File: /home/posscale/backup/MT_Backups/AWS_Multisite/BACKUP-Ready Movers-2023nov06-174130.rsc
# nov/06/2023 17:41:51 by RouterOS 6.49.7
# software id = ZD86-6IIF
#
# model = RouterBOARD 952Ui-5ac2nD
# serial number = 71AF07149E18
/caps-man channel
add band=5ghz-a/n/ac control-channel-width=40mhz-turbo name=RM-5ghz
add band=2ghz-b/g/n control-channel-width=20mhz name=RM-2g
/interface l2tp-server
add name="Cairns Static L2TP Bind" user=Cairns-Office-Mikrotik
add name="Darwin Static L2TP Bind" user=Darwin-Office-Mikrotik
add name="Townsville Static L2TP Bind" user=Townsville-Office-Mikrotik
/interface bridge
add name=OfficeNet
/interface ethernet
set [ find default-name=ether1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
"ETH 1 - AAPT NBN"
set [ find default-name=ether2 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether3 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether4 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether5 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/caps-man security
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm,tkip name=RM \
passphrase=9563237229
/caps-man configuration
add country=australia datapath.bridge=OfficeNet name=OfficeNet security=RM \
ssid=Ready_Movers
/interface list
add name=L2TP-Connections
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk comment=9563237229 eap-methods="" \
group-ciphers=tkip,aes-ccm management-protection=allowed mode=\
dynamic-keys name=RM supplicant-identity="" unicast-ciphers=tkip,aes-ccm \
wpa-pre-shared-key=9563237229 wpa2-pre-shared-key=9563237229
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n country=\
australia disabled=no frequency=auto frequency-mode=manual-txpower mode=\
ap-bridge name="Ready Mover 2 GHZ" security-profile=RM ssid=Ready_Movers \
station-roaming=enabled wireless-protocol=802.11 wps-mode=disabled
set [ find default-name=wlan2 ] antenna-gain=0 band=5ghz-a/n/ac \
channel-width=20/40/80mhz-eCee country=australia disabled=no frequency=\
auto frequency-mode=manual-txpower mode=ap-bridge name="wlan2 5g" \
security-profile=RM ssid=Ready_Movers-5g station-roaming=enabled \
wireless-protocol=802.11 wps-mode=disabled
/ip pool
add name=dhcp_pool0 ranges=192.168.0.106-192.168.0.253
add name=VPN-Pool ranges=10.10.10.2-10.10.10.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=OfficeNet name=dhcp1
/ppp profile
add dns-server=8.8.8.8,8.8.4.4 interface-list=L2TP-Connections local-address=\
10.10.10.1 name="Ready Movers VPN" remote-address=VPN-Pool \
use-encryption=required
/routing ospf area
add area-id=0.0.0.254 disabled=yes name=area1
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=OfficeNet interface="Ready Mover 2 GHZ"
add bridge=OfficeNet interface="wlan2 5g"
add bridge=OfficeNet hw=no interface=ether2
/interface bridge settings
set use-ip-firewall=yes
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface l2tp-server server
set authentication=mschap1,mschap2 default-profile="Ready Movers VPN" \
enabled=yes ipsec-secret=!Pss.974082** use-ipsec=required
/ip address
add address=210.8.41.22/30 interface="ETH 1 - AAPT NBN" network=210.8.41.20
add address=192.168.0.254/24 interface=OfficeNet network=192.168.0.0
/ip dhcp-server lease
add address=192.168.0.125 client-id=1:0:15:65:cb:e2:8a mac-address=\
00:15:65:CB:E2:8A server=dhcp1
add address=192.168.0.127 client-id=0:0:11:4b:3:63:f1:0:0:0 comment=\
"Franking Machine Apost" mac-address=00:11:4B:03:63:F1 server=dhcp1
add address=192.168.0.216 client-id=1:0:0:48:d4:0:e6 comment=\
"Epson POST PrInter" mac-address=00:00:48:D4:00:E6 server=dhcp1
