connect192.168.20.0/240.0.0.0port40 / 0 / 0
+
Table 12 - Route Monitor

+

1.3.3 Static Route

+ + + + + + + + + + + + + +
StatusDestinationGatewayInterfaceDistance/Weight/Priority
enable0.0.0.0 0.0.0.0172.30.72.254port3610 / 0 / 1
enable10.88.101.0 255.255.255.010.88.12.99ISFW-HA10 / 0 / 1
enable10.88.103.0 255.255.255.010.88.12.99ISFW-HA10 / 0 / 1
enable10.88.110.0 255.255.255.010.88.12.99ISFW-HA10 / 0 / 1
enable10.88.120.0 255.255.255.010.88.12.99ISFW-HA10 / 0 / 1
enable10.88.210.0 255.255.255.010.88.2.21DCFW10 / 0 / 1
enable10.88.130.0 255.255.255.010.88.12.99ISFW-HA10 / 0 / 1
enable10.88.102.0 255.255.255.010.88.12.99ISFW-HA10 / 0 / 1
enable10.89.0.0 255.255.0.010.88.12.99ISFW-HA10 / 0 / 1
enable0.0.0.0 0.0.0.0172.30.73.254mgmt220 / 0 / 1
enableVPN-GCP_remote34.125.159.157VPN-GCP10 / 0 / 1
enableVPN-SDB_remote96.45.34.228VPN-SDB10 / 0 / 1
+
Table 13 - Static Route

+

1.4 SD-WAN

The following section details SD-WAN settings configured on FortiGate.

1.4.1 Summary

The following section provides a summary of SD-WAN settings.

+ + + + + +
Zone1
Member0
Health Check0
Rules0
+
Table 14 - Summary

+

1.4.2 Configuration

The following section provides configuration of SD-WAN settings.

+ + + + + +
Statusdisable
Load Balance Modesource-ip-based
Neighbor Hold Downdisable
Fail Detectdisable
+
Table 15 - Configuration

+

1.4.3 SD-WAN Zone

+ + +
NameService SLA
virtual-wan-linkcfg-order
+
Table 16 - SD-WAN Zone

+

1.5 Firewall

The following section details firewall settings configured on FortiGate.

1.5.1 Summary

The following section provides a summary of firewall settings.

+ + + + + + +
Address86 (Not use: 56 / 65.12%)
Group9 (Not use: 1 / 11.11%)
IP Pool1 (Not use: 0 / 0%)
Virtual IP16 (Not use: 0 / 0%)
Policy29 (Disabled: 0)
+
Table 17 - Summary

+

1.5.2 Address

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeValueInterfaceCommentref
10.100.10.0ipmask255.255.255.0/255.255.255.255  1
104.100.76.98@2024-02-28_08:41:13ipmask104.100.76.98/255.255.255.255 autocreated at 2024-02-28 08:41:131
192.168.20.2@2024-02-28_08:41:13ipmask192.168.20.2/255.255.255.255 autocreated at 2024-02-28 08:41:131
Cloud_FAP-Engipmask10.88.110.201/255.255.255.255FortiLink 1
Cloud_FAP-Finipmask10.88.120.200/255.255.255.255FortiLink 1
Cloud_FAP-Salesipmask10.88.130.154/255.255.255.255FortiLink 1
DCFW addressinterface-subnet10.88.130.154/255.255.255.255  0
EMS1_ZTNA_EDR-Classificationdynamic10.88.130.154/255.255.255.255  0
EMS1_ZTNA_Endpoint_Compliancedynamic10.88.130.154/255.255.255.255  0
EMS1_ZTNA_Importantdynamic10.88.130.154/255.255.255.255  0
EMS1_ZTNA_Infecteddynamic10.88.130.154/255.255.255.255  0
EMS1_ZTNA_TESTdynamic10.88.130.154/255.255.255.255  0
EMS1_ZTNA_Vulnerabledynamic10.88.130.154/255.255.255.255  0
EMS1_ZTNA_Windows 10dynamic10.88.130.154/255.255.255.255  0
EMS1_ZTNA_all_registered_clientsdynamic10.88.130.154/255.255.255.255  0
EMS1_ZTNA_noavdynamic10.88.130.154/255.255.255.255  0
EMS1_ZTNA_nosdynamic10.88.130.154/255.255.255.255  0
EMS_ALL_UNKNOWN_CLIENTSdynamic10.88.130.154/255.255.255.255  0
EMS_ALL_UNMANAGEABLE_CLIENTSdynamic10.88.130.154/255.255.255.255  0
FABRIC_DEVICEipmask0.0.0.0/0.0.0.0 IPv4 addresses of Fabric Devices.0
FAP-Engipmask10.88.110.201/255.255.255.255FortiLink 1
FAP-Finipmask10.88.120.200/255.255.255.255FortiLink 1
FCTEMS0000099518_Criticaldynamic10.88.120.200/255.255.255.255  0
FCTEMS0000099518_EDR-Classificationdynamic10.88.120.200/255.255.255.255  0
FCTEMS0000099518_Financedynamic10.88.120.200/255.255.255.255  0
FCTEMS0000099518_Highdynamic10.88.120.200/255.255.255.255  0
FCTEMS0000099518_Importantdynamic10.88.120.200/255.255.255.255  0
FCTEMS0000099518_Infecteddynamic10.88.120.200/255.255.255.255  0
FCTEMS0000099518_Lowdynamic10.88.120.200/255.255.255.255  0
FCTEMS0000099518_Mediumdynamic10.88.120.200/255.255.255.255  0
FCTEMS0000099518_TESTdynamic10.88.120.200/255.255.255.255  0
FCTEMS0000099518_Windows 10dynamic10.88.120.200/255.255.255.255  0
FCTEMS0000099518_all_registered_clientsdynamic10.88.120.200/255.255.255.255  0
FCTEMS0000099518_noavdynamic10.88.120.200/255.255.255.255  0
FCTEMS0000099518_nosdynamic10.88.120.200/255.255.255.255  0
FCTEMS0000099518_testdynamic10.88.120.200/255.255.255.255  0
FCTEMS_ALL_FORTICLOUD_SERVERSdynamic10.88.120.200/255.255.255.255  0
FIREWALL_AUTH_PORTAL_ADDRESSipmask0.0.0.0/0.0.0.0  0
FSA-Admin-swipmask10.88.23.8/255.255.255.255FSA-DMZ 1
FortiEDR_54.73.53.134iprange10.88.23.8/255.255.255.255 FortiEDR Event ID - 91748451
FortiEDR_54.161.222.85iprange10.88.23.8/255.255.255.255 FortiEDR Event ID - 88544671
FortiEDR_74.125.34.46iprange10.88.23.8/255.255.255.255 FortiEDR Event ID - 107229341
FortiEDR_142.4.205.47iprange10.88.23.8/255.255.255.255 FortiEDR Event ID - 1058641
FortiEDR_166.1.173.27iprange10.88.23.8/255.255.255.255 FortiEDR Event ID - 115970211
FortiEDR_188.114.96.7iprange10.88.23.8/255.255.255.255 FortiEDR Event ID - 91748221
FortiSASE_local_subnet_1ipmask10.88.2.0/255.255.255.0  1
ISFW-HA addressinterface-subnet10.88.2.0/255.255.255.0  0
MAC_EMS1_ZTNA_EDR-Classificationdynamic10.88.2.0/255.255.255.0  0
MAC_EMS1_ZTNA_Endpoint_Compliancedynamic10.88.2.0/255.255.255.0  0
MAC_EMS1_ZTNA_Importantdynamic10.88.2.0/255.255.255.0  0
MAC_EMS1_ZTNA_Infecteddynamic10.88.2.0/255.255.255.0  0
MAC_EMS1_ZTNA_TESTdynamic10.88.2.0/255.255.255.0  0
MAC_EMS1_ZTNA_Vulnerabledynamic10.88.2.0/255.255.255.0  0
MAC_EMS1_ZTNA_Windows 10dynamic10.88.2.0/255.255.255.0  0
MAC_EMS1_ZTNA_all_registered_clientsdynamic10.88.2.0/255.255.255.0  0
MAC_EMS1_ZTNA_noavdynamic10.88.2.0/255.255.255.0  0
MAC_EMS1_ZTNA_nosdynamic10.88.2.0/255.255.255.0  0
MAC_FCTEMS0000099518_Criticaldynamic10.88.2.0/255.255.255.0  0
MAC_FCTEMS0000099518_EDR-Classificationdynamic10.88.2.0/255.255.255.0  0
MAC_FCTEMS0000099518_Financedynamic10.88.2.0/255.255.255.0  0
MAC_FCTEMS0000099518_Highdynamic10.88.2.0/255.255.255.0  0
MAC_FCTEMS0000099518_Importantdynamic10.88.2.0/255.255.255.0  0
MAC_FCTEMS0000099518_Infecteddynamic10.88.2.0/255.255.255.0  0
MAC_FCTEMS0000099518_Lowdynamic10.88.2.0/255.255.255.0  0
MAC_FCTEMS0000099518_Mediumdynamic10.88.2.0/255.255.255.0  0
MAC_FCTEMS0000099518_TESTdynamic10.88.2.0/255.255.255.0  0
MAC_FCTEMS0000099518_Windows 10dynamic10.88.2.0/255.255.255.0  0
MAC_FCTEMS0000099518_all_registered_clientsdynamic10.88.2.0/255.255.255.0  0
MAC_FCTEMS0000099518_noavdynamic10.88.2.0/255.255.255.0  0
MAC_FCTEMS0000099518_nosdynamic10.88.2.0/255.255.255.0  0
MAC_FCTEMS0000099518_testdynamic10.88.2.0/255.255.255.0  0
SDB-TXipmask172.31.112.254/255.255.255.255  1
SSLVPN_TUNNEL_ADDR1iprange172.31.112.254/255.255.255.255  0
VAN_NAT_1ipmask208.91.114.4/255.255.255.255  1
VPN-GCP_local_subnet_1ipmask10.88.2.0/255.255.255.0  1
VPN-GCP_local_subnet_2ipmask10.88.210.0/255.255.255.0  1
VPN-GCP_local_subnet_3ipmask10.88.23.0/255.255.255.0  1
VPN-GCP_remote_subnet_1ipmask172.31.113.0/255.255.255.0  1
VPN-SDB_local_subnet_1ipmask10.88.2.0/255.255.255.0  1
VPN-SDB_local_subnet_2ipmask10.88.210.0/255.255.255.0  1
VPN-SDB_local_subnet_3ipmask10.88.23.0/255.255.255.0  1
VPN-SDB_local_subnet_4ipmask172.30.72.0/255.255.255.0  1
VPN-SDB_remote_subnet_1ipmask172.31.112.0/255.255.255.0  1
allipmask0.0.0.0/0.0.0.0  40
qtn.mac_00:00:00:00:00:00mac0.0.0.0/0.0.0.0 Quarantine dummy MAC to keep the addrgrp1
qtn.mac_1c:69:7a:6c:eb:81mac0.0.0.0/0.0.0.0 Quarantine MAC1
+
Table 18 - Address

+

1.5.3 Address Group

+ + + + + + + + + + +
NameMemberCommentRef
BAD_GUYSVAN_NAT_1 1
FortiEDR_Malicious_Destinations Members of this group will be automatically added by FortiEDR1
FortiSASE_localFortiSASE_local_subnet_1VPN: FortiSASE (Created by VPN wizard)1
FortiXDR_Malicious_DestinationsFortiEDR_142.4.205.47, FortiEDR_54.161.222.85, FortiEDR_188.114.96.7, FortiEDR_54.73.53.134, FortiEDR_74.125.34.46, FortiEDR_166.1.173.27 1
QuarantinedDevicesqtn.mac_00:00:00:00:00:00, qtn.mac_1c:69:7a:6c:eb:81 0
VPN-GCP_localVPN-GCP_local_subnet_1, VPN-GCP_local_subnet_2, VPN-GCP_local_subnet_3VPN: VPN-GCP (Created by VPN wizard)3
VPN-GCP_remoteVPN-GCP_remote_subnet_1VPN: VPN-GCP (Created by VPN wizard)4
VPN-SDB_localVPN-SDB_local_subnet_1, VPN-SDB_local_subnet_2, VPN-SDB_local_subnet_3, VPN-SDB_local_subnet_4VPN: VPN-SDB (Created by VPN wizard)3
VPN-SDB_remoteVPN-SDB_remote_subnet_1VPN: VPN-SDB (Created by VPN wizard)4
+
Table 19 - Address Group

+

1.5.4 IP Pool

+ + +
NameInterfaceTypeStart IPEnd IPSource Start IPSource End IPCommentsRef
FSAport3 overload172.30.72.105172.30.72.1050.0.0.00.0.0.0 1
+
Table 20 - Virtual IP

+

1.5.5 Virtual IP

+ + + + + + + + + + + + + + + + + +
NameInterfaceExternal IPMapped IPProtocolExternal PortMapped PortCommentRef
FortiSandbox-VIPport36172.30.72.8010.88.23.8tcp0-655350-65535 1
FortiMail IBEport36172.30.72.17610.88.11.1tcp0-655350-65535 1
FortiGate-DCFWport36172.30.72.15410.88.2.21tcp0-655350-65535 1
FortiSandbox-Slave-IPport36172.30.72.7910.88.23.9tcp0-655350-65535 1
WLC VIPport36172.30.72.4010.88.51.1tcp0-655350-65535 1
FCTEMS_FWBport36172.30.72.10610.88.210.101tcp0-655350-65535 1
FSIEM_VIPport36172.30.72.24410.88.210.32tcp0-655350-65535 1
WLM_VIPport36172.30.72.4110.88.51.2tcp0-655350-65535 2
FortiNACport36172.30.72.4310.88.210.50tcp0-655350-65535 1
FACport36172.30.72.24710.88.210.163tcp0-655350-65535 1
FortiManagerport36172.30.72.23910.88.210.253tcp0-655350-65535 1
FortiAnalyzerport36172.30.72.6210.88.210.62tcp0-655350-65535 1
LANEdge-VIPport36172.30.72.15610.88.12.99tcp0-655350-65535 2
FortiAP-VIP ISFW-Eport36172.30.72.15710.88.101.99tcp0-655350-65535 2
ISFW_BLDG-Fport36172.30.72.15810.88.120.254tcp0-655350-65535 1
ISFW_BLDG-Bport36172.30.72.15910.88.130.254tcp0-655350-65535 1
+
Table 21 - Virtual IP

+

1.5.6 Policy Summary

The following section provides a policy summary of firewall settings.

+ + + + + + + + + +
Policy29
Enabled29 (100%)
Deny1 (3.45%)
NAT13 (44.83%)
LoggingAll: 22 (75.86%) UTM: 7 (24.14%) Disable: 0 (0%)
Unnamed1 (3.45%)
Comments13 (44.83%)
SSH/SSH Inspection8 (27.59%)
+
Table 22 - Policy Summary

+

1.5.7 Policy

1.5.7.1 Policy - Normal

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameFromToSourceDestinationServiceActionNATLogComments
Block Malicious by FortiEDRDCFW, FWLC, ISFW-HA, WLC-Staff, WLC-Students, WLC-Teachersport36allFortiEDR_Malicious_Destinations, FortiXDR_Malicious_DestinationsALLdenydisableall 
DNSanyanyallallSYSLOG, DNSacceptenableall 
 port4port36192.168.20.2@2024-02-28_08:41:13104.100.76.98@2024-02-28_08:41:13HTTPacceptenableallautocreated at 2024-02-28 08:41:13
FIT - Intel NUC outboundFITNUC, port4port36allallALLacceptenableall 
Allow FSA AccessFSA-DMZport36FSA-Admin-swallALLacceptenableutm 
WAN-IBEport36P22allFortiMail IBEALLacceptdisableutm 
IBE-WANP22port36allallALLacceptdisableutm 
ISFW-WANISFW-HA, DCFWport36allallALLacceptenableallSkip ISFWs will Scan
FSA-DMZ-WANFSA-DMZ2port36allallALLacceptenableall 
ISFW-FSAISFW-HA, DCFWFSA-DMZallallALLacceptenableall 
Wireless-WLCWLC-Students, WLC-Staff, WLC-Teachers, FWLCport36allallALLacceptenableall 
IS-DCISFW-HA, FWLC, WLC-Staff, WLC-Students, WLC-TeachersDCFW, ISFW-HAallallALLacceptdisableall 
DC-ISDCFW, ISFW-HAISFW-HA, FWLC, WLC-Staff, WLC-Students, WLC-TeachersallallALLacceptenableallReverse of ISFW-DCFW
WAN-FWLC-VIPport36FWLC, WLC-Staff, WLC-Students, WLC-TeachersallWLC VIP, WLM_VIPALLacceptdisableall 
FSA-MGMT-VIPport36FSA-DMZallFortiSandbox-VIP, FortiSandbox-Slave-IPALL_ICMP, HTTP, HTTPS, OFTP, SSH, RADIUSacceptdisableall 
WAN to DCFW_VIP NATport36DCFWSDB-TXFGT_DCFW_VIPGALLacceptenableall (Copy of WAN_DCFW_VIP)
WAN_DCFW_VIPport36DCFWallFGT_DCFW_VIPGALLacceptdisableall 
WAN_ISFW_VIPport36ISFW-HAallLANEdge-VIPALLacceptdisableall (Copy of WAN_DCFW_VIP)
WAN_ISFWs_VIPport36ISFW-HAallISFW_BLDG-F, ISFW_BLDG-B, FortiAP-VIP ISFW-E, LANEdge-VIPALLacceptdisableall (Copy of WAN_DCFW_VIP) (Copy of WAN_ISFW-E_VIP) (Copy of WAN_ISFW-F_VIP)
WAN_FortiAP-VIP ISFW-E_VIPport36ISFW-HAallFortiAP-VIP ISFW-EALLacceptdisableall (Copy of WAN_DCFW_VIP)
Allow-DNSanyanyallallSYSLOGacceptenableall 
vpn_VPN-GCP_local_0DCFWVPN-GCPVPN-GCP_localVPN-GCP_remoteALLacceptdisableutmVPN: VPN-GCP (Created by VPN wizard)
vpn_VPN-GCP_remote_0VPN-GCPanyVPN-GCP_remoteVPN-GCP_localALLacceptenableallVPN: VPN-GCP (Created by VPN wizard)
vpn_VPN-SDB_local_0DCFWVPN-SDBVPN-SDB_localVPN-SDB_remoteALLacceptdisableutmVPN: VPN-SDB (Created by VPN wizard)
vpn_VPN-SDB_remote_0VPN-SDBanyVPN-SDB_remoteVPN-SDB_localALLacceptenableallVPN: VPN-SDB (Created by VPN wizard)
PolicyinanyanyallallALLacceptdisableall 
vpn_FortiSASE_spoke2hub_0FortiSASEDCFWallFortiSASE_localALLacceptdisableutmVPN: FortiSASE (Created by VPN wizard)
vpn_FortiSASE_spoke2spoke_0FortiSASEFortiSASEallallALLacceptdisableutmVPN: FortiSASE (Created by VPN wizard)
Guestport16port36allallALLacceptdisableall 
+
Table 23 - Policy

+

1.5.7.2 Policy - Interface Pair

1.5.7.2.1 Policy: any => any
+ + + + +
NameSourceDestinationServiceActionNATLogComments
DNSallallSYSLOG, DNSacceptenableall 
Allow-DNSallallSYSLOGacceptenableall 
PolicyinallallALLacceptdisableall 
+
Table 24 - Policy - any => any

+
1.5.7.2.2 Policy: DCFW => FSA-DMZ
+ + +
NameSourceDestinationServiceActionNATLogComments
ISFW-FSAallallALLacceptenableall 
+
Table 25 - Policy - DCFW => FSA-DMZ

+
1.5.7.2.3 Policy: DCFW => FWLC
+ + +
NameSourceDestinationServiceActionNATLogComments
DC-ISallallALLacceptenableallReverse of ISFW-DCFW
+
Table 26 - Policy - DCFW => FWLC

+
1.5.7.2.4 Policy: DCFW => ISFW-HA
+ + +
NameSourceDestinationServiceActionNATLogComments
DC-ISallallALLacceptenableallReverse of ISFW-DCFW
+
Table 27 - Policy - DCFW => ISFW-HA

+
1.5.7.2.5 Policy: DCFW => port36
+ + + +
NameSourceDestinationServiceActionNATLogComments
Block Malicious by FortiEDRallFortiEDR_Malicious_Destinations, FortiXDR_Malicious_DestinationsALLdenydisableall 
ISFW-WANallallALLacceptenableallSkip ISFWs will Scan
+
Table 28 - Policy - DCFW => port36

+
1.5.7.2.6 Policy: DCFW => VPN-GCP
+ + +
NameSourceDestinationServiceActionNATLogComments
vpn_VPN-GCP_local_0VPN-GCP_localVPN-GCP_remoteALLacceptdisableutmVPN: VPN-GCP (Created by VPN wizard)
+
Table 29 - Policy - DCFW => VPN-GCP

+
1.5.7.2.7 Policy: DCFW => VPN-SDB
+ + +
NameSourceDestinationServiceActionNATLogComments
vpn_VPN-SDB_local_0VPN-SDB_localVPN-SDB_remoteALLacceptdisableutmVPN: VPN-SDB (Created by VPN wizard)
+
Table 30 - Policy - DCFW => VPN-SDB

+
1.5.7.2.8 Policy: DCFW => WLC-Staff
+ + +
NameSourceDestinationServiceActionNATLogComments
DC-ISallallALLacceptenableallReverse of ISFW-DCFW
+
Table 31 - Policy - DCFW => WLC-Staff

+
1.5.7.2.9 Policy: DCFW => WLC-Students
+ + +
NameSourceDestinationServiceActionNATLogComments
DC-ISallallALLacceptenableallReverse of ISFW-DCFW
+
Table 32 - Policy - DCFW => WLC-Students

