diff --git a/configs/fortigate/vdom_scsd/firewall.cfg b/configs/fortigate/vdom_scsd/firewall.cfg new file mode 100644 index 0000000..605f176 --- /dev/null +++ b/configs/fortigate/vdom_scsd/firewall.cfg @@ -0,0 +1,6568 @@ +config firewall address + edit "SSLVPN_TUNNEL_ADDR1" + set type iprange + set start-ip 10.212.134.200 + set end-ip 10.212.134.210 + next + edit "all" + next + edit "FIREWALL_AUTH_PORTAL_ADDRESS" + next + edit "FABRIC_DEVICE" + set comment "IPv4 addresses of Fabric Devices." + next + edit "SRIC_BOCES_Firewall" + set comment "SRIC BOCES - Firewall" + set subnet 170.161.52.25 255.255.255.255 + next + edit "SRIC_BOCES_Server02" + set comment "SRIC BOCES - Server" + set subnet 170.161.52.27 255.255.255.255 + next + edit "Barracuda_Internal" + set comment "Barracuda Email Internal" + set subnet 10.1.40.7 255.255.255.255 + next + edit "CK-Australia-203" + set comment "ContentKeeper Australian Support" + set color 19 + set subnet 203.22.30.0 255.255.255.0 + next + edit "CK-North-America-173" + set comment "Content Keeper North American Support" + set color 19 + set subnet 173.60.169.48 255.255.255.240 + next + edit "CK-North-America-202" + set comment "ContentKeeper North American Support" + set color 19 + set subnet 202.166.186.0 255.255.255.0 + next + edit "CK-North-America-8" + set comment "ContentKeeper North American Support" + set color 19 + set subnet 8.19.154.0 255.255.255.0 + next + edit "Nimble_Inside_1" + set subnet 192.168.1.98 255.255.255.255 + next + edit "Nimble_Inside_2" + set subnet 192.168.1.1 255.255.255.255 + next + edit "Nimble_Inside_4" + set subnet 172.16.176.98 255.255.255.255 + next + edit "Nimble_Support" + set subnet 198.54.168.5 255.255.255.255 + next + edit "ReverseProxy" + set comment "Reverseproxy.scsd.ad for ess.scsd.us" + set subnet 10.1.18.126 255.255.255.255 + next + edit "SafeSchools_01" + set comment "IP address for Safe Schools video training. Used to access LDAP authentication." + set subnet 52.27.21.77 255.255.255.255 + next + edit "ckf01-ipmi-inside" + set comment "ContentKeeper Filter 01 IPMI Port" + set color 19 + set subnet 10.251.1.31 255.255.255.255 + next + edit "ckf01-mgmt-inside" + set comment "Content Keeper Filter 01 Management Port" + set color 19 + set subnet 10.251.1.21 255.255.255.255 + next + edit "ckf02-ipmi-inside" + set comment "ContentKeeper Filter 02 IPMI Port" + set color 19 + set subnet 10.251.1.32 255.255.255.255 + next + edit "ckf02-mgmt-inside" + set comment "ContentKeeper Filter 02 Management Port" + set color 19 + set subnet 10.251.1.22 255.255.255.255 + next + edit "cklb01-ipmi-inside" + set comment "ContentKeeper Load Balancer 01 IPMI Port" + set color 19 + set subnet 10.251.1.30 255.255.255.255 + next + edit "cklb01-mgmt-inside" + set comment "ContentKeeper Load Balancer 01 Management Port" + set color 19 + set subnet 10.251.1.20 255.255.255.255 + next + edit "ckm01-ipmi-inside" + set comment "ContentKeeper Mobile 01 IPMI Port" + set color 19 + set subnet 10.251.1.34 255.255.255.255 + next + edit "ckm01-mgmt1-inside" + set comment "ContentKeeper Mobile 01 Management Port 1" + set color 19 + set subnet 10.251.1.24 255.255.255.255 + next + edit "ckm01-mgmt2-inside" + set comment "ContentKeeper Mobile 01 Management Port 2" + set color 19 + set subnet 10.251.1.28 255.255.255.255 + next + edit "ckm02-ipmi-inside" + set comment "ContentKeeper Mobile 02 IPMI Port" + set color 19 + set subnet 10.251.1.35 255.255.255.255 + next + edit "ckm02-mgmt1-inside" + set comment "ContentKeeper Mobile 02 Management Port 1" + set color 19 + set subnet 10.251.1.25 255.255.255.255 + next + edit "ckm02-mgmt2-inside" + set comment "ContentKeeper Mobile 02 Management Port 2" + set color 19 + set subnet 10.251.1.29 255.255.255.255 + next + edit "ckm03-ipmi-inside" + set comment "ContentKeeper Mobile 03 IPMI Port" + set color 19 + set subnet 10.251.1.36 255.255.255.255 + next + edit "ckm03-mgmt1-inside" + set comment "ContentKeeper Mobile 03 Management Port 1" + set color 19 + set subnet 10.251.1.26 255.255.255.255 + next + edit "ckm03-mgmt2-inside" + set comment "ContentKeeper Mobile 03 Management Port 2" + set color 19 + set subnet 10.251.1.27 255.255.255.255 + next + edit "ckr01-ipmi-inside" + set comment "ContentKeeper Reporter 01 IPMI Port" + set color 19 + set subnet 10.251.1.33 255.255.255.255 + next + edit "ckr01-mgmt-inside" + set comment "ContentKeeper Reporter 01 Management Port" + set color 19 + set subnet 10.251.1.23 255.255.255.255 + next + edit "SPD_20_DrKing" + set comment "SPD Firewall STEAM at Dr King" + set color 2 + set subnet 10.20.70.10 255.255.255.255 + next + edit "SPD_21_Danforth" + set comment "SPD Firewall Brighton Academy" + set color 2 + set subnet 10.21.70.10 255.255.255.255 + next + edit "SPD_25_Frazer" + set comment "SPD Firewall Frazer" + set color 2 + set subnet 10.25.70.10 255.255.255.255 + next + edit "SPD_44_Seymour" + set comment "SPD Firewall Seymour" + set color 2 + set subnet 10.44.70.10 255.255.255.255 + next + edit "SPD_48_Beard" + set comment "SPD Firewall McCarthy at Beard" + set color 2 + set subnet 10.48.70.10 255.255.255.255 + next + edit "SPD_53_Blodgett" + set comment "SPD Firewall Syracuse STEM at Blodgett" + set color 2 + set subnet 10.53.70.10 255.255.255.255 + next + edit "SPD_56_SSC" + set comment "SPD Firewall School Service Center" + set color 2 + set subnet 10.56.70.10 255.255.255.255 + next + edit "SPD_09_Grant" + set comment "SPD Firewall Grant" + set color 2 + set subnet 10.9.70.10 255.255.255.255 + next + edit "z_BlockIP_001" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 103.117.232.198 255.255.255.255 + next + edit "z_BlockIP_002" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 103.122.33.58 255.255.255.255 + next + edit "z_BlockIP_003" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 103.207.169.78 255.255.255.255 + next + edit "z_BlockIP_004" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 104.139.74.25 255.255.255.255 + next + edit "z_BlockIP_005" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 107.173.6.251 255.255.255.255 + next + edit "z_BlockIP_006" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 107.175.69.34 255.255.255.255 + next + edit "z_BlockIP_007" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 119.92.23.203 255.255.255.255 + next + edit "z_BlockIP_103" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 13.111.22.133 255.255.255.255 + next + edit "z_BlockIP_008" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 131.0.142.120 255.255.255.255 + next + edit "z_BlockIP_009" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 131.196.184.141 255.255.255.255 + next + edit "z_BlockIP_010" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 138.121.24.78 255.255.255.255 + next + edit "z_BlockIP_011" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 138.59.233.5 255.255.255.255 + next + edit "z_BlockIP_012" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 146.185.219.45 255.255.255.255 + next + edit "z_BlockIP_013" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 146.196.122.152 255.255.255.255 + next + edit "z_BlockIP_014" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 146.196.122.167 255.255.255.255 + next + edit "z_BlockIP_015" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 149.154.70.202 255.255.255.255 + next + edit "z_BlockIP_104" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 151.80.88.253 255.255.255.255 + next + edit "z_BlockIP_105" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 152.89.245.207 255.255.255.255 + next + edit "z_BlockIP_106" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 152.89.245.212 255.255.255.255 + next + edit "z_BlockIP_016" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 158.69.85.206 255.255.255.255 + next + edit "z_BlockIP_107" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 162.255.119.159 255.255.255.255 + next + edit "z_BlockIP_017" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 163.121.188.3 255.255.255.255 + next + edit "z_BlockIP_108" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 164.132.138.130 255.255.255.255 + next + edit "z_BlockIP_018" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 164.132.216.41 255.255.255.255 + next + edit "z_BlockIP_019" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 168.227.229.112 255.255.255.255 + next + edit "z_BlockIP_020" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 170.78.99.190 255.255.255.255 + next + edit "z_BlockIP_021" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 170.84.78.186 255.255.255.255 + next + edit "z_BlockIP_109" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 176.126.83.149 255.255.255.255 + next + edit "z_BlockIP_022" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 177.103.240.149 255.255.255.255 + next + edit "z_BlockIP_023" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 177.107.51.162 255.255.255.255 + next + edit "z_BlockIP_024" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 177.124.37.208 255.255.255.255 + next + edit "z_BlockIP_025" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 177.36.5.7 255.255.255.255 + next + edit "z_BlockIP_026" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 177.52.79.29 255.255.255.255 + next + edit "z_BlockIP_027" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 177.8.172.86 255.255.255.255 + next + edit "z_BlockIP_111" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 178.157.82.145 255.255.255.255 + next + edit "z_BlockIP_112" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 178.157.82.80 255.255.255.255 + next + edit "z_BlockIP_028" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 179.189.241.254 255.255.255.255 + next + edit "z_BlockIP_029" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 180.250.197.188 255.255.255.255 + next + edit "z_BlockIP_030" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 181.115.168.69 255.255.255.255 + next + edit "z_BlockIP_031" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 181.129.140.140 255.255.255.255 + next + edit "z_BlockIP_032" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 181.129.49.98 255.255.255.255 + next + edit "z_BlockIP_033" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 181.129.93.226 255.255.255.255 + next + edit "z_BlockIP_034" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 181.196.61.110 255.255.255.255 + next + edit "z_BlockIP_035" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 185.117.119.163 255.255.255.255 + next + edit "z_BlockIP_113" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 185.117.73.76 255.255.255.255 + next + edit "z_BlockIP_114" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 185.135.81.147 255.255.255.255 + next + edit "z_BlockIP_115" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 185.141.27.243 255.255.255.255 + next + edit "z_BlockIP_116" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 185.172.129.147 255.255.255.255 + next + edit "z_BlockIP_117" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 185.175.156.13 255.255.255.255 + next + edit "z_BlockIP_118" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 185.180.198.141 255.255.255.255 + next + edit "z_BlockIP_119" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 185.224.134.124 255.255.255.255 + next + edit "z_BlockIP_036" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 185.251.39.9 255.255.255.255 + next + edit "z_BlockIP_037" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 185.43.6.87 255.255.255.255 + next + edit "z_BlockIP_120" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 185.65.202.115 255.255.255.255 + next + edit "z_BlockIP_038" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 185.86.150.130 255.255.255.255 + next + edit "z_BlockIP_039" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 186.138.152.228 255.255.255.255 + next + edit "z_BlockIP_040" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 186.183.199.114 255.255.255.255 + next + edit "z_BlockIP_041" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 186.226.188.105 255.255.255.255 + next + edit "z_BlockIP_042" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 186.42.186.202 255.255.255.255 + next + edit "z_BlockIP_043" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 186.42.226.46 255.255.255.255 + next + edit "z_BlockIP_044" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 187.110.100.122 255.255.255.255 + next + edit "z_BlockIP_045" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 187.58.56.26 255.255.255.255 + next + edit "z_BlockIP_046" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 189.80.134.122 255.255.255.255 + next + edit "z_BlockIP_047" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 190.13.160.19 255.255.255.255 + next + edit "z_BlockIP_048" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 190.152.4.210 255.255.255.255 + next + edit "z_BlockIP_049" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 190.154.203.218 255.255.255.255 + next + edit "z_BlockIP_122" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 191.101.251.141 255.255.255.255 + next + edit "z_BlockIP_050" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 191.101.251.146 255.255.255.255 + next + edit "z_BlockIP_051" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 191.37.181.152 255.255.255.255 + next + edit "z_BlockIP_125" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 193.187.172.99 255.255.255.255 + next + edit "z_BlockIP_126" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 193.9.60.148 255.255.255.255 + next + edit "z_BlockIP_052" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 194.1.237.76 255.255.255.255 + next + edit "z_BlockIP_053" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 195.123.212.139 255.255.255.255 + next + edit "z_BlockIP_054" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 195.123.238.13 255.255.255.255 + next + edit "z_BlockIP_055" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 195.123.243.167 255.255.255.255 + next + edit "z_BlockIP_056" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 195.123.245.47 255.255.255.255 + next + edit "z_BlockIP_057" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 195.123.246.188 255.255.255.255 + next + edit "z_BlockIP_127" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 195.161.114.191 255.255.255.255 + next + edit "z_BlockIP_128" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 195.161.62.25 255.255.255.255 + next + edit "z_BlockIP_129" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 198.23.208.16 255.255.255.255 + next + edit "z_BlockIP_130" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 198.46.190.37 255.255.255.255 + next + edit "z_BlockIP_131" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 200.35.56.81 255.255.255.255 + next + edit "z_BlockIP_058" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 201.184.69.50 255.255.255.255 + next + edit "CK-North-America-202_B" + set comment "Content Keeper North American Support" + set color 19 + set subnet 202.166.186.64 255.255.255.255 + next + edit "z_BlockIP_059" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 212.80.216.167 255.255.255.255 + next + edit "z_BlockIP_060" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 240.0.0.1 255.255.255.255 + next + edit "z_BlockIP_132" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 31.184.255.100 255.255.255.255 + next + edit "z_BlockIP_133" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 36.66.115.180 255.255.255.255 + next + edit "z_BlockIP_061" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 36.89.85.103 255.255.255.255 + next + edit "z_BlockIP_062" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 37.18.30.99 255.255.255.255 + next + edit "z_BlockIP_063" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 37.44.215.169 255.255.255.255 + next + edit "z_BlockIP_064" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 45.127.222.53 255.255.255.255 + next + edit "z_BlockIP_065" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 45.160.145.102 255.255.255.255 + next + edit "z_BlockIP_066" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 45.160.145.109 255.255.255.255 + next + edit "z_BlockIP_067" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 45.160.145.179 255.255.255.255 + next + edit "z_BlockIP_068" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 45.160.145.18 255.255.255.255 + next + edit "z_BlockIP_069" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 45.160.145.203 255.255.255.255 + next + edit "z_BlockIP_070" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 45.160.145.216 255.255.255.255 + next + edit "z_BlockIP_071" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 45.160.145.222 255.255.255.255 + next + edit "z_BlockIP_072" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 45.160.145.53 255.255.255.255 + next + edit "z_BlockIP_073" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 45.160.145.58 255.255.255.255 + next + edit "z_BlockIP_074" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 45.160.145.8 255.255.255.255 + next + edit "z_BlockIP_075" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 45.230.176.158 255.255.255.255 + next + edit "z_BlockIP_076" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 45.67.228.192 255.255.255.255 + next + edit "z_BlockIP_077" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 47.27.175.168 255.255.255.255 + next + edit "z_BlockIP_078" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 5.189.224.172 255.255.255.255 + next + edit "z_BlockIP_079" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 5.253.63.106 255.255.255.255 + next + edit "z_BlockIP_080" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 5.4.5.4 255.255.255.255 + next + edit "Safeschools_02" + set comment "IP address for Safe Schools video training. Used to access LDAP authentication." + set subnet 18.219.244.165 255.255.255.255 + next + edit "z_BlockIP_081" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 64.44.51.108 255.255.255.255 + next + edit "z_BlockIP_082" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 64.44.51.79 255.255.255.255 + next + edit "z_BlockIP_083" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 68.186.167.196 255.255.255.255 + next + edit "z_BlockIP_084" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 78.155.206.85 255.255.255.255 + next + edit "z_BlockIP_085" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 78.155.207.139 255.255.255.255 + next + edit "z_BlockIP_086" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 80.173.224.81 255.255.255.255 + next + edit "z_BlockIP_087" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 81.177.22.238 255.255.255.255 + next + edit "z_BlockIP_088" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 82.118.22.57 255.255.255.255 + next + edit "z_BlockIP_089" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 82.118.22.71 255.255.255.255 + next + edit "z_BlockIP_090" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 82.146.46.153 255.255.255.255 + next + edit "z_BlockIP_091" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 82.202.221.160 255.255.255.255 + next + edit "z_BlockIP_092" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 85.10.234.175 255.255.255.255 + next + edit "z_BlockIP_093" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 87.246.7.228 255.255.255.255 + next + edit "z_BlockIP_094" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 91.235.129.166 255.255.255.255 + next + edit "z_BlockIP_095" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 91.240.84.159 255.255.255.255 + next + edit "z_BlockIP_096" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 91.240.85.19 255.255.255.255 + next + edit "z_BlockIP_097" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 92.223.105.86 255.255.255.255 + next + edit "z_BlockIP_098" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 92.38.160.64 255.255.255.255 + next + edit "z_BlockIP_099" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 93.189.42.220 255.255.255.255 + next + edit "z_BlockIP_100" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 96.36.253.146 255.255.255.255 + next + edit "z_BlockIP_101" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 97.87.160.98 255.255.255.255 + next + edit "Internal_10.0.0.0_8" + set comment "Internal 10.0.0.0/8 Network" + set subnet 10.0.0.0 255.0.0.0 + next + edit "SCHC_Remote_Subnet_01" + set comment "Syracuse Community Health Center Remote Subnet" + set color 8 + set subnet 10.107.100.0 255.255.255.0 + next + edit "SCHC_Remote_Subnet_02" + set comment "Syracuse Community Health Center Remote Subnet" + set color 8 + set subnet 10.107.49.0 255.255.255.0 + next + edit "SCHC_Remote_Subnet_03" + set comment "Syracuse Community Health Center Remote Subnet" + set color 8 + set subnet 10.107.50.0 255.255.255.0 + next + edit "SCHC_15_HWSmith" + set comment "Syracuse Community Health Center HW Smith Subnet" + set color 8 + set subnet 10.15.107.0 255.255.255.0 + next + edit "SCHC_20_DrKing" + set comment "Syracuse Community Health Center Dr King Subnet" + set color 8 + set subnet 10.20.107.0 255.255.255.0 + next + edit "SCHC_22_Delaware" + set comment "Syracuse Community Health Center Delaware Subnet" + set color 8 + set subnet 10.22.107.0 255.255.255.0 + next + edit "SCHC_24_Franklin" + set comment "Syracuse Community Health Center Franklin Subnet" + set color 8 + set subnet 10.24.107.0 255.255.255.0 + next + edit "SCHC_03_PSLA" + set comment "Syracuse Community Health Center PSLA Subnet" + set color 8 + set subnet 10.3.107.0 255.255.255.0 + next + edit "SCHC_34_DrWeeks" + set comment "Syracuse Community Health Center Dr Weeks Subnet" + set color 8 + set subnet 10.34.107.0 255.255.255.0 + next + edit "SCHC_53_Blodgett" + set comment "Syracuse Community Health Center Blodgett Subnet" + set color 8 + set subnet 10.53.107.0 255.255.255.0 + next + edit "SCHC_09_Grant" + set comment "Syracuse Community Health Center Grant Subnet" + set color 8 + set subnet 10.9.107.0 255.255.255.0 + next + edit "z_BlockSub_001" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 103.139.219.0 255.255.255.0 + next + edit "z_BlockSub_002" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 103.89.88.0 255.255.252.0 + next + edit "z_BlockSub_003" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 104.140.0.0 255.255.0.0 + next + edit "z_BlockSub_004" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 104.143.83.0 255.255.255.0 + next + edit "z_BlockSub_005" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 104.206.0.0 255.255.0.0 + next + edit "z_BlockSub_006" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 107.189.8.0 255.255.252.0 + next + edit "z_BlockSub_007" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 108.179.192.0 255.255.192.0 + next + edit "z_BlockSub_008" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 112.24.0.0 255.248.0.0 + next + edit "z_BlockSub_009" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 115.220.0.0 255.255.0.0 + next + edit "z_BlockSub_010" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 120.52.0.0 255.255.0.0 + next + edit "z_BlockSub_011" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 120.55.0.0 255.255.0.0 + next + edit "z_BlockSub_012" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 125.64.0.0 255.248.0.0 + next + edit "z_BlockSub_013" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 150.107.103.0 255.255.255.0 + next + edit "z_BlockSub_014" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 162.244.80.0 255.255.252.0 + next + edit "z_BlockSub_015" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 162.247.72.0 255.255.252.0 + next + edit "z_BlockSub_016" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 162.255.116.0 255.255.252.0 + next + edit "z_BlockSub_017" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 170.130.184.0 255.255.252.0 + next + edit "Internal_172.16.0.0_12" + set comment "Internal_172.16.0.0_12 Network" + set subnet 172.16.0.0 255.240.0.0 + next + edit "z_BlockSub_019" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 172.246.0.0 255.255.0.0 + next + edit "z_BlockSub_020" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 177.0.0.0 255.0.0.0 + next + edit "z_BlockSub_021" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 184.104.0.0 255.254.0.0 + next + edit "Internal_192.168.0.0_16" + set comment "Internal_192.168.0.0_16 Network" + set subnet 192.168.0.0 255.255.0.0 + next + edit "z_BlockSub_022" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 198.108.0.0 255.252.0.0 + next + edit "z_BlockSub_024" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 199.249.230.0 255.255.255.0 + next + edit "z_BlockSub_025" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 199.59.240.0 255.255.252.0 + next + edit "z_BlockSub_026" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 202.28.0.0 255.254.0.0 + next + edit "z_BlockSub_027" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 209.141.32.0 255.255.224.0 + next + edit "z_BlockSub_028" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 209.53.0.0 255.255.0.0 + next + edit "z_BlockSub_029" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 217.0.0.0 255.0.0.0 + next + edit "z_BlockSub_030" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 218.102.96.0 255.255.224.0 + next + edit "z_BlockSub_031" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 23.129.64.0 255.255.255.0 + next + edit "z_BlockSub_032" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 23.227.128.0 255.255.224.0 + next + edit "z_BlockSub_033" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 35.0.0.0 255.255.0.0 + next + edit "z_BlockSub_034" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 38.39.24.0 255.255.248.0 + next + edit "z_BlockSub_035" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 45.224.0.0 255.240.0.0 + next + edit "z_BlockSub_037" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 71.244.60.224 255.255.255.240 + next + edit "z_BlockSub_038" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 71.64.0.0 255.240.0.0 + next + edit "z_BlockSub_039" + set comment "Malicious Subnet" + set associated-interface "outside" + set color 6 + set subnet 80.0.0.0 255.0.0.0 + next + edit "nimble_Inside_3" + set subnet 172.16.175.98 255.255.255.255 + next + edit "ntss-inside" + set comment "NTSS" + set subnet 10.1.48.68 255.255.255.255 + next + edit "city_permited_subnet_1" + set comment "***Needs to be narrowed***" + set color 28 + set subnet 10.1.0.0 255.255.0.0 + next + edit "city_permited_subnet_3" + set comment "***Needs to be examined***" + set color 28 + set subnet 10.1.50.0 255.255.255.0 + next + edit "city_permited_subnet_4" + set comment "***Needs to be examined***" + set color 28 + set subnet 10.1.150.0 255.255.255.0 + next + edit "city_permited_subnet_5" + set comment "***Needs to be examined***" + set color 28 + set subnet 10.21.150.0 255.255.255.0 + next + edit "city_permited_subnet_7" + set comment "***Needs to be examined***" + set color 28 + set subnet 10.1.7.0 255.255.255.0 + next + edit "City_Side_Subnet_1" + set comment "City\'s Subnet on their side" + set color 28 + set subnet 10.250.0.0 255.255.0.0 + next + edit "City_Side_CGR_01" + set comment "City Lights CGR Subnet on City Side" + set color 28 + set allow-routing enable + set subnet 10.253.17.0 255.255.255.0 + next + edit "City_Side_CGR_02" + set comment "City Lights CGR Subnet on City Side" + set color 28 + set allow-routing enable + set subnet 10.253.18.0 255.255.255.0 + next + edit "VPN-Range" + set type iprange + set start-ip 172.16.251.1 + set end-ip 172.16.251.127 + next + edit "SPD_Network" + set type iprange + set comment "Syracuse Police Department Network Range" + set color 2 + set start-ip 10.250.100.80 + set end-ip 10.250.100.89 + next + edit "FCTEMS_ALL_FORTICLOUD_SERVERS" + set type dynamic + set sub-type ems-tag + next + edit "Russia" + set type geography + set color 7 + set country "RU" + next + edit "China" + set type geography + set color 6 + set country "CN" + next + edit "Iran" + set type geography + set color 6 + set country "IR" + next + edit "Belarus" + set type geography + set color 6 + set country "BY" + next + edit "North Korea" + set type geography + set color 6 + set country "KP" + next + edit "SSL_VPN_Range" + set comment "Remote Access VPN IP Range" + set associated-interface "ssl.scsd" + set subnet 10.212.134.0 255.255.255.0 + next + edit "United_States" + set type geography + set associated-interface "outside" + set country "US" + next + edit "SRIC_BOCES_Server01" + set comment "SRIC BOCES - Server" + set subnet 170.161.72.15 255.255.255.255 + next + edit "z_Ryuk_01" + set comment "Block IP from Ransomware Attack" + set associated-interface "outside" + set color 6 + set subnet 177.103.240.149 255.255.255.255 + next + edit "z_Ryuk_02" + set comment "Block IP from Ransomware Attack" + set associated-interface "outside" + set color 6 + set subnet 93.189.42.220 255.255.255.255 + next + edit "z_BlockIP_134" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 138.68.50.218 255.255.255.255 + next + edit "411App_WebPage" + set type fqdn + set fqdn "411app.scsd.us" + next + edit "City_Side_Parks_Phone_Subnet" + set comment "City Parks & Rec Phones and SIP Trunk Subnet" + set color 28 + set allow-routing enable + set subnet 10.250.229.0 255.255.255.0 + next + edit "Nigeria" + set type geography + set color 6 + set country "NG" + next + edit "Afghanistan" + set type geography + set color 6 + set country "AF" + next + edit "Brazil" + set type geography + set color 6 + set country "BR" + next + edit "Columbia" + set type geography + set color 6 + set country "CO" + next + edit "India" + set type geography + set color 6 + set country "IN" + next + edit "Indonesia" + set type geography + set color 6 + set country "ID" + next + edit "Romania" + set type geography + set color 6 + set country "RO" + next + edit "Thailand" + set type geography + set color 6 + set country "TH" + next + edit "Turkey" + set type geography + set color 6 + set country "TR" + next + edit "Vietnam" + set type geography + set color 6 + set country "VN" + next + edit "SPD_22_Delaware" + set comment "SPD Firewall Delaware" + set color 2 + set subnet 10.22.70.10 255.255.255.255 + next + edit "SPD_24_Franklin" + set comment "SPD Firewall Franklin" + set color 2 + set subnet 10.24.70.10 255.255.255.255 + next + edit "z_BlockIP_135" + set comment "Malicious IP Address" + set associated-interface "outside" + set color 6 + set subnet 108.174.5.112 255.255.255.255 + next + edit "SPD_Side_Genetec" + set comment "Genetec Server Range on SPD Side" + set associated-interface "city_phones" + set color 2 + set allow-routing enable + set subnet 10.211.21.16 255.255.255.240 + next + edit "ST_External_1" + set comment "SchoolTool IIS #3" + set allow-routing enable + set subnet 172.30.45.30 255.255.255.255 + next + edit "ST_External_2" + set comment "SchoolTool Reporting" + set allow-routing enable + set subnet 172.30.45.109 255.255.255.255 + next + edit "ST_External_3" + set comment "SchoolTool SQL" + set allow-routing enable + set subnet 172.30.45.25 255.255.255.255 + next + edit "PrintOC-Outside" + set color 1 + set subnet 198.36.26.119 255.255.255.255 + next + edit "ST_External_4" + set comment "SchoolTool IIS #4" + set allow-routing enable + set subnet 172.30.45.35 255.255.255.255 + next + edit "ST_External_5" + set comment "SchoolTool IIS #2" + set allow-routing enable + set subnet 172.30.45.84 255.255.255.255 + next + edit "ST_External_6" + set comment "SchoolTool IIS #1" + set allow-routing enable + set subnet 172.30.45.107 255.255.255.255 + next + edit "SchoolTool_External_Range" + set subnet 172.30.44.0 255.255.254.0 + next + edit "ckr01-mgmt-inside-temp" + set comment "ContentKeeper Reporter 01 Management Port" + set color 19 + set subnet 10.251.1.43 255.255.255.255 + next + edit "z_BlockIP_141" + set comment "now.gg" + set associated-interface "outside" + set color 6 + set subnet 18.238.49.122 255.255.255.255 + next + edit "Webosphere_Inside" + set comment "SCSD Website" + set associated-interface "inside" + set subnet 10.1.48.117 255.255.255.255 + next + edit "Day_Enterprise_Server" + set comment "Day Automation" + set associated-interface "inside" + set color 10 + set subnet 10.1.40.108 255.255.255.255 + next + edit "Day_VM_Server" + set comment "Day Automation" + set associated-interface "inside" + set color 10 + set subnet 10.1.40.173 255.255.255.255 + next + edit "WebCRD" + set comment "printshop.scsd.us" + set associated-interface "inside" + set subnet 10.1.48.96 255.255.255.255 + next + edit "Security_01_NOC" + set associated-interface "inside" + set color 25 + set subnet 10.1.70.0 255.255.254.0 + next + edit "Security_02_ITC" + set associated-interface "inside" + set color 25 + set subnet 10.2.70.0 255.255.254.0 + next + edit "Security_03_PSLA" + set associated-interface "inside" + set color 25 + set subnet 10.3.70.0 255.255.254.0 + next + edit "Security_04_Nottingham" + set associated-interface "inside" + set color 25 + set subnet 10.4.70.0 255.255.254.0 + next + edit "Security_06_Henninger" + set associated-interface "inside" + set color 25 + set subnet 10.6.70.0 255.255.254.0 + next + edit "Security_07_Corcoran" + set associated-interface "inside" + set color 25 + set subnet 10.7.70.0 255.255.254.0 + next + edit "Security_08_Clary" + set associated-interface "inside" + set color 25 + set subnet 10.8.70.0 255.255.254.0 + next + edit "Security_09_Grant" + set associated-interface "inside" + set color 25 + set subnet 10.9.70.0 255.255.254.0 + next + edit "Security_10_Levy" + set associated-interface "inside" + set color 25 + set subnet 10.10.70.0 255.255.254.0 + next + edit "Security_13_Lincoln" + set associated-interface "inside" + set color 25 + set subnet 10.13.70.0 255.255.254.0 + next + edit "Security_14_Shea" + set associated-interface "inside" + set color 25 + set subnet 10.14.70.0 255.255.254.0 + next + edit "Security_15_HWSmith" + set associated-interface "inside" + set color 25 + set subnet 10.15.70.0 255.255.254.0 + next + edit "Security_16_Bellevue" + set associated-interface "inside" + set color 25 + set subnet 10.16.70.0 255.255.254.0 + next + edit "Security_20_DrKing" + set associated-interface "inside" + set color 25 + set subnet 10.20.70.0 255.255.254.0 + next + edit "Security_21_Danforth" + set associated-interface "inside" + set color 25 + set subnet 10.21.70.0 255.255.254.0 + next + edit "Security_22_Delaware" + set associated-interface "inside" + set color 25 + set subnet 10.22.70.0 255.255.254.0 + next + edit "Security_23_Elmwood" + set associated-interface "inside" + set color 25 + set subnet 10.23.70.0 255.255.254.0 + next + edit "Security_24_Franklin" + set associated-interface "inside" + set color 25 + set subnet 10.24.70.0 255.255.254.0 + next + edit "Security_25_Frazer" + set associated-interface "inside" + set color 25 + set subnet 10.25.70.0 255.255.254.0 + next + edit "Security_27_Elmcrest" + set associated-interface "inside" + set color 25 + set subnet 10.27.70.0 255.255.254.0 + next + edit "Security_28_Latin" + set associated-interface "inside" + set color 25 + set subnet 10.28.70.0 255.255.254.0 + next + edit "Security_29_Huntington" + set associated-interface "inside" + set color 25 + set subnet 10.29.70.0 255.255.254.0 + next + edit "Security_30_SalemHyde" + set associated-interface "inside" + set color 25 + set subnet 10.30.70.0 255.255.254.0 + next + edit "Security_33_LeMoyne" + set associated-interface "inside" + set color 25 + set subnet 10.33.70.0 255.255.254.0 + next + edit "Security_34_DrWeeks" + set associated-interface "inside" + set color 25 + set subnet 10.34.70.0 255.255.254.0 + next + edit "Security_36_McKinley" + set associated-interface "inside" + set color 25 + set subnet 10.36.70.0 255.255.254.0 + next + edit "Security_37_Meachem" + set associated-interface "inside" + set color 25 + set subnet 10.37.70.0 255.255.254.0 + next + edit "Security_40_Porter" + set associated-interface "inside" + set color 25 + set subnet 10.40.70.0 255.255.254.0 + next + edit "Security_41_BOVA" + set associated-interface "inside" + set color 25 + set subnet 10.41.70.0 255.255.254.0 + next + edit "Security_42_Roberts" + set associated-interface "inside" + set color 25 + set subnet 10.42.70.0 255.255.254.0 + next + edit "Security_44_Seymour" + set associated-interface "inside" + set color 25 + set subnet 10.44.70.0 255.255.254.0 + next + edit "Security_45_EdSmith" + set associated-interface "inside" + set color 25 + set subnet 10.45.70.0 255.255.254.0 + next + edit "Security_46_Phoenix" + set associated-interface "inside" + set color 25 + set subnet 10.46.70.0 255.255.254.0 + next + edit "Security_47_McCarthy" + set associated-interface "inside" + set color 25 + set subnet 10.47.70.0 255.255.254.0 + next + edit "Security_48_Beard" + set associated-interface "inside" + set color 25 + set subnet 10.48.70.0 255.255.254.0 + next + edit "Security_49_VanDuyn" + set associated-interface "inside" + set color 25 + set subnet 10.49.70.0 255.255.254.0 + next + edit "Security_51_Webster" + set associated-interface "inside" + set color 25 + set subnet 10.51.70.0 255.255.254.0 + next + edit "Security_53_Blodgett" + set associated-interface "inside" + set color 25 + set subnet 10.53.70.0 255.255.254.0 + next + edit "Security_54_JVC" + set associated-interface "inside" + set color 25 + set subnet 10.54.70.0 255.255.254.0 + next + edit "Security_55_CentralOffice" + set associated-interface "inside" + set color 25 + set subnet 10.55.70.0 255.255.254.0 + next + edit "Security_56_SSC" + set associated-interface "inside" + set color 25 + set subnet 10.56.70.0 255.255.254.0 + next + edit "Security_57_Transportation" + set associated-interface "inside" + set color 25 + set subnet 10.57.70.0 255.255.254.0 + next + edit "Security_60_PDC" + set associated-interface "inside" + set color 25 + set subnet 10.60.70.0 255.255.254.0 + next + edit "Security_86_StLucy" + set associated-interface "inside" + set color 25 + set subnet 10.86.70.0 255.255.254.0 + next + edit "psdevdb1" + set comment "Peoplesoft" + set associated-interface "inside" + set color 20 + set subnet 10.1.18.136 255.255.255.255 + next + edit "hypprodweb1" + set comment "Hyperion" + set associated-interface "inside" + set color 22 + set subnet 10.1.18.84 255.255.255.255 + next + edit "psprddb1" + set comment "Peoplesoft" + set associated-interface "inside" + set color 20 + set subnet 10.1.18.138 255.255.255.255 + next + edit "psqasdb1" + set comment "Peoplesoft" + set associated-interface "inside" + set color 20 + set subnet 10.1.18.137 255.255.255.255 + next + edit "psdevfin" + set comment "Peoplesoft" + set associated-interface "inside" + set color 20 + set subnet 10.1.18.122 255.255.255.255 + next + edit "psdevhcm" + set comment "Peoplesoft" + set associated-interface "inside" + set color 20 + set subnet 10.1.18.125 255.255.255.255 + next + edit "psprdess" + set comment "Peoplesoft" + set associated-interface "inside" + set color 20 + set subnet 10.1.18.200 255.255.255.255 + next + edit "psprdfin" + set comment "Peoplesoft" + set associated-interface "inside" + set color 20 + set subnet 10.1.18.120 255.255.255.255 + next + edit "psprdhcm" + set comment "Peoplesoft" + set associated-interface "inside" + set color 20 + set subnet 10.1.18.123 255.255.255.255 + next + edit "psprdrpx" + set comment "Peoplesoft" + set associated-interface "inside" + set color 20 + set subnet 10.1.18.201 255.255.255.255 + next + edit "psqasfin" + set comment "Peoplesoft" + set associated-interface "inside" + set color 20 + set subnet 10.1.18.121 255.255.255.255 + next + edit "psqashcm" + set comment "Peoplesoft" + set associated-interface "inside" + set color 20 + set subnet 10.1.18.124 255.255.255.255 + next + edit "pstools" + set comment "Peoplesoft" + set associated-interface "inside" + set color 20 + set subnet 10.1.18.130 255.255.255.255 + next + edit "hypprodweb2" + set comment "Hyperion" + set associated-interface "inside" + set color 22 + set subnet 10.1.18.85 255.255.255.255 + next + edit "hypprodess" + set comment "Hyperion" + set associated-interface "inside" + set color 22 + set subnet 10.1.18.83 255.255.255.255 + next + edit "hypprodwin7" + set comment "Hyperion" + set associated-interface "inside" + set color 22 + set subnet 10.1.18.86 255.255.255.255 + next + edit "psnagus" + set comment "Peoplesoft" + set associated-interface "inside" + set color 20 + set subnet 10.1.18.131 255.255.255.255 + next + edit "psupgfin" + set comment "Peoplesoft" + set associated-interface "inside" + set color 20 + set subnet 10.1.18.150 255.255.255.255 + next + edit "psupghcm" + set comment "Peoplesoft" + set associated-interface "inside" + set color 20 + set subnet 10.1.18.151 255.255.255.255 + next + edit "hypdeveb" + set comment "Hyperion" + set associated-interface "inside" + set color 22 + set subnet 10.1.18.50 255.255.255.255 + next + edit "hypdevw1" + set comment "Hyperion" + set associated-interface "inside" + set color 22 + set subnet 10.1.18.51 255.255.255.255 + next + edit "hypdevw3" + set comment "Hyperion" + set associated-interface "inside" + set color 22 + set subnet 10.1.18.59 255.255.255.255 + next + edit "hypprdeb" + set comment "Hyperion" + set associated-interface "inside" + set color 22 + set subnet 10.1.18.53 255.255.255.255 + next + edit "hypprdw1" + set comment "Hyperion" + set associated-interface "inside" + set color 22 + set subnet 10.1.18.54 255.255.255.255 + next + edit "hypprdw2" + set comment "Hyperion" + set associated-interface "inside" + set color 22 + set subnet 10.1.18.55 255.255.255.255 + next + edit "hypqaeb" + set comment "Hyperion" + set associated-interface "inside" + set color 22 + set subnet 10.1.18.56 255.255.255.255 + next + edit "hypqaw1" + set comment "Hyperion" + set associated-interface "inside" + set color 22 + set subnet 10.1.18.57 255.255.255.255 + next + edit "hypqaw2" + set comment "Hyperion" + set associated-interface "inside" + set color 22 + set subnet 10.1.18.58 255.255.255.255 + next + edit "Nighttime_Inside" + set comment "Nighttime sends backups" + set associated-interface "inside" + set subnet 10.1.40.191 255.255.255.255 + next + edit "411app" + set associated-interface "inside" + set subnet 10.1.40.216 255.255.255.255 + next + edit "411sql" + set associated-interface "inside" + set subnet 10.1.40.225 255.255.255.255 + next + edit "DocHolliday" + set comment "WebCRD Server" + set associated-interface "inside" + set subnet 10.1.48.78 255.255.255.255 + next + edit "Day_Continuum_Server" + set comment "Day Automation" + set associated-interface "inside" + set color 10 + set subnet 10.1.40.188 255.255.255.255 + next + edit "Genetec" + set associated-interface "inside" + set subnet 10.1.70.30 255.255.255.255 + next + edit "DC01_A" + set comment "Domain Controller for DNS and LDAP" + set associated-interface "inside" + set color 14 + set subnet 10.1.40.10 255.255.255.255 + next + edit "DC01_B" + set comment "Domain Controller for DNS and LDAP" + set associated-interface "inside" + set color 14 + set subnet 10.1.40.95 255.255.255.255 + next + edit "DC01_C" + set comment "Domain Controller for DNS and LDAP" + set associated-interface "inside" + set color 14 + set subnet 10.1.48.120 255.255.255.255 + next + edit "HVDC02" + set comment "Domain Controller for DNS and LDAP" + set associated-interface "inside" + set color 14 + set subnet 10.21.48.10 255.255.255.255 + next + edit "HVDC03_A" + set comment "Domain Controller for DNS and LDAP" + set associated-interface "inside" + set color 14 + set subnet 10.1.48.95 255.255.255.255 + next + edit "HVDC03_B" + set comment "Domain Controller for DNS and LDAP" + set associated-interface "inside" + set color 14 + set subnet 10.1.48.10 255.255.255.255 + next + edit "Tim PC" + set associated-interface "inside" + set subnet 10.1.7.137 255.255.255.255 + next + edit "CGR_16_Bellevue" + set comment "City Lights CGR - 16_Bellevue" + set associated-interface "inside" + set color 28 + set subnet 10.16.233.11 255.255.255.255 + next + edit "CGR_55_CentralOffice" + set comment "City Lights CGR - 55_Central Offices" + set associated-interface "inside" + set color 28 + set subnet 10.55.233.11 255.255.255.255 + next + edit "CGR_45_EdSmith" + set comment "City Lights CGR - 45_EdSmith" + set associated-interface "inside" + set color 28 + set subnet 10.45.233.11 255.255.255.255 + next + edit "CGR_23_Elmwood" + set comment "City Lights CGR - 23_Elmwood" + set associated-interface "inside" + set color 28 + set subnet 10.23.233.11 255.255.255.255 + next + edit "CGR_24_Franklin" + set comment "City Lights CGR - 24_Franklin" + set associated-interface "inside" + set color 28 + set subnet 10.24.233.11 255.255.255.255 + next + edit "CGR_29_Huntington" + set comment "City Lights CGR - 29_Huntington" + set associated-interface "inside" + set color 28 + set subnet 10.29.233.11 255.255.255.255 + next + edit "CGR_15_HWSmith" + set comment "City Lights CGR - 15_HWSmith" + set associated-interface "inside" + set color 28 + set subnet 10.15.233.11 255.255.255.255 + next + edit "CGR_48_Beard" + set comment "City Lights CGR - 48_Beard" + set associated-interface "inside" + set color 28 + set subnet 10.48.233.11 255.255.255.255 + next + edit "CGR_36_McKinley" + set comment "City Lights CGR - 36_McKinley" + set associated-interface "inside" + set color 28 + set subnet 10.36.233.11 255.255.255.255 + next + edit "CGR_37_Meachem" + set comment "City Lights CGR - 37_Meachem" + set associated-interface "inside" + set color 28 + set subnet 10.37.233.11 255.255.255.255 + next + edit "CGR_40_Porter" + set comment "City Lights CGR - 40_Porter" + set associated-interface "inside" + set color 28 + set subnet 10.40.233.11 255.255.255.255 + next + edit "CGR_30_SalemHyde" + set comment "City Lights CGR - 30_SalemHyde" + set associated-interface "inside" + set color 28 + set subnet 10.30.233.11 255.255.255.255 + next + edit "CGR_44_Seymour" + set comment "City Lights CGR - 44_Seymour" + set associated-interface "inside" + set color 28 + set subnet 10.44.233.11 255.255.255.255 + next + edit "CGR_49_VanDuyn" + set comment "City Lights CGR - 49_VanDuyn" + set associated-interface "inside" + set color 28 + set subnet 10.49.233.11 255.255.255.255 + next + edit "CGR_51_Webster" + set comment "City Lights CGR - 51_Webster" + set associated-interface "inside" + set color 28 + set subnet 10.51.233.11 255.255.255.255 + next + edit "z_BlockIP_000" + set associated-interface "outside" + set color 6 + set subnet 103.117.232.199 255.255.255.255 + next + edit "hypdevw2" + set comment "Hyperion" + set associated-interface "inside" + set color 22 + set subnet 10.1.18.52 255.255.255.255 + next + edit "Access_Control_01_NOC" + set comment "01_NOC_Access_Control" + set associated-interface "inside" + set color 29 + set subnet 10.1.72.0 255.255.255.0 + next + edit "Access_Control_02_ITC" + set comment "02_ITC_Access_Control" + set associated-interface "inside" + set color 29 + set subnet 10.2.72.0 255.255.255.0 + next + edit "Access_Control_03_PSLA" + set comment "Access Control PSLA at Fowler" + set associated-interface "inside" + set color 29 + set subnet 10.3.72.0 255.255.255.0 + next + edit "Access_Control_04_Nottingham" + set comment "Access Control Nottingham" + set associated-interface "inside" + set color 29 + set subnet 10.4.72.0 255.255.255.0 + next + edit "Access_Control_06_Henninger" + set comment "Access Control Henninger" + set associated-interface "inside" + set color 29 + set subnet 10.6.72.0 255.255.255.0 + next + edit "Access_Control_07_Corcoran" + set comment "Access Control Corcoran" + set associated-interface "inside" + set color 29 + set subnet 10.7.72.0 255.255.255.0 + next + edit "Access_Control_08_Clary" + set comment "Access Control Clary" + set associated-interface "inside" + set color 29 + set subnet 10.8.72.0 255.255.255.0 + next + edit "Access_Control_09_Grant" + set comment "Access Control Grant" + set associated-interface "inside" + set color 29 + set subnet 10.9.72.0 255.255.255.0 + next + edit "Access_Control_10_Levy" + set comment "Access Control Levy" + set associated-interface "inside" + set color 29 + set subnet 10.10.72.0 255.255.255.0 + next + edit "Access_Control_40_Porter" + set comment "Access Control Porter" + set associated-interface "inside" + set color 29 + set subnet 10.40.72.0 255.255.255.0 + next + edit "PeopleTools" + set comment "Peoplesoft" + set associated-interface "inside" + set color 20 + set subnet 10.1.18.100 255.255.255.255 + next + edit "psupgfin2" + set comment "Peoplesoft" + set associated-interface "inside" + set color 20 + set subnet 10.1.18.117 255.255.255.255 + next + edit "psupghcm2" + set comment "Peoplesoft" + set associated-interface "inside" + set color 20 + set subnet 10.1.18.116 255.255.255.255 + next + edit "pum_a" + set comment "Peoplesoft" + set associated-interface "inside" + set color 20 + set subnet 10.1.18.111 255.255.255.255 + next + edit "pum_b" + set comment "Peoplesoft" + set associated-interface "inside" + set color 20 + set subnet 10.1.18.112 255.255.255.255 + next + edit "SMTP_Office365_a" + set comment "Microsoft to Barracuda Archivers" + set associated-interface "outside" + set subnet 104.47.0.0 255.255.128.0 + next + edit "SMTP_Office365_b" + set comment "Microsoft to Barracuda Archivers" + set associated-interface "outside" + set subnet 40.92.0.0 255.254.0.0 + next + edit "SMTP_Office365_c" + set comment "Microsoft to Barracuda Archivers" + set associated-interface "outside" + set subnet 40.107.0.0 255.255.0.0 + next + edit "SMTP_Office365_d" + set comment "Microsoft to Barracuda Archivers" + set associated-interface "outside" + set subnet 52.100.0.0 255.252.0.0 + next + edit "City_Side_VoIP_30" + set comment "City Side VoIP" + set associated-interface "city_phones" + set color 28 + set allow-routing enable + set subnet 10.250.30.0 255.255.255.0 + next + edit "City_Side_VoIP_56" + set comment "City Side VoIP" + set associated-interface "city_phones" + set color 28 + set allow-routing enable + set subnet 10.250.56.0 255.255.255.0 + next + edit "City_Side_VoIP_61" + set comment "City Side VoIP" + set associated-interface "city_phones" + set color 28 + set allow-routing enable + set subnet 10.250.61.0 255.255.255.0 + next + edit "City_Side_VoIP_62" + set comment "City Side VoIP" + set associated-interface "city_phones" + set color 28 + set allow-routing enable + set subnet 10.250.62.0 255.255.255.0 + next + edit "City_Side_VoIP_63" + set comment "City Side VoIP" + set associated-interface "city_phones" + set color 28 + set allow-routing enable + set subnet 10.250.63.0 255.255.255.0 + next + edit "City_Side_VoIP_64" + set comment "City Side VoIP" + set associated-interface "city_phones" + set color 28 + set allow-routing enable + set subnet 10.250.64.0 255.255.255.0 + next + edit "City_Side_VoIP_65" + set comment "City Side VoIP" + set associated-interface "city_phones" + set color 28 + set allow-routing enable + set subnet 10.250.65.0 255.255.255.0 + next + edit "City_Side_VoIP_66" + set comment "City Side VoIP" + set associated-interface "city_phones" + set color 28 + set allow-routing enable + set subnet 10.250.66.0 255.255.255.0 + next + edit "City_Side_VoIP_67" + set comment "City Side VoIP" + set associated-interface "city_phones" + set color 28 + set allow-routing enable + set subnet 10.250.67.0 255.255.255.0 + next + edit "City_Side_VoIP_68" + set comment "City Side VoIP" + set associated-interface "city_phones" + set color 28 + set allow-routing enable + set subnet 10.250.68.0 255.255.255.0 + next + edit "City_Side_VoIP_72" + set comment "City Side VoIP" + set associated-interface "city_phones" + set color 28 + set allow-routing enable + set subnet 10.250.72.0 255.255.255.0 + next + edit "City_Side_VoIP_74" + set comment "City Side VoIP" + set associated-interface "city_phones" + set color 28 + set allow-routing enable + set subnet 10.250.74.0 255.255.255.0 + next + edit "City_Side_VoIP_75" + set comment "City Side VoIP" + set associated-interface "city_phones" + set color 28 + set allow-routing enable + set subnet 10.250.75.0 255.255.255.0 + next + edit "City_Side_VoIP_76" + set comment "City Side VoIP" + set associated-interface "city_phones" + set color 28 + set allow-routing enable + set subnet 10.250.76.0 255.255.255.0 + next + edit "City_Side_VoIP_77" + set comment "City Side VoIP - Includes DPW Router" + set associated-interface "city_phones" + set color 28 + set allow-routing enable + set subnet 10.250.77.0 255.255.255.0 + next + edit "City_Side_VoIP_88" + set comment "City Side VoIP" + set associated-interface "city_phones" + set color 28 + set allow-routing enable + set subnet 10.250.88.0 255.255.255.0 + next + edit "City_Side_VoIP_132" + set comment "City Side VoIP" + set associated-interface "city_phones" + set color 28 + set allow-routing enable + set subnet 10.250.132.0 255.255.255.0 + next + edit "City_Side_VoIP_1_Park_Place_A" + set comment "City Side VoIP" + set associated-interface "city_phones" + set color 28 + set allow-routing enable + set subnet 10.249.0.44 255.255.255.255 + next + edit "CUCM_BRIGHTON" + set comment "SCSD Cisco Call Managers" + set associated-interface "inside" + set color 5 + set subnet 10.21.150.0 255.255.255.0 + next + edit "CUCM_ITC_NOC" + set comment "SCSD Cisco Call Managers" + set associated-interface "inside" + set color 5 + set subnet 10.1.150.0 255.255.255.0 + next + edit "City_Side_VoIP_1_Park_Place_B" + set comment "City Side VoIP" + set associated-interface "city_phones" + set color 28 + set allow-routing enable + set subnet 10.235.40.0 255.255.248.0 + next + edit "City_Side_VoIP_Router_A" + set comment "City Side VoIP Router" + set associated-interface "city_phones" + set color 28 + set allow-routing enable + set subnet 10.250.51.21 255.255.255.255 + next + edit "City_Side_VoIP_Router_B" + set comment "City Side VoIP Router" + set associated-interface "city_phones" + set color 28 + set allow-routing enable + set subnet 10.250.51.23 255.255.255.255 + next + edit "SPD_Side_A" + set comment "SPD Side Firewall" + set associated-interface "city_phones" + set color 2 + set allow-routing enable + set subnet 10.250.100.80 255.255.255.248 + next + edit "SPD_Side_B" + set comment "SPD Side Firewall" + set associated-interface "city_phones" + set color 2 + set allow-routing enable + set subnet 10.250.100.88 255.255.255.254 + next + edit "County_Network" + set comment "Onondaga County Purchasing Department" + set associated-interface "city_phones" + set allow-routing enable + set subnet 10.250.100.90 255.255.255.255 + next + edit "City_Side_VoIP_Water_DPW_Recorder" + set comment "City Side VoIP" + set associated-interface "city_phones" + set color 28 + set allow-routing enable + set subnet 10.249.0.46 255.255.255.255 + next + edit "Microsoft 1" + set comment "Located in India" + set associated-interface "outside" + set subnet 13.71.55.58 255.255.255.255 + next + edit "NVR-NOC" + set comment "NVR ITC Data Center" + set associated-interface "inside" + set color 2 + set allow-routing enable + set subnet 10.1.70.38 255.255.255.255 + next + edit "NVR-FAILOVER" + set comment "NVR ITC Data Center" + set associated-interface "inside" + set color 2 + set allow-routing enable + set subnet 10.1.70.27 255.255.255.255 + next + edit "NVR-RING1-CLAR" + set comment "NVR Clary MDF" + set associated-interface "inside" + set color 2 + set allow-routing enable + set subnet 10.8.70.11 255.255.255.255 + next + edit "NVR-RING1-CLAR2" + set comment "NVR Clary MDF" + set associated-interface "inside" + set color 2 + set allow-routing enable + set subnet 10.8.70.14 255.255.255.255 + next + edit "NVR-RING1-CORC" + set comment "NVR Corcoran MDF" + set associated-interface "inside" + set color 2 + set allow-routing enable + set subnet 10.7.70.11 255.255.255.255 + next + edit "NVR-RING1-CORC2" + set comment "NVR Corcoran MDF" + set associated-interface "inside" + set color 2 + set allow-routing enable + set subnet 10.7.70.14 255.255.255.255 + next + edit "NVR-RING2-DANF" + set comment "NVR Danforth MDF" + set associated-interface "inside" + set color 2 + set allow-routing enable + set subnet 10.21.70.11 255.255.255.255 + next + edit "NVR-RING2-DANF2" + set comment "NVR Danforth MDF" + set associated-interface "inside" + set color 2 + set allow-routing enable + set subnet 10.21.70.14 255.255.255.255 + next + edit "NVR-RING3-PSLA" + set comment "NVR PSLA MDF" + set associated-interface "inside" + set color 2 + set allow-routing enable + set subnet 10.3.70.11 255.255.255.255 + next + edit "NVR-RING3-PSLA2" + set comment "NVR PSLA MDF" + set associated-interface "inside" + set color 2 + set allow-routing enable + set subnet 10.3.70.14 255.255.255.255 + next + edit "NVR-RING4-BLOD" + set comment "NVR Blodgett MDF" + set associated-interface "inside" + set color 2 + set allow-routing enable + set subnet 10.53.70.11 255.255.255.255 + next + edit "NVR-RING4-FRAZ" + set comment "NVR Frazier MDF" + set associated-interface "inside" + set color 2 + set allow-routing enable + set subnet 10.25.70.11 255.255.255.255 + next + edit "NVR-RING5-CENT" + set comment "NVR Central Offices MDF" + set associated-interface "inside" + set color 2 + set allow-routing enable + set subnet 10.55.70.11 255.255.255.255 + next + edit "NVR-RING6-EDSM" + set comment "NVR Ed Smith MDF" + set associated-interface "inside" + set color 2 + set allow-routing enable + set subnet 10.45.70.11 255.255.255.255 + next + edit "NVR-RING6-HWSM" + set comment "NVR HW Smith MDF" + set associated-interface "inside" + set color 2 + set allow-routing enable + set subnet 10.15.70.11 255.255.255.255 + next + edit "NVR-RING6-HWSM2" + set comment "NVR HW Smith MDF" + set associated-interface "inside" + set color 2 + set allow-routing enable + set subnet 10.15.70.14 255.255.255.255 + next + edit "NVR-RING6-NOTT" + set comment "NVR Nottingham MDF" + set associated-interface "inside" + set color 2 + set allow-routing enable + set subnet 10.4.70.11 255.255.255.255 + next + edit "NVR-RING7-BELL" + set comment "NVR Bellevue MDF" + set associated-interface "inside" + set color 2 + set allow-routing enable + set subnet 10.16.70.11 255.255.255.255 + next + edit "NVR-RING7-GRAN" + set comment "NVR Grant 2nd Floor IDF" + set associated-interface "inside" + set color 2 + set allow-routing enable + set subnet 10.9.70.11 255.255.255.255 + next + edit "NVR-RING7-GRAN2" + set comment "NVR Grant 2nd Floor IDF" + set associated-interface "inside" + set color 2 + set allow-routing enable + set subnet 10.9.70.14 255.255.255.255 + next + edit "NVR-RING8-HENN" + set comment "NVR Henninger MDF" + set associated-interface "inside" + set color 2 + set allow-routing enable + set subnet 10.6.70.11 255.255.255.255 + next + edit "NVR-RING8-HENN2" + set comment "NVR Henninger MDF" + set associated-interface "inside" + set color 2 + set allow-routing enable + set subnet 10.6.70.14 255.255.255.255 + next + edit "NVR-RING8-HUNT" + set comment "NVR Huntington MDF" + set associated-interface "inside" + set color 2 + set allow-routing enable + set subnet 10.29.70.11 255.255.255.255 + next + edit "Genetec-Dir" + set comment "Genetec Directory" + set associated-interface "inside" + set color 2 + set allow-routing enable + set subnet 10.1.70.141 