From 50f42e54ebc803a01e5fc18b3852d7cb144928a6 Mon Sep 17 00:00:00 2001 From: John Poland Date: Thu, 16 Oct 2025 21:08:45 -0400 Subject: [PATCH] fortigate Thu Oct 16 09:08:45 PM EDT 2025 --- configs/fortigate/global/system.cfg | 59 ++++++++++++++---------- configs/fortigate/vdom_root/user.cfg | 2 +- configs/fortigate/vdom_scsd/firewall.cfg | 8 ++-- configs/fortigate/vdom_scsd/user.cfg | 2 +- configs/fortigate/vdom_scsd/vpn.cfg | 18 ++++---- 5 files changed, 49 insertions(+), 40 deletions(-) diff --git a/configs/fortigate/global/system.cfg b/configs/fortigate/global/system.cfg index be41307..f1c7ee9 100644 --- a/configs/fortigate/global/system.cfg +++ b/configs/fortigate/global/system.cfg @@ -4,7 +4,7 @@ config system global set alias "FortiGate-2601F" set gui-device-latitude "43.02974913459805" set gui-device-longitude "-76.14486694335938" - set hostname "noc-fortigate-b" + set hostname "noc-fortigate-a" set management-port-use-admin-sport disable set remoteauthtimeout 120 set revision-backup-on-logout enable @@ -457,6 +457,23 @@ config system interface set alias "SSL VPN interface" set snmp-index 42 next + edit "naf.scsd" + set vdom "scsd" + set type tunnel + set src-check disable + set snmp-index 57 + next + edit "l2t.scsd" + set vdom "scsd" + set type tunnel + set snmp-index 58 + next + edit "ssl.scsd" + set vdom "scsd" + set type tunnel + set alias "SSL VPN interface" + set snmp-index 45 + next edit "naf.Policy" set vdom "Policy" set type tunnel @@ -491,23 +508,6 @@ config system interface set alias "SSL VPN interface" set snmp-index 47 next - edit "naf.scsd" - set vdom "scsd" - set type tunnel - set src-check disable - set snmp-index 57 - next - edit "l2t.scsd" - set vdom "scsd" - set type tunnel - set snmp-index 58 - next - edit "ssl.scsd" - set vdom "scsd" - set type tunnel - set alias "SSL VPN interface" - set snmp-index 45 - next edit "npu0_vlink0" set vdom "root" set type physical @@ -706,10 +706,19 @@ config system admin set password ENC *HIDDEN* next edit "jkafta72.admin" + set trusthost1 10.1.6.0 255.255.255.0 + set trusthost2 10.1.40.0 255.255.255.0 set accprofile "super_admin" set vdom "root" set password ENC *HIDDEN* next + edit "estein66.admin" + set trusthost1 10.1.6.0 255.255.255.0 + set trusthost2 10.1.40.0 255.255.255.0 + set accprofile "super_admin" + set vdom "Policy" "root" "scsd" "TEST" + set password ENC *HIDDEN* + next end config system sso-admin end @@ -726,14 +735,14 @@ config system ha set mode a-p set hbdev "port1" 50 "port2" 50 set override disable - set priority 100 + set priority 200 end config system storage edit "SSD1" set status enable set media-status enable set order 1 - set partition "LOGUSEDX4300F88D" + set partition "LOGUSEDX45501361" set device "/dev/nvme0n1p1" set size 937875 set usage log @@ -742,7 +751,7 @@ config system storage set status enable set media-status enable set order 2 - set partition "WANOPTXXFFCD85F8" + set partition "WANOPTXX808E4B55" set device "/dev/nvme1n1p1" set size 266562 set usage wanopt @@ -1023,6 +1032,10 @@ config system vdom-property set description "property limits for vdom root" set snmp-index 1 next + edit "scsd" + set description "property limits for vdom scsd" + set snmp-index 2 + next edit "Policy" set description "property limits for vdom Policy" set snmp-index 4 @@ -1031,10 +1044,6 @@ config system vdom-property set description "property limits for vdom TEST" set snmp-index 3 next - edit "scsd" - set description "property limits for vdom scsd" - set snmp-index 2 - next end config system cluster-sync end diff --git a/configs/fortigate/vdom_root/user.cfg b/configs/fortigate/vdom_root/user.cfg index ee55839..643b5d1 100644 --- a/configs/fortigate/vdom_root/user.cfg +++ b/configs/fortigate/vdom_root/user.cfg @@ -9,7 +9,7 @@ end config user local edit "guest" set type password - set passwd ENC xPBvzRl0fSM2uN3J7UIN5ZgsnzDN6HlyERGlWMjnJwiOPjoavEAA7GBbieLcGi6kdM3yKTs+HoV/KJp/wFrDo5phGDorttSDcqGGcEYeOsH68xCT+1/OTAlp8NsLaa50tbQ5ujQQjWHBuFoWYqK3xqu820+DvKAP8UOceD719WobX5wwC/mKmGbCpMeJO1JZxdStzQ== + set passwd ENC paAPilLITgzpKaHiRAW5OMSob1O0ACCH1Tum2u+9kGkTftPKMYlFPooyK7IqAisUA9tWKL68GTjQCEfM5yZCrtkitXM527MFq/hXNm6so0QOMDoG/IuqiYQdLtKaJqCVu0x9dO5AjWyUgP8H4hkpzpq7dPrwYg2uU++xJtlYqDnZPHhDfXRujxAeSShJ/UWF1jr46Q== next end config user setting diff --git a/configs/fortigate/vdom_scsd/firewall.cfg b/configs/fortigate/vdom_scsd/firewall.cfg index 605f176..e7a2702 100644 --- a/configs/fortigate/vdom_scsd/firewall.cfg +++ b/configs/fortigate/vdom_scsd/firewall.cfg @@ -835,10 +835,6 @@ config firewall address set color 6 set subnet 5.4.5.4 255.255.255.255 next - edit "Safeschools_02" - set comment "IP address for Safe Schools video training. Used to access LDAP authentication." - set subnet 18.219.244.165 255.255.255.255 - next edit "z_BlockIP_081" set comment "Malicious IP Address" set associated-interface "outside" @@ -2623,6 +2619,10 @@ config firewall address set color 18 set subnet 10.1.40.102 255.255.255.255 next + edit "Safeschools_02" + set comment "IP address for Safe Schools video training. Used to access LDAP authentication." + set subnet 18.219.244.165 255.255.255.255 + next edit "Server_40" set associated-interface "inside" set subnet 10.1.40.0 255.255.255.0 diff --git a/configs/fortigate/vdom_scsd/user.cfg b/configs/fortigate/vdom_scsd/user.cfg index 59bb40b..ad0df29 100644 --- a/configs/fortigate/vdom_scsd/user.cfg +++ b/configs/fortigate/vdom_scsd/user.cfg @@ -5510,7 +5510,7 @@ config user local edit "jorge-mike" set type password set passwd-time 2025-10-03 12:14:17 - set passwd ENC 8bdnDDRnGdGuzhmLaKSUH1It4F61Lx1CxPNwKXFZQ5tIbxf9gEz6G3O1aAmvxjckfE2Ioao2VpBMVLyX8AS/IDfJuu5jjuyJU75t0yqi/4BkAWZlvyvdcuPbL1i7uIwuULYUEJpUwO9Ni7qEjxpe17n3nHr6dOl/onsGbRIMtrVj9eJNQCvZvN60nopG2Rn4trDOuw== + set passwd ENC