scsd/scsd-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fortigate Wed Oct 15 08:58:19 AM EDT 2025

Browse Source
This commit is contained in:
John Poland 2025-10-15 08:58:19 -04:00
parent e6bbc169aa
commit dc149130c4
9 changed files with 70 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
configs/fortigate/global/certificate.cfg
View File

@ -2,67 +2,67 @@ config certificate ca
end end
config certificate local config certificate local
edit "Fortinet_CA_SSL" edit "Fortinet_CA_SSL"
set  *HIDDEN* set password ENC *HIDDEN*
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
set source factory set source factory
next next
edit "Fortinet_CA_Untrusted" edit "Fortinet_CA_Untrusted"
set  *HIDDEN* set password ENC *HIDDEN*
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
set source factory set source factory
next next
edit "Fortinet_SSL" edit "Fortinet_SSL"
set  *HIDDEN* set password ENC *HIDDEN*
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set source factory set source factory
next next
edit "Fortinet_SSL_RSA1024" edit "Fortinet_SSL_RSA1024"
set  *HIDDEN* set password ENC *HIDDEN*
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set source factory set source factory
next next
edit "Fortinet_SSL_RSA2048" edit "Fortinet_SSL_RSA2048"
set  *HIDDEN* set password ENC *HIDDEN*
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set source factory set source factory
next next
edit "Fortinet_SSL_RSA4096" edit "Fortinet_SSL_RSA4096"
set  *HIDDEN* set password ENC *HIDDEN*
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set source factory set source factory
next next
edit "Fortinet_SSL_DSA1024" edit "Fortinet_SSL_DSA1024"
set  *HIDDEN* set password ENC *HIDDEN*
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set source factory set source factory
next next
edit "Fortinet_SSL_DSA2048" edit "Fortinet_SSL_DSA2048"
set  *HIDDEN* set password ENC *HIDDEN*
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set source factory set source factory
next next
edit "Fortinet_SSL_ECDSA256" edit "Fortinet_SSL_ECDSA256"
set  *HIDDEN* set password ENC *HIDDEN*
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set source factory set source factory
next next
edit "Fortinet_SSL_ECDSA384" edit "Fortinet_SSL_ECDSA384"
set  *HIDDEN* set password ENC *HIDDEN*
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set source factory set source factory
next next
edit "Fortinet_SSL_ECDSA521" edit "Fortinet_SSL_ECDSA521"
set  *HIDDEN* set password ENC *HIDDEN*
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set source factory set source factory
next next
edit "Fortinet_SSL_ED25519" edit "Fortinet_SSL_ED25519"
set  *HIDDEN* set password ENC *HIDDEN*
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set source factory set source factory
next next
edit "Fortinet_SSL_ED448" edit "Fortinet_SSL_ED448"
set  *HIDDEN* set password ENC *HIDDEN*
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set source factory set source factory
next next

19
configs/fortigate/global/firewall.cfg
View File

@ -5186,42 +5186,45 @@ config firewall internet-service-name
edit "DNS-Generic.TLD.Name.Servers" edit "DNS-Generic.TLD.Name.Servers"
set internet-service-id 10748284 set internet-service-id 10748284
next next
edit "Microsoft-Azure.Front.Door.MicrosoftSecurity"
set internet-service-id 328080
next
end end
config firewall internet-service-definition config firewall internet-service-definition
end end
config firewall ssh local-key config firewall ssh local-key
edit "g-Fortinet_SSH_RSA2048" edit "g-Fortinet_SSH_RSA2048"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_DSA1024" edit "g-Fortinet_SSH_DSA1024"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_ECDSA256" edit "g-Fortinet_SSH_ECDSA256"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_ECDSA384" edit "g-Fortinet_SSH_ECDSA384"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_ECDSA521" edit "g-Fortinet_SSH_ECDSA521"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_ED25519" edit "g-Fortinet_SSH_ED25519"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
end end
config firewall ssh local-ca config firewall ssh local-ca
edit "g-Fortinet_SSH_CA" edit "g-Fortinet_SSH_CA"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_CA_Untrusted" edit "g-Fortinet_SSH_CA_Untrusted"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
end end

