scsd/scsd-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fortigate Tue Dec 9 05:27:18 PM EST 2025

Browse Source
This commit is contained in:
John Poland 2025-12-09 17:27:18 -05:00
parent 3704befde2
commit ad7feac573
1 changed files with 0 additions and 341 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

341
configs/fortigate/vdom_scsd/firewall.cfg
View File

@ -31,26 +31,6 @@ config firewall address
set comment "Barracuda Email Internal" set comment "Barracuda Email Internal"
set subnet 10.1.40.7 255.255.255.255 set subnet 10.1.40.7 255.255.255.255
next next
edit "CK-Australia-203"
set comment "ContentKeeper Australian Support"
set color 19
set subnet 203.22.30.0 255.255.255.0
next
edit "CK-North-America-173"
set comment "Content Keeper North American Support"
set color 19
set subnet 173.60.169.48 255.255.255.240
next
edit "CK-North-America-202"
set comment "ContentKeeper North American Support"
set color 19
set subnet 202.166.186.0 255.255.255.0
next
edit "CK-North-America-8"
set comment "ContentKeeper North American Support"
set color 19
set subnet 8.19.154.0 255.255.255.0
next
edit "Nimble_Inside_1" edit "Nimble_Inside_1"
set subnet 192.168.1.98 255.255.255.255 set subnet 192.168.1.98 255.255.255.255
next next
@ -71,91 +51,6 @@ config firewall address
set comment "IP address for Safe Schools video training. Used to access LDAP authentication." set comment "IP address for Safe Schools video training. Used to access LDAP authentication."
set subnet 52.27.21.77 255.255.255.255 set subnet 52.27.21.77 255.255.255.255
next next
edit "ckf01-ipmi-inside"
set comment "ContentKeeper Filter 01 IPMI Port"
set color 19
set subnet 10.251.1.31 255.255.255.255
next
edit "ckf01-mgmt-inside"
set comment "Content Keeper Filter 01 Management Port"
set color 19
set subnet 10.251.1.21 255.255.255.255
next
edit "ckf02-ipmi-inside"
set comment "ContentKeeper Filter 02 IPMI Port"
set color 19
set subnet 10.251.1.32 255.255.255.255
next
edit "ckf02-mgmt-inside"
set comment "ContentKeeper Filter 02 Management Port"
set color 19
set subnet 10.251.1.22 255.255.255.255
next
edit "cklb01-ipmi-inside"
set comment "ContentKeeper Load Balancer 01 IPMI Port"
set color 19
set subnet 10.251.1.30 255.255.255.255
next
edit "cklb01-mgmt-inside"
set comment "ContentKeeper Load Balancer 01 Management Port"
set color 19
set subnet 10.251.1.20 255.255.255.255
next
edit "ckm01-ipmi-inside"
set comment "ContentKeeper Mobile 01 IPMI Port"
set color 19
set subnet 10.251.1.34 255.255.255.255
next
edit "ckm01-mgmt1-inside"
set comment "ContentKeeper Mobile 01 Management Port 1"
set color 19
set subnet 10.251.1.24 255.255.255.255
next
edit "ckm01-mgmt2-inside"
set comment "ContentKeeper Mobile 01 Management Port 2"
set color 19
set subnet 10.251.1.28 255.255.255.255
next
edit "ckm02-ipmi-inside"
set comment "ContentKeeper Mobile 02 IPMI Port"
set color 19
set subnet 10.251.1.35 255.255.255.255
next
edit "ckm02-mgmt1-inside"
set comment "ContentKeeper Mobile 02 Management Port 1"
set color 19
set subnet 10.251.1.25 255.255.255.255
next
edit "ckm02-mgmt2-inside"
set comment "ContentKeeper Mobile 02 Management Port 2"
