scsd/scsd-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fortigate Thu Oct 16 09:08:45 PM EDT 2025

Browse Source
This commit is contained in:
John Poland 2025-10-16 21:08:45 -04:00
parent 28510c78f5
commit 50f42e54eb
5 changed files with 49 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
configs/fortigate/global/system.cfg
View File

@ -4,7 +4,7 @@ config system global
set alias "FortiGate-2601F" set alias "FortiGate-2601F"
set gui-device-latitude "43.02974913459805" set gui-device-latitude "43.02974913459805"
set gui-device-longitude "-76.14486694335938" set gui-device-longitude "-76.14486694335938"
set hostname "noc-fortigate-b" set hostname "noc-fortigate-a"
set management-port-use-admin-sport disable set management-port-use-admin-sport disable
set remoteauthtimeout 120 set remoteauthtimeout 120
set revision-backup-on-logout enable set revision-backup-on-logout enable
@ -457,6 +457,23 @@ config system interface
set alias "SSL VPN interface" set alias "SSL VPN interface"
set snmp-index 42 set snmp-index 42
next next
edit "naf.scsd"
set vdom "scsd"
set type tunnel
set src-check disable
set snmp-index 57
next
edit "l2t.scsd"
set vdom "scsd"
set type tunnel
set snmp-index 58
next
edit "ssl.scsd"
set vdom "scsd"
set type tunnel
set alias "SSL VPN interface"
set snmp-index 45
next
edit "naf.Policy" edit "naf.Policy"
set vdom "Policy" set vdom "Policy"
set type tunnel set type tunnel
@ -491,23 +508,6 @@ config system interface
set alias "SSL VPN interface" set alias "SSL VPN interface"
set snmp-index 47 set snmp-index 47
next next
edit "naf.scsd"
set vdom "scsd"
set type tunnel
set src-check disable
set snmp-index 57
next
edit "l2t.scsd"
set vdom "scsd"
set type tunnel
set snmp-index 58
next
edit "ssl.scsd"
set vdom "scsd"
set type tunnel
set alias "SSL VPN interface"
set snmp-index 45
next
edit "npu0_vlink0" edit "npu0_vlink0"
set vdom "root" set vdom "root"
set type physical set type physical
@ -706,10 +706,19 @@ config system admin
set password ENC *HIDDEN* set password ENC *HIDDEN*
next next
edit "jkafta72.admin" edit "jkafta72.admin"
set trusthost1 10.1.6.0 255.255.255.0
set trusthost2 10.1.40.0 255.255.255.0
set accprofile "super_admin" set accprofile "super_admin"
set vdom "root" set vdom "root"
set password ENC *HIDDEN* set password ENC *HIDDEN*
next next
edit "estein66.admin"
set trusthost1 10.1.6.0 255.255.255.0
set trusthost2 10.1.40.0 255.255.255.0
set accprofile "super_admin"
set vdom "Policy" "root" "scsd" "TEST"
set password ENC *HIDDEN*
next
end end
config system sso-admin config system sso-admin
end end
@ -726,14 +735,14 @@ config system ha
set mode a-p set mode a-p
set hbdev "port1" 50 "port2" 50 set hbdev "port1" 50 "port2" 50
set override disable set override disable
set priority 100 set priority 200
end end
config system storage config system storage
edit "SSD1" edit "SSD1"
set status enable set status enable
set media-status enable set media-status enable
set order 1 set order 1
set partition "LOGUSEDX4300F88D" set partition "LOGUSEDX45501361"
set device "/dev/nvme0n1p1" set device "/dev/nvme0n1p1"
set size 937875 set size 937875
set usage log set usage log
@ -742,7 +751,7 @@ config system storage
set status enable set status enable
set media-status enable set media-status enable
set order 2 set order 2
set partition "WANOPTXXFFCD85F8" set partition "WANOPTXX808E4B55"
set device "/dev/nvme1n1p1" set device "/dev/nvme1n1p1"
set size 266562 set size 266562
set usage wanopt set usage wanopt
@ -1023,6 +1032,10 @@ config system vdom-property
set description "property limits for vdom root" set description "property limits for vdom root"
set snmp-index 1 set snmp-index 1
next next
edit "scsd"
set description "property limits for vdom scsd"
set snmp-index 2
next
edit "Policy" edit "Policy"
set description "property limits for vdom Policy" set description "property limits for vdom Policy"
set snmp-index 4 set snmp-index 4
@ -1031,10 +1044,6 @@ config system vdom-property
set description "property limits for vdom TEST" set description "property limits for vdom TEST"
set snmp-index 3 set snmp-index 3
next next
edit "scsd"
set description "property limits for vdom scsd"
set snmp-index 2
next
end end
config system cluster-sync config system cluster-sync
end end