255.255.255.255 + next + edit "Genetec-DirBU" + set comment "Genetec Directory Backup" + set associated-interface "inside" + set color 2 + set allow-routing enable + set subnet 10.1.70.22 255.255.255.255 + next + edit "Genetec-Media" + set comment "Genetec Media Server" + set associated-interface "inside" + set color 2 + set allow-routing enable + set subnet 10.1.70.143 255.255.255.255 + next + edit "Genetec-MRouter" + set comment "Genetec Media Server" + set associated-interface "inside" + set color 2 + set allow-routing enable + set subnet 10.1.70.145 255.255.255.255 + next + edit "MS_Teams_External_A" + set comment "MS Teams for SBC" + set associated-interface "outside" + set subnet 13.107.64.0 255.255.192.0 + next + edit "MS_Teams_External_B" + set comment "MS Teams for SBC" + set associated-interface "outside" + set subnet 52.112.0.0 255.252.0.0 + next + edit "SBC-NOC" + set associated-interface "inside" + set allow-routing enable + set subnet 10.1.150.21 255.255.255.255 + next + edit "SBC-DAN" + set comment "Moved to Brighton Academy 09FEB2024" + set associated-interface "inside" + set allow-routing enable + set subnet 10.21.150.21 255.255.255.255 + next + edit "DataTools" + set comment "ODBC Connection to ST DB" + set associated-interface "inside" + set allow-routing enable + set subnet 10.1.48.67 255.255.255.255 + next + edit "ST_Internal_2" + set associated-interface "inside" + set allow-routing enable + set subnet 10.1.40.191 255.255.255.255 + next + edit "Tableau" + set comment "ODBC connections to ST DB" + set associated-interface "inside" + set subnet 10.1.48.61 255.255.255.255 + next + edit "21JumpSt" + set comment "Jumpbox for SchoolTool" + set associated-interface "inside" + set subnet 10.1.48.128 255.255.255.255 + next + edit "Fileserver03" + set comment "Cloud ST to write SMB Here" + set associated-interface "inside" + set subnet 10.1.48.97 255.255.255.255 + next + edit "SchoolTool webjs" + set comment "SchoolTool" + set associated-interface "inside" + set color 18 + set subnet 10.1.40.102 255.255.255.255 + next + edit "Server_40" + set associated-interface "inside" + set subnet 10.1.40.0 255.255.255.0 + next + edit "Server_48" + set associated-interface "inside" + set subnet 10.1.48.0 255.255.255.0 + next + edit "Test_10.10.1.20" + set subnet 10.10.1.20 255.255.255.255 + next + edit "AW_inbound.us002-prod.arcticwolf.net" + set type iprange + set comment "Arctic Wolf" + set associated-interface "outside" + set start-ip 3.145.238.128 + set end-ip 3.145.238.159 + next + edit "AW_device-activation.us-global-prod.arcticwolf.net" + set type iprange + set comment "Arctic Wolf" + set associated-interface "outside" + set start-ip 35.84.197.208 + set end-ip 35.84.197.228 + next + edit "AW_drs.us-global-prod.arcticwolf.net" + set type iprange + set comment "Arctic Wolf" + set associated-interface "outside" + set start-ip 44.239.235.232 + set end-ip 44.239.235.239 + next + edit "AW_auth.arcticwolf.com" + set type fqdn + set comment "Arctic Wolf" + set associated-interface "outside" + set fqdn "auth.arcticwolf.com" + next + edit "AW_Scanner_MerryChristmas" + set associated-interface "inside" + set subnet 10.1.40.222 255.255.255.255 + next + edit "DPS_local_subnet_1" + set allow-routing enable + next + edit "DPS_remote_subnet_1" + set allow-routing enable + next + edit "Schroeder _CT_NOC_CVM" + set comment "Nutanix CVM" + set associated-interface "inside" + set subnet 10.1.40.181 255.255.255.255 + next + edit "Pigpen_CT_NOC_CVM" + set comment "Nutanix CVM" + set associated-interface "inside" + set subnet 10.101.180.26 255.255.255.255 + next + edit "RedBaron_CT_NOC_CVM" + set comment "Nutanix CVM" + set associated-interface "inside" + set subnet 10.101.180.27 255.255.255.255 + next + edit "Sally_CT_NOC_CVM" + set comment "Nutanix CVM" + set associated-interface "inside" + set subnet 10.101.180.29 255.255.255.255 + next + edit "Patty_CT_NOC_CVM" + set comment "Nutanix CVM" + set associated-interface "inside" + set subnet 10.101.180.30 255.255.255.255 + next + edit "Nutanix_Support1" + set type fqdn + set associated-interface "outside" + set fqdn "nsc01.nutanix.net" + next + edit "Nutanix_Support2" + set type fqdn + set associated-interface "outside" + set fqdn "nsc02.nutanix.net" + next + edit "z_BlockIP_138" + set associated-interface "outside" + set color 6 + set subnet 172.86.91.155 255.255.255.255 + next + edit "z_BlockIP_139" + set associated-interface "outside" + set color 6 + set subnet 103.35.189.221 255.255.255.255 + next + edit "z_BlockIP_140" + set associated-interface "outside" + set color 6 + set subnet 94.131.101.15 255.255.255.255 + next + edit "z_BlockIP_142" + set associated-interface "outside" + set color 6 + set subnet 103.35.189.104 255.255.255.255 + next + edit "z_BlockIP_143" + set associated-interface "outside" + set color 6 + set subnet 172.86.112.56 255.255.255.255 + next + edit "z_BlockIP_144" + set associated-interface "outside" + set color 6 + set subnet 194.116.173.199 255.255.255.255 + next + edit "z_BlockIP_145" + set associated-interface "outside" + set color 6 + set subnet 172.86.84.61 255.255.255.255 + next + edit "z_BlockIP_146" + set associated-interface "outside" + set color 6 + set subnet 103.35.188.34 255.255.255.255 + next + edit "z_BlockIP_147" + set associated-interface "outside" + set color 6 + set subnet 74.119.194.18 255.255.255.255 + next + edit "z_BlockIP_148" + set associated-interface "outside" + set color 6 + set subnet 141.98.168.11 255.255.255.255 + next + edit "z_BlockIP_149" + set associated-interface "outside" + set color 6 + set subnet 103.35.188.74 255.255.255.255 + next + edit "z_BlockIP_150" + set associated-interface "outside" + set color 6 + set subnet 5.180.24.94 255.255.255.255 + next + edit "z_BlockIP_151" + set associated-interface "outside" + set color 6 + set subnet 141.98.168.14 255.255.255.255 + next + edit "z_BlockIP_" + set associated-interface "outside" + set color 6 + set subnet 45.150.65.206 255.255.255.255 + next + edit "z_BlockRange_01" + set type iprange + set associated-interface "outside" + set color 6 + set start-ip 103.35.188.0 + set end-ip 103.35.189.255 + next + edit "z_BlockRange_02" + set type iprange + set associated-interface "outside" + set color 6 + set start-ip 172.86.84.0 + set end-ip 172.86.84.255 + next + edit "z_BlockRange_03" + set type iprange + set associated-interface "outside" + set color 6 + set start-ip 194.116.173.0 + set end-ip 194.116.173.255 + next + edit "z_BlockSub_040" + set associated-interface "outside" + set color 6 + set subnet 74.119.194.0 255.255.255.0 + next + edit "z_BlockSub_041" + set associated-interface "outside" + set color 6 + set subnet 141.98.168.0 255.255.255.0 + next + edit "z_BlockSub_042" + set associated-interface "outside" + set color 6 + set subnet 5.180.24.0 255.255.255.0 + next + edit "ITC_Cafe_POS" + set comment "Point of Sale" + set associated-interface "inside" + set subnet 10.2.4.125 255.255.255.255 + next + edit "Clary_POS" + set comment "Point of Sale" + set associated-interface "inside" + set subnet 10.8.1.47 255.255.255.255 + next + edit "Porter_POS" + set comment "Point of Sale" + set associated-interface "inside" + set subnet 10.40.1.69 255.255.255.255 + next + edit "AW_Scanner _HappyHalloween" + set comment "Scanner for Servers Only" + set associated-interface "inside" + set subnet 10.1.40.211 255.255.255.255 + next + edit "AW_Scanner_HappyNewYear" + set associated-interface "inside" + set subnet 10.1.40.23 255.255.255.255 + next + edit "AW_Scanner_DiaDeLosMuertos" + set associated-interface "inside" + set subnet 10.1.40.223 255.255.255.255 + next + edit "AW_Scanner_LaborDay" + set associated-interface "inside" + set subnet 10.1.40.241 255.255.255.255 + next + edit "RAP-Users" + set associated-interface "RAP" + set allow-routing enable + set subnet 10.79.1.0 255.255.255.0 + next + edit "RAP-MGMT" + set allow-routing enable + set subnet 192.168.79.0 255.255.255.0 + next + edit "Sys-Net-Admins" + set allow-routing enable + set subnet 10.1.6.0 255.255.255.0 + next + edit "Elastic" + set subnet 10.1.48.121 255.255.255.255 + next + edit "DPS_10.46.0.0/16" + set allow-routing enable + set subnet 10.46.0.0 255.255.0.0 + next + edit "DPS_Internal" + set subnet 192.168.46.0 255.255.255.0 + next + edit "DPS_192.168.146.0/24" + set allow-routing enable + set subnet 192.168.146.0 255.255.255.0 + next +end +config firewall multicast-address + edit "all_hosts" + set start-ip 224.0.0.1 + set end-ip 224.0.0.1 + next + edit "all_routers" + set start-ip 224.0.0.2 + set end-ip 224.0.0.2 + next + edit "Bonjour" + set start-ip 224.0.0.251 + set end-ip 224.0.0.251 + next + edit "EIGRP" + set start-ip 224.0.0.10 + set end-ip 224.0.0.10 + next + edit "OSPF" + set start-ip 224.0.0.5 + set end-ip 224.0.0.6 + next + edit "all" + set start-ip 224.0.0.0 + set end-ip 239.255.255.255 + next +end +config firewall address6 + edit "all" + next + edit "none" + set ip6 ::/128 + next + edit "SSLVPN_TUNNEL_IPv6_ADDR1" + set ip6 fdff:ffff::/120 + next +end +config firewall multicast-address6 + edit "all" + set ip6 ff00::/8 + next +end +config firewall addrgrp + edit "IPv4-Private-All-RFC1918" + set member "Internal_10.0.0.0_8" "Internal_172.16.0.0_12" "Internal_192.168.0.0_16" + next + edit "SCHC_Local_Subnets_Group" + set member "SCHC_03_PSLA" "SCHC_09_Grant" "SCHC_15_HWSmith" "SCHC_20_DrKing" "SCHC_22_Delaware" "SCHC_24_Franklin" "SCHC_34_DrWeeks" "SCHC_53_Blodgett" + set color 8 + next + edit "SCHC_Remote_Subnets_Group" + set member "SCHC_Remote_Subnet_02" "SCHC_Remote_Subnet_01" "SCHC_Remote_Subnet_03" + set comment "Syracuse Community Health Center Remote Subnets Group" + set color 8 + next + edit "Country Block" + set member "China" "Russia" "Iran" "Belarus" "North Korea" "Nigeria" "Afghanistan" "Brazil" "Columbia" "India" "Indonesia" "Romania" "Thailand" "Turkey" "Vietnam" + set color 6 + next + edit "City_Side_VoIP_Park_Place_Group" + set member "City_Side_VoIP_1_Park_Place_A" "City_Side_VoIP_1_Park_Place_B" + set color 28 + set allow-routing enable + next + edit "SchoolTool_Cloud_Internal" + set member "21JumpSt" "DataTools" "Fileserver03" "Nighttime_Inside" "Tableau" "DC01_A" "DC01_B" "DC01_C" "HVDC02" "HVDC03_A" "HVDC03_B" "DocHolliday" "SchoolTool webjs" "Elastic" + set comment "Access for SchoolTool Cloud" + next + edit "CONTENTKEEPER-REMOTE-SUPPORT" + set member "CK-North-America-202" "CK-Australia-203" "CK-North-America-173" "CK-North-America-8" "CK-North-America-202_B" + set comment "ContentKeeper Remote Support Networks" + set color 19 + next + edit "Nimble_Inside_Grp" + set member "Nimble_Inside_4" "Nimble_Inside_2" "Nimble_Inside_1" "nimble_Inside_3" + next + edit "SRICBOCES-OUTSIDE" + set member "SRIC_BOCES_Server02" "SRIC_BOCES_Firewall" "SRIC_BOCES_Server01" + set comment "Eastern Suffolk BOCES" + next + edit "SPD_Firewalls_Our_Side" + set member "SPD_09_Grant" "SPD_48_Beard" "SPD_56_SSC" "SPD_21_Danforth" "SPD_25_Frazer" "SPD_53_Blodgett" "SPD_20_DrKing" "SPD_44_Seymour" "SPD_22_Delaware" "SPD_24_Franklin" + set comment "SPD firewalls on our internal network." + set color 2 + next + edit "City_Permited_Subnets_Group" + set member "city_permited_subnet_4" "city_permited_subnet_1" "city_permited_subnet_5" "city_permited_subnet_3" "city_permited_subnet_7" + set comment "Subnets City is allowed to on our side" + set color 28 + next + edit "City_Subnets_Group" + set member "City_Side_Subnet_1" "City_Side_CGR_01" "City_Side_CGR_02" "City_Side_VoIP_Water_DPW_Recorder" + set comment "City subnets on their side" + set color 28 + next + edit "Day_Server_Group" + set member "Day_Enterprise_Server" "Day_VM_Server" "Day_Continuum_Server" + set color 10 + next + edit "Security_VLAN_70_Group" + set member "Security_01_NOC" "Security_02_ITC" "Security_03_PSLA" "Security_04_Nottingham" "Security_06_Henninger" "Security_07_Corcoran" "Security_08_Clary" "Security_09_Grant" "Security_10_Levy" "Security_13_Lincoln" "Security_14_Shea" "Security_15_HWSmith" "Security_16_Bellevue" "Security_20_DrKing" "Security_21_Danforth" "Security_22_Delaware" "Security_23_Elmwood" "Security_24_Franklin" "Security_25_Frazer" "Security_27_Elmcrest" "Security_28_Latin" "Security_29_Huntington" "Security_30_SalemHyde" "Security_33_LeMoyne" "Security_34_DrWeeks" "Security_36_McKinley" "Security_37_Meachem" "Security_40_Porter" "Security_41_BOVA" "Security_42_Roberts" "Security_44_Seymour" "Security_45_EdSmith" "Security_46_Phoenix" "Security_47_McCarthy" "Security_48_Beard" "Security_49_VanDuyn" "Security_51_Webster" "Security_53_Blodgett" "Security_54_JVC" "Security_55_CentralOffice" "Security_56_SSC" "Security_57_Transportation" "Security_60_PDC" "Security_86_StLucy" + set color 25 + next + edit "Peoplesoft_RDP_Group" + set member "psdevfin" "psdevhcm" "psprdess" "psprdfin" "psprdhcm" "psprdrpx" "psqasfin" "psqashcm" "pstools" "psnagus" "psupgfin" "psupghcm" "PeopleTools" "psdevdb1" "psprddb1" "psqasdb1" "psupgfin2" "psupghcm2" "pum_a" "pum_b" + set color 20 + next + edit "Hyperion_Server_Group" + set member "hypprodess" "hypprodweb1" "hypprodweb2" "hypprodwin7" "hypdeveb" "hypdevw1" "hypdevw3" "hypprdeb" "hypprdw1" "hypprdw2" "hypqaeb" "hypqaw1" "hypqaw2" "hypdevw2" + set color 22 + next + edit "Peoplesoft_SSH_Group" + set member "psdevdb1" "psprddb1" "psqasdb1" + set color 21 + next + edit "Safeschools_Group" + set member "SafeSchools_01" "Safeschools_02" + next + edit "411_Group" + set member "411app" "411sql" "411App_WebPage" + next + edit "Domain_Controller_Group" + set member "DC01_A" "DC01_B" "DC01_C" "HVDC02" "HVDC03_A" "HVDC03_B" + set color 14 + next + edit "City_CGRs_Group" + set member "CGR_16_Bellevue" "CGR_55_CentralOffice" "CGR_45_EdSmith" "CGR_23_Elmwood" "CGR_24_Franklin" "CGR_29_Huntington" "CGR_15_HWSmith" "CGR_48_Beard" "CGR_36_McKinley" "CGR_37_Meachem" "CGR_40_Porter" "CGR_30_SalemHyde" "CGR_44_Seymour" "CGR_49_VanDuyn" "CGR_51_Webster" + set comment "City CGRs on our side" + set color 28 + next + edit "CK_Inside_Group" + set member "ckf01-ipmi-inside" "ckf01-mgmt-inside" "ckf02-ipmi-inside" "ckf02-mgmt-inside" "cklb01-ipmi-inside" "cklb01-mgmt-inside" "ckm01-ipmi-inside" "ckm01-mgmt1-inside" "ckm01-mgmt2-inside" "ckm02-ipmi-inside" "ckm02-mgmt1-inside" "ckm02-mgmt2-inside" "ckm03-ipmi-inside" "ckm03-mgmt1-inside" "ckm03-mgmt2-inside" "ckr01-ipmi-inside" "ckr01-mgmt-inside" "ckr01-mgmt-inside-temp" + set comment "Content Keeper Inside Address Group" + set color 19 + next + edit "Block_List_Group" + set member "z_BlockIP_001" "z_BlockIP_002" "z_BlockIP_003" "z_BlockIP_004" "z_BlockIP_005" "z_BlockIP_006" "z_BlockIP_008" "z_BlockIP_009" "z_BlockIP_010" "z_BlockIP_011" "z_BlockIP_012" "z_BlockIP_013" "z_BlockIP_014" "z_BlockIP_015" "z_BlockIP_016" "z_BlockIP_017" "z_BlockIP_018" "z_BlockIP_019" "z_BlockIP_020" "z_BlockIP_021" "z_BlockIP_022" "z_BlockIP_024" "z_BlockIP_025" "z_BlockIP_026" "z_BlockIP_027" "z_BlockIP_028" "z_BlockIP_030" "z_BlockIP_031" "z_BlockIP_032" "z_BlockIP_033" "z_BlockIP_034" "z_BlockIP_035" "z_BlockIP_036" "z_BlockIP_037" "z_BlockIP_038" "z_BlockIP_039" "z_BlockIP_040" "z_BlockIP_041" "z_BlockIP_042" "z_BlockIP_043" "z_BlockIP_044" "z_BlockIP_045" "z_BlockIP_046" "z_BlockIP_047" "z_BlockIP_048" "z_BlockIP_052" "z_BlockIP_053" "z_BlockIP_054" "z_BlockIP_055" "z_BlockIP_056" "z_BlockIP_057" "z_BlockIP_058" "z_BlockIP_059" "z_BlockIP_060" "z_BlockIP_061" "z_BlockIP_062" "z_BlockIP_063" "z_BlockIP_064" "z_BlockIP_065" "z_BlockIP_066" "z_BlockIP_067" "z_BlockIP_068" "z_BlockIP_069" "z_BlockIP_070" "z_BlockIP_071" "z_BlockIP_072" "z_BlockIP_073" "z_BlockIP_074" "z_BlockIP_075" "z_BlockIP_076" "z_BlockIP_077" "z_BlockIP_078" "z_BlockIP_079" "z_BlockIP_080" "z_BlockIP_081" "z_BlockIP_082" "z_BlockIP_083" "z_BlockIP_084" "z_BlockIP_085" "z_BlockIP_086" "z_BlockIP_087" "z_BlockIP_088" "z_BlockIP_089" "z_BlockIP_090" "z_BlockIP_091" "z_BlockIP_092" "z_BlockIP_093" "z_BlockIP_094" "z_BlockIP_095" "z_BlockIP_096" "z_BlockIP_097" "z_BlockIP_098" "z_BlockIP_099" "z_BlockIP_100" "z_BlockIP_101" "z_BlockIP_007" "z_BlockIP_049" "z_BlockIP_050" "z_BlockIP_051" "z_BlockIP_103" "z_BlockIP_104" "z_BlockIP_105" "z_BlockIP_106" "z_BlockIP_107" "z_BlockIP_108" "z_BlockIP_109" "z_BlockIP_111" "z_BlockIP_112" "z_BlockIP_113" "z_BlockIP_114" "z_BlockIP_115" "z_BlockIP_116" "z_BlockIP_117" "z_BlockIP_118" "z_BlockIP_119" "z_BlockIP_120" "z_BlockIP_122" "z_BlockIP_125" "z_BlockIP_126" "z_BlockIP_127" "z_BlockIP_128" "z_BlockIP_129" "z_BlockIP_130" "z_BlockIP_131" "z_BlockIP_132" "z_BlockIP_133" "z_BlockSub_001" "z_BlockSub_002" "z_BlockSub_003" "z_BlockSub_004" "z_BlockSub_005" "z_BlockSub_006" "z_BlockSub_007" "z_BlockSub_008" "z_BlockSub_009" "z_BlockSub_010" "z_BlockSub_011" "z_BlockSub_012" "z_BlockSub_013" "z_BlockSub_014" "z_BlockSub_015" "z_BlockSub_016" "z_BlockSub_017" "z_BlockSub_019" "z_BlockSub_020" "z_BlockSub_021" "z_BlockSub_022" "z_BlockSub_024" "z_BlockSub_025" "z_BlockSub_026" "z_BlockSub_027" "z_BlockSub_028" "z_BlockSub_030" "z_BlockSub_031" "z_BlockSub_032" "z_BlockSub_033" "z_BlockSub_034" "z_BlockSub_035" "z_BlockSub_037" "z_BlockSub_038" "z_BlockSub_039" "z_Ryuk_01" "z_Ryuk_02" "z_BlockIP_023" "z_BlockIP_029" "z_BlockIP_134" "z_BlockIP_135" "z_BlockIP_000" "z_BlockIP_138" "z_BlockIP_139" "z_BlockIP_140" "z_BlockIP_141" "z_BlockIP_142" "z_BlockIP_143" "z_BlockIP_144" "z_BlockIP_145" "z_BlockIP_146" "z_BlockIP_147" "z_BlockIP_148" "z_BlockIP_149" "z_BlockIP_150" "z_BlockRange_01" "z_BlockRange_02" "z_BlockRange_03" "z_BlockSub_040" "z_BlockSub_041" "z_BlockSub_042" + set comment "IPs and Subnets to be blocked as Malicious" + set color 6 + next + edit "City_Side_CGR_Group" + set member "City_Side_CGR_01" "City_Side_CGR_02" + set comment "City Lights CGR Subnets on their side." + set color 28 + set allow-routing enable + next + edit "Access_Control_VLAN_72_Group" + set member "Access_Control_40_Porter" "Access_Control_01_NOC" "Access_Control_02_ITC" "Access_Control_03_PSLA" "Access_Control_04_Nottingham" "Access_Control_06_Henninger" "Access_Control_07_Corcoran" "Access_Control_08_Clary" "Access_Control_09_Grant" "Access_Control_10_Levy" + set color 25 + next + edit "SMTP_Office365_Group" + set member "SMTP_Office365_a" "SMTP_Office365_b" "SMTP_Office365_c" "SMTP_Office365_d" + set comment "Microsoft to Barracuda Archivers" + next + edit "City_Side_VoIP_Group" + set member "City_Side_VoIP_30" "City_Side_VoIP_56" "City_Side_VoIP_61" "City_Side_VoIP_62" "City_Side_VoIP_63" "City_Side_VoIP_64" "City_Side_VoIP_65" "City_Side_VoIP_66" "City_Side_VoIP_67" "City_Side_VoIP_68" "City_Side_VoIP_72" "City_Side_VoIP_74" "City_Side_VoIP_75" "City_Side_VoIP_76" "City_Side_VoIP_77" "City_Side_VoIP_88" "City_Side_VoIP_132" "City_Side_VoIP_1_Park_Place_A" "City_Side_VoIP_1_Park_Place_B" "City_Side_VoIP_Router_A" "City_Side_VoIP_Router_B" + set comment "City VoIP Group - except Parks and Water Recorder" + set color 28 + set allow-routing enable + next + edit "SPD_Side_Firewall_Group" + set member "SPD_Side_A" "SPD_Side_B" + set comment "IP Range of SPD Side Firewalls" + set color 2 + set allow-routing enable + next + edit "Country Allow" + set member "Microsoft 1" + next + edit "Peoplesoft_Audit_Group" + set member "psdevfin" "psdevhcm" "psprdfin" "psprdhcm" "psqasfin" "psqashcm" + set comment "Group allowed for PS Auditors" + set color 20 + next + edit "Genetec_Inside_Group" + set member "NVR-NOC" "NVR-FAILOVER" "NVR-RING1-CLAR" "NVR-RING1-CLAR2" "NVR-RING1-CORC" "NVR-RING1-CORC2" "NVR-RING2-DANF" "NVR-RING2-DANF2" "NVR-RING3-PSLA" "NVR-RING3-PSLA2" "NVR-RING4-BLOD" "NVR-RING4-FRAZ" "NVR-RING5-CENT" "NVR-RING6-EDSM" "NVR-RING6-HWSM" "NVR-RING6-HWSM2" "NVR-RING6-NOTT" "NVR-RING7-BELL" "NVR-RING7-GRAN" "NVR-RING7-GRAN2" "NVR-RING8-HENN" "NVR-RING8-HENN2" "NVR-RING8-HUNT" "Genetec-Dir" "Genetec-DirBU" "Genetec-Media" "Genetec-MRouter" + set