scsd/scsd-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: scsd:36e896f1bb54a8573dce7b07600e35cf99ee5ce5
Branches Tags
scsd:main
..
compare: scsd:e6bbc169aa89e00070bef1facd4ae64f6b5bd2bf
Branches Tags
scsd:main

No commits in common. "36e896f1bb54a8573dce7b07600e35cf99ee5ce5" and "e6bbc169aa89e00070bef1facd4ae64f6b5bd2bf" have entirely different histories.
36e896f1bb ... e6bbc169aa

10 changed files with 460 additions and 467 deletions
Show Stats Expand all files Collapse all files

790
configs/fortigate/fortigate.conf
View File

File diff suppressed because it is too large Load Diff

26
configs/fortigate/global/certificate.cfg
View File

@ -2,67 +2,67 @@ config certificate ca
end
config certificate local
edit "Fortinet_CA_SSL"
set password ENC *HIDDEN*
set  *HIDDEN*
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
set source factory
next
edit "Fortinet_CA_Untrusted"
set password ENC *HIDDEN*
set  *HIDDEN*
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
set source factory
next
edit "Fortinet_SSL"
set password ENC *HIDDEN*
set  *HIDDEN*
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set source factory
next
edit "Fortinet_SSL_RSA1024"
set password ENC *HIDDEN*
set  *HIDDEN*
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set source factory
next
edit "Fortinet_SSL_RSA2048"
set password ENC *HIDDEN*
set  *HIDDEN*
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set source factory
next
edit "Fortinet_SSL_RSA4096"
set password ENC *HIDDEN*
set  *HIDDEN*
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set source factory
next
edit "Fortinet_SSL_DSA1024"
set password ENC *HIDDEN*
set  *HIDDEN*
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set source factory
next
edit "Fortinet_SSL_DSA2048"
set password ENC *HIDDEN*
set  *HIDDEN*
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set source factory
next
edit "Fortinet_SSL_ECDSA256"
set password ENC *HIDDEN*
set  *HIDDEN*
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set source factory
next
edit "Fortinet_SSL_ECDSA384"
set password ENC *HIDDEN*
set  *HIDDEN*
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set source factory
next
edit "Fortinet_SSL_ECDSA521"
set password ENC *HIDDEN*
set  *HIDDEN*
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set source factory
next
edit "Fortinet_SSL_ED25519"
set password ENC *HIDDEN*
set  *HIDDEN*
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set source factory
next
edit "Fortinet_SSL_ED448"
set password ENC *HIDDEN*
set  *HIDDEN*
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set source factory
next

19
configs/fortigate/global/firewall.cfg
View File

@ -5186,45 +5186,42 @@ config firewall internet-service-name
edit "DNS-Generic.TLD.Name.Servers"
set internet-service-id 10748284
next
edit "Microsoft-Azure.Front.Door.MicrosoftSecurity"
set internet-service-id 328080
next
end
config firewall internet-service-definition
end
config firewall ssh local-key
edit "g-Fortinet_SSH_RSA2048"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_DSA1024"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_ECDSA256"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_ECDSA384"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_ECDSA521"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_ED25519"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
end
config firewall ssh local-ca
edit "g-Fortinet_SSH_CA"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_CA_Untrusted"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
end

12
configs/fortigate/global/system.cfg
View File

@ -679,36 +679,36 @@ config system admin
set trusthost2 10.1.6.32 255.255.255.255
set accprofile "super_admin"
set vdom "root"
set password ENC *HIDDEN*
set  *HIDDEN*
next
edit "tmarri81.admin"
set trusthost1 10.1.6.34 255.255.255.255
set trusthost2 10.1.6.20 255.255.255.255
set accprofile "super_admin"
set vdom "root" "scsd"
set password ENC *HIDDEN*
set  *HIDDEN*
next
edit "nocview"
set trusthost1 10.1.6.0 255.255.255.0
set accprofile "NOC_Dashboard"
set vdom "root" "scsd"
set password ENC *HIDDEN*
set  *HIDDEN*
next
edit "josoto.admin"
set trusthost1 10.1.6.126 255.255.255.255
set accprofile "super_admin"
set vdom "root" "scsd"
set password ENC *HIDDEN*
set  *HIDDEN*
next
edit "jpoland"
set accprofile "super_admin"
set vdom "root"
set password ENC *HIDDEN*
set  *HIDDEN*
next
edit "jkafta72.admin"
set accprofile "super_admin"
set vdom "root"
set password ENC *HIDDEN*
set  *HIDDEN*
next
end
config system sso-admin

