scsd/scsd-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fortigate Fri Oct 31 05:06:58 PM EDT 2025

Browse Source
This commit is contained in:
John Poland 2025-10-31 17:06:58 -04:00
parent e541ae27fa
commit 43730aaf84
3 changed files with 54 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
configs/fortigate/global/system.cfg
View File

@ -706,6 +706,7 @@ config system admin
edit "jkafta72.admin" edit "jkafta72.admin"
set trusthost1 10.1.6.0 255.255.255.0 set trusthost1 10.1.6.0 255.255.255.0
set trusthost2 10.1.40.0 255.255.255.0 set trusthost2 10.1.40.0 255.255.255.0
set trusthost3 10.212.134.12 255.255.255.255
set accprofile "super_admin" set accprofile "super_admin"
set vdom "root" set vdom "root"
set password ENC *HIDDEN* set password ENC *HIDDEN*

13
configs/fortigate/vdom_scsd/application.cfg
View File

@ -55,4 +55,17 @@ config application list
next next
end end
next next
edit "IoT"
set other-application-log enable
config entries
edit 1
set application 17244
set action pass
set log disable
next
edit 2
set category 2 6
next
end
next
end end

41
configs/fortigate/vdom_scsd/firewall.cfg
View File

@ -2876,6 +2876,10 @@ config firewall address
set color 6 set color 6
set subnet 107.172.59.44 255.255.255.255 set subnet 107.172.59.44 255.255.255.255
next next
edit "IoT - Core"
set allow-routing enable
set subnet 10.1.30.0 255.255.254.0
next
end end
config firewall multicast-address config firewall multicast-address
edit "all_hosts" edit "all_hosts"
@ -5183,7 +5187,7 @@ config firewall policy
set srcaddr "SSL_VPN_Range" set srcaddr "SSL_VPN_Range"
set dstaddr "DocHolliday" set dstaddr "DocHolliday"
set schedule "always" set schedule "always"
set service "RDP" "UDP-3389" "SMB" "HTTP" "HTTPS" set service "RDP" "UDP-3389" "SMB" "HTTP" "HTTPS" "PING"
set utm-status enable set utm-status enable
set ssl-ssh-profile "certificate-inspection" set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS" set ips-sensor "Incoming_IPS"
@ -5191,6 +5195,22 @@ config firewall policy
set groups "VPN_DocHolliday_Group" set groups "VPN_DocHolliday_Group"
set comments "Remote Access VPN - DocHolliday for Katapult User" set comments "Remote Access VPN - DocHolliday for Katapult User"
next next
edit 105
set name "DNS_FOR_SSL_VPN"
set srcintf "ssl.scsd"
set dstintf "inside"
set action accept
set srcaddr "SSL_VPN_Range"
set dstaddr "Domain_Controller_Group"
set schedule "always"
set service "DNS"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set groups "VPN_DocHolliday_Group"
set comments "Remote Access VPN - DocHolliday for Katapult User (Copy of VPN_DocHolliday)"
next
edit 68 edit 68
set name "VPN_Access411_Servers" set name "VPN_Access411_Servers"
set srcintf "ssl.scsd" set srcintf "ssl.scsd"
@ -5624,6 +5644,25 @@ config firewall policy
set tcp-mss-receiver 1400 set tcp-mss-receiver 1400
set comments "Test Point of Sale" set comments "Test Point of Sale"
next next
edit 119
set name "IoT>Open VPN"
set srcintf "inside"
set dstintf "outside"
set action accept
set srcaddr "IoT - Core"
set dstaddr "all"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set av-profile "g-default"
set ips-sensor "Outgoing_IPS"
set application-list "IoT"
set logtraffic all
set nat enable
set ippool enable
set poolname "ippool-198.36.23.251"
next
edit 106 edit 106
set name "Internet Access" set name "Internet Access"
set srcintf "inside" "RAP" set srcintf "inside" "RAP"