diff --git a/configs/fortigate/global/system.cfg b/configs/fortigate/global/system.cfg
index 58d97fd..986cb50 100644
--- a/configs/fortigate/global/system.cfg
+++ b/configs/fortigate/global/system.cfg
@@ -640,6 +640,12 @@ config system interface
         set snmp-index 68
         set interface "outside lag"
     next
+    edit "CNYWorks"
+        set vdom "scsd"
+        set type tunnel
+        set snmp-index 64
+        set interface "outside lag"
+    next
 end
 config system physical-switch
     edit "sw0"
diff --git a/configs/fortigate/vdom_scsd/vpn.cfg b/configs/fortigate/vdom_scsd/vpn.cfg
index 1084453..a0fd0a0 100644
--- a/configs/fortigate/vdom_scsd/vpn.cfg
+++ b/configs/fortigate/vdom_scsd/vpn.cfg
@@ -941,6 +941,18 @@ config vpn ipsec phase1-interface
         set remote-gw 24.105.188.54
         set psksecret ENC *HIDDEN*
     next
+    edit "CNYWorks"
+        set type dynamic
+        set interface "outside lag"
+        set ike-version 2
+        set peertype one
+        set net-device disable
+        set proposal aes128-sha256 aes256-sha256 aes128gcm-prfsha256 aes256gcm-prfsha384 chacha20poly1305-prfsha256
+        set dpd on-idle
+        set peerid "cnyworks.scsd.us"
+        set psksecret ENC *HIDDEN*
+        set dpd-retryinterval 60
+    next
 end
 config vpn ipsec phase2-interface
     edit "SRIC_BOCES"
@@ -1020,4 +1032,8 @@ config vpn ipsec phase2-interface
         set phase1name "RAP"
         set proposal aes256-sha256
     next
+    edit "CNYWorks"
+        set phase1name "CNYWorks"
+        set proposal aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305
+    next
 end