From aaaa3a0dd8a9b9af58f49c9d6deb9d90d2b3035b Mon Sep 17 00:00:00 2001
From: John Poland <jdpoland@gmail.com>
Date: Fri, 14 Nov 2025 17:11:27 -0500
Subject: [PATCH] fortigate Fri Nov 14 05:11:27 PM EST 2025

---
 configs/fortigate/vdom_scsd/firewall.cfg | 28 ++++++++++++++++++++++++
 configs/fortigate/vdom_scsd/router.cfg   |  7 ++++++
 configs/fortigate/vdom_scsd/vpn.cfg      |  2 ++
 3 files changed, 37 insertions(+)

diff --git a/configs/fortigate/vdom_scsd/firewall.cfg b/configs/fortigate/vdom_scsd/firewall.cfg
index e173339..e60eaf6 100644
--- a/configs/fortigate/vdom_scsd/firewall.cfg
+++ b/configs/fortigate/vdom_scsd/firewall.cfg
@@ -2891,6 +2891,16 @@ config firewall address
     edit "ipad_test"
         set subnet 10.14.112.94 255.255.255.255
     next
+    edit "RAPpublic"
+        set subnet 24.105.188.54 255.255.255.255
+    next
+    edit "RAP2_local_subnet_1"
+        set allow-routing enable
+    next
+    edit "RAP2_remote_subnet_1"
+        set allow-routing enable
+        set subnet 10.67.0.0 255.255.0.0
+    next
 end
 config firewall multicast-address
     edit "all_hosts"
@@ -3108,6 +3118,16 @@ config firewall addrgrp
         set member "Clary_POS" "ITC_Cafe_POS" "Porter_POS"
         set comment "Point of Sale Machines"
     next
+    edit "RAP2_local"
+        set allow-routing enable
+        set member "RAP2_local_subnet_1"
+        set comment "VPN: RAP2 (Created by VPN wizard)"
+    next
+    edit "RAP2_remote"
+        set allow-routing enable
+        set member "RAP2_remote_subnet_1"
+        set comment "VPN: RAP2 (Created by VPN wizard)"
+    next
 end
 config firewall wildcard-fqdn custom
     edit "g-Adobe Login"
@@ -6617,3 +6637,11 @@ config firewall sniffer
         set interface "city_phones lag"
     next
 end
+config firewall on-demand-sniffer
+    edit "outside lag_scsd"
+        set interface "outside lag"
+        set max-packet-count 100
+        set hosts "24.105.188.54"
+        set protocols 17
+    next
+end
diff --git a/configs/fortigate/vdom_scsd/router.cfg b/configs/fortigate/vdom_scsd/router.cfg
index b41035b..a5570c8 100644
--- a/configs/fortigate/vdom_scsd/router.cfg
+++ b/configs/fortigate/vdom_scsd/router.cfg
@@ -234,6 +234,13 @@ config router static
         set device "RAP"
         set comment "RAP Users"
     next
+    edit 39
+        set distance 254
+        set comment "VPN: RAP2 (Created by VPN wizard)"
+        set blackhole enable
+        set dstaddr "RAP2_remote"
+        set vrf 0
+    next
 end
 config router ospf
     config redistribute "connected"
diff --git a/configs/fortigate/vdom_scsd/vpn.cfg b/configs/fortigate/vdom_scsd/vpn.cfg
index c4b35ec..1869a7c 100644
--- a/configs/fortigate/vdom_scsd/vpn.cfg
+++ b/configs/fortigate/vdom_scsd/vpn.cfg
@@ -935,7 +935,9 @@ config vpn ipsec phase1-interface
         set peertype any
         set net-device disable
         set proposal aes256-sha256
+        set comments "RAP->SCSD"
         set nattraversal disable
+        set transport udp-fallback-tcp
         set remote-gw 24.105.188.54
         set psksecret ENC *HIDDEN*
     next