From 3a09f44775948caa81becfae552906758fca894b Mon Sep 17 00:00:00 2001 From: John Poland Date: Sat, 11 Oct 2025 17:07:42 -0400 Subject: [PATCH] fortigate/vdom_scsd/vpn.cfg Sat Oct 11 05:07:41 PM EDT 2025 --- configs/fortigate/vdom_scsd/vpn.cfg | 1026 +++++++++++++++++++++++++++ 1 file changed, 1026 insertions(+) create mode 100644 configs/fortigate/vdom_scsd/vpn.cfg diff --git a/configs/fortigate/vdom_scsd/vpn.cfg b/configs/fortigate/vdom_scsd/vpn.cfg new file mode 100644 index 0000000..026724c --- /dev/null +++ b/configs/fortigate/vdom_scsd/vpn.cfg @@ -0,0 +1,1026 @@ +config vpn certificate ca +end +config vpn certificate remote + edit "REMOTE_Cert_2" + next +end +config vpn certificate local + edit "Fortinet_CA_SSL" + set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." + set range global + set source factory + next + edit "Fortinet_CA_Untrusted" + set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." + set range global + set source factory + next + edit "Fortinet_SSL" + set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " + set range global + set source factory + next + edit "Fortinet_SSL_RSA1024" + set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " + set range global + set source factory + next + edit "Fortinet_SSL_RSA2048" + set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " + set range global + set source factory + next + edit "Fortinet_SSL_RSA4096" + set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " + set range global + set source factory + next + edit "Fortinet_SSL_DSA1024" + set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " + set range global + set source factory + next + edit "Fortinet_SSL_DSA2048" + set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " + set range global + set source factory + next + edit "Fortinet_SSL_ECDSA256" + set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " + set range global + set source factory + next + edit "Fortinet_SSL_ECDSA384" + set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " + set range global + set source factory + next + edit "Fortinet_SSL_ECDSA521" + set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " + set range global + set source factory + next + edit "Fortinet_SSL_ED25519" + set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " + set range global + set source factory + next + edit "Fortinet_SSL_ED448" + set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " + set range global + set source factory + next + edit "Star Cert Expire 4-24" + set  *HIDDEN* + next + edit "StartCert-Expire042025" + set  *HIDDEN* + next + edit "StarCert-Expire03202026" + set  *HIDDEN* + next +end +config vpn ssl web host-check-software + edit "FortiClient-AV" + set guid "1A0271D5-3D4F-46DB-0C2C-AB37BA90D9F7" + next + edit "FortiClient-FW" + set type fw + set guid "528CB157-D384-4593-AAAA-E42DFF111CED" + next + edit "FortiClient-AV-Vista" + set guid "385618A6-2256-708E-3FB9-7E98B93F91F9" + next + edit "FortiClient-FW-Vista" + set type fw + set guid "006D9983-6839-71D6-14E6-D7AD47ECD682" + next + edit "FortiClient5-AV" + set guid "5EEDDB8C-C27A-6714-3657-DBD811D1F1B7" + next + edit "AVG-Internet-Security-AV" + set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF" + next + edit "AVG-Internet-Security-FW" + set type fw + set guid "8DECF618-9569-4340-B34A-D78D28969B66" + next + edit "AVG-Internet-Security-AV-Vista-Win7" + set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82" + next + edit "AVG-Internet-Security-FW-Vista-Win7" + set type fw + set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9" + next + edit "CA-Anti-Virus" + set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93" + next + edit "CA-Internet-Security-AV" + set guid "6B98D35F-BB76-41C0-876B-A50645ED099A" + next + edit "CA-Internet-Security-FW" + set type fw + set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3" + next + edit "CA-Internet-Security-AV-Vista-Win7" + set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F" + next + edit "CA-Internet-Security-FW-Vista-Win7" + set type fw + set guid "06D680B0-4024-4FAB-E710-E675E50F6324" + next + edit "CA-Personal-Firewall" + set type fw + set guid "14CB4B80-8E52-45EA-905E-67C1267B4160" + next + edit "F-Secure-Internet-Security-AV" + set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15" + next + edit "F-Secure-Internet-Security-FW" + set type fw + set guid "D4747503-0346-49EB-9262-997542F79BF4" + next + edit "F-Secure-Internet-Security-AV-Vista-Win7" + set guid "15414183-282E-D62C-CA37-EF24860A2F17" + next + edit "F-Secure-Internet-Security-FW-Vista-Win7" + set type fw + set guid "2D7AC0A6-6241-D774-E168-461178D9686C" + next + edit "Kaspersky-AV" + set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" + next + edit "Kaspersky-FW" + set type fw + set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" + next + edit "Kaspersky-AV-Vista-Win7" + set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE" + next + edit "Kaspersky-FW-Vista-Win7" + set type fw + set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5" + next + edit "McAfee-Internet-Security-Suite-AV" + set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83" + next + edit "McAfee-Internet-Security-Suite-FW" + set type fw + set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8" + next + edit "McAfee-Internet-Security-Suite-AV-Vista-Win7" + set guid "86355677-4064-3EA7-ABB3-1B136EB04637" + next + edit "McAfee-Internet-Security-Suite-FW-Vista-Win7" + set type fw + set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C" + next + edit "McAfee-Virus-Scan-Enterprise" + set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0" + next + edit "Norton-360-2.0-AV" + set guid "A5F1BC7C-EA33-4247-961C-0217208396C4" + next + edit "Norton-360-2.0-FW" + set type fw + set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3" + next + edit "Norton-360-3.0-AV" + set guid "E10A9785-9598-4754-B552-92431C1C35F8" + next + edit "Norton-360-3.0-FW" + set type fw + set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" + next + edit "Norton-Internet-Security-AV" + set guid "E10A9785-9598-4754-B552-92431C1C35F8" + next + edit "Norton-Internet-Security-FW" + set type fw + set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" + next + edit "Norton-Internet-Security-AV-Vista-Win7" + set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" + next + edit "Norton-Internet-Security-FW-Vista-Win7" + set type fw + set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" + next + edit "Symantec-Endpoint-Protection-AV" + set guid "FB06448E-52B8-493A-90F3-E43226D3305C" + next + edit "Symantec-Endpoint-Protection-FW" + set type fw + set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6" + next + edit "Symantec-Endpoint-Protection-AV-Vista-Win7" + set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" + next + edit "Symantec-Endpoint-Protection-FW-Vista-Win7" + set type fw + set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" + next + edit "Panda-Antivirus+Firewall-2008-AV" + set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A" + next + edit "Panda-Antivirus+Firewall-2008-FW" + set