12
configs/fortigate/global/system.cfg
View File

@ -679,36 +679,36 @@ config system admin
set trusthost2 10.1.6.32 255.255.255.255 set trusthost2 10.1.6.32 255.255.255.255
set accprofile "super_admin" set accprofile "super_admin"
set vdom "root" set vdom "root"
set  *HIDDEN* set password ENC *HIDDEN*
next next
edit "tmarri81.admin" edit "tmarri81.admin"
set trusthost1 10.1.6.34 255.255.255.255 set trusthost1 10.1.6.34 255.255.255.255
set trusthost2 10.1.6.20 255.255.255.255 set trusthost2 10.1.6.20 255.255.255.255
set accprofile "super_admin" set accprofile "super_admin"
set vdom "root" "scsd" set vdom "root" "scsd"
set  *HIDDEN* set password ENC *HIDDEN*
next next
edit "nocview" edit "nocview"
set trusthost1 10.1.6.0 255.255.255.0 set trusthost1 10.1.6.0 255.255.255.0
set accprofile "NOC_Dashboard" set accprofile "NOC_Dashboard"
set vdom "root" "scsd" set vdom "root" "scsd"
set  *HIDDEN* set password ENC *HIDDEN*
next next
edit "josoto.admin" edit "josoto.admin"
set trusthost1 10.1.6.126 255.255.255.255 set trusthost1 10.1.6.126 255.255.255.255
set accprofile "super_admin" set accprofile "super_admin"
set vdom "root" "scsd" set vdom "root" "scsd"
set  *HIDDEN* set password ENC *HIDDEN*
next next
edit "jpoland" edit "jpoland"
set accprofile "super_admin" set accprofile "super_admin"
set vdom "root" set vdom "root"
set  *HIDDEN* set password ENC *HIDDEN*
next next
edit "jkafta72.admin" edit "jkafta72.admin"
set accprofile "super_admin" set accprofile "super_admin"
set vdom "root" set vdom "root"
set  *HIDDEN* set password ENC *HIDDEN*
next next
end end
config system sso-admin config system sso-admin

16
configs/fortigate/vdom_Policy/firewall.cfg
View File

@ -653,37 +653,37 @@ config firewall schedule recurring
end end
config firewall ssh local-key config firewall ssh local-key
edit "g-Fortinet_SSH_DSA1024" edit "g-Fortinet_SSH_DSA1024"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_ECDSA256" edit "g-Fortinet_SSH_ECDSA256"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_ECDSA384" edit "g-Fortinet_SSH_ECDSA384"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_ECDSA521" edit "g-Fortinet_SSH_ECDSA521"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_ED25519" edit "g-Fortinet_SSH_ED25519"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_RSA2048" edit "g-Fortinet_SSH_RSA2048"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
end end
config firewall ssh local-ca config firewall ssh local-ca
edit "g-Fortinet_SSH_CA" edit "g-Fortinet_SSH_CA"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_CA_Untrusted" edit "g-Fortinet_SSH_CA_Untrusted"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
end end

16
configs/fortigate/vdom_TEST/firewall.cfg
View File

@ -697,37 +697,37 @@ config firewall vip
end end
config firewall ssh local-key config firewall ssh local-key
edit "g-Fortinet_SSH_DSA1024" edit "g-Fortinet_SSH_DSA1024"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_ECDSA256" edit "g-Fortinet_SSH_ECDSA256"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_ECDSA384" edit "g-Fortinet_SSH_ECDSA384"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_ECDSA521" edit "g-Fortinet_SSH_ECDSA521"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_ED25519" edit "g-Fortinet_SSH_ED25519"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_RSA2048" edit "g-Fortinet_SSH_RSA2048"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
end end
config firewall ssh local-ca config firewall ssh local-ca
edit "g-Fortinet_SSH_CA" edit "g-Fortinet_SSH_CA"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_CA_Untrusted" edit "g-Fortinet_SSH_CA_Untrusted"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
end end

