-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfig.toml
64 lines (53 loc) · 1.21 KB
/
config.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
[firewalls]
fw = "<type ip or hostname here>"
fw_ha = "<type ip or hostname here>"
[api_key]
key = "<type API key here>"
# VPN specific configs
[ike_gateway]
version="ikev2-preferred"
peer_ip_type="dynamic"
interface="ethernet1/1" # This will be the interface where the VPN enters
local_ip_address_type="ip"
local_ip_address=" " # IP of the PAN interface
pre_shared_key=" " # type the shared key
peer_id_type="fqdn"
enable_passive_mode=true
enable_nat_traversal=true
enable_fragmentation=false
ikev1_exchange_mode="auto"
ikev1_crypto_profile=" " # crypto profile name
enable_dead_peer_detection=true
ikev2_crypto_profile=" " # crytpo profile name
[ipsec_tunnel]
type="auto-key"
ak_ipsec_crypto_profile=" " # crypto name
enable_tunnel_monitor=false
[address_object]
type="ip-netmask"
[static_route]
nexthop_type="ip-address"
metric=10
[security_rule]
fromzone=" "
tozone=" "
source=" "
source_user="any"
hip_profiles="any"
application=" "
service="application-default"
category="any"
action="allow"
log_setting="default"
# Below are the names of the respective policies
virus=" "
spyware=" "
vulnerability=" "
wildfire_analysis=" "
[zone]
name= " "
mode="layer3"
[address_group]
name=" "
[router_name]
name="Default_vRouter"