fortigate Thu Oct 16 09:08:45 PM EDT 2025

2025-10-16 21:08:45 -04:00 · 2025-10-16 21:08:45 -04:00 · 50f42e54eb
commit 50f42e54eb
parent 28510c78f5
5 changed files with 49 additions and 40 deletions
--- a/configs/fortigate/global/system.cfg
+++ b/configs/fortigate/global/system.cfg
@ -4,7 +4,7 @@ config system global
    set alias "FortiGate-2601F"
    set gui-device-latitude "43.02974913459805"
    set gui-device-longitude "-76.14486694335938"
-    set hostname "noc-fortigate-b"
+    set hostname "noc-fortigate-a"
    set management-port-use-admin-sport disable
    set remoteauthtimeout 120
    set revision-backup-on-logout enable
@ -457,6 +457,23 @@ config system interface
        set alias "SSL VPN interface"
        set snmp-index 42
    next
+    edit "naf.scsd"
+        set vdom "scsd"
+        set type tunnel
+        set src-check disable
+        set snmp-index 57
+    next
+    edit "l2t.scsd"
+        set vdom "scsd"
+        set type tunnel
+        set snmp-index 58
+    next
+    edit "ssl.scsd"
+        set vdom "scsd"
+        set type tunnel
+        set alias "SSL VPN interface"
+        set snmp-index 45
+    next
    edit "naf.Policy"
        set vdom "Policy"
        set type tunnel
@ -491,23 +508,6 @@ config system interface
        set alias "SSL VPN interface"
        set snmp-index 47
    next
-    edit "naf.scsd"
-        set vdom "scsd"
-        set type tunnel
-        set src-check disable
-        set snmp-index 57
-    next
-    edit "l2t.scsd"
-        set vdom "scsd"
-        set type tunnel
-        set snmp-index 58
-    next
-    edit "ssl.scsd"
-        set vdom "scsd"
-        set type tunnel
-        set alias "SSL VPN interface"
-        set snmp-index 45
-    next
    edit "npu0_vlink0"
        set vdom "root"
        set type physical
@ -706,10 +706,19 @@ config system admin
        set password ENC *HIDDEN*
    next
    edit "jkafta72.admin"
+        set trusthost1 10.1.6.0 255.255.255.0
+        set trusthost2 10.1.40.0 255.255.255.0
        set accprofile "super_admin"
        set vdom "root"
        set password ENC *HIDDEN*
    next
+    edit "estein66.admin"
+        set trusthost1 10.1.6.0 255.255.255.0
+        set trusthost2 10.1.40.0 255.255.255.0
+        set accprofile "super_admin"
+        set vdom "Policy" "root" "scsd" "TEST"
+        set password ENC *HIDDEN*
+    next
 end
 config system sso-admin
 end
@ -726,14 +735,14 @@ config system ha
    set mode a-p
    set hbdev "port1" 50 "port2" 50 
    set override disable
-    set priority 100
+    set priority 200
 end
 config system storage
    edit "SSD1"
        set status enable
        set media-status enable
        set order 1
-        set partition "LOGUSEDX4300F88D"
+        set partition "LOGUSEDX45501361"
        set device "/dev/nvme0n1p1"
        set size 937875
        set usage log
@ -742,7 +751,7 @@ config system storage
        set status enable
        set media-status enable
        set order 2
-        set partition "WANOPTXXFFCD85F8"
+        set partition "WANOPTXX808E4B55"
        set device "/dev/nvme1n1p1"
        set size 266562
        set usage wanopt
@ -1023,6 +1032,10 @@ config system vdom-property
        set description "property limits for vdom root"
        set snmp-index 1
    next
+    edit "scsd"
+        set description "property limits for vdom scsd"
+        set snmp-index 2
+    next
    edit "Policy"
        set description "property limits for vdom Policy"
        set snmp-index 4
@ -1031,10 +1044,6 @@ config system vdom-property
        set description "property limits for vdom TEST"
        set snmp-index 3
    next
-    edit "scsd"
-        set description "property limits for vdom scsd"
-        set snmp-index 2
-    next
 end
 config system cluster-sync
 end
--- a/configs/fortigate/vdom_root/user.cfg
+++ b/configs/fortigate/vdom_root/user.cfg
@ -9,7 +9,7 @@ end
 config user local
    edit "guest"
        set type password
-        set passwd ENC xPBvzRl0fSM2uN3J7UIN5ZgsnzDN6HlyERGlWMjnJwiOPjoavEAA7GBbieLcGi6kdM3yKTs+HoV/KJp/wFrDo5phGDorttSDcqGGcEYeOsH68xCT+1/OTAlp8NsLaa50tbQ5ujQQjWHBuFoWYqK3xqu820+DvKAP8UOceD719WobX5wwC/mKmGbCpMeJO1JZxdStzQ==
+        set passwd ENC paAPilLITgzpKaHiRAW5OMSob1O0ACCH1Tum2u+9kGkTftPKMYlFPooyK7IqAisUA9tWKL68GTjQCEfM5yZCrtkitXM527MFq/hXNm6so0QOMDoG/IuqiYQdLtKaJqCVu0x9dO5AjWyUgP8H4hkpzpq7dPrwYg2uU++xJtlYqDnZPHhDfXRujxAeSShJ/UWF1jr46Q==
    next
 end
 config user setting
--- a/configs/fortigate/vdom_scsd/firewall.cfg
+++ b/configs/fortigate/vdom_scsd/firewall.cfg
@ -835,10 +835,6 @@ config firewall address
        set color 6
        set subnet 5.4.5.4 255.255.255.255
    next
-    edit "Safeschools_02"
-        set comment "IP address for Safe Schools video training.  Used to access LDAP authentication."