+
1.5.7.2.10 Policy: DCFW => WLC-Teachers
+ + +
NameSourceDestinationServiceActionNATLogComments
DC-ISallallALLacceptenableallReverse of ISFW-DCFW
+
Table 33 - Policy - DCFW => WLC-Teachers

+
1.5.7.2.11 Policy: FITNUC => port36
+ + +
NameSourceDestinationServiceActionNATLogComments
FIT - Intel NUC outboundallallALLacceptenableall 
+
Table 34 - Policy - FITNUC => port36

+
1.5.7.2.12 Policy: FortiSASE => DCFW
+ + +
NameSourceDestinationServiceActionNATLogComments
vpn_FortiSASE_spoke2hub_0allFortiSASE_localALLacceptdisableutmVPN: FortiSASE (Created by VPN wizard)
+
Table 35 - Policy - FortiSASE => DCFW

+
1.5.7.2.13 Policy: FortiSASE => FortiSASE
+ + +
NameSourceDestinationServiceActionNATLogComments
vpn_FortiSASE_spoke2spoke_0allallALLacceptdisableutmVPN: FortiSASE (Created by VPN wizard)
+
Table 36 - Policy - FortiSASE => FortiSASE

+
1.5.7.2.14 Policy: FSA-DMZ => port36
+ + +
NameSourceDestinationServiceActionNATLogComments
Allow FSA AccessFSA-Admin-swallALLacceptenableutm 
+
Table 37 - Policy - FSA-DMZ => port36

+
1.5.7.2.15 Policy: FSA-DMZ2 => port36
+ + +
NameSourceDestinationServiceActionNATLogComments
FSA-DMZ-WANallallALLacceptenableall 
+
Table 38 - Policy - FSA-DMZ2 => port36

+
1.5.7.2.16 Policy: FWLC => DCFW
+ + +
NameSourceDestinationServiceActionNATLogComments
IS-DCallallALLacceptdisableall 
+
Table 39 - Policy - FWLC => DCFW

+
1.5.7.2.17 Policy: FWLC => ISFW-HA
+ + +
NameSourceDestinationServiceActionNATLogComments
IS-DCallallALLacceptdisableall 
+
Table 40 - Policy - FWLC => ISFW-HA

+
1.5.7.2.18 Policy: FWLC => port36
+ + + +
NameSourceDestinationServiceActionNATLogComments
Block Malicious by FortiEDRallFortiEDR_Malicious_Destinations, FortiXDR_Malicious_DestinationsALLdenydisableall 
Wireless-WLCallallALLacceptenableall 
+
Table 41 - Policy - FWLC => port36

+
1.5.7.2.19 Policy: ISFW-HA => DCFW
+ + +
NameSourceDestinationServiceActionNATLogComments
IS-DCallallALLacceptdisableall 
+
Table 42 - Policy - ISFW-HA => DCFW

+
1.5.7.2.20 Policy: ISFW-HA => FSA-DMZ
+ + +
NameSourceDestinationServiceActionNATLogComments
ISFW-FSAallallALLacceptenableall 
+
Table 43 - Policy - ISFW-HA => FSA-DMZ

+
1.5.7.2.21 Policy: ISFW-HA => FWLC
+ + +
NameSourceDestinationServiceActionNATLogComments
DC-ISallallALLacceptenableallReverse of ISFW-DCFW
+
Table 44 - Policy - ISFW-HA => FWLC

+
1.5.7.2.22 Policy: ISFW-HA => ISFW-HA
+ + + +
NameSourceDestinationServiceActionNATLogComments
IS-DCallallALLacceptdisableall 
DC-ISallallALLacceptenableallReverse of ISFW-DCFW
+
Table 45 - Policy - ISFW-HA => ISFW-HA

+
1.5.7.2.23 Policy: ISFW-HA => port36
+ + + +
NameSourceDestinationServiceActionNATLogComments
Block Malicious by FortiEDRallFortiEDR_Malicious_Destinations, FortiXDR_Malicious_DestinationsALLdenydisableall 
ISFW-WANallallALLacceptenableallSkip ISFWs will Scan
+
Table 46 - Policy - ISFW-HA => port36

+
1.5.7.2.24 Policy: ISFW-HA => WLC-Staff
+ + +
NameSourceDestinationServiceActionNATLogComments
DC-ISallallALLacceptenableallReverse of ISFW-DCFW
+
Table 47 - Policy - ISFW-HA => WLC-Staff

+
1.5.7.2.25 Policy: ISFW-HA => WLC-Students
+ + +
NameSourceDestinationServiceActionNATLogComments
DC-ISallallALLacceptenableallReverse of ISFW-DCFW
+
Table 48 - Policy - ISFW-HA => WLC-Students

+
1.5.7.2.26 Policy: ISFW-HA => WLC-Teachers
+ + +
NameSourceDestinationServiceActionNATLogComments
DC-ISallallALLacceptenableallReverse of ISFW-DCFW
+
Table 49 - Policy - ISFW-HA => WLC-Teachers

+
1.5.7.2.27 Policy: P22 => port36
+ + +
NameSourceDestinationServiceActionNATLogComments
IBE-WANallallALLacceptdisableutm 
+
Table 50 - Policy - P22 => port36

+
1.5.7.2.28 Policy: port16 => port36
+ + +
NameSourceDestinationServiceActionNATLogComments
GuestallallALLacceptdisableall 
+
Table 51 - Policy - port16 => port36

+
1.5.7.2.29 Policy: port36 => DCFW
+ + + +
NameSourceDestinationServiceActionNATLogComments
WAN to DCFW_VIP NATSDB-TXFGT_DCFW_VIPGALLacceptenableall (Copy of WAN_DCFW_VIP)
WAN_DCFW_VIPallFGT_DCFW_VIPGALLacceptdisableall 
+
Table 52 - Policy - port36 => DCFW

+
1.5.7.2.30 Policy: port36 => FSA-DMZ
+ + +
NameSourceDestinationServiceActionNATLogComments
FSA-MGMT-VIPallFortiSandbox-VIP, FortiSandbox-Slave-IPALL_ICMP, HTTP, HTTPS, OFTP, SSH, RADIUSacceptdisableall 
+
Table 53 - Policy - port36 => FSA-DMZ

+
1.5.7.2.31 Policy: port36 => FWLC
+ + +
NameSourceDestinationServiceActionNATLogComments
WAN-FWLC-VIPallWLC VIP, WLM_VIPALLacceptdisableall 
+
Table 54 - Policy - port36 => FWLC

+
1.5.7.2.32 Policy: port36 => ISFW-HA
+ + + + +
NameSourceDestinationServiceActionNATLogComments
WAN_ISFW_VIPallLANEdge-VIPALLacceptdisableall (Copy of WAN_DCFW_VIP)
WAN_ISFWs_VIPallISFW_BLDG-F, ISFW_BLDG-B, FortiAP-VIP ISFW-E, LANEdge-VIPALLacceptdisableall (Copy of WAN_DCFW_VIP) (Copy of WAN_ISFW-E_VIP) (Copy of WAN_ISFW-F_VIP)
WAN_FortiAP-VIP ISFW-E_VIPallFortiAP-VIP ISFW-EALLacceptdisableall (Copy of WAN_DCFW_VIP)
+
Table 55 - Policy - port36 => ISFW-HA

+
1.5.7.2.33 Policy: port36 => P22
+ + +
NameSourceDestinationServiceActionNATLogComments
WAN-IBEallFortiMail IBEALLacceptdisableutm 
+
Table 56 - Policy - port36 => P22

+
1.5.7.2.34 Policy: port36 => WLC-Staff
+ + +
NameSourceDestinationServiceActionNATLogComments
WAN-FWLC-VIPallWLC VIP, WLM_VIPALLacceptdisableall 
+
Table 57 - Policy - port36 => WLC-Staff

+
1.5.7.2.35 Policy: port36 => WLC-Students
+ + +
NameSourceDestinationServiceActionNATLogComments
WAN-FWLC-VIPallWLC VIP, WLM_VIPALLacceptdisableall 
+
Table 58 - Policy - port36 => WLC-Students

+
1.5.7.2.36 Policy: port36 => WLC-Teachers
+ + +
NameSourceDestinationServiceActionNATLogComments
WAN-FWLC-VIPallWLC VIP, WLM_VIPALLacceptdisableall 
+
Table 59 - Policy - port36 => WLC-Teachers

+
1.5.7.2.37 Policy: port4 => port36
+ + + +
NameSourceDestinationServiceActionNATLogComments
 192.168.20.2@2024-02-28_08:41:13104.100.76.98@2024-02-28_08:41:13HTTPacceptenableallautocreated at 2024-02-28 08:41:13
FIT - Intel NUC outboundallallALLacceptenableall 
+
Table 60 - Policy - port4 => port36

+
1.5.7.2.38 Policy: VPN-GCP => any
+ + +
NameSourceDestinationServiceActionNATLogComments
vpn_VPN-GCP_remote_0VPN-GCP_remoteVPN-GCP_localALLacceptenableallVPN: VPN-GCP (Created by VPN wizard)
+
Table 61 - Policy - VPN-GCP => any

+
1.5.7.2.39 Policy: VPN-SDB => any
+ + +
NameSourceDestinationServiceActionNATLogComments
vpn_VPN-SDB_remote_0VPN-SDB_remoteVPN-SDB_localALLacceptenableallVPN: VPN-SDB (Created by VPN wizard)
+
Table 62 - Policy - VPN-SDB => any

+
1.5.7.2.40 Policy: WLC-Staff => DCFW
+ + +
NameSourceDestinationServiceActionNATLogComments
IS-DCallallALLacceptdisableall 
+
Table 63 - Policy - WLC-Staff => DCFW

+
1.5.7.2.41 Policy: WLC-Staff => ISFW-HA
+ + +
NameSourceDestinationServiceActionNATLogComments
IS-DCallallALLacceptdisableall 
+
Table 64 - Policy - WLC-Staff => ISFW-HA

+
1.5.7.2.42 Policy: WLC-Staff => port36
+ + + +
NameSourceDestinationServiceActionNATLogComments
Block Malicious by FortiEDRallFortiEDR_Malicious_Destinations, FortiXDR_Malicious_DestinationsALLdenydisableall 
Wireless-WLCallallALLacceptenableall 
+
Table 65 - Policy - WLC-Staff => port36

+
1.5.7.2.43 Policy: WLC-Students => DCFW
+ + +
NameSourceDestinationServiceActionNATLogComments
IS-DCallallALLacceptdisableall 
+
Table 66 - Policy - WLC-Students => DCFW

+
1.5.7.2.44 Policy: WLC-Students => ISFW-HA
+ + +
NameSourceDestinationServiceActionNATLogComments
IS-DCallallALLacceptdisableall 
+
Table 67 - Policy - WLC-Students => ISFW-HA

+
1.5.7.2.45 Policy: WLC-Students => port36
+ + + +
NameSourceDestinationServiceActionNATLogComments
Block Malicious by FortiEDRallFortiEDR_Malicious_Destinations, FortiXDR_Malicious_DestinationsALLdenydisableall 
Wireless-WLCallallALLacceptenableall 
+
Table 68 - Policy - WLC-Students => port36

+
1.5.7.2.46 Policy: WLC-Teachers => DCFW
+ + +
NameSourceDestinationServiceActionNATLogComments
IS-DCallallALLacceptdisableall 
+
Table 69 - Policy - WLC-Teachers => DCFW

+
1.5.7.2.47 Policy: WLC-Teachers => ISFW-HA
+ + +
NameSourceDestinationServiceActionNATLogComments
IS-DCallallALLacceptdisableall 
+
Table 70 - Policy - WLC-Teachers => ISFW-HA

+
1.5.7.2.48 Policy: WLC-Teachers => port36
+ + + +
NameSourceDestinationServiceActionNATLogComments
Block Malicious by FortiEDRallFortiEDR_Malicious_Destinations, FortiXDR_Malicious_DestinationsALLdenydisableall 
Wireless-WLCallallALLacceptenableall 
+
Table 71 - Policy - WLC-Teachers => port36

+

1.6 User

The following section details user settings configured on FortiGate.

1.6.1 Summary

The following section provides a summary of user settings.

+ + + + + + +
User0
Group2
LDAP1
RADIUS1
SAML0
+
Table 72 - Summary

+

1.6.2 User Group

+ + + +
NameTypeMemberMatch
RADIUS_DemofirewallFAC-DEMO 
SSO_Guest_Usersfsso-service  
+
Table 73 - User Group

+

1.6.3 LDAP

+ + +
NameServer(s)PortCNDNTypeUser
ad-fortidemo10.88.210.100389sAMAccountNamedc=corp,dc=fortidemo,dc=comregularadministrator@corp.fortidemo.com
+
Table 74 - LDAP

+

LDAP: ad-fortidemo


+ + + + + + + + + + + + + + + + +
Namead-fortidemo
Server10.88.210.100
Secondary Server 
Tertiary Server 
Port389
Securedisable
Source IP0.0.0.0
Interface 
CnidsAMAccountName
DNdc=corp,dc=fortidemo,dc=com
Typeregular
Usernameadministrator@corp.fortidemo.com
Group Member Checkuser-attr
Group Search Base 
Group Object Filter(&(objectcategory=group)(member=*))
+
Table 75 - LDAP ad-fortidemo

+

1.6.4 RADIUS

+ + +
NameServer(s)Auth TypeNAS-IP
FAC-DEMO172.30.72.232/172.30.72.231auto0.0.0.0
+
Table 76 - RADIUS

+

RADIUS: FAC-DEMO


+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameFAC-DEMO
Server172.30.72.232
Secondary Server172.30.72.231
Tertiary Server 
Port0
Timeout5
Source IP 
Interface 
Interface Select Methodauto
Use Management VDOMdisable
All Usergroupdisable
NAS IP0.0.0.0
NAS ID Typelegacy
NAS ID 
Acct Interim Interval0
RADIUS CoAdisable
Auth Typeauto
Username Case Sensitivedisable
Accounting Server 
RSSOdisable
Class 
Password Renewaldisable
MAC Username Delimiterhyphen
MAC Password Delimiter 
MAC Caselowercase
Delimiterplus
+
Table 77 - RADIUS FAC-DEMO

+

1.7 VPN IPsec

The following section details VPN IPsec settings configured on FortiGate.

1.7.1 Summary

The following section provides a summary of VPN IPsec settings.

+ + + +
VPN IPsec Phase 14
VPN IPsec Phase 23
+
Table 78 - Summary

+

1.7.2 VPN IPsec Phase 1

Summary

+ + + + + +
NameTypeInterfaceRemote GatewayModeAuth method
FortiSASEdynamicport360.0.0.0mainpsk
VPN-GCPstaticport3634.125.159.157mainpsk
VPN-MPLS1dynamicport230.0.0.0mainpsk
VPN-SDBstaticport3696.45.34.228mainpsk
+
Table 79 - VPN IPsec Phase 1 Summary

+

1.7.2.1 Phase 1: FortiSASE


+ + + + + + + + + + + + + + + + + + + + +
NameFortiSASE
Typedynamic
Interfaceport36
IP Version4
IKE Version1
Local Gateway0.0.0.0
Remote Gateway0.0.0.0
Modemain
Auth methodpsk
Peer Typeany
CommentsVPN: FortiSASE (Created by VPN wizard)
Mode CFGdisable
Proposalaes128-sha256, aes256-sha256, aes128-sha1, aes256-sha1
DH Group14, 5
Local ID 
DPDon-idle
xAuth Typedisable
NAT Traversalenable
Rekeyenable
+
Table 80 - VPN IPsec Phase 1: FortiSASE

+

1.7.2.2 Phase 1: VPN-GCP


+ + + + + + + + + + + + + + + + + + + + +
NameVPN-GCP
Typestatic
Interfaceport36
IP Version4
IKE Version1
Local Gateway0.0.0.0
Remote Gateway34.125.159.157
Modemain
Auth methodpsk
Peer Typeany
CommentsVPN: VPN-GCP (Created by VPN wizard)
Mode CFGdisable
Proposalaes128-sha256, aes256-sha256, aes128-sha1, aes256-sha1
DH Group14, 5
Local ID 
DPDon-demand
xAuth Typedisable
NAT Traversalenable
Rekeyenable
+
Table 81 - VPN IPsec Phase 1: VPN-GCP

+

1.7.2.3 Phase 1: VPN-MPLS1


+ + + + + + + + + + + + + + + + + + + + +
NameVPN-MPLS1
Typedynamic
Interfaceport23
IP Version4
IKE Version1
Local Gateway0.0.0.0
Remote Gateway0.0.0.0
Modemain
Auth methodpsk
Peer Typeany
Comments 
Mode CFGdisable
Proposalaes256-sha256
DH Group5
Local ID 
DPDon-idle
xAuth Typedisable
NAT Traversalenable
Rekeyenable
+
Table 82 - VPN IPsec Phase 1: VPN-MPLS1

+

1.7.2.4 Phase 1: VPN-SDB


+ + + + + + + + + + + + + + + + + + + + +
NameVPN-SDB
Typestatic
Interfaceport36
IP Version4
IKE Version1
Local Gateway0.0.0.0
Remote Gateway96.45.34.228
Modemain
Auth methodpsk
Peer Typeany
CommentsVPN: VPN-SDB (Created by VPN wizard)
Mode CFGdisable
Proposalaes256-sha256
DH Group14, 5
Local ID 
DPDon-demand
xAuth Typedisable
NAT Traversalenable
Rekeyenable
+
Table 83 - VPN IPsec Phase 1: VPN-SDB

+

1.7.3 VPN IPsec Phase 2

Summary

+ + + + +
NamePhase 1 NameSource Address TypeSource AddressDestination Address TypeDestination Address
FortiSASEFortiSASEsubnet0.0.0.0/0.0.0.0subnet0.0.0.0/0.0.0.0
VPN-GCPVPN-GCPnameVPN-GCP_localnameVPN-GCP_remote
VPN-SDBVPN-SDBnameVPN-SDB_localnameVPN-SDB_remote
+
Table 84 - VPN IPsec Phase 1 Summary

+

1.7.3.1 Phase 2: FortiSASE (FortiSASE)


+ + + + + + + + + + + + + + + + + +
NameFortiSASE
Phase 1 NameFortiSASE
CommnetsVPN: FortiSASE (Created by VPN wizard)
Proposalaes128-sha1, aes256-sha1, aes128-sha256, aes256-sha256, aes128gcm, aes256gcm, chacha20poly1305
DH Group14, 5
Replayenable
KeepAlivedisable
Keylife Typeseconds
Keylife Seconds43200
Keylife Kbs5120
Source Address Typesubnet
Source Address Name 
Source Address Subnet0.0.0.0 0.0.0.0
Destination Address Typesubnet
Destination Address Name 
Destination Address Subnet0.0.0.0 0.0.0.0
+
Table 85 - VPN IPsec Phase 2: FortiSASE

+

1.7.3.2 Phase 2: VPN-GCP (VPN-GCP)


+ + + + + + + + + + + + + + + + + +
NameVPN-GCP
Phase 1 NameVPN-GCP
CommnetsVPN: VPN-GCP (Created by VPN wizard)
Proposalaes256-sha256
DH Group14, 5
Replayenable
KeepAlivedisable
Keylife Typeseconds
Keylife Seconds43200
Keylife Kbs5120
Source Address Typename
Source Address NameVPN-GCP_local
Source Address Subnet 
Destination Address Typename
Destination Address NameVPN-GCP_remote
Destination Address Subnet 
+
Table 86 - VPN IPsec Phase 2: VPN-GCP

+

1.7.3.3 Phase 2: VPN-SDB (VPN-SDB)


+ + + + + + + + + + + + + + + + + +
NameVPN-SDB
Phase 1 NameVPN-SDB
CommnetsVPN: VPN-SDB (Created by VPN wizard)
Proposalaes256-sha256
DH Group14, 5
Replayenable
KeepAlivedisable
Keylife Typeseconds
Keylife Seconds43200
Keylife Kbs5120
Source Address Typename
Source Address NameVPN-SDB_local
Source Address Subnet 
Destination Address Typename
Destination Address NameVPN-SDB_remote
Destination Address Subnet 
+
Table 87 - VPN IPsec Phase 2: VPN-SDB

+

1.8 VPN SSL

The following section details VPN SSL settings configured on FortiGate.

1.8.1 Summary

The following section provides a summary of VPN SSL settings.

