fortigate Fri Oct 31 05:06:58 PM EDT 2025

2025-10-31 17:06:58 -04:00 · 2025-10-31 17:06:58 -04:00 · 43730aaf84
commit 43730aaf84
parent e541ae27fa
3 changed files with 54 additions and 1 deletions
--- a/configs/fortigate/global/system.cfg
+++ b/configs/fortigate/global/system.cfg
@ -706,6 +706,7 @@ config system admin
    edit "jkafta72.admin"
        set trusthost1 10.1.6.0 255.255.255.0
        set trusthost2 10.1.40.0 255.255.255.0
+        set trusthost3 10.212.134.12 255.255.255.255
        set accprofile "super_admin"
        set vdom "root"
        set password ENC *HIDDEN*
--- a/configs/fortigate/vdom_scsd/application.cfg
+++ b/configs/fortigate/vdom_scsd/application.cfg
@ -55,4 +55,17 @@ config application list
            next
        end
    next
+    edit "IoT"
+        set other-application-log enable
+        config entries
+            edit 1
+                set application 17244
+                set action pass
+                set log disable
+            next
+            edit 2
+                set category 2 6
+            next
+        end
+    next
 end
--- a/configs/fortigate/vdom_scsd/firewall.cfg
+++ b/configs/fortigate/vdom_scsd/firewall.cfg
@ -2876,6 +2876,10 @@ config firewall address
        set color 6
        set subnet 107.172.59.44 255.255.255.255
    next
+    edit "IoT - Core"
+        set allow-routing enable
+        set subnet 10.1.30.0 255.255.254.0
+    next
 end
 config firewall multicast-address
    edit "all_hosts"
@ -5183,7 +5187,7 @@ config firewall policy
        set srcaddr "SSL_VPN_Range"
        set dstaddr "DocHolliday"
        set schedule "always"
-        set service "RDP" "UDP-3389" "SMB" "HTTP" "HTTPS"
+        set service "RDP" "UDP-3389" "SMB" "HTTP" "HTTPS" "PING"
        set utm-status enable
        set ssl-ssh-profile "certificate-inspection"
        set ips-sensor "Incoming_IPS"
@ -5191,6 +5195,22 @@ config firewall policy
        set groups "VPN_DocHolliday_Group"
        set comments "Remote Access VPN - DocHolliday for Katapult User"
    next
+    edit 105
+        set name "DNS_FOR_SSL_VPN"
+        set srcintf "ssl.scsd"
+        set dstintf "inside"
+        set action accept
+        set srcaddr "SSL_VPN_Range"
+        set dstaddr "Domain_Controller_Group"
+        set schedule "always"
+        set service "DNS"
+        set utm-status enable
+        set ssl-ssh-profile "certificate-inspection"
+        set ips-sensor "Incoming_IPS"
+        set logtraffic all
+        set groups "VPN_DocHolliday_Group"
+        set comments "Remote Access VPN - DocHolliday for Katapult User (Copy of VPN_DocHolliday)"
+    next
    edit 68
        set name "VPN_Access411_Servers"
        set srcintf "ssl.scsd"
@ -5624,6 +5644,25 @@ config firewall policy
        set tcp-mss-receiver 1400
        set comments "Test Point of Sale"
    next
+    edit 119
+        set name "IoT>Open VPN"
+        set srcintf "inside"
+        set dstintf "outside"
+        set action accept
+        set srcaddr "IoT - Core"
+        set dstaddr "all"
+        set schedule "always"
+        set service "ALL"
+        set utm-status enable
+        set ssl-ssh-profile "certificate-inspection"
+        set av-profile "g-default"
+        set ips-sensor "Outgoing_IPS"
+        set application-list "IoT"
+        set logtraffic all
+        set nat enable
+        set ippool enable
+        set poolname "ippool-198.36.23.251"
+    next
    edit 106
        set name "Internet Access"
        set srcintf "inside" "RAP"