-        set subnet 18.219.244.165 255.255.255.255
-    next
    edit "z_BlockIP_081"
        set comment "Malicious IP Address"
        set associated-interface "outside"
@ -2623,6 +2619,10 @@ config firewall address
        set color 18
        set subnet 10.1.40.102 255.255.255.255
    next
+    edit "Safeschools_02"
+        set comment "IP address for Safe Schools video training.  Used to access LDAP authentication."
+        set subnet 18.219.244.165 255.255.255.255
+    next
    edit "Server_40"
        set associated-interface "inside"
        set subnet 10.1.40.0 255.255.255.0
--- a/configs/fortigate/vdom_scsd/user.cfg
+++ b/configs/fortigate/vdom_scsd/user.cfg
@ -5510,7 +5510,7 @@ config user local
    edit "jorge-mike"
        set type password
        set passwd-time 2025-10-03 12:14:17
-        set passwd ENC 8bdnDDRnGdGuzhmLaKSUH1It4F61Lx1CxPNwKXFZQ5tIbxf9gEz6G3O1aAmvxjckfE2Ioao2VpBMVLyX8AS/IDfJuu5jjuyJU75t0yqi/4BkAWZlvyvdcuPbL1i7uIwuULYUEJpUwO9Ni7qEjxpe17n3nHr6dOl/onsGbRIMtrVj9eJNQCvZvN60nopG2Rn4trDOuw==
+        set passwd ENC jUGil6ZHP5GBE5kOU4Z1loX03zqGaIr2oh0MNn9ORyq8ySijxaDJcSes3Fn4FL5gj1ZozPCQcgbf40xtLs+HVy2VsYw87OZugJIUV+Rv+Xl3gJ7mXPZXMcGLvf954IBeXk83ATwSkOKDL4R3yyV29Yn0EkUVi2a8rnZhzOPJ4bTDolzwRtGMasbJStFRkONtjGpzNQ==
    next
 end
 config user setting
--- a/configs/fortigate/vdom_scsd/vpn.cfg
+++ b/configs/fortigate/vdom_scsd/vpn.cfg
@ -849,7 +849,7 @@ config vpn ipsec phase1-interface
        set dhgrp 14
        set nattraversal disable
        set remote-gw 170.161.52.25
-        set psksecret ENC VfwFjiI7LU47vf8pI5fkMwsyn+R6NwkJSA9lbM4TNUEDy/k5l93jMcy20CskKHZmZJvOc9WByZNHdRwGPi5k3PzDbIG049uoEDUUXv7RVS0jsDOrHBAOKl97X8GKhShDtJ7+ky0o1bISFhx+z0kpeB0V2vU4QFlY7rquVfNcMhs72OtwGrP7x6rBuWoTleuNu1rN1g==
+        set psksecret ENC Thv4qDQZDuOMksNSbmGyGfXbFwFUn65/uWe5Ua/ZglDWaevldXAE+g4GxE3K6j1Wkw5jfhn4gAUaaog9+RlBAAvPsPXxr30rq3X/0VGFRpFbc5O8LKNTuqJlYaGs1IGuE16dCTZ7nClVjXfflKhwx/4ReCCSZML0l6qwsmyr7dzKGNUomdiAMXpp3JvSMp5OT5ol2g==
    next
    edit "vpn-042e9903"
        set interface "outside lag"
@ -861,7 +861,7 @@ config vpn ipsec phase1-interface
        set proposal aes256-sha256
        set dhgrp 19
        set remote-gw 52.61.115.188
-        set psksecret ENC pgnEiLI+KRc+PpaJbpMRzj5LYY2VqBK7fkJc0rK8DZthFdzrTiOemGkd/AAZfYDfQzjXE2ImkUPGDg7kE/bpX7zb1Q+YN2F/weXGZLFLFiC2YeJHAtw4S3S3Sxyu0oF0IX4qMRQxN3KMQoNDHw4SCZ28uySpMuSGdEB3VU3aMrixvI/aj7ZM5FI6RNyVptPig/gdUw==