2
configs/fortigate/vdom_root/user.cfg
View File

@ -9,7 +9,7 @@ end
config user local config user local
edit "guest" edit "guest"
set type password set type password
set passwd ENC xPBvzRl0fSM2uN3J7UIN5ZgsnzDN6HlyERGlWMjnJwiOPjoavEAA7GBbieLcGi6kdM3yKTs+HoV/KJp/wFrDo5phGDorttSDcqGGcEYeOsH68xCT+1/OTAlp8NsLaa50tbQ5ujQQjWHBuFoWYqK3xqu820+DvKAP8UOceD719WobX5wwC/mKmGbCpMeJO1JZxdStzQ== set passwd ENC paAPilLITgzpKaHiRAW5OMSob1O0ACCH1Tum2u+9kGkTftPKMYlFPooyK7IqAisUA9tWKL68GTjQCEfM5yZCrtkitXM527MFq/hXNm6so0QOMDoG/IuqiYQdLtKaJqCVu0x9dO5AjWyUgP8H4hkpzpq7dPrwYg2uU++xJtlYqDnZPHhDfXRujxAeSShJ/UWF1jr46Q==
next next
end end
config user setting config user setting

8
configs/fortigate/vdom_scsd/firewall.cfg
View File

@ -835,10 +835,6 @@ config firewall address
set color 6 set color 6
set subnet 5.4.5.4 255.255.255.255 set subnet 5.4.5.4 255.255.255.255
next next
edit "Safeschools_02"
set comment "IP address for Safe Schools video training. Used to access LDAP authentication."
set subnet 18.219.244.165 255.255.255.255
next
edit "z_BlockIP_081" edit "z_BlockIP_081"
set comment "Malicious IP Address" set comment "Malicious IP Address"
set associated-interface "outside" set associated-interface "outside"
@ -2623,6 +2619,10 @@ config firewall address
set color 18 set color 18
set subnet 10.1.40.102 255.255.255.255 set subnet 10.1.40.102 255.255.255.255
next next
edit "Safeschools_02"
set comment "IP address for Safe Schools video training. Used to access LDAP authentication."
set subnet 18.219.244.165 255.255.255.255
next
edit "Server_40" edit "Server_40"
set associated-interface "inside" set associated-interface "inside"
set subnet 10.1.40.0 255.255.255.0 set subnet 10.1.40.0 255.255.255.0

2
configs/fortigate/vdom_scsd/user.cfg
View File

@ -5510,7 +5510,7 @@ config user local
edit "jorge-mike" edit "jorge-mike"
set type password set type password
set passwd-time 2025-10-03 12:14:17 set passwd-time 2025-10-03 12:14:17
set passwd ENC 8bdnDDRnGdGuzhmLaKSUH1It4F61Lx1CxPNwKXFZQ5tIbxf9gEz6G3O1aAmvxjckfE2Ioao2VpBMVLyX8AS/IDfJuu5jjuyJU75t0yqi/4BkAWZlvyvdcuPbL1i7uIwuULYUEJpUwO9Ni7qEjxpe17n3nHr6dOl/onsGbRIMtrVj9eJNQCvZvN60nopG2Rn4trDOuw== set passwd ENC jUGil6ZHP5GBE5kOU4Z1loX03zqGaIr2oh0MNn9ORyq8ySijxaDJcSes3Fn4FL5gj1ZozPCQcgbf40xtLs+HVy2VsYw87OZugJIUV+Rv+Xl3gJ7mXPZXMcGLvf954IBeXk83ATwSkOKDL4R3yyV29Yn0EkUVi2a8rnZhzOPJ4bTDolzwRtGMasbJStFRkONtjGpzNQ==
next next
end end
config user setting config user setting

