From 7a99cfe291a1470737fe9a8c01ef5a4bcd46b702 Mon Sep 17 00:00:00 2001
From: John Poland <jdpoland@gmail.com>
Date: Mon, 15 Dec 2025 17:26:37 -0500
Subject: [PATCH] fortigate Mon Dec 15 05:26:37 PM EST 2025

---
 configs/fortigate/vdom_scsd/firewall.cfg | 30 ++++++++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)

diff --git a/configs/fortigate/vdom_scsd/firewall.cfg b/configs/fortigate/vdom_scsd/firewall.cfg
index 0a513f7..9d5fb5d 100644
--- a/configs/fortigate/vdom_scsd/firewall.cfg
+++ b/configs/fortigate/vdom_scsd/firewall.cfg
@@ -2802,6 +2802,17 @@ config firewall address
         set start-ip 10.1.6.20
         set end-ip 10.1.6.254
     next
+    edit "Corcoran_VLAN_20"
+        set type iprange
+        set associated-interface "inside"
+        set start-ip 10.7.1.20
+        set end-ip 10.7.7.254
+    next
+    edit "Corcoran_Secure_Wireless"
+        set type iprange
+        set start-ip 10.7.112.11
+        set end-ip 10.7.127.254
+    next
 end
 config firewall multicast-address
     edit "all_hosts"
@@ -3010,7 +3021,7 @@ config firewall addrgrp
         set comment "Point of Sale Machines"
     next
     edit "NOCTI_Inside"
-        set member "Shea_Secure_Wireless" "Shea_VLAN_6"
+        set member "Shea_Secure_Wireless" "Shea_VLAN_6" "Corcoran_VLAN_20" "Corcoran_Secure_Wireless"
     next
 end
 config firewall wildcard-fqdn custom
@@ -4767,7 +4778,8 @@ config firewall policy
         set comments " (Copy of NVIDEA_LICENSING) (Reverse of NVIDEA_LICENSING)"
     next
     edit 107
-        set name "NOCTI_In->Out"
+        set status disable
+        set name "NOCTI In->Out"
         set srcintf "inside"
         set dstintf "outside"
         set action accept
@@ -4776,8 +4788,22 @@ config firewall policy
         set schedule "always"
         set service "HTTP" "HTTPS"
         set logtraffic all
+        set nat enable
         set comments "Allow nocti.org"
     next
+    edit 121
+        set status disable
+        set name "NOCTI Out->In"
+        set srcintf "outside"
+        set dstintf "inside"
+        set action accept
+        set srcaddr "NOCTI"
+        set dstaddr "NOCTI_Inside"
+        set schedule "always"
+        set service "HTTP" "HTTPS"
+        set logtraffic all
+        set comments "Allow nocti.org (Reverse of NOCTI_In->Out) (Copy of )"
+    next
     edit 109
         set name "Block Countries Out -> In"
         set srcintf "outside"