From dc149130c41e2d85c8eae67b87dbb3c44a8d6484 Mon Sep 17 00:00:00 2001 From: John Poland Date: Wed, 15 Oct 2025 08:58:19 -0400 Subject: [PATCH] fortigate Wed Oct 15 08:58:19 AM EDT 2025 --- configs/fortigate/global/certificate.cfg | 26 +++++++++++----------- configs/fortigate/global/firewall.cfg | 19 +++++++++------- configs/fortigate/global/system.cfg | 12 +++++----- configs/fortigate/vdom_Policy/firewall.cfg | 16 ++++++------- configs/fortigate/vdom_TEST/firewall.cfg | 16 ++++++------- configs/fortigate/vdom_root/firewall.cfg | 16 ++++++------- configs/fortigate/vdom_scsd/firewall.cfg | 16 ++++++------- configs/fortigate/vdom_scsd/user.cfg | 8 +++---- configs/fortigate/vdom_scsd/vpn.cfg | 8 +++---- 9 files changed, 70 insertions(+), 67 deletions(-) diff --git a/configs/fortigate/global/certificate.cfg b/configs/fortigate/global/certificate.cfg index 810c8ba..78136ba 100644 --- a/configs/fortigate/global/certificate.cfg +++ b/configs/fortigate/global/certificate.cfg @@ -2,67 +2,67 @@ config certificate ca end config certificate local edit "Fortinet_CA_SSL" - set  *HIDDEN* + set password ENC *HIDDEN* set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set source factory next edit "Fortinet_CA_Untrusted" - set  *HIDDEN* + set password ENC *HIDDEN* set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set source factory next edit "Fortinet_SSL" - set  *HIDDEN* + set password ENC *HIDDEN* set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set source factory next edit "Fortinet_SSL_RSA1024" - set  *HIDDEN* + set password ENC *HIDDEN* set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set source factory next edit "Fortinet_SSL_RSA2048" - set  *HIDDEN* + set password ENC *HIDDEN* set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set source factory next edit "Fortinet_SSL_RSA4096" - set  *HIDDEN* + set password ENC *HIDDEN* set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set source factory next edit "Fortinet_SSL_DSA1024" - set  *HIDDEN* + set password ENC *HIDDEN* set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set source factory next edit "Fortinet_SSL_DSA2048" - set  *HIDDEN* + set password ENC *HIDDEN* set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set source factory next edit "Fortinet_SSL_ECDSA256" - set  *HIDDEN* + set password ENC *HIDDEN* set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set source factory next edit "Fortinet_SSL_ECDSA384" - set  *HIDDEN* + set password ENC *HIDDEN* set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set source factory next edit "Fortinet_SSL_ECDSA521" - set  *HIDDEN* + set password ENC *HIDDEN* set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set source factory next edit "Fortinet_SSL_ED25519" - set  *HIDDEN* + set password ENC *HIDDEN* set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set source factory next edit "Fortinet_SSL_ED448" - set  *HIDDEN* + set password ENC *HIDDEN* set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set source factory next diff --git a/configs/fortigate/global/firewall.cfg b/configs/fortigate/global/firewall.cfg index cee57f9..5192322 100644 --- a/configs/fortigate/global/firewall.cfg +++ b/configs/fortigate/global/firewall.cfg @@ -5186,42 +5186,45 @@ config firewall internet-service-name edit "DNS-Generic.TLD.Name.Servers" set internet-service-id 10748284 next + edit "Microsoft-Azure.Front.Door.MicrosoftSecurity" + set internet-service-id 328080 + next end config firewall internet-service-definition end config firewall ssh local-key edit "g-Fortinet_SSH_RSA2048" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_DSA1024" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_ECDSA256" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_ECDSA384" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_ECDSA521" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_ED25519" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next end config firewall ssh local-ca edit "g-Fortinet_SSH_CA" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_CA_Untrusted" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next end diff --git a/configs/fortigate/global/system.cfg b/configs/fortigate/global/system.cfg index f7b9cfc..be41307 100644 --- a/configs/fortigate/global/system.cfg +++ b/configs/fortigate/global/system.cfg @@ -679,36 +679,36 @@ config system admin set trusthost2 10.1.6.32 255.255.255.255 set accprofile "super_admin" set vdom "root" - set  *HIDDEN* + set password ENC *HIDDEN* next edit "tmarri81.admin" set trusthost1 10.1.6.34 255.255.255.255 set trusthost2 10.1.6.20 255.255.255.255 set accprofile "super_admin" set vdom "root" "scsd" - set  *HIDDEN* + set password ENC *HIDDEN* next edit "nocview" set trusthost1 10.1.6.0 255.255.255.0 set accprofile "NOC_Dashboard" set vdom "root" "scsd" - set  *HIDDEN* + set password ENC *HIDDEN* next edit "josoto.admin" set trusthost1 10.1.6.126 255.255.255.255 set accprofile "super_admin" set vdom "root" "scsd" - set  *HIDDEN* + set password ENC *HIDDEN* next edit "jpoland" set accprofile "super_admin" set vdom "root" - set  *HIDDEN* + set password ENC *HIDDEN* next edit "jkafta72.admin" set accprofile "super_admin" set vdom "root" - set  *HIDDEN* + set password ENC *HIDDEN* next end config