18
configs/fortigate/vdom_scsd/vpn.cfg
View File

@ -849,7 +849,7 @@ config vpn ipsec phase1-interface
set dhgrp 14 set dhgrp 14
set nattraversal disable set nattraversal disable
set remote-gw 170.161.52.25 set remote-gw 170.161.52.25
set psksecret ENC VfwFjiI7LU47vf8pI5fkMwsyn+R6NwkJSA9lbM4TNUEDy/k5l93jMcy20CskKHZmZJvOc9WByZNHdRwGPi5k3PzDbIG049uoEDUUXv7RVS0jsDOrHBAOKl97X8GKhShDtJ7+ky0o1bISFhx+z0kpeB0V2vU4QFlY7rquVfNcMhs72OtwGrP7x6rBuWoTleuNu1rN1g== set psksecret ENC Thv4qDQZDuOMksNSbmGyGfXbFwFUn65/uWe5Ua/ZglDWaevldXAE+g4GxE3K6j1Wkw5jfhn4gAUaaog9+RlBAAvPsPXxr30rq3X/0VGFRpFbc5O8LKNTuqJlYaGs1IGuE16dCTZ7nClVjXfflKhwx/4ReCCSZML0l6qwsmyr7dzKGNUomdiAMXpp3JvSMp5OT5ol2g==
next next
edit "vpn-042e9903" edit "vpn-042e9903"
set interface "outside lag" set interface "outside lag"
@ -861,7 +861,7 @@ config vpn ipsec phase1-interface
set proposal aes256-sha256 set proposal aes256-sha256
set dhgrp 19 set dhgrp 19
set remote-gw 52.61.115.188 set remote-gw 52.61.115.188
set psksecret ENC pgnEiLI+KRc+PpaJbpMRzj5LYY2VqBK7fkJc0rK8DZthFdzrTiOemGkd/AAZfYDfQzjXE2ImkUPGDg7kE/bpX7zb1Q+YN2F/weXGZLFLFiC2YeJHAtw4S3S3Sxyu0oF0IX4qMRQxN3KMQoNDHw4SCZ28uySpMuSGdEB3VU3aMrixvI/aj7ZM5FI6RNyVptPig/gdUw== set psksecret ENC P/xchn5pt3WZAagt3WbQRYvJ9qNFW65fzPL9S+MqrZxSjR6G+AhvoHnLF+1dRpj5+hZ/i6tTQp1nI3kL4XiACZGCwoq3BicKsMmQv5T718kpxRNNZ7q9cHyzQNFCxQrpZLl6p/dmMKK1J4L8DYJrpUNQR92iepTqKT1dUvaFAcZWWGVv5oBonpKFUpF5zNjWGSO0Sw==
set dpd-retryinterval 30 set dpd-retryinterval 30
next next
edit "SCHC" edit "SCHC"
@ -871,7 +871,7 @@ config vpn ipsec phase1-interface
set net-device disable set net-device disable
set proposal aes256-sha256 set proposal aes256-sha256
set remote-gw 209.217.202.173 set remote-gw 209.217.202.173
set psksecret ENC 3F3hUIePVaRfY+I8wb/5TSpoxIg1qHmE83OjoC12VxjhTgVMpbe+q+OFQVKPz43vDsp26IG1wHhwnwvcUWUcFMVsyhaC6vWBagpJ7bl5T5yQmahbN2O9xEE3PFLdEYBnw7cVHfYgqKI+OnK1AIHSXgczu4TF7OS0mW8O68ss8I1MJOp6tUK5I133uvZuqy0SXjvZvg== set psksecret ENC h8V2yVeqHHEe14GTuyduqIj7T/DsuFMTA/cDA2PSzwlDnKOuOQg7zXc7c81sD4uB13evTAXx+GHMSGmiCbl+peXU5ltYL/MolMzOmpDMuqw+EoD3gZR9+KTrEK6PzPH5zSY091xUhDBMOIcWYmikfzMDeeY4jTEESHfOOYYGmkvhX9k5XVMPX4gZy3Dd8pZ6TQADBg==
next next
edit "vpn-0fc50345" edit "vpn-0fc50345"