add address=192.168.0.150 comment="Fui zerox M465" mac-address=\
08:00:37:EF:48:8E server=dhcp1
add address=192.168.0.205 client-id=1:b4:22:0:a:c7:d2 comment=\
"Brother Printer Linbuilt donger" mac-address=B4:22:00:0A:C7:D2 server=\
dhcp1
add address=192.168.0.178 client-id=1:1c:bf:c0:f6:cb:0 comment=\
"Brother L2713DW - Linbuilt Donga Printer" mac-address=1C:BF:C0:F6:CB:00 \
server=dhcp1
add address=192.168.0.5 comment="Provision NVR" disabled=yes
add address=192.168.0.6 comment=RM-Server disabled=yes
add address=192.168.0.7 comment=RM-NAS disabled=yes
add address=192.168.0.151 client-id=1:0:17:c8:d9:6d:44 comment=\
"Warehouse M2040dn Printer" mac-address=00:17:C8:D9:6D:44 server=dhcp1
add address=192.168.0.152 client-id=1:0:17:c8:d9:6c:7c comment=\
"Accounts M2040DN Printer" mac-address=00:17:C8:D9:6C:7C server=dhcp1
add address=192.168.0.248 client-id=1:d4:2d:c5:14:b1:a2 comment=\
"Entry Container Camera" mac-address=D4:2D:C5:14:B1:A2 server=dhcp1
add address=192.168.0.153 client-id=1:0:17:c8:d9:6c:7e comment=\
"Main Office M2040DN Printer" mac-address=00:17:C8:D9:6C:7E server=dhcp1
add address=192.168.0.154 client-id=1:0:17:c8:CB:75:F0 comment=\
"Operations Office M3655idn/A Printer" mac-address=00:17:C8:CB:75:F0 \
server=dhcp1
add address=192.168.0.43 client-id=1:84:11:c2:c5:8e:66 mac-address=\
84:11:C2:C5:8E:66 server=dhcp1
add address=192.168.0.42 client-id=1:84:11:c2:c5:8e:65 mac-address=\
84:11:C2:C5:8E:65 server=dhcp1
add address=192.168.0.40 client-id=1:84:11:c2:c3:b4:76 mac-address=\
84:11:C2:C3:B4:76 server=dhcp1
add address=192.168.0.41 client-id=1:84:11:c2:c6:15:f4 mac-address=\
84:11:C2:C6:15:F4 server=dhcp1
add address=192.168.0.14 client-id=1:0:13:e2:17:dd:7d comment=\
"CAmera 14 Grovision KT YARD" disabled=yes mac-address=\
00:13:E2:17:DD:7D server=dhcp1
add address=192.168.0.23 client-id=1:0:13:e2:18:99:3c comment=\
"CAMERA 13 Geovision KT Shed intry yard " disabled=yes mac-address=\
00:13:E2:18:99:3C server=dhcp1
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.254 gateway=192.168.0.254
/ip dns
set allow-remote-requests=yes servers=203.8.183.1,192.189.54.33,8.8.8.8
/ip dns static
add address=3.105.22.41 name=unifi
/ip firewall address-list
add address=61.69.57.74 list=ACCESS
add address=52.62.206.142 list=voip
add address=61.69.57.74 list=RDP
add address=118.127.105.106 comment="moveware- Melborne" list=RDP
add address=5.133.18.200 comment=moveware-London list=RDP
add address=70.28.76.128 comment=moveware-Toronto list=RDP
add address=171.99.134.98 comment=moveware-Bangkok list=RDP
add address=52.170.221.126 comment="moveware-Support " list=RDP
add address=213.199.133.209 comment="moveware-MovePortal pages" list=RDP
add address=52.62.206.142 list=RDP
add address=40.117.98.128 comment="moveware- Support Server" list=RDP
add address=159.196.157.113 comment="JetDigital - Support Website Moveware" \
list=RDP
add address=20.62.191.13 comment="moveware-Support " list=RDP
add address=0.0.0.0/8 comment="Self-Identification [RFC 3330]" list=bogons
add address=10.0.0.0/8 comment=\
"Private[RFC 1918] - CLASS A # Check if you need this" disabled=yes list=\
bogons
add address=127.0.0.0/16 comment="Loopback [RFC 3330]" list=bogons
add address=169.254.0.0/16 comment="Link Local [RFC 3330]" list=bogons
add address=172.16.0.0/12 comment=\
"Private[RFC 1918] - CLASS B # Check if you need this" disabled=yes list=\
bogons
add address=192.168.0.0/16 comment=\
"Private[RFC 1918] - CLASS C # Check if you need this" disabled=yes list=\
bogons
add address=192.0.2.0/24 comment="Reserved - IANA - TestNet1" list=bogons