set color 19
set subnet 10.251.1.29 255.255.255.255
next
edit "ckm03-ipmi-inside"
set comment "ContentKeeper Mobile 03 IPMI Port"
set color 19
set subnet 10.251.1.36 255.255.255.255
next
edit "ckm03-mgmt1-inside"
set comment "ContentKeeper Mobile 03 Management Port 1"
set color 19
set subnet 10.251.1.26 255.255.255.255
next
edit "ckm03-mgmt2-inside"
set comment "ContentKeeper Mobile 03 Management Port 2"
set color 19
set subnet 10.251.1.27 255.255.255.255
next
edit "ckr01-ipmi-inside"
set comment "ContentKeeper Reporter 01 IPMI Port"
set color 19
set subnet 10.251.1.33 255.255.255.255
next
edit "ckr01-mgmt-inside"
set comment "ContentKeeper Reporter 01 Management Port"
set color 19
set subnet 10.251.1.23 255.255.255.255
next
edit "SPD_20_DrKing" edit "SPD_20_DrKing"
set comment "SPD Firewall STEAM at Dr King" set comment "SPD Firewall STEAM at Dr King"
set color 2 set color 2
@ -694,11 +589,6 @@ config firewall address
set color 6 set color 6
set subnet 201.184.69.50 255.255.255.255 set subnet 201.184.69.50 255.255.255.255
next next
edit "CK-North-America-202_B"
set comment "Content Keeper North American Support"
set color 19
set subnet 202.166.186.64 255.255.255.255
next
edit "z_BlockIP_059" edit "z_BlockIP_059"
set comment "Malicious IP Address" set comment "Malicious IP Address"
set associated-interface "outside" set associated-interface "outside"
@ -1494,11 +1384,6 @@ config firewall address
edit "SchoolTool_External_Range" edit "SchoolTool_External_Range"
set subnet 172.30.44.0 255.255.254.0 set subnet 172.30.44.0 255.255.254.0
next next
edit "ckr01-mgmt-inside-temp"
set comment "ContentKeeper Reporter 01 Management Port"
set color 19
set subnet 10.251.1.43 255.255.255.255
next
edit "z_BlockIP_141" edit "z_BlockIP_141"
set comment "now.gg" set comment "now.gg"
set associated-interface "outside" set associated-interface "outside"
@ -2966,11 +2851,6 @@ config firewall addrgrp
set member "21JumpSt" "DataTools" "Fileserver03" "Nighttime_Inside" "Tableau" "DC01_A" "DC01_B" "DC01_C" "HVDC02" "HVDC03_A" "HVDC03_B" "DocHolliday" "SchoolTool webjs" "Elastic" set member "21JumpSt" "DataTools" "Fileserver03" "Nighttime_Inside" "Tableau" "DC01_A" "DC01_B" "DC01_C" "HVDC02" "HVDC03_A" "HVDC03_B" "DocHolliday" "SchoolTool webjs" "Elastic"
set comment "Access for SchoolTool Cloud" set comment "Access for SchoolTool Cloud"
next next
edit "CONTENTKEEPER-REMOTE-SUPPORT"
set member "CK-North-America-202" "CK-Australia-203" "CK-North-America-173" "CK-North-America-8" "CK-North-America-202_B"
set comment "ContentKeeper Remote Support Networks"
set color 19
next
edit "Nimble_Inside_Grp" edit "Nimble_Inside_Grp"
set member "Nimble_Inside_4" "Nimble_Inside_2" "Nimble_Inside_1" "nimble_Inside_3" set member "Nimble_Inside_4" "Nimble_Inside_2" "Nimble_Inside_1" "nimble_Inside_3"
next next
@ -3028,11 +2908,6 @@ config firewall addrgrp
set comment "City CGRs on our side" set comment "City CGRs on our side"
set color 28 set color 28
next next
edit "CK_Inside_Group"