set interface "outside lag" set interface "outside lag"
@ -883,7 +883,7 @@ config vpn ipsec phase1-interface
set comments "SchoolTool Tunnel" set comments "SchoolTool Tunnel"
set dhgrp 2 set dhgrp 2
set remote-gw 34.194.174.170 set remote-gw 34.194.174.170
set psksecret ENC hc9/IG0PLZc8nqoYi1AAzwJIUQjxZIH3/Rg3UC/t8SaPTSWlkg7+MqkQLSrfEC3jm1DxUyDRUr0tcq6QOdi4Hyf6PotXxoFyOC8CFqyTOExapKsx9TXEuHMnFDT5n1kOxyGymGnmMFy7k77gcSAnZr0TG+O0EGMG/AB70wqWhdiYonlDuXbTQKsQjB3srbUpO4R7ng== set psksecret ENC br2H+NgJWMWmSAu7lnp16BvAIhUbu3cxWcO3j6OQgLFqEFbH/k6eF5+2UFxCtL38ER62N7PSZBGVUvt4HsTR2gKro7jEfKSQ7htPD9l/xzrsA1toI16uxYaUJoUp/MdHUhjxgbrlXh4eLO/sLIe3kbvlKs1xYQdQ0HQ3xyVMJ2dafhZG1rJ2scvxpACtOPYjZGJMRw==
next next
edit "vpn-0403e61" edit "vpn-0403e61"
set interface "outside lag" set interface "outside lag"
@ -896,7 +896,7 @@ config vpn ipsec phase1-interface
set comments "eScholar Tunnel" set comments "eScholar Tunnel"
set dhgrp 19 set dhgrp 19
set remote-gw 44.216.12.227 set remote-gw 44.216.12.227
set psksecret ENC EATGPi9D0scvkZvkpkFaOzrdUUZXZ4uOYcdZx2rM61DfX2MhXPfEhRGsOpgn4Gj5PlYXtIME7DvK0YuoHZHzR2sLfnSPHe15YMWsqA6L0kaUdMIAM3OTP7vT0F9QDdYF6IagN0NMPhAWvCAfRCb0ZHOnt3hO/jEc0DEeNPWakjY4P5yrzzzEBzjVYEVQ11g2nVwQPQ== set psksecret ENC 66aP1+o+Z4MuSP0zKROQ5RnP1mPuBkX+Hd6BzGsjELW7sfTKb+s8ZSxz9qf+z3dKtvfzYHYn1yTNyRozj0BeZOibv25CUudFUBpuRAMWN/eEb2zrXqnB3adwEfjEhBfW4lcvViDp0+PY/hTWPvhHze3IL29+KY3CdGZJh/QSqtAyMD8o9Cn2TJnWqS69sSJqiFptCw==
set dpd-retryinterval 30 set dpd-retryinterval 30
next next
edit "Highstreet" edit "Highstreet"
@ -910,7 +910,7 @@ config vpn ipsec phase1-interface
set dhgrp 2 set dhgrp 2
set nattraversal disable set nattraversal disable
set remote-gw 3.20.191.182 set remote-gw 3.20.191.182
set psksecret ENC JPr8gHWNJOHu51rYeimLjd4gIenOITSQkJuwQmpov1tp2X+/mi1yOMu/ArMbVGVHCpkkGaJd5TlV8+iQernJ0zbmIFVphMzp31ipxtYKwCcU16QbNutuRQHTCkacgfJITMzelqbTn1yX8gQmOfc+Nm5Ff21IusnWMuCX2e1JnSlsWXk93jGFKPZJ49jNodtEkyu0hA== set psksecret ENC tP4eeigWlrSo0C2/pVI6rI5rGKCIYDDEFD8ZJCnhfEu0Qq6/JL95YogjkQ1Awq/kVBZBKGVFKi/oiqE6a3+RsLL1x6caltjj11eTOprw357H7dCxbe+Xisk6mbuVTTecNWtM5Dgd/D28Knc5NDm37OIErTMcyv9uMx3PrjIe7I9EON0fbNIPZvYb6lmU7Zr/A03gaw==
next next
edit "Highstreet_2" edit "Highstreet_2"
set interface "outside lag" set interface "outside lag"