+ + + +
Portal1
User (connected)0
+
Table 88 - Summary

+

1.8.2 VPN SSL Settings

+ + + + + + + + + + + + + + + +
Statusenable
Port443
Source Interface 
Source Address 
Default Portal 
Certificate ServerFortinet_Factory
Algorithmhigh
Idle Timeout300
Auth Timeout28800
Force Two factor Authdisable
Tunnel IP Pool10.100.10.0
DNS Suffix 
DNS Server10.0.0.0
DNS Server20.0.0.0
+
Table 89 - VPN SSL Settings

+

Page 3
From 9100bbd90d168c46754c9516b25ba769adf17574 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Wed, 19 Jun 2024 21:12:53 +0200 Subject: [PATCH 02/27] Firewall: display number of rules with comment contain Copy, Clone or Reverse --- Src/Private/Get-AbrFgtFirewall.ps1 | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/Src/Private/Get-AbrFgtFirewall.ps1 b/Src/Private/Get-AbrFgtFirewall.ps1 index 15be7ce..e8a3d5c 100644 --- a/Src/Private/Get-AbrFgtFirewall.ps1 +++ b/Src/Private/Get-AbrFgtFirewall.ps1 @@ -302,11 +302,12 @@ function Get-AbrFgtFirewall { $comments_text += " ($comments_pourcentage%)" } - $policy_comments = @($Policy | Where-Object { $_.comments -ne '' }).count - $comments_text = "$policy_comments" - if ($policy_count) { - $comments_pourcentage = [math]::Round(($policy_comments / $policy_count * 100), 2) - $comments_text += " ($comments_pourcentage%)" + #Policy with comments contains Copy, Clone or Reverse + $policy_comments_ccr = @($Policy | Where-Object { $_.comments -like "*copy*" -or $_.comments -like "*clone*" -or $_.comments -like "*reverse*" }).count + $comments_ccr_text = "$policy_comments_ccr" + if ($policy_comments) { + $comments_ccr_pourcentage = [math]::Round(($policy_comments_ccr / $policy_comments * 100), 2) + $comments_ccr_text += " ($comments_ccr_pourcentage%)" } $policy_no_inspection = @($Policy | Where-Object { $_.'ssl-ssh-profile' -eq '' -or $_.'ssl-ssh-profile' -eq 'no-inspection' }).count @@ -318,14 +319,15 @@ function Get-AbrFgtFirewall { } $OutObj = [pscustomobject]@{ - "Policy" = $policy_count - "Enabled" = $status_text - "Deny" = $deny_text - "NAT" = $nat_text - "Logging" = $log_text - "Unnamed" = $unnamed_text - "Comments" = $comments_text - "SSH/SSH Inspection" = $inspection_text + "Policy" = $policy_count + "Enabled" = $status_text + "Deny" = $deny_text + "NAT" = $nat_text + "Logging" = $log_text + "Unnamed" = $unnamed_text + "Comments" = $comments_text + "Comments (with Copy, Clone or Reverse)" = $comments_ccr_text + "SSH/SSH Inspection" = $inspection_text } $TableParams = @{ From 6d7cabfb313acb02ca9070a8f381b3f136765086 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Wed, 19 Jun 2024 21:15:13 +0200 Subject: [PATCH 03/27] Route: Fix when Static Route is SD-WAN (Zone) There is no device, use the name of SD-WAN (Zone) --- Src/Private/Get-AbrFgtRoute.ps1 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Src/Private/Get-AbrFgtRoute.ps1 b/Src/Private/Get-AbrFgtRoute.ps1 index 107d28f..b44f342 100644 --- a/Src/Private/Get-AbrFgtRoute.ps1 +++ b/Src/Private/Get-AbrFgtRoute.ps1 @@ -116,6 +116,9 @@ function Get-AbrFgtRoute { #when Blackhole is enable, display blackhole for interface if ($static.blackhole -eq "enable") { $interface = "Blackhole" + } elseif ($static.device -eq "") { + #No device => SD-Wan (Zone) + $interface = $static.'sdwan-zone'.name } else { $interface = $static.device } From cffc90e9bb00c6255b96ba9f064d9a302ecbb248 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Thu, 20 Jun 2024 12:47:29 +0200 Subject: [PATCH 04/27] Firewall: fix when destination use ISDB When destination use ISDB (Internet Service DataBase), display the name of service Fix #70 --- Src/Private/Get-AbrFgtFirewall.ps1 | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/Src/Private/Get-AbrFgtFirewall.ps1 b/Src/Private/Get-AbrFgtFirewall.ps1 index e8a3d5c..e932ddd 100644 --- a/Src/Private/Get-AbrFgtFirewall.ps1 +++ b/Src/Private/Get-AbrFgtFirewall.ps1 @@ -376,12 +376,21 @@ function Get-AbrFgtFirewall { $label = $rule.'global-label' } + #Using ISDB for Destination ? + if ($rule.'internet-service' -eq "enable") { + + $dst = $rule.'internet-service-name'.name -join ", " + } + else { + $dst = $rule.dstaddr.name -join ", " + } + $OutObj += [pscustomobject]@{ "Name" = $rule.name "From" = $rule.srcintf.name -join ", " "To" = $rule.dstintf.name -join ", " "Source" = $rule.srcaddr.name -join ", " - "Destination" = $rule.dstaddr.name -join ", " + "Destination" = $dst "Service" = $rule.service.name -join ", " "Action" = $rule.action "NAT" = $rule.nat @@ -415,12 +424,20 @@ function Get-AbrFgtFirewall { foreach ($rule in $Policy) { + #Using ISDB for Destination ? + if ($rule.'internet-service' -eq "enable") { + $dst = $rule.'internet-service-name'.name -join ", " + } + else { + $dst = $rule.dstaddr.name -join ", " + } + $OutObj += [pscustomobject]@{ "Name" = $rule.name "From" = $rule.srcintf.name -join ", " "To" = $rule.dstintf.name -join ", " "Source" = $rule.srcaddr.name -join ", " - "Destination" = $rule.dstaddr.name -join ", " + "Destination" = $dst "Service" = $rule.service.name -join ", " "Action" = $rule.action "NAT" = $rule.nat @@ -457,11 +474,18 @@ function Get-AbrFgtFirewall { foreach ($rule in $Policy) { if ($rule.srcintf.name -eq $int_src -and $rule.dstintf.name -eq $int_dst) { + #Using ISDB for Destination ? + if ($rule.'internet-service' -eq "enable") { + $dst = $rule.'internet-service-name'.name -join ", " + } + else { + $dst = $rule.dstaddr.name -join ", " + } $OutObj += [pscustomobject]@{ "Name" = $rule.name "Source" = $rule.srcaddr.name -join ", " - "Destination" = $rule.dstaddr.name -join ", " + "Destination" = $dst "Service" = $rule.service.name -join ", " "Action" = $rule.action "NAT" = $rule.nat From 8ffa21b5510c2c718d4a5441ad07f3f997882b44 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Thu, 20 Jun 2024 16:12:22 +0200 Subject: [PATCH 05/27] Firewall: Add also source ISDB support --- Src/Private/Get-AbrFgtFirewall.ps1 | 33 +++++++++++++++++++++++++++--- 1 file changed, 30 insertions(+), 3 deletions(-) diff --git a/Src/Private/Get-AbrFgtFirewall.ps1 b/Src/Private/Get-AbrFgtFirewall.ps1 index e932ddd..96ae484 100644 --- a/Src/Private/Get-AbrFgtFirewall.ps1 +++ b/Src/Private/Get-AbrFgtFirewall.ps1 @@ -385,11 +385,20 @@ function Get-AbrFgtFirewall { $dst = $rule.dstaddr.name -join ", " } + #Using ISDB for Source ? + if ($rule.'internet-service-src ' -eq "enable") { + + $src = $rule.'internet-service-src-name'.name -join ", " + } + else { + $src = $rule.srcaddr.name -join ", " + } + $OutObj += [pscustomobject]@{ "Name" = $rule.name "From" = $rule.srcintf.name -join ", " "To" = $rule.dstintf.name -join ", " - "Source" = $rule.srcaddr.name -join ", " + "Source" = $src "Destination" = $dst "Service" = $rule.service.name -join ", " "Action" = $rule.action @@ -432,11 +441,20 @@ function Get-AbrFgtFirewall { $dst = $rule.dstaddr.name -join ", " } + #Using ISDB for Source ? + if ($rule.'internet-service-src ' -eq "enable") { + + $src = $rule.'internet-service-src-name'.name -join ", " + } + else { + $src = $rule.srcaddr.name -join ", " + } + $OutObj += [pscustomobject]@{ "Name" = $rule.name "From" = $rule.srcintf.name -join ", " "To" = $rule.dstintf.name -join ", " - "Source" = $rule.srcaddr.name -join ", " + "Source" = $src "Destination" = $dst "Service" = $rule.service.name -join ", " "Action" = $rule.action @@ -482,9 +500,18 @@ function Get-AbrFgtFirewall { $dst = $rule.dstaddr.name -join ", " } + #Using ISDB for Source ? + if ($rule.'internet-service-src ' -eq "enable") { + + $src = $rule.'internet-service-src-name'.name -join ", " + } + else { + $src = $rule.srcaddr.name -join ", " + } + $OutObj += [pscustomobject]@{ "Name" = $rule.name - "Source" = $rule.srcaddr.name -join ", " + "Source" = $src "Destination" = $dst "Service" = $rule.service.name -join ", " "Action" = $rule.action From 8a980b7b2d78d2dd0c2574070f962484712b5548 Mon Sep 17 00:00:00 2001 From: soukhomlinov Date: Wed, 26 Jun 2024 16:03:32 +0200 Subject: [PATCH 06/27] FortiCare: Add information about FortiGuard Services with Expiration Date... --- Src/Private/Get-AbrFgtFortiCare.ps1 | 147 +++++++++++++++++++++++++++- 1 file changed, 143 insertions(+), 4 deletions(-) diff --git a/Src/Private/Get-AbrFgtFortiCare.ps1 b/Src/Private/Get-AbrFgtFortiCare.ps1 index a59da13..aede72f 100644 --- a/Src/Private/Get-AbrFgtFortiCare.ps1 +++ b/Src/Private/Get-AbrFgtFortiCare.ps1 @@ -26,11 +26,122 @@ function Get-AbrFgtForticare { process { - $Forticare = (Get-FGTMonitorLicenseStatus).forticare + $LicenseStatus = Get-FGTMonitorLicenseStatus + if ($LicenseStatus -and $InfoLevel.Forticare -ge 1) { + + $FortiGuardservicesDescriptions = @{ + "forticare" = "FortiCare Support Services" + "forticloud" = "FortiCloud Management" + "security_rating" = "Security Fabric Rating and Compliance Service" + "antivirus" = "Antivirus Service" + "mobile_malware" = "Mobile Malware Service" + "ai_malware_detection" = "AI-based Inline Malware Prevention" + "ips" = "Intrusion Prevention System (IPS)" + "industrial_db" = "OT Industrial Signatures Database" + "appctrl" = "Application Control" + "internet_service_db" = "Internet Service (SaaS) Database" + "device_os_id" = "Device/OS Detection" + "botnet_ip" = "Botnet IP Reputation Service" + "botnet_domain" = "Botnet Domain Reputation Service" + "psirt_security_rating" = "Attack Surface Security Rating" + "outbreak_security_rating" = "Outbreak Security Rating Service" + "icdb" = "OT Industrial Signatures Database" + "inline_casb" = "Inline SaaS Application Security (CASB)" + "local_in_virtual_patching" = "OT Virtual Patching" + "malicious_urls" = "Malicious URL Database" + "blacklisted_certificates" = "Blacklisted Certificates Service" + "firmware_updates" = "Firmware Updates" + "web_filtering" = "Web Filtering Service" + "outbreak_prevention" = "Outbreak Prevention" + "antispam" = "Antispam Service" + "iot_detection" = "IoT Detection Service" + "ot_detection" = "OT Detection Service" + "forticloud_sandbox" = "FortiCloud Sandbox" + "forticonverter" = "FortiConverter Service" + "fortiguard" = "FortiGuard Services" + "data_leak_prevention" = "Data Leak Prevention" + "sdwan_network_monitor" = "SD-WAN Network Monitor" + "forticloud_logging" = "FortiCloud Logging" + "fortianalyzer_cloud" = "FortiAnalyzer Cloud" + "fortianalyzer_cloud_premium" = "FortiAnalyzer Cloud Premium" + "fortimanager_cloud" = "FortiManager Cloud" + "fortisandbox_cloud" = "FortiSandbox Cloud" + "fortiguard_ai_based_sandbox" = "FortiGuard AI-based Sandbox" + "sdwan_overlay_aas" = "SD-WAN Overlay-as-a-Service" + "fortisase_private_access" = "FortiSASE Private Access" + "fortisase_lan_extension" = "FortiSASE LAN Extension" + "fortiems_cloud" = "FortiEMS Cloud" + "fortimanager_cloud_alci" = "FortiManager Cloud ALCI" + "fortisandbox_cloud_alci" = "FortiSandbox Cloud ALCI" + "vdom" = "Virtual Domains (platform capability)" + "sms" = "SMS Service" + } + $licenseSummary = @() + + $typeDescriptions = @{ + downloaded_fds_object = 'Update Feed' + live_fortiguard_service = 'Real-time Services' + live_cloud_service = 'Cloud Services' + functionality_enabling = 'Feature' + } + + $excludeServices = @( + 'fortiguard', 'forticare', 'forticloud', 'sms', 'vdom', + 'forticloud_logging', 'fortianalyzer_cloud', 'fortianalyzer_cloud_premium', + 'fortimanager_cloud', 'fortisandbox_cloud', 'fortiguard_ai_based_sandbox', + 'forticonverter', 'fortiems_cloud', 'fortimanager_cloud_alci', 'fortisandbox_cloud_alci' + ) + + $FortiGuardSvcOrder = @( + 'internet_service_db', 'device_os_id', 'firmware_updates', 'ips', + 'blacklisted_certificates', 'appctrl', 'antivirus', 'botnet_ip', 'botnet_domain', + 'mobile_malware', 'antispam', 'outbreak_prevention', 'forticloud_sandbox', + 'ai_malware_detection', 'web_filtering', 'malicious_urls', 'security_rating', + 'psirt_security_rating', 'outbreak_security_rating', 'inline_casb', + 'data_leak_prevention', 'ot_detection', 'iot_detection', 'local_in_virtual_patching', + 'industrial_db', 'icdb', 'sdwan_network_monitor', 'sdwan_overlay_aas', + 'fortisase_private_access', 'fortisase_lan_extension' + ) + + $licenseSummaryUnordered = @() + + foreach ($property in $LicenseStatus.PSObject.Properties) { + if ($excludeServices -contains $property.Name) { + continue + } - if ($Forticare -and $InfoLevel.Forticare -ge 1) { + $feature = $property.Value + $status = $feature.status + $description = $FortiGuardservicesDescriptions[$property.Name] + if ($null -ne $feature.expires) { + $expires = (Get-Date '01/01/1970').AddSeconds($feature.expires) | Get-Date -Format "dd/MM/yyyy" + } else { + $expires = $null + } + $type = $feature.type + $entitlement = $feature.entitlement + $typeDescription = $typeDescriptions[$type] + + $licenseSummaryUnordered += [PSCustomObject]@{ + name = $property.Name + description = $description + status = $status + expiration = $expires + type = $type + typeDescription = $typeDescription + entitlement = $entitlement + } + } + + # Ordering $licenseSummary based on the specified order + $licenseSummary = $FortiGuardSvcOrder | ForEach-Object { + $serviceName = $_ + $licenseSummaryUnordered | Where-Object { $_.Name -eq $serviceName } + } + + $Forticare = $LicenseStatus.forticare Section -Style Heading2 'FortiCare' { - Paragraph "The following section details FortiCare settings configured on FortiGate." + Paragraph "The following table details FortiCare settings configured on FortiGate." BlankLine $OutObj = @() @@ -57,6 +168,34 @@ function Get-AbrFgtForticare { $OutObj | Table @TableParams + + Paragraph "The following table details FortiGuard subscriptions and services on FortiGate." + BlankLine + + $OutObj = @() + foreach ($license in $licenseSummary) { + $licenseStatus = $license.status -eq 'licensed' ? 'Licensed' : 'Unlicensed' + $OutObj += [pscustomobject]@{ + "Name" = $license.description + "Type" = $license.typeDescription + "Status" = $licenseStatus + "Expiration" = $license.expiration + } + } + + $TableParams = @{ + Name = "FortiGuard Services" + List = $false + ColumnWidths = 50, 20, 15, 15 + } + + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + + $OutObj | Table @TableParams + + Paragraph "The following section details support settings configured on FortiGate." BlankLine $ExpiresHW = (($Forticare | Select-Object -ExpandProperty support).hardware).expires @@ -193,4 +332,4 @@ function Get-AbrFgtForticare { } -} \ No newline at end of file +} From 8cdc99738bce73089a1bbd03449fa996a61976d3 Mon Sep 17 00:00:00 2001 From: soukhomlinov Date: Wed, 26 Jun 2024 16:35:37 +0200 Subject: [PATCH 07/27] System: Add HA Configuration and Members --- Src/Private/Get-AbrFgtSystem.ps1 | 80 ++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) diff --git a/Src/Private/Get-AbrFgtSystem.ps1 b/Src/Private/Get-AbrFgtSystem.ps1 index 5985ab6..26b32e1 100644 --- a/Src/Private/Get-AbrFgtSystem.ps1 +++ b/Src/Private/Get-AbrFgtSystem.ps1 @@ -319,6 +319,86 @@ function Get-AbrFgtSystem { } } + # Fetch HA Configuration + $haConfig = Get-FGTSystemHA + $haPeers = Get-FGTMonitorSystemHAPeer + $haChecksums = Get-FGTMonitorSystemHAChecksum + + if ( $haConfig.mode -ne 'standalone' -and $infoLevel.System -ge 1) { + Section -Style Heading3 'High Availability' { + Paragraph "The following section details HA settings." + BlankLine + + Section -Style Heading4 'HA Configuration' { + $OutObj = @() + + $OutObj = [pscustomobject]@{ + "Group Name" = $haConfig.'group-name' + "Group ID" = $haConfig.'group-id' + "Mode" = $haConfig.mode + "HB Device" = $haConfig.'hbdev' + "HA Override" = $haConfig.'override' + "Route TTL" = $haConfig.'route-ttl' + "Route Wait" = $haConfig.'route-wait' + "Route Hold" = $haConfig.'route-hold' + "Session sync (TCP)" = $haConfig.'session-pickup' + "Session sync (UDP)" = $haConfig.'session-pickup-connectionless' + "Session sync (Pinholes)" = $haConfig.'session-pickup-expectation' + "Uninterruptible Upgrade" = $haConfig.'uninterrup-upgrade' + "HA Management Status" = $haConfig.'ha-mgmt-status' + "HA Management Interfaces" = $haConfig.'ha-mgmt-interfaces' + } + + $TableParams = @{ + Name = "HA Configuration" + List = $true + ColumnWidths = 50, 50 + } + + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + + $OutObj | Table @TableParams + } + + Section -Style Heading4 'HA Members' { + $OutObj = @() + + foreach ($haPeer in $haPeers) { + $haChecksum = $haChecksums | Where-Object { $_.serial_no -eq $haPeer.serial_no } + + # Correctly using the if statement for assignment + $manageMaster = if ($haChecksum.is_manage_master -eq 