system sso-admin diff --git a/configs/fortigate/vdom_Policy/firewall.cfg b/configs/fortigate/vdom_Policy/firewall.cfg index 2e9d337..1a2987f 100644 --- a/configs/fortigate/vdom_Policy/firewall.cfg +++ b/configs/fortigate/vdom_Policy/firewall.cfg @@ -653,37 +653,37 @@ config firewall schedule recurring end config firewall ssh local-key edit "g-Fortinet_SSH_DSA1024" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_ECDSA256" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_ECDSA384" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_ECDSA521" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_ED25519" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_RSA2048" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next end config firewall ssh local-ca edit "g-Fortinet_SSH_CA" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_CA_Untrusted" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next end diff --git a/configs/fortigate/vdom_TEST/firewall.cfg b/configs/fortigate/vdom_TEST/firewall.cfg index d853e44..f46e62f 100644 --- a/configs/fortigate/vdom_TEST/firewall.cfg +++ b/configs/fortigate/vdom_TEST/firewall.cfg @@ -697,37 +697,37 @@ config firewall vip end config firewall ssh local-key edit "g-Fortinet_SSH_DSA1024" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_ECDSA256" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_ECDSA384" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_ECDSA521" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_ED25519" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_RSA2048" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next end config firewall ssh local-ca edit "g-Fortinet_SSH_CA" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_CA_Untrusted" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next end diff --git a/configs/fortigate/vdom_root/firewall.cfg b/configs/fortigate/vdom_root/firewall.cfg index 060c85a..37519bf 100644 --- a/configs/fortigate/vdom_root/firewall.cfg +++ b/configs/fortigate/vdom_root/firewall.cfg @@ -653,37 +653,37 @@ config firewall schedule recurring end config firewall ssh local-key edit "g-Fortinet_SSH_DSA1024" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_ECDSA256" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_ECDSA384" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_ECDSA521" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_ED25519" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_RSA2048" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next end config firewall ssh local-ca edit "g-Fortinet_SSH_CA" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_CA_Untrusted" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next end diff --git a/configs/fortigate/vdom_scsd/firewall.cfg b/configs/fortigate/vdom_scsd/firewall.cfg index 4985e49..605f176 100644 --- a/configs/fortigate/vdom_scsd/firewall.cfg +++ b/configs/fortigate/vdom_scsd/firewall.cfg @@ -4292,37 +4292,37 @@ config firewall vipgrp end config firewall ssh local-key edit "g-Fortinet_SSH_DSA1024" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_ECDSA256" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_ECDSA384" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_ECDSA521" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_ED25519" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_RSA2048" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next end config firewall ssh local-ca edit "g-Fortinet_SSH_CA" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_CA_Untrusted" - set  *HIDDEN* + set password ENC *HIDDEN* set source built-in next end diff --git a/configs/fortigate/vdom_scsd/user.cfg b/configs/fortigate/vdom_scsd/user.cfg index 229e1d9..59bb40b 100644 --- a/configs/fortigate/vdom_scsd/user.cfg +++ b/configs/fortigate/vdom_scsd/user.cfg @@ -5,7 +5,7 @@ config user ldap set dn "dc=scsd,dc=ad" set type regular set username "fortinet ldap" - set  *HIDDEN* + set password ENC *HIDDEN* next edit "HVDC02.scsd.ad" set server "10.21.48.10" @@ -13,7 +13,7 @@ config user ldap set dn "dc=scsd,dc=ad" set type regular set username "fortinet ldap" - set  *HIDDEN* + set password ENC *HIDDEN* next edit "DC01.scsd.ad" set server "10.1.40.10" @@ -21,7 +21,7 @@ config user ldap set dn "dc=scsd,dc=ad" set type regular set username "fortinet ldap" - set  *HIDDEN* + set password ENC *HIDDEN* next end config user saml @@ -68,7 +68,7 @@ end config user fsso edit "Orion" set server "10.1.48.37" - set  *HIDDEN* + set password ENC *HIDDEN* next end config user adgrp diff --git a/configs/fortigate/vdom_scsd/vpn.cfg b/configs/fortigate/vdom_scsd/vpn.cfg index 026724c..c0fd6f0 100644 --- a/configs/fortigate/vdom_scsd/vpn.cfg +++ b/configs/fortigate/vdom_scsd/vpn.cfg @@ -71,13 +71,13 @@ config vpn certificate local set source factory next edit "Star Cert Expire 4-24" - set  *HIDDEN* + set password ENC *HIDDEN* next edit "StartCert-Expire042025" - set  *HIDDEN* + set password ENC *HIDDEN* next edit "StarCert-Expire03202026" - set  *HIDDEN* + set password ENC *HIDDEN* next end config vpn ssl web host-check-software @@ -741,7 +741,7 @@ config vpn ssl web user-bookmark set host "10.1.7.110" set port 5900 set logon-user "tmarris" - set logon- *HIDDEN* + set logon-password ENC *HIDDEN* next end next