From ad7feac5737f1e80ed2ec25b3baf1fa332ab6636 Mon Sep 17 00:00:00 2001 From: John Poland Date: Tue, 9 Dec 2025 17:27:18 -0500 Subject: [PATCH] fortigate Tue Dec 9 05:27:18 PM EST 2025 --- configs/fortigate/vdom_scsd/firewall.cfg | 341 ----------------------- 1 file changed, 341 deletions(-) diff --git a/configs/fortigate/vdom_scsd/firewall.cfg b/configs/fortigate/vdom_scsd/firewall.cfg index 4ba3a74..514b18f 100644 --- a/configs/fortigate/vdom_scsd/firewall.cfg +++ b/configs/fortigate/vdom_scsd/firewall.cfg @@ -31,26 +31,6 @@ config firewall address set comment "Barracuda Email Internal" set subnet 10.1.40.7 255.255.255.255 next - edit "CK-Australia-203" - set comment "ContentKeeper Australian Support" - set color 19 - set subnet 203.22.30.0 255.255.255.0 - next - edit "CK-North-America-173" - set comment "Content Keeper North American Support" - set color 19 - set subnet 173.60.169.48 255.255.255.240 - next - edit "CK-North-America-202" - set comment "ContentKeeper North American Support" - set color 19 - set subnet 202.166.186.0 255.255.255.0 - next - edit "CK-North-America-8" - set comment "ContentKeeper North American Support" - set color 19 - set subnet 8.19.154.0 255.255.255.0 - next edit "Nimble_Inside_1" set subnet 192.168.1.98 255.255.255.255 next @@ -71,91 +51,6 @@ config firewall address set comment "IP address for Safe Schools video training. Used to access LDAP authentication." set subnet 52.27.21.77 255.255.255.255 next - edit "ckf01-ipmi-inside" - set comment "ContentKeeper Filter 01 IPMI Port" - set color 19 - set subnet 10.251.1.31 255.255.255.255 - next - edit "ckf01-mgmt-inside" - set comment "Content Keeper Filter 01 Management Port" - set color 19 - set subnet 10.251.1.21 255.255.255.255 - next - edit "ckf02-ipmi-inside" - set comment "ContentKeeper Filter 02 IPMI Port" - set color 19 - set subnet 10.251.1.32 255.255.255.255 - next - edit "ckf02-mgmt-inside" - set comment "ContentKeeper Filter 02 Management Port" - set color 19 - set subnet 10.251.1.22 255.255.255.255 - next - edit "cklb01-ipmi-inside" - set comment "ContentKeeper Load Balancer 01 IPMI Port" - set color 19 - set subnet 10.251.1.30 255.255.255.255 - next - edit "cklb01-mgmt-inside" - set comment "ContentKeeper Load Balancer 01 Management Port" - set color 19 - set subnet 10.251.1.20 255.255.255.255 - next - edit "ckm01-ipmi-inside" - set comment "ContentKeeper Mobile 01 IPMI Port" - set color 19 - set subnet 10.251.1.34 255.255.255.255 - next - edit "ckm01-mgmt1-inside" - set comment "ContentKeeper Mobile 01 Management Port 1" - set color 19 - set subnet 10.251.1.24 255.255.255.255 - next - edit "ckm01-mgmt2-inside" - set comment "ContentKeeper Mobile 01 Management Port 2" - set color 19 - set subnet 10.251.1.28 255.255.255.255 - next - edit "ckm02-ipmi-inside" - set comment "ContentKeeper Mobile 02 IPMI Port" - set color 19 - set subnet 10.251.1.35 255.255.255.255 - next - edit "ckm02-mgmt1-inside" - set comment "ContentKeeper Mobile 02 Management Port 1" - set color 19 - set subnet 10.251.1.25 255.255.255.255 - next - edit "ckm02-mgmt2-inside" - set