1) { "Yes" } else { "No" } + $rootMaster = if ($haChecksum.is_root_master -eq 1) { "Yes" } else { "No" } + + # Correctly reference properties from $haPeer + $OutObj += [pscustomobject]@{ + "Hostname" = $haPeer.hostname + "Serial" = $haPeer.serial_no + "Priority" = $haPeer.priority + "Manage Master" = $manageMaster + "Root Master" = $rootMaster + } + } + + $TableParams = @{ + Name = "HA Members" + List = $false + ColumnWidths = 30, 30, 10, 10, 10, 10 + } + + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + + $OutObj | Table @TableParams + } + + + } + } + } } From b72149d9533b8a935806ec0a1eea6c3a2e025d64 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Wed, 26 Jun 2024 16:58:02 +0200 Subject: [PATCH 08/27] System: Fix HA Add full name of a-p (or a-a), and monitor port fix also table about HA Members --- Src/Private/Get-AbrFgtSystem.ps1 | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/Src/Private/Get-AbrFgtSystem.ps1 b/Src/Private/Get-AbrFgtSystem.ps1 index 26b32e1..eed42c6 100644 --- a/Src/Private/Get-AbrFgtSystem.ps1 +++ b/Src/Private/Get-AbrFgtSystem.ps1 @@ -332,11 +332,20 @@ function Get-AbrFgtSystem { Section -Style Heading4 'HA Configuration' { $OutObj = @() + switch ($haConfig.mode) { + "a-p" { $mode = "Active/Passive" } + "a-a" { $mode = "Active/Active" } + Default {} + } + #API return multi same interface ?! (remove extra space, quote and ) + $monitor = (($haConfig.monitor.trim() -replace ' ', ' ' -replace '"', '').Split(" ") | Sort-Object -Unique) -Join ", " + $OutObj = [pscustomobject]@{ "Group Name" = $haConfig.'group-name' "Group ID" = $haConfig.'group-id' - "Mode" = $haConfig.mode + "Mode" = $mode "HB Device" = $haConfig.'hbdev' + "Monitor" = $monitor "HA Override" = $haConfig.'override' "Route TTL" = $haConfig.'route-ttl' "Route Wait" = $haConfig.'route-wait' @@ -385,7 +394,7 @@ function Get-AbrFgtSystem { $TableParams = @{ Name = "HA Members" List = $false - ColumnWidths = 30, 30, 10, 10, 10, 10 + ColumnWidths = 35, 35, 10, 10, 10 } if ($Report.ShowTableCaptions) { From 1087f3a996e0cef52aa63f0f7d09ef9d9365a8e4 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Wed, 26 Jun 2024 17:08:59 +0200 Subject: [PATCH 09/27] System: Fix indent (using Visual Code Formatter) --- Src/Private/Get-AbrFgtSystem.ps1 | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Src/Private/Get-AbrFgtSystem.ps1 b/Src/Private/Get-AbrFgtSystem.ps1 index eed42c6..93a785d 100644 --- a/Src/Private/Get-AbrFgtSystem.ps1 +++ b/Src/Private/Get-AbrFgtSystem.ps1 @@ -206,17 +206,17 @@ function Get-AbrFgtSystem { $trustedHosts = $admin.trusthost1 + "`n" $trustedHosts += $admin.trusthost2 + "`n" - $trustedHosts += $admin.trusthost3 + "`n" - $trustedHosts += $admin.trusthost4 + "`n" - $trustedHosts += $admin.trusthost5 + "`n" + $trustedHosts += $admin.trusthost3 + "`n" + $trustedHosts += $admin.trusthost4 + "`n" + $trustedHosts += $admin.trusthost5 + "`n" $trustedHosts += $admin.trusthost6 + "`n" - $trustedHosts += $admin.trusthost7 + "`n" - $trustedHosts += $admin.trusthost8 + "`n" + $trustedHosts += $admin.trusthost7 + "`n" + $trustedHosts += $admin.trusthost8 + "`n" $trustedHosts += $admin.trusthost9 + "`n" - $trustedHosts += $admin.trusthost10 + "`n" + $trustedHosts += $admin.trusthost10 + "`n" $trustedHosts = $trustedHosts -replace "0.0.0.0 0.0.0.0`n", "" #Remove 'All Network' - if($trustedHosts -eq ""){ + if ($trustedHosts -eq "") { $trustedHosts = "All" #TODO: Add Health Warning ! } $OutObj += [pscustomobject]@{ @@ -245,7 +245,7 @@ function Get-AbrFgtSystem { #By 'API' design, it is always return all interfaces (not filtering by vdom) if ("" -ne $Options.vdom) { - $interfaces = $interfaces | Where-Object {$_.vdom -eq $Options.vdom } + $interfaces = $interfaces | Where-Object { $_.vdom -eq $Options.vdom } } if ($interfaces -and $InfoLevel.System -ge 1) { From 91f4e1328594022e060bac249e4c930bba13e93b Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Wed, 26 Jun 2024 17:11:05 +0200 Subject: [PATCH 10/27] System: Rename GUI Settings to Feature GUI Visibility like on GUI ^^ --- Src/Private/Get-AbrFgtSystem.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Src/Private/Get-AbrFgtSystem.ps1 b/Src/Private/Get-AbrFgtSystem.ps1 index 93a785d..cf15c51 100644 --- a/Src/Private/Get-AbrFgtSystem.ps1 +++ b/Src/Private/Get-AbrFgtSystem.ps1 @@ -96,7 +96,7 @@ function Get-AbrFgtSystem { } if ($info -and $settings -and $InfoLevel.System -ge 1) { - Section -Style Heading3 'GUI Settings' { + Section -Style Heading3 'Feature GUI visibility' { $OutObj = @() $OutObj = [pscustomobject]@{ @@ -127,7 +127,7 @@ function Get-AbrFgtSystem { } $TableParams = @{ - Name = "Settings" + Name = "Feature GUI visibility" List = $true ColumnWidths = 50, 50 } From eef6876b27519f08eba0bf264c19dfc555f6c885 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Wed, 26 Jun 2024 17:11:34 +0200 Subject: [PATCH 11/27] System: rename Reboot to Recurring Reboot --- Src/Private/Get-AbrFgtSystem.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Src/Private/Get-AbrFgtSystem.ps1 b/Src/Private/Get-AbrFgtSystem.ps1 index cf15c51..539c0a9 100644 --- a/Src/Private/Get-AbrFgtSystem.ps1 +++ b/Src/Private/Get-AbrFgtSystem.ps1 @@ -46,7 +46,7 @@ function Get-AbrFgtSystem { $OutObj = [pscustomobject]@{ "Nom" = $info.'hostname' "Alias" = $info.'alias' - "Reboot" = $reboot + "Recurring Reboot" = $reboot "Port SSH" = $info.'admin-ssh-port' "Port HTTP" = $info.'admin-port' "Port HTTPS" = $info.'admin-sport' From cb6aab85418dbcb27b1644d307920e43a32574f3 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Wed, 26 Jun 2024 17:20:24 +0200 Subject: [PATCH 12/27] Invoke: Add Name and Serial of all members on top of report --- ...nvoke-AsBuiltReport.Fortinet.FortiGate.ps1 | 21 +++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/Src/Public/Invoke-AsBuiltReport.Fortinet.FortiGate.ps1 b/Src/Public/Invoke-AsBuiltReport.Fortinet.FortiGate.ps1 index 32df3bc..677d43c 100644 --- a/Src/Public/Invoke-AsBuiltReport.Fortinet.FortiGate.ps1 +++ b/Src/Public/Invoke-AsBuiltReport.Fortinet.FortiGate.ps1 @@ -42,8 +42,25 @@ function Invoke-AsBuiltReport.Fortinet.FortiGate { $Model = (Get-FGTMonitorSystemFirmware).current.'platform-id' Write-PScriboMessage "Connect to $System : $Model ($($DefaultFGTConnection.serial)) " - Section -Style Heading1 "Implementation Report $($DefaultFGTConnection.serial)" { - Paragraph "The following section provides a summary of the implemented components on the Fortinet FortiGate infrastructure." + #Get firewall hostname(s) and serials (HA or standalone configurations supported) + $haConfig = Get-FGTSystemHA + if( $haConfig.mode -ne 'standalone' ) { + $haPeers = Get-FGTMonitorSystemHAPeer + #Get hostnames from HA config + $hostnames = ($haPeers | ForEach-Object { $_.hostname }) -join ', ' + + #Get serials for HA config + $serials = ($haPeers | ForEach-Object { $_.serial_no }) -join ', ' + + } else { + #Get hostnames and serials for standalone config + $globalSettings = Get-FGTSystemGlobal + $hostnames = $globalSettings.hostname + $serials = $DefaultFGTConnection.serial + } + + Section -Style Heading1 "$hostnames Configuration" { + Paragraph "The following provides as-built documentation for the Fortinet FortiGate $Model firewalls $hostnames ($serials)." BlankLine if ($InfoLevel.FortiGate.PSObject.Properties.Value -ne 0) { Get-AbrFgtFortiCare From ead09398892455553e14c2654cc98a0c1e32af2c Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Fri, 12 Jul 2024 14:49:52 +0200 Subject: [PATCH 13/27] System: Fix indent --- Src/Private/Get-AbrFgtSystem.ps1 | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Src/Private/Get-AbrFgtSystem.ps1 b/Src/Private/Get-AbrFgtSystem.ps1 index 539c0a9..1200c65 100644 --- a/Src/Private/Get-AbrFgtSystem.ps1 +++ b/Src/Private/Get-AbrFgtSystem.ps1 @@ -44,13 +44,13 @@ function Get-AbrFgtSystem { } $OutObj = [pscustomobject]@{ - "Nom" = $info.'hostname' - "Alias" = $info.'alias' - "Recurring Reboot" = $reboot - "Port SSH" = $info.'admin-ssh-port' - "Port HTTP" = $info.'admin-port' - "Port HTTPS" = $info.'admin-sport' - "HTTPS Redirect" = $info.'admin-https-redirect' + "Nom" = $info.'hostname' + "Alias" = $info.'alias' + "Recurring Reboot" = $reboot + "Port SSH" = $info.'admin-ssh-port' + "Port HTTP" = $info.'admin-port' + "Port HTTPS" = $info.'admin-sport' + "HTTPS Redirect" = $info.'admin-https-redirect' } $TableParams = @{ From 4c9f6c95c913ad85d0746b7d8739583d95e8d74c Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Fri, 12 Jul 2024 15:11:24 +0200 Subject: [PATCH 14/27] System: Add DHCP Server Section --- Src/Private/Get-AbrFgtSystem.ps1 | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/Src/Private/Get-AbrFgtSystem.ps1 b/Src/Private/Get-AbrFgtSystem.ps1 index 1200c65..659dc5a 100644 --- a/Src/Private/Get-AbrFgtSystem.ps1 +++ b/Src/Private/Get-AbrFgtSystem.ps1 @@ -319,6 +319,38 @@ function Get-AbrFgtSystem { } } + #DHCP Server + $dhcp_servers = Get-FGTSystemDHCPServer + + if ($dhcp_servers -and $InfoLevel.System -ge 1) { + Section -Style Heading3 'DHCP Server' { + $OutObj = @() + + foreach ($dhcp_server in $dhcp_servers) { + $OutObj += [pscustomobject]@{ + "id" = $dhcp_server.id + "Status" = $dhcp_server.status + "Interface" = $dhcp_server.interface + "Range" = "$($dhcp_server.'ip-range'.'start-ip')-$($dhcp_server.'ip-range'.'end-ip')" + "Netmask" = $dhcp_server.netmask + "Gateway" = $dhcp_server.'default-gateway' + } + } + + $TableParams = @{ + Name = "DHCP Server" + List = $false + ColumnWidths = 5, 11, 15, 35, 17, 17 + } + + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + + $OutObj | Table @TableParams + } + } + # Fetch HA Configuration $haConfig = Get-FGTSystemHA $haPeers = Get-FGTMonitorSystemHAPeer From 33c63994a5394dfd214a1bb66e3643be91e2fb37 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Fri, 12 Jul 2024 15:42:57 +0200 Subject: [PATCH 15/27] System: Add DHCP Server Detail sub Section --- AsBuiltReport.Fortinet.FortiGate.json | 2 +- Src/Private/Get-AbrFgtSystem.ps1 | 39 +++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 1 deletion(-) diff --git a/AsBuiltReport.Fortinet.FortiGate.json b/AsBuiltReport.Fortinet.FortiGate.json index bf19fbd..f4c19e8 100644 --- a/AsBuiltReport.Fortinet.FortiGate.json +++ b/AsBuiltReport.Fortinet.FortiGate.json @@ -16,7 +16,7 @@ "InfoLevel": { "_comment_": "0 = Disabled, 1 = Enabled / Summary, 2 = Adv Summary", "FortiCare": 1, - "System": 1, + "System": 2, "Route": 1, "SDWAN": 1, "Firewall": 1, diff --git a/Src/Private/Get-AbrFgtSystem.ps1 b/Src/Private/Get-AbrFgtSystem.ps1 index 659dc5a..9689b9b 100644 --- a/Src/Private/Get-AbrFgtSystem.ps1 +++ b/Src/Private/Get-AbrFgtSystem.ps1 @@ -349,6 +349,45 @@ function Get-AbrFgtSystem { $OutObj | Table @TableParams } + + #DHCP Server detail + if ($InfoLevel.System -ge 2) { + foreach ($dhcp_server in $dhcp_servers) { + Section -Style NOTOCHeading4 -ExcludeFromTOC "DHCP: $($dhcp_server.id) - $($dhcp_server.interface)" { + BlankLine + + $dns = ($dhcp_server.'dns-server1' -replace "0.0.0.0", "") + ($dhcp_server.'dns-server2' -replace "0.0.0.0", "") + ($dhcp_server.'dns-server3' -replace "0.0.0.0", "") + ($dhcp_server.'dns-server4' -replace "0.0.0.0", "") + $ntp = ($dhcp_server.'ntp-server1' -replace "0.0.0.0", "") + ($dhcp_server.'ntp-server2' -replace "0.0.0.0", "") + ($dhcp_server.'ntp-server3' -replace "0.0.0.0", "") + ($dhcp_server.'ntp-server4' -replace "0.0.0.0", "") + $OutObj = [pscustomobject]@{ + "id" = $dhcp_server.id + "Status" = $dhcp_server.status + "Lease Time" = $dhcp_server.'lease-time' + "Interface" = $dhcp_server.interface + "Start IP" = $dhcp_server.'ip-range'.'start-ip' + "End IP" = $dhcp_server.'ip-range'.'end-ip' + "Netmask" = $dhcp_server.netmask + "Gateway" = $dhcp_server.'default-gateway' + "DNS" = $dns + "Domain" = $dhcp_server.domain + "NTP" = $ntp + } + + $TableParams = @{ + Name = "DHCP $($dhcp_server.id) - $($dhcp_server.interface)" + List = $true + ColumnWidths = 25, 75 + } + + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + + $OutObj | Table @TableParams + } + } + } + + } # Fetch HA Configuration From 34f28b02ab9b4738bb59d85d05fe1ec84e85e0ee Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Fri, 12 Jul 2024 15:57:01 +0200 Subject: [PATCH 16/27] System: Add DHCP Server Reservation (Address) --- Src/Private/Get-AbrFgtSystem.ps1 | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/Src/Private/Get-AbrFgtSystem.ps1 b/Src/Private/Get-AbrFgtSystem.ps1 index 9689b9b..e2c1ffc 100644 --- a/Src/Private/Get-AbrFgtSystem.ps1 +++ b/Src/Private/Get-AbrFgtSystem.ps1 @@ -350,8 +350,8 @@ function Get-AbrFgtSystem { $OutObj | Table @TableParams } - #DHCP Server detail if ($InfoLevel.System -ge 2) { + #DHCP Server detail foreach ($dhcp_server in $dhcp_servers) { Section -Style NOTOCHeading4 -ExcludeFromTOC "DHCP: $($dhcp_server.id) - $($dhcp_server.interface)" { BlankLine @@ -385,8 +385,34 @@ function Get-AbrFgtSystem { $OutObj | Table @TableParams } } - } + #DHCP Server Reservation + if ($dhcp_servers.'reserved_address') { + Section -Style NOTOCHeading4 -ExcludeFromTOC "DHCP Server Reserved Address" { + $OutObj = @() + foreach ($reserved_address in ($dhcp_servers.'reserved-address')) { + $OutObj += [pscustomobject]@{ + "id" = $reserved_address.id + "IP" = $reserved_address.ip + "MAC" = $reserved_address.mac + "Action" = $reserved_address.action + } + } + + $TableParams = @{ + Name = "DHCP Server Reserved Address" + List = $false + ColumnWidths = 5, 35, 35, 25 + } + + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + + $OutObj | Table @TableParams + } + } + } } From beaa542091e5479a83c946c7b6c5287c0891cee2 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Fri, 12 Jul 2024 16:04:38 +0200 Subject: [PATCH 17/27] System: Add DHCP Leases information --- Src/Private/Get-AbrFgtSystem.ps1 | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/Src/Private/Get-AbrFgtSystem.ps1 b/Src/Private/Get-AbrFgtSystem.ps1 index e2c1ffc..94257ea 100644 --- a/Src/Private/Get-AbrFgtSystem.ps1 +++ b/Src/Private/Get-AbrFgtSystem.ps1 @@ -412,6 +412,38 @@ function Get-AbrFgtSystem { $OutObj | Table @TableParams } } + + #DHCP Leases (from Monitoring) => no yet Get-FGTMonitorDHCP cmdlet on PowerFGT... + $dhcp_leases = (Invoke-FGTRestMethod -uri api/v2/monitor/system/dhcp).results + + if ($dhcp_leases) { + Section -Style NOTOCHeading4 -ExcludeFromTOC "DHCP Leases" { + $OutObj = @() + foreach ($dhcp_lease in $dhcp_leases) { + $OutObj += [pscustomobject]@{ + "IP" = $dhcp_lease.ip + "MAC" = $dhcp_lease.mac + "Hostname" = $dhcp_lease.hostname + "Status" = $dhcp_lease.status + "Reserved" = $dhcp_lease.reserved + "Expire Time" = ( Get-Date -UnixTimeSeconds $dhcp_lease.expire_time) + } + } + + $TableParams = @{ + Name = "DHCP Server Reserved Address" + List = $false + ColumnWidths = 19, 19, 24, 8, 11, 18 + } + + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + + $OutObj | Table @TableParams + } + } + } } From 4a4f70f8f14bf6c71afe250119227d7f308c7f40 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Fri, 12 Jul 2024 16:06:53 +0200 Subject: [PATCH 18/27] README(.md): Update Settings for System (1 -> 2) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4ba2ba1..0f1b2c9 100644 --- a/README.md +++ b/README.md @@ -144,7 +144,7 @@ The table below outlines the default and maximum InfoLevel settings for each *Fo | Sub-Schema | Default Settings | Maximum Settings | |:----------:|------------------|------------------| | Forticare | 1 | 1 | -| System | 1 | 1 | +| System | 2 | 2 | | Route | 1 | 1 | | Firewall | 1 | 1 | | User | 2 | 2 | From 5969e2462cc41b0c0ed592ea70a22d3cae0c8981 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Mon, 15 Jul 2024 08:45:06 +0200 Subject: [PATCH 19/27] System(DHCP): Fix when no reserved-address (typo) --- Src/Private/Get-AbrFgtSystem.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Src/Private/Get-AbrFgtSystem.ps1 b/Src/Private/Get-AbrFgtSystem.ps1 index 94257ea..7157b6d 100644 --- a/Src/Private/Get-AbrFgtSystem.ps1 +++ b/Src/Private/Get-AbrFgtSystem.ps1 @@ -387,7 +387,7 @@ function Get-AbrFgtSystem { } #DHCP Server Reservation - if ($dhcp_servers.'reserved_address') { + if ($null -ne $dhcp_servers.'reserved-address') { Section -Style NOTOCHeading4 -ExcludeFromTOC "DHCP Server Reserved Address" { $OutObj = @() foreach ($reserved_address in ($dhcp_servers.'reserved-address')) { From 8c0b574fcedc841e00c278bab63a41e4351db2e7 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Mon, 15 Jul 2024 08:45:41 +0200 Subject: [PATCH 20/27] System(DHCP): fix column total (99%) for DHCP Server Reserved --- Src/Private/Get-AbrFgtSystem.