set member "ckf01-ipmi-inside" "ckf01-mgmt-inside" "ckf02-ipmi-inside" "ckf02-mgmt-inside" "cklb01-ipmi-inside" "cklb01-mgmt-inside" "ckm01-ipmi-inside" "ckm01-mgmt1-inside" "ckm01-mgmt2-inside" "ckm02-ipmi-inside" "ckm02-mgmt1-inside" "ckm02-mgmt2-inside" "ckm03-ipmi-inside" "ckm03-mgmt1-inside" "ckm03-mgmt2-inside" "ckr01-ipmi-inside" "ckr01-mgmt-inside" "ckr01-mgmt-inside-temp"
set comment "Content Keeper Inside Address Group"
set color 19
next
edit "Block_List_Group" edit "Block_List_Group"
set member "z_BlockIP_001" "z_BlockIP_002" "z_BlockIP_003" "z_BlockIP_004" "z_BlockIP_005" "z_BlockIP_006" "z_BlockIP_008" "z_BlockIP_009" "z_BlockIP_010" "z_BlockIP_011" "z_BlockIP_012" "z_BlockIP_013" "z_BlockIP_014" "z_BlockIP_015" "z_BlockIP_016" "z_BlockIP_017" "z_BlockIP_018" "z_BlockIP_019" "z_BlockIP_020" "z_BlockIP_021" "z_BlockIP_022" "z_BlockIP_024" "z_BlockIP_025" "z_BlockIP_026" "z_BlockIP_027" "z_BlockIP_028" "z_BlockIP_030" "z_BlockIP_031" "z_BlockIP_032" "z_BlockIP_033" "z_BlockIP_034" "z_BlockIP_035" "z_BlockIP_036" "z_BlockIP_037" "z_BlockIP_038" "z_BlockIP_039" "z_BlockIP_040" "z_BlockIP_041" "z_BlockIP_042" "z_BlockIP_043" "z_BlockIP_044" "z_BlockIP_045" "z_BlockIP_046" "z_BlockIP_047" "z_BlockIP_048" "z_BlockIP_052" "z_BlockIP_053" "z_BlockIP_054" "z_BlockIP_055" "z_BlockIP_056" "z_BlockIP_057" "z_BlockIP_058" "z_BlockIP_059" "z_BlockIP_060" "z_BlockIP_061" "z_BlockIP_062" "z_BlockIP_063" "z_BlockIP_064" "z_BlockIP_065" "z_BlockIP_066" "z_BlockIP_067" "z_BlockIP_068" "z_BlockIP_069" "z_BlockIP_070" "z_BlockIP_071" "z_BlockIP_072" "z_BlockIP_073" "z_BlockIP_074" "z_BlockIP_075" "z_BlockIP_076" "z_BlockIP_077" "z_BlockIP_078" "z_BlockIP_079" "z_BlockIP_080" "z_BlockIP_081" "z_BlockIP_082" "z_BlockIP_083" "z_BlockIP_084" "z_BlockIP_085" "z_BlockIP_086" "z_BlockIP_087" "z_BlockIP_088" "z_BlockIP_089" "z_BlockIP_090" "z_BlockIP_091" "z_BlockIP_092" "z_BlockIP_093" "z_BlockIP_094" "z_BlockIP_095" "z_BlockIP_096" "z_BlockIP_097" "z_BlockIP_098" "z_BlockIP_099" "z_BlockIP_100" "z_BlockIP_101" "z_BlockIP_007" "z_BlockIP_049" "z_BlockIP_050" "z_BlockIP_051" "z_BlockIP_103" "z_BlockIP_104" "z_BlockIP_105" "z_BlockIP_106" "z_BlockIP_107" "z_BlockIP_108" "z_BlockIP_109" "z_BlockIP_111" "z_BlockIP_112" "z_BlockIP_113" "z_BlockIP_114" "z_BlockIP_115" "z_BlockIP_116" "z_BlockIP_117" "z_BlockIP_118" "z_BlockIP_119" "z_BlockIP_120" "z_BlockIP_122" "z_BlockIP_125" "z_BlockIP_126" "z_BlockIP_127" "z_BlockIP_128" "z_BlockIP_129" "z_BlockIP_130" "z_BlockIP_131" "z_BlockIP_132" "z_BlockIP_133" "z_BlockSub_001" "z_BlockSub_002" "z_BlockSub_003" "z_BlockSub_004" "z_BlockSub_005" "z_BlockSub_006" "z_BlockSub_007" "z_BlockSub_008" "z_BlockSub_009" "z_BlockSub_010" "z_BlockSub_011" "z_BlockSub_012" "z_BlockSub_013" "z_BlockSub_014" "z_BlockSub_015" "z_BlockSub_016" "z_BlockSub_017" "z_BlockSub_019" "z_BlockSub_020" "z_BlockSub_021" "z_BlockSub_022" "z_BlockSub_024" "z_BlockSub_025" "z_BlockSub_026" "z_BlockSub_027" "z_BlockSub_028" "z_BlockSub_030" "z_BlockSub_031" "z_BlockSub_032" "z_BlockSub_033" "z_BlockSub_034" "z_BlockSub_035" "z_BlockSub_037" "z_BlockSub_038" "z_BlockSub_039" "z_Ryuk_01" "z_Ryuk_02" "z_BlockIP_023" "z_BlockIP_029" "z_BlockIP_134" "z_BlockIP_135" "z_BlockIP_000" "z_BlockIP_138" "z_BlockIP_139" "z_BlockIP_140" "z_BlockIP_141" "z_BlockIP_142" "z_BlockIP_143" "z_BlockIP_144" "z_BlockIP_145" "z_BlockIP_146" "z_BlockIP_147" "z_BlockIP_148" "z_BlockIP_149" "z_BlockIP_150" "z_BlockRange_01" "z_BlockRange_02" "z_BlockRange_03" "z_BlockSub_040" "z_BlockSub_041" "z_BlockSub_042" "z_BlockIP_152" set