comment "ContentKeeper Mobile 02 Management Port 2" - set color 19 - set subnet 10.251.1.29 255.255.255.255 - next - edit "ckm03-ipmi-inside" - set comment "ContentKeeper Mobile 03 IPMI Port" - set color 19 - set subnet 10.251.1.36 255.255.255.255 - next - edit "ckm03-mgmt1-inside" - set comment "ContentKeeper Mobile 03 Management Port 1" - set color 19 - set subnet 10.251.1.26 255.255.255.255 - next - edit "ckm03-mgmt2-inside" - set comment "ContentKeeper Mobile 03 Management Port 2" - set color 19 - set subnet 10.251.1.27 255.255.255.255 - next - edit "ckr01-ipmi-inside" - set comment "ContentKeeper Reporter 01 IPMI Port" - set color 19 - set subnet 10.251.1.33 255.255.255.255 - next - edit "ckr01-mgmt-inside" - set comment "ContentKeeper Reporter 01 Management Port" - set color 19 - set subnet 10.251.1.23 255.255.255.255 - next edit "SPD_20_DrKing" set comment "SPD Firewall STEAM at Dr King" set color 2 @@ -694,11 +589,6 @@ config firewall address set color 6 set subnet 201.184.69.50 255.255.255.255 next - edit "CK-North-America-202_B" - set comment "Content Keeper North American Support" - set color 19 - set subnet 202.166.186.64 255.255.255.255 - next edit "z_BlockIP_059" set comment "Malicious IP Address" set associated-interface "outside" @@ -1494,11 +1384,6 @@ config firewall address edit "SchoolTool_External_Range" set subnet 172.30.44.0 255.255.254.0 next - edit "ckr01-mgmt-inside-temp" - set comment "ContentKeeper Reporter 01 Management Port" - set color 19 - set subnet 10.251.1.43 255.255.255.255 - next edit "z_BlockIP_141" set comment "now.gg" set associated-interface "outside" @@ -2966,11 +2851,6 @@ config firewall addrgrp set member "21JumpSt" "DataTools" "Fileserver03" "Nighttime_Inside" "Tableau" "DC01_A" "DC01_B" "DC01_C" "HVDC02" "HVDC03_A" "HVDC03_B" "DocHolliday" "SchoolTool webjs" "Elastic" set comment "Access for SchoolTool Cloud" next - edit "CONTENTKEEPER-REMOTE-SUPPORT" - set member "CK-North-America-202" "CK-Australia-203" "CK-North-America-173" "CK-North-America-8" "CK-North-America-202_B" - set comment "ContentKeeper Remote Support Networks" - set color 19 - next edit "Nimble_Inside_Grp" set member "Nimble_Inside_4" "Nimble_Inside_2" "Nimble_Inside_1" "nimble_Inside_3" next @@ -3028,11 +2908,6 @@ config firewall addrgrp set comment "City CGRs on our side" set color 28 next - edit "CK_Inside_Group" - set member "ckf01-ipmi-inside" "ckf01-mgmt-inside" "ckf02-ipmi-inside" "ckf02-mgmt-inside" "cklb01-ipmi-inside" "cklb01-mgmt-inside" "ckm01-ipmi-inside" "ckm01-mgmt1-inside" "ckm01-mgmt2-inside" "ckm02-ipmi-inside" "ckm02-mgmt1-inside" "ckm02-mgmt2-inside" "ckm03-ipmi-inside" "ckm03-mgmt1-inside" "ckm03-mgmt2-inside" "ckr01-ipmi-inside" "ckr01-mgmt-inside" "ckr01-mgmt-inside-temp" - set comment "Content Keeper Inside Address Group" - set color 19 - next edit "Block_List_Group" set member "z_BlockIP_001" "z_BlockIP_002" "z_BlockIP_003" "z_BlockIP_004" "z_BlockIP_005" "z_BlockIP_006" "z_BlockIP_008" "z_BlockIP_009" "z_BlockIP_010" "z_BlockIP_011" "z_BlockIP_012" "z_BlockIP_013" "z_BlockIP_014" "z_BlockIP_015" "z_BlockIP_016" "z_BlockIP_017" "z_BlockIP_018" "z_BlockIP_019" "z_BlockIP_020" "z_BlockIP_021" "z_BlockIP_022" "z_BlockIP_024" "z_BlockIP_025" "z_BlockIP_026" "z_BlockIP_027" "z_BlockIP_028" "z_BlockIP_030" "z_BlockIP_031" "z_BlockIP_032" "z_BlockIP_033" "z_BlockIP_034" "z_BlockIP_035" "z_BlockIP_036" "z_BlockIP_037" "z_BlockIP_038" "z_BlockIP_039" "z_BlockIP_040" "z_BlockIP_041" "z_BlockIP_042" "z_BlockIP_043" "z_BlockIP_044" "z_BlockIP_045" "z_BlockIP_046" "z_BlockIP_047" "z_BlockIP_048" "z_BlockIP_052" "z_BlockIP_053" "z_BlockIP_054" "z_BlockIP_055" "z_BlockIP_056" "z_BlockIP_057" "z_BlockIP_058" "z_BlockIP_059" "z_BlockIP_060" "z_BlockIP_061" "z_BlockIP_062" "z_BlockIP_063" "z_BlockIP_064" "z_BlockIP_065" "z_BlockIP_066" "z_BlockIP_067" "z_BlockIP_068" "z_BlockIP_069" "z_BlockIP_070" "z_BlockIP_071" "z_BlockIP_072" "z_BlockIP_073" "z_BlockIP_074" "z_BlockIP_075" "z_BlockIP_076" "z_BlockIP_077" "z_BlockIP_078" "z_BlockIP_079" "z_BlockIP_080" "z_BlockIP_081" "z_BlockIP_082" "z_BlockIP_083" "z_BlockIP_084" "z_BlockIP_085" "z_BlockIP_086" "z_BlockIP_087" "z_BlockIP_088" "z_BlockIP_089" "z_BlockIP_090" "z_BlockIP_091" "z_BlockIP_092" "z_BlockIP_093" "z_BlockIP_094" "z_BlockIP_095" "z_BlockIP_096" "z_BlockIP_097" "z_BlockIP_098" "z_BlockIP_099" "z_BlockIP_100" "z_BlockIP_101" "z_BlockIP_007" "z_BlockIP_049" "z_BlockIP_050" "z_BlockIP_051" "z_BlockIP_103" "z_BlockIP_104" "z_BlockIP_105" "z_BlockIP_106" "z_BlockIP_107" "z_BlockIP_108" "z_BlockIP_109" "z_BlockIP_111" "z_BlockIP_112" "z_BlockIP_113" "z_BlockIP_114" "z_BlockIP_115" "z_BlockIP_116" "z_BlockIP_117" "z_BlockIP_118" "z_BlockIP_119" "z_BlockIP_120" "z_BlockIP_122" "z_BlockIP_125" "z_BlockIP_126" "z_BlockIP_127" "z_BlockIP_128" "z_BlockIP_129" "z_BlockIP_130" "z_BlockIP_131" "z_BlockIP_132" "z_BlockIP_133" "z_BlockSub_001" "z_BlockSub_002" "z_BlockSub_003" "z_BlockSub_004" "z_BlockSub_005" "z_BlockSub_006" "z_BlockSub_007" "z_BlockSub_008" "z_BlockSub_009" "z_BlockSub_010" "z_BlockSub_011" "z_BlockSub_012" "z_BlockSub_013" "z_BlockSub_014" "z_BlockSub_015" "z_BlockSub_016" "z_BlockSub_017" "z_BlockSub_019" "z_BlockSub_020" "z_BlockSub_021" "z_BlockSub_022" "z_BlockSub_024" "z_BlockSub_025" "z_BlockSub_026" "z_BlockSub_027" "z_BlockSub_028" "z_BlockSub_030" "z_BlockSub_031" "z_BlockSub_032" "z_BlockSub_033" "z_BlockSub_034" "z_BlockSub_035" "z_BlockSub_037" "z_BlockSub_038" "z_BlockSub_039" "z_Ryuk_01" "z_Ryuk_02" "z_BlockIP_023" "z_BlockIP_029" "z_BlockIP_134" "z_BlockIP_135" "z_BlockIP_000" "z_BlockIP_138" "z_BlockIP_139" "z_BlockIP_140" "z_BlockIP_141" "z_BlockIP_142" "z_BlockIP_143" "z_BlockIP_144" "z_BlockIP_145" "z_BlockIP_146" "z_BlockIP_147" "z_BlockIP_148" "z_BlockIP_149" "z_BlockIP_150" "z_BlockRange_01" "z_BlockRange_02" "z_BlockRange_03" "z_BlockSub_040" "z_BlockSub_041" "z_BlockSub_042" "z_BlockIP_152" set comment "IPs and Subnets to be blocked as Malicious" @@ -4024,143 +3899,6 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad" set nat-source-vip enable set srcintf-filter "outside lag" next - edit "vip-ckf01-ipmi" - set comment "ContentKeeper" - set