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Src/Private/Get-AbrFgtSystem.ps1 b/Src/Private/Get-AbrFgtSystem.ps1 index 7157b6d..41604aa 100644 --- a/Src/Private/Get-AbrFgtSystem.ps1 +++ b/Src/Private/Get-AbrFgtSystem.ps1 @@ -433,7 +433,7 @@ function Get-AbrFgtSystem { $TableParams = @{ Name = "DHCP Server Reserved Address" List = $false - ColumnWidths = 19, 19, 24, 8, 11, 18 + ColumnWidths = 19, 19, 25, 8, 11, 18 } if ($Report.ShowTableCaptions) { From 31bc6626d343c10251494f9a57625296af18175f Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Mon, 15 Jul 2024 08:35:26 +0200 Subject: [PATCH 21/27] CHANGELOG(.md): Updated to 0.4.0 --- CHANGELOG.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1a521ed..959f55b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,22 @@ # :arrows_clockwise: Fortinet FortiGate As Built Report Changelog +## [0.4.0] - 2024-07-15 + +### Added +- Add DHCP Server (Reservation, Leases...) [82](https://github.com/AsBuiltReport/AsBuiltReport.Fortinet.FortiGate/pull/82) +- FortiCare: Add information about FortiGuard Services [78](https://github.com/AsBuiltReport/AsBuiltReport.Fortinet.FortiGate/pull/78) +- Add System HA (Configuration and Members) info [79](https://github.com/AsBuiltReport/AsBuiltReport.Fortinet.FortiGate/pull/79) + +### Changed +- Firewall: display number of rules with comment contain Copy, Clone... [75](https://github.com/AsBuiltReport/AsBuiltReport.Fortinet.FortiGate/pull/75) +- Add ISDB support for Policy Source & Destination [77](https://github.com/AsBuiltReport/AsBuiltReport.Fortinet.FortiGate/pull/77) +- Invoke: Add Name and Serial of all members on top of report [81](https://github.com/AsBuiltReport/AsBuiltReport.Fortinet.FortiGate/pull/81) + +### Fixed +- samples: fix empty samples... [71](https://github.com/AsBuiltReport/AsBuiltReport.Fortinet.FortiGate/pull/71) +- Route: Fix when Static Route is SD-WAN (Zone) [76](https://github.com/AsBuiltReport/AsBuiltReport.Fortinet.FortiGate/pull/76) +- Fix typo found on System Chapiter [80](https://github.com/AsBuiltReport/AsBuiltReport.Fortinet.FortiGate/pull/80) + ## [0.3.0] - 2024-02-29 ### Added From 4605ceb16ef2a2c6bf07ab178f481098ae448d13 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Mon, 15 Jul 2024 08:36:43 +0200 Subject: [PATCH 22/27] psd1: Update to 0.4.0 --- AsBuiltReport.Fortinet.FortiGate.psd1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/AsBuiltReport.Fortinet.FortiGate.psd1 b/AsBuiltReport.Fortinet.FortiGate.psd1 index 1738650..1bd6ecc 100644 --- a/AsBuiltReport.Fortinet.FortiGate.psd1 +++ b/AsBuiltReport.Fortinet.FortiGate.psd1 @@ -12,7 +12,7 @@ RootModule = 'AsBuiltReport.Fortinet.FortiGate.psm1' # Version number of this module. -ModuleVersion = '0.3.0' +ModuleVersion = '0.4.0' # Supported PSEditions # CompatiblePSEditions = @() From 314d364f2aec54510d3ae157f1fd0cdd9dce32b2 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Mon, 15 Jul 2024 08:48:09 +0200 Subject: [PATCH 23/27] Samples: Update with last change --- .../Fortinet FortiGate As Built Report.docx | Bin 727865 -> 798774 bytes .../Fortinet FortiGate As Built Report.html | 771 +++++++++++------- 2 files changed, 458 insertions(+), 313 deletions(-) diff --git a/Samples/Fortinet FortiGate As Built Report.docx b/Samples/Fortinet FortiGate As Built Report.docx index 0b3f5576093fd59365476b21bc7af0354e9ee1b0..c6ab40bd602fa6fdcb32e02ae9b4e6e8fa7cec72 100644 GIT binary patch delta 8634 zcmb_i3tUvyx@SLTzXq5AK|usJJ`zoac@INnqDY}82yzm#WCI%=7-n!DCY2A&PF^3S zXRBXN4xTJKT843Q*U?*Ob^P6|~OpaH718aZl zd#(TXt#5sM4X^B*yzh)Ty=)diro<`#4$t^zzL0aEvgEiv4t@5fucfz@(!)rvxXc4W zDJMuX>D!@ZEi+8Ii|H_W!@hbCZ*lOAVUO1-}}%X3-ZCLLR@5Z}11CRf%bni*K>yTZ;JxPe8m|@Op!MR1Ke_ zP0gESwYtrge5-pRBt6PyLiavA8#+$n)1?W9Wx9}1>lM46F&vDysYAYA3<(~jr`R6| zd2R^{fqFg|t_{`&JS~c0jM5gT@(18=JH{a4R4h4#&U46iXI7NDcE%y|87>7 z>=Q$Lg=U7&sSt#UiPBpOZdBEB9*HaK^@ny^0cxM8(Uz z(h9yv42fWw&*cA-0@bC{<7XmAyosJb^W8!~xD-WC8CJ9gLt-V~{#hmGd71M@XUyMaUNZ@A=mYl!f8D-9og)X6Vo?3P5RImDW*e|E} zfEXl}`2U|YB_o%9X-8F4YDH1*?S*srIb!H;f1ruK&F}Ms{E+=l%V;XF%~v%0XZPJ|OnS%(VJP;}_|*=S)i zmW4!L5U_Rl_Foe2?$*67HBFqK9Mi%?Itg@yr$`;PR49}2d0qZd|A?0++p4-=pZFUc zBpqXqc4eFO1UywvCP8-(erwkQwojP^wB^;ZRxZ~1{nFfNzwOfBbeNKEDy!0f zN@)FLgbg(#Y98>nRF?2dJwXpTU_2qf*0U$}eZkfeT{V@@kCpf}RjGqBE=gwFy1s6; za?-em7j)gX=2=ckf2^u&`NL0eP@9ZbcLg5%{a&!8V|!rJevFil%*Gyh6OLr!Rd65~ zFNU(6x(wKK2+v`xrhLBW*6C%^s)t9(d;{4)5O#+hvgec6D}7m-v|mam9Cj<5znx4~ z2GWVO&Cp>W8ZnQw*JR&z2iXiQPjgPF$)=lN;duN;X~Wh=tQ;QRO1Q9m$ev3z;$jGv z{D`ARDd`yxyfO~;luG{w=N=>;06q!3A38VSZnZUoGtc29{FTETiXK>*h;c@X#hhz# zTTK>czR6;;TAXsMm_zB@-s_u7KC|tp{95DT6TcmCaGqZTh+Vj z4;*7OS*jlKF2?n@g`a9Z9l~!`HE#@Rn3$2v4wL0dioLKYh|@8O=a%an(x&a6n2_?TaSam` zO$N?gz)7|@p0MH&>ApfNX~JqYDeA`ne?qq(p1mKhCLS;jU&cQPk{xfqR_pXLf+lgKtoXX+bN5`#{$pvccdS-r)f zvJ+0T9oqJC^>8l4HbTd4_C`%jG($7MynuZXn(iPAv|SNJ^r?^6GFzQ!cu|LT-7>ZcT3)46pfkkol18_w zmSRZQ97(uYU64vV21zgB)d>n@{SiZjZmbF?r@?7OaDq7jA2m3XXh+2^@tW{7FT=+U zgi_g+up|SI#H$ZNb)xMMnW>_4wa}?jADw3->i$LO-aUv{vnq7G=nRC-hG3Hx?n)mV zHB>LgsDZk+1T_fh94%Dkdz9M~bhci(*bNF4IuFJV1WGv?1_er;7&1_*)HMV3>D!Qfv#Sr0qlUC26;btcyk`9N zS;$CX>xHR5e#$#uP*fV?F8*;3LAb1Tts_JOY5UsA(xvth(y{gtq{V5oDJ>%A1|gen zgyd$@j>g&h2rmTMNt?uvY0};54~BfOy^?W43xPE%#n3HvKGR5*i^^T0dQXSBrNR*& zbl;~Vl~Wmnu)>qZB4yDwk5*d=_|}2jqSPZZ$Ra31ZJ?oOM#ZdorDeIlvX_=QD%{fc z!%yN~^iuI3c$V4;lEs2ID9yb~^{x$TG`jMvmOQK3YUj=F0<*0ER$XHISyX$!^A6O% zxglv0+i0{GxSR!oxj?WM)QJTSx3qaoyP?8v&z~`8Ua=Lmd={q}PWUmqy2>kBPwsEs zfwaNFPw-RFRzX&!s7H?SQX&S>O_lkD|Za(AG%Xa``? z$GR%bi4|w@`gmx^2u{BE1MYl~&Nr$5;RH$kR(@zJ@fAi}tWKNLVh6#3+hz1ZFdCC5 zw-G1xoY`(dt)CmU{A#~1Pu)mVN4d!P3~AutIOb%R zHj~AXFIir8#Q5W~#R$lsY$3iPG(%QoNa>)pPpoq`o7rV^s@b6|Is=oBKSJERn5mpo zSuvxC7a++>rh{=au^voM5__O~EXm22{!ToPfjLY(CmS$wry0(Fi(+N8lB1JWPS)<= zXB3q$jDQ?N>A&E96Mfj3W9hw1HT5I+#Uz%DmZ|^AI=c(Vtr(ch$Zu>0xiS&{#8B0M zoTcG+R`fcCQnyK7G>_~u!rFAI3VcV&4f17?%&W!CHu=N>k|JR04=AU)pQH}J%t=(0 zj99WL_$!8DhE*juIFB(qyi!R3qh0CcrK*MUtwQaUsgNGo8uSIO#j7umOJ5(RK2N zUaHmzn}*YMAU;GH;gPL$y2dnR1@(pjhEGOJXlA$(zAZ$<)9n<0BS_cE=(#8ra@Itr_MD}@Ho%%KNXz95)MW$A+J&ajFcCU0 zQlk{B0r?U|O9uGikI|V_TJt9$Zx}(ZOM#{%(V1JHWg;@Ex%8uFNHR8CJYLK4G7j4MQ#%rcppOin%hxB)h%#Z0TP1?0may4C;*6Pa3h z{TliQ1H3hbStS2$3tf{6n@SP?xilt0-oJ~UVuZOhk!QGbH?8`)M83G6MzFuo5}ipr z5XD+NN*^By!`h-V%a2B7tY6Sxgy*)X_Qe0C2_sC}sXY&a#OXB3E+za%mRW9qEizLl zBR@tNVOEdElq9d3$h^!c*$XIpXUZ)}bQTF`{LFE9=@e6|xJ}BAo0&U|ko7eZ|E`p| z%LwlfY@Pgv8s;AcNJ?g_q5ESU3wwGP3UYzrB8j4;_47-Z1{BQEKjqOvr0}GyW;#<~ zohg<_MtUw8U{^^DahTk(lldP5ygsiVk$agbOojVbMu@WF2Fk*Ji!$Yt>@aA0i$STY zSbOO-(`bO;Q|LWg^;(@)oRQJ=_*8iFji@3t^L_$keukdaBlz27wkjSjQ(U$D^l0{M zB23Of!%t1@pGLw{Q_zr{$-c(H$OUMaS;;m`0&6Q8o?6N7X5rRtTttm$9m}ReaR+)H z{U)0Pi8piW7Ac<8E6oDM?1^<1-BQ!KRJ#9<6&+%^nA}H$YmF~ctZZ-TkZ}5 zmZR%0FrMdVIsY53lYm!0;TXB(WA1xgPJW+TOvvMV6m5+ka_{2uf*-igameaH-1mHd z$nek!#GQGZyTHh^4|3n&vgu1jGV{;e-_V%RpC{m(W1JDtaGZ=xZP&r*czp_imLNOh z^#Z1j9!t~@<`HimS z>+_=D;hUBIY<-~Oa|ad| zr+oSwzb-pIA}xlLFU9)FN5wz;^96Lb8yBa1hW9hRZcKa}yqcmPUNO+&14oE2N8xdC z%BR1~g|QKn^liN zY_VG{1!7#HSd?oo72^$1Vj;9ruaw~=HOblYMCjC_rG?faYq2BOQD7?;XIq!r><&?y z6dJW9APX*k%nc8BEV7CPUYgY+nr%f(ZN*qpD%y&rihv>Ng5rF8ZmGjwW_Fa>Vb%!Z zMd?YvF{hfA1}f>MuQf;bUp!rTA1_TP%WQh1atjGB6_6>?f+*IRv+086C>C^qpDlPW~F=_gx)1?!TEk~((Ycu!i#YRqb|;1&?P77#-*gi8{&;) z4e?{+Q*sO`sm8d}IOtwT8o`vKTnvpB%H6y#A8p>D94n8=Epyn+c5AK!?`Ez89}I5} z(JzNsNp6%{S5`yoG6g+2-k^*B_32z(rIU+FLX<=0&@qV|BtF}GlD?EguM7|`tb-%D zB#&0CSDxfh#4hC(3f*r|_7ET(P${74|BfcnMx@+efytTV zcps8Bg8YLX&TvE)I%^_F1cG+AG66N_k;4V}OE`|kmXc|Kpc_SG!m-=rMl@p$sn1g+ z7~nlbB%``E@}2^jYKagz!tihvEUF>{rCsgEV9!1B1Nk^Ky^mZjR~QrByV*-pNwDiS zQAj6FnHL|sbK$Wh|FxieD5WHB}#Z>KsaXQ#-6ma&$++0fFH?~MeEyis1z|v?Ms@S3 z7y%x&s$PS}aw-U3NnmOb%BOZ{;G6GNW_Nvx-^3cz@SX zcC_jOm8XHIc~qVYL8e>OxDY^AEW*r(8Zeb(QAY(Gu=P(g)^w@ts9T`(HPE)!1HeOp z*1D052wKuWHF%Ni2(RW`99Vng=#c`9IpOw$;c*Z%1ie;7 zs|8r!iHpG%j2Ga_O*b9{H7n?F_ng8e8h23rgvvvI+ezb!uW4vAG908WAuw5_&45iM z%nV`}PupFp5>(qpAJ#yp!4GyFh!@Y(c&&3X{E%1AyZb0X2d>i{L*a!5zA(BYXYjm# zE%XEto{SfusKSqQGSV63YyE;535-U7lAV6RwsfY2bzMIxEpqX%UpXi18E+gCN~x#5 za?bn+-?$VK+7HkRA%7Bse=?lQ_~l&YD-G0tffu~j!ek3D@f_|1n@ZSbWg;Q1kFlev z<&0Sahp%ChW-TKZV1=A912zTNr>1I<0L-CaxDn_Ljsa$vTX}pxgAZC(q#IG8x)!JW ze7wg8?5o{5>f4#a!7wk~7eSv~VfyfenuCKY2zHQb`w=dwO9QnQCJ*7@+z^;q=EcV= z*QNhVlG~-;H52c@VZSS?GNudo2KtH(;|no&9ns#I#^jp2L31 z!sb)h9J-jz9}QEkVDmyf+rYq~d)UNpfx0jlMzC4%ZUZL(JC}PKS&p(fBAgwA%f49yDW(07r8A(G(ST@ zuo#{F9G@`nXtcgaf~%L}cgzG91$=v?@%Yv$ZYl*?q!;XnB(p7W@!4o5-p zLO;D%e*NTqA{k4aBh+v58Z`%UJ+B?*Q)lR1Y!`{w{o2JepLLp8qb;U$D6 zdOmD|Og1HuljYd0g{69(^ZS2T^B2_Hmm{3jIkbLt)CO^|FNP0?OM0GUJ;gW^-@%DV SnQUbU2fTrgR%ydHEc_3Zj9NPY diff --git a/Samples/Fortinet FortiGate As Built Report.html b/Samples/Fortinet FortiGate As Built Report.html index 2979635..c910209 100644 --- a/Samples/Fortinet FortiGate As Built Report.html +++ b/Samples/Fortinet FortiGate As Built Report.html @@ -8,148 +8,149 @@ hr { margin-top: 1.0rem; } .portrait { background: white; width: 210mm; display: block; margin-top: 1rem; margin-left: auto; margin-right: auto; margin-bottom: 1rem; position: relative; border-style: solid; border-width: 1px; border-color: #c6c6c6; } .landscape { background: white; width: 297mm; display: block; margin-top: 1rem; margin-left: auto; margin-right: auto; margin-bottom: 1rem; position: relative; border-style: solid; border-width: 1px; border-color: #c6c6c6; } - .OK { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #000000; background-color: #48d597; } - .Title2 { font-family: 'Arial'; font-size: 1.50rem; text-align: center; font-weight: normal; color: #da291c; } .Title3 { font-family: 'Arial'; font-size: 1.00rem; text-align: left; font-weight: normal; color: #da291c; } + .Info { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #000000; background-color: #307fe2; } + .TableDefaultAltRow { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 0.92rem; text-align: left; font-weight: normal; color: #000000; background-color: #d0ddee; } + .Normal { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #565656; } .Heading5 { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #da291c; } - .Caption { font-family: 'Arial'; font-size: 0.83rem; text-align: center; font-weight: normal; font-style: italic; color: #565656; } + .OK { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #000000; background-color: #48d597; } + .TableDefaultRow { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #565656; } + .Footer { font-family: 'Arial'; font-size: 0.83rem; text-align: center; font-weight: normal; color: #565656; } + .NOTOCHeading4 { font-family: 'Arial'; font-size: 0.92rem; text-align: left; font-weight: normal; color: #da291c; } + .Warning { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #ffffff; background-color: #ffa52a; } + .TableDefaultHeading { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #ffffff; background-color: #da291c; } + .Heading6 { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 0.92rem; text-align: left; font-weight: normal; color: #1f3763; } + .Critical { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #ffffff; background-color: #a12d2d; } .Heading2 { font-family: 'Arial'; font-size: 1.17rem; text-align: left; font-weight: normal; color: #da291c; } + .TOC { font-family: 'Arial'; font-size: 1.33rem; text-align: left; font-weight: normal; color: #da291c; } + .Title { font-family: 'Arial'; font-size: 2.00rem; text-align: center; font-weight: normal; color: #000000; } + .Heading1 { font-family: 'Arial'; font-size: 1.33rem; text-align: left; font-weight: normal; color: #da291c; } .Heading3 { font-family: 'Arial'; font-size: 1.00rem; text-align: left; font-weight: normal; color: #da291c; } .Header { font-family: 'Arial'; font-size: 0.83rem; text-align: center; font-weight: normal; color: #565656; } .NOTOCHeading5 { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #da291c; } - .Critical { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #ffffff; background-color: #a12d2d; } - .Heading1 { font-family: 'Arial'; font-size: 1.33rem; text-align: left; font-weight: normal; color: #da291c; } - .TOC { font-family: 'Arial'; font-size: 1.33rem; text-align: left; font-weight: normal; color: #da291c; } - .Heading6 { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 0.92rem; text-align: left; font-weight: normal; color: #1f3763; } - .Info { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #000000; background-color: #307fe2; } - .Normal { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #565656; } - .TableDefaultAltRow { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 0.92rem; text-align: left; font-weight: normal; color: #000000; background-color: #d0ddee; } + .Title2 { font-family: 'Arial'; font-size: 1.50rem; text-align: center; font-weight: normal; color: #da291c; } .Heading4 { font-family: 'Arial'; font-size: 0.92rem; text-align: left; font-weight: normal; color: #da291c; } - .TableDefaultHeading { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #ffffff; background-color: #da291c; } - .Warning { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #ffffff; background-color: #ffa52a; } - .NOTOCHeading4 { font-family: 'Arial'; font-size: 0.92rem; text-align: left; font-weight: normal; color: #da291c; } - .Title { font-family: 'Arial'; font-size: 2.00rem; text-align: center; font-weight: normal; color: #000000; } - .TableDefaultRow { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #565656; } - .Footer { font-family: 'Arial'; font-size: 0.83rem; text-align: center; font-weight: normal; color: #565656; } - table.tabledefault { padding: 0.08rem 0.17rem 0.13rem 0.17rem; border-style: solid; border-width: 0.02rem; border-color: #da291c; border-collapse: collapse; } - table.tabledefault th { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #ffffff; background-color: #da291c; padding: 0.08rem 0.17rem 0.13rem 0.17rem; border-style: solid; border-width: 0.02rem; border-color: #da291c; border-collapse: collapse; } - table.tabledefault td { padding: 0.08rem 0.17rem 0.13rem 0.17rem; border-style: solid; border-width: 0.02rem; border-color: #da291c; border-collapse: collapse; } - table.tabledefault tr:nth-child(odd) { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #565656; padding: 0.08rem 0.17rem 0.13rem 0.17rem; border-style: solid; border-width: 0.02rem; border-color: #da291c; border-collapse: collapse; } - table.tabledefault tr:nth-child(even) { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #565656; padding: 0.08rem 0.17rem 0.13rem 0.17rem; border-style: solid; border-width: 0.02rem; border-color: #da291c; border-collapse: collapse; } + .Caption { font-family: 'Arial'; font-size: 0.83rem; text-align: center; font-weight: normal; font-style: italic; color: #565656; } table.borderless { padding: 0.08rem 0.33rem 0rem 0.33rem; border-style: none; border-collapse: collapse; } table.borderless th { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #565656; padding: 0.08rem 0.33rem 0rem 0.33rem; border-style: none; border-collapse: collapse; } table.borderless td { padding: 0.08rem 0.33rem 0rem 0.33rem; border-style: none; border-collapse: collapse; } table.borderless tr:nth-child(odd) { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #565656; padding: 0.08rem 0.33rem 0rem 0.33rem; border-style: none; border-collapse: collapse; } table.borderless tr:nth-child(even) { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #565656; padding: 0.08rem 0.33rem 0rem 0.33rem; border-style: none; border-collapse: collapse; } + table.tabledefault { padding: 0.08rem 0.17rem 0.13rem 0.17rem; border-style: solid; border-width: 0.02rem; border-color: #da291c; border-collapse: collapse; } + table.tabledefault th { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #ffffff; background-color: #da291c; padding: 0.08rem 0.17rem 0.13rem 0.17rem; border-style: solid; border-width: 0.02rem; border-color: #da291c; border-collapse: collapse; } + table.tabledefault td { padding: 0.08rem 0.17rem 0.13rem 0.17rem; border-style: solid; border-width: 0.02rem; border-color: #da291c; border-collapse: collapse; } + table.tabledefault tr:nth-child(odd) { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #565656; padding: 0.08rem 0.17rem 0.13rem 0.17rem; border-style: solid; border-width: 0.02rem; border-color: #da291c; border-collapse: collapse; } + table.tabledefault tr:nth-child(even) { font-family: 'Arial'; font-size: 0.83rem; text-align: left; font-weight: normal; color: #565656; padding: 0.08rem 0.17rem 0.13rem 0.17rem; border-style: solid; border-width: 0.02rem; border-color: #da291c; border-collapse: collapse; }