comment "District NVRs and Genetec Servers for SPD Federation" + set color 2 + set allow-routing enable + next + edit "MS_Teams_External_Group" + set member "MS_Teams_External_A" "MS_Teams_External_B" + next + edit "SchoolTool_AWS_Internal" + set member "DataTools" "ST_Internal_2" + set allow-routing enable + next + edit "SchoolTool_AWS_External" + set member "ST_External_4" "ST_External_5" "ST_External_6" "ST_External_1" "ST_External_2" "ST_External_3" + set allow-routing enable + next + edit "HighStreet_Local" + set member "DataTools" "Nighttime_Inside" + set comment "Internal IPs for Highstreet Tunnel" + next + edit "DPS_local" + set member "DPS_local_subnet_1" + set comment "VPN: DPS (Created by VPN wizard)" + set allow-routing enable + next + edit "DPS_remote" + set member "DPS_remote_subnet_1" + set comment "VPN: DPS (Created by VPN wizard)" + set allow-routing enable + next + edit "Nutanix_CVM" + set member "Patty_CT_NOC_CVM" "Pigpen_CT_NOC_CVM" "RedBaron_CT_NOC_CVM" "Sally_CT_NOC_CVM" "Schroeder _CT_NOC_CVM" + set comment "Nutanix CVM" + next + edit "Nutanix_Remote_Support" + set member "Nutanix_Support1" "Nutanix_Support2" + set comment "Nutanix Remote Support Web addresses" + next + edit "POS_Machines" + set member "Clary_POS" "ITC_Cafe_POS" "Porter_POS" + set comment "Point of Sale Machines" + next +end +config firewall wildcard-fqdn custom + edit "g-Adobe Login" + set wildcard-fqdn "*.adobelogin.com" + next + edit "g-Gotomeeting" + set wildcard-fqdn "*.gotomeeting.com" + next + edit "g-Windows update 2" + set wildcard-fqdn "*.windowsupdate.com" + next + edit "g-adobe" + set wildcard-fqdn "*.adobe.com" + next + edit "g-android" + set wildcard-fqdn "*.android.com" + next + edit "g-apple" + set wildcard-fqdn "*.apple.com" + next + edit "g-appstore" + set wildcard-fqdn "*.appstore.com" + next + edit "g-auth.gfx.ms" + set wildcard-fqdn "*.auth.gfx.ms" + next + edit "g-autoupdate.opera.com" + set wildcard-fqdn "*autoupdate.opera.com" + next + edit "g-cdn-apple" + set wildcard-fqdn "*.cdn-apple.com" + next + edit "g-citrix" + set wildcard-fqdn "*.citrixonline.com" + next + edit "g-dropbox.com" + set wildcard-fqdn "*.dropbox.com" + next + edit "g-eease" + set wildcard-fqdn "*.eease.com" + next + edit "g-firefox update server" + set wildcard-fqdn "aus*.mozilla.org" + next + edit "g-fortinet" + set wildcard-fqdn "*.fortinet.com" + next + edit "g-google-drive" + set wildcard-fqdn "*drive.google.com" + next + edit "g-google-play" + set wildcard-fqdn "*play.google.com" + next + edit "g-google-play2" + set wildcard-fqdn "*.ggpht.com" + next + edit "g-google-play3" + set wildcard-fqdn "*.books.google.com" + next + edit "g-googleapis.com" + set wildcard-fqdn "*.googleapis.com" + next + edit "g-icloud" + set wildcard-fqdn "*.icloud.com" + next + edit "g-itunes" + set wildcard-fqdn "*itunes.apple.com" + next + edit "g-live.com" + set wildcard-fqdn "*.live.com" + next + edit "g-microsoft" + set wildcard-fqdn "*.microsoft.com" + next + edit "g-mzstatic-apple" + set wildcard-fqdn "*.mzstatic.com" + next + edit "g-skype" + set wildcard-fqdn "*.messenger.live.com" + next + edit "g-softwareupdate.vmware.com" + set wildcard-fqdn "*.softwareupdate.vmware.com" + next + edit "g-swscan.apple.com" + set wildcard-fqdn "*swscan.apple.com" + next + edit "g-update.microsoft.com" + set wildcard-fqdn "*update.microsoft.com" + next + edit "g-verisign" + set wildcard-fqdn "*.verisign.com" + next + edit "YouTube" + set wildcard-fqdn "*youtube.com*" + next +end +config firewall service category + edit "General" + set comment "General services." + next + edit "Web Access" + set comment "Web access." + next + edit "File Access" + set comment "File access." + next + edit "Email" + set comment "Email services." + next + edit "Network Services" + set comment "Network services." + next + edit "Authentication" + set comment "Authentication service." + next + edit "Remote Access" + set comment "Remote access." + next + edit "Tunneling" + set comment "Tunneling service." + next + edit "VoIP, Messaging & Other Applications" + set comment "VoIP, messaging, and other applications." + next + edit "Web Proxy" + set comment "Explicit web proxy." + next +end +config firewall service custom + edit "DNS" + set category "Network Services" + set tcp-portrange 53 + set udp-portrange 53 + next + edit "HTTP" + set category "Web Access" + set tcp-portrange 80 + next + edit "HTTPS" + set category "Web Access" + set tcp-portrange 443 + next + edit "IMAP" + set category "Email" + set tcp-portrange 143 + next + edit "IMAPS" + set category "Email" + set tcp-portrange 993 + next + edit "LDAP" + set category "Authentication" + set tcp-portrange 389 + next + edit "DCE-RPC" + set category "Remote Access" + set tcp-portrange 135 + set udp-portrange 135 + next + edit "POP3" + set category "Email" + set tcp-portrange 110 + next + edit "POP3S" + set category "Email" + set tcp-portrange 995 + next + edit "SAMBA" + set category "File Access" + set tcp-portrange 139 + next + edit "SMTP" + set category "Email" + set tcp-portrange 25 + next + edit "SMTPS" + set category "Email" + set tcp-portrange 465 + next + edit "KERBEROS" + set category "Authentication" + set tcp-portrange 88 464 + set udp-portrange 88 464 + next + edit "LDAP_UDP" + set category "Authentication" + set udp-portrange 389 + next + edit "SMB" + set category "File Access" + set tcp-portrange 445 + next + edit "FTP" + set category "File Access" + set tcp-portrange 21 + next + edit "FTP_GET" + set category "File Access" + set tcp-portrange 21 + next + edit "FTP_PUT" + set category "File Access" + set tcp-portrange 21 + next + edit "ALL" + set category "General" + set protocol IP + next + edit "ALL_TCP" + set category "General" + set tcp-portrange 1-65535 + next + edit "ALL_UDP" + set category "General" + set udp-portrange 1-65535 + next + edit "ALL_ICMP" + set category "General" + set protocol ICMP + unset icmptype + next + edit "ALL_ICMP6" + set category "General" + set protocol ICMP6 + unset icmptype + next + edit "GRE" + set category "Tunneling" + set protocol IP + set protocol-number 47 + next + edit "AH" + set category "Tunneling" + set protocol IP + set protocol-number 51 + next + edit "ESP" + set category "Tunneling" + set protocol IP + set protocol-number 50 + next + edit "AOL" + set visibility disable + set tcp-portrange 5190-5194 + next + edit "BGP" + set category "Network Services" + set tcp-portrange 179 + next + edit "DHCP" + set category "Network Services" + set udp-portrange 67-68 + next + edit "FINGER" + set visibility disable + set tcp-portrange 79 + next + edit "GOPHER" + set visibility disable + set tcp-portrange 70 + next + edit "H323" + set category "VoIP, Messaging & Other Applications" + set tcp-portrange 1720 1503 + set udp-portrange 1719 + next + edit "IKE" + set category "Tunneling" + set udp-portrange 500 4500 + next + edit "Internet-Locator-Service" + set visibility disable + set tcp-portrange 389 + next + edit "IRC" + set category "VoIP, Messaging & Other Applications" + set tcp-portrange 6660-6669 + next + edit "L2TP" + set category "Tunneling" + set tcp-portrange 1701 + set udp-portrange 1701 + next + edit "NetMeeting" + set visibility disable + set tcp-portrange 1720 + next + edit "NFS" + set category "File Access" + set tcp-portrange 111 2049 + set udp-portrange 111 2049 + next + edit "NNTP" + set visibility disable + set tcp-portrange 119 + next + edit "NTP" + set category "Network Services" + set tcp-portrange 123 + set udp-portrange 123 + next + edit "OSPF" + set category "Network Services" + set protocol IP + set protocol-number 89 + next + edit "PC-Anywhere" + set category "Remote Access" + set tcp-portrange 5631 + set udp-portrange 5632 + next + edit "PING" + set category "Network Services" + set protocol ICMP + set icmptype 8 + unset icmpcode + next + edit "TIMESTAMP" + set protocol ICMP + set visibility disable + set icmptype 13 + unset icmpcode + next + edit "INFO_REQUEST" + set protocol ICMP + set visibility disable + set icmptype 15 + unset icmpcode + next + edit "INFO_ADDRESS" + set protocol ICMP + set visibility disable + set icmptype 17 + unset icmpcode + next + edit "ONC-RPC" + set category "Remote Access" + set tcp-portrange 111 + set udp-portrange 111 + next + edit "PPTP" + set category "Tunneling" + set tcp-portrange 1723 + next + edit "QUAKE" + set visibility disable + set udp-portrange 26000 27000 27910 27960 + next + edit "RAUDIO" + set visibility disable + set udp-portrange 7070 + next + edit "REXEC" + set visibility disable + set tcp-portrange 512 + next + edit "RIP" + set category "Network Services" + set udp-portrange 520 + next + edit "RLOGIN" + set visibility disable + set tcp-portrange 513:512-1023 + next + edit "RSH" + set visibility disable + set tcp-portrange 514:512-1023 + next + edit "SCCP" + set category "VoIP, Messaging & Other Applications" + set tcp-portrange 2000 + next + edit "SIP" + set category "VoIP, Messaging & Other Applications" + set tcp-portrange 5060 + set udp-portrange 5060 + next + edit "SIP-MSNmessenger" + set category "VoIP, Messaging & Other Applications" + set tcp-portrange 1863 + next + edit "SNMP" + set category "Network Services" + set tcp-portrange 161-162 + set udp-portrange 161-162 + next + edit "SSH" + set category "Remote Access" + set tcp-portrange 22 + next + edit "SYSLOG" + set category "Network Services" + set udp-portrange 514 + next + edit "TALK" + set visibility disable + set udp-portrange 517-518 + next + edit "TELNET" + set category "Remote Access" + set tcp-portrange 23 + next + edit "TFTP" + set category "File Access" + set udp-portrange 69 + next + edit "MGCP" + set visibility disable + set udp-portrange 2427 2727 + next + edit "UUCP" + set visibility disable + set tcp-portrange 540 + next + edit "VDOLIVE" + set visibility disable + set tcp-portrange 7000-7010 + next + edit "WAIS" + set visibility disable + set tcp-portrange 210 + next + edit "WINFRAME" + set visibility disable + set tcp-portrange 1494 2598 + next + edit "X-WINDOWS" + set category "Remote Access" + set tcp-portrange 6000-6063 + next + edit "PING6" + set protocol ICMP6 + set visibility disable + set icmptype 128 + unset icmpcode + next + edit "MS-SQL" + set category "VoIP, Messaging & Other Applications" + set tcp-portrange 1433 1434 + next + edit "MYSQL" + set category "VoIP, Messaging & Other Applications" + set tcp-portrange 3306 + next + edit "RDP" + set category "Remote Access" + set tcp-portrange 3389 + next + edit "VNC" + set category "Remote Access" + set tcp-portrange 5900 + next + edit "DHCP6" + set category "Network Services" + set udp-portrange 546 547 + next + edit "SQUID" + set category "Tunneling" + set tcp-portrange 3128 + next + edit "SOCKS" + set category "Tunneling" + set tcp-portrange 1080 + set udp-portrange 1080 + next + edit "WINS" + set category "Remote Access" + set tcp-portrange 1512 + set udp-portrange 1512 + next + edit "RADIUS" + set category "Authentication" + set udp-portrange 1812 1813 + next + edit "RADIUS-OLD" + set visibility disable + set udp-portrange 1645 1646 + next + edit "CVSPSERVER" + set visibility disable + set tcp-portrange 2401 + set udp-portrange 2401 + next + edit "AFS3" + set category "File Access" + set tcp-portrange 7000-7009 + set udp-portrange 7000-7009 + next + edit "TRACEROUTE" + set category "Network Services" + set udp-portrange 33434-33535 + next + edit "RTSP" + set category "VoIP, Messaging & Other Applications" + set tcp-portrange 554 7070 8554 + set udp-portrange 554 + next + edit "MMS" + set visibility disable + set tcp-portrange 1755 + set udp-portrange 1024-5000 + next + edit "NONE" + set visibility disable + set tcp-portrange 0 + next + edit "webproxy" + set proxy enable + set category "Web Proxy" + set protocol ALL + set tcp-portrange 0-65535:0-65535 + next + edit "TCP-109" + set tcp-portrange 109 + next + edit "TCP-1433" + set tcp-portrange 1433 + next + edit "TCP-15000-19999" + set tcp-portrange 15000-19999 + next + edit "TCP-1521" + set tcp-portrange 1521 + next + edit "TCP-1859" + set tcp-portrange 1859 + next + edit "TCP-1935" + set tcp-portrange 1935 + next + edit "TCP-20" + set tcp-portrange 20 + next + edit "TCP-2195" + set tcp-portrange 2195 + next + edit "TCP-2196" + set tcp-portrange 2196 + next + edit "TCP-2525" + set tcp-portrange 2525 + next + edit "TCP-3268" + set tcp-portrange 3268 + next + edit "TCP-3269" + set tcp-portrange 3269 + next + edit "TCP-3520" + set tcp-portrange 3520 + next + edit "TCP-389" + set tcp-portrange 389 + next + edit "TCP-49152-65535" + set tcp-portrange 49152-65535 + next + edit "TCP-5001" + set tcp-portrange 5001 + next + edit "TCP-5060" + set tcp-portrange 5060 + next + edit "TCP-5061" + set tcp-portrange 5061 + next + edit "TCP-5120" + set tcp-portrange 5120 + next + edit "TCP-5122-5127" + set tcp-portrange 5122-5127 + next + edit "TCP-587" + set tcp-portrange 587 + next + edit "TCP-5901" + set tcp-portrange 5901 + next + edit "TCP-5937" + set tcp-portrange 5937 + next + edit "TCP-623" + set tcp-portrange 623 + next + edit "TCP-636" + set tcp-portrange 636 + next + edit "TCP-6502-6510" + set tcp-portrange 6502-6510 + next + edit "TCP-7578" + set tcp-portrange 7578 + next + edit "TCP-7582" + set tcp-portrange 7582 + next + edit "TCP-8000" + set tcp-portrange 8000 + next + edit "TCP-8080" + set tcp-portrange 8080 + next + edit "TCP-8082" + set tcp-portrange 8082 + next + edit "TCP-809" + set tcp-portrange 809 + next + edit "UDP-110" + set udp-portrange 110 + next + edit "UDP-143" + set udp-portrange 143 + next + edit "UDP-1433" + set udp-portrange 1433 + next + edit "UDP-25" + set udp-portrange 25 + next + edit "UDP-2525" + set udp-portrange 2525 + next + edit "UDP-3389" + set udp-portrange 3389 + next + edit "UDP-3478" + set udp-portrange 3478 + next + edit "UDP-443" + set udp-portrange 443 + next + edit "UDP-465" + set udp-portrange 465 + next + edit "UDP-50000-52399" + set udp-portrange 50000-52399 + next + edit "UDP-5001" + set udp-portrange 5001 + next + edit "UDP-587" + set udp-portrange 587 + next + edit "UDP-60000-61799" + set udp-portrange 60000-61799 + next + edit "UDP-623" + set udp-portrange 623 + next + edit "UDP-80" + set udp-portrange 80 + next + edit "UDP-993" + set udp-portrange 993 + next + edit "UDP-995" + set udp-portrange 995 + next + edit "UDP-SRC-1025-65535-DST-3544" + set udp-portrange 3544:1025-65535 + next + edit "UDP-SRC-3544-DST-1025-65535" + set udp-portrange 1025-65535:3544 + next + edit "IP-27" + set protocol IP + set protocol-number 27 + next + edit "IP-4" + set protocol IP + set protocol-number 4 + next + edit "IP-41" + set protocol IP + set protocol-number 41 + next + edit "Webosphere_Data" + set category "File Access" + set tcp-portrange 41000-41500 + next + edit "TCP-9000-9100" + set tcp-portrange 9000-9100 + next + edit "TCP_UDP-18443" + set comment "VDI desktop" + set tcp-portrange 18443 + set udp-portrange 18443 + next + edit "TCP-19000" + set tcp-portrange 19000 + next + edit "TCP_UDP-8100" + set tcp-portrange 8100 + set udp-portrange 8100 + next + edit "TCP 5500" + set category "General" + set comment "SPD Genetec Federation" + set tcp-portrange 5500 + next + edit "TCP 4502" + set category "General" + set comment "SPD Genetec Federation" + set color 2 + set tcp-portrange 4502 + next + edit "Genetec Federation" + set category "Network Services" + set comment "SPD Genetec Federation" + set color 2 + set tcp-portrange 5500 4502 554 560 960 5004 + next + edit "SBC-UDP-Range" + set category "Network Services" + set comment "For SBC" + set udp-portrange 3478-3481 + next + edit "Zoom UDP Ports" + set category "VoIP, Messaging & Other Applications" + set comment "Firewall rules for Zoom Phone" + set color 2 + set fqdn "static.zdassets.com" + set udp-portrange 20000-64000:390 20000-64000:5091 49152-65535:8801-8810 49152-65535:3478 49152-65535:3479 + next +end +config firewall service group + edit "Email Access" + set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS" + next + edit "Web Access" + set member "DNS" "HTTP" "HTTPS" + next + edit "Windows AD" + set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB" + next + edit "Exchange Server" + set member "DCE-RPC" "DNS" "HTTPS" + next + edit "ContentKeeper-IPMI-Ports_tcp_3520_2" + set member "TCP-3520" + next + edit "ContentKeeper-IPMI-Ports_tcp_5120_3" + set member "TCP-5120" + next + edit "ContentKeeper-IPMI-Ports_tcp_5122_5127_4" + set member "TCP-5122-5127" + next + edit "ContentKeeper-IPMI-Ports_tcp_5900_5" + set member "VNC" + next + edit "ContentKeeper-IPMI-Ports_tcp_5901_6" + set member "TCP-5901" + next + edit "ContentKeeper-IPMI-Ports_tcp_623_7" + set member "TCP-623" + next + edit "ContentKeeper-IPMI-Ports_tcp_7578_8" + set member "TCP-7578" + next + edit "ContentKeeper-IPMI-Ports_tcp_7582_9" + set member "TCP-7582" + next + edit "ContentKeeper-IPMI-Ports_tcp_www_10" + set member "HTTP" + next + edit "ContentKeeper-Mobility_tcp_8080_2" + set member "TCP-8080" + next + edit "ContentKeeper-Mobility_tcp_993_3" + set member "IMAPS" + next + edit "ContentKeeper_UDP_4500" + set member "IKE" + next + edit "ContentKeeper_UDP_500" + set member "IKE" + next + edit "Day-Server_tcp_6502_6510_2" + set member "TCP-6502-6510" + next + edit "Oracle-SQL_tcp_sqlnet_2" + set member "TCP-1521" + next + edit "POP-2" + set member "TCP-109" + next + edit "POP-3" + set member "POP3" + next + edit "ContentKeeper-IPMI-Ports_tcp_https_11" + set member "HTTPS" + next + edit "ContentKeeper-MGMT-Ports_tcp_https_2" + set member "HTTPS" + next + edit "ContentKeeper-MGMT-Ports_tcp_ssh_3" + set member "SSH" + next + edit "ContentKeeper-Mobility_tcp_https_4" + set member "HTTPS" + next + edit "Airwatch_Services_Group" + set member "HTTP" "HTTPS" "Internet-Locator-Service" "SMTP" "SMTPS" "TCP-1433" "TCP-2195" "TCP-2196" "TCP-3268" "TCP-3269" "TCP-636" + set comment "Air watch service group" + next + edit "ContentKeeper-IPMI-Ports" + set member "ContentKeeper-IPMI-Ports_tcp_3520_2" "ContentKeeper-IPMI-Ports_tcp_5120_3" "ContentKeeper-IPMI-Ports_tcp_5122_5127_4" "ContentKeeper-IPMI-Ports_tcp_5900_5" "ContentKeeper-IPMI-Ports_tcp_5901_6" "ContentKeeper-IPMI-Ports_tcp_623_7" "ContentKeeper-IPMI-Ports_tcp_7578_8" "ContentKeeper-IPMI-Ports_tcp_7582_9" "ContentKeeper-IPMI-Ports_tcp_www_10" "ContentKeeper-IPMI-Ports_tcp_https_11" + set comment "Content Keeper IPMI Ports" + next + edit "Email_Services_Group" + set member "HTTP" "HTTPS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS" "TCP-2525" "TCP-587" "UDP-110" "UDP-143" "UDP-25" "UDP-2525" "UDP-465" "UDP-587" "UDP-993" "UDP-995" + next + edit "CK_Mobile_Services_Group" + set member "HTTPS" "IMAPS" "TCP-8080" "IKE" + set color 19 + next + edit "CK_Support_Services_Group" + set member "HTTP" "HTTPS" "SSH" "TCP-3520" "TCP-5120" "TCP-5122-5127" "TCP-5901" "TCP-623" "TCP-7578" "TCP-7582" "VNC" + set color 19 + next +end +config firewall internet-service-group + edit "Microsoft_ISDB_Both" + set member "Microsoft-Azure" "Microsoft-Azure.AD" "Microsoft-Azure.Data.Factory" "Microsoft-Azure.Monitor" "Microsoft-Azure.Power.BI" "Microsoft-Azure.SQL" "Microsoft-Azure.Virtual.Desktop" "Microsoft-Dynamics" "Microsoft-Office365.Published" "Microsoft-Office365.Published.Allow" "Microsoft-Office365.Published.Optimize" "Microsoft-Office365.Published.USGOV" "Microsoft-Outlook" "Microsoft-Skype_Teams" "Microsoft-Teams.Published.Worldwide.Allow" "Microsoft-Teams.Published.Worldwide.Optimize" "Microsoft-WNS" + next + edit "Microsoft_ISDB_Destination" + set direction destination + set member "Microsoft-DNS" "Microsoft-FTP" "Microsoft-ICMP" "Microsoft-Inbound_Email" "Microsoft-Intune" "Microsoft-Microsoft.Update" "Microsoft-NetBIOS.Name.Service" "Microsoft-NetBIOS.Session.Service" "Microsoft-NTP" "Microsoft-Office365" "Microsoft-Other" "Microsoft-Outbound_Email" "Microsoft-RTMP" "Microsoft-SSH" "Microsoft-Web" + next +end +config firewall shaper traffic-shaper + edit "high-priority" + set maximum-bandwidth 1048576 + set per-policy enable + next + edit "medium-priority" + set maximum-bandwidth 1048576 + set priority medium + set per-policy enable + next + edit "low-priority" + set maximum-bandwidth 1048576 + set priority low + set per-policy enable + next + edit "guarantee-100kbps" + set guaranteed-bandwidth 100 + set maximum-bandwidth 1048576 + set per-policy enable + next + edit "shared-1M-pipe" + set maximum-bandwidth 1024 + next +end +config firewall schedule recurring + edit "always" + set day sunday monday tuesday wednesday thursday friday saturday + next + edit "none" + next + edit "default-darrp-optimize" + set start 01:00 + set end 01:30 + set day sunday monday tuesday wednesday thursday friday saturday + next +end +config firewall ippool + edit "ippool-198.36.23.251" + set startip 198.36.23.251 + set endip 198.36.23.251 + next + edit "ippool-198.36.23.252" + set startip 198.36.23.252 + set endip 198.36.23.252 + next + edit "ippool-198.36.23.253" + set startip 198.36.23.253 + set endip 198.36.23.253 + next + edit "ippool-198.36.23.254" + set startip 198.36.23.254 + set endip 198.36.23.254 + next + edit "NTSS_Outside" + set startip 198.36.24.68 + set endip 198.36.24.68 + next + edit "Nighttime_Outside" + set startip 198.36.24.191 + set endip 198.36.24.191 + next + edit "MailOut_Outside" + set startip 198.36.22.227 + set endip 198.36.22.227 + next + edit "SBC-NOC-Outside" + set startip 198.36.26.37 + set endip 198.36.26.37 + next + edit "SBC-DAN-Outside" + set startip 198.36.26.38 + set endip 198.36.26.38 + next +end +config firewall vip + edit "vip-ntss" + set comment "SRIC BOCES Tunnel +170.161.52.27 (SRIC Server) - This is the source address needed for the tunnel +170.161.52.25 (SRIC Firewall) +description Eastern Suffolk BOCES access to NTSS.scsd.ad" + set src-filter "170.161.52.27-170.161.52.27" + set extip 198.36.24.68 + set mappedip "10.1.48.68" + set extintf "SRIC_BOCES" + set nat-source-vip enable + set srcintf-filter "outside lag" + next + edit "vip-ckf01-ipmi" + set comment "ContentKeeper" + set extip 198.36.26.31 + set mappedip "10.251.1.31" + set extintf "outside lag" + set nat-source-vip enable + set srcintf-filter "outside lag" + set color 19 + next + edit "vip-ckf01-mgmt" + set comment "ContentKeeper" + set extip 198.36.26.21 + set mappedip "10.251.1.21" + set extintf "outside lag" + set nat-source-vip enable + set color 19 + next + edit "vip-ckf02-ipmi" + set comment "ContentKeeper" + set extip 198.36.26.32 + set mappedip "10.251.1.32" + set extintf "outside lag" + set nat-source-vip enable + set color 19 + next + edit "vip-ckf02-mgmt" + set comment "ContentKeeper" + set extip 198.36.26.22 + set mappedip "10.251.1.22" + set extintf "outside lag" + set nat-source-vip enable + set color 19 + next + edit "vip-cklb01-ipmi" + set comment "ContentKeeper" + set extip 198.36.26.30 + set mappedip "10.251.1.30" + set extintf "outside lag" + set nat-source-vip enable + set color 19 + next + edit "vip-cklb01-mgmt" + set comment "ContentKeeper" + set extip 198.36.26.20 + set mappedip "10.251.1.20" + set extintf "outside lag" + set nat-source-vip enable + set color 19 + next + edit "vip-ckm01-mgmt2" + set comment "ContentKeeper" + set extip 198.36.26.28 + set mappedip "10.251.1.28" + set extintf "outside lag" + set nat-source-vip enable + set color 19 + next + edit "vip-ckr01-mgmt" + set comment "ContentKeeper" + set extip 198.36.26.23 + set mappedip "10.251.1.23" + set extintf "outside lag" + set nat-source-vip enable + set color 19 + next + edit "vip-ckr01-ipmi" + set comment "ContentKeeper" + set extip 198.36.26.33 + set mappedip "10.251.1.33" + set extintf "outside lag" + set nat-source-vip enable + set color 19 + next + edit "vip-ckm01-ipmi" + set comment "ContentKeeper" + set extip 198.36.26.34 + set mappedip "10.251.1.34" + set extintf "outside lag" + set nat-source-vip enable + set color 19 + next + edit "vip-ckm01-mgmt" + set comment "ContentKeeper" + set extip 198.36.26.24 + set mappedip "10.251.1.24" + set extintf "outside lag" + set nat-source-vip enable + set color 19 + next + edit "vip-ckm02-ipmi" + set comment "ContentKeeper" + set extip 198.36.26.35 + set mappedip "10.251.1.35" + set extintf "outside lag" + set nat-source-vip enable + set color 19 + next + edit "vip-ckm02-mgmt" + set comment "ContentKeeper" + set extip 198.36.26.25 + set mappedip "10.251.1.25" + set extintf "outside lag" + set nat-source-vip enable + set color 19 + next + edit "vip-ckm02-mgmt2" + set comment "ContentKeeper" + set extip 198.36.26.29 + set mappedip "10.251.1.29" + set extintf "outside lag" + set nat-source-vip enable + set color 19 + next + edit "vip-ckm03-ipmi" + set comment "ContentKeeper" + set extip 198.36.26.36 + set mappedip "10.251.1.36" + set extintf "outside lag" + set nat-source-vip enable + set color 19 + next + edit "vip-ckm03-mgmt1" + set comment "ContentKeeper" + set extip 198.36.26.26 + set mappedip "10.251.1.26" + set extintf "outside lag" + set nat-source-vip enable + set color 19 + next + edit "vip-ckm03-mgmt2" + set comment "ContentKeeper" + set extip 198.36.26.27 + set mappedip "10.251.1.27" + set extintf "outside lag" + set nat-source-vip enable + set color 19 + next + edit "vip-scsdess" + set comment "ESS" + set extip 198.36.24.100 + set mappedip "10.1.140.14" + set extintf "outside lag" + set nat-source-vip enable + set srcintf-filter "outside lag" + next + edit "vip-applecaching" + set comment "Apple caching server for managing Apple device updates" + set extip 198.36.24.57 + set mappedip "10.1.40.107" + set extintf "outside lag" + set nat-source-vip enable + set srcintf-filter "outside lag" + next + edit "vip-DC01" + set comment "Domain Controller for LDAP" + set extip 198.36.25.45 + set mappedip "10.1.40.95" + set extintf "outside lag" + set nat-source-vip enable + set srcintf-filter "outside lag" + set color 14 + next + edit "vip-tableau" + set comment "Tableau" + set extip 198.36.24.61 + set mappedip "10.1.140.12" + set extintf "outside lag" + set nat-source-vip enable + set srcintf-filter "outside lag" + next + edit "vip-ns1" + set comment "DNS External" + set extip 198.36.22.245 + set mappedip "10.1.48.45" + set extintf "outside lag" + set nat-source-vip enable + set srcintf-filter "outside lag" + next + edit "vip-ns2" + set comment "DNS External" + set extip 198.36.22.19 + set mappedip "10.1.40.41" + set extintf "outside lag" + set nat-source-vip enable + set srcintf-filter "outside lag" + next + edit "vip-webhelpdesk" + set comment "Web Help Desk" + set extip 198.36.25.20 + set mappedip "10.1.140.6" + set extintf "outside lag" + set nat-source-vip enable + next + edit "vip-Airwatchapp" + set comment "Airwatch (Workspace One) MDM" + set extip 198.36.24.56 + set mappedip "10.1.140.9" + set extintf "outside lag" + set nat-source-vip enable + set srcintf-filter "outside lag" + next + edit "vip-Webosphere" + set comment "SCSD Website" + set extip 198.36.24.16 + set mappedip "10.1.140.11" + set extintf "outside lag" + set nat-source-vip enable + set srcintf-filter "outside lag" + next + edit "vip-Neutrons" + set comment "Address Lookup" + set extip 198.36.24.210 + set mappedip "10.1.40.210" + set extintf "outside lag" + set nat-source-vip enable + next + edit "vip-Barracuda-Archive-2" + set comment "Barracuda Email" + set extip 198.36.22.229 + set mappedip "10.1.40.17" + set extintf "outside lag" + set nat-source-vip enable + set srcintf-filter "outside lag" + next + edit "vip-Barracuda-Archive-1" + set comment "Barracuda Email" + set extip 198.36.22.228 + set mappedip "10.1.40.16" + set extintf "outside lag" + set nat-source-vip enable + set srcintf-filter "outside lag" + next + edit "vip-hybrid-email" + set comment "Email" + set extip 198.36.22.143 + set mappedip "10.1.48.49" + set extintf "outside lag" + next + edit "vip-sbc-noc" + set comment "Ribbon ITC NOC" + set extip 198.36.26.37 + set mappedip "10.1.150.21" + set extintf "outside lag" + next + edit "vip-sbc-dan" + set comment "Ribbon Danforth" + set extip 198.36.26.38 + set mappedip "10.21.150.21" + set extintf "outside lag" + next + edit "vip-PrintOC" + set comment "Oracle Printer" + set extip 198.36.26.119 + set mappedip "10.1.40.219" + set extintf "outside lag" + next + edit "vip-EMS" + set comment "FortiClient EMS" + set extip 198.36.24.202 + set mappedip "10.1.40.22" + set extintf "outside lag" + next +end +config firewall vipgrp + edit "vip-grp-ck-mgmt-filters" + set interface "outside lag" + set color 19 + set member "vip-ckf01-mgmt" "vip-ckf02-mgmt" + next + edit "vip-grp-ck-all" + set interface "outside lag" + set color 19 + set member "vip-ckf01-ipmi" "vip-ckf01-mgmt" "vip-ckf02-ipmi" "vip-ckf02-mgmt" "vip-cklb01-ipmi" "vip-cklb01-mgmt" "vip-ckm01-ipmi" "vip-ckm01-mgmt" "vip-ckm01-mgmt2" "vip-ckm02-ipmi" "vip-ckm02-mgmt" "vip-ckm02-mgmt2" "vip-ckm03-ipmi" "vip-ckm03-mgmt1" "vip-ckm03-mgmt2" "vip-ckr01-ipmi" "vip-ckr01-mgmt" + next + edit "vip-grp-ckm-mgmt" + set interface "outside lag" + set color 19 + set member "vip-ckm01-mgmt" "vip-ckm01-mgmt2" "vip-ckm02-mgmt" "vip-ckm02-mgmt2" "vip-ckm03-mgmt1" "vip-ckm03-mgmt2" + next + edit "vip-grp-barracuda_Archivers" + set interface "outside lag" + set member "vip-Barracuda-Archive-1" "vip-Barracuda-Archive-2" + next +end +config firewall ssh local-key + edit "g-Fortinet_SSH_DSA1024" + set password ENC *HIDDEN* + set source built-in + next + edit "g-Fortinet_SSH_ECDSA256" + set password ENC *HIDDEN* + set source built-in + next + edit "g-Fortinet_SSH_ECDSA384" + set password ENC *HIDDEN* + set source built-in + next + edit "g-Fortinet_SSH_ECDSA521" + set password ENC *HIDDEN* + set source built-in + next + edit "g-Fortinet_SSH_ED25519" + set password ENC *HIDDEN* + set source built-in + next + edit "g-Fortinet_SSH_RSA2048" + set password ENC *HIDDEN* + set source built-in + next +end +config firewall ssh local-ca + edit "g-Fortinet_SSH_CA" + set password ENC *HIDDEN* + set source built-in + next + edit "g-Fortinet_SSH_CA_Untrusted" + set password ENC *HIDDEN* + set source built-in + next +end +config firewall ssh setting + set caname "g-Fortinet_SSH_CA" + set untrusted-caname "g-Fortinet_SSH_CA_Untrusted" + set hostkey-rsa2048 "g-Fortinet_SSH_RSA2048" + set hostkey-dsa1024 "g-Fortinet_SSH_DSA1024" + set hostkey-ecdsa256 "g-Fortinet_SSH_ECDSA256" + set hostkey-ecdsa384 "g-Fortinet_SSH_ECDSA384" + set hostkey-ecdsa521 "g-Fortinet_SSH_ECDSA521" + set hostkey-ed25519 "g-Fortinet_SSH_ED25519" +end +config firewall profile-protocol-options + edit "default" + set comment "All default services." + config http + set ports 80 + unset options + unset post-lang + end + config ftp + set ports 21 + set options splice + end + config imap + set ports 143 + set options fragmail + end + config mapi + set ports 135 + set options fragmail + end + config pop3 + set ports 110 + set options fragmail + end + config smtp + set ports 25 + set options fragmail splice + end + config nntp + set ports 119 + set options splice + end + config ssh + unset options + end + config dns + set ports 53 + end + config cifs + set ports 445 + unset options + end + next +end +config firewall ssl-ssh-profile + edit "certificate-inspection" + set comment "Read-only SSL handshake inspection profile." + config https + set ports 443 + set status certificate-inspection + set unsupported-ssl-version allow + end + config ftps + set status disable + set unsupported-ssl-version allow + end + config imaps + set status disable + set unsupported-ssl-version allow + end + config pop3s + set status disable + set unsupported-ssl-version allow + end + config smtps + set status disable + set unsupported-ssl-version allow + end + config ssh + set ports 22 + set status disable + end + config dot + set status disable + end + next + edit "deep-inspection" + set comment "Read-only deep inspection profile." + config https + set ports 443 + set status deep-inspection + set unsupported-ssl-version allow + end + config ftps + set ports 990 + set status deep-inspection + set unsupported-ssl-version allow + end + config imaps + set ports 993 + set status deep-inspection + set unsupported-ssl-version allow + end + config pop3s + set ports 995 + set status deep-inspection + set unsupported-ssl-version allow + end + config smtps + set ports 465 + set status deep-inspection + set unsupported-ssl-version allow + end + config ssh + set ports 22 + set status disable + end + config dot + set status disable + end + config ssl-exempt + edit 1 + set fortiguard-category 31 + next + edit 2 + set fortiguard-category 33 + next + edit 3 + set type wildcard-fqdn + set wildcard-fqdn "g-adobe" + next + edit 4 + set type wildcard-fqdn + set wildcard-fqdn "g-Adobe Login" + next + edit 5 + set type wildcard-fqdn + set wildcard-fqdn "g-android" + next + edit 6 + set type wildcard-fqdn + set wildcard-fqdn "g-apple" + next + edit 7 + set type wildcard-fqdn + set wildcard-fqdn "g-appstore" + next + edit 8 + set type wildcard-fqdn + set wildcard-fqdn "g-auth.gfx.ms" + next + edit 9 + set type wildcard-fqdn + set wildcard-fqdn "g-citrix" + next + edit 10 + set type wildcard-fqdn + set wildcard-fqdn "g-dropbox.com" + next + edit 11 + set type wildcard-fqdn + set wildcard-fqdn "g-eease" + next + edit 12 + set type wildcard-fqdn + set wildcard-fqdn "g-firefox update server" + next + edit 13 + set type wildcard-fqdn + set wildcard-fqdn "g-fortinet" + next + edit 14 + set type wildcard-fqdn + set wildcard-fqdn "g-googleapis.com" + next + edit 15 + set type wildcard-fqdn + set wildcard-fqdn "g-google-drive" + next + edit 16 + set type wildcard-fqdn + set wildcard-fqdn "g-google-play2" + next + edit 17 + set type wildcard-fqdn + set wildcard-fqdn "g-google-play3" + next + edit 18 + set type wildcard-fqdn + set wildcard-fqdn "g-Gotomeeting" + next + edit 19 + set type wildcard-fqdn + set wildcard-fqdn "g-icloud" + next + edit 20 + set type wildcard-fqdn + set wildcard-fqdn "g-itunes" + next + edit 21 + set type wildcard-fqdn + set wildcard-fqdn "g-microsoft" + next + edit 22 + set type wildcard-fqdn + set wildcard-fqdn "g-skype" + next + edit 23 + set type wildcard-fqdn + set wildcard-fqdn "g-softwareupdate.vmware.com" + next + edit 24 + set type wildcard-fqdn + set wildcard-fqdn "g-verisign" + next + edit 25 + set type wildcard-fqdn + set wildcard-fqdn "g-Windows update 2" + next + edit 26 + set type wildcard-fqdn + set wildcard-fqdn "g-live.com" + next + edit 27 + set type wildcard-fqdn + set wildcard-fqdn "g-google-play" + next + edit 28 + set type wildcard-fqdn + set wildcard-fqdn "g-update.microsoft.com" + next + edit 29 + set type wildcard-fqdn + set wildcard-fqdn "g-swscan.apple.com" + next + edit 30 + set type wildcard-fqdn + set wildcard-fqdn "g-autoupdate.opera.com" + next + edit 31 + set type wildcard-fqdn + set wildcard-fqdn "g-cdn-apple" + next + edit 32 + set type wildcard-fqdn + set wildcard-fqdn "g-mzstatic-apple" + next + end + next + edit "custom-deep-inspection" + set comment "Customizable deep inspection profile." + config https + set ports 443 + set status deep-inspection + set unsupported-ssl-version allow + end + config ftps + set ports 990 + set status deep-inspection + set unsupported-ssl-version allow + end + config imaps + set ports 993 + set status deep-inspection + set unsupported-ssl-version allow + end + config pop3s + set ports 995 + set status deep-inspection + set unsupported-ssl-version allow + end + config smtps + set ports 465 + set status deep-inspection + set unsupported-ssl-version allow + end + config ssh + set ports 22 + set status disable + end + config dot + set status disable + end + config ssl-exempt + edit 1 + set type wildcard-fqdn + set wildcard-fqdn "g-adobe" + next + edit 2 + set type wildcard-fqdn + set wildcard-fqdn "g-Adobe Login" + next + edit 3 + set type wildcard-fqdn + set wildcard-fqdn "g-android" + next + edit 4 + set type wildcard-fqdn + set wildcard-fqdn "g-apple" + next + edit 5 + set type wildcard-fqdn + set wildcard-fqdn "g-appstore" + next + edit 6 + set type wildcard-fqdn + set wildcard-fqdn "g-auth.gfx.ms" + next + edit 7 + set type wildcard-fqdn + set wildcard-fqdn "g-autoupdate.opera.com" + next + edit 8 + set type wildcard-fqdn + set wildcard-fqdn "g-citrix" + next + edit 9 + set type wildcard-fqdn + set wildcard-fqdn "g-dropbox.com" + next + edit 10 + set type wildcard-fqdn + set wildcard-fqdn "g-eease" + next + edit 11 + set type wildcard-fqdn + set wildcard-fqdn "g-firefox update server" + next + edit 12 + set type wildcard-fqdn + set wildcard-fqdn "g-fortinet" + next + edit 13 + set type wildcard-fqdn + set wildcard-fqdn "g-google-drive" + next + edit 14 + set type wildcard-fqdn + set wildcard-fqdn "g-google-play" + next + edit 15 + set type wildcard-fqdn + set wildcard-fqdn "g-google-play2" + next + edit 16 + set type wildcard-fqdn + set wildcard-fqdn "g-google-play3" + next + edit 17 + set type wildcard-fqdn + set wildcard-fqdn "g-googleapis.com" + next + edit 18 + set type wildcard-fqdn + set wildcard-fqdn "g-Gotomeeting" + next + edit 19 + set type wildcard-fqdn + set wildcard-fqdn "g-icloud" + next + edit 20 + set type wildcard-fqdn + set wildcard-fqdn "g-itunes" + next + edit 21 + set type wildcard-fqdn + set wildcard-fqdn "g-live.com" + next + edit 22 + set type wildcard-fqdn + set wildcard-fqdn "g-microsoft" + next + edit 23 + set type wildcard-fqdn + set wildcard-fqdn "g-skype" + next + edit 24 + set type wildcard-fqdn + set wildcard-fqdn "g-softwareupdate.vmware.com" + next + edit 25 + set type wildcard-fqdn + set wildcard-fqdn "g-swscan.apple.com" + next + edit 26 + set type wildcard-fqdn + set wildcard-fqdn "g-update.microsoft.com" + next + edit 27 + set type wildcard-fqdn + set wildcard-fqdn "g-verisign" + next + edit 28 + set type wildcard-fqdn + set wildcard-fqdn "g-Windows update 2" + next + edit 29 + set fortiguard-category 31 + next + edit 30 + set fortiguard-category 33 + next + edit 31 + set fortiguard-category 25 + next + edit 32 + set type wildcard-fqdn + set wildcard-fqdn "g-cdn-apple" + next + edit 33 + set type wildcard-fqdn + set wildcard-fqdn "g-mzstatic-apple" + next + end + next + edit "no-inspection" + set comment "Read-only profile that does no inspection." + config https + set status disable + set unsupported-ssl-version allow + end + config ftps + set status disable + set unsupported-ssl-version allow + end + config imaps + set status disable + set unsupported-ssl-version allow + end + config pop3s + set status disable + set unsupported-ssl-version allow + end + config smtps + set status disable + set unsupported-ssl-version allow + end + config ssh + set ports 22 + set status disable + end + config dot + set status disable + end + next + edit "custom-cert-inspection" + set comment "Read-only SSL handshake inspection profile." + config https + set ports 443 + set status certificate-inspection + set unsupported-ssl-version allow + end + config ftps + set status disable + set unsupported-ssl-version allow + end + config imaps + set status disable + set unsupported-ssl-version allow + end + config pop3s + set status disable + set unsupported-ssl-version allow + end + config smtps + set status disable + set unsupported-ssl-version allow + end + config ssh + set ports 22 + set status disable + end + config dot + set status disable + end + next + edit "SCSD custom-deep-inspection" + set comment "Customizable deep inspection profile." + config https + set ports 443 + set status deep-inspection + set unsupported-ssl-version allow + end + config ftps + set ports 990 + set status deep-inspection + set unsupported-ssl-version allow + end + config imaps + set ports 993 + set status deep-inspection + set unsupported-ssl-version allow + end + config pop3s + set ports 995 + set status