scsd/scsd-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fortigate Wed Jan 21 07:42:58 PM EST 2026

Browse Source
This commit is contained in:
John Poland 2026-01-21 19:42:58 -05:00
parent b22faf1d23
commit 651684ad05
2 changed files with 70 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
configs/fortigate/vdom_scsd/firewall.cfg
View File

@ -2818,6 +2818,12 @@ config firewall address
set associated-interface "outside" set associated-interface "outside"
set subnet 147.154.0.0 255.255.192.0 set subnet 147.154.0.0 255.255.192.0
next next
edit "CNYWorks_10.68.0.0/16"
set subnet 10.68.0.0 255.255.0.0
next
edit "CNYWorks_MGMT"
set subnet 192.168.68.0 255.255.255.0
next
end end
config firewall multicast-address config firewall multicast-address
edit "all_hosts" edit "all_hosts"
@ -5885,6 +5891,24 @@ config firewall policy
set application-list "App_Ctrl_1" set application-list "App_Ctrl_1"
set logtraffic all set logtraffic all
next next
edit 124
set status disable
set name "CNYWorks>SCSD"
set srcintf "CNYWorks"
set dstintf "inside"
set action accept
set srcaddr "CNYWorks_10.68.0.0/16" "CNYWorks_MGMT"
set dstaddr "all"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set av-profile "g-default"
set ips-sensor "Incoming_IPS"
set application-list "App_Ctrl_1"
set logtraffic all
set comments " (Copy of RAP>Inside>DCs) (Copy of )"
next
edit 10150 edit 10150
set name "Tableau" set name "Tableau"
set srcintf "outside" set srcintf "outside"
@ -6007,6 +6031,24 @@ config firewall policy
set logtraffic all set logtraffic all
set comments " (Copy of RAP>Inside>DCs) (Reverse of RAP>Inside>DCs)" set comments " (Copy of RAP>Inside>DCs) (Reverse of RAP>Inside>DCs)"
next next
edit 123
set status disable
set name "Servers>CNYWorks"
set srcintf "inside"
set dstintf "CNYWorks"
set action accept
set srcaddr "all"
set dstaddr "CNYWorks_10.68.0.0/16" "CNYWorks_MGMT"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set av-profile "g-default"
set ips-sensor "Incoming_IPS"
set application-list "App_Ctrl_1"
set logtraffic all
set comments "Allow traffic from internal network to remote network at CNYWorks"
next
edit 95 edit 95
set name "SCSD -> DPS" set name "SCSD -> DPS"
set srcintf "inside" set srcintf "inside"
@ -6040,6 +6082,26 @@ config firewall policy
set ippool enable set ippool enable
set poolname "ippool-198.36.23.253" set poolname "ippool-198.36.23.253"
next next
edit 125
set status disable
set name "CNYWorks Internet Access"
set srcintf "CNYWorks" "inside"
set dstintf "outside"
set action accept
set srcaddr "IPv4-Private-All-RFC1918" "VPN-Range"
set dstaddr "all"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set av-profile "g-default"
set ips-sensor "Outgoing_IPS"
set application-list "App_Ctrl_1"
set logtraffic all
set nat enable
set ippool enable
set poolname "ippool-198.36.23.251" "ippool-198.36.23.252" "ippool-198.36.23.253" "ippool-198.36.23.254"
next
end end
config firewall DoS-policy config firewall DoS-policy
edit 1 edit 1

8
configs/fortigate/vdom_scsd/router.cfg
View File

@ -241,6 +241,14 @@ config router static
set dst 192.168.167.0 255.255.255.0 set dst 192.168.167.0 255.255.255.0
set device "RAP" set device "RAP"
next next
edit 39
set dst 10.68.0.0 255.255.0.0
set device "CNYWorks"
next
edit 40
set dst 192.168.68.0 255.255.255.0
set device "CNYWorks"
next
end end
config router ospf config router ospf
config redistribute "connected" config redistribute "connected"