Fortinet FortiGate As Built Report

































- - + +
Author: 
Date:vendredi 15 mars 2024
Author:Alexis
Date:lundi 15 juillet 2024
Version:1.0

Fortinet FortiGate As Built Report - v1.0

Table of Contents

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
1Implementation Report FG181FTK22901829
1.1   FortiCare
1.2   System
1.2.1      Global
1.2.2      Settings
1.2.3      GUI Settings
1.2.4      DNS
1.2.5      DNS Server
1.2.6      Admin
1.2.7      Interfaces
1.3   Route
1.3.1      Summary
1.3.2      Route Monitor
1.3.3      Static Route
1.4   SD-WAN
1.4.1      Summary
1.4.2      Configuration
1.4.3      SD-WAN Zone
1.5   Firewall
1.5.1      Summary
1.5.2      Address
1.5.3      Address Group
1.5.4      IP Pool
1.5.5      Virtual IP
1.5.6      Policy Summary
1.5.7      Policy
1.5.7.1         Policy - Normal
1.5.7.2         Policy - Interface Pair
1.5.7.2.1            Policy: any => any
1.5.7.2.2            Policy: DCFW => FSA-DMZ
1.5.7.2.3            Policy: DCFW => FWLC
1.5.7.2.4            Policy: DCFW => ISFW-HA
1.5.7.2.5            Policy: DCFW => port36
1.5.7.2.6            Policy: DCFW => VPN-GCP
1.5.7.2.7            Policy: DCFW => VPN-SDB
1.5.7.2.8            Policy: DCFW => WLC-Staff
1.5.7.2.9            Policy: DCFW => WLC-Students
1.5.7.2.10            Policy: DCFW => WLC-Teachers
1.5.7.2.11            Policy: FITNUC => port36
1.5.7.2.12            Policy: FortiSASE => DCFW
1.5.7.2.13            Policy: FortiSASE => FortiSASE
1.5.7.2.14            Policy: FSA-DMZ => port36
1.5.7.2.15            Policy: FSA-DMZ2 => port36
1.5.7.2.16            Policy: FWLC => DCFW
1.5.7.2.17            Policy: FWLC => ISFW-HA
1.5.7.2.18            Policy: FWLC => port36
1.5.7.2.19            Policy: ISFW-HA => DCFW
1.5.7.2.20            Policy: ISFW-HA => FSA-DMZ
1.5.7.2.21            Policy: ISFW-HA => FWLC
1.5.7.2.22            Policy: ISFW-HA => ISFW-HA
1.5.7.2.23            Policy: ISFW-HA => port36
1.5.7.2.24            Policy: ISFW-HA => WLC-Staff
1.5.7.2.25            Policy: ISFW-HA => WLC-Students
1.5.7.2.26            Policy: ISFW-HA => WLC-Teachers
1.5.7.2.27            Policy: P22 => port36
1.5.7.2.28            Policy: port16 => port36
1.5.7.2.29            Policy: port36 => DCFW
1.5.7.2.30            Policy: port36 => FSA-DMZ
1.5.7.2.31            Policy: port36 => FWLC
1.5.7.2.32            Policy: port36 => ISFW-HA
1.5.7.2.33            Policy: port36 => P22
1.5.7.2.34            Policy: port36 => WLC-Staff
1.5.7.2.35            Policy: port36 => WLC-Students
1.5.7.2.36            Policy: port36 => WLC-Teachers
1.5.7.2.37            Policy: port4 => port36
1.5.7.2.38            Policy: VPN-GCP => any
1.5.7.2.39            Policy: VPN-SDB => any
1.5.7.2.40            Policy: WLC-Staff => DCFW
1.5.7.2.41            Policy: WLC-Staff => ISFW-HA
1.5.7.2.42            Policy: WLC-Staff => port36
1.5.7.2.43            Policy: WLC-Students => DCFW
1.5.7.2.44            Policy: WLC-Students => ISFW-HA
1.5.7.2.45            Policy: WLC-Students => port36
1.5.7.2.46            Policy: WLC-Teachers => DCFW
1.5.7.2.47            Policy: WLC-Teachers => ISFW-HA
1.5.7.2.48            Policy: WLC-Teachers => port36
1.6   User
1.6.1      Summary
1.6.2      User Group
1.6.3      LDAP
1.6.4      RADIUS
1.7   VPN IPsec
1.7.1      Summary
1.7.2      VPN IPsec Phase 1
1.7.2.1         Phase 1: FortiSASE
1.7.2.2         Phase 1: VPN-GCP
1.7.2.3         Phase 1: VPN-MPLS1
1.7.2.4         Phase 1: VPN-SDB
1.7.3      VPN IPsec Phase 2
1.7.3.1         Phase 2: FortiSASE (FortiSASE)
1.7.3.2         Phase 2: VPN-GCP (VPN-GCP)
1.7.3.3         Phase 2: VPN-SDB (VPN-SDB)
1.8   VPN SSL
1.8.1      Summary
1.8.2      VPN SSL Settings
1NGFW_PRI Configuration
1.1   FortiCare
1.2   System
1.2.1      Global
1.2.2      Settings
1.2.3      Feature GUI visibility
1.2.4      DNS
1.2.5      DNS Server
1.2.6      Admin
1.2.7      Interfaces
1.2.8      DHCP Server
1.3   Route
1.3.1      Summary
1.3.2      Route Monitor
1.3.3      Static Route
1.4   SD-WAN
1.4.1      Summary
1.4.2      Configuration
1.4.3      SD-WAN Zone
1.5   Firewall
1.5.1      Summary
1.5.2      Address
1.5.3      Address Group
1.5.4      IP Pool
1.5.5      Virtual IP
1.5.6      Policy Summary
1.5.7      Policy
1.5.7.1         Policy - Normal
1.5.7.2         Policy - Interface Pair
1.5.7.2.1            Policy: any => any
1.5.7.2.2            Policy: DCFW => FSA-DMZ
1.5.7.2.3            Policy: DCFW => FWLC
1.5.7.2.4            Policy: DCFW => ISFW-HA
1.5.7.2.5            Policy: DCFW => port36
1.5.7.2.6            Policy: DCFW => VPN-GCP
1.5.7.2.7            Policy: DCFW => VPN-SDB
1.5.7.2.8            Policy: DCFW => WLC-Staff
1.5.7.2.9            Policy: DCFW => WLC-Students
1.5.7.2.10            Policy: DCFW => WLC-Teachers
1.5.7.2.11            Policy: FITNUC => port36
1.5.7.2.12            Policy: FortiSASE => DCFW
1.5.7.2.13            Policy: FortiSASE => FortiSASE
1.5.7.2.14            Policy: FSA-DMZ => port36
1.5.7.2.15            Policy: FSA-DMZ2 => port36
1.5.7.2.16            Policy: FWLC => DCFW
1.5.7.2.17            Policy: FWLC => ISFW-HA
1.5.7.2.18            Policy: FWLC => port36
1.5.7.2.19            Policy: ISFW-HA => DCFW
1.5.7.2.20            Policy: ISFW-HA => FSA-DMZ
1.5.7.2.21            Policy: ISFW-HA => FWLC
1.5.7.2.22            Policy: ISFW-HA => ISFW-HA
1.5.7.2.23            Policy: ISFW-HA => port36
1.5.7.2.24            Policy: ISFW-HA => WLC-Staff
1.5.7.2.25            Policy: ISFW-HA => WLC-Students
1.5.7.2.26            Policy: ISFW-HA => WLC-Teachers
1.5.7.2.27            Policy: P22 => port36
1.5.7.2.28            Policy: port16 => port36
1.5.7.2.29            Policy: port36 => DCFW
1.5.7.2.30            Policy: port36 => FSA-DMZ
1.5.7.2.31            Policy: port36 => FWLC
1.5.7.2.32            Policy: port36 => ISFW-HA
1.5.7.2.33            Policy: port36 => P22
1.5.7.2.34            Policy: port36 => WLC-Staff
1.5.7.2.35            Policy: port36 => WLC-Students
1.5.7.2.36            Policy: port36 => WLC-Teachers
1.5.7.2.37            Policy: port4 => port36
1.5.7.2.38            Policy: VPN-GCP => any
1.5.7.2.39            Policy: VPN-SDB => any
1.5.7.2.40            Policy: WLC-Staff => DCFW
1.5.7.2.41            Policy: WLC-Staff => ISFW-HA
1.5.7.2.42            Policy: WLC-Staff => port36
1.5.7.2.43            Policy: WLC-Students => DCFW
1.5.7.2.44            Policy: WLC-Students => ISFW-HA
1.5.7.2.45            Policy: WLC-Students => port36
1.5.7.2.46            Policy: WLC-Teachers => DCFW
1.5.7.2.47            Policy: WLC-Teachers => ISFW-HA
1.5.7.2.48            Policy: WLC-Teachers => port36
1.6   User
1.6.1      Summary
1.6.2      User Group
1.6.3      LDAP
1.6.4      RADIUS
1.7   VPN IPsec
1.7.1      Summary
1.7.2      VPN IPsec Phase 1
1.7.2.1         Phase 1: FortiSASE
1.7.2.2         Phase 1: VPN-GCP
1.7.2.3         Phase 1: VPN-MPLS1
1.7.2.4         Phase 1: VPN-SDB
1.7.3      VPN IPsec Phase 2
1.7.3.1         Phase 2: FortiSASE (FortiSASE)
1.7.3.2         Phase 2: VPN-GCP (VPN-GCP)
1.7.3.3         Phase 2: VPN-SDB (VPN-SDB)
1.8   VPN SSL
1.8.1      Summary
1.8.2      VPN SSL Settings

Page 2
-
Fortinet FortiGate As Built Report - v1.0

1 Implementation Report FG181FTK22901829

The following section provides a summary of the implemented components on the Fortinet FortiGate infrastructure.

1.1 FortiCare

The following section details FortiCare settings configured on FortiGate.

+
Fortinet FortiGate As Built Report - v1.0

1 NGFW_PRI Configuration

The following provides as-built documentation for the Fortinet FortiGate FG181F firewalls NGFW_PRI (FG181FTK22901829).

1.1 FortiCare

The following table details FortiCare settings configured on FortiGate.

@@ -158,31 +159,65 @@
ModelFG181F
SerialFG181FTK22901829
CompanyTMG@Fortinet
Table 1 - FortiCare

+
The following table details FortiGuard subscriptions and services on FortiGate.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeStatusExpiration
Internet Service (SaaS) DatabaseUpdate FeedLicensed 
Device/OS DetectionUpdate FeedLicensed17/02/2025
Firmware UpdatesReal-time ServicesLicensed17/02/2025
Intrusion Prevention System (IPS)Update FeedLicensed17/02/2025
Blacklisted Certificates ServiceUpdate FeedLicensed17/02/2025
Application ControlUpdate FeedLicensed17/02/2025
Antivirus ServiceUpdate FeedLicensed17/02/2025
Botnet IP Reputation ServiceUpdate FeedLicensed 
Botnet Domain Reputation ServiceUpdate FeedLicensed17/02/2025
Mobile Malware ServiceUpdate FeedLicensed17/02/2025
Antispam ServiceReal-time ServicesLicensed17/02/2025
Outbreak PreventionReal-time ServicesLicensed17/02/2025
FortiCloud SandboxCloud ServicesLicensed17/02/2025
AI-based Inline Malware PreventionUpdate FeedLicensed17/02/2025
Web Filtering ServiceReal-time ServicesLicensed17/02/2025
Malicious URL DatabaseUpdate FeedLicensed17/02/2025
Security Fabric Rating and Compliance ServiceFeatureLicensed07/12/2024
Attack Surface Security RatingUpdate FeedLicensed17/02/2025
Outbreak Security Rating ServiceUpdate FeedLicensed17/02/2025
Inline SaaS Application Security (CASB)Update FeedLicensed17/02/2025
Data Leak PreventionUpdate FeedLicensed08/12/2024
OT Detection ServiceReal-time ServicesLicensed07/12/2024
IoT Detection ServiceReal-time ServicesLicensed07/12/2024
OT Virtual PatchingUpdate FeedLicensed17/02/2025
OT Industrial Signatures DatabaseUpdate FeedLicensed07/12/2024
OT Industrial Signatures DatabaseUpdate FeedLicensed17/02/2025
SD-WAN Network MonitorReal-time ServicesUnlicensed 
SD-WAN Overlay-as-a-ServiceCloud ServicesUnlicensed 
FortiSASE Private AccessCloud ServicesUnlicensed 
FortiSASE LAN ExtensionCloud ServicesUnlicensed 
+
Table 2 - FortiGuard Services

The following section details support settings configured on FortiGate.

TypeLevelStatusExpiration Date
HardwareAdvanced HWlicensed17/02/2025
EnhancedPremiumlicensed17/02/2025
-
Table 2 - Support

+
Table 3 - Support

The following section details firmware information on FortiGate.

- +
Installedv7.4.3
Installedv7.4.4
UpdateNo Update Available
Upgrade PathN/A
-
Table 3 - Firmware

-

1.2 System

The following section details system settings configured on FortiGate.

1.2.1 Global

+
Table 4 - Firmware

+

1.2 System

The following section details system settings configured on FortiGate.

1.2.1 Global

- +
NomNGFW_PRI
AliasFortiGate-1801F
RebootEveryday at 00:00
Recurring RebootEveryday at 00:00
Port SSH22
Port HTTP80
Port HTTPS443
HTTPS Redirectenable
-
Table 4 - Global

-

1.2.2 Settings

+
Table 5 - Global

+

1.2.2 Settings

@@ -190,8 +225,8 @@
OP Modenat
Central NATdisable
LLDP Transmissionglobal
Comments 
-
Table 5 - Settings

-

1.2.3 GUI Settings

+
Table 6 - Settings

+

1.2.3 Feature GUI visibility

@@ -218,26 +253,26 @@
Languageenglish
Themesecurity-fabric
ZTNAenable
OTenable
-
Table 6 - Settings

-

1.2.4 DNS

+
Table 7 - Feature GUI visibility

+

1.2.4 DNS

Primary96.45.45.45
Secondary96.45.46.46
Domainfortidemo.com
Protocoldot
-
Table 7 - DNS

-

1.2.5 DNS Server

+
Table 8 - DNS

+

1.2.5 DNS Server

NameModeDNS Filter ProfileDOH
FortiLinkforward-onlydefaultdisable
-
Table 8 - DNS Server

-

1.2.6 Admin

+
Table 9 - DNS Server

+

1.2.6 Admin

NameProfileTrusted HostsMFA
demoReadOnlyAlldisable
-
Table 9 - Administrator

-

1.2.7 Interfaces

+
Table 10 - Administrator

+

1.2.7 Interfaces

@@ -271,7 +306,7 @@ - + @@ -312,15 +347,121 @@
NameAlias (Description)RoleTypeVlan IDModeIP AddressStatus
DCFWDCFWlanvlan2static10.88.2.254/255.255.255.0up
FITNUC lanvlan111static10.100.1.254/255.255.255.0up
port4 lanphysical0static192.168.20.1/255.255.255.0up
port5 n/aphysical0static0.0.0.0/0.0.0.0up
port6 n/aphysical0static0.0.0.0/0.0.0.0up
port7 n/aphysical0static0.0.0.0/0.0.0.0up
port7 n/aphysical0static0.0.0.0/0.0.0.0down
port8 n/aphysical0static0.0.0.0/0.0.0.0up
port9 n/aphysical0static0.0.0.0/0.0.0.0up
port10 n/aphysical0static0.0.0.0/0.0.0.0up
voi.FortiLink(Fortivoice VLAN)n/avlan4091static0.0.0.0/0.0.0.0up
vsw.FortiLink n/avlan1static0.0.0.0/0.0.0.0up
-
Table 10 - Interface

-

1.3 Route

The following section details route settings configured on FortiGate.

1.3.1 Summary

The following section provides a summary of route settings.

+
Table 11 - Interface

+

1.2.8 DHCP Server

+ + + + + + + +
idStatusInterfaceRangeNetmaskGateway
1enablemgmt1192.168.1.110-192.168.1.210255.255.255.0192.168.1.99
2enableFortiLink169.254.1.2-169.254.1.254255.255.255.0169.254.1.1
3enableFITNUC10.100.1.100-10.100.1.253255.255.255.010.100.1.254
4enableonboarding169.254.11.2-169.254.11.254255.255.255.0169.254.11.1
5enablenac_segment10.255.11.2-10.255.11.254255.255.255.010.255.11.1
6enableport4192.168.20.2-192.168.20.254255.255.255.0192.168.20.1
+
Table 12 - DHCP Server

+

DHCP: 1 - mgmt1


+ + + + + + + + + + + + +
id1
Statusenable
Lease Time604800
Interfacemgmt1
Start IP192.168.1.110
End IP192.168.1.210
Netmask255.255.255.0
Gateway192.168.1.99
DNS 
Domain 
NTP 
+
Table 13 - DHCP 1 - mgmt1

+

DHCP: 2 - FortiLink


+ + + + + + + + + + + + +
id2
Statusenable
Lease Time604800
InterfaceFortiLink
Start IP169.254.1.2
End IP169.254.1.254
Netmask255.255.255.0
Gateway169.254.1.1
DNS 
Domain 
NTP 
+
Table 14 - DHCP 2 - FortiLink

+

DHCP: 3 - FITNUC


+ + + + + + + + + + + + +
id3
Statusenable
Lease Time604800
InterfaceFITNUC
Start IP10.100.1.100
End IP10.100.1.253
Netmask255.255.255.0
Gateway10.100.1.254
DNS 
Domain 
NTP 
+
Table 15 - DHCP 3 - FITNUC

+

DHCP: 4 - onboarding


+ + + + + + + + + + + + +
id4
Statusenable
Lease Time300
Interfaceonboarding
Start IP169.254.11.2
End IP169.254.11.254
Netmask255.255.255.0
Gateway169.254.11.1
DNS 
Domain 
NTP 
+
Table 16 - DHCP 4 - onboarding

+

DHCP: 5 - nac_segment


+ + + + + + + + + + + + +
id5
Statusenable
Lease Time300
Interfacenac_segment
Start IP10.255.11.2
End IP10.255.11.254
Netmask255.255.255.0
Gateway10.255.11.1
DNS 
Domain 
NTP 
+
Table 17 - DHCP 5 - nac_segment

+

DHCP: 6 - port4


+ + + + + + + + + + + + +
id6
Statusenable
Lease Time604800
Interfaceport4
Start IP192.168.20.2
End IP192.168.20.254
Netmask255.255.255.0
Gateway192.168.20.1
DNS 
Domain 
NTP 
+
Table 18 - DHCP 6 - port4

+

DHCP Leases

+ + + +
IPMACHostnameStatusReservedExpire Time
192.168.20.21c:69:7a:6c:eb:81DESKTOP-V4OP5S9leasedFalse07/21/2024 09:03:56
169.254.1.2d4:76:a0:a2:ce:59S448ENTF21001605leasedFalse07/21/2024 09:05:59
+
Table 19 - DHCP Server Reserved Address

+

1.3 Route

The following section details route settings configured on FortiGate.

1.3.1 Summary

The following section provides a summary of route settings.

Monitor Route28
Static Route12
Policy Based Route0
-
Table 11 - Summary

-

1.3.2 Route Monitor

+
Table 20 - Summary

+

1.3.2 Route Monitor

@@ -351,8 +492,8 @@
TypeIP/MaskGatewayInterfaceDistance/Metric/Priority
static0.0.0.0/0172.30.72.254port3610 / 0 / 1
connect10.10.1.0/240.0.0.0FortiSASE0 / 0 / 0
connect172.30.72.0/240.0.0.0port360 / 0 / 0
connect192.168.20.0/240.0.0.0port40 / 0 / 0
-
Table 12 - Route Monitor

-

1.3.3 Static Route

+
Table 21 - Route Monitor

+

1.3.3 Static Route

@@ -367,42 +508,40 @@
StatusDestinationGatewayInterfaceDistance/Weight/Priority
enable0.0.0.0 0.0.0.0172.30.72.254port3610 / 0 / 1
enable10.88.101.0 255.255.255.010.88.12.99ISFW-HA10 / 0 / 1
enableVPN-GCP_remote34.125.159.157VPN-GCP10 / 0 / 1
enableVPN-SDB_remote96.45.34.228VPN-SDB10 / 0 / 1
-
Table 13 - Static Route

-

1.4 SD-WAN

The following section details SD-WAN settings configured on FortiGate.

1.4.1 Summary

The following section provides a summary of SD-WAN settings.

+
Table 22 - Static Route

+

1.4 SD-WAN

The following section details SD-WAN settings configured on FortiGate.

1.4.1 Summary

The following section provides a summary of SD-WAN settings.

Zone1
Member0
Health Check0
Rules0
-
Table 14 - Summary

-

1.4.2 Configuration

The following section provides configuration of SD-WAN settings.

+
Table 23 - Summary

+

1.4.2 Configuration

The following section provides configuration of SD-WAN settings.

Statusdisable
Load Balance Modesource-ip-based
Neighbor Hold Downdisable
Fail Detectdisable
-
Table 15 - Configuration

-

1.4.3 SD-WAN Zone

+
Table 24 - Configuration

+

1.4.3 SD-WAN Zone

NameService SLA
virtual-wan-linkcfg-order
-
Table 16 - SD-WAN Zone

-

1.5 Firewall

The following section details firewall settings configured on FortiGate.

1.5.1 Summary

The following section provides a summary of firewall settings.

+
Table 25 - SD-WAN Zone

+

1.5 Firewall

The following section details firewall settings configured on FortiGate.

1.5.1 Summary

The following section provides a summary of firewall settings.

- + - +
Address86 (Not use: 56 / 65.12%)
Address91 (Not use: 57 / 62.64%)
Group9 (Not use: 1 / 11.11%)
IP Pool1 (Not use: 0 / 0%)
Virtual IP16 (Not use: 0 / 0%)
Policy29 (Disabled: 0)
Policy28 (Disabled: 0)
-
Table 17 - Summary

-

1.5.2 Address

+
Table 26 - Summary

+

1.5.2 Address

- - @@ -439,12 +578,18 @@ + + + + + + @@ -473,6 +618,7 @@ + @@ -487,26 +633,26 @@
NameTypeValueInterfaceCommentref
10.100.10.0ipmask255.255.255.0/255.255.255.255  1
104.100.76.98@2024-02-28_08:41:13ipmask104.100.76.98/255.255.255.255 autocreated at 2024-02-28 08:41:131
192.168.20.2@2024-02-28_08:41:13ipmask192.168.20.2/255.255.255.255 autocreated at 2024-02-28 08:41:131
Cloud_FAP-Engipmask10.88.110.201/255.255.255.255FortiLink 1
Cloud_FAP-Finipmask10.88.120.200/255.255.255.255FortiLink 1
Cloud_FAP-Salesipmask10.88.130.154/255.255.255.255FortiLink 1
FCTEMS_ALL_FORTICLOUD_SERVERSdynamic10.88.120.200/255.255.255.255  0
FIREWALL_AUTH_PORTAL_ADDRESSipmask0.0.0.0/0.0.0.0  0
FSA-Admin-swipmask10.88.23.8/255.255.255.255FSA-DMZ 1
FortiEDR_8.8.8.8iprange10.88.23.8/255.255.255.255 FortiEDR Event ID - 126361441
FortiEDR_54.73.53.134iprange10.88.23.8/255.255.255.255 FortiEDR Event ID - 91748451
FortiEDR_54.161.222.85iprange10.88.23.8/255.255.255.255 FortiEDR Event ID - 88544671
FortiEDR_74.125.34.46iprange10.88.23.8/255.255.255.255 FortiEDR Event ID - 107229341
FortiEDR_104.20.98.10iprange10.88.23.8/255.255.255.255 FortiEDR Event ID - 132089001
FortiEDR_137.117.86.90iprange10.88.23.8/255.255.255.255 FortiEDR Event ID - 127076111
FortiEDR_139.178.89.198iprange10.88.23.8/255.255.255.255 FortiEDR Event ID - 126440521
FortiEDR_142.4.205.47iprange10.88.23.8/255.255.255.255 FortiEDR Event ID - 1058641
FortiEDR_166.1.173.27iprange10.88.23.8/255.255.255.255 FortiEDR Event ID - 115970211
FortiEDR_178.33.158.0iprange10.88.23.8/255.255.255.255 FortiEDR Event ID - 132087321
FortiEDR_188.114.96.7iprange10.88.23.8/255.255.255.255 FortiEDR Event ID - 91748221
FortiEDR_239.255.255.250iprange10.88.23.8/255.255.255.255 FortiEDR Event ID - 133073651
FortiSASE_local_subnet_1ipmask10.88.2.0/255.255.255.0  1
ISFW-HA addressinterface-subnet10.88.2.0/255.255.255.0  0
MAC_EMS1_ZTNA_EDR-Classificationdynamic10.88.2.0/255.255.255.0  0
MAC_FCTEMS0000099518_testdynamic10.88.2.0/255.255.255.0  0
SDB-TXipmask172.31.112.254/255.255.255.255  1
SSLVPN_TUNNEL_ADDR1iprange172.31.112.254/255.255.255.255  0
UNUSED addressinterface-subnet172.31.112.254/255.255.255.255  0
VAN_NAT_1ipmask208.91.114.4/255.255.255.255  1
VPN-GCP_local_subnet_1ipmask10.88.2.0/255.255.255.0  1
VPN-GCP_local_subnet_2ipmask10.88.210.0/255.255.255.0  1
qtn.mac_00:00:00:00:00:00mac0.0.0.0/0.0.0.0 Quarantine dummy MAC to keep the addrgrp1
qtn.mac_1c:69:7a:6c:eb:81mac0.0.0.0/0.0.0.0 Quarantine MAC1
-
Table 18 - Address