member "z_BlockIP_001" "z_BlockIP_002" "z_BlockIP_003" "z_BlockIP_004" "z_BlockIP_005" "z_BlockIP_006" "z_BlockIP_008" "z_BlockIP_009" "z_BlockIP_010" "z_BlockIP_011" "z_BlockIP_012" "z_BlockIP_013" "z_BlockIP_014" "z_BlockIP_015" "z_BlockIP_016" "z_BlockIP_017" "z_BlockIP_018" "z_BlockIP_019" "z_BlockIP_020" "z_BlockIP_021" "z_BlockIP_022" "z_BlockIP_024" "z_BlockIP_025" "z_BlockIP_026" "z_BlockIP_027" "z_BlockIP_028" "z_BlockIP_030" "z_BlockIP_031" "z_BlockIP_032" "z_BlockIP_033" "z_BlockIP_034" "z_BlockIP_035" "z_BlockIP_036" "z_BlockIP_037" "z_BlockIP_038" "z_BlockIP_039" "z_BlockIP_040" "z_BlockIP_041" "z_BlockIP_042" "z_BlockIP_043" "z_BlockIP_044" "z_BlockIP_045" "z_BlockIP_046" "z_BlockIP_047" "z_BlockIP_048" "z_BlockIP_052" "z_BlockIP_053" "z_BlockIP_054" "z_BlockIP_055" "z_BlockIP_056" "z_BlockIP_057" "z_BlockIP_058" "z_BlockIP_059" "z_BlockIP_060" "z_BlockIP_061" "z_BlockIP_062" "z_BlockIP_063" "z_BlockIP_064" "z_BlockIP_065" "z_BlockIP_066" "z_BlockIP_067" "z_BlockIP_068" "z_BlockIP_069" "z_BlockIP_070" "z_BlockIP_071" "z_BlockIP_072" "z_BlockIP_073" "z_BlockIP_074" "z_BlockIP_075" "z_BlockIP_076" "z_BlockIP_077" "z_BlockIP_078" "z_BlockIP_079" "z_BlockIP_080" "z_BlockIP_081" "z_BlockIP_082" "z_BlockIP_083" "z_BlockIP_084" "z_BlockIP_085" "z_BlockIP_086" "z_BlockIP_087" "z_BlockIP_088" "z_BlockIP_089" "z_BlockIP_090" "z_BlockIP_091" "z_BlockIP_092" "z_BlockIP_093" "z_BlockIP_094" "z_BlockIP_095" "z_BlockIP_096" "z_BlockIP_097" "z_BlockIP_098" "z_BlockIP_099" "z_BlockIP_100" "z_BlockIP_101" "z_BlockIP_007" "z_BlockIP_049" "z_BlockIP_050" "z_BlockIP_051" "z_BlockIP_103" "z_BlockIP_104" "z_BlockIP_105" "z_BlockIP_106" "z_BlockIP_107" "z_BlockIP_108" "z_BlockIP_109" "z_BlockIP_111" "z_BlockIP_112" "z_BlockIP_113" "z_BlockIP_114" "z_BlockIP_115" "z_BlockIP_116" "z_BlockIP_117" "z_BlockIP_118" "z_BlockIP_119" "z_BlockIP_120" "z_BlockIP_122" "z_BlockIP_125" "z_BlockIP_126" "z_BlockIP_127" "z_BlockIP_128" "z_BlockIP_129" "z_BlockIP_130" "z_BlockIP_131" "z_BlockIP_132" "z_BlockIP_133" "z_BlockSub_001" "z_BlockSub_002" "z_BlockSub_003" "z_BlockSub_004" "z_BlockSub_005" "z_BlockSub_006" "z_BlockSub_007" "z_BlockSub_008" "z_BlockSub_009" "z_BlockSub_010" "z_BlockSub_011" "z_BlockSub_012" "z_BlockSub_013" "z_BlockSub_014" "z_BlockSub_015" "z_BlockSub_016" "z_BlockSub_017" "z_BlockSub_019" "z_BlockSub_020" "z_BlockSub_021" "z_BlockSub_022" "z_BlockSub_024" "z_BlockSub_025" "z_BlockSub_026" "z_BlockSub_027" "z_BlockSub_028" "z_BlockSub_030" "z_BlockSub_031" "z_BlockSub_032" "z_BlockSub_033" "z_BlockSub_034" "z_BlockSub_035" "z_BlockSub_037" "z_BlockSub_038" "z_BlockSub_039" "z_Ryuk_01" "z_Ryuk_02" "z_BlockIP_023" "z_BlockIP_029" "z_BlockIP_134" "z_BlockIP_135" "z_BlockIP_000" "z_BlockIP_138" "z_BlockIP_139" "z_BlockIP_140" "z_BlockIP_141" "z_BlockIP_142" "z_BlockIP_143" "z_BlockIP_144" "z_BlockIP_145" "z_BlockIP_146" "z_BlockIP_147" "z_BlockIP_148" "z_BlockIP_149" "z_BlockIP_150" "z_BlockRange_01" "z_BlockRange_02" "z_BlockRange_03" "z_BlockSub_040" "z_BlockSub_041" "z_BlockSub_042" "z_BlockIP_152"