16
configs/fortigate/vdom_root/firewall.cfg
View File

@ -653,37 +653,37 @@ config firewall schedule recurring
end end
config firewall ssh local-key config firewall ssh local-key
edit "g-Fortinet_SSH_DSA1024" edit "g-Fortinet_SSH_DSA1024"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_ECDSA256" edit "g-Fortinet_SSH_ECDSA256"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_ECDSA384" edit "g-Fortinet_SSH_ECDSA384"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_ECDSA521" edit "g-Fortinet_SSH_ECDSA521"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_ED25519" edit "g-Fortinet_SSH_ED25519"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_RSA2048" edit "g-Fortinet_SSH_RSA2048"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
end end
config firewall ssh local-ca config firewall ssh local-ca
edit "g-Fortinet_SSH_CA" edit "g-Fortinet_SSH_CA"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_CA_Untrusted" edit "g-Fortinet_SSH_CA_Untrusted"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
end end

16
configs/fortigate/vdom_scsd/firewall.cfg
View File

@ -4292,37 +4292,37 @@ config firewall vipgrp
end end
config firewall ssh local-key config firewall ssh local-key
edit "g-Fortinet_SSH_DSA1024" edit "g-Fortinet_SSH_DSA1024"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_ECDSA256" edit "g-Fortinet_SSH_ECDSA256"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_ECDSA384" edit "g-Fortinet_SSH_ECDSA384"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_ECDSA521" edit "g-Fortinet_SSH_ECDSA521"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_ED25519" edit "g-Fortinet_SSH_ED25519"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_RSA2048" edit "g-Fortinet_SSH_RSA2048"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
end end
config firewall ssh local-ca config firewall ssh local-ca
edit "g-Fortinet_SSH_CA" edit "g-Fortinet_SSH_CA"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
edit "g-Fortinet_SSH_CA_Untrusted" edit "g-Fortinet_SSH_CA_Untrusted"
set  *HIDDEN* set password ENC *HIDDEN*
set source built-in set source built-in
next next
end end

8
configs/fortigate/vdom_scsd/user.cfg
View File

@ -5,7 +5,7 @@ config user ldap
set dn "dc=scsd,dc=ad" set dn "dc=scsd,dc=ad"
set type regular set type regular
set username "fortinet ldap" set username "fortinet ldap"
set  *HIDDEN* set password ENC *HIDDEN*
next next
edit "HVDC02.scsd.ad" edit "HVDC02.scsd.ad"
set server "10.21.48.10" set server "10.21.48.10"
@ -13,7 +13,7 @@ config user ldap
set dn "dc=scsd,dc=ad" set dn "dc=scsd,dc=ad"
set type regular set type regular
set username "fortinet ldap" set username "fortinet ldap"
set  *HIDDEN* set password ENC *HIDDEN*
next next
edit "DC01.scsd.ad" edit "DC01.scsd.ad"
set server "10.1.40.10" set server "10.1.40.10"
@ -21,7 +21,7 @@ config user ldap
set dn "dc=scsd,dc=ad" set dn "dc=scsd,dc=ad"
set type regular set type regular
set username "fortinet ldap" set username "fortinet ldap"
set  *HIDDEN* set password ENC *HIDDEN*
next next
end end
config user saml config user saml
@ -68,7 +68,7 @@ end
config user fsso config user fsso
edit "Orion" edit "Orion"
set server "10.1.48.37" set server "10.1.48.37"
set  *HIDDEN* set password ENC *HIDDEN*
next next
end end
config user adgrp config user adgrp

8
configs/fortigate/vdom_scsd/vpn.cfg
View File

@ -71,13 +71,13 @@ config vpn certificate local
set source factory set source factory
next next
edit "Star Cert Expire 4-24" edit "Star Cert Expire 4-24"
set  *HIDDEN* set password ENC *HIDDEN*
next next
edit "StartCert-Expire042025" edit "StartCert-Expire042025"
set  *HIDDEN* set password ENC *HIDDEN*
next next
edit "StarCert-Expire03202026" edit "StarCert-Expire03202026"
set  *HIDDEN* set password ENC *HIDDEN*
next next
end end
config vpn ssl web host-check-software config vpn ssl web host-check-software
@ -741,7 +741,7 @@ config vpn ssl web user-bookmark
set host "10.1.7.110" set host "10.1.7.110"
set port 5900 set port 5900
set logon-user "tmarris" set logon-user "tmarris"
set logon- *HIDDEN* set logon-password ENC *HIDDEN*
next next
end end
next next