+        set psksecret ENC P/xchn5pt3WZAagt3WbQRYvJ9qNFW65fzPL9S+MqrZxSjR6G+AhvoHnLF+1dRpj5+hZ/i6tTQp1nI3kL4XiACZGCwoq3BicKsMmQv5T718kpxRNNZ7q9cHyzQNFCxQrpZLl6p/dmMKK1J4L8DYJrpUNQR92iepTqKT1dUvaFAcZWWGVv5oBonpKFUpF5zNjWGSO0Sw==
        set dpd-retryinterval 30
    next
    edit "SCHC"
@ -871,7 +871,7 @@ config vpn ipsec phase1-interface
        set net-device disable
        set proposal aes256-sha256
        set remote-gw 209.217.202.173
-        set psksecret ENC 3F3hUIePVaRfY+I8wb/5TSpoxIg1qHmE83OjoC12VxjhTgVMpbe+q+OFQVKPz43vDsp26IG1wHhwnwvcUWUcFMVsyhaC6vWBagpJ7bl5T5yQmahbN2O9xEE3PFLdEYBnw7cVHfYgqKI+OnK1AIHSXgczu4TF7OS0mW8O68ss8I1MJOp6tUK5I133uvZuqy0SXjvZvg==
+        set psksecret ENC h8V2yVeqHHEe14GTuyduqIj7T/DsuFMTA/cDA2PSzwlDnKOuOQg7zXc7c81sD4uB13evTAXx+GHMSGmiCbl+peXU5ltYL/MolMzOmpDMuqw+EoD3gZR9+KTrEK6PzPH5zSY091xUhDBMOIcWYmikfzMDeeY4jTEESHfOOYYGmkvhX9k5XVMPX4gZy3Dd8pZ6TQADBg==
    next
    edit "vpn-0fc50345"
        set interface "outside lag"
@ -883,7 +883,7 @@ config vpn ipsec phase1-interface
        set comments "SchoolTool Tunnel"
        set dhgrp 2
        set remote-gw 34.194.174.170
-        set psksecret ENC hc9/IG0PLZc8nqoYi1AAzwJIUQjxZIH3/Rg3UC/t8SaPTSWlkg7+MqkQLSrfEC3jm1DxUyDRUr0tcq6QOdi4Hyf6PotXxoFyOC8CFqyTOExapKsx9TXEuHMnFDT5n1kOxyGymGnmMFy7k77gcSAnZr0TG+O0EGMG/AB70wqWhdiYonlDuXbTQKsQjB3srbUpO4R7ng==
+        set psksecret ENC br2H+NgJWMWmSAu7lnp16BvAIhUbu3cxWcO3j6OQgLFqEFbH/k6eF5+2UFxCtL38ER62N7PSZBGVUvt4HsTR2gKro7jEfKSQ7htPD9l/xzrsA1toI16uxYaUJoUp/MdHUhjxgbrlXh4eLO/sLIe3kbvlKs1xYQdQ0HQ3xyVMJ2dafhZG1rJ2scvxpACtOPYjZGJMRw==
    next
    edit "vpn-0403e61"
        set interface "outside lag"
@ -896,7 +896,7 @@ config vpn ipsec phase1-interface
        set comments "eScholar Tunnel"
        set dhgrp 19
        set remote-gw 44.216.12.227
-        set psksecret ENC EATGPi9D0scvkZvkpkFaOzrdUUZXZ4uOYcdZx2rM61DfX2MhXPfEhRGsOpgn4Gj5PlYXtIME7DvK0YuoHZHzR2sLfnSPHe15YMWsqA6L0kaUdMIAM3OTP7vT0F9QDdYF6IagN0NMPhAWvCAfRCb0ZHOnt3hO/jEc0DEeNPWakjY4P5yrzzzEBzjVYEVQ11g2nVwQPQ==
+        set psksecret ENC 66aP1+o+Z4MuSP0zKROQ5RnP1mPuBkX+Hd6BzGsjELW7sfTKb+s8ZSxz9qf+z3dKtvfzYHYn1yTNyRozj0BeZOibv25CUudFUBpuRAMWN/eEb2zrXqnB3adwEfjEhBfW4lcvViDp0+PY/hTWPvhHze3IL29+KY3CdGZJh/QSqtAyMD8o9Cn2TJnWqS69sSJqiFptCw==
        set dpd-retryinterval 30
    next
    edit "Highstreet"
@ -910,7 +910,7 @@ config vpn ipsec phase1-interface
        set dhgrp 2
        set nattraversal disable
        set remote-gw 3.20.191.182