@ -922,7 +922,7 @@ config vpn ipsec phase1-interface
set dhgrp 2 set dhgrp 2
set nattraversal disable set nattraversal disable
set remote-gw 3.146.135.243 set remote-gw 3.146.135.243
set psksecret ENC F42JFLCV4o51MG3dJgMhxed+wKbyPNe3o/gzPVt+S1v2nPkRxaRrDHd35UTK1e2aVDhnYx3jOStK78bFmN+EyABmiaM+7D75bTUZNH9RNPXbV3QfAupRCCkJYqVzw8IcD1XEaRepKx4kJJ0sYas+vLv0zC0XVpl6mdynwdhVQ44it345OAc8hEF79t+M1ReMlLe+IA== set psksecret ENC msrPc3qo5xWDlD+qQGtjUbph6vCwWjbo2yYTv1hkjUuI2QrtRN7fQZ45bB7KPl6qaaHC/b6iMVaehdKCvpntvj6WWouquJ/K6hKkaqR/IdCCGTuTokyzxl0d2O/2Yv1TSISqQej0uG5fK0oJDkBMtqevZqXIqo1bs+HI4E5+H2NAu+SpYiKmq1j20yc4m9rTC02JQg==
next next
edit "DPS" edit "DPS"
set interface "outside lag" set interface "outside lag"
@ -932,7 +932,7 @@ config vpn ipsec phase1-interface
set proposal aes256-sha256 set proposal aes256-sha256
set comments "VPN: DPS" set comments "VPN: DPS"
set remote-gw 24.39.213.214 set remote-gw 24.39.213.214
set psksecret ENC /mqtKX5AoPJ4lKLOsjT8SiIxw9IfSbyAqR+BYCF3BcuxyfkSPZuWZaoDN4qSAQNSuJWVNlk5cMWNVTqS39vYpMxrPYEUgFSdBCqG74v8pulNq3wdcvr0NacmGlbjjXTK9txdlxiJCqsF1DII5lVQxG4/gIvxd7gq2gCzs5hqm54K7uu6GfJqavCu7OXOk0Er2v6ODw== set psksecret ENC AO3lyWWG9K0c4Y2VOizFQErraPOp1KHXVSKn5Mj2MNst8v7n5XfUYiGl5FxHPXr4fm4L3GoPzBJsYfAJZtGsbOIbKam7046l3EJ9YAGk46VJwhk1/HxIPSoJpAkOuR+JI+Ag1QZ0CbXIFg47RlI5cBp9L220tB8f1eUE70SQEF3ZbVhIETfNNoUeIFZt72FO/72nTA==
next next
edit "RAP" edit "RAP"
set interface "outside lag" set interface "outside lag"
@ -942,7 +942,7 @@ config vpn ipsec phase1-interface
set proposal aes256-sha256 set proposal aes256-sha256
set nattraversal disable set nattraversal disable
set remote-gw 24.105.188.54 set remote-gw 24.105.188.54
set psksecret ENC Z7BghtxJ2bqbW81y491GQQbgm1fjmiQANIsczpkGL3stZKLQ/8cwEZjrwuOz3EQWG01Wr+5BgqsAMAXN1iSNAf3o0mHay3lhCPF5VU+FZa11576VRaTNR2QozweDDXgS7stmj3pIic3SArdqsIhSeQinRu+85AEzfvlkn4KgBm14I9tdZiueScCjz+2grJ1iAbDYNg== set psksecret ENC mMswMzGWsJmz2wDPVHbTFnnLqRLXhmCHnas3HoAH/yxhBT9O516Z4LVzPHPQVTl3bxmV228aC9pjukggbm6vwU7l7pV7NOHBCdSgRVwPl7SRToHeIz0CFT+rSH+FYvrKhBFrqJ1BGFns5T5MdmVOntT3H1NQ0C7KALeCozNGMga7gFyYVqOn6SifMA6FyzO6bHxqdA==
next next
end end
config vpn ipsec phase2-interface config vpn ipsec phase2-interface