jUGil6ZHP5GBE5kOU4Z1loX03zqGaIr2oh0MNn9ORyq8ySijxaDJcSes3Fn4FL5gj1ZozPCQcgbf40xtLs+HVy2VsYw87OZugJIUV+Rv+Xl3gJ7mXPZXMcGLvf954IBeXk83ATwSkOKDL4R3yyV29Yn0EkUVi2a8rnZhzOPJ4bTDolzwRtGMasbJStFRkONtjGpzNQ== next end config user setting diff --git a/configs/fortigate/vdom_scsd/vpn.cfg b/configs/fortigate/vdom_scsd/vpn.cfg index c0fd6f0..dbb49e7 100644 --- a/configs/fortigate/vdom_scsd/vpn.cfg +++ b/configs/fortigate/vdom_scsd/vpn.cfg @@ -849,7 +849,7 @@ config vpn ipsec phase1-interface set dhgrp 14 set nattraversal disable set remote-gw 170.161.52.25 - set psksecret ENC VfwFjiI7LU47vf8pI5fkMwsyn+R6NwkJSA9lbM4TNUEDy/k5l93jMcy20CskKHZmZJvOc9WByZNHdRwGPi5k3PzDbIG049uoEDUUXv7RVS0jsDOrHBAOKl97X8GKhShDtJ7+ky0o1bISFhx+z0kpeB0V2vU4QFlY7rquVfNcMhs72OtwGrP7x6rBuWoTleuNu1rN1g== + set psksecret ENC Thv4qDQZDuOMksNSbmGyGfXbFwFUn65/uWe5Ua/ZglDWaevldXAE+g4GxE3K6j1Wkw5jfhn4gAUaaog9+RlBAAvPsPXxr30rq3X/0VGFRpFbc5O8LKNTuqJlYaGs1IGuE16dCTZ7nClVjXfflKhwx/4ReCCSZML0l6qwsmyr7dzKGNUomdiAMXpp3JvSMp5OT5ol2g== next edit "vpn-042e9903" set interface "outside lag" @@ -861,7 +861,7 @@ config vpn ipsec phase1-interface set proposal aes256-sha256 set dhgrp 19 set remote-gw 52.61.115.188 - set psksecret ENC pgnEiLI+KRc+PpaJbpMRzj5LYY2VqBK7fkJc0rK8DZthFdzrTiOemGkd/AAZfYDfQzjXE2ImkUPGDg7kE/bpX7zb1Q+YN2F/weXGZLFLFiC2YeJHAtw4S3S3Sxyu0oF0IX4qMRQxN3KMQoNDHw4SCZ28uySpMuSGdEB3VU3aMrixvI/aj7ZM5FI6RNyVptPig/gdUw== + set psksecret ENC P/xchn5pt3WZAagt3WbQRYvJ9qNFW65fzPL9S+MqrZxSjR6G+AhvoHnLF+1dRpj5+hZ/i6tTQp1nI3kL4XiACZGCwoq3BicKsMmQv5T718kpxRNNZ7q9cHyzQNFCxQrpZLl6p/dmMKK1J4L8DYJrpUNQR92iepTqKT1dUvaFAcZWWGVv5oBonpKFUpF5zNjWGSO0Sw== set dpd-retryinterval 30 next edit "SCHC" @@ -871,7 +871,7 @@ config vpn ipsec phase1-interface set net-device disable set proposal aes256-sha256 set remote-gw 209.217.202.173 - set psksecret ENC 3F3hUIePVaRfY+I8wb/5TSpoxIg1qHmE83OjoC12VxjhTgVMpbe+q+OFQVKPz43vDsp26IG1wHhwnwvcUWUcFMVsyhaC6vWBagpJ7bl5T5yQmahbN2O9xEE3PFLdEYBnw7cVHfYgqKI+OnK1AIHSXgczu4TF7OS0mW8O68ss8I1MJOp6tUK5I133uvZuqy0SXjvZvg== + set psksecret ENC h8V2yVeqHHEe14GTuyduqIj7T/DsuFMTA/cDA2PSzwlDnKOuOQg7zXc7c81sD4uB13evTAXx+GHMSGmiCbl+peXU5ltYL/MolMzOmpDMuqw+EoD3gZR9+KTrEK6PzPH5zSY091xUhDBMOIcWYmikfzMDeeY4jTEESHfOOYYGmkvhX9k5XVMPX4gZy3Dd8pZ6TQADBg== next edit "vpn-0fc50345" set interface "outside lag" @@ -883,7 +883,7 @@ config vpn ipsec phase1-interface set comments "SchoolTool Tunnel" set dhgrp 2 set remote-gw 34.194.174.170 - set psksecret ENC hc9/IG0PLZc8nqoYi1AAzwJIUQjxZIH3/Rg3UC/t8SaPTSWlkg7+MqkQLSrfEC3jm1DxUyDRUr0tcq6QOdi4Hyf6PotXxoFyOC8CFqyTOExapKsx9TXEuHMnFDT5n1kOxyGymGnmMFy7k77gcSAnZr0TG+O0EGMG/AB70wqWhdiYonlDuXbTQKsQjB3srbUpO4R7ng== + set psksecret ENC br2H+NgJWMWmSAu7lnp16BvAIhUbu3cxWcO3j6OQgLFqEFbH/k6eF5+2UFxCtL38ER62N7PSZBGVUvt4HsTR2gKro7jEfKSQ7htPD9l/xzrsA1toI16uxYaUJoUp/MdHUhjxgbrlXh4eLO/sLIe3kbvlKs1xYQdQ0HQ3xyVMJ2dafhZG1rJ2scvxpACtOPYjZGJMRw== next edit "vpn-0403e61" set interface "outside lag" @@ -896,7 +896,7 @@ config vpn ipsec phase1-interface set comments "eScholar Tunnel" set dhgrp 19 set remote-gw 44.216.12.227 - set