-

1.5.3 Address Group

+
Table 27 - Address

+

1.5.3 Address Group

- +
NameMemberCommentRef
BAD_GUYSVAN_NAT_1 1
FortiEDR_Malicious_Destinations Members of this group will be automatically added by FortiEDR1
FortiSASE_localFortiSASE_local_subnet_1VPN: FortiSASE (Created by VPN wizard)1
FortiXDR_Malicious_DestinationsFortiEDR_142.4.205.47, FortiEDR_54.161.222.85, FortiEDR_188.114.96.7, FortiEDR_54.73.53.134, FortiEDR_74.125.34.46, FortiEDR_166.1.173.27 1
FortiXDR_Malicious_DestinationsFortiEDR_142.4.205.47, FortiEDR_54.161.222.85, FortiEDR_188.114.96.7, FortiEDR_54.73.53.134, FortiEDR_74.125.34.46, FortiEDR_166.1.173.27, FortiEDR_8.8.8.8, FortiEDR_139.178.89.198, FortiEDR_137.117.86.90, FortiEDR_178.33.158.0, FortiEDR_104.20.98.10, FortiEDR_239.255.255.250 1
QuarantinedDevicesqtn.mac_00:00:00:00:00:00, qtn.mac_1c:69:7a:6c:eb:81 0
VPN-GCP_localVPN-GCP_local_subnet_1, VPN-GCP_local_subnet_2, VPN-GCP_local_subnet_3VPN: VPN-GCP (Created by VPN wizard)3
VPN-GCP_remoteVPN-GCP_remote_subnet_1VPN: VPN-GCP (Created by VPN wizard)4
VPN-SDB_localVPN-SDB_local_subnet_1, VPN-SDB_local_subnet_2, VPN-SDB_local_subnet_3, VPN-SDB_local_subnet_4VPN: VPN-SDB (Created by VPN wizard)3
VPN-SDB_remoteVPN-SDB_remote_subnet_1VPN: VPN-SDB (Created by VPN wizard)4
-
Table 19 - Address Group

-

1.5.4 IP Pool

+
Table 28 - Address Group

+

1.5.4 IP Pool

NameInterfaceTypeStart IPEnd IPSource Start IPSource End IPCommentsRef
FSAport3 overload172.30.72.105172.30.72.1050.0.0.00.0.0.0 1
-
Table 20 - Virtual IP

-

1.5.5 Virtual IP

+
Table 29 - Virtual IP

+

1.5.5 Virtual IP

@@ -523,26 +669,26 @@ - +
NameInterfaceExternal IPMapped IPProtocolExternal PortMapped PortCommentRef
FortiSandbox-VIPport36172.30.72.8010.88.23.8tcp0-655350-65535 1
FortiMail IBEport36172.30.72.17610.88.11.1tcp0-655350-65535 1
LANEdge-VIPport36172.30.72.15610.88.12.99tcp0-655350-65535 2
FortiAP-VIP ISFW-Eport36172.30.72.15710.88.101.99tcp0-655350-65535 2
ISFW_BLDG-Fport36172.30.72.15810.88.120.254tcp0-655350-65535 1
ISFW_BLDG-Bport36172.30.72.15910.88.130.254tcp0-655350-65535 1
ISFW_BLDG-Bport36172.30.72.15910.88.103.99tcp0-655350-65535 1
-
Table 21 - Virtual IP

-

1.5.6 Policy Summary

The following section provides a policy summary of firewall settings.

+
Table 30 - Virtual IP

+

1.5.6 Policy Summary

The following section provides a policy summary of firewall settings.

- - - - - - - - -
Policy29
Enabled29 (100%)
Deny1 (3.45%)
NAT13 (44.83%)
LoggingAll: 22 (75.86%) UTM: 7 (24.14%) Disable: 0 (0%)
Unnamed1 (3.45%)
Comments13 (44.83%)
SSH/SSH Inspection8 (27.59%)
-
Table 22 - Policy Summary

-

1.5.7 Policy

1.5.7.1 Policy - Normal

+ + + + + + + + + +
Policy28
Enabled28 (100%)
Deny1 (3.57%)
NAT12 (42.86%)
LoggingAll: 21 (75%) UTM: 7 (25%) Disable: 0 (0%)
Unnamed0 (0%)
Comments12 (42.86%)
Comments (with Copy, Clone or Reverse)5 (41.67%)
SSH/SSH Inspection7 (25%)
+
Table 31 - Policy Summary

+

1.5.7 Policy

1.5.7.1 Policy - Normal

- @@ -570,261 +716,260 @@
NameFromToSourceDestinationServiceActionNATLogComments
Block Malicious by FortiEDRDCFW, FWLC, ISFW-HA, WLC-Staff, WLC-Students, WLC-Teachersport36allFortiEDR_Malicious_Destinations, FortiXDR_Malicious_DestinationsALLdenydisableall 
DNSanyanyallallSYSLOG, DNSacceptenableall 
 port4port36192.168.20.2@2024-02-28_08:41:13104.100.76.98@2024-02-28_08:41:13HTTPacceptenableallautocreated at 2024-02-28 08:41:13
FIT - Intel NUC outboundFITNUC, port4port36allallALLacceptenableall 
Allow FSA AccessFSA-DMZport36FSA-Admin-swallALLacceptenableutm 
WAN-IBEport36P22allFortiMail IBEALLacceptdisableutm 
vpn_FortiSASE_spoke2spoke_0FortiSASEFortiSASEallallALLacceptdisableutmVPN: FortiSASE (Created by VPN wizard)
Guestport16port36allallALLacceptdisableall 
-
Table 23 - Policy

-

1.5.7.2 Policy - Interface Pair

1.5.7.2.1 Policy: any => any
+
Table 32 - Policy

+

1.5.7.2 Policy - Interface Pair

1.5.7.2.1 Policy: any => any
NameSourceDestinationServiceActionNATLogComments
DNSallallSYSLOG, DNSacceptenableall 
Allow-DNSallallSYSLOGacceptenableall 
PolicyinallallALLacceptdisableall 
-
Table 24 - Policy - any => any

-
1.5.7.2.2 Policy: DCFW => FSA-DMZ
+
Table 33 - Policy - any => any

+
1.5.7.2.2 Policy: DCFW => FSA-DMZ
NameSourceDestinationServiceActionNATLogComments
ISFW-FSAallallALLacceptenableall 
-
Table 25 - Policy - DCFW => FSA-DMZ

-
1.5.7.2.3 Policy: DCFW => FWLC
+
Table 34 - Policy - DCFW => FSA-DMZ

+
1.5.7.2.3 Policy: DCFW => FWLC
NameSourceDestinationServiceActionNATLogComments
DC-ISallallALLacceptenableallReverse of ISFW-DCFW
-
Table 26 - Policy - DCFW => FWLC

-
1.5.7.2.4 Policy: DCFW => ISFW-HA
+
Table 35 - Policy - DCFW => FWLC

+
1.5.7.2.4 Policy: DCFW => ISFW-HA
NameSourceDestinationServiceActionNATLogComments
DC-ISallallALLacceptenableallReverse of ISFW-DCFW
-
Table 27 - Policy - DCFW => ISFW-HA

-
1.5.7.2.5 Policy: DCFW => port36
+
Table 36 - Policy - DCFW => ISFW-HA

+
1.5.7.2.5 Policy: DCFW => port36
NameSourceDestinationServiceActionNATLogComments
Block Malicious by FortiEDRallFortiEDR_Malicious_Destinations, FortiXDR_Malicious_DestinationsALLdenydisableall 
ISFW-WANallallALLacceptenableallSkip ISFWs will Scan
-
Table 28 - Policy - DCFW => port36

-
1.5.7.2.6 Policy: DCFW => VPN-GCP
+
Table 37 - Policy - DCFW => port36

+
1.5.7.2.6 Policy: DCFW => VPN-GCP
NameSourceDestinationServiceActionNATLogComments
vpn_VPN-GCP_local_0VPN-GCP_localVPN-GCP_remoteALLacceptdisableutmVPN: VPN-GCP (Created by VPN wizard)
-
Table 29 - Policy - DCFW => VPN-GCP

-
1.5.7.2.7 Policy: DCFW => VPN-SDB
+
Table 38 - Policy - DCFW => VPN-GCP

+
1.5.7.2.7 Policy: DCFW => VPN-SDB
NameSourceDestinationServiceActionNATLogComments
vpn_VPN-SDB_local_0VPN-SDB_localVPN-SDB_remoteALLacceptdisableutmVPN: VPN-SDB (Created by VPN wizard)
-
Table 30 - Policy - DCFW => VPN-SDB

-
1.5.7.2.8 Policy: DCFW => WLC-Staff
+
Table 39 - Policy - DCFW => VPN-SDB

+
1.5.7.2.8 Policy: DCFW => WLC-Staff
NameSourceDestinationServiceActionNATLogComments
DC-ISallallALLacceptenableallReverse of ISFW-DCFW
-
Table 31 - Policy - DCFW => WLC-Staff

-
1.5.7.2.9 Policy: DCFW => WLC-Students
+
Table 40 - Policy - DCFW => WLC-Staff

+
1.5.7.2.9 Policy: DCFW => WLC-Students
NameSourceDestinationServiceActionNATLogComments
DC-ISallallALLacceptenableallReverse of ISFW-DCFW
-
Table 32 - Policy - DCFW => WLC-Students

-
1.5.7.2.10 Policy: DCFW => WLC-Teachers
+
Table 41 - Policy - DCFW => WLC-Students

+
1.5.7.2.10 Policy: DCFW => WLC-Teachers
NameSourceDestinationServiceActionNATLogComments
DC-ISallallALLacceptenableallReverse of ISFW-DCFW
-
Table 33 - Policy - DCFW => WLC-Teachers

-
1.5.7.2.11 Policy: FITNUC => port36
+
Table 42 - Policy - DCFW => WLC-Teachers

+
1.5.7.2.11 Policy: FITNUC => port36
NameSourceDestinationServiceActionNATLogComments
FIT - Intel NUC outboundallallALLacceptenableall 
-
Table 34 - Policy - FITNUC => port36

-
1.5.7.2.12 Policy: FortiSASE => DCFW
+
Table 43 - Policy - FITNUC => port36

+
1.5.7.2.12 Policy: FortiSASE => DCFW
NameSourceDestinationServiceActionNATLogComments
vpn_FortiSASE_spoke2hub_0allFortiSASE_localALLacceptdisableutmVPN: FortiSASE (Created by VPN wizard)
-
Table 35 - Policy - FortiSASE => DCFW

-
1.5.7.2.13 Policy: FortiSASE => FortiSASE
+
Table 44 - Policy - FortiSASE => DCFW

+
1.5.7.2.13 Policy: FortiSASE => FortiSASE
NameSourceDestinationServiceActionNATLogComments
vpn_FortiSASE_spoke2spoke_0allallALLacceptdisableutmVPN: FortiSASE (Created by VPN wizard)
-
Table 36 - Policy - FortiSASE => FortiSASE

-
1.5.7.2.14 Policy: FSA-DMZ => port36
+
Table 45 - Policy - FortiSASE => FortiSASE

+
1.5.7.2.14 Policy: FSA-DMZ => port36
NameSourceDestinationServiceActionNATLogComments
Allow FSA AccessFSA-Admin-swallALLacceptenableutm 
-
Table 37 - Policy - FSA-DMZ => port36

-
1.5.7.2.15 Policy: FSA-DMZ2 => port36
+
Table 46 - Policy - FSA-DMZ => port36

+
1.5.7.2.15 Policy: FSA-DMZ2 => port36
NameSourceDestinationServiceActionNATLogComments
FSA-DMZ-WANallallALLacceptenableall 
-
Table 38 - Policy - FSA-DMZ2 => port36

-
1.5.7.2.16 Policy: FWLC => DCFW
+
Table 47 - Policy - FSA-DMZ2 => port36

+
1.5.7.2.16 Policy: FWLC => DCFW
NameSourceDestinationServiceActionNATLogComments
IS-DCallallALLacceptdisableall 
-
Table 39 - Policy - FWLC => DCFW

-
1.5.7.2.17 Policy: FWLC => ISFW-HA
+
Table 48 - Policy - FWLC => DCFW

+
1.5.7.2.17 Policy: FWLC => ISFW-HA
NameSourceDestinationServiceActionNATLogComments
IS-DCallallALLacceptdisableall 
-
Table 40 - Policy - FWLC => ISFW-HA

-
1.5.7.2.18 Policy: FWLC => port36
+
Table 49 - Policy - FWLC => ISFW-HA

+
1.5.7.2.18 Policy: FWLC => port36
NameSourceDestinationServiceActionNATLogComments
Block Malicious by FortiEDRallFortiEDR_Malicious_Destinations, FortiXDR_Malicious_DestinationsALLdenydisableall 
Wireless-WLCallallALLacceptenableall 
-
Table 41 - Policy - FWLC => port36

-
1.5.7.2.19 Policy: ISFW-HA => DCFW
+
Table 50 - Policy - FWLC => port36

+
1.5.7.2.19 Policy: ISFW-HA => DCFW
NameSourceDestinationServiceActionNATLogComments
IS-DCallallALLacceptdisableall 
-
Table 42 - Policy - ISFW-HA => DCFW

-
1.5.7.2.20 Policy: ISFW-HA => FSA-DMZ
+
Table 51 - Policy - ISFW-HA => DCFW

+
1.5.7.2.20 Policy: ISFW-HA => FSA-DMZ
NameSourceDestinationServiceActionNATLogComments
ISFW-FSAallallALLacceptenableall 
-
Table 43 - Policy - ISFW-HA => FSA-DMZ

-
1.5.7.2.21 Policy: ISFW-HA => FWLC
+
Table 52 - Policy - ISFW-HA => FSA-DMZ

+
1.5.7.2.21 Policy: ISFW-HA => FWLC
NameSourceDestinationServiceActionNATLogComments
DC-ISallallALLacceptenableallReverse of ISFW-DCFW
-
Table 44 - Policy - ISFW-HA => FWLC

-
1.5.7.2.22 Policy: ISFW-HA => ISFW-HA
+
Table 53 - Policy - ISFW-HA => FWLC

+
1.5.7.2.22 Policy: ISFW-HA => ISFW-HA
NameSourceDestinationServiceActionNATLogComments
IS-DCallallALLacceptdisableall 
DC-ISallallALLacceptenableallReverse of ISFW-DCFW
-
Table 45 - Policy - ISFW-HA => ISFW-HA

-
1.5.7.2.23 Policy: ISFW-HA => port36
+
Table 54 - Policy - ISFW-HA => ISFW-HA

+
1.5.7.2.23 Policy: ISFW-HA => port36
NameSourceDestinationServiceActionNATLogComments
Block Malicious by FortiEDRallFortiEDR_Malicious_Destinations, FortiXDR_Malicious_DestinationsALLdenydisableall 
ISFW-WANallallALLacceptenableallSkip ISFWs will Scan
-
Table 46 - Policy - ISFW-HA => port36

-
1.5.7.2.24 Policy: ISFW-HA => WLC-Staff
+
Table 55 - Policy - ISFW-HA => port36

+
1.5.7.2.24 Policy: ISFW-HA => WLC-Staff
NameSourceDestinationServiceActionNATLogComments
DC-ISallallALLacceptenableallReverse of ISFW-DCFW
-
Table 47 - Policy - ISFW-HA => WLC-Staff

-
1.5.7.2.25 Policy: ISFW-HA => WLC-Students
+
Table 56 - Policy - ISFW-HA => WLC-Staff

+
1.5.7.2.25 Policy: ISFW-HA => WLC-Students
NameSourceDestinationServiceActionNATLogComments
DC-ISallallALLacceptenableallReverse of ISFW-DCFW
-
Table 48 - Policy - ISFW-HA => WLC-Students

-
1.5.7.2.26 Policy: ISFW-HA => WLC-Teachers
+
Table 57 - Policy - ISFW-HA => WLC-Students

+
1.5.7.2.26 Policy: ISFW-HA => WLC-Teachers
NameSourceDestinationServiceActionNATLogComments
DC-ISallallALLacceptenableallReverse of ISFW-DCFW
-
Table 49 - Policy - ISFW-HA => WLC-Teachers

-
1.5.7.2.27 Policy: P22 => port36
+
Table 58 - Policy - ISFW-HA => WLC-Teachers

+
1.5.7.2.27 Policy: P22 => port36
NameSourceDestinationServiceActionNATLogComments
IBE-WANallallALLacceptdisableutm 
-
Table 50 - Policy - P22 => port36

-
1.5.7.2.28 Policy: port16 => port36
+
Table 59 - Policy - P22 => port36

+
1.5.7.2.28 Policy: port16 => port36
NameSourceDestinationServiceActionNATLogComments
GuestallallALLacceptdisableall 
-
Table 51 - Policy - port16 => port36

-
1.5.7.2.29 Policy: port36 => DCFW
+
Table 60 - Policy - port16 => port36

+
1.5.7.2.29 Policy: port36 => DCFW
NameSourceDestinationServiceActionNATLogComments
WAN to DCFW_VIP NATSDB-TXFGT_DCFW_VIPGALLacceptenableall (Copy of WAN_DCFW_VIP)
WAN_DCFW_VIPallFGT_DCFW_VIPGALLacceptdisableall 
-
Table 52 - Policy - port36 => DCFW

-
1.5.7.2.30 Policy: port36 => FSA-DMZ
+
Table 61 - Policy - port36 => DCFW

+
1.5.7.2.30 Policy: port36 => FSA-DMZ
NameSourceDestinationServiceActionNATLogComments
FSA-MGMT-VIPallFortiSandbox-VIP, FortiSandbox-Slave-IPALL_ICMP, HTTP, HTTPS, OFTP, SSH, RADIUSacceptdisableall 
-
Table 53 - Policy - port36 => FSA-DMZ

-
1.5.7.2.31 Policy: port36 => FWLC
+
Table 62 - Policy - port36 => FSA-DMZ

+
1.5.7.2.31 Policy: port36 => FWLC
NameSourceDestinationServiceActionNATLogComments
WAN-FWLC-VIPallWLC VIP, WLM_VIPALLacceptdisableall 
-
Table 54 - Policy - port36 => FWLC

-
1.5.7.2.32 Policy: port36 => ISFW-HA
+
Table 63 - Policy - port36 => FWLC

+
1.5.7.2.32 Policy: port36 => ISFW-HA
NameSourceDestinationServiceActionNATLogComments
WAN_ISFW_VIPallLANEdge-VIPALLacceptdisableall (Copy of WAN_DCFW_VIP)
WAN_ISFWs_VIPallISFW_BLDG-F, ISFW_BLDG-B, FortiAP-VIP ISFW-E, LANEdge-VIPALLacceptdisableall (Copy of WAN_DCFW_VIP) (Copy of WAN_ISFW-E_VIP) (Copy of WAN_ISFW-F_VIP)
WAN_FortiAP-VIP ISFW-E_VIPallFortiAP-VIP ISFW-EALLacceptdisableall (Copy of WAN_DCFW_VIP)
-
Table 55 - Policy - port36 => ISFW-HA

-
1.5.7.2.33 Policy: port36 => P22
+
Table 64 - Policy - port36 => ISFW-HA

+
1.5.7.2.33 Policy: port36 => P22
NameSourceDestinationServiceActionNATLogComments
WAN-IBEallFortiMail IBEALLacceptdisableutm 
-
Table 56 - Policy - port36 => P22

-
1.5.7.2.34 Policy: port36 => WLC-Staff
+
Table 65 - Policy - port36 => P22

+
1.5.7.2.34 Policy: port36 => WLC-Staff
NameSourceDestinationServiceActionNATLogComments
WAN-FWLC-VIPallWLC VIP, WLM_VIPALLacceptdisableall 
-
Table 57 - Policy - port36 => WLC-Staff

-
1.5.7.2.35 Policy: port36 => WLC-Students
+
Table 66 - Policy - port36 => WLC-Staff

+
1.5.7.2.35 Policy: port36 => WLC-Students
NameSourceDestinationServiceActionNATLogComments
WAN-FWLC-VIPallWLC VIP, WLM_VIPALLacceptdisableall 
-
Table 58 - Policy - port36 => WLC-Students

-
1.5.7.2.36 Policy: port36 => WLC-Teachers
+
Table 67 - Policy - port36 => WLC-Students

+
1.5.7.2.36 Policy: port36 => WLC-Teachers
NameSourceDestinationServiceActionNATLogComments
WAN-FWLC-VIPallWLC VIP, WLM_VIPALLacceptdisableall 
-
Table 59 - Policy - port36 => WLC-Teachers

-
1.5.7.2.37 Policy: port4 => port36
+
Table 68 - Policy - port36 => WLC-Teachers

+
1.5.7.2.37 Policy: port4 => port36
-
NameSourceDestinationServiceActionNATLogComments
 192.168.20.2@2024-02-28_08:41:13104.100.76.98@2024-02-28_08:41:13HTTPacceptenableallautocreated at 2024-02-28 08:41:13
FIT - Intel NUC outboundallallALLacceptenableall 
-
Table 60 - Policy - port4 => port36