add address=192.88.99.0/24 comment="6to4 Relay Anycast [RFC 3068]" list=\
bogons
add address=198.18.0.0/15 comment="NIDB Testing" list=bogons
add address=198.51.100.0/24 comment="Reserved - IANA - TestNet2" list=bogons
add address=203.0.113.0/24 comment="Reserved - IANA - TestNet3" list=bogons
add address=224.0.0.0/4 comment="MC, Class D, IANA # Check if you need this" \
disabled=yes list=bogons
/ip firewall filter
add action=accept chain=input dst-port=8291 in-interface="ETH 1 - AAPT NBN" \
protocol=tcp src-address-list=ACCESS
add action=accept chain=input dst-port=500 in-interface="ETH 1 - AAPT NBN" \
log=yes log-prefix="VPN: " protocol=udp
add action=accept chain=input dst-port=1701 in-interface="ETH 1 - AAPT NBN" \
ipsec-policy=in,ipsec log-prefix="VPN: " protocol=udp
add action=accept chain=input dst-port=4500 in-interface="ETH 1 - AAPT NBN" \
log-prefix="VPN: " protocol=udp
add action=accept chain=input in-interface="ETH 1 - AAPT NBN" log-prefix=\
"VPN: " protocol=ipsec-esp
add action=accept chain=input in-interface="ETH 1 - AAPT NBN" log-prefix=\
"VPN: " protocol=ipsec-ah
add action=accept chain=input connection-state=established,related \
in-interface="ETH 1 - AAPT NBN"
add action=accept chain=forward in-interface=all-ppp out-interface=OfficeNet
add action=jump chain=input comment="Jump for icmp input flow" jump-target=\
ICMP protocol=icmp
add action=jump chain=forward comment="Jump for icmp forward flow" \
jump-target=ICMP protocol=icmp
add action=accept chain=input disabled=yes log-prefix=e protocol=icmp
add action=drop chain=input dst-port=53 in-interface="ETH 1 - AAPT NBN" \
protocol=udp
add action=drop chain=input dst-port=53 in-interface="ETH 1 - AAPT NBN" \
protocol=tcp
add action=drop chain=input in-interface="ETH 1 - AAPT NBN" log-prefix=\
"DROP INPUT: "
add action=accept chain=forward comment="L2TP Interface List allow" \
in-interface-list=L2TP-Connections
add action=accept chain=input comment="L2TP Interface List allow" \
in-interface-list=L2TP-Connections
add action=accept chain=forward dst-port=5950 in-interface="ETH 1 - AAPT NBN" \
log-prefix="FireWall IN 5950 Forward:_>>" protocol=tcp src-address-list=\
RDP
add action=accept chain=forward comment="Container camera Access" disabled=\
yes dst-port=443 in-interface="ETH 1 - AAPT NBN" log-prefix="6666 " \
protocol=tcp
add action=accept chain=forward dst-port=8292 in-interface="ETH 1 - AAPT NBN" \
log-prefix="FireWall IN 5950 Forward:_>>" protocol=tcp src-address-list=\
ACCESS
add action=accept chain=forward connection-nat-state=dstnat dst-port=3389 \
in-interface="ETH 1 - AAPT NBN" log-prefix=\
"FireWall IN 3389 Forward NATED :_>>" protocol=tcp src-address-list=RDP
add action=accept chain=forward comment="8443 Moveware Remote database Port" \
connection-nat-state=dstnat dst-port=8443 in-interface="ETH 1 - AAPT NBN" \
log-prefix="FireWall IN 8443 Moveware Remote database Port :_>>" \
protocol=tcp src-address-list=RDP
add action=accept chain=forward disabled=yes dst-port=5950 in-interface=\
"ETH 1 - AAPT NBN" protocol=udp
add action=accept chain=forward comment="Accept All From Voip IP LIST" \
in-interface="ETH 1 - AAPT NBN" src-address-list=voip
add action=accept chain=forward comment="Established Connections" \
connection-state=established,related in-interface="ETH 1 - AAPT NBN"
add action=fasttrack-connection chain=forward disabled=yes
add action=drop chain=forward comment="Drop Everything Else" in-interface=\
"ETH 1 - AAPT NBN" log=yes log-prefix="FIRE WALL DROP RULE ->>"
add action=add-src-to-address-list address-list=Syn_Flooder \