set comment "IPs and Subnets to be blocked as Malicious" set comment "IPs and Subnets to be blocked as Malicious"
@ -4024,143 +3899,6 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
set nat-source-vip enable set nat-source-vip enable
set srcintf-filter "outside lag" set srcintf-filter "outside lag"
next next
edit "vip-ckf01-ipmi"
set comment "ContentKeeper"
set extip 198.36.26.31
set mappedip "10.251.1.31"
set extintf "outside lag"
set nat-source-vip enable
set srcintf-filter "outside lag"
set color 19
next
edit "vip-ckf01-mgmt"
set comment "ContentKeeper"
set extip 198.36.26.21
set mappedip "10.251.1.21"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-ckf02-ipmi"
set comment "ContentKeeper"
set extip 198.36.26.32
set mappedip "10.251.1.32"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-ckf02-mgmt"
set comment "ContentKeeper"
set extip 198.36.26.22
set mappedip "10.251.1.22"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-cklb01-ipmi"
set comment "ContentKeeper"
set extip 198.36.26.30
set mappedip "10.251.1.30"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-cklb01-mgmt"
set comment "ContentKeeper"
set extip 198.36.26.20
set mappedip "10.251.1.20"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-ckm01-mgmt2"
set comment "ContentKeeper"
set extip 198.36.26.28
set mappedip "10.251.1.28"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-ckr01-mgmt"
set comment "ContentKeeper"
set extip 198.36.26.23
set mappedip "10.251.1.23"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-ckr01-ipmi"
set comment "ContentKeeper"
set extip 198.36.26.33
set mappedip "10.251.1.33"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-ckm01-ipmi"
set comment "ContentKeeper"
set extip 198.36.26.34
set mappedip "10.251.1.34"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-ckm01-mgmt"
set comment "ContentKeeper"
set extip 198.36.26.24
set mappedip "10.251.1.24"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-ckm02-ipmi"
set comment "ContentKeeper"
set extip 198.36.26.35
set mappedip "10.251.1.35"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-ckm02-mgmt"
set comment "ContentKeeper"
set extip 198.36.26.25
set mappedip "10.251.1.25"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-ckm02-mgmt2"
set comment "ContentKeeper"
set extip 198.36.26.29
set mappedip "10.251.1.29"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-ckm03-ipmi"
set comment "ContentKeeper"
set extip 198.36.26.36
set mappedip "10.251.1.36"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-ckm03-mgmt1"
set comment "ContentKeeper"
set extip 198.36.26.26
set mappedip "10.251.1.26"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-ckm03-mgmt2"
set comment "ContentKeeper"
set extip 198.36.26.27
set mappedip "10.251.1.27"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-scsdess" edit "vip-scsdess"