type fw + set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" + next + edit "Panda-Internet-Security-AV" + set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" + next + edit "Panda-Internet-Security-2006~2007-FW" + set type fw + set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" + next + edit "Panda-Internet-Security-2008~2009-FW" + set type fw + set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" + next + edit "Sophos-Anti-Virus" + set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD" + next + edit "Sophos-Enpoint-Secuirty-and-Control-FW" + set type fw + set guid "0786E95E-326A-4524-9691-41EF88FB52EA" + next + edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7" + set guid "479CCF92-4960-B3E0-7373-BF453B467D2C" + next + edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7" + set type fw + set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57" + next + edit "Trend-Micro-AV" + set guid "7D2296BC-32CC-4519-917E-52E652474AF5" + next + edit "Trend-Micro-FW" + set type fw + set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6" + next + edit "Trend-Micro-AV-Vista-Win7" + set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50" + next + edit "Trend-Micro-FW-Vista-Win7" + set type fw + set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B" + next + edit "ZoneAlarm-AV" + set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF" + next + edit "ZoneAlarm-FW" + set type fw + set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B" + next + edit "ZoneAlarm-AV-Vista-Win7" + set guid "D61596DF-D219-341C-49B3-AD30538CBC5B" + next + edit "ZoneAlarm-FW-Vista-Win7" + set type fw + set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20" + next + edit "ESET-Smart-Security-AV" + set guid "19259FAE-8396-A113-46DB-15B0E7DFA289" + next + edit "ESET-Smart-Security-FW" + set type fw + set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2" + next +end +config vpn ssl web portal + edit "full-access" + set tunnel-mode enable + set ipv6-tunnel-mode enable + set web-mode enable + set ip-pools "SSLVPN_TUNNEL_ADDR1" + set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" + config bookmark-group + edit "gui-bookmarks" + next + end + set customize-forticlient-download-url enable + set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent" + next + edit "web-access" + set web-mode enable + next + edit "tunnel-access" + set tunnel-mode enable + set ipv6-tunnel-mode enable + set ip-pools "SSLVPN_TUNNEL_ADDR1" + set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" + next + edit "SCSD_VPN_FULL_Portal" + set tunnel-mode enable + set web-mode enable + set ip-pools "SSL_VPN_Range" + set split-tunneling-routing-address "IPv4-Private-All-RFC1918" + config bookmark-group + edit "gui-bookmarks" + next + end + set customize-forticlient-download-url enable + set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent" + set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent" + next + edit "SchoolTool_Portal" + set tunnel-mode enable + set web-mode enable + set forticlient-download disable + set ip-pools "SSL_VPN_Range" + set split-tunneling-routing-address "Internal_10.0.0.0_8" + set user-bookmark disable + config bookmark-group + edit "gui-bookmarks" + config bookmarks + edit "Obiwan_RDP" + set apptype rdp + set host "10.1.48.202" + set security any + set port 3389 + set sso auto + next + edit "HanSolo_RDP" + set apptype rdp + set host "10.1.48.201" + set security any + set port 3389 + set sso auto + next + edit "C3PO_RDP" + set apptype rdp + set host "10.1.48.133" + set