address-list-timeout=30m chain=input comment=\
"Add Syn Flood IP to the list" connection-limit=30,32 disabled=yes \
protocol=tcp tcp-flags=syn
add action=log chain=input comment="Add Syn Flood IP to the list" \
connection-limit=30,32 log-prefix="SYN FLOOD ALERT >30 TCPIP : " \
protocol=tcp tcp-flags=syn
add action=drop chain=forward comment="Drop syn flood list" src-address-list=\
Syn_Flooder
add action=add-src-to-address-list address-list=Port_Scanner \
address-list-timeout=1w chain=input comment="Port Scanner Detect" \
protocol=tcp psd=21,3s,3,1 src-address-list=!White-Llist
add action=drop chain=input comment="Drop port scan list" src-address-list=\
Port_Scanner
add action=drop chain=input comment="Block all access to the winbox - except t\
o support list # DO NOT ENABLE BEFORE ADDING YOUR SUBNET TO SUPPORT ADDRES\
S LIST #" disabled=yes dst-port=8291 protocol=tcp src-address-list=\
!support
add action=drop chain=forward comment="Drop to bogon list" dst-address-list=\
Bogons
add action=add-src-to-address-list address-list=Spammers \
address-list-timeout=3h chain=forward comment=\
"Add Spammers to the list for 3 hours" connection-limit=30,32 dst-port=\
25,587 limit=30/1m,0:packet protocol=tcp
add action=drop chain=forward comment="Avoid spammers action" dst-port=25,587 \
protocol=tcp src-address-list=Spammers
add action=add-src-to-address-list address-list=ftp_Brute \
address-list-timeout=3h chain=input comment=\
"Add bruteforcers to list for 3 hours" connection-limit=30,32 content=\
"530 Login incorrect" dst-port=21 limit=10/1m,0:packet protocol=tcp
add action=tarpit chain=forward comment="Tarpit login bruteforce" dst-port=25 \
protocol=tcp src-address-list=smtp_Brute
add action=drop chain=input comment="Drop ftp bruteforce" dst-port=21 \
protocol=tcp src-address-list=ftp_Brute
add action=accept chain=ICMP comment="Echo request - Avoiding Ping Flood" \
icmp-options=8:0 limit=1,5:packet protocol=icmp
add action=accept chain=ICMP comment="Echo reply" icmp-options=0:0 protocol=\
icmp
add action=accept chain=ICMP comment="Time Exceeded" icmp-options=11:0 \
protocol=icmp
add action=accept chain=ICMP comment="Destination unreachable" icmp-options=\
3:0-1 protocol=icmp
add action=accept chain=ICMP comment=PMTUD icmp-options=3:4 protocol=icmp
add action=accept chain=ICMP log-prefix="Accept ICMP LAN --->> " protocol=\
icmp src-address=192.168.0.0/24
add action=drop chain=ICMP comment="Drop to the other ICMPs" log=yes \
log-prefix="ICMP RULES DROP -->> " protocol=icmp
add action=accept chain=output connection-state=\
invalid,established,related,new,untracked log-prefix="OUTPUT >>> "
add action=log chain=output log=yes log-prefix="OUTPUT Midded >>> "
/ip firewall nat
add action=masquerade chain=srcnat comment="Mascrade L2TP LIST out" \
out-interface-list=L2TP-Connections
add action=masquerade chain=srcnat log-prefix="Masquerade:->> " \
out-interface="ETH 1 - AAPT NBN"
add action=masquerade chain=srcnat log-prefix="Masquerade:->> " \
out-interface="Cairns Static L2TP Bind"
add action=masquerade chain=srcnat log-prefix="Masquerade:->> " \
out-interface="Townsville Static L2TP Bind"
add action=masquerade chain=srcnat log-prefix="Masquerade:->> " src-address=\
10.10.10.0/24
add action=masquerade chain=srcnat log-prefix="Masquerade:->> "
add action=dst-nat chain=dstnat disabled=yes dst-port=443 in-interface=\
"ETH 1 - AAPT NBN" protocol=tcp to-addresses=192.168.0.248
add action=dst-nat chain=dstnat dst-port=5950 in-interface="ETH 1 - AAPT NBN" \
log-prefix="RDP DEST NAT: " protocol=tcp src-address-list=RDP \