deep-inspection + set unsupported-ssl-version allow + end + config smtps + set ports 465 + set status deep-inspection + set unsupported-ssl-version allow + end + config ssh + set ports 22 + set status disable + end + config dot + set status disable + end + config ssl-exempt + edit 1 + set type wildcard-fqdn + set wildcard-fqdn "g-adobe" + next + edit 2 + set type wildcard-fqdn + set wildcard-fqdn "g-Adobe Login" + next + edit 3 + set type wildcard-fqdn + set wildcard-fqdn "g-android" + next + edit 4 + set type wildcard-fqdn + set wildcard-fqdn "g-apple" + next + edit 5 + set type wildcard-fqdn + set wildcard-fqdn "g-appstore" + next + edit 6 + set type wildcard-fqdn + set wildcard-fqdn "g-auth.gfx.ms" + next + edit 7 + set type wildcard-fqdn + set wildcard-fqdn "g-autoupdate.opera.com" + next + edit 8 + set type wildcard-fqdn + set wildcard-fqdn "g-citrix" + next + edit 9 + set type wildcard-fqdn + set wildcard-fqdn "g-dropbox.com" + next + edit 10 + set type wildcard-fqdn + set wildcard-fqdn "g-eease" + next + edit 11 + set type wildcard-fqdn + set wildcard-fqdn "g-firefox update server" + next + edit 12 + set type wildcard-fqdn + set wildcard-fqdn "g-fortinet" + next + edit 13 + set type wildcard-fqdn + set wildcard-fqdn "g-google-drive" + next + edit 14 + set type wildcard-fqdn + set wildcard-fqdn "g-google-play" + next + edit 15 + set type wildcard-fqdn + set wildcard-fqdn "g-google-play2" + next + edit 16 + set type wildcard-fqdn + set wildcard-fqdn "g-google-play3" + next + edit 17 + set type wildcard-fqdn + set wildcard-fqdn "g-googleapis.com" + next + edit 18 + set type wildcard-fqdn + set wildcard-fqdn "g-Gotomeeting" + next + edit 19 + set type wildcard-fqdn + set wildcard-fqdn "g-icloud" + next + edit 20 + set type wildcard-fqdn + set wildcard-fqdn "g-itunes" + next + edit 21 + set type wildcard-fqdn + set wildcard-fqdn "g-live.com" + next + edit 22 + set type wildcard-fqdn + set wildcard-fqdn "g-microsoft" + next + edit 23 + set type wildcard-fqdn + set wildcard-fqdn "g-skype" + next + edit 24 + set type wildcard-fqdn + set wildcard-fqdn "g-softwareupdate.vmware.com" + next + edit 25 + set type wildcard-fqdn + set wildcard-fqdn "g-swscan.apple.com" + next + edit 26 + set type wildcard-fqdn + set wildcard-fqdn "g-update.microsoft.com" + next + edit 27 + set type wildcard-fqdn + set wildcard-fqdn "g-verisign" + next + edit 28 + set type wildcard-fqdn + set wildcard-fqdn "g-Windows update 2" + next + edit 29 + set fortiguard-category 31 + next + edit 30 + set fortiguard-category 33 + next + edit 31 + set fortiguard-category 25 + next + end + next +end +config firewall policy + edit 89 + set status disable + set name "Country Allow In->Out" + set srcintf "inside" + set dstintf "outside" + set action accept + set srcaddr "all" + set dstaddr "Country Allow" + set schedule "always" + set service "HTTPS" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "g-default" + next + edit 90 + set status disable + set name "Country Allow Out->In" + set srcintf "outside" + set dstintf "inside" + set action accept + set srcaddr "Country Allow" + set dstaddr "all" + set schedule "always" + set service "HTTPS" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "g-default" + set comments " (Copy of NVIDEA_LICENSING) (Reverse of NVIDEA_LICENSING)" + next + edit 109 + set name "Block Countries Out -> In" + set srcintf "outside" + set dstintf "inside" + set srcaddr "Country Block" + set dstaddr "all" + set schedule "always" + set service "ALL" + set logtraffic all + set match-vip enable + set comments "Block specific countries" + next + edit 110 + set name "Block Countries In -> Out" + set srcintf "inside" + set dstintf "outside" + set srcaddr "all" + set dstaddr "Country Block" + set schedule "always" + set service "ALL" + set logtraffic all + set match-vip enable + set comments "Block specific countries" + next + edit 10020 + set name "Deny_List_In" + set srcintf "outside" + set dstintf "inside" + set srcaddr "Block_List_Group" + set dstaddr "all" + set schedule "always" + set service "ALL" + set logtraffic all + set match-vip enable + set comments "Block Known Attachers" + next + edit 10022 + set name "Deny_List_Out" + set srcintf "inside" + set dstintf "outside" + set srcaddr "all" + set dstaddr "Block_List_Group" + set schedule "always" + set service "ALL" + set logtraffic all + set match-vip enable + set comments "Block Known Attachers" + next + edit 112 + set name "SSL_VPN_FULL" + set srcintf "ssl.scsd" + set dstintf "inside" + set action accept + set srcaddr "SSL_VPN_Range" + set dstaddr "IPv4-Private-All-RFC1918" + set schedule "always" + set service "ALL" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set groups "SSL_VPN_Full_Access" "FortiGateAccess" + set comments "Remote Access VPN - Full Access" + next + edit 59 + set name "VPN_Security_VLAN_70" + set srcintf "ssl.scsd" + set dstintf "inside" + set action accept + set srcaddr "SSL_VPN_Range" + set dstaddr "Security_VLAN_70_Group" + set schedule "always" + set service "ALL" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set groups "VPN_Security_Group" + set comments "Remote Access VPN - Security VLAN 70" + next + edit 78 + set name "VPN_Access_Control_VLAN_72" + set srcintf "ssl.scsd" + set dstintf "inside" + set action accept + set srcaddr "SSL_VPN_Range" + set dstaddr "Access_Control_VLAN_72_Group" + set schedule "always" + set service "ALL" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set groups "VPN_Access_Control_Group" + set comments "Remote Access VPN - Access Control VLAN 72" + next + edit 63 + set name "VPN_Hyperion_Servers" + set srcintf "ssl.scsd" + set dstintf "inside" + set action accept + set srcaddr "SSL_VPN_Range" + set dstaddr "Hyperion_Server_Group" + set schedule "always" + set service "RDP" "UDP-3389" "HTTP" "HTTPS" "TCP-19000" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set groups "VPN_Hyperion_Group" + set comments "Remote Access VPN - Hyperion Servers" + next + edit 57 + set name "VPN_Website_Server" + set srcintf "ssl.scsd" + set dstintf "inside" + set action accept + set srcaddr "SSL_VPN_Range" + set dstaddr "Webosphere_Inside" + set schedule "always" + set service "RDP" "UDP-3389" "FTP" "FTP_GET" "FTP_PUT" "TFTP" "Webosphere_Data" "HTTP" "HTTPS" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set groups "VPN_Web_Servers_Group" + set comments "Remote Access VPN - SCSD Website" + next + edit 58 + set name "VPN_DayAutomation_Servers" + set srcintf "ssl.scsd" + set dstintf "inside" + set action accept + set srcaddr "SSL_VPN_Range" + set dstaddr "Day_Server_Group" + set schedule "always" + set service "RDP" "UDP-3389" "HTTPS" "TCP-6502-6510" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set groups "VPN_DayAuto_Group" + set comments "Remote Access VPN - Day Automation Servers" + next + edit 80 + set name "VPN_Auditors" + set srcintf "ssl.scsd" + set dstintf "inside" + set action accept + set srcaddr "SSL_VPN_Range" + set dstaddr "psprdfin" "psprdhcm" + set schedule "always" + set service "HTTP" "HTTPS" "UDP-3389" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set groups "VPN_Auditor_Group" + set comments "Remote Access VPN - Auditors" + next + edit 66 + set name "VPN_WebCRD_Server" + set srcintf "ssl.scsd" + set dstintf "inside" + set action accept + set srcaddr "SSL_VPN_Range" + set dstaddr "WebCRD" + set schedule "always" + set service "HTTPS" "SSH" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set groups "VPN_WebCRD_Group" + set comments "Remote Access VPN - webCRD" + next + edit 69 + set name "VPN_DocHolliday" + set srcintf "ssl.scsd" + set dstintf "inside" + set action accept + set srcaddr "SSL_VPN_Range" + set dstaddr "DocHolliday" + set schedule "always" + set service "RDP" "UDP-3389" "SMB" "HTTP" "HTTPS" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set groups "VPN_DocHolliday_Group" + set comments "Remote Access VPN - DocHolliday for Katapult User" + next + edit 68 + set name "VPN_Access411_Servers" + set srcintf "ssl.scsd" + set dstintf "inside" + set action accept + set srcaddr "SSL_VPN_Range" + set dstaddr "411_Group" + set schedule "always" + set service "RDP" "UDP-3389" "HTTP" "HTTPS" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set groups "VPN_Access411_Group" + set comments "Remote Access VPN - Access411 RDP" + next + edit 91 + set name "VPN_Peoplesoft_Audit" + set srcintf "ssl.scsd" + set dstintf "inside" + set action accept + set srcaddr "SSL_VPN_Range" + set dstaddr "Peoplesoft_Audit_Group" + set schedule "always" + set service "HTTP" "HTTPS" "TCP_UDP-8100" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set groups "VPN_Peoplesoft_Group" + set comments "Remote Access VPN - Peoplesoft Auditors" + next + edit 64 + set name "VPN_Peoplesoft_RDP" + set srcintf "ssl.scsd" + set dstintf "inside" + set action accept + set srcaddr "SSL_VPN_Range" + set dstaddr "Peoplesoft_RDP_Group" + set schedule "always" + set service "RDP" "UDP-3389" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set groups "VPN_Peoplesoft_Group" + set comments "Remote Access VPN - Peoplesoft RDP" + next + edit 65 + set name "VPN_Peoplesoft_SSH" + set srcintf "ssl.scsd" + set dstintf "inside" + set action accept + set srcaddr "SSL_VPN_Range" + set dstaddr "Peoplesoft_SSH_Group" + set schedule "always" + set service "SSH" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set groups "VPN_Peoplesoft_Group" + set comments "Remote Access VPN - Peoplesoft SSH" + next + edit 10009 + set name "Nimble_Sup_Out" + set srcintf "inside" + set dstintf "outside" + set action accept + set srcaddr "Nimble_Inside_Grp" + set dstaddr "Nimble_Support" + set schedule "always" + set service "ALL" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set nat enable + set ippool enable + set poolname "ippool-198.36.23.251" "ippool-198.36.23.253" "ippool-198.36.23.254" "ippool-198.36.23.252" + set comments "Nimble Support" + next + edit 10010 + set name "Nimble_Sup_In" + set srcintf "outside" + set dstintf "inside" + set action accept + set srcaddr "Nimble_Support" + set dstaddr "Nimble_Inside_Grp" + set schedule "always" + set service "ALL" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set comments "Nimble Support" + next + edit 107 + set status disable + set name "Content_Keeper_In -> Out" + set srcintf "inside" + set dstintf "outside" + set action accept + set srcaddr "CK_Inside_Group" + set dstaddr "all" + set schedule "always" + set service "ALL" + set logtraffic all + set nat enable + set ippool enable + set poolname "ippool-198.36.23.251" "ippool-198.36.23.253" "ippool-198.36.23.254" "ippool-198.36.23.252" + set comments "ContentKeeper" + next + edit 10026 + set name "Barracuda In->Out" + set srcintf "inside" + set dstintf "outside" + set action accept + set srcaddr "Barracuda_Internal" + set dstaddr "all" + set schedule "always" + set service "SMTP" "SMTPS" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set nat enable + set ippool enable + set poolname "MailOut_Outside" + set comments "Barracuda Internal Email" + next + edit 67 + set name "Nighttime In->Out" + set srcintf "inside" + set dstintf "outside" + set action accept + set srcaddr "Nighttime_Inside" + set dstaddr "all" + set schedule "always" + set service "FTP" "SSH" "TFTP" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set nat enable + set ippool enable + set poolname "Nighttime_Outside" + set comments "Forces nighttime to use specific external IP" + next + edit 10070 + set name "Reverse_Proxy" + set srcintf "outside" + set dstintf "inside" + set action accept + set srcaddr "United_States" + set dstaddr "ReverseProxy" + set schedule "always" + set service "HTTPS" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set comments "Need to examine - Reverse Proxy" + next + edit 94 + set name "SBC_NOC_In->Out" + set srcintf "inside" + set dstintf "outside" + set action accept + set srcaddr "SBC-NOC" + set dstaddr "MS_Teams_External_Group" + set schedule "always" + set service "ALL" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Outgoing_IPS" + set logtraffic all + set nat enable + set ippool enable + set poolname "SBC-NOC-Outside" + set comments "SBC Ribbon" + next + edit 100 + set name "SBC_DAN_In->Out" + set srcintf "inside" + set dstintf "outside" + set action accept + set srcaddr "SBC-DAN" + set dstaddr "MS_Teams_External_Group" + set schedule "always" + set service "ALL" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Outgoing_IPS" + set logtraffic all + set nat enable + set ippool enable + set poolname "SBC-DAN-Outside" + set comments "SBC Ribbon" + next + edit 10046 + set name "SRIC_BOCES_Allow" + set srcintf "SRIC_BOCES" + set dstintf "inside" + set action accept + set srcaddr "SRICBOCES-OUTSIDE" + set dstaddr "vip-ntss" + set schedule "always" + set service "ALL_ICMP" "HTTP" "HTTPS" "TCP-1521" "TCP-9000-9100" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set comments "Site to Site VPN - SRIC BOCES NTSS" + next + edit 10174 + set name "NTSS In->Out" + set srcintf "inside" + set dstintf "SRIC_BOCES" + set action accept + set srcaddr "ntss-inside" + set dstaddr "SRICBOCES-OUTSIDE" + set schedule "always" + set service "ALL" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set nat enable + set ippool enable + set poolname "NTSS_Outside" + set comments "Site to Site VPN - SRIC BOCES NTSS" + next + edit 72 + set name "SCHC_In->Out" + set srcintf "inside" + set dstintf "SCHC" + set action accept + set srcaddr "SCHC_Local_Subnets_Group" + set dstaddr "SCHC_Remote_Subnets_Group" + set schedule "always" + set service "ALL" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "g-default" + set logtraffic all + set comments "Site to Site VPN - SCHC" + next + edit 73 + set name "SCHC_Out->In" + set srcintf "SCHC" + set dstintf "inside" + set action accept + set srcaddr "SCHC_Remote_Subnets_Group" + set dstaddr "SCHC_Local_Subnets_Group" + set schedule "always" + set service "ALL" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "g-default" + set logtraffic all + set comments "Site to Site VPN - SCHC" + next + edit 102 + set name "eScholar In->Out" + set srcintf "inside" + set dstintf "vpn-0403e61" + set action accept + set srcaddr "all" + set dstaddr "all" + set schedule "always" + set service "ALL" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set comments "Site to Site VPN - AWS eScholar" + next + edit 108 + set status disable + set name "eScholar Out->In" + set srcintf "vpn-0403e61" + set dstintf "inside" + set action accept + set srcaddr "all" + set dstaddr "all" + set schedule "always" + set service "ALL" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set comments "Site to Site VPN - AWS eScholar" + next + edit 101 + set name "testing highstreet" + set srcintf "inside" + set dstintf "Highstreet" + set action accept + set srcaddr "all" + set dstaddr "all" + set schedule "always" + set service "ALL" + set ssl-ssh-profile "certificate-inspection" + set logtraffic all + set comments "Site to Site VPN - Highstreet (Copy of Highstreet_Tunnel_In->Out)" + next + edit 111 + set name "Highstreet_Tunnel_In->Out" + set srcintf "inside" + set dstintf "Highstreet" + set action accept + set srcaddr "Server_40" "Server_48" + set dstaddr "all" + set schedule "always" + set service "ALL" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set comments "Site to Site VPN - Highstreet" + next + edit 113 + set name "Highstreet_2_Tunnel_In->Out" + set srcintf "inside" + set dstintf "Highstreet_2" + set action accept + set srcaddr "Server_40" "Server_48" + set dstaddr "all" + set schedule "always" + set service "ALL" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set comments "VPN - Highstreet 2" + next + edit 61 + set name "AWS_VPN_In->Out" + set srcintf "inside" + set dstintf "vpn-042e9903" + set action accept + set srcaddr "all" + set dstaddr "all" + set schedule "always" + set service "ALL" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set comments "Site to Site VPN - AWS" + next + edit 96 + set name "SchoolTool_AWS_In->Out" + set srcintf "inside" + set dstintf "vpn-0fc50345" + set action accept + set srcaddr "all" + set dstaddr "all" + set schedule "always" + set service "ALL" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set comments "SchoolTool Tunnel In -> Out" + next + edit 97 + set name "SchoolTool_AWS_Out->In" + set srcintf "vpn-0fc50345" + set dstintf "inside" + set action accept + set srcaddr "all" + set dstaddr "all" + set schedule "always" + set service "ALL" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set comments "Reverse of SchoolTool_AWS_In->Out" + next + edit 62 + set status disable + set name "Test Cert Decrypt" + set srcintf "inside" + set dstintf "outside" + set action accept + set srcaddr "Tim PC" + set dstaddr "all" + set schedule "always" + set service "ALL" + set utm-status enable + set ssl-ssh-profile "SCSD custom-deep-inspection" + set av-profile "g-default" + set ips-sensor "Incoming_IPS" + set application-list "App_Ctrl_1" + set logtraffic all + set nat enable + set ippool enable + set poolname "ippool-198.36.23.251" "ippool-198.36.23.253" "ippool-198.36.23.254" "ippool-198.36.23.252" + set tcp-mss-sender 1400 + set tcp-mss-receiver 1400 + set comments "Internet Access (Copy of Internet Access)" + next + edit 98 + set name "AW_Scanner_Allow" + set srcintf "inside" + set dstintf "outside" + set action accept + set srcaddr "AW_Scanner_MerryChristmas" "AW_Scanner _HappyHalloween" "AW_Scanner_DiaDeLosMuertos" "AW_Scanner_HappyNewYear" "AW_Scanner_LaborDay" + set dstaddr "AW_device-activation.us-global-prod.arcticwolf.net" "AW_drs.us-global-prod.arcticwolf.net" "AW_inbound.us002-prod.arcticwolf.net" + set schedule "always" + set service "ALL" + set nat enable + next + edit 116 + set name "POS Test" + set srcintf "inside" + set dstintf "outside" + set action accept + set srcaddr "POS_Machines" + set dstaddr "all" + set schedule "always" + set service "ALL" + set logtraffic all + set nat enable + set ippool enable + set poolname "ippool-198.36.23.251" "ippool-198.36.23.253" "ippool-198.36.23.254" "ippool-198.36.23.252" + set tcp-mss-sender 1400 + set tcp-mss-receiver 1400 + set comments "Test Point of Sale" + next + edit 106 + set name "Internet Access" + set srcintf "inside" "RAP" + set dstintf "outside" + set action accept + set srcaddr "IPv4-Private-All-RFC1918" "VPN-Range" + set dstaddr "all" + set schedule "always" + set service "ALL" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set av-profile "g-default" + set ips-sensor "Outgoing_IPS" + set application-list "App_Ctrl_1" + set logtraffic all + set nat enable + set ippool enable + set poolname "ippool-198.36.23.251" "ippool-198.36.23.253" "ippool-198.36.23.254" "ippool-198.36.23.252" + set tcp-mss-sender 1400 + set tcp-mss-receiver 1400 + set comments "Internet Access" + next + edit 71 + set name "County->Peoplesoft" + set srcintf "city_phones" + set dstintf "inside" + set action accept + set srcaddr "County_Network" + set dstaddr "psprdfin" + set schedule "always" + set service "HTTP" "HTTPS" + set ssl-ssh-profile "certificate-inspection" + set logtraffic all + next + edit 82 + set name "Peoplesoft -> County" + set srcintf "inside" + set dstintf "city_phones" + set action accept + set srcaddr "psprdfin" + set dstaddr "County_Network" + set schedule "always" + set service "HTTP" "HTTPS" + set ssl-ssh-profile "certificate-inspection" + set logtraffic all + set comments " (Copy of County->Peoplesoft) (Reverse of County->Peoplesoft)" + next + edit 81 + set name "County -> DNS" + set srcintf "city_phones" + set dstintf "inside" + set action accept + set srcaddr "County_Network" + set dstaddr "Domain_Controller_Group" + set schedule "always" + set service "DNS" + set ssl-ssh-profile "certificate-inspection" + set logtraffic all + set comments " (Copy of