fgtvm2.conf

Content-Type: multipart/mixed; boundary="==AWS=="
MIME-Version: 1.0

--==AWS==
Content-Type: text/x-shellscript; charset="us-ascii"
MIME-Version: 1.0

config system global
set hostname FGTVM-GWLB2
set admin-sport ${adminsport}
end
config system interface
edit port1
set alias public
set mode dhcp
set allowaccess https ssh
next
edit port2
set alias private
set mode dhcp
set allowaccess ping https ssh fgfm probe-response
set defaultgw disable
next
end
config system probe-response
set mode http-probe
end
config system global
set vdom-mode split-vdom
end
config global
config system interface
edit port2
set vdom FG-traffic
next
end
end
config vdom
edit FG-traffic
config system geneve
edit "gwlb-az2b"
set interface "port2"
set type ppp
set remote-ip ${endpointip}
next
edit "gwlb-az2a"
set interface "port2"
set type ppp
set remote-ip ${endpointip2a}
next
edit "gwlb-az2c"
set interface "port2"
set type ppp
set remote-ip ${endpointip2c}
next
end
config system zone
edit "gwlb-tunnels"
set interface "gwlb-az2a" "gwlb-az2b" "gwlb-az2c"
next
end
config firewall policy
edit 1
set name "http-deny"
set srcintf "gwlb-tunnels"
set dstintf "gwlb-tunnels"
set srcaddr "all"
set dstaddr "all"
set action deny
set schedule "always"
set service "HTTP"
set logtraffic disable
next
edit 2
set name "https-allow"
set srcintf "gwlb-tunnels"
set dstintf "gwlb-tunnels"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "HTTPS"
set logtraffic all
next
end
config router static
edit 1
set device gwlb-az2a
next
edit 2 
set device gwlb-az2b
next
edit 3 
set device gwlb-az2c
next
edit 4
set device port2
set dst ${cidr}
set gateway ${gateway}
next
end
config router policy 
edit 1
set input-device "gwlb-az2a"
set output-device "gwlb-az2a"
set src "0.0.0.0/0.0.0.0"
set dst "0.0.0.0/0.0.0.0"
set gateway ${endpointip2a}
next
edit 2
set input-device "gwlb-az2b"
set output-device "gwlb-az2b"
set src "0.0.0.0/0.0.0.0"
set dst "0.0.0.0/0.0.0.0"
set gateway ${endpointip}
next
edit 3
set input-device "gwlb-az2c"
set output-device "gwlb-az2c"
set src "0.0.0.0/0.0.0.0"
set dst "0.0.0.0/0.0.0.0"
set gateway ${endpointip2c}
next
end

%{ if type == "byol" }
--==AWS==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="license"

${file(license_file)}

%{ endif }
--==AWS==--