HQ-FW Configuration:
====================

config system global 
set hostname HQ-FW
set admintimeout 480
end

config system interface 
edit port5
set alias MGMT
set mode static
set ip 192.168.100.200 255.255.255.0
set allowaccess ping https ssh http fgfm
end

config system interface 
edit port1
set alias WAN-1
set mode static
set ip 192.168.1.1 255.255.255.0
set allowaccess ping
set role wan
end
   
config system interface 
edit port2
set alias WAN-2
set mode static
set ip 192.168.2.1 255.255.255.0
set allowaccess ping
set role wan
end

config system interface 
edit port3
set alias LAN
set mode static
set ip 10.0.1.254 255.255.255.0
set allowaccess ping fgfm
set role lan
end

config system dns
set primary 8.8.8.8
set secondary 1.1.1.1
end

config router static 
edit 1
set dst 0.0.0.0 0.0.0.0
set device port1
set gateway 192.168.1.254
next
edit 2
set dst 0.0.0.0 0.0.0.0
set device port2
set gateway 192.168.2.254
next
end


config firewall policy
edit 1
set name LAN-to-WAN1
set srcintf port3
set dstintf port1 
set srcaddr all
set dstaddr all
set action accept
set schedule always
set service ALL
set logtraffic all
set nat enable
set status enable
next
end

config firewall policy
edit 2
set name LAN-to-WAN2
set srcintf port3
set dstintf port2 
set srcaddr all
set dstaddr all
set action accept
set schedule always
set service ALL
set logtraffic all
set nat enable
set status enable
next
end
--------------------------------------------------------------
DC-FW Configuration:
======================

config system global 
set hostname DC-FW
set admintimeout 480
set gui-theme neutrino
end

config system interface 
edit port5
set alias MGMT
set mode static
set ip 192.168.100.220 255.255.255.0
set allowaccess ping https ssh http fgfm
end

config system interface 
edit port1
set alias WAN-1
set mode static
set ip 192.168.3.1 255.255.255.0
set allowaccess ping fgfm
set role wan
end
   
config system interface 
edit port2
set alias WAN-2
set mode static
set ip 192.168.4.1 255.255.255.0
set allowaccess ping
set role wan
end

config system interface 
edit port3
set alias LAN
set mode static
set ip 10.0.2.254 255.255.255.0
set allowaccess ping
set role lan
end

config system dns
set primary 8.8.8.8
set secondary 1.1.1.1
end

config router static 
edit 1
set dst 0.0.0.0 0.0.0.0
set device port1
set gateway 192.168.3.254
next
edit 2
set dst 0.0.0.0 0.0.0.0
set device port2
set gateway 192.168.4.254
next
end

config firewall policy
edit 1
set name LAN-to-WAN
set srcintf port3
set dstintf port1 port2
set srcaddr all
set dstaddr all
set action accept
set schedule always
set service ALL
set logtraffic all
set nat enable
set status enable
next
end


------------------------------------------------------
BR-FW Configuration:
======================

config system global 
set hostname BR-FW
set admintimeout 480
set gui-theme mariner
end

config system interface 
edit port5
set alias MGMT
set mode static
set ip 192.168.100.230 255.255.255.0
set allowaccess ping https ssh http fgfm
end

config system interface 
edit port1
set alias WAN-1
set mode static
set ip 192.168.5.1 255.255.255.0
set allowaccess ping fgfm
set role wan
end
   
config system interface 
edit port2
set alias LAN
set mode static
set ip 10.0.3.254 255.255.255.0
set allowaccess ping
set role lan
end

config system dns
set primary 8.8.8.8
set secondary 1.1.1.1
end

config router static
edit 1
set gateway 192.168.5.254
set device port1
next
end

config firewall policy
edit 1
set name LAN-to-WAN
set srcintf port2
set dstintf port1
set srcaddr all
set dstaddr all
set action accept
set schedule always
set service ALL
set logtraffic all
set nat enable
set status enable
next
end

------------------------------------------------
FW1 Configuration:
======================

config system global 
set hostname FW1
set admintimeout 480
end

config system interface 
edit port5
set alias MGMT
set mode static
set ip 192.168.100.205 255.255.255.0
set allowaccess ping https ssh http fgfm
end

config system interface 
edit port1
set alias WAN-1
set mode static
set ip 10.0.1.1 255.255.255.0
set allowaccess ping
set role wan
end
   
config system dns
set primary 8.8.8.8
set secondary 1.1.1.1
end

config router static 
edit 1
set dst 0.0.0.0 0.0.0.0
set device port1
set gateway 10.0.1.254
end

config firewall policy
edit 1
set name LAN-to-WAN
set srcintf port2
set dstintf port1
set srcaddr all
set dstaddr all
set action accept
set schedule always
set service ALL
set logtraffic all
set nat enable
set status enable
next
end

------------------------------------------------

