fortigate Tue Jan 20 07:44:04 PM EST 2026

2026-01-20 19:44:04 -05:00 · 2026-01-20 19:44:04 -05:00 · 32dd63d0b9
commit 32dd63d0b9
parent f7d36e09ab
2 changed files with 22 additions and 0 deletions
--- a/configs/fortigate/global/system.cfg
+++ b/configs/fortigate/global/system.cfg
@ -640,6 +640,12 @@ config system interface
        set snmp-index 68
        set interface "outside lag"
    next
+    edit "CNYWorks"
+        set vdom "scsd"
+        set type tunnel
+        set snmp-index 64
+        set interface "outside lag"
+    next
 end
 config system physical-switch
    edit "sw0"
--- a/configs/fortigate/vdom_scsd/vpn.cfg
+++ b/configs/fortigate/vdom_scsd/vpn.cfg
@ -941,6 +941,18 @@ config vpn ipsec phase1-interface
        set remote-gw 24.105.188.54
        set psksecret ENC *HIDDEN*
    next
+    edit "CNYWorks"
+        set type dynamic
+        set interface "outside lag"
+        set ike-version 2
+        set peertype one
+        set net-device disable
+        set proposal aes128-sha256 aes256-sha256 aes128gcm-prfsha256 aes256gcm-prfsha384 chacha20poly1305-prfsha256
+        set dpd on-idle
+        set peerid "cnyworks.scsd.us"
+        set psksecret ENC *HIDDEN*
+        set dpd-retryinterval 60
+    next
 end
 config vpn ipsec phase2-interface
    edit "SRIC_BOCES"
@ -1020,4 +1032,8 @@ config vpn ipsec phase2-interface
        set phase1name "RAP"
        set proposal aes256-sha256
    next
+    edit "CNYWorks"
+        set phase1name "CNYWorks"
+        set proposal aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305
+    next
 end