security any + set port 3389 + set sso auto + next + edit "Chewbacca_RDP" + set apptype rdp + set host "10.1.48.129" + set security any + set port 3389 + set sso auto + next + edit "Skywalker_RDP" + set apptype rdp + set host "10.1.48.63" + set security any + set port 3389 + set sso auto + next + edit "Yoda_RDP" + set apptype rdp + set host "10.1.48.103" + set security any + set port 3389 + set sso auto + next + edit "MANDO_RDP" + set apptype rdp + set host "10.1.40.72" + set security any + set port 3389 + set sso auto + next + edit "GROGU_RDP" + set apptype rdp + set host "10.1.40.224" + set security any + set port 3389 + set sso auto + next + end + next + end + set display-connection-tools disable + set display-history disable + set heading "SCSD SchoolTool VPN" + next + edit "Website_Server_Portal" + set tunnel-mode enable + set web-mode enable + set ip-pools "SSL_VPN_Range" + set split-tunneling-routing-address "Internal_10.0.0.0_8" + set user-bookmark disable + config bookmark-group + edit "gui-bookmarks" + config bookmarks + edit "Webosphere_RDP" + set apptype rdp + set host "10.1.48.117" + set port 3389 + set sso auto + next + edit "Webosphere_FTP" + set apptype ftp + set folder "10.1.48.117" + set sso auto + next + end + next + end + set display-connection-tools disable + set display-history disable + set display-status disable + set heading "SCSD Website VPN Portal" + set theme mariner + set customize-forticlient-download-url enable + set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent" + set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent" + next + edit "DayAutomation_Portal" + set tunnel-mode enable + set web-mode enable + set ip-pools "SSL_VPN_Range" + set split-tunneling-routing-address "Internal_10.0.0.0_8" + config bookmark-group + edit "gui-bookmarks" + config bookmarks + edit "Day_Enterprise_Server" + set apptype rdp + set host "10.1.40.108" + set port 3389 + set sso auto + next + edit "Day_VM_Server" + set apptype rdp + set host "10.1.40.173" + set port 3389 + set sso auto + next + edit "Day_Continuum_Server" + set apptype rdp + set host "10.1.40.188" + set port 3389 + set sso auto + next + end + next + end + set display-connection-tools disable + set display-history disable + set display-status disable + set heading "SCSD Day Automation VPN Portal" + set theme melongene + set customize-forticlient-download-url enable + set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent" + set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent" + next + edit "Security_Portal" + set tunnel-mode enable + set web-mode enable + set ip-pools "SSL_VPN_Range" + set split-tunneling-routing-address "Internal_10.0.0.0_8" + config bookmark-group + edit "gui-bookmarks" + next + end + set display-history disable + set display-status disable + set heading "SCSD Security VPN Portal" + set theme mariner + set customize-forticlient-download-url enable + set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent" + set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent" + next + edit "Hyperion_Portal" + set tunnel-mode enable + set web-mode enable + set ip-pools "SSL_VPN_Range" + set split-tunneling-routing-address "Internal_10.0.0.0_8" + config bookmark-group + edit "gui-bookmarks" + next + end + set display-history disable + set display-status disable + set heading "SCSD_Hyperion_VPN_Portal" + set customize-forticlient-download-url enable + set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent" + set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent" + next + edit "Peoplesoft_Portal" + set tunnel-mode enable + set web-mode enable + set ip-pools "SSL_VPN_Range" + set split-tunneling-routing-address "Internal_10.0.0.0_8" + config bookmark-group + edit "gui-bookmarks" + next + end + set display-history disable + set display-status disable + set heading "SCSD_Peoplesoft_VPN_Portal" + set customize-forticlient-download-url enable + set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent" + set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent" + next + edit "WebCRD_Portal" + set tunnel-mode enable + set web-mode enable + set ip-pools "SSL_VPN_Range" + set split-tunneling-routing-address "Internal_10.0.0.0_8" + config bookmark-group + edit "gui-bookmarks" + next + end + set display-history disable + set display-status disable + set heading "SCSD_WebCRD_VPN_Portal" + set customize-forticlient-download-url enable + set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent" + set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent" + next + edit "Access411_Portal" + set tunnel-mode enable + set web-mode enable + set forticlient-download disable + set ip-pools "SSL_VPN_Range" + set split-tunneling-routing-address "Internal_10.0.0.0_8" + set user-bookmark disable + config bookmark-group + edit "gui-bookmarks" + config bookmarks + edit "411app" + set apptype rdp + set host "10.1.40.216" + set security any + set port 3389 + set sso auto + next + edit "411sql" + set apptype rdp + set host "10.1.40.225" + set security any + set port 3389 + set sso auto + next + edit "411app HomePage" + set url "https://411app.scsd.us" + next + end + next + end + set display-connection-tools disable + set display-history disable + set display-status disable + set heading "SCSD Access411 VPN Portal" + next + edit "DocHolliday_Portal" + set tunnel-mode enable + set web-mode enable + set ip-pools "SSL_VPN_Range" + set split-tunneling-routing-address "Internal_10.0.0.0_8" + config bookmark-group + edit "gui-bookmarks" + next + end + set display-history disable + set display-status disable + set heading "SCSD DocHolliday Portal" + set customize-forticlient-download-url enable + set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent" + set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent" + next + edit "AccessControl_Portal" + set tunnel-mode enable + set web-mode enable + set ip-pools "SSL_VPN_Range" + set split-tunneling-routing-address "Internal_10.0.0.0_8" + config bookmark-group + edit "gui-bookmarks" + next + end + set display-history disable + set display-status disable + set heading "SCSD Access Control VPN Portal" + set customize-forticlient-download-url enable + set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent" + set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent" + next + edit "Auditor_Portal" + set tunnel-mode enable + set web-mode enable + set forticlient-download disable + set ip-pools "SSL_VPN_Range" + set split-tunneling-routing-address "Internal_10.0.0.0_8" + config bookmark-group + edit "gui-bookmarks" + config bookmarks + edit "Finance" + set url "http://psprdfin.scsd.ad/psp/FPRD/" + next + edit "HR" + set url "http://psprdhcm.scsd.ad/psp/HPRD" + next + end + next + end + set clipboard disable + next + edit "Azure_Test_Portal" + set tunnel-mode enable + set web-mode enable + set ip-pools "SSL_VPN_Range" + set split-tunneling-routing-address "Internal_10.0.0.0_8" "IPv4-Private-All-RFC1918" + config bookmark-group + edit "gui-bookmarks" + next + end + set heading "Azure-VPN Portal" + next + edit "SCSD_USER_PORTAL" + set