fortigate Fri Nov 14 05:11:27 PM EST 2025

configs/fortigate/vdom_scsd/firewall.cfg

@@ -2891,6 +2891,16 @@ config firewall address
     edit "ipad_test"
         set subnet 10.14.112.94 255.255.255.255
     next
+    edit "RAPpublic"
+        set subnet 24.105.188.54 255.255.255.255
+    next
+    edit "RAP2_local_subnet_1"
+        set allow-routing enable
+    next
+    edit "RAP2_remote_subnet_1"
+        set allow-routing enable
+        set subnet 10.67.0.0 255.255.0.0
+    next
 end
 config firewall multicast-address
     edit "all_hosts"
@@ -3108,6 +3118,16 @@ config firewall addrgrp
         set member "Clary_POS" "ITC_Cafe_POS" "Porter_POS"
         set comment "Point of Sale Machines"
     next
+    edit "RAP2_local"
+        set allow-routing enable
+        set member "RAP2_local_subnet_1"
+        set comment "VPN: RAP2 (Created by VPN wizard)"
+    next
+    edit "RAP2_remote"
+        set allow-routing enable
+        set member "RAP2_remote_subnet_1"
+        set comment "VPN: RAP2 (Created by VPN wizard)"
+    next
 end
 config firewall wildcard-fqdn custom
     edit "g-Adobe Login"
@@ -6617,3 +6637,11 @@ config firewall sniffer
         set interface "city_phones lag"
     next
 end
+config firewall on-demand-sniffer
+    edit "outside lag_scsd"
+        set interface "outside lag"
+        set max-packet-count 100
+        set hosts "24.105.188.54"
+        set protocols 17
+    next
+end

configs/fortigate/vdom_scsd/router.cfg

@@ -234,6 +234,13 @@ config router static
         set device "RAP"
         set comment "RAP Users"
     next
+    edit 39
+        set distance 254
+        set comment "VPN: RAP2 (Created by VPN wizard)"
+        set blackhole enable
+        set dstaddr "RAP2_remote"
+        set vrf 0
+    next
 end
 config router ospf
     config redistribute "connected"

configs/fortigate/vdom_scsd/vpn.cfg

@@ -935,7 +935,9 @@ config vpn ipsec phase1-interface
         set peertype any
         set net-device disable
         set proposal aes256-sha256
+        set comments "RAP->SCSD"
         set nattraversal disable
+        set transport udp-fallback-tcp
         set remote-gw 24.105.188.54
         set psksecret ENC *HIDDEN*
     next