to-addresses=192.168.0.6 to-ports=3389
add action=dst-nat chain=dstnat comment="8443 Moveware Remote database Port" \
dst-port=8443 in-interface="ETH 1 - AAPT NBN" log-prefix=\
"8443 Moveware Remote database Port: " protocol=tcp src-address-list=RDP \
to-addresses=192.168.0.6
add action=log chain=dstnat disabled=yes in-interface="ETH 1 - AAPT NBN" log=\
yes log-prefix="NO NAT RUEL:::::"
add action=dst-nat chain=dstnat dst-port=8292 in-interface="ETH 1 - AAPT NBN" \
protocol=tcp src-address-list=ACCESS to-addresses=192.168.0.2 to-ports=\
8291
/ip firewall raw
add action=drop chain=prerouting in-interface="ETH 1 - AAPT NBN" log=yes \
log-prefix="DROPED IN Black LIST > " src-address-list="Black LIst"
add action=drop chain=prerouting dst-port=3389 in-interface=\
"ETH 1 - AAPT NBN" log=yes log-prefix="3389 Added TO Black LIST > " \
protocol=tcp src-address-list=!RDP
add action=drop chain=prerouting disabled=yes dst-port=443 in-interface=\
"ETH 1 - AAPT NBN" log=yes log-prefix="443 Added TO Black LIST > " \
protocol=tcp src-address-list=!RDP
add action=drop chain=prerouting disabled=yes dst-port=80 in-interface=\
"ETH 1 - AAPT NBN" log=yes log-prefix="80 Added TO Black LIST > " \
protocol=tcp src-address-list=!RDP
add action=drop chain=prerouting dst-port=33389 in-interface=\
"ETH 1 - AAPT NBN" log=yes log-prefix="33389 Added TO Black LIST > " \
protocol=tcp src-address-list=!RDP
add action=drop chain=prerouting disabled=yes dst-port=16384-16387 \
in-interface="ETH 1 - AAPT NBN" log=yes log-prefix=\
"16384-16387 facetime DROPED > " protocol=udp src-address-list=!RDP
add action=drop chain=prerouting disabled=yes dst-port=16393-16402 \
in-interface="ETH 1 - AAPT NBN" log=yes log-prefix=\
"16384-16387 facetime DROPPED >> " protocol=udp src-address-list=!RDP
add action=drop chain=prerouting dst-port=23 in-interface="ETH 1 - AAPT NBN" \
log=yes log-prefix="23 Telnet Added TO Black LIST > " protocol=tcp \
src-address-list=!RDP
/ip firewall service-port
set sip disabled=yes
/ip route
add distance=1 gateway=210.8.41.21
add distance=1 dst-address=192.168.5.0/24 gateway="Cairns Static L2TP Bind"
add distance=1 dst-address=192.168.6.0/24 gateway=\
"Townsville Static L2TP Bind"
add distance=1 dst-address=192.168.7.0/24 gateway="Darwin Static L2TP Bind"
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip socks
set port=4145
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ppp l2tp-secret
add address=10.10.10.0/24 secret=!Pss.974082**
/ppp secret
add name=RM-Staff password=Pss.974082** profile="Ready Movers VPN"
add name=RM-Accounts password=PXchFXsJ54&^ profile="Ready Movers VPN"
add name=Michael password=rE^8UXme3CnM profile="Ready Movers VPN"
add name=Cheryl password=Re0poRz@Z99pl9iM profile="Ready Movers VPN"
add name=Mark password=qK49!e@YnexF profile="Ready Movers VPN"
add name=Jayde password=@3n#69*X3epZ profile="Ready Movers VPN"
add name=Julie.Smith password=%qDYd6T5r3bt profile="Ready Movers VPN"
add name=Cairns-Office-Mikrotik password=M*T%3wg9%Ddq profile=\
"Ready Movers VPN"
add name=Natasha password=UQUd#p3Uy*O!N5 profile="Ready Movers VPN"
add name=Townsville-Office-Mikrotik password=H@3zb2haY8Q^!Hs% profile=\
"Ready Movers VPN"
add name=Karen password="#^eHeVfQ43A\$" profile="Ready Movers VPN"
add name=Cairns-Laptop-Laney password=%qDYdUy*O!N5 profile="Ready Movers VPN"
add name=Cairns-Laptop-Chanel password=@wN958G!s!kzGLtm profile=\
"Ready Movers VPN"
add name=Joanne password="1YjqS\$sUb8" profile="Ready Movers VPN"
add name=anthony password="&Wul346%99H`Ll" profile="Ready Movers VPN"