County->Peoplesoft)" + next + edit 76 + set name "City_CGRs_Out->In" + set srcintf "city_phones" + set dstintf "inside" + set action accept + set srcaddr "City_Side_CGR_01" "City_Side_CGR_02" + set dstaddr "City_CGRs_Group" + set schedule "always" + set service "ESP" "IKE" "PING" "SSH" + set ssl-ssh-profile "certificate-inspection" + set logtraffic all + set comments "City Lights - CGR - Allow Ping and SSH from City-Side Subnets" + next + edit 77 + set name "City_CGRs_In->Out" + set srcintf "inside" + set dstintf "city_phones" + set action accept + set srcaddr "City_CGRs_Group" + set dstaddr "City_Side_CGR_01" "City_Side_CGR_02" + set schedule "always" + set service "ESP" "IKE" "PING" "SSH" + set ssl-ssh-profile "certificate-inspection" + set logtraffic all + set comments "Allow City Lights CGR to City Side Subnets" + next + edit 85 + set name "City_VoIP_Out->In" + set srcintf "city_phones" + set dstintf "inside" + set action accept + set srcaddr "City_Side_VoIP_Group" + set dstaddr "CUCM_BRIGHTON" "CUCM_ITC_NOC" + set schedule "always" + set service "ALL" + set logtraffic all + set comments "City Allowed Networks From them to Us (Copy of City_Phones_Out->In)" + next + edit 86 + set name "City_VoIP_In->Out" + set srcintf "inside" + set dstintf "city_phones" + set action accept + set srcaddr "CUCM_BRIGHTON" "CUCM_ITC_NOC" + set dstaddr "City_Side_VoIP_Group" + set schedule "always" + set service "ALL" + set logtraffic all + set comments "City Allowed Networks From them to Us (Copy of City_Phones_Out->In) (Copy of City_VoIP_Out->In) (Reverse of City_VoIP_Out->In)" + next + edit 84 + set name "City_Water_DPW_Recorder_Out->In" + set srcintf "city_phones" + set dstintf "inside" + set action accept + set srcaddr "City_Side_VoIP_Water_DPW_Recorder" + set dstaddr "CUCM_BRIGHTON" "CUCM_ITC_NOC" + set schedule "always" + set service "ALL" + set inspection-mode proxy + set logtraffic all + set auto-asic-offload disable + set np-acceleration disable + set comments "City Allowed Networks From them to Us (Copy of City_Phones_Out->In) (Copy of City_Parks_Phones_Out->In)" + next + edit 88 + set name "City_Water_DPW_Recorder_In->Out" + set srcintf "inside" + set dstintf "city_phones" + set action accept + set srcaddr "CUCM_BRIGHTON" "CUCM_ITC_NOC" + set dstaddr "City_Side_VoIP_Water_DPW_Recorder" + set schedule "always" + set service "ALL" + set inspection-mode proxy + set logtraffic all + set auto-asic-offload disable + set np-acceleration disable + set comments "City Allowed Networks From them to Us (Copy of City_Phones_Out->In) (Copy of City_Parks_Phones_Out->In) (Copy of City_Water_DPW_Recorder_Out->In) (Reverse of City_Water_DPW_Recorder_Out->In)" + next + edit 60 + set name "City_Parks_Phones_Out->In" + set srcintf "city_phones" + set dstintf "inside" + set action accept + set srcaddr "City_Side_Parks_Phone_Subnet" "City_Side_VoIP_Water_DPW_Recorder" + set dstaddr "CUCM_BRIGHTON" "CUCM_ITC_NOC" + set schedule "always" + set service "ALL" + set inspection-mode proxy + set logtraffic all + set auto-asic-offload disable + set np-acceleration disable + set comments "City Allowed Networks From them to Us (Copy of City_Phones_Out->In)" + next + edit 79 + set name "City_Parks_Phones_In->Out" + set srcintf "inside" + set dstintf "city_phones" + set action accept + set srcaddr "CUCM_BRIGHTON" "CUCM_ITC_NOC" + set dstaddr "City_Side_Parks_Phone_Subnet" "City_Side_VoIP_Water_DPW_Recorder" + set schedule "always" + set service "ALL" + set inspection-mode proxy + set logtraffic all + set comments "City Allowed Networks From Us to Them (Copy of City_Phones_In->Out)" + next + edit 70 + set status disable + set name "Block SPD DNS ACCESS" + set srcintf "city_phones" + set dstintf "inside" + set srcaddr "SPD_Network" + set dstaddr "all" + set schedule "always" + set service "DNS" + set logtraffic disable + set comments "Deny SPD DNS" + next + edit 55 + set name "SPD_Out->In" + set srcintf "city_phones" + set dstintf "inside" + set action accept + set srcaddr "SPD_Network" + set dstaddr "SPD_Firewalls_Our_Side" + set schedule "always" + set service "ESP" "IKE" "SNMP" "SSH" "ALL_ICMP" "HTTPS" "HTTP" + set ssl-ssh-profile "certificate-inspection" + set logtraffic all + set comments "SPD Access" + next + edit 87 + set name "SPD_In->Out" + set srcintf "inside" + set dstintf "city_phones" + set action accept + set srcaddr "SPD_Firewalls_Our_Side" + set dstaddr "SPD_Network" + set schedule "always" + set service "ESP" "IKE" "SNMP" "SSH" "ALL_ICMP" "HTTPS" "HTTP" + set ssl-ssh-profile "certificate-inspection" + set logtraffic all + set comments "SPD Access (Copy of SPD_Out->In) (Reverse of SPD_Out->In)" + next + edit 83 + set name "SPD_ Genetec_Out->In" + set srcintf "city_phones" + set dstintf "inside" + set action accept + set srcaddr "SPD_Side_Genetec" + set dstaddr "Genetec_Inside_Group" + set schedule "always" + set service "Genetec Federation" + set ssl-ssh-profile "certificate-inspection" + set logtraffic all + set comments "SPD Access for Genetec Federation" + next + edit 92 + set name "SPD_ Genetec_In->Out" + set srcintf "inside" + set dstintf "city_phones" + set action accept + set srcaddr "Genetec_Inside_Group" + set dstaddr "SPD_Side_Genetec" + set schedule "always" + set service "Genetec Federation" + set ssl-ssh-profile "certificate-inspection" + set logtraffic all + set comments "SPD Access for Genetec Federation" + next + edit 54 + set name "City_Phones_Out->In" + set srcintf "city_phones" + set dstintf "inside" + set action accept + set srcaddr "City_Subnets_Group" + set dstaddr "City_Permited_Subnets_Group" + set schedule "always" + set service "ALL" + set logtraffic all + set comments "City Allowed Networks From them to Us" + next + edit 75 + set name "City_Phones_In->Out" + set srcintf "inside" + set dstintf "city_phones" + set action accept + set srcaddr "City_Permited_Subnets_Group" + set dstaddr "City_Subnets_Group" + set schedule "always" + set service "ALL" + set logtraffic all + set comments "City Allowed Networks From Us to Them" + next + edit 10012 + set status disable + set name "CK_Mgmt_Filters" + set srcintf "outside" + set dstintf "inside" + set action accept + set srcaddr "all" + set dstaddr "vip-grp-ck-mgmt-filters" + set schedule "always" + set service "HTTPS" "TCP-8080" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set comments "ContentKeeper" + next + edit 10014 + set status disable + set name "CK_Support" + set srcintf "outside" + set dstintf "inside" + set action accept + set srcaddr "CONTENTKEEPER-REMOTE-SUPPORT" + set dstaddr "vip-grp-ck-all" + set schedule "always" + set service "CK_Support_Services_Group" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set comments "ContentKeeper" + next + edit 10018 + set status disable + set name "CKMobile" + set srcintf "outside" + set dstintf "inside" + set action accept + set srcaddr "all" + set dstaddr "vip-grp-ckm-mgmt" + set schedule "always" + set service "CK_Mobile_Services_Group" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set comments "ContentKeeper" + next + edit 10024 + set name "Email_Hybrid_Allow" + set srcintf "outside" + set dstintf "inside" + set action accept + set srcaddr "all" + set dstaddr "vip-hybrid-email" + set schedule "always" + set service "HTTP" "HTTPS" "SMTP" "SMTPS" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set comments "Hybrid Email - Robert Johnson" + next + edit 10027 + set name "Barracuda_Archivers" + set srcintf "outside" + set dstintf "inside" + set action accept + set dstaddr "vip-grp-barracuda_Archivers" + set internet-service-src enable + set internet-service-src-group "Microsoft_ISDB_Both" + set schedule "always" + set service "HTTP" "HTTPS" "SMTP" "SMTPS" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set comments "Barracuda Archivers from Microsoft" + next + edit 115 + set name "Nutanix_Remote_Support" + set srcintf "inside" + set dstintf "outside" + set action accept + set srcaddr "Nutanix_CVM" + set dstaddr "Nutanix_Remote_Support" + set schedule "always" + set service "HTTP" "HTTPS" + set logtraffic all + next + edit 10076 + set status disable + set name "Apple_Cache" + set srcintf "outside" + set dstintf "inside" + set action accept + set srcaddr "all" + set dstaddr "vip-applecaching" + set schedule "always" + set service "ALL_TCP" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set comments "Apple Caching Server Access" + next + edit 10094 + set name "DNS_ns1" + set srcintf "outside" + set dstintf "inside" + set action accept + set srcaddr "all" + set dstaddr "vip-ns1" + set schedule "always" + set service "DNS" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set comments "DNS - External" + next + edit 10092 + set name "DNS_ns2" + set srcintf "outside" + set dstintf "inside" + set action accept + set srcaddr "all" + set dstaddr "vip-ns2" + set schedule "always" + set service "DNS" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set comments "DNS - External" + next + edit 10108 + set name "LDAP_Access" + set srcintf "outside" + set dstintf "inside" + set action accept + set srcaddr "Safeschools_Group" + set dstaddr "vip-DC01" + set schedule "always" + set service "LDAP" "LDAP_UDP" "TCP-636" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set comments "LDAP" + next + edit 10130 + set name "Airwatch" + set srcintf "outside" + set dstintf "inside" + set action accept + set srcaddr "all" + set dstaddr "vip-Airwatchapp" + set schedule "always" + set service "Airwatch_Services_Group" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set comments "Airwatch Access" + next + edit 10054 + set name "SCSD_Website" + set srcintf "outside" + set dstintf "inside" + set action accept + set srcaddr "United_States" + set dstaddr "vip-Webosphere" + set schedule "always" + set service "HTTP" "HTTPS" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set comments "Website - scsd.us" + next + edit 10138 + set name "WebHelpDesk" + set srcintf "outside" + set dstintf "inside" + set action accept + set srcaddr "United_States" + set dstaddr "vip-webhelpdesk" + set schedule "always" + set service "HTTPS" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set comments "Webpage - helpdesk.scsd.us" + next + edit 117 + set name "RAP>Inside>DCs" + set srcintf "RAP" + set dstintf "inside" + set action accept + set srcaddr "RAP-Users" + set dstaddr "Server_40" "Server_48" + set schedule "always" + set service "ALL" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set av-profile "g-default" + set ips-sensor "Incoming_IPS" + set application-list "App_Ctrl_1" + set logtraffic all + next + edit 10150 + set name "Tableau" + set srcintf "outside" + set dstintf "inside" + set action accept + set srcaddr "United_States" + set dstaddr "vip-tableau" + set schedule "always" + set service "HTTP" "HTTPS" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set comments "Webpage - tableau.scsd.us" + next + edit 99 + set name "PrintOC" + set srcintf "outside" + set dstintf "inside" + set action accept + set srcaddr "United_States" + set dstaddr "vip-PrintOC" + set schedule "always" + set service "HTTPS" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set comments "Oracle Web Printer" + next + edit 10184 + set name "ESS" + set srcintf "outside" + set dstintf "inside" + set action accept + set srcaddr "United_States" + set dstaddr "vip-scsdess" + set schedule "always" + set service "HTTP" "HTTPS" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set comments "Employee Self Service" + next + edit 10182 + set name "Address_Lookup" + set srcintf "outside" + set dstintf "inside" + set action accept + set srcaddr "United_States" + set dstaddr "vip-Neutrons" + set schedule "always" + set service "HTTPS" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set comments "Address Lookup for parents" + next + edit 93 + set name "SBC_Ribbon_Out->In" + set srcintf "outside" + set dstintf "inside" + set action accept + set srcaddr "MS_Teams_External_Group" + set dstaddr "vip-sbc-noc" "vip-sbc-dan" + set schedule "always" + set service "ALL" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set comments "SBC Ribbon" + next + edit 114 + set name "EMS_Out->In" + set srcintf "outside" + set dstintf "inside" + set action accept + set srcaddr "all" + set dstaddr "vip-EMS" + set schedule "always" + set service "ALL" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set ips-sensor "Incoming_IPS" + set logtraffic all + set comments "SBC Ribbon (Copy of SBC_Ribbon_Out->In)" + next + edit 118 + set name "Servers->RAP" + set srcintf "inside" + set dstintf "RAP" + set action accept + set srcaddr "Server_40" "Server_48" "21JumpSt" "Sys-Net-Admins" + set dstaddr "RAP-Users" "RAP-MGMT" + set schedule "always" + set service "ALL" + set utm-status enable + set ssl-ssh-profile "certificate-inspection" + set av-profile "g-default" + set ips-sensor "Incoming_IPS" + set application-list "App_Ctrl_1" + set logtraffic all + set comments " (Copy of RAP>Inside>DCs) (Reverse of RAP>Inside>DCs)" + next + edit 95 + set name "SCSD -> DPS" + set srcintf "inside" + set dstintf "DPS" + set action accept + set srcaddr "all" + set dstaddr "DPS_10.46.0.0/16" "DPS_Internal" "DPS_192.168.146.0/24" + set schedule "always" + set service "ALL" + next + edit 103 + set name "DPS-> SCSD" + set srcintf "DPS" + set dstintf "inside" + set action accept + set srcaddr "DPS_10.46.0.0/16" "DPS_192.168.146.0/24" "DPS_Internal" + set dstaddr "all" + set schedule "always" + set service "ALL" + next + edit 104 + set name "DPS-> Outside" + set srcintf "DPS" + set dstintf "outside" + set action accept + set srcaddr "DPS_10.46.0.0/16" + set dstaddr "all" + set schedule "always" + set service "ALL" + set nat enable + set ippool enable + set poolname "ippool-198.36.23.253" + next +end +config firewall DoS-policy + edit 1 + set name "Country_Block_DOS" + set comments "Thresholds set to 1 to block all traffic from specific countries." + set interface "outside" + set srcaddr "Country Block" + set dstaddr "all" + set service "ALL" + config anomaly + edit "tcp_syn_flood" + set status enable + set action block + set threshold 1 + next + edit "tcp_port_scan" + set status enable + set action block + set threshold 1 + next + edit "tcp_src_session" + set status enable + set action block + set threshold 1 + next + edit "tcp_dst_session" + set status enable + set action block + set threshold 1 + next + edit "udp_flood" + set status enable + set action block + set threshold 1 + next + edit "udp_scan" + set status enable + set action block + set threshold 1 + next + edit "udp_src_session" + set status enable + set action block + set threshold 1 + next + edit "udp_dst_session" + set status enable + set action block + set threshold 1 + next + edit "icmp_flood" + set status enable + set action block + set threshold 1 + next + edit "icmp_sweep" + set status enable + set action block + set threshold 1 + next + edit "icmp_src_session" + set status enable + set action block + set threshold 1 + next + edit "icmp_dst_session" + set status enable + set action block + set threshold 1 + next + edit "ip_src_session" + set status enable + set action block + set threshold 1 + next + edit "ip_dst_session" + set status enable + set action block + set threshold 1 + next + edit "sctp_flood" + set status enable + set action block + set threshold 1 + next + edit "sctp_scan" + set status enable + set action block + set threshold 1 + next + edit "sctp_src_session" + set status enable + set action block + set threshold 1 + next + edit "sctp_dst_session" + set status enable + set action block + set threshold 1 + next + end + next + edit 3 + set name "Zoom-bypass" + set interface "outside" + set srcaddr "all" + set dstaddr "all" + set service "Zoom UDP Ports" + config anomaly + edit "tcp_syn_flood" + set threshold 2000 + next + edit "tcp_port_scan" + set threshold 1000 + next + edit "tcp_src_session" + set threshold 5000 + next + edit "tcp_dst_session" + set threshold 5000 + next + edit "udp_flood" + set status enable + set log enable + set threshold 2000 + next + edit "udp_scan" + set threshold 2000 + next + edit "udp_src_session" + set threshold 5000 + next + edit "udp_dst_session" + set threshold 5000 + next + edit "icmp_flood" + set threshold 250 + next + edit "icmp_sweep" + set threshold 100 + next + edit "icmp_src_session" + set threshold 300 + next + edit "icmp_dst_session" + set threshold 1000 + next + edit "ip_src_session" + set threshold 5000 + next + edit "ip_dst_session" + set threshold 5000 + next + edit "sctp_flood" + set threshold 2000 + next + edit "sctp_scan" + set threshold 1000 + next + edit "sctp_src_session" + set threshold 5000 + next + edit "sctp_dst_session" + set threshold 5000 + next + end + next + edit 2 + set name "DoS_Default" + set interface "outside" + set srcaddr "all" + set dstaddr "all" + set service "ALL" + config anomaly + edit "tcp_syn_flood" + set status enable + set log enable + set action block + set threshold 2000 + next + edit "tcp_port_scan" + set status enable + set log enable + set action block + set threshold 1000 + next + edit "tcp_src_session" + set status enable + set log enable + set action block + set threshold 5000 + next + edit "tcp_dst_session" + set status enable + set log enable + set action block + set threshold 5000 + next + edit "udp_flood" + set status enable + set log enable + set action block + set threshold 20000 + next + edit "udp_scan" + set status enable + set log enable + set action block + set threshold 2000 + next + edit "udp_src_session" + set status enable + set log enable + set action block + set threshold 5000 + next + edit "udp_dst_session" + set status enable + set log enable + set action block + set threshold 5000 + next + edit "icmp_flood" + set status enable + set log enable + set action block + set threshold 250 + next + edit "icmp_sweep" + set status enable + set log enable + set action block + set threshold 100 + next + edit "icmp_src_session" + set status enable + set log enable + set action block + set threshold 300 + next + edit "icmp_dst_session" + set status enable + set log enable + set action block + set threshold 1000 + next + edit "ip_src_session" + set status enable + set log enable + set action block + set threshold 5000 + next + edit "ip_dst_session" + set status enable + set log enable + set action block + set threshold 5000 + next + edit "sctp_flood" + set status enable + set log enable + set action block + set threshold 2000 + next + edit "sctp_scan" + set status enable + set log enable + set action block + set threshold 1000 + next + edit "sctp_src_session" + set status enable + set log enable + set action block + set threshold 5000 + next + edit "sctp_dst_session" + set status enable + set log enable + set action block + set threshold 5000 + next + end + next +end +config firewall sniffer + edit 8 + set interface "vpn-0fc50345" + set host "172.30.45.35" + set port "3389" + set max-packet-count 100 + next + edit 4 + set interface "city_phones lag" + set host "10.250.229.0/24" + set max-packet-count 2000 + next + edit 6 + set interface "city_phones lag" + set host "10.1.150.20" + set port "8445" + set max-packet-count 50 + next + edit 5 + set interface "vpn-0403e61" + next + edit 7 + set interface "outside lag" + set host "3.20.191.182" + next + edit 9 + set interface "Highstreet" + next + edit 10 + set interface "inside lag" + set host "192.168.79.2" + next + edit 11 + set interface "inside lag" + set host "10.46.1.1" + next + edit 12 + set interface "DPS" + set host "10.46.1.1" + next + edit 13 + set interface "port17" + set host "192.168.146.5" + next + edit 14 + set interface "port19" + set host "192.168.146.5" + next + edit 15 + set interface "RAP" + set host "192.168.79.2" + set max-packet-count 10000 + next + edit 16 + set interface "city_phones lag" + next +end