-        set psksecret ENC JPr8gHWNJOHu51rYeimLjd4gIenOITSQkJuwQmpov1tp2X+/mi1yOMu/ArMbVGVHCpkkGaJd5TlV8+iQernJ0zbmIFVphMzp31ipxtYKwCcU16QbNutuRQHTCkacgfJITMzelqbTn1yX8gQmOfc+Nm5Ff21IusnWMuCX2e1JnSlsWXk93jGFKPZJ49jNodtEkyu0hA==
+        set psksecret ENC tP4eeigWlrSo0C2/pVI6rI5rGKCIYDDEFD8ZJCnhfEu0Qq6/JL95YogjkQ1Awq/kVBZBKGVFKi/oiqE6a3+RsLL1x6caltjj11eTOprw357H7dCxbe+Xisk6mbuVTTecNWtM5Dgd/D28Knc5NDm37OIErTMcyv9uMx3PrjIe7I9EON0fbNIPZvYb6lmU7Zr/A03gaw==
    next
    edit "Highstreet_2"
        set interface "outside lag"
@ -922,7 +922,7 @@ config vpn ipsec phase1-interface
        set dhgrp 2
        set nattraversal disable
        set remote-gw 3.146.135.243
-        set psksecret ENC F42JFLCV4o51MG3dJgMhxed+wKbyPNe3o/gzPVt+S1v2nPkRxaRrDHd35UTK1e2aVDhnYx3jOStK78bFmN+EyABmiaM+7D75bTUZNH9RNPXbV3QfAupRCCkJYqVzw8IcD1XEaRepKx4kJJ0sYas+vLv0zC0XVpl6mdynwdhVQ44it345OAc8hEF79t+M1ReMlLe+IA==
+        set psksecret ENC msrPc3qo5xWDlD+qQGtjUbph6vCwWjbo2yYTv1hkjUuI2QrtRN7fQZ45bB7KPl6qaaHC/b6iMVaehdKCvpntvj6WWouquJ/K6hKkaqR/IdCCGTuTokyzxl0d2O/2Yv1TSISqQej0uG5fK0oJDkBMtqevZqXIqo1bs+HI4E5+H2NAu+SpYiKmq1j20yc4m9rTC02JQg==
    next
    edit "DPS"
        set interface "outside lag"
@ -932,7 +932,7 @@ config vpn ipsec phase1-interface
        set proposal aes256-sha256
        set comments "VPN: DPS"
        set remote-gw 24.39.213.214
-        set psksecret ENC /mqtKX5AoPJ4lKLOsjT8SiIxw9IfSbyAqR+BYCF3BcuxyfkSPZuWZaoDN4qSAQNSuJWVNlk5cMWNVTqS39vYpMxrPYEUgFSdBCqG74v8pulNq3wdcvr0NacmGlbjjXTK9txdlxiJCqsF1DII5lVQxG4/gIvxd7gq2gCzs5hqm54K7uu6GfJqavCu7OXOk0Er2v6ODw==
+        set psksecret ENC AO3lyWWG9K0c4Y2VOizFQErraPOp1KHXVSKn5Mj2MNst8v7n5XfUYiGl5FxHPXr4fm4L3GoPzBJsYfAJZtGsbOIbKam7046l3EJ9YAGk46VJwhk1/HxIPSoJpAkOuR+JI+Ag1QZ0CbXIFg47RlI5cBp9L220tB8f1eUE70SQEF3ZbVhIETfNNoUeIFZt72FO/72nTA==
    next
    edit "RAP"
        set interface "outside lag"
@ -942,7 +942,7 @@ config vpn ipsec phase1-interface
        set proposal aes256-sha256
        set nattraversal disable
        set remote-gw 24.105.188.54
-        set psksecret ENC Z7BghtxJ2bqbW81y491GQQbgm1fjmiQANIsczpkGL3stZKLQ/8cwEZjrwuOz3EQWG01Wr+5BgqsAMAXN1iSNAf3o0mHay3lhCPF5VU+FZa11576VRaTNR2QozweDDXgS7stmj3pIic3SArdqsIhSeQinRu+85AEzfvlkn4KgBm14I9tdZiueScCjz+2grJ1iAbDYNg==
+        set psksecret ENC mMswMzGWsJmz2wDPVHbTFnnLqRLXhmCHnas3HoAH/yxhBT9O516Z4LVzPHPQVTl3bxmV228aC9pjukggbm6vwU7l7pV7NOHBCdSgRVwPl7SRToHeIz0CFT+rSH+FYvrKhBFrqJ1BGFns5T5MdmVOntT3H1NQ0C7KALeCozNGMga7gFyYVqOn6SifMA6FyzO6bHxqdA==
    next
 end
 config vpn ipsec phase2-interface