diff --git a/configs/fortigate/vdom_scsd/firewall.cfg b/configs/fortigate/vdom_scsd/firewall.cfg
index cd49899..8699b35 100644
--- a/configs/fortigate/vdom_scsd/firewall.cfg
+++ b/configs/fortigate/vdom_scsd/firewall.cfg
@@ -2818,6 +2818,12 @@ config firewall address
         set associated-interface "outside"
         set subnet 147.154.0.0 255.255.192.0
     next
+    edit "CNYWorks_10.68.0.0/16"
+        set subnet 10.68.0.0 255.255.0.0
+    next
+    edit "CNYWorks_MGMT"
+        set subnet 192.168.68.0 255.255.255.0
+    next
 end
 config firewall multicast-address
     edit "all_hosts"
@@ -5885,6 +5891,24 @@ config firewall policy
         set application-list "App_Ctrl_1"
         set logtraffic all
     next
+    edit 124
+        set status disable
+        set name "CNYWorks>SCSD"
+        set srcintf "CNYWorks"
+        set dstintf "inside"
+        set action accept
+        set srcaddr "CNYWorks_10.68.0.0/16" "CNYWorks_MGMT"
+        set dstaddr "all"
+        set schedule "always"
+        set service "ALL"
+        set utm-status enable
+        set ssl-ssh-profile "certificate-inspection"
+        set av-profile "g-default"
+        set ips-sensor "Incoming_IPS"
+        set application-list "App_Ctrl_1"
+        set logtraffic all
+        set comments " (Copy of RAP>Inside>DCs) (Copy of )"
+    next
     edit 10150
         set name "Tableau"
         set srcintf "outside"
@@ -6007,6 +6031,24 @@ config firewall policy
         set logtraffic all
         set comments " (Copy of RAP>Inside>DCs) (Reverse of RAP>Inside>DCs)"
     next
+    edit 123
+        set status disable
+        set name "Servers>CNYWorks"
+        set srcintf "inside"
+        set dstintf "CNYWorks"
+        set action accept
+        set srcaddr "all"
+        set dstaddr "CNYWorks_10.68.0.0/16" "CNYWorks_MGMT"
+        set schedule "always"
+        set service "ALL"
+        set utm-status enable
+        set ssl-ssh-profile "certificate-inspection"
+        set av-profile "g-default"
+        set ips-sensor "Incoming_IPS"
+        set application-list "App_Ctrl_1"
+        set logtraffic all
+        set comments "Allow traffic from internal network to remote network at CNYWorks"
+    next
     edit 95
         set name "SCSD -> DPS"
         set srcintf "inside"
@@ -6040,6 +6082,26 @@ config firewall policy
         set ippool enable
         set poolname "ippool-198.36.23.253"
     next
+    edit 125
+        set status disable
+        set name "CNYWorks Internet Access"
+        set srcintf "CNYWorks" "inside"
+        set dstintf "outside"
+        set action accept
+        set srcaddr "IPv4-Private-All-RFC1918" "VPN-Range"
+        set dstaddr "all"
+        set schedule "always"
+        set service "ALL"
+        set utm-status enable
+        set ssl-ssh-profile "certificate-inspection"
+        set av-profile "g-default"
+        set ips-sensor "Outgoing_IPS"
+        set application-list "App_Ctrl_1"
+        set logtraffic all
+        set nat enable
+        set ippool enable
+        set poolname "ippool-198.36.23.251" "ippool-198.36.23.252" "ippool-198.36.23.253" "ippool-198.36.23.254"
+    next
 end
 config firewall DoS-policy
     edit 1
diff --git a/configs/fortigate/vdom_scsd/router.cfg b/configs/fortigate/vdom_scsd/router.cfg
index dbf9983..cfde57e 100644
--- a/configs/fortigate/vdom_scsd/router.cfg
+++ b/configs/fortigate/vdom_scsd/router.cfg
@@ -241,6 +241,14 @@ config router static
         set dst 192.168.167.0 255.255.255.0
         set device "RAP"
     next
+    edit 39
+        set dst 10.68.0.0 255.255.0.0
+        set device "CNYWorks"
+    next
+    edit 40
+        set dst 192.168.68.0 255.255.255.0
+        set device "CNYWorks"
+    next
 end
 config router ospf
     config redistribute "connected"