psksecret ENC EATGPi9D0scvkZvkpkFaOzrdUUZXZ4uOYcdZx2rM61DfX2MhXPfEhRGsOpgn4Gj5PlYXtIME7DvK0YuoHZHzR2sLfnSPHe15YMWsqA6L0kaUdMIAM3OTP7vT0F9QDdYF6IagN0NMPhAWvCAfRCb0ZHOnt3hO/jEc0DEeNPWakjY4P5yrzzzEBzjVYEVQ11g2nVwQPQ== + set psksecret ENC 66aP1+o+Z4MuSP0zKROQ5RnP1mPuBkX+Hd6BzGsjELW7sfTKb+s8ZSxz9qf+z3dKtvfzYHYn1yTNyRozj0BeZOibv25CUudFUBpuRAMWN/eEb2zrXqnB3adwEfjEhBfW4lcvViDp0+PY/hTWPvhHze3IL29+KY3CdGZJh/QSqtAyMD8o9Cn2TJnWqS69sSJqiFptCw== set dpd-retryinterval 30 next edit "Highstreet" @@ -910,7 +910,7 @@ config vpn ipsec phase1-interface set dhgrp 2 set nattraversal disable set remote-gw 3.20.191.182 - set psksecret ENC JPr8gHWNJOHu51rYeimLjd4gIenOITSQkJuwQmpov1tp2X+/mi1yOMu/ArMbVGVHCpkkGaJd5TlV8+iQernJ0zbmIFVphMzp31ipxtYKwCcU16QbNutuRQHTCkacgfJITMzelqbTn1yX8gQmOfc+Nm5Ff21IusnWMuCX2e1JnSlsWXk93jGFKPZJ49jNodtEkyu0hA== + set psksecret ENC tP4eeigWlrSo0C2/pVI6rI5rGKCIYDDEFD8ZJCnhfEu0Qq6/JL95YogjkQ1Awq/kVBZBKGVFKi/oiqE6a3+RsLL1x6caltjj11eTOprw357H7dCxbe+Xisk6mbuVTTecNWtM5Dgd/D28Knc5NDm37OIErTMcyv9uMx3PrjIe7I9EON0fbNIPZvYb6lmU7Zr/A03gaw== next edit "Highstreet_2" set interface "outside lag" @@ -922,7 +922,7 @@ config vpn ipsec phase1-interface set dhgrp 2 set nattraversal disable set remote-gw 3.146.135.243 - set psksecret ENC F42JFLCV4o51MG3dJgMhxed+wKbyPNe3o/gzPVt+S1v2nPkRxaRrDHd35UTK1e2aVDhnYx3jOStK78bFmN+EyABmiaM+7D75bTUZNH9RNPXbV3QfAupRCCkJYqVzw8IcD1XEaRepKx4kJJ0sYas+vLv0zC0XVpl6mdynwdhVQ44it345OAc8hEF79t+M1ReMlLe+IA== + set psksecret ENC msrPc3qo5xWDlD+qQGtjUbph6vCwWjbo2yYTv1hkjUuI2QrtRN7fQZ45bB7KPl6qaaHC/b6iMVaehdKCvpntvj6WWouquJ/K6hKkaqR/IdCCGTuTokyzxl0d2O/2Yv1TSISqQej0uG5fK0oJDkBMtqevZqXIqo1bs+HI4E5+H2NAu+SpYiKmq1j20yc4m9rTC02JQg== next edit "DPS" set interface "outside lag" @@ -932,7 +932,7 @@ config vpn ipsec phase1-interface set proposal aes256-sha256 set comments "VPN: DPS" set remote-gw 24.39.213.214 - set psksecret ENC /mqtKX5AoPJ4lKLOsjT8SiIxw9IfSbyAqR+BYCF3BcuxyfkSPZuWZaoDN4qSAQNSuJWVNlk5cMWNVTqS39vYpMxrPYEUgFSdBCqG74v8pulNq3wdcvr0NacmGlbjjXTK9txdlxiJCqsF1DII5lVQxG4/gIvxd7gq2gCzs5hqm54K7uu6GfJqavCu7OXOk0Er2v6ODw== + set psksecret ENC AO3lyWWG9K0c4Y2VOizFQErraPOp1KHXVSKn5Mj2MNst8v7n5XfUYiGl5FxHPXr4fm4L3GoPzBJsYfAJZtGsbOIbKam7046l3EJ9YAGk46VJwhk1/HxIPSoJpAkOuR+JI+Ag1QZ0CbXIFg47RlI5cBp9L220tB8f1eUE70SQEF3ZbVhIETfNNoUeIFZt72FO/72nTA== next edit "RAP" set interface "outside lag" @@ -942,7 +942,7 @@ config vpn ipsec phase1-interface set proposal aes256-sha256 set nattraversal disable set remote-gw 24.105.188.54 - set psksecret ENC Z7BghtxJ2bqbW81y491GQQbgm1fjmiQANIsczpkGL3stZKLQ/8cwEZjrwuOz3EQWG01Wr+5BgqsAMAXN1iSNAf3o0mHay3lhCPF5VU+FZa11576VRaTNR2QozweDDXgS7stmj3pIic3SArdqsIhSeQinRu+85AEzfvlkn4KgBm14I9tdZiueScCjz+2grJ1iAbDYNg== + set psksecret ENC mMswMzGWsJmz2wDPVHbTFnnLqRLXhmCHnas3HoAH/yxhBT9O516Z4LVzPHPQVTl3bxmV228aC9pjukggbm6vwU7l7pV7NOHBCdSgRVwPl7SRToHeIz0CFT+rSH+FYvrKhBFrqJ1BGFns5T5MdmVOntT3H1NQ0C7KALeCozNGMga7gFyYVqOn6SifMA6FyzO6bHxqdA== next end config vpn ipsec phase2-interface