fortigate Wed Jan 21 07:42:58 PM EST 2026

2026-01-21 19:42:58 -05:00 · 2026-01-21 19:42:58 -05:00 · 651684ad05
commit 651684ad05
parent b22faf1d23
2 changed files with 70 additions and 0 deletions
--- a/configs/fortigate/vdom_scsd/firewall.cfg
+++ b/configs/fortigate/vdom_scsd/firewall.cfg
@ -2818,6 +2818,12 @@ config firewall address
        set associated-interface "outside"
        set subnet 147.154.0.0 255.255.192.0
    next
+    edit "CNYWorks_10.68.0.0/16"
+        set subnet 10.68.0.0 255.255.0.0
+    next
+    edit "CNYWorks_MGMT"
+        set subnet 192.168.68.0 255.255.255.0
+    next
 end
 config firewall multicast-address
    edit "all_hosts"
@ -5885,6 +5891,24 @@ config firewall policy
        set application-list "App_Ctrl_1"
        set logtraffic all
    next
+    edit 124
+        set status disable
+        set name "CNYWorks>SCSD"
+        set srcintf "CNYWorks"
+        set dstintf "inside"
+        set action accept
+        set srcaddr "CNYWorks_10.68.0.0/16" "CNYWorks_MGMT"
+        set dstaddr "all"
+        set schedule "always"
+        set service "ALL"
+        set utm-status enable
+        set ssl-ssh-profile "certificate-inspection"
+        set av-profile "g-default"
+        set ips-sensor "Incoming_IPS"
+        set application-list "App_Ctrl_1"
+        set logtraffic all
+        set comments " (Copy of RAP>Inside>DCs) (Copy of )"
+    next
    edit 10150
        set name "Tableau"
        set srcintf "outside"
@ -6007,6 +6031,24 @@ config firewall policy
        set logtraffic all
        set comments " (Copy of RAP>Inside>DCs) (Reverse of RAP>Inside>DCs)"
    next
+    edit 123
+        set status disable
+        set name "Servers>CNYWorks"
+        set srcintf "inside"
+        set dstintf "CNYWorks"
+        set action accept
+        set srcaddr "all"
+        set dstaddr "CNYWorks_10.68.0.0/16" "CNYWorks_MGMT"
+        set schedule "always"
+        set service "ALL"
+        set utm-status enable
+        set ssl-ssh-profile "certificate-inspection"
+        set av-profile "g-default"
+        set ips-sensor "Incoming_IPS"
+        set application-list "App_Ctrl_1"
+        set logtraffic all
+        set comments "Allow traffic from internal network to remote network at CNYWorks"
+    next
    edit 95
        set name "SCSD -> DPS"
        set srcintf "inside"
@ -6040,6 +6082,26 @@ config firewall policy
        set ippool enable
        set poolname "ippool-198.36.23.253"
    next
+    edit 125
+        set status disable
+        set name "CNYWorks Internet Access"
+        set srcintf "CNYWorks" "inside"
+        set dstintf "outside"
+        set action accept
+        set srcaddr "IPv4-Private-All-RFC1918" "VPN-Range"
+        set dstaddr "all"
+        set schedule "always"
+        set service "ALL"
+        set utm-status enable
+        set ssl-ssh-profile "certificate-inspection"
+        set av-profile "g-default"
+        set ips-sensor "Outgoing_IPS"
+        set application-list "App_Ctrl_1"
+        set logtraffic all
+        set nat enable
+        set ippool enable
+        set poolname "ippool-198.36.23.251" "ippool-198.36.23.252" "ippool-198.36.23.253" "ippool-198.36.23.254"
+    next
 end
 config firewall DoS-policy
    edit 1
--- a/configs/fortigate/vdom_scsd/router.cfg
+++ b/configs/fortigate/vdom_scsd/router.cfg
@ -241,6 +241,14 @@ config router static
        set dst 192.168.167.0 255.255.255.0
        set device "RAP"
    next
+    edit 39
+        set dst 10.68.0.0 255.255.0.0
+        set device "CNYWorks"
+    next
+    edit 40
+        set dst 192.168.68.0 255.255.255.0
+        set device "CNYWorks"
+    next
 end
 config router ospf
    config redistribute "connected"