extip 198.36.26.31 - set mappedip "10.251.1.31" - set extintf "outside lag" - set nat-source-vip enable - set srcintf-filter "outside lag" - set color 19 - next - edit "vip-ckf01-mgmt" - set comment "ContentKeeper" - set extip 198.36.26.21 - set mappedip "10.251.1.21" - set extintf "outside lag" - set nat-source-vip enable - set color 19 - next - edit "vip-ckf02-ipmi" - set comment "ContentKeeper" - set extip 198.36.26.32 - set mappedip "10.251.1.32" - set extintf "outside lag" - set nat-source-vip enable - set color 19 - next - edit "vip-ckf02-mgmt" - set comment "ContentKeeper" - set extip 198.36.26.22 - set mappedip "10.251.1.22" - set extintf "outside lag" - set nat-source-vip enable - set color 19 - next - edit "vip-cklb01-ipmi" - set comment "ContentKeeper" - set extip 198.36.26.30 - set mappedip "10.251.1.30" - set extintf "outside lag" - set nat-source-vip enable - set color 19 - next - edit "vip-cklb01-mgmt" - set comment "ContentKeeper" - set extip 198.36.26.20 - set mappedip "10.251.1.20" - set extintf "outside lag" - set nat-source-vip enable - set color 19 - next - edit "vip-ckm01-mgmt2" - set comment "ContentKeeper" - set extip 198.36.26.28 - set mappedip "10.251.1.28" - set extintf "outside lag" - set nat-source-vip enable - set color 19 - next - edit "vip-ckr01-mgmt" - set comment "ContentKeeper" - set extip 198.36.26.23 - set mappedip "10.251.1.23" - set extintf "outside lag" - set nat-source-vip enable - set color 19 - next - edit "vip-ckr01-ipmi" - set comment "ContentKeeper" - set extip 198.36.26.33 - set mappedip "10.251.1.33" - set extintf "outside lag" - set nat-source-vip enable - set color 19 - next - edit "vip-ckm01-ipmi" - set comment "ContentKeeper" - set extip 198.36.26.34 - set mappedip "10.251.1.34" - set extintf "outside lag" - set nat-source-vip enable - set color 19 - next - edit "vip-ckm01-mgmt" - set comment "ContentKeeper" - set extip 198.36.26.24 - set mappedip "10.251.1.24" - set extintf "outside lag" - set nat-source-vip enable - set color 19 - next - edit "vip-ckm02-ipmi" - set comment "ContentKeeper" - set extip 198.36.26.35 - set mappedip "10.251.1.35" - set extintf "outside lag" - set nat-source-vip enable - set color 19 - next - edit "vip-ckm02-mgmt" - set comment "ContentKeeper" - set extip 198.36.26.25 - set mappedip "10.251.1.25" - set extintf "outside lag" - set nat-source-vip enable - set color 19 - next - edit "vip-ckm02-mgmt2" - set comment "ContentKeeper" - set extip 198.36.26.29 - set mappedip "10.251.1.29" - set extintf "outside lag" - set nat-source-vip enable - set color 19 - next - edit "vip-ckm03-ipmi" - set comment "ContentKeeper" - set extip 198.36.26.36 - set mappedip "10.251.1.36" - set extintf "outside lag" - set nat-source-vip enable - set color 19 - next - edit "vip-ckm03-mgmt1" - set comment "ContentKeeper" - set extip 198.36.26.26 - set mappedip "10.251.1.26" - set extintf "outside lag" - set nat-source-vip enable - set color 19 - next - edit "vip-ckm03-mgmt2" - set comment "ContentKeeper" - set extip 198.36.26.27 - set mappedip "10.251.1.27" - set extintf "outside