add name=Melinda password=4YWwbi@i4Mqw profile="Ready Movers VPN"
add name=Harrison.gill password="\$8Mw4SedB%fa" profile="Ready Movers VPN"
add name=Irene password=%qDYd6@3n#69UQ profile="Ready Movers VPN"
add name=WS-19 password=49!e@Yd6T5rw4SedB% profile="Ready Movers VPN"
add name=Catherine.M password=6vUvHPuD^JqOiRqW profile="Ready Movers VPN" \
remote-address=10.10.10.20
add name=Fabiana password=Duj59113 profile="Ready Movers VPN"
add name=Darwin-Office-Mikrotik password="0^5\$GUnm5tyKredQ" profile=\
"Ready Movers VPN"
/routing ospf network
add area=area1 disabled=yes network=10.10.10.0/24
add area=area1 disabled=yes network=192.168.0.0/24
/system clock
set time-zone-autodetect=no time-zone-name=Australia/Queensland
/system identity
set name="Ready Movers"
/system logging
add disabled=yes topics=ntp,debug
/system ntp client
set enabled=yes primary-ntp=159.196.3.239 secondary-ntp=103.76.40.123
/system script
add dont-require-permissions=no name=Backup owner=posscales policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
local saveUserDB false\r\
\n:local saveSysBackup true\r\
\n:local encryptSysBackup false\r\
\n:local saveRawExport true\r\
\n\r\
\n:local FTPServer \"backup.posscales.com.au\"\r\
\n:local FTPPort 21\r\
\n:local FTPUser \"MT_Backups@backup.posscales.com.au\"\r\
\n:local FTPPass \"!Dgt.974082\"\r\
\n:local FTPdest \"/AWS_Multisite\"\r\
\n\r\
\n:local ts [/system clock get time]\r\
\n:set ts ([:pick \$ts 0 2].[:pick \$ts 3 5].[:pick \$ts 6 8])\r\
\n:local ds [/system clock get date]\r\
\n:set ds ([:pick \$ds 7 11].[:pick \$ds 0 3].[:pick \$ds 4 6])\r\
\n\r\
\n:local fname (\"BACKUP-\".[/system identity get name].\"-\".\$ds.\"-\".\
\$ts)\r\
\n:local sfname (\"/\".\$fname)\r\
\n:if (\$saveUserDB) do={\r\
\n /tool user-manager database save name=(\$sfname.\".umb\")\r\
\n :log info message=\"User Manager DB Backup Finished\"\r\
\n}\r\
\ndelay 10s\r\
\n\r\
\n:if (\$saveSysBackup) do={\r\
\n :if (\$encryptSysBackup = true) do={ /system backup save name=(\$sfnam\
e.\".backup\") }\r\
\n :if (\$encryptSysBackup = false) do={ /system backup save dont-encrypt\
=yes name=(\$sfname.\".backup\") }\r\
\n :log info message=\"System Backup Finished\"\r\
\n}\r\
\ndelay 10s\r\
\n\r\
\nif (\$saveRawExport) do={\r\
\n /export file=(\$sfname.\".rsc\")\r\
\n :log info message=\"Raw configuration script export Finished\"\r\
\n}\r\
\ndelay 10s\r\
\n\r\
\n:local backupFileName \"\"\r\
\n:local backupDestPath \"\"\r\
\n:foreach backupFile in=[/file find] do={\r\
\n :set backupFileName (\"/\".[/file get \$backupFile name])\r\
\n :set backupDestPath (\$FTPdest.\$backupFileName)\r\
\n :if ([:typeof [:find \$backupFileName \$sfname]] != \"nil\") do={\r\
\n :log warning message=\"/tool fetch address=\$FTPServer port=\$FTPPort \
src-path=\$backupFileName user=\$FTPUser mode=ftp password=\$FTPPass dst-p\
ath=\$backupDestPath upload=yes\"\r\
\n\r\
\n /tool fetch address=\$FTPServer port=\$FTPPort src-path=\$backupFile\
Name user=\$FTPUser mode=ftp password=\$FTPPass dst-path=\$backupDestPath \
upload=yes\r\
\n }\r\
\n}\r\
\n:delay 10s\r\
\n:foreach backupFile in=[/file find] do={\r\
\n :if ([:typeof [:find [/file get \$backupFile name] \"BACKUP-\"]]!=\"ni\
l\") do={\r\
\n /file remove \$backupFile\r\
\n }\r\
\n}\r\
\n\r\
\n:log info message=\"Successfully removed Temporary Backup Files\"\r\
\n:log info message=\"Automatic Backup Completed Successfully\""
/tool graphing interface
add
/tool graphing resource
add
/tool mac-server
set allowed-interface-list=none
/tool netwatch
add host=192.168.6.254
/tool romon
set enabled=yes