16
configs/fortigate/vdom_Policy/firewall.cfg
View File

@ -653,37 +653,37 @@ config firewall schedule recurring
end
config firewall ssh local-key
edit "g-Fortinet_SSH_DSA1024"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_ECDSA256"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_ECDSA384"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_ECDSA521"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_ED25519"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_RSA2048"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
end
config firewall ssh local-ca
edit "g-Fortinet_SSH_CA"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_CA_Untrusted"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
end

16
configs/fortigate/vdom_TEST/firewall.cfg
View File

@ -697,37 +697,37 @@ config firewall vip
end
config firewall ssh local-key
edit "g-Fortinet_SSH_DSA1024"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_ECDSA256"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_ECDSA384"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_ECDSA521"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_ED25519"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_RSA2048"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
end
config firewall ssh local-ca
edit "g-Fortinet_SSH_CA"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_CA_Untrusted"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
end

16
configs/fortigate/vdom_root/firewall.cfg
View File

@ -653,37 +653,37 @@ config firewall schedule recurring
end
config firewall ssh local-key
edit "g-Fortinet_SSH_DSA1024"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_ECDSA256"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_ECDSA384"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_ECDSA521"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_ED25519"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_RSA2048"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
end
config firewall ssh local-ca
edit "g-Fortinet_SSH_CA"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_CA_Untrusted"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
end

16
configs/fortigate/vdom_scsd/firewall.cfg
View File

@ -4292,37 +4292,37 @@ config firewall vipgrp
end
config firewall ssh local-key
edit "g-Fortinet_SSH_DSA1024"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_ECDSA256"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_ECDSA384"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_ECDSA521"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_ED25519"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_RSA2048"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
end
config firewall ssh local-ca
edit "g-Fortinet_SSH_CA"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_CA_Untrusted"
set password ENC *HIDDEN*
set  *HIDDEN*
set source built-in
next
end

8
configs/fortigate/vdom_scsd/user.cfg
View File

@ -5,7 +5,7 @@ config user ldap
set dn "dc=scsd,dc=ad"
set type regular
set username "fortinet ldap"
set password ENC *HIDDEN*
set  *HIDDEN*
next
edit "HVDC02.scsd.ad"
set server "10.21.48.10"
@ -13,7 +13,7 @@ config user ldap
set dn "dc=scsd,dc=ad"
set type regular
set username "fortinet ldap"
set password ENC *HIDDEN*
set  *HIDDEN*
next
edit "DC01.scsd.ad"
set server "10.1.40.10"
@ -21,7 +21,7 @@ config user ldap
set dn "dc=scsd,dc=ad"
set type regular
set username "fortinet ldap"
set password ENC *HIDDEN*
set  *HIDDEN*
next
end
config user saml
@ -68,7 +68,7 @@ end
config user fsso
edit "Orion"
set server "10.1.48.37"
set password ENC *HIDDEN*
set  *HIDDEN*
next
end
config user adgrp

8
configs/fortigate/vdom_scsd/vpn.cfg
View File

@ -71,13 +71,13 @@ config vpn certificate local
set source factory
next
edit "Star Cert Expire 4-24"
set password ENC *HIDDEN*
set  *HIDDEN*
next
edit "StartCert-Expire042025"
set password ENC *HIDDEN*
set  *HIDDEN*
next
edit "StarCert-Expire03202026"
set password ENC *HIDDEN*
set  *HIDDEN*
next
end
config vpn ssl web host-check-software
@ -741,7 +741,7 @@ config vpn ssl web user-bookmark
set host "10.1.7.110"
set port 5900
set logon-user "tmarris"
set logon-password ENC *HIDDEN*
set logon- *HIDDEN*
next
end
next