-
1.5.7.2.38 Policy: VPN-GCP => any
+
Table 69 - Policy - port4 => port36

+
1.5.7.2.38 Policy: VPN-GCP => any
NameSourceDestinationServiceActionNATLogComments
vpn_VPN-GCP_remote_0VPN-GCP_remoteVPN-GCP_localALLacceptenableallVPN: VPN-GCP (Created by VPN wizard)
-
Table 61 - Policy - VPN-GCP => any

-
1.5.7.2.39 Policy: VPN-SDB => any
+
Table 70 - Policy - VPN-GCP => any

+
1.5.7.2.39 Policy: VPN-SDB => any
NameSourceDestinationServiceActionNATLogComments
vpn_VPN-SDB_remote_0VPN-SDB_remoteVPN-SDB_localALLacceptenableallVPN: VPN-SDB (Created by VPN wizard)
-
Table 62 - Policy - VPN-SDB => any

-
1.5.7.2.40 Policy: WLC-Staff => DCFW
+
Table 71 - Policy - VPN-SDB => any

+
1.5.7.2.40 Policy: WLC-Staff => DCFW
NameSourceDestinationServiceActionNATLogComments
IS-DCallallALLacceptdisableall 
-
Table 63 - Policy - WLC-Staff => DCFW

-
1.5.7.2.41 Policy: WLC-Staff => ISFW-HA
+
Table 72 - Policy - WLC-Staff => DCFW

+
1.5.7.2.41 Policy: WLC-Staff => ISFW-HA
NameSourceDestinationServiceActionNATLogComments
IS-DCallallALLacceptdisableall 
-
Table 64 - Policy - WLC-Staff => ISFW-HA

-
1.5.7.2.42 Policy: WLC-Staff => port36
+
Table 73 - Policy - WLC-Staff => ISFW-HA

+
1.5.7.2.42 Policy: WLC-Staff => port36
NameSourceDestinationServiceActionNATLogComments
Block Malicious by FortiEDRallFortiEDR_Malicious_Destinations, FortiXDR_Malicious_DestinationsALLdenydisableall 
Wireless-WLCallallALLacceptenableall 
-
Table 65 - Policy - WLC-Staff => port36

-
1.5.7.2.43 Policy: WLC-Students => DCFW
+
Table 74 - Policy - WLC-Staff => port36

+
1.5.7.2.43 Policy: WLC-Students => DCFW
NameSourceDestinationServiceActionNATLogComments
IS-DCallallALLacceptdisableall 
-
Table 66 - Policy - WLC-Students => DCFW

-
1.5.7.2.44 Policy: WLC-Students => ISFW-HA
+
Table 75 - Policy - WLC-Students => DCFW

+
1.5.7.2.44 Policy: WLC-Students => ISFW-HA
NameSourceDestinationServiceActionNATLogComments
IS-DCallallALLacceptdisableall 
-
Table 67 - Policy - WLC-Students => ISFW-HA

-
1.5.7.2.45 Policy: WLC-Students => port36
+
Table 76 - Policy - WLC-Students => ISFW-HA

+
1.5.7.2.45 Policy: WLC-Students => port36
NameSourceDestinationServiceActionNATLogComments
Block Malicious by FortiEDRallFortiEDR_Malicious_Destinations, FortiXDR_Malicious_DestinationsALLdenydisableall 
Wireless-WLCallallALLacceptenableall 
-
Table 68 - Policy - WLC-Students => port36

-
1.5.7.2.46 Policy: WLC-Teachers => DCFW
+
Table 77 - Policy - WLC-Students => port36

+
1.5.7.2.46 Policy: WLC-Teachers => DCFW
NameSourceDestinationServiceActionNATLogComments
IS-DCallallALLacceptdisableall 
-
Table 69 - Policy - WLC-Teachers => DCFW

-
1.5.7.2.47 Policy: WLC-Teachers => ISFW-HA
+
Table 78 - Policy - WLC-Teachers => DCFW

+
1.5.7.2.47 Policy: WLC-Teachers => ISFW-HA
NameSourceDestinationServiceActionNATLogComments
IS-DCallallALLacceptdisableall 
-
Table 70 - Policy - WLC-Teachers => ISFW-HA

-
1.5.7.2.48 Policy: WLC-Teachers => port36
+
Table 79 - Policy - WLC-Teachers => ISFW-HA

+
1.5.7.2.48 Policy: WLC-Teachers => port36
NameSourceDestinationServiceActionNATLogComments
Block Malicious by FortiEDRallFortiEDR_Malicious_Destinations, FortiXDR_Malicious_DestinationsALLdenydisableall 
Wireless-WLCallallALLacceptenableall 
-
Table 71 - Policy - WLC-Teachers => port36

-

1.6 User

The following section details user settings configured on FortiGate.

1.6.1 Summary

The following section provides a summary of user settings.

+
Table 80 - Policy - WLC-Teachers => port36

+

1.6 User

The following section details user settings configured on FortiGate.

1.6.1 Summary

The following section provides a summary of user settings.

@@ -832,19 +977,19 @@
User0
Group2
RADIUS1
SAML0
-
Table 72 - Summary

-

1.6.2 User Group

+
Table 81 - Summary

+

1.6.2 User Group

NameTypeMemberMatch
RADIUS_DemofirewallFAC-DEMO 
SSO_Guest_Usersfsso-service  
-
Table 73 - User Group

-

1.6.3 LDAP

+
Table 82 - User Group

+

1.6.3 LDAP

NameServer(s)PortCNDNTypeUser
ad-fortidemo10.88.210.100389sAMAccountNamedc=corp,dc=fortidemo,dc=comregularadministrator@corp.fortidemo.com
-
Table 74 - LDAP

-

LDAP: ad-fortidemo


+
Table 83 - LDAP

+

LDAP: ad-fortidemo


@@ -862,13 +1007,13 @@
Namead-fortidemo
Server10.88.210.100
Group Search Base 
Group Object Filter(&(objectcategory=group)(member=*))
-
Table 75 - LDAP ad-fortidemo

-

1.6.4 RADIUS

+
Table 84 - LDAP ad-fortidemo

+

1.6.4 RADIUS

NameServer(s)Auth TypeNAS-IP
FAC-DEMO172.30.72.232/172.30.72.231auto0.0.0.0
-
Table 76 - RADIUS

-

RADIUS: FAC-DEMO


+
Table 85 - RADIUS

+

RADIUS: FAC-DEMO


@@ -897,22 +1042,22 @@
NameFAC-DEMO
Server172.30.72.232
MAC Caselowercase
Delimiterplus
-
Table 77 - RADIUS FAC-DEMO

-

1.7 VPN IPsec

The following section details VPN IPsec settings configured on FortiGate.

1.7.1 Summary

The following section provides a summary of VPN IPsec settings.

+
Table 86 - RADIUS FAC-DEMO

+

1.7 VPN IPsec

The following section details VPN IPsec settings configured on FortiGate.

1.7.1 Summary

The following section provides a summary of VPN IPsec settings.

VPN IPsec Phase 14
VPN IPsec Phase 23
-
Table 78 - Summary

-

1.7.2 VPN IPsec Phase 1

Summary

+
Table 87 - Summary

+

1.7.2 VPN IPsec Phase 1

Summary

NameTypeInterfaceRemote GatewayModeAuth method
FortiSASEdynamicport360.0.0.0mainpsk
VPN-GCPstaticport3634.125.159.157mainpsk
VPN-MPLS1dynamicport230.0.0.0mainpsk
VPN-SDBstaticport3696.45.34.228mainpsk
-
Table 79 - VPN IPsec Phase 1 Summary

-

1.7.2.1 Phase 1: FortiSASE


+
Table 88 - VPN IPsec Phase 1 Summary

+

1.7.2.1 Phase 1: FortiSASE


@@ -934,8 +1079,8 @@
NameFortiSASE
Typedynamic
NAT Traversalenable
Rekeyenable
-
Table 80 - VPN IPsec Phase 1: FortiSASE

-

1.7.2.2 Phase 1: VPN-GCP


+
Table 89 - VPN IPsec Phase 1: FortiSASE

+

1.7.2.2 Phase 1: VPN-GCP


@@ -957,8 +1102,8 @@
NameVPN-GCP
Typestatic
NAT Traversalenable
Rekeyenable
-
Table 81 - VPN IPsec Phase 1: VPN-GCP

-

1.7.2.3 Phase 1: VPN-MPLS1


+
Table 90 - VPN IPsec Phase 1: VPN-GCP

+

1.7.2.3 Phase 1: VPN-MPLS1


@@ -980,8 +1125,8 @@
NameVPN-MPLS1
Typedynamic
NAT Traversalenable
Rekeyenable
-
Table 82 - VPN IPsec Phase 1: VPN-MPLS1

-

1.7.2.4 Phase 1: VPN-SDB


+
Table 91 - VPN IPsec Phase 1: VPN-MPLS1

+

1.7.2.4 Phase 1: VPN-SDB


@@ -1003,15 +1148,15 @@
NameVPN-SDB
Typestatic
NAT Traversalenable
Rekeyenable
-
Table 83 - VPN IPsec Phase 1: VPN-SDB

-

1.7.3 VPN IPsec Phase 2

Summary

+
Table 92 - VPN IPsec Phase 1: VPN-SDB

+

1.7.3 VPN IPsec Phase 2

Summary

NamePhase 1 NameSource Address TypeSource AddressDestination Address TypeDestination Address
FortiSASEFortiSASEsubnet0.0.0.0/0.0.0.0subnet0.0.0.0/0.0.0.0
VPN-GCPVPN-GCPnameVPN-GCP_localnameVPN-GCP_remote
VPN-SDBVPN-SDBnameVPN-SDB_localnameVPN-SDB_remote
-
Table 84 - VPN IPsec Phase 1 Summary

-

1.7.3.1 Phase 2: FortiSASE (FortiSASE)


+
Table 93 - VPN IPsec Phase 1 Summary

+

1.7.3.1 Phase 2: FortiSASE (FortiSASE)


@@ -1030,8 +1175,8 @@
NameFortiSASE
Phase 1 NameFortiSASE
Destination Address Name 
Destination Address Subnet0.0.0.0 0.0.0.0
-
Table 85 - VPN IPsec Phase 2: FortiSASE

-

1.7.3.2 Phase 2: VPN-GCP (VPN-GCP)


+
Table 94 - VPN IPsec Phase 2: FortiSASE

+

1.7.3.2 Phase 2: VPN-GCP (VPN-GCP)


@@ -1050,8 +1195,8 @@
NameVPN-GCP
Phase 1 NameVPN-GCP
Destination Address NameVPN-GCP_remote
Destination Address Subnet 
-
Table 86 - VPN IPsec Phase 2: VPN-GCP

-

1.7.3.3 Phase 2: VPN-SDB (VPN-SDB)


+
Table 95 - VPN IPsec Phase 2: VPN-GCP

+

1.7.3.3 Phase 2: VPN-SDB (VPN-SDB)


@@ -1070,14 +1215,14 @@
NameVPN-SDB
Phase 1 NameVPN-SDB
Destination Address NameVPN-SDB_remote
Destination Address Subnet 
-
Table 87 - VPN IPsec Phase 2: VPN-SDB

-

1.8 VPN SSL

The following section details VPN SSL settings configured on FortiGate.

1.8.1 Summary

The following section provides a summary of VPN SSL settings.

+
Table 96 - VPN IPsec Phase 2: VPN-SDB

+

1.8 VPN SSL

The following section details VPN SSL settings configured on FortiGate.

1.8.1 Summary

The following section provides a summary of VPN SSL settings.

Portal1
User (connected)0
-
Table 88 - Summary

-

1.8.2 VPN SSL Settings

+
Table 97 - Summary

+

1.8.2 VPN SSL Settings

@@ -1094,6 +1239,6 @@
Statusenable
Port443
DNS Server10.0.0.0
DNS Server20.0.0.0
-
Table 89 - VPN SSL Settings

+
Table 98 - VPN SSL Settings


Page 3
From 6f6c1d6e8b54fc3973777101a738f9d2563a88c7 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Wed, 17 Jul 2024 16:21:16 +0200 Subject: [PATCH 24/27] FortiCare: Fix formatting (using Visual Studio Code) --- Src/Private/Get-AbrFgtFortiCare.ps1 | 113 ++++++++++++++-------------- 1 file changed, 57 insertions(+), 56 deletions(-) diff --git a/Src/Private/Get-AbrFgtFortiCare.ps1 b/Src/Private/Get-AbrFgtFortiCare.ps1 index aede72f..326a80c 100644 --- a/Src/Private/Get-AbrFgtFortiCare.ps1 +++ b/Src/Private/Get-AbrFgtFortiCare.ps1 @@ -30,59 +30,59 @@ function Get-AbrFgtForticare { if ($LicenseStatus -and $InfoLevel.Forticare -ge 1) { $FortiGuardservicesDescriptions = @{ - "forticare" = "FortiCare Support Services" - "forticloud" = "FortiCloud Management" - "security_rating" = "Security Fabric Rating and Compliance Service" - "antivirus" = "Antivirus Service" - "mobile_malware" = "Mobile Malware Service" - "ai_malware_detection" = "AI-based Inline Malware Prevention" - "ips" = "Intrusion Prevention System (IPS)" - "industrial_db" = "OT Industrial Signatures Database" - "appctrl" = "Application Control" - "internet_service_db" = "Internet Service (SaaS) Database" - "device_os_id" = "Device/OS Detection" - "botnet_ip" = "Botnet IP Reputation Service" - "botnet_domain" = "Botnet Domain Reputation Service" - "psirt_security_rating" = "Attack Surface Security Rating" - "outbreak_security_rating" = "Outbreak Security Rating Service" - "icdb" = "OT Industrial Signatures Database" - "inline_casb" = "Inline SaaS Application Security (CASB)" - "local_in_virtual_patching" = "OT Virtual Patching" - "malicious_urls" = "Malicious URL Database" - "blacklisted_certificates" = "Blacklisted Certificates Service" - "firmware_updates" = "Firmware Updates" - "web_filtering" = "Web Filtering Service" - "outbreak_prevention" = "Outbreak Prevention" - "antispam" = "Antispam Service" - "iot_detection" = "IoT Detection Service" - "ot_detection" = "OT Detection Service" - "forticloud_sandbox" = "FortiCloud Sandbox" - "forticonverter" = "FortiConverter Service" - "fortiguard" = "FortiGuard Services" - "data_leak_prevention" = "Data Leak Prevention" - "sdwan_network_monitor" = "SD-WAN Network Monitor" - "forticloud_logging" = "FortiCloud Logging" - "fortianalyzer_cloud" = "FortiAnalyzer Cloud" + "forticare" = "FortiCare Support Services" + "forticloud" = "FortiCloud Management" + "security_rating" = "Security Fabric Rating and Compliance Service" + "antivirus" = "Antivirus Service" + "mobile_malware" = "Mobile Malware Service" + "ai_malware_detection" = "AI-based Inline Malware Prevention" + "ips" = "Intrusion Prevention System (IPS)" + "industrial_db" = "OT Industrial Signatures Database" + "appctrl" = "Application Control" + "internet_service_db" = "Internet Service (SaaS) Database" + "device_os_id" = "Device/OS Detection" + "botnet_ip" = "Botnet IP Reputation Service" + "botnet_domain" = "Botnet Domain Reputation Service" + "psirt_security_rating" = "Attack Surface Security Rating" + "outbreak_security_rating" = "Outbreak Security Rating Service" + "icdb" = "OT Industrial Signatures Database" + "inline_casb" = "Inline SaaS Application Security (CASB)" + "local_in_virtual_patching" = "OT Virtual Patching" + "malicious_urls" = "Malicious URL Database" + "blacklisted_certificates" = "Blacklisted Certificates Service" + "firmware_updates" = "Firmware Updates" + "web_filtering" = "Web Filtering Service" + "outbreak_prevention" = "Outbreak Prevention" + "antispam" = "Antispam Service" + "iot_detection" = "IoT Detection Service" + "ot_detection" = "OT Detection Service" + "forticloud_sandbox" = "FortiCloud Sandbox" + "forticonverter" = "FortiConverter Service" + "fortiguard" = "FortiGuard Services" + "data_leak_prevention" = "Data Leak Prevention" + "sdwan_network_monitor" = "SD-WAN Network Monitor" + "forticloud_logging" = "FortiCloud Logging" + "fortianalyzer_cloud" = "FortiAnalyzer Cloud" "fortianalyzer_cloud_premium" = "FortiAnalyzer Cloud Premium" - "fortimanager_cloud" = "FortiManager Cloud" - "fortisandbox_cloud" = "FortiSandbox Cloud" + "fortimanager_cloud" = "FortiManager Cloud" + "fortisandbox_cloud" = "FortiSandbox Cloud" "fortiguard_ai_based_sandbox" = "FortiGuard AI-based Sandbox" - "sdwan_overlay_aas" = "SD-WAN Overlay-as-a-Service" - "fortisase_private_access" = "FortiSASE Private Access" - "fortisase_lan_extension" = "FortiSASE LAN Extension" - "fortiems_cloud" = "FortiEMS Cloud" - "fortimanager_cloud_alci" = "FortiManager Cloud ALCI" - "fortisandbox_cloud_alci" = "FortiSandbox Cloud ALCI" - "vdom" = "Virtual Domains (platform capability)" - "sms" = "SMS Service" + "sdwan_overlay_aas" = "SD-WAN Overlay-as-a-Service" + "fortisase_private_access" = "FortiSASE Private Access" + "fortisase_lan_extension" = "FortiSASE LAN Extension" + "fortiems_cloud" = "FortiEMS Cloud" + "fortimanager_cloud_alci" = "FortiManager Cloud ALCI" + "fortisandbox_cloud_alci" = "FortiSandbox Cloud ALCI" + "vdom" = "Virtual Domains (platform capability)" + "sms" = "SMS Service" } $licenseSummary = @() $typeDescriptions = @{ - downloaded_fds_object = 'Update Feed' + downloaded_fds_object = 'Update Feed' live_fortiguard_service = 'Real-time Services' - live_cloud_service = 'Cloud Services' - functionality_enabling = 'Feature' + live_cloud_service = 'Cloud Services' + functionality_enabling = 'Feature' } $excludeServices = @( @@ -115,7 +115,8 @@ function Get-AbrFgtForticare { $description = $FortiGuardservicesDescriptions[$property.Name] if ($null -ne $feature.expires) { $expires = (Get-Date '01/01/1970').AddSeconds($feature.expires) | Get-Date -Format "dd/MM/yyyy" - } else { + } + else { $expires = $null } $type = $feature.type @@ -123,13 +124,13 @@ function Get-AbrFgtForticare { $typeDescription = $typeDescriptions[$type] $licenseSummaryUnordered += [PSCustomObject]@{ - name = $property.Name - description = $description - status = $status - expiration = $expires - type = $type + name = $property.Name + description = $description + status = $status + expiration = $expires + type = $type typeDescription = $typeDescription - entitlement = $entitlement + entitlement = $entitlement } } @@ -176,9 +177,9 @@ function Get-AbrFgtForticare { foreach ($license in $licenseSummary) { $licenseStatus = $license.status -eq 'licensed' ? 'Licensed' : 'Unlicensed' $OutObj += [pscustomobject]@{ - "Name" = $license.description - "Type" = $license.typeDescription - "Status" = $licenseStatus + "Name" = $license.description + "Type" = $license.typeDescription + "Status" = $licenseStatus "Expiration" = $license.expiration } } From 0ea6dfe6421a4a8884786642a716ddc629e1cf00 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Wed, 17 Jul 2024 16:22:30 +0200 Subject: [PATCH 25/27] FortiCare: Fix compability with PS5 --- Src/Private/Get-AbrFgtFortiCare.ps1 | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Src/Private/Get-AbrFgtFortiCare.ps1 b/Src/Private/Get-AbrFgtFortiCare.ps1 index 326a80c..3f140ee 100644 --- a/Src/Private/Get-AbrFgtFortiCare.ps1 +++ b/Src/Private/Get-AbrFgtFortiCare.ps1 @@ -175,7 +175,12 @@ function Get-AbrFgtForticare { $OutObj = @() foreach ($license in $licenseSummary) { - $licenseStatus = $license.status -eq 'licensed' ? 'Licensed' : 'Unlicensed' + if ($license.status -eq 'licensed') { + $licenseStatus = 'Licensed' + } + else { + $licenseStatus = 'Unlicensed' + } $OutObj += [pscustomobject]@{ "Name" = $license.description "Type" = $license.typeDescription From 883a636a13ab2e7bf487d3a5317a943a777345ee Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Wed, 17 Jul 2024 17:05:34 +0200 Subject: [PATCH 26/27] ChANGELOG: add #87 for 0.4.1 --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 959f55b..a60efd6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ # :arrows_clockwise: Fortinet FortiGate As Built Report Changelog +## [0.4.1] - 2024-07-17 + +### Fixed +- Fix FortiCare with PowerShell 5.0 [87](https://github.com/AsBuiltReport/AsBuiltReport.Fortinet.FortiGate/pull/87) + ## [0.4.0] - 2024-07-15 ### Added From 04627c96dca7f960ebb08e3d61ecf90336045710 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Wed, 17 Jul 2024 17:06:13 +0200 Subject: [PATCH 27/27] psd1: update to 0.4.1 --- AsBuiltReport.Fortinet.FortiGate.psd1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/AsBuiltReport.Fortinet.FortiGate.psd1 b/AsBuiltReport.Fortinet.FortiGate.psd1 index 1bd6ecc..93eca13 100644 --- a/AsBuiltReport.Fortinet.FortiGate.psd1 +++ b/AsBuiltReport.Fortinet.FortiGate.psd1 @@ -12,7 +12,7 @@ RootModule = 'AsBuiltReport.Fortinet.FortiGate.psm1' # Version number of this module. -ModuleVersion = '0.4.0' +ModuleVersion = '0.4.1' # Supported PSEditions # CompatiblePSEditions = @()