tunnel-mode enable + set web-mode enable + set forticlient-download disable + set ip-pools "SSL_VPN_Range" + set split-tunneling-routing-address "Internal_10.0.0.0_8" "IPv4-Private-All-RFC1918" + config bookmark-group + edit "gui-bookmarks" + next + end + set heading "SCSD-USER-PORTAL" + next +end +config vpn ssl settings + set servercert "StarCert-Expire03202026" + set idle-timeout 3600 + set auth-timeout 36000 + set login-timeout 180 + set tunnel-ip-pools "SSL_VPN_Range" + set dns-server1 10.1.40.10 + set dns-server2 10.21.48.10 + set source-interface "outside" + set source-address "all" + set source-address6 "all" + set default-portal "tunnel-access" + config authentication-rule + edit 1 + set groups "SSL_VPN_Full_Access" + set portal "SCSD_VPN_FULL_Portal" + next + edit 2 + set groups "VPN_SchoolTool_Group" + set portal "SchoolTool_Portal" + next + edit 4 + set groups "VPN_Web_Servers_Group" + set portal "Website_Server_Portal" + next + edit 5 + set groups "VPN_DayAuto_Group" + set portal "DayAutomation_Portal" + next + edit 6 + set groups "VPN_Security_Group" + set portal "Security_Portal" + next + edit 7 + set groups "VPN_Hyperion_Group" + set portal "Hyperion_Portal" + next + edit 8 + set groups "VPN_Peoplesoft_Group" + set portal "Peoplesoft_Portal" + next + edit 9 + set groups "VPN_WebCRD_Group" + set portal "WebCRD_Portal" + next + edit 10 + set groups "VPN_Access411_Group" + set portal "Access411_Portal" + next + edit 11 + set groups "VPN_DocHolliday_Group" + set portal "DocHolliday_Portal" + next + edit 12 + set groups "VPN_Access_Control_Group" + set portal "AccessControl_Portal" + next + edit 13 + set groups "VPN_Auditor_Group" + set portal "Auditor_Portal" + next + edit 14 + set groups "FortiGateAccess" + set portal "Azure_Test_Portal" + next + edit 15 + set groups "SSL_VPN_SCSD_USER" + set portal "SCSD_USER_PORTAL" + next + edit 16 + set groups "SSL_VPN_SCSD_USER2" + set portal "SCSD_USER_PORTAL" + next + end + set http-request-header-timeout 60 + set http-request-body-timeout 60 +end +config vpn ssl web user-bookmark + edit "vpn_user1#SSL_VPN_Full_Access" + next + edit "tmarri81#SSL_VPN_Full_Access" + config bookmarks + edit "TimMac_FTP" + set apptype ftp + set folder "10.1.7.110" + next + edit "My_PC" + set apptype rdp + set host "10.1.7.137" + set security any + set port 3389 + set sso auto + next + edit "My Mac" + set apptype vnc + set host "10.1.7.110" + set port 5900 + set logon-user "tmarris" + set logon- *HIDDEN* + next + end + next + edit "tmarri81.admin#VPN_SchoolTool_Group" + next + edit "dteacher#VPN_PrintServer_Group" + next + edit "gdaniels.admin#VPN_PrintServer_Group" + next + edit "gdaniels#SSL_VPN_Full_Access" + next + edit "tmarri81.admin#SSL_VPN_Full_Access" + config bookmarks + edit "MrRobot_FTP" + set apptype ftp + set folder "10.1.40.101" + set sso auto + next + edit "Obiwan_RDP" + set apptype rdp + set host "10.1.48.202" + set port 3389 + set sso auto + next + end + next + edit "tmarri81.la#SSL_VPN_Full_Access" + config bookmarks + edit "MrRobot_FTP" + set apptype ftp + set folder "10.1.40.101" + set sso auto + next + end + next + edit "hrice.oa#SSL_VPN_Full_Access" + next + edit "tmarri81#VPN_Security_Group" + next + edit "timoon67#SSL_VPN_Full_Access" + next + edit "tmarri81.la#VPN_Hyperion_Group" + next + edit "tmarri81.la#VPN_Peoplesoft_Group" + next + edit "tmarri81.la#VPN_WebCRD_Group" + next + edit "webcrdsupport#VPN_WebCRD_Group" + next + edit "tmarri81.la#VPN_DocHolliday_Group" + next + edit "mnichols.oa#VPN_DayAuto_Group" + next + edit "ddunn.oa#VPN_DayAuto_Group" + next + edit "jgriffin.oa#VPN_DayAuto_Group" + next + edit "swalts49#SSL_VPN_Full_Access" + next + edit "Bstrohm_admin#SSL_VPN_Full_Access" + next + edit "jgumpert#VPN_Peoplesoft_Group" + next + edit "gedelstein#VPN_DayAuto_Group" + next + edit "tmarri81.la#VPN_DayAuto_Group" + next + edit "wlakie.oa#VPN_DayAuto_Group" + next + edit "Katapult.oa#VPN_DocHolliday_Group" + next + edit "aolEVA60#SSL_VPN_Full_Access" + next + edit "aoleva60#SSL_VPN_Full_Access" + next + edit "hebuck02#SSL_VPN_Full_Access" + next + edit "kcampion.oa#VPN_DayAuto_Group" + next + edit "jchapman.oa#VPN_Hyperion_Group" + next + edit "btrzaskos.oa#VPN_DayAuto_Group" + next + edit "ysun.oa#VPN_Hyperion_Group" + next + edit "sreddy.OA#VPN_Hyperion_Group" + next + edit "bstrohm_admin#SSL_VPN_Full_Access" + next + edit "navd.oa#VPN_Peoplesoft_Group" + config bookmarks + edit "SCSD PS DEV" + set url "http://psdevhcm.scsd.ad/psp/HDEV/?cmd=login&languageCd=ENG&" + next + end + next +end +config vpn ipsec phase1-interface + edit "SRIC_BOCES" + set interface "outside lag" + set ike-version 2 + set peertype any + set net-device disable + set proposal aes256-sha256 + set dhgrp 14 + set nattraversal disable + set remote-gw 170.161.52.25 + set psksecret ENC VfwFjiI7LU47vf8pI5fkMwsyn+R6NwkJSA9lbM4TNUEDy/k5l93jMcy20CskKHZmZJvOc9WByZNHdRwGPi5k3PzDbIG049uoEDUUXv7RVS0jsDOrHBAOKl97X8GKhShDtJ7+ky0o1bISFhx+z0kpeB0V2vU4QFlY7rquVfNcMhs72OtwGrP7x6rBuWoTleuNu1rN1g== + next + edit "vpn-042e9903" + set interface "outside lag" + set ike-version 2 + set local-gw 198.36.24.5 + set keylife 28800 + set peertype any + set net-device disable + set proposal aes256-sha256 + set dhgrp 19 + set remote-gw 52.61.115.188 + set psksecret ENC pgnEiLI+KRc+PpaJbpMRzj5LYY2VqBK7fkJc0rK8DZthFdzrTiOemGkd/AAZfYDfQzjXE2ImkUPGDg7kE/bpX7zb1Q+YN2F/weXGZLFLFiC2YeJHAtw4S3S3Sxyu0oF0IX4qMRQxN3KMQoNDHw4SCZ28uySpMuSGdEB3VU3aMrixvI/aj7ZM5FI6RNyVptPig/gdUw== + set dpd-retryinterval 30 + next + edit "SCHC" + set interface "outside lag" + set ike-version 2 + set peertype any + set net-device disable + set proposal aes256-sha256 + set remote-gw 209.217.202.173 + set psksecret ENC 3F3hUIePVaRfY+I8wb/5TSpoxIg1qHmE83OjoC12VxjhTgVMpbe+q+OFQVKPz43vDsp26IG1wHhwnwvcUWUcFMVsyhaC6vWBagpJ7bl5T5yQmahbN2O9xEE3PFLdEYBnw7cVHfYgqKI+OnK1AIHSXgczu4TF7OS0mW8O68ss8I1MJOp6tUK5I133uvZuqy0SXjvZvg== + next + edit "vpn-0fc50345" + set interface "outside lag" + set local-gw 198.36.24.5 + set keylife 28800 + set peertype any + set net-device disable + set proposal aes128-sha1 + set comments "SchoolTool Tunnel" + set dhgrp 2 + set remote-gw 34.194.174.170 + set psksecret ENC hc9/IG0PLZc8nqoYi1AAzwJIUQjxZIH3/Rg3UC/t8SaPTSWlkg7+MqkQLSrfEC3jm1DxUyDRUr0tcq6QOdi4Hyf6PotXxoFyOC8CFqyTOExapKsx9TXEuHMnFDT5n1kOxyGymGnmMFy7k77gcSAnZr0TG+O0EGMG/AB70wqWhdiYonlDuXbTQKsQjB3srbUpO4R7ng== + next + edit "vpn-0403e61" + set interface "outside lag" + set ike-version 2 + set local-gw 198.36.24.5 + set keylife 28800 + set peertype any + set net-device disable + set proposal aes256-sha256 + set comments "eScholar Tunnel" + set dhgrp 19 + set remote-gw 44.216.12.227 + set psksecret ENC EATGPi9D0scvkZvkpkFaOzrdUUZXZ4uOYcdZx2rM61DfX2MhXPfEhRGsOpgn4Gj5PlYXtIME7DvK0YuoHZHzR2sLfnSPHe15YMWsqA6L0kaUdMIAM3OTP7vT0F9QDdYF6IagN0NMPhAWvCAfRCb0ZHOnt3hO/jEc0DEeNPWakjY4P5yrzzzEBzjVYEVQ11g2nVwQPQ== + set dpd-retryinterval 30 + next + edit "Highstreet" + set interface "outside lag" + set ike-version 2 + set local-gw 198.36.24.5 + set keylife 28800 + set peertype any + set net-device disable + set proposal aes128-sha1 + set dhgrp 2 + set nattraversal disable + set remote-gw 3.20.191.182 + set psksecret ENC JPr8gHWNJOHu51rYeimLjd4gIenOITSQkJuwQmpov1tp2X+/mi1yOMu/ArMbVGVHCpkkGaJd5TlV8+iQernJ0zbmIFVphMzp31ipxtYKwCcU16QbNutuRQHTCkacgfJITMzelqbTn1yX8gQmOfc+Nm5Ff21IusnWMuCX2e1JnSlsWXk93jGFKPZJ49jNodtEkyu0hA== + next + edit "Highstreet_2" + set interface "outside lag" + set ike-version 2 + set keylife 28800 + set peertype any + set net-device disable + set proposal aes128-sha1 + set dhgrp 2 + set nattraversal disable + set remote-gw 3.146.135.243 + set psksecret ENC F42JFLCV4o51MG3dJgMhxed+wKbyPNe3o/gzPVt+S1v2nPkRxaRrDHd35UTK1e2aVDhnYx3jOStK78bFmN+EyABmiaM+7D75bTUZNH9RNPXbV3QfAupRCCkJYqVzw8IcD1XEaRepKx4kJJ0sYas+vLv0zC0XVpl6mdynwdhVQ44it345OAc8hEF79t+M1ReMlLe+IA== + next + edit "DPS" + set interface "outside lag" + set ike-version 2 + set peertype any + set net-device disable + set proposal aes256-sha256 + set comments "VPN: DPS" + set remote-gw 24.39.213.214 + set psksecret ENC /mqtKX5AoPJ4lKLOsjT8SiIxw9IfSbyAqR+BYCF3BcuxyfkSPZuWZaoDN4qSAQNSuJWVNlk5cMWNVTqS39vYpMxrPYEUgFSdBCqG74v8pulNq3wdcvr0NacmGlbjjXTK9txdlxiJCqsF1DII5lVQxG4/gIvxd7gq2gCzs5hqm54K7uu6GfJqavCu7OXOk0Er2v6ODw== + next + edit "RAP" + set interface "outside lag" + set ike-version 2 + set peertype any + set net-device disable + set proposal aes256-sha256 + set nattraversal disable + set remote-gw 24.105.188.54 + set psksecret ENC Z7BghtxJ2bqbW81y491GQQbgm1fjmiQANIsczpkGL3stZKLQ/8cwEZjrwuOz3EQWG01Wr+5BgqsAMAXN1iSNAf3o0mHay3lhCPF5VU+FZa11576VRaTNR2QozweDDXgS7stmj3pIic3SArdqsIhSeQinRu+85AEzfvlkn4KgBm14I9tdZiueScCjz+2grJ1iAbDYNg== + next +end +config vpn ipsec phase2-interface + edit "SRIC_BOCES" + set phase1name "SRIC_BOCES" + set proposal aes256-sha256 + set dhgrp 14 + set auto-negotiate enable + set src-addr-type ip + set dst-addr-type ip + set keylifeseconds 28800 + set src-start-ip 198.36.24.68 + set dst-start-ip 170.161.52.27 + next + edit "vpn-042e9903" + set phase1name "vpn-042e9903" + set proposal aes256-sha256 + set dhgrp 16 + set auto-negotiate enable + set keylifeseconds 3600 + set src-subnet 10.1.48.0 255.255.255.0 + set dst-subnet 10.222.0.0 255.255.0.0 + next + edit "SCHC" + set phase1name "SCHC" + set proposal aes256-sha256 + set dhgrp 14 + set src-addr-type name + set dst-addr-type name + set keylifeseconds 28800 + set src-name "SCHC_Local_Subnets_Group" + set dst-name "SCHC_Remote_Subnets_Group" + next + edit "vpn-0fc50345" + set phase1name "vpn-0fc50345" + set proposal aes128-sha1 + set dhgrp 2 + set auto-negotiate enable + set src-addr-type name + set dst-addr-type name + set keylifeseconds 3600 + set src-name "SchoolTool_Cloud_Internal" + set dst-name "SchoolTool_External_Range" + next + edit "vpn-0403e61" + set phase1name "vpn-0403e61" + set proposal aes256-sha256 + set dhgrp 16 + set auto-negotiate enable + set keylifeseconds 3600 + set src-subnet 10.1.48.0 255.255.255.0 + set dst-subnet 10.11.0.0 255.255.240.0 + next + edit "Highstreet" + set phase1name "Highstreet" + set proposal aes128-sha1 + set dhgrp 2 + set auto-negotiate enable + set keylifeseconds 3600 + set src-subnet 10.1.0.0 255.255.192.0 + set dst-subnet 10.51.62.0 255.255.255.0 + next + edit "Highstreet_2" + set phase1name "Highstreet_2" + set proposal aes128-sha1 + set dhgrp 2 + set auto-negotiate enable + set keylifeseconds 3600 + set src-subnet 10.1.0.0 255.255.0.0 + set dst-subnet 10.51.62.32 255.255.255.240 + next + edit "DPS" + set phase1name "DPS" + set proposal aes256-sha256 + set comments "VPN: DPS" + next + edit "RAP" + set phase1name "RAP" + set proposal aes256-sha256 + next +end