fortigate Fri Nov 14 05:11:27 PM EST 2025

2025-11-14 17:11:27 -05:00 · 2025-11-14 17:11:27 -05:00 · aaaa3a0dd8
commit aaaa3a0dd8
parent cc68c67d5e
3 changed files with 37 additions and 0 deletions
--- a/configs/fortigate/vdom_scsd/firewall.cfg
+++ b/configs/fortigate/vdom_scsd/firewall.cfg
@ -2891,6 +2891,16 @@ config firewall address
    edit "ipad_test"
        set subnet 10.14.112.94 255.255.255.255
    next
+    edit "RAPpublic"
+        set subnet 24.105.188.54 255.255.255.255
+    next
+    edit "RAP2_local_subnet_1"
+        set allow-routing enable
+    next
+    edit "RAP2_remote_subnet_1"
+        set allow-routing enable
+        set subnet 10.67.0.0 255.255.0.0
+    next
 end
 config firewall multicast-address
    edit "all_hosts"
@ -3108,6 +3118,16 @@ config firewall addrgrp
        set member "Clary_POS" "ITC_Cafe_POS" "Porter_POS"
        set comment "Point of Sale Machines"
    next
+    edit "RAP2_local"
+        set allow-routing enable
+        set member "RAP2_local_subnet_1"
+        set comment "VPN: RAP2 (Created by VPN wizard)"
+    next
+    edit "RAP2_remote"
+        set allow-routing enable
+        set member "RAP2_remote_subnet_1"
+        set comment "VPN: RAP2 (Created by VPN wizard)"
+    next
 end
 config firewall wildcard-fqdn custom
    edit "g-Adobe Login"
@ -6617,3 +6637,11 @@ config firewall sniffer
        set interface "city_phones lag"
    next
 end
+config firewall on-demand-sniffer
+    edit "outside lag_scsd"
+        set interface "outside lag"
+        set max-packet-count 100
+        set hosts "24.105.188.54"
+        set protocols 17
+    next
+end
--- a/configs/fortigate/vdom_scsd/router.cfg
+++ b/configs/fortigate/vdom_scsd/router.cfg
@ -234,6 +234,13 @@ config router static
        set device "RAP"
        set comment "RAP Users"
    next
+    edit 39
+        set distance 254
+        set comment "VPN: RAP2 (Created by VPN wizard)"
+        set blackhole enable
+        set dstaddr "RAP2_remote"
+        set vrf 0
+    next
 end
 config router ospf
    config redistribute "connected"
--- a/configs/fortigate/vdom_scsd/vpn.cfg
+++ b/configs/fortigate/vdom_scsd/vpn.cfg
@ -935,7 +935,9 @@ config vpn ipsec phase1-interface
        set peertype any
        set net-device disable
        set proposal aes256-sha256
+        set comments "RAP->SCSD"
        set nattraversal disable
+        set transport udp-fallback-tcp
        set remote-gw 24.105.188.54
        set psksecret ENC *HIDDEN*
    next