lag" - set nat-source-vip enable - set color 19 - next edit "vip-scsdess" set comment "ESS" set extip 198.36.24.100 @@ -4288,21 +4026,6 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad" next end config firewall vipgrp - edit "vip-grp-ck-mgmt-filters" - set interface "outside lag" - set color 19 - set member "vip-ckf01-mgmt" "vip-ckf02-mgmt" - next - edit "vip-grp-ck-all" - set interface "outside lag" - set color 19 - set member "vip-ckf01-ipmi" "vip-ckf01-mgmt" "vip-ckf02-ipmi" "vip-ckf02-mgmt" "vip-cklb01-ipmi" "vip-cklb01-mgmt" "vip-ckm01-ipmi" "vip-ckm01-mgmt" "vip-ckm01-mgmt2" "vip-ckm02-ipmi" "vip-ckm02-mgmt" "vip-ckm02-mgmt2" "vip-ckm03-ipmi" "vip-ckm03-mgmt1" "vip-ckm03-mgmt2" "vip-ckr01-ipmi" "vip-ckr01-mgmt" - next - edit "vip-grp-ckm-mgmt" - set interface "outside lag" - set color 19 - set member "vip-ckm01-mgmt" "vip-ckm01-mgmt2" "vip-ckm02-mgmt" "vip-ckm02-mgmt2" "vip-ckm03-mgmt1" "vip-ckm03-mgmt2" - next edit "vip-grp-barracuda_Archivers" set interface "outside lag" set member "vip-Barracuda-Archive-1" "vip-Barracuda-Archive-2" @@ -5336,22 +5059,6 @@ config firewall policy set logtraffic all set comments "Nimble Support" next - edit 107 - set status disable - set name "Content_Keeper_In -> Out" - set srcintf "inside" - set dstintf "outside" - set action accept - set srcaddr "CK_Inside_Group" - set dstaddr "all" - set schedule "always" - set service "ALL" - set logtraffic all - set nat enable - set ippool enable - set poolname "ippool-198.36.23.251" "ippool-198.36.23.253" "ippool-198.36.23.254" "ippool-198.36.23.252" - set comments "ContentKeeper" - next edit 10026 set name "Barracuda In->Out" set srcintf "inside" @@ -5948,54 +5655,6 @@ config firewall policy set logtraffic all set comments "City Allowed Networks From Us to Them" next - edit 10012 - set status disable - set name "CK_Mgmt_Filters" - set srcintf "outside" - set dstintf "inside" - set action accept - set srcaddr "all" - set dstaddr "vip-grp-ck-mgmt-filters" - set schedule "always" - set service "HTTPS" "TCP-8080" - set utm-status enable - set ssl-ssh-profile "certificate-inspection" - set ips-sensor "Incoming_IPS" - set logtraffic all - set comments "ContentKeeper" - next - edit 10014 - set status disable - set name "CK_Support" - set srcintf "outside" - set dstintf "inside" - set action accept - set srcaddr "CONTENTKEEPER-REMOTE-SUPPORT" - set dstaddr "vip-grp-ck-all" - set schedule "always" - set service "CK_Support_Services_Group" - set utm-status enable - set ssl-ssh-profile "certificate-inspection" - set ips-sensor "Incoming_IPS" - set logtraffic all - set comments "ContentKeeper" - next - edit 10018 - set status disable - set name "CKMobile" - set srcintf "outside" - set dstintf "inside" - set action accept - set srcaddr "all" - set dstaddr "vip-grp-ckm-mgmt" - set schedule "always" - set service "CK_Mobile_Services_Group" - set utm-status enable - set ssl-ssh-profile "certificate-inspection" - set ips-sensor "Incoming_IPS" - set logtraffic all - set comments "ContentKeeper" - next edit 10024 set name "Email_Hybrid_Allow" set srcintf "outside"