set comment "ESS" set comment "ESS"
set extip 198.36.24.100 set extip 198.36.24.100
@ -4288,21 +4026,6 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
next next
end end
config firewall vipgrp config firewall vipgrp
edit "vip-grp-ck-mgmt-filters"
set interface "outside lag"
set color 19
set member "vip-ckf01-mgmt" "vip-ckf02-mgmt"
next
edit "vip-grp-ck-all"
set interface "outside lag"
set color 19
set member "vip-ckf01-ipmi" "vip-ckf01-mgmt" "vip-ckf02-ipmi" "vip-ckf02-mgmt" "vip-cklb01-ipmi" "vip-cklb01-mgmt" "vip-ckm01-ipmi" "vip-ckm01-mgmt" "vip-ckm01-mgmt2" "vip-ckm02-ipmi" "vip-ckm02-mgmt" "vip-ckm02-mgmt2" "vip-ckm03-ipmi" "vip-ckm03-mgmt1" "vip-ckm03-mgmt2" "vip-ckr01-ipmi" "vip-ckr01-mgmt"
next
edit "vip-grp-ckm-mgmt"
set interface "outside lag"
set color 19
set member "vip-ckm01-mgmt" "vip-ckm01-mgmt2" "vip-ckm02-mgmt" "vip-ckm02-mgmt2" "vip-ckm03-mgmt1" "vip-ckm03-mgmt2"
next
edit "vip-grp-barracuda_Archivers" edit "vip-grp-barracuda_Archivers"
set interface "outside lag" set interface "outside lag"
set member "vip-Barracuda-Archive-1" "vip-Barracuda-Archive-2" set member "vip-Barracuda-Archive-1" "vip-Barracuda-Archive-2"
@ -5336,22 +5059,6 @@ config firewall policy
set logtraffic all set logtraffic all
set comments "Nimble Support" set comments "Nimble Support"
next next
edit 107
set status disable
set name "Content_Keeper_In -> Out"
set srcintf "inside"
set dstintf "outside"
set action accept
set srcaddr "CK_Inside_Group"
set dstaddr "all"
set schedule "always"
set service "ALL"
set logtraffic all
set nat enable
set ippool enable
set poolname "ippool-198.36.23.251" "ippool-198.36.23.253" "ippool-198.36.23.254" "ippool-198.36.23.252"
set comments "ContentKeeper"
next
edit 10026 edit 10026
set name "Barracuda In->Out" set name "Barracuda In->Out"
set srcintf "inside" set srcintf "inside"
@ -5948,54 +5655,6 @@ config firewall policy
set logtraffic all set logtraffic all
set comments "City Allowed Networks From Us to Them" set comments "City Allowed Networks From Us to Them"
next next
edit 10012
set status disable
set name "CK_Mgmt_Filters"
set srcintf "outside"
set dstintf "inside"
set action accept
set srcaddr "all"
set dstaddr "vip-grp-ck-mgmt-filters"
set schedule "always"
set service "HTTPS" "TCP-8080"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "ContentKeeper"
next
edit 10014
set status disable
set name "CK_Support"
set srcintf "outside"
set dstintf "inside"
set action accept
set srcaddr "CONTENTKEEPER-REMOTE-SUPPORT"
set dstaddr "vip-grp-ck-all"
set schedule "always"
set service "CK_Support_Services_Group"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "ContentKeeper"
next
edit 10018
set status disable
set name "CKMobile"
set srcintf "outside"
set dstintf "inside"
set action accept
set srcaddr "all"
set dstaddr "vip-grp-ckm-mgmt"
set schedule "always"
set service "CK_Mobile_Services_Group"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "ContentKeeper"
next
edit 10024 edit 10024
set name "Email_Hybrid_Allow" set name "Email_Hybrid